Menu Search
Jump to the content X X
SmashingConf London Avatar

We use ad-blockers as well, you know. We gotta keep those servers running though. Did you know that we publish useful books and run friendly conferences — crafted for pros like yourself? E.g. our upcoming SmashingConf London, dedicated to all things web performance.

Teach Them How To Hit The Ground Running And Faceplant At The Same Time?

A few days ago, a tutorial on how to Create A Christmas Wish List With PHP1 was published on Smashing Magazine’s Coding section that frustrated me. It frustrated me as it was incredibly easy to predict the comment reactions it caused. It also frustrated me as it was a classic example of a tutorial resulting in very happy readers who will go out and cause a lot of terrible things on the Web unless they understand that this was meant as a “beginner tutorial”. A lot of the bad feedback was about security — something we shouldn’t take lightly.

It frustrated me mostly because it all happened on Smashing Magazine, a well-respected online publication that is read by many beginners (especially in back-end technologies) and one that is dedicated to quality content with an advisory board (one of which is me) meaning that every article gets reviewed by experts before it is published. This one slipped by in the rush of the holidays, and it was updated a couple of hours after it was published, i.e. the editors added an editor’s note and addressed some important missing points. I am happy that it was published in its original form as it inspired me to point out some things that I see happening in online magazines a lot lately.

The predictable outcome of this kind of tutorial is:

  • Seasoned developers will find issues with the code and claim that it should not be done that way.
  • Other people will disagree and tell the old men to stop telling young kids to get off their lawn.
  • Real beginners will chime in and say that they are very happy about the article and getting the feeling that things are not as complex as they seem to be.
  • A lot of fanboys will mention technology XYZ that makes this much easier.
  • The author will add more disclaimers about the nature of the code within the article with some edits and add warning messages about its viability in the wild — saying that this is just demo code.

Quick Wins Full Of Traps Link

“Quick tutorials for beginners” are killing our craft. Instead of pointing to existing documentation and keeping it up to date (in the case of the wiki-based docs out there) every new developer turned to an author wanting the fame for themselves. And a lot of online magazines cater to these to achieve “new” content and thus visitors. We measure our success by the number of hits, the traffic, the comments and retweets. And to get all of that, we want to become known as someone who wrote that “very simple article that allowed me to do that complex thing in a matter of minutes”.

Image credit: Opensourceway3.

Instead of teaching the underlying technology, we tend to show a quick, beautiful implementation and put a lot of effort into it. We teach a “create something amazing in 5 minutes” and hope people will care enough afterwards and look at learning the underlying technologies. We aim to whet their appetite whilst giving them full solutions. The reason is that this is exactly what we wished we had had when we learned that thing in the first place. Sadly, this is not how teaching and learning works.

Road Safety Begins In A Classroom Link

At this moment, let me go back in time a bit. Growing up in a small village having a driving license and subsequently a car was a vital part of your social life and also your work options. Therefore, I couldn’t wait to get mine.

Now, what you want to do is to learn driving. You want to get into the car, go vroom-vroom and be off. The reality of getting a driving license though (at least in Germany where there are no speed limits on the motorway and therefore it is taken very seriously) is that you spend quite a lot of evenings in a boring classroom before you get behind the wheel. You learn about the code of the street, the different signs and what to do in all kind of situations in a car. You even learn about the different parts of the car and what they do.

The reason is that it scales better — you need to learn all that stuff and it is much easier to pack 40 students in a room to teach the basics before you try to make up a schedule where all of them can drive out on the road. As a driving school, instead of 40 cars you can get by with 5. And students who already know what they should not do and where things are in a car are less likely to crash them.

Educators Learning From Bad Experiences? Link

This is frustrating and annoying, the same way learning things at school without being told what they are good for is surely annoying. On the Web, we want to be different. We want to make learning fun and we are tempted to put in as much as possible for beginners so they can get past the basics very quickly and build the awesome of tomorrow instead. The author actually mentions that in the comments:

“I think teaching people to do things is very complicated, doubly so over the internet. If I were teaching a university class I would take a very different approach.”

Yes, teaching is hard. That’s why not every gifted developer is also good at explaining or a good trainer.

