Hacker News new | past | comments | ask | show | jobs | submit login
National (JavaScript) Security Agency (nsa.gov)
48 points by thewavelength on May 6, 2016 | hide | past | web | favorite | 39 comments

I feel sorry for the people who wrote this.

Which one of us would want a code review by people who did not understand the requirements given by "the client" done on the front page of HN?

While this code is pretty bad, I'm going to guess that the NSA reserves their best IT folks for... you know... the assignments other than their public facing website.

Agreed, this code was probably written by a contractor rather than one of their mathematicians I'd imagine

Have you seen mathematicians write code? For a website? We hired a few (we're in the crypto business) and we don't let them near production code. Ever.

General observation, mathematicians excel at functional v. imperative, partially because so many functional concepts are grounded in mathematics/logic.

Honestly, it's... not terrible? It's hackish, sure, but the NSA website's frontend isn't a huge app where good software engineering needs to be practiced - the code does what it needs to do, was likely written quite quickly, and doesn't need the likes of webpack to build.

In my core projects I'll use Ember or React+Redux, but where I just need a couple hundred lines of one-off code for e.g. a marketing site... why not some hackish jQuery?

// start comment block

That's some properly documented code !

// end comment block


    // title update
    try {
    } catch(e) {}

    //  titleUpdate()
    //update title to include " - NSA.gov" on all subpages
    function titleUpdate() { ... }

Looks like it was written by a VB programmer, who's missing "on error resume next" in JS.

A lot of popular websites have pretty crappily written JS code. The reason it's not noticed is that usually it's served compressed. The reason why it's crappy is that the bulk of functionality is implemented server-side, and the person who ends up writing that code is primarily a server-side programmer who half-asses a JS snippet to finish the feature, and then since it works, it is never refactored. It's not "real programming" anyway ;)

I would like to see a website with very good javascript code.

I feel like it's basically impossible to write JS and have 10 or more people with 3-5+ years go "Yeah, I can't improve this at all and it's extremely clean".

About a year a ago, started from scratch writing a front-end client SPA for web-based software -- it's a custom framework built around Backbone.js and jQuery, written in CoffeeScript. The .coffee files are beautiful, and on save a shell script automatically compiles all the .coffee files down to a single JavaScript file that I would describe as good JavaScript code.

Not open source, so no demo, but it's definitely possible to create good JS.

What would be the reason for this:

// analytics disable if url contains underscore try { if(window.location.href.indexOf('_') > 0) {window['ga-disable-UA-20753548-1'] = true;} } catch(e) {} });

It seems like they store files (presumably both internal and public) under https://www.nsa.gov/ia/_files/ so I guess it's the way they represent their non-indexable urls.

The if condition is wrong. This is why functions like indexOf should return a tuple of a boolean and an offset instead of encoding "not found" by returning -1.

The if condition should use >= rather than >, but it otherwise makes sense.

I'm not arguing in favor of writing it that way, but I might argue it's not incorrect as written. location.href can never start with an underscore.

A regex on location.pathname would sure be a lot clearer to read, though.

My guess is that there is a test scenario in which they don't want google analytics to load?

They should add a comment ad in there at the bottom saying

        Smarter than that stuff?
        Come work for us.

/* Smart enough to not want to work for you sick bastards */

And then I visited their homepage and found the UI to be uglier than the code.

> assets/js/main.js

I smell rails

Default Rails would be assets/javascripts/application.js

JavascriptS? Plural? Interesting.

I also got intrigued when a fellow colleague used that nomenclature (folder called "javascripts", as well as "stylesheets", inside an "assets" folder).

Don't forget CSSes.

Is smelling rails a bad thing? (Genuine question)

Nope, I don't think so. I am a rails developer myself. It might have sounded a bit condescending...

Stop advertising the NSA please

This surely isn't advertisement. The code is terrible.

Try-catch jungle, ad-hoc URL manipulation, lack of caching, writing/constructing HTML in strange places, weak comparison operators in dangerous places (string vs lunch), etc.

As well as declaring variables in if blocks

if (!undeclaredVariable) { var undeclaredVariable = false; }

Yes. I'm very glad with the addition of 'let' to ES.

Yeah but when visiting in Lynx, it displays fine. Lynx is the yardstick I use to judge a website. There are countless .GOV sites like this made on old Windows 2000 machines with Frontpage installed, but my point is the information is still communicated. It probably doesn't matter about some spagetti JS lumped in. I assume any sensible person will have JS turned off when visiting a URL like that anyway...

:) man have you even met today's web developers? Turning off js is like asking them to work in assembly. Now that Google has gone and built everything the OS does, into the browser the mordern day web dev is programmed to think that they exist to rebuild desktop apps in the browser. Communicating information simply in plain text is the last thing on their minds.

> have you even met today's web developers? Turning off js is like asking them to work in assembly.

To be fair asking them to build apps that don't require JS is like the old man yelling to get off their lawn :)

It's hard maintaining two ways of doing things and it's not always easy to make them both use the same avenue. I'm getting to the point where I honestly don't care either way.

.gov websites are supposed to be ADA Section 508-compliant, so most of them do work in Lynx.

I see. I think it's important to make websites work well for as many clients as possible, including lynx. Ideally, JavaScript should only be used for enhancement of necessary interactivity. But when a choice is made in favor of some technology, I like to see it used properly. In this case maintainability, performance and robustness could benefit from improving this code.

The point here isn't how well it works but the interesting style of code.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact