• Add more links to relevant articles
• Add more explanations for complicated/non-beginner friendly concepts or jargon (most likely using tooltips)
• Add more beginner-friendly tips (e.g. undoing accidental rebase)
• Add on more information (if any)

I would like to:

• Add real life examples into the XSS page, so users can see the potential damage of the vulnerability
• Add pictures to illustrate examples
• Improve examples
• Add tools for testing and prevention against XSS
• Restructure the content into the recommended structure

Outline:

• What is SQL
• Why use SQL
• An example showing basic commands
• Getting started
• Other resources for learning and integrating SQL

1. What is Shell? (In specific, bash)
2. shell variables and environment
3. pipe and data redirection
4. shell script
5. to be added....

using await to improve javscript promises

One example of this happening is in this article -> click on Java Concurrency. Seems like the .md links used to work in the past, but are currently broken due to the website being generated by MarkBind.

This is an easy fix - we just need to replace all the broken links with a .html extension.

Progress:

• Update Contribution Guide to reflect need for content page (PR #181)

• Programming Languages

  • C++
    • Rvalue References and Move Semantics (PR #144)
  • CSharp
    • Introduction to CSharp (PR #144)
  • Go (PR #144)
  • Haskell (PR #144)
  • Java
    • Java Concurrency (PR #150)
    • Java Streams (PR #150)
    • Java Synchronization (PR #150)
    • Java Reflection (PR #150)
    • JUnit (PR #150)
  • JavaScript
    • Writing Testable JavaScript Code (PR #153)
    • Javascript Promises (PR #153)
    • Javascript Modules (PR #153)
    • Static Typing in JavaScript (PR #153)
  • Kotlin
    • Introduction to Kotlin (PR #153)
    • Null Safety In Kotlin (PR #153)
  • Python (PR #154)
  • Ruby (PR #154)
  • Rust (PR #154)
  • Scala (PR #154)
  • Swift (PR #154)

• SE Topics

  • Architecture
    • REST (PR #155)
  • Code Quality
    • Code Quality Metrics (PR #155)
  • Documentation (PR #155)
  • Functional Programming (PR #155)
  • Performance
    • Introduction to Performance Optimization (PR #155)
    • Performance Profiling (PR #155)
    • Web Performance (PR #155)
  • Project Management
    • Agile Development (PR #155)
    • DevOps (PR #155)
  • Revision Control
    • Best Practices with git (PR #155)
  • Scalability (PR #155)
  • Static Analysis
    • Introduction to Static Analysis (PR #176)
    • CheckStyle (PR #176)
    • PMD (PR #176)
    • FindBugs (PR #176)
    • ESLint (PR #176)
  • Testing
    • Integration Testing (PR #176)
    • Writing Testable Code (PR #176)
  • UI/UX
    • Accessibility (PR #176)
    • Design Systems (PR #176)
    • Introduction to UI/UX (PR #176)
    • Refining UX Design Skills (PR #176)

• App Frameworks

  • Android (#177)
  • Angular (#177)
  • iOS (#177)
  • Node (#177)
  • React (#177)
  • Ruby on Rails (#177)
  • Vue (#177)

• Tools Useful for Software Engineers

  • Regular Expressions (#178)
  • Docker (#178)

• Other Topics

  • Computer Vision (#178)
  • Databases
    • DBMS (#178)
    • SQL (#178)
  • Machine Learning (#178)
  • Multi-Threading
    • GPGPU (#178)
    • CUDA (#178)
  • Security
    • Cross Site Request Forgery (#180)
    • Cross Site Scripting (#180)
    • Cryptography (#180)
    • HTTPS (#180)
    • Password Storage (#180)
    • SQL Injection (#180)
  • Shell
    • bash (#180)

Chapters Added in 19/20

• (#168) NumPy (Already added by author. Pending Broken Link Fix: #179)

Initial Discussion (concluded):

11 / 45 topics currently have a table of contents. I personally find that the table of contents adds unnecessary clutter as there is already a navigation sidebar to the right that serves the same purpose.

This is especially prominent on the CUDA page, where the table of contents occupies the whole initial screen:

I propose that the 11 topics have their table of contents removed and the contribution guidelines updated to reflect this as well.

This is the CUDA page, with table of contents removed:

Much cleaner and less overwhelming in my opinion.

What are your thoughts?

1. What is Ruby on Rails
2. Why should you use it all
3. What situations to use it in (and which ones you shouldn't)
4. Getting started with a simple app.
5. Further Reading

I am getting complaints from Netlify that the learningresources website is serving insecure mixed content.

Background (insecure mixed content)

HTTP serves content through an un-encrypted channel, which means anyone can intercept the content and modify it without anyone knowing. That is why websites are recommended to activate HTTPS (which our website does), to send them through an encrypted channel.

However, even if the webpage is served in HTTPS, if the webpage embeds other resources using HTTP, then the embedded resources themselves can be compromised, even if the main webpage cannot be tampered with. Hence, this is 'insecure mixed content'.

Problem

Netlify found several images that are served through http rather than https (see the Netlify log for the list of insecure images).

Solution

1. Force browsers to always access content via the https protocol by using a meta tag. That way, regardless of whatever protocol the page authors specified for their resource's reference uri, it will always be served through https protocol.
   
   This can be done by putting the following in _markbind/head/head.md:

   <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

2. Some http content just don't have https equivalent, so forcing https will cause them to be broken. So, we either have to (1) save these images onto our repository and serve it ourselves, (2) find alternative subsitutes, or (3) not use them.
   
   The list of images that needs checking and fixing can be found in the Netlify logs.
   
   Note: Be sure to put proper attribution if you do (1)!

For more info: https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content

Outline:

• Overview
• How to get started
• You first iOS application
• Useful links and tutorials

The Spring Framework is an application framework and inversion of control container for the Java platform. The framework's core features can be used by any Java application, but there are extensions for building web applications on top of the Java EE (Enterprise Edition) platform.

Proposed outline:

• What is Spring Framework
• Why learn Spring
• Core features of Spring framework
• How to get started with Spring (learning resources)

I would like to write a chapter on storing passwords

Textbook outline:

Password storage intro
What's wrong with plaintext?
What is hashing?
Why isn't hashing enough?
Adding salt
The salted hash
If an attacker has gained access to the entire application, what does it matter if my passwords are stored in plaintext or not?
Word of warning
Further reading

Outline:

• What is accessibility
• Why is accessibility important?
• How to start improving web accessibility
• Further reading

• What is Sass and how does it work?
• Why use Sass?
• How to get started with Sass?
• Additional Resources

• Why choose Dart?
  • Smooth learning curve:
    • C-style syntax
    • script-flavored syntax sugar
    • but statically typed and support for optional nullity = much less runtime errors
    • OOP approach is so similar to Java that a lot of Java code can be directly migrated to Dart with minor changes
  • Cross-platform: runs on all major platforms
  • Three exection modes to get the best of all worlds
    • for fast development, JIT + Dart VM;
    • for native performance: compilation to platform-specific instructions;
    • for browser support: source-to-source compiler to JavaScript
  • Flutter uses Dart
• What is Dart?
• Dart syntax features
  • Functional programming
  • Cascade notation (..)
  • Asynchrony support
  • Java-like OOP, but less verbose
    • getter/setter
    • extension methods
    • generics
• How to learn Dart?
  • list some resources on Dart
• What's next?
  • effective Dart
  • use Dart in Flutter

The aforementioned chapter could be better polished by fixing broken links and standardizing the formatting.

Broken Links:

and

It also appears to be using bold instead of code blocks for code snippets and methods:

Proposed Category: SE Topics -> Testing

1. What is Security Testing?
2. Why Have Security Testing?
3. How to Get Started With Security Testing?
   Phase 1: Before Development Begins
   Phase 2: During Definition and Design
   Phase 3: During Development
   Phase 4: During Deployment
   Phase 5: Maintenance and Operations
4. Where to Go From Here?

Primary Reference: OWASP Testing Guide
Secondary References: Guru99.com, SoftwareTestingHelp.com

Outline:

Overview - What is docker?
Why Docker is important to know?
Getting started with docker
Applications of docker
Further techniques/tools that you can use with Docker
Additional Readings

Hi, I want to revise and improve the page of Swift to fit the guideline.

• Add Why should learn swift section
• Revise existing features to form different Benefits
• Add Where to go from here section
• Move some contents from Getting start to Where to go from here, and add learning path in Getting start section.

• What is modules in JavaScript
• Why use modules
• How is it implemented (IIFE/<Script>, CommonJS, ES6 Import/Export)
• How to choose which one to use? (TBC)
• How to get started (Babel Webpack)

Source:
https://medium.freecodecamp.org/javascript-modules-a-beginner-s-guide-783f7d7a5fcc

TOC for the book chapter:

• What is a Design System?
• Why should we use a Design System?
• Why not front-end frameworks or style guides?
• Benefits of a Design System
• How to build a Design System
• Examples of existing Design Systems
• Ending Notes

A functional programming language for developing web apps that compiles to JavaScript.

Promises features like no runtime exceptions due to it being a functional programming language, and has the one of the best compiler error messages out there:
https://mobile.twitter.com/gregoryschier/status/732830868562182144?lang=bn

https://elm-lang.org/

• What Is Elm?‎
• Why Learn Elm?‎
• How to Get Started with Elm?‎

Proposed outline:

• What are dotfiles
• Examples of dotfiles and their usage
• Why use dotfiles
• Management strategies
• Getting started with Dotfiles

I have a suggestion of an online regex tester (https://extendsclass.com/regex-tester.html) for the article "Introduction to Regular Expressions".

Assumptions:

• Reader has some knowledge of relational databases; Points of comparison will be made.

Aim: Introduce the characteristics of non-relational databases, their benefits, using mongoDB as an example.

What is NoSQL?

Why NoSQL ( vs SQL )

• 'Agile' / no fixed schema - perfect for changing requirements, real world applications
• Horizontal scalability
• Widespread adoption as well ( e.g. amazon )

How NoSQL works ( with reference to mongoDB as an example for all points, and vs SQL )

• what is mongoDB?
• Basic structure of NoSQL databases
  • database -> collections -> documents hierachy
  • documents structure ( json )
• Basic CRUD operation examples
  • Caveats - nesting limit, document size limit
• Indexes
• Schemas in NoSQL
• Relation storage in NoSQL ( 1-1, 1-many, many-many )
• Data processing ( mongoDB aggregation )
• Horizontal scalability ( sharding )

How to get started with NoSQL?

• Reinforce basic structure of NoSQL databases
• Basic mongoDB query language
• Advanced mongoDB processing ( aggregation, indexes, schemas, schema validation, etc )
• Advanced topics: ( Where to go from here )
  • Why NoSQL is more easily horizontally scalable
  • Redundancy in NoSQL
  • Brief mention of in-memory NoSQL db ( redis )

I have a few suggestions for nesting/grouping articles in a way that I think makes more sense:

• Move Databases and Security from Other Topics to SE Topics

• Move Static Analysis into Code Quality

• Rename SE Topics to Software Engineering Topics

• Remove Project Management and move Agile Development and DevOps into SE Topics (DevOps isn't related to project management)

• Remove Tools Useful for Software Engineers and move Regular Expressions into SE Topics

• Move Writing Testable Code from Testing into Code Quality (the contents of that chapter are more closely related to code quality than testing)

• Rename Architecture to Software Architecture

• Move Scalability into Performance and rename the category to Scalability and Performance

• Swap the order of SE Topics and App Frameworks

  So that the overall structure flows more smoothly:

  1. Programming Languages
  2. App Frameworks
  3. SE Topics
  4. Other Topics

The introduction to Python learning resource article doesn't cover the differences between 2.7.x and 3.x.

As a piece of introductory material to Python, it might be a good idea to cover these differences.
Many beginners often question why there are two widely supported versions, and what the differences are.

(Personally I advocate the use of 3.x, and 2.7.x only for legacy reasons)

My outline to improve the SQL-injection page:

What's SQL-injection:
Give an overview about SQL-injection.

Why preventing SQL-injection is important:

• This kind of attack is well-known and easy to be established
• This kind of attack causes serious consequences

How does SQL-injection work:

• Introduce CIA (confidentiality, integrity, availability) which are aspects that computer security concerns.
• Give concrete examples about how SQL-injection compromise all C, I, A.

How to prevent SQL-injection:

• Common and easy way to prevent SQL-injection. Best practice in your next project.

The chapters on VueJs, NodeJS and React are not consistent with each other (content and structure-wise).

Suggestion: Make all three chapters consistent structure-wise at least. And as far as possible content-wise too.

• Why learn C#
• How to use new features in C# 8 to write elegant code
• Testing for C#
  • MSTest
  • NUnit

Outline (will work on these progressively, unlikely to cover all aspects in the first iteration):

• Motivations for writing performant web applications
• Metrics for web performance
  • TTFB
  • TTFP
  • TTI
• Key factors to improving web performance
  • Javascript Bundle Optimisation
  • Lazy/Deferred/Progressive Loading
  • Asset Optimisation
  • Service Workers
  • Rendering Optimisation
• Measuring Web Performance
  • Audit with Lighthouse
  • Tracking RUM

• Introduction to Natural Language Processing
  • What is NLP
  • Why learn NLP
    • Low barrier of entry
    • Wide array of applications
    • Unsaturated field of research
      • Advantages of being multilingual
  • Common applications of NLP
    • Intent detection
    • Information retrival
    • Enhanced UX
    • Machine translation
    • Natural Language Generation
  • How to get started

Remove all the <a id="overview"></a> in section headings, because MarkBind already does this automatically for us.

For eg: https://github.com/se-edu/learningresources/blob/master/contents/javascript/javascript.md#avoid-coupling-with-selectors

The first few examples all assume the usage of jQuery ($, jquery selectors, $.ajax etc), but is not stated anywhere before them.