While it is a very good idea in our heads to give people quick solutions with real results instead of step-by-step basics, we forget how we actually got there. Once we reached the level in a skill to be educators in it, we went through a lot of trial and error using the skill. By avoiding this, we strip others of the chance to learn a skill on their own terms and with their own obstacles to overcome.

How About Writing Beginner Tutorials Covering Beginner Tasks? Link

So, I think it is safe to assume that there are two needs/aims battling when we want to write a beginner tutorial, i.e. we want to teach people good practices and we want to get them as far as possible with the least effort. A lot of times these don’t go well together.

jQuery is a poster child of great “new” Web development. “Write less, achieve more” is the mantra and I love that we have it. jQuery achieved this by replacing JavaScript and the unwieldy DOM with a clever and fast API and a totally new syntax: chaining. This is great. This is how to do it. jQuery abstracts the annoyances and complexities out into its core and lets developers write code. You cannot just take this approach and mantra and apply it to any technology without providing a simpler API/platform that abstracts the dangers and annoyances.

Teaching Non-Live Code On The Web? Link

The discussion that happened in the comments of the aforementioned article was mostly about security and the inability of implementing the code discussed in it in a real environment. And yes, they are very much valid. The code is good as an exercise but awful as a live example. Putting it on an live server means you are open to any kind of attacks and scripts looking for zombies to infect — not to mention how a botnet would have a field day with it!

And the author knows this. This is why a lot of the article is dedicated to explaining that this is not live code:

“Please notice that this article was written for beginners who already grasp HTML and CSS, know a bit of PHP and have seen phpMyAdmin before. I will not go into best practices, safety and all the rest of it; let’s just have fun with this one!”

And later on — as a response to some feedback, even more “don’t do this” was added:

“Note that this is meant as a beginner’s exercise. The code you see here will give you the intended result, but a lot of it is not safe for production websites. It lacks a lot of safeguards, such as data validation, salts for passwords (for better security), htaccess rules and so on. The goal of this article is to let beginners forget about all of these things and just concentrate on building something nice.

Neither does this article promote best practices. You may find yourself adopting different methods later on, or I may write in another article that we shouldn’t do something you see here. The article is intended as a fun little example for beginners to spice up their boring theory sessions. I believe that the best way to learn is through increasingly difficult examples.

That said, I encourage you to try all of this out and play around with it at home or on your servers. If you put this on a live server, I recommend using an account that has only this website on it (or only test websites). I also recommend using passwords for user accounts that are not the same as your other passwords.”

This, actually very much is against the very idea of a beginner tutorial. A beginner tutorial gets people on the way, i.e. it teaches them the first steps and what one can do with it. As these quotes show, teaching people PHP by starting with SQL and writing a login system and file uploader is obviously the wrong way.

Out of a sudden, the simple beginner tutorial is “intended as a fun little example for beginners to spice up their boring theory sessions” (cited). What boring theory sessions? I thought we are building something from scratch here?

Piling On Too Much Link

The article tries to teach four things at once: SQL with PHP, login and session control, file uploads and how to build a beautiful Web interface powered by PHP. The login system and the file upload is where it gets very dangerous in terms of security. This is not a beginner tutorial — it is giving beginners the wrong impression that everything is easy and everybody else probably just does it wrong and cares far too much about boring details.

We should not teach new developers that they can do things in a few lines of code and keep quiet about the bad effects this has. This is condescending and based on an assumption that people learn only from successes on the Web. The author mentions that in the comments:

“I don’t think beginners need to concern themselves with SQL injection attacks. The point here is to start to learn something, not to learn everything at once. When someone understands SQL at all, then teach them about the problems, not before.”

This is very dangerous thinking — if you teach how to do something, also make people aware of the consequences it has. I totally agree that the point is to learn something. Defining the “something” is the skill of a good tutorial writer or educator. We focus far too much on the final product to be built, rather than the components we use to get there.

This is where using a complex example like a “Christmas Wishlist” that needs a login, uses a database and has an upload feature for any file is a bad choice. There is no way to keep this “simple” unless you teach people how to write code exclusively for their own localhost.

Let’s Not Assume That People Read And Care As Much As We Think They Do Link

One comment was quite interesting as a summary, as it very much sums up some of the comments and assumes good on the side of the readers:

“Good stuff just to have some fun and help the super beginners get a quick footing. I think a lot of the people commenting here are either A) Too seasoned to look this far back, and not doing things the “proper” way just irks them, or B) I’d be willing to bet some are just flexing their programmer’s ego a bit.

I think assuming that people will take this as serious programming and build from it, building the wrong way, is a bit too much of a stretch. Anyone who can read and who cares about doing things the right way will take the author’s disclaimer to heart. If not, odds are they’re looking for the easy route. If that’s the case, you can’t really stop them. This article isn’t ending the world.”

I agree, it is not. But it also brings nothing new to the table. When I learned PHP coming from Perl in around 2000, I read and — except for the CSS styles — it had similar examples. Over the years we learned to protect our systems more. I think the assumption that readers will care much about the “this is not live code” doesn’t cover one main use case of “beginner tutorials”, i.e. that people will most probably find the article via a Google search and simply use the code example in a live environment without reading the tutorial or the comments. All they wanted was a quick, simple to understand example after all and beginner tutorials have those, right?

In My Humble Opinion4

Image credit: Opensourceway5.

Want proof of that? Look at the success of The Web is full of materials to learn the same things. The quick “here’s the solution — don’t worry about how it works right now” are the most successful ones. We also have a Web full of systems that lack very basic quality and security features and we spend months educating hires in companies what developing production code means when you protect the data of our users.

I think it is time to stop chasing the hollow success of creating a “quick tutorial” that is actually a “bad implementation with quick, sloppy code” in disguise and start curating what is already on the Web. We can then concentrate on the next level tutorials.

I think Web-based education will be a big thing in the near future, and creating a new generation of Web makers6 should be on all of our agendas. We do this with tools, great documentation and frameworks, and not with a “write this, it is awesome” approach.


Footnotes Link

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6

↑ Back to top Tweet itShare on Facebook

Chris is a Developer Evangelist living in London, England, who writes about Javascript development, accessibility, and all things open web. After several years evangelizing at Mozilla Foundation, he's now working at Microsoft's EdgeDev team.

  1. 1

    Cheers matey for spouting about what I thought in my head after reading it. I also thought it was maybe too much of a beginners article – that type of article should be left to the books, so that bloggers can concentrate on the real stuff like security and new technology.

  2. 2

    100% agree. PHP community suffers the most because of such tutorials.

  3. 3

    I agree totally.

    Even though the warnings are there, I can guarantee a lot of people have the code on their live box, or people will use it in the future.

    As a beginner myself, it’s often hard to find reputable tutorials that don’t teach bad practices.

    If it would have been split into manageable sections covering each technology rather than cramming it all into one, it would have been much better + easier to understand.

  4. 4

    Agree with the security aspect. Even in my formation, our teacher did not tell us much about security, everything I’ve been learning so far was due to my constant search for best practices/solutions and through some security issues found in some sites in the company I work for.

    I believe security is a very serious issue in PHP, especially when it’s so easy to get started and overlook the flaws in our code.

    “It works, right? Then put it live”.

  5. 5

    Hmm, theory or practical sciences. This is a tough one. Teachers tend to lean heavily on theory as the framework of their pedagogy. What the beginner tutorials do, especially the referenced article, is precisely that: introduce the theoretical application of PHP. What you want is pure practical application, which is hard to come by in today’s methods of education.

  6. 6

    Absolutely agreed, and thank you so much for putting this out there. While I forward various of your quick tutorials and demos to my more senior students, the thought of newbies (no disrespect intended) trying to apply the techniques without understanding the underlying fundamentals makes me shudder. Copy/paste cannot replace depth of knowledge and mastery of the craft.

  7. 7

    Arnaud Brousseau

    December 27, 2011 4:55 pm

    I’d really like to agree with what is said here: let’s deliver quality content everywhere on the Web, let’s bring W3Schools down, and burn beginner tutorials to the ground for not having sufficient security warnings and details.

    However, there’s two sides to consider and I think we forget the beginners’ point of view: if “beginners tutorials” work great and drive audience, there must be a reason. And I’m sure the main one is excitement: build a super-awesome project with that-that-and-that in a matter of hours! How exciting is that, right? You can just download the files, upload to your FTP, change the images, and tadaaa, you have a cool project to show to your family and friends. We can’t just wish people walked away from this possibility.
    It might be sad, but people googling for “make an image gallery” don’t want to hear about accessibility, performance or security warnings. They want to get things done. They want this damn image gallery up, so that the family can watch and post Christmas pictures online. And there has to be websites providing this. There’s a demand, so there’s supply. We can’t stop this.

    Now, look at the positive side: if beginners are really excited and proud of what they did, they’re going to explore further and dig deeper. And eventually they’ll read a comment that points to good ressource about SQL injections. Eventually they’ll hear about accessibility and performance. So they’ll move this css to the top and js files to the bottom, they’ll add “alt” attributes to img tag, and they’ll use mysql_real_escape_string for user input.
    They’ll move one level up, absorbing one best practise at a time, with “haha!” moments glorifying their day.

    I believe the vital part of the ecosystem is the presence of pointers from one level to another. You know, the “By the way, if you want to know more about this, go check the MDN page (link)” part. Or the comments. Or Twitter discussions.
    That’s why, for instance, HTML5BoilerPlate is a fantastic piece of code: it provides loads of pointers to in-depth articles and ressources in its comments, for the developers who want to know more about the “why”.

    So yes, 100% agreed, let’s try to build awesome documentation, frameworks and tools. And let’s point to them as often as we can, dropping a comment when we feel there’s something missing.
    But we can’t blame beginners tutorials. They are tremendously useful: they ignite this initial flame that brings more and more people to tackle Web development.
    Those people (and I was one of them a few years back!) are not going to read MDN or kick-start their project with HTML5BoilerPlate’s .htaccess. Like it or hate it, they’re going to need time, trials, and more importantly, errors to understand how important certain best practices are.

    Want to make the Web better? Drop a comment explaining why it’s bad practice to insert user input in a database without sanitizing user input. Or better: post a link to an existing ressource. That’s what happened with the Christmas Wish List article, and that’s a sign of a healthy ecosystem in my opinion :)

    – Do not forget the beginners’ point of view. They just want to build exciting things without worrying about details. There’s high demand, so there’s supply. We can’t stop this imho.
    – The vital part of the ecosystem is the presence of pointers (either in the tutorial itself, or in the comments), so that people can dig deeper, and read more advanced material if they need/want to.
    – When you see a bad tutorial, drop a comment explaining why, with pointers to good ressources. The Web already feels better :)


    • 8

      Chris Heilmann

      December 27, 2011 5:03 pm

      Yes, what you are talking about are sensible, useful beginner tutorials, and sadly enough they are very few out there. What we have to battle are the ones that give people a good feeling about bad practices.

      You hit the nail on the head with the “pointers” you talk about. I’d go as far as saying that a lack of links to other resources is an indicator of a bad tutorial.

    • 9

      Excellent post Arnaud, exactly my point of my view.

      I think people learn best in steps/iterations. There is nothing wrong with learning something new by first copying someone (warts and all).

      Sometimes its best to learn just by jumping in the deep end, and then learning from the mistakes as you go along. You get better as you go, but everyone has to start somewhere.

      Copy and paste code, though makes seasoned developers shiver, is an excellent way to get beginners to make that “first step” into coding.

      I think it is key to think from a beginners perspective, as the commented article’s title is targeted “for beginners”.

      But I absolute agree on the point about links to other resources. That should always be there to allow further exploration for the beginner.

      In the end, I’m not arguing for either quick-and-dirty beginner tutorials, or more thorough beginner tutorials that covers best practices and quality code. I’m arguing that we need both types.

      Some very interesting thoughts in this article to ponder about.

    • 10

      Thank you. As a scared beginner I was wondering about all this scary SQL injection stuff I’ve been hearing about. Thanks to you I was able to Google “SQL injection” mysql_real_escape_string. Then I saw some advanced programmers showing how to hack mysql_real_escape_string! Eek!

      I am just going to do the tutorial locally and not stress myself out!

  8. 11

    I am a PHP beginner, but I shouldn’t be.

