Porting old posts, part 2
I'm continuing my efforts to port over and update my old blog content. The previous episode is here.
We're still in the first few weeks of me blogging; I was pumping out articles at a rate I now consider to be quite ridiculous, but it was how I thought I was going to get readership. (And I suppose it worked.)
Here we see the emergence of some common themes throughout this blog: security-through-design, the impact of design choices on collection types, and digging into the minutia of specifications.
Why does VBScript have Execute, ExecuteGlobal and Eval?
JScript eval redux, and some spec diving
The requirement that JavaScript have an eval really limits how you can design both the language proper and its runtime implementation. In this case though we had the opposite problem; the design of the language influenced the API design for the evaluator, when we decided to add the same functionality to VBScript.
The second article was mostly a waste of time and effort; this was the second time that the original designer of JavaScript and later CEO of Mozilla who stepped down after supporting anti-equality initiatives in California, told me I was wrong, wrong, wrong, though in this case I never understood his criticism; the spec language seems straightforward to me.
JScript and VBScript Arrays
"For Each" vs. "for in"
Running Me Ragged
The design factors inherent in array/dictionary/lookup/whatever data structures are of fundamental importance to computer programming; here I look at two things that could not be more different but have the same name.
Hi, I'm Eric and I'll be your software developer this evening
This rant expressed a theme I frequently come back to: take responsibility for your mistakes! We all make them, and we'll do better as individuals and as an industry if we learn from each other. Speaking of mistakes:
They call me "LoadPicture Lippert"
Error messages considered harmful
These mistakes were absurdly unprofessional; I was very green and should have had more adult supervision. But I learned a lot from them. Most importantly: the same tools we build to make developers' lives easier also make attackers' lives easier, so be careful.
I'm a traveling man, don't tie me down
Though obviously I do not rent DVDs anymore, this is one of those "everyday algorithms" that I still use for common tasks.
Evil Security Twin Powers" Activate!
More on Certificates and Trust Decisions
Security professionals use jargon that can be very accessible, but it's important to get it all straight. Just yesterday I was in a meeting where someone used "safe" to mean "compliant with policy" rather than "unable to harm the user", and I found it quite confusing.
Bankers' Rounding
What could numeric rounding possibly have to do with MS-DOS?
Why is a simple mathematical operation so tricky to get right? This is one of those human factors in API design, where we've got to think about how people's mental model is going to go wrong.
More to come!