In the previous blog post I spoke about the importance of moving out of siloed skills and embracing the entire stack. I also mentioned that embracing the stack does not mean achieving mastery in all the layers of the stack. Rather, it means being familiar with all the layers and achieving mastery in one or more layers. I want to talk about those layers in this post. What are the constituents of the stack and in what detail should we know them? I'll try and answer some of these questions below (as they pertain to web developers), starting with the constituents of the stack.
On the UX side, even though you do not have to be a design expert, it wouldn't hurt to read books like, The Design of Everyday Things, and Don't Make Me Think. It will help you understand what good design really means. On the more technical side, you should know the basics of typography, the importance of whitespace, and how the mind interprets different colors, and the accessibility aspects of color blindness.
Web Protocols & Servers
Something very basic which many developers often overlook is knowledge of the HTTP protocol. Modern servers hide away a lot of things, but as a web developer, you should still have a good handle of them. A developer should know everything that constitutes the request/response cycle. This includes the HTTP handshake, status codes, headers, request types, MIME types, encoding, content, etc.
I think some knowledge of different web servers is also important. If you work on the LAMP stack, you will be familiar with Apache, but I'd like to suggest that you become at least conceptually familiar with other web servers and understand their strengths and weaknesses. It's important to know what's possible.
This is a very large space and an area of separate expertise, but every developer must know basic things like SSH, SSL, certificates & certificate authorities, symmetric and asymmetric cryptography. You should know about Denial of Service, XSS, CSRF, etc. You should also know what buffer overflow means and how to avoid it (and why certain languages are safe from such problems). You should know about common database security issues such as SQL Injection.
On the authentication and authorization side, you should at least know what both these terms mean and different ways of authentication like basic HTTP auth and custom authentication. Knowledge of open authentication protocols like OpenID and OAUTH, along with their basic strengths and weaknesses would certainly not hurt.
Finally a good developer should know the basics of different types of firewalls at the conceptual level.
In this day and age it is impossible to really build even a mid-sized web software without a good framework. It doesn't make sense to, since frameworks provide us so much out of the box. Knowledge of frameworks should begin with the simple question: why do we even need them in the first place? With that foundation a good developer is expected to have knowledge of at least a couple frameworks in their stack. For example, a Python developer would be familiar with Django and Flask, a Ruby developer with Rails and Sinatra, and a Java developer with Spring and Struts. These are just examples, but I hope you get the point. Just knowing a couple frameworks is good, but probably not good enough. It is useful to support basic knowledge with a good understanding of the pros and cons of these frameworks and when it is advisable to use a particular one.
Lots of things to know here, even though we are often shielded from the database by an ORM layer. Starting at the top it helps to know what's the deal (ACID) with RDBMS's. Recently we have seen a spurt of NoSQL datastores. It helps to know why they were created and how they compare with standard RDBMS's. Going a level above, we should understand what ORM's are, what value they provide and what are the drawbacks of using ORM frameworks. Knowing how the particular ORM you use manages joins and keys is also important. The importance of indexes, normalization, joins (and their impact on performance) and SQL commands are important even though we rarely write SQL anymore.
A few more things which I will put on the list of good-to-know things are scaling, database clusters, and sharding, as well as the impact of storage medium on operation speed.
Yes we need to know these as well :-) In the era of polyglot programming, good developers need to have a grasp of at least a few languages and preferably languages that subscribe to different paradigms like Object Oriented, Functional, and Declarative.
It helps to understand the basics of networking like different layers of the TCP/IP stack, subnets, switches, routers, how packet filtering firewalls work, etc.
Stuff each one of us needs to know here are unit tests and unit test frameworks, continuous testing and integration, how to write testable code, UI testing and automation.
Nothing works without the cloud anymore, so knowledge of virtual machines, hypervisors, provisioning, orchestration, data centers, redundancy, map-reduce (why it's needed), cloud storage, in-memory databases, and security issues unique to the cloud, is all very important. Having some idea of how cloud service providers structure their billing will be an added advantage.
The dev in devops is 'developer', so as developers we must know at least what devops is and why it helps. Along with that, some knowledge of Docker would also help, as would knowledge of either Chef, or Puppet, or something similar. It's not required to understand these technologies in great depth if you don't need them, but I believe you should know why they exist, what problems they solve and some code samples of how they work.
The list I have given above is neither exhaustive, nor basic. It's a list based on my conversations with several senior developers. Each of these parts can be expanded further, if your work demands it, or contracted, if other areas need more of your time. Think of it as a rough map of what a developer should aspire to learn. The idea is not know enough to understand what you don't understand and then be able to learn on demand.