Should we try to change these examples so that they don't require any extra libraries, and use vanilla js instead so that they can be applicable to anyone who uses js?

Link:

https://deploy-preview-127--learningresources.netlify.com/contents/javascript/javascript-modules#module-pattern

JavaScript has modules already (as described in the section directly above). While the above code does make use of the module pattern (wrapping all related code inside one global), calling that a module just adds to the confusion with the already two different module systems: ES6 modules and CommonJS modules.

I propose we change rename module pattern to 'namespace pattern'
to better reflect what is going on: the reduction of global variables pollution by only creating one global variable, with all other functions and variables inside that object.

Some links are broken. We should investigate to see whether the files have simply been moved and change the links accordingly or provide alternatives for material that has been removed or taken down.

The following excel sheet contains a list of broken links and their occurrences.
Broken Links.xlsx

Rationale:
We currently do not have any resources directed at testing with JUnit 5. The SE-EDU Software Engineering for Self-Directed Learners book covers principles of testing (e.g. using stubs, differentiating between unit, integration and system tests), but does not cover how to write unit tests that make use of JUnit 5's powerful API library.
JUnit 5 has a wonderful user guide in place already, but (as I learnt from personal experience) the numerous terminologies would make it difficult for a new learner to Software Engineering to understand and make full use of the API.
Hence, I wish to write a book chapter that leverages on examples (that will be added to AB4 in the near future) and which bridges the theory in SE-EDU book with actual practice. This aims to be a good starting point of reference for future students aiming to write unit tests for a SE project in Java.

Outline:

• What is JUnit 5
• Basic JUnit 5 tests
• Before/After methods and their use cases
• JUnit 5 extension model

Rationale: The current introduction to cryptography provides a good overview of cryptography from a theorectical perspective. However, I feel that an equally important topic is how should we go about implementing cryptography in our applications, because incorrect implementation choices can lead to vulnerabilities in your application.

Could be an extension, but feel like the below is enough content for its own chapter.

Outline:

• why encrypt your data
  • sensitive in plaintext, in case of breach
• how to encrypt data in your application?
  • language libraries: JCE, System.Security.Cryptography
  • open source libraries: OpenSSL, NaCl, BouncyCastle, PyCrypto
• how to choose good cryptographic primitives
  • RNGs, CSPRNGs
  • encryption algorithms
    • public key: RSA, ECC
    • secret key: AES, ChaCha20
  • authentication modes: MACs, AE crypto modes
  • key generation: PBKDF

Proposed outline:

• Introduction
• Development cycle
• Benefits
• Best practices
• Comparison between other development workflows
• Present scenario in the industry (an example/mini case study)
• Limitations

Quote from chapter:
https://github.com/se-edu/learningresources/blob/master/contents/javascript/javascript.md#writing-reusable-javascript

Method chaining is syntax such as array.concat([1, 2]).push(1).filter(isEven)

However, Array.prototype.push doesn't return an array, the above code doesn't do what it intends to do.

Proposed outline:

• What is Redux
  • What is application state
• How does Redux work
• Why use Redux
• Why not to use Redux
• Alternative State Management solutions
• Getting Started With Redux

Outline quite similar to React, since they are libraries used quite often together.

The JS chapter Writing Testable Javascript's file name is javascript.md which is rather confusing.

I propose renaming it to WritingTestableJavascript.md

.NET is a traditional platform used to develop Windows desktop applications. In recent years, with the help of the Mono project and Xamarin (formerly known as Xamarin Studio), .NET developer platform has been extended for building cross-platform apps on Android, iOS and MacOS as well. .NET also plays an important role in game development due to its use in Unity.

Outline:

• Overview
• Advantages over other frameworks
• Disadvantages
• Present scenario in industry
• Getting started
• Other resources for learning Angular

https://github.com/se-edu/learningresources/blob/master/contents/javascript/javascript.md#writing-reusable-javascript

The example:

// es5 syntax
function createPopUp(title, content, status, optionals) {
    var headerColor = optionals.headerColor || 'default';
    var bodyColor = optionals.bodyColor || 'default';
    ...
}
// es6 syntax with destructuring and default parameters
function createPopUp(title, content, status, optionals) {
    const { headerColor = 'default', bodyColor = 'default' } = optionals;
    ...
}

the destructuring is more declatively done like:

// es6 syntax with destructuring and default parameters
function createPopUp(title, content, status, {headerColor = 'default', bodyColor = 'default'}) {
    ...
}

Outline:

• Overview
• Advantages
• Disadvantages
• Getting started
• Other resources for learning