    I started dabbling in PHP about ten years ago. As previously (and often) mentioned, it’s easy to dabble because of the gentle learning curve, and the plethora of simple tutorials.

    As my skills progressed, I began writing some increasingly complex scripts for the company where I work. A year ago, the company decided they would like to provide more online facilities for customers and, having proved myself adept in the eyes of my superiors, I was given the job.

    Unfortunately, as I have been discovering for the last year, everything I thought I knew was wrong; or at least, not right.

    I thought msql_real_escape_string() was the ideal solution to SQL injection vulnerabilities. I thought md5() was the way to encrypt passwords in a database. I knew the theory behind how object-oriented code works (echo $animal->sound;) but didn’t know why one would use it, having seen only beginners’ tutorials with no real-world code examples.

    The problem with writing tutorials for beginners, it seems to me, is that saying “this doesn’t follow best practices,” or “ensure you sanitize your data” seems like an ass-covering exercise by the author (“I did warn them! Caveat emptor!”). It doesn’t actually help the beginner at all. People need to have the “unknown unknowns” expanded into “known unknowns”.

  9. 12

    An excellently written article explaining some extremely valid points without unnecessarily disparaging the reference article. With a ubiquitous, evolving web that is constantly becoming easier to access and use, it has never been more important that both teachers and students remain aware of the importance of security, and indeed the bigger picture issues in general that can all too often take a back-seat to the ‘bang for your buck’ quick and dirty tutorials.

    It’s sad that the most popular search engine still ranks content from e.g. so highly but hopefully the community can help to combat this by making sure that whenever we are teaching beginners or hobbyists the tools of our trade, that we don’t sugar-coat the truth; knowledge, effort and understanding are required to create a quality application.

    If you’re a developer, and keep a blog to share your knowledge and understanding, that’s great. But we all need to be held to a higher standard if we are to improve the quality of both code and content on the web.

  10. 13

    While I agree with the author, it is quite interesting they made a whole article out of what was already covered in the comments. Basically this is a lamentation of what we all expected to read there. What I am wondering is why smashing hasn’t had an expert create a tutorial on how to secure your code. That article then could be linked together with any number of other basic tutorials that are short sighted in the security dept.

    I get a kick out of “programmers” calling out PHP as a big security problem because it is easy for “beginners”. The reality is, there are all sorts of security vulnerabilities created by seasoned/expert programmers in all languages on all platforms. At a previous job I worked at, there was a portal provided by a major software vendor where just a simple change of the reporting URL and you could see the salary of any one else in the organization. I am pretty sure they did not hire a PHP beginner (it was written in JSP). To say that PHP has a security problem is just being a hypocrite, because the truth is, there is not a lot of security focused training material for any language.

    So smashing, I am waiting for a good tutorial on web programming security… which we can then all move forward with getting better at coding.

  11. 14

    “Make a yummy apple pie for your Christmas dinner”
    Disclaimer: Please notice that this yummy pie is not suitable for eating. It might choke, poison or cause serious nausea to your guests.
    “Train yourself with this yummy apple pie recipe”
    Improve your pastry skills, to achieve one day the perfect apple pie.

    I know the later might not bring as many new visitors to the site like the first one might, but heck I don’t want my guests throwing up on my lovely carpet, same way the comments in the related article.
    I have a feeling that now-days authors are pushing (unconsciously?) the way they market their content, by inappropriately titling it, willing to touch a wider audience, aka search engine visitors.
    No matter how many disclaimers you make later on, you lead the visitors, casual or regular ones, into false expectations.
    Semantics are a very important part of the written language, so authors should think twice when titling their content. Yes content is king so name it properly.
    I thought most of authors and blogers got a lesson out of those listicles debates from a while ago.

  12. 16

    Although I appreciate the cautionary sentiment of this article, I am eternally indebted to the “over-reaching beginner tutorial” style in question. The fact of the matter remains that many of the technologies and techniques that we use to design and develop are scantly and confusingly documented. If the documentation for the most popular Javascript library in use today is more easily searched by raw google queries than by using it’s home site, then it shouldn’t come as any surprise that beginners might want more than can be provided by PHP’s cryptic on-line manual.

    Many of the comments here rail against the W3 school. In a field where I am expected to transition quickly from language to language, to pick up a new library and run with it, I THANK GOD for the w3chool. I can’t imagine a single site I access more frequently. Maybe some of the developers here were issued Javascript manuals with their web-hosting account, but I personally enjoy being about to retrieve all of the Date object methods with a single googly search, complete with explanations and examples.

    As far as I’m concerned, the “caution, choking hazard” warnings at the top of web articles are all that a web author should feel compelled to provide. If they go the extra mile by providing links to in depth discussions about particular security risks, then I thank them dearly. Otherwise, I will check the comments and do a little homework before planning my implementation. Condemning how-to articles on the grounds that they promote bad practice is more than elitist, it borders on asinine.

  13. 17

    Maybe after creating that tutorial, why not introduce another tutorial about: “Okay, this is how we’re gonna turn it into a production safe deployment.”? Perhaps the article would go on to explain the importance of best practices, why is it important, common mistakes and how we could do it (in simple English language, writing the article with comparison to real world scenario would help a newbie like me)

    I would love to see an article as such.

  14. 18

    Charlie Screendrip

    December 28, 2011 1:22 pm

    I don’t think we should be stopping tutorials, much like the recipe analogy above, I think it’s important to keep the introductory lessons to new features accessible to all. The fact there are security issues also leads to the lessons we all learn and difficulties we all go through whilst learning any skill – different levels of the craft.

    Curating great web documentation and then helping those docs get to the top of the Google search terms beginner coders will actually search for is probably the most efficient way to make your proposed solution happen.

    Sadly due to how rapidly best practises seem to change in development – it is likely to be very hard to teach this in schools as they are structured at the moment. As each year you would be undoing the previous year’s knowledge.

  15. 19

    Anything read on the Internet should be taken with a grain of salt…I repeat, ANYTHING read on the Internet should not be taken for fact!

    This doesn’t apply only to coding tutorials. This applies to everything. It’s the nature of the beast. If you’re blindly copying and pasting code, then shame on you! If you read an article and assume it’s 100% fact, then shame on you!

    With regards to coding, you’ve got to start somewhere…if you think that someone just starting PHP is going to do everything 100% perfectly, then you’re more clueless than the noobie reading the article. You read/watch tutorials to learn. If you instead cut and paste the tutorial code into your application and expect things to work wonderfully, then I think you deserve what you’ve got coming. Use tutorials for their intended purpose.

  16. 20

    Patrick Laughlin

    December 28, 2011 4:31 pm

    Heres the cold hard truth, IMHO:

    The entire system of online tutorials is the wrong path for a beginner. When you float from tutorial to tutorial you expose yourself to so many authors who’s background and motives could be wrong. For me, I think it is important to seek comprehensive sources of education, like books. I almost always prefer learning this stuff from volumes rather than articles because…

    1. It’s a comprehensive source that takes its time teaching you
    2. It’s much more difficult to author a book than an article. Only disciplined educators for me, thanks.
    3. Books almost always encourage breaking away and doing your own experimentation. Tutorials set too narrow of an experience.

    And as for the argument that books cannot begin to be as up to date as online tutorials, get the latest edition and consider being less obsessive about that sort of a thing because it probably isn’t as critical as you might think.

    • 21

      Patrick Laughlin

      December 28, 2011 4:36 pm

      But also, this isn’t to say that “all tutorials suck so let’s not even try.” I am just stating a preference I suppose. I look forward to seeing better tutorials out there. I just think there is much more work to be done on that front outside of just writing better content.

    • 22

      Two problems with books meant to teach code (PHP, specifically):
      1. I have yet to find one that is readable, that can get me to chapter 3 still interested in reading the book (or even interested in learning the language).
      2. Few come with a CD that give you code you can work with, as opposed to online tutorials, virtually all of which have code you can copy, paste and play with.

      Zend has a pretty good PHP 101 series online. I swore off buying any more coding books.

  17. 23

    Could not disagree more with this article. There are always more and more things you can do to keep out hackers in a production environment, which wasnt the point of the original article. At what point do you stop with the CYA’ing in a beginners tutorial? Moreover the warning on the article (it may have been added later – I do not know) is also sufficiently clear and precise. The original article was brilliant, how beginner tutorials should be. This one is like a pure math professor saying, how can you teach addition to first graders without teaching number theory axioms.

  18. 24

    This article suffers from two major flaws – bad analogies and the author relating too much to her individual experience (“this worked for me, ergo it is the best way.”)

    Bad analogy: learning to drive. Why is it bad? Beginners (non-drivers) have a strong impetus to become a licensed driver, whether it be for business or personal reasons. They are willing to suffer through drivers ed because of how valuable driving is.

    There is no such similar feeling towards PHP (or insert any other language). Beginners either want to play with something new, or solve one specific example.

    A more apt example may be home maintenance. Much like the referenced article, people often just want to solve one particular issue when they search for home maintenance articles. The water heater pilot light just went out, or they need to replace doorknob. They don’t care about the underlying concepts of thermodynamics or woodworking, they just need to know the pertinent information for the task at hand. If they then want to get more into crafting / construction skills, they can seek out further resources.

  19. 25

    The most true statement was “Never assume they read”. Even in designing our product at We get a lot of compliments on our simplicity. Partly because we assume that no one reads. We learned that early on.

    If something doesn’t work people are just going to assume you did something wrong and ignore the big red flashing text you put below telling them what to fix. The reality is that you need to fix your approach. :)

  20. 26

    Stuck between a rock and a hard place, huh? In every area of life, as security increases, usability decreases.

    I’ve learned that you cant please everybody, especially if you try. Which is why I love defining my audience off the bat and -if possible- stating who the ideal audience is in the article.

    I hate disclaimers. They are so clunky and un-elegant. They waste precious time.

    Anyways. Long time reader, first time commenter. Thnx for pulling me out of my shell :-)

  21. 27

    It is certainly a problem that the immediacy of the web forces people to believe that they can learn as quickly as they can read an article or tutorial.

    Obviously we can’t suppress the amount of oversimplified, fragmented tutorials available.

    Here’s an idea:
    A reputable source that serves as a “guide” to other online tutorials about development or web design (the genres covered could expand indefinitely).
    Or maybe we can assign universal “badges” that authors can/should use to designate what kinds of prerequisites you should have before attempting the tutorial, and the badges link to an overview of tutorials you SHOULD check out.

    So, hypothetically, you’re about to read a tutorial and it starts with, “Prerequisites: thorough knowledge of PHP” you can click and see some other material that can help you obtain a “thorough knowledge of PHP”. And maybe the badges are hot and everyone wants to use them when they write, because it gives some legitimacy to their post.

    Hey, maybe the team at Carsonified / Treehouse can get involved!

  22. 28

    It’s a mixed bag. Beginners have to have somewhere to start that doesn’t involve too much weighing their shoulders down. But that also means leaving out critical features because they’re advanced, hoping to inject them later as the learner becomes more adept. This is common in many areas of study.

    In the end, I know all the experts and advanced people feel the need to prevent as many future bad coders as possible, and we should. But we can never stop them from existing at all. Face it, human beings are lazy. Even a lot of the people who think they’re good have some practices others would frown upon. Most people fall into the bell curve, even the preachers. Some people will always take the easy route, tutorials notwithstanding. I think his disclaimer was sufficient. I’m happy if he says, “Don’t go out and make live sites using this. Just use it as a taste before learning more.” A lot of people don’t think that’s enough.

  23. 29

    Doesn’t the tone of this article strike anyone else as:

    “Oops, we published an article that we didn’t thoroughly vet and may damage our brand, so rather than say we were at fault as a magazine, let’s trash the author.”

    If I was the original author, I’d be all, “What the hell, Smashing Magazine?” Didn’t this happen recently with another article? Where it was trashed with a follow-up article? Should articles on Smashing Magazine be considered something like the opinion section of a newspaper? Should this article here be something like a letter from the editor?

    Because a reader probably won’t know Smashing Magazine’s relationship with authors, or the author of this post’s relationship with Smashing Magazine, it’s unclear what the authority of this post is. If the author is not an actual authority with the magazine (which is possible), then we’re left with simply two competing opinions. In one article, an author attempts to educate a beginner. In the second, an author rips on the method of education of the other author, instead of offering a different kind of tutorial. That both are posted equally on Smashing Magazine without context or clarification only points to the magazine being a clusterfuck of organizational structure and editorial review.

    So, who’s at fault here for the previous content (if there is any “fault” to be assigned)? This article undermines contributors to the magazine in a sloppy and unprofessional way. The fact that it exists, whilst claiming that all articles are reviewed by professionals, is what REALLY undermines Smashing Magazine’s credibility and damages the brand, not the previous tutorial.

    • 30

      Couldn’t agree more, shocking treatment of the author by SmashingMag.

      It’s like you’ve half put your hands up to take responsibility and then whipped them down and trashed the author instead. As a fellow publisher albeit in a totally unrelated sector, a few things would have occurred to me:

      – first time author
      – potentially sensitive/tech related topic

      Christmas rush or not, if I was too busy I’d have simply held it back given the above.

      This debacle following on from allowing an opinion piece that publicly trashed the website of perfectly talented freelancer is the kind of thing that’s really turning me off from SmashingMag at the mo. Sort it out guys!

  24. 31

    One thing is absolutely sure: SmashingMagazine doesn’t have a single grammar/spelling/punctuation expert, that’s for sure. A lot of articles have so many grammar mistakes, it makes it so much harder to read. Using “an” where you should have used “a” totally screws up the flow of reading. Upon that there are many more.

    Here’s another: “out of a sudden”…. I think you meant “all of the sudden”

    • 32

      oh come on! You are getting something for free, and I bet you have no idea how much of human effort is applied for creating one single article. A person who wants to genuinely learn things will do under any circumstances and wont complain silly grammar errors..

      • 33


        January 12, 2012 6:13 am

        Bad grammar = wasted time. For example, I had to read your reply three or four times to make sure I understood it. “how much of human effort is applied for creating one single article” — are you kidding me? People who write well SPEND TIME WRITING. (Unlike, say, you.) we know how much time and effort is involved because we actually expend time and effort making sure we can be understood.

  25. 34

    I hate it when people publish code that is incomplete or full of bad practices. It is a huge disservice. Do it the right way or don’t publish it.

    Thanks for the followup article.

    I think they the web community naturally does a pretty good job of pointing out issues with code. It can get tricky when something doesn’t have a comment section though.
    If you own any OReilly books there is a nice community errata for each book.

    So, if you see something fishy in your favorite code, say something for the beginners out there. Thanks.

  26. 35

    Patrick Samphire

    December 30, 2011 8:43 pm

    I’m not 100% opposed to this type of tutorial, but I think if authors are going to post beginners tutorials that omit security or which don’t work fully, they owe it to their readers to make a secure, functioning version of the code available for download and use at the end of the article. Interested readers can then further research the bits that aren’t explained.

    There are two reasons for this:

    1) No matter how many disclaimers the author uses, the code will be copied and used in production by lazy visitors, and the web does not need more insecure, no-functioning applications and websites;
    2) It is very difficult–nearly impossible–for beginners to know exactly what *is* missing from the introductory code in order to make it secure and functioning. Trying to research something when you don’t even know what the something is is massively difficult, particularly for beginners, who won’t know where to start.

  27. 36

    So, the original article had a few problems with it, but is there really a need to come down this hard on the author? This follow up goes on and on (and on) about the same points for way too long without adding much to the discussion. Yes, it is better to take security in to consideration from the start. We get it in the first paragraph and you didn’t have to say the same thing over and over.

    If there is anyone to blame it is Smashing for publishing the article without editing it beforehand. They shouldn’t try to pass the blame on to the original author. I feel really bad for him after reading this diatribe.

    And, by the way, this follow up shows a really poor understandning of the science of learning.

  28. 37

    Sorry Christian but i think you spent precious time in arguing against a wall. That post is only a post. It you want you read it or not. Not every article needs to be a thesis and ‘perfect’.

    What is really interesting, and i am serious, is how many visits the post has got the article since yours. May be you could write a new article ‘controversy increases by 50% yours visits’

  29. 38

    its harder to find the patience to learn about security AND uploading / login. so which is cooler? uploading / login!! it sounds like more fun than security. give people a comment box and some of them will whine.


↑ Back to top