Porting old posts, part 2

I’m continuing my efforts to port over and update my old blog content. The previous episode is here.

We’re still in the first few weeks of me blogging; I was pumping out articles at a rate I now consider to be quite ridiculous, but it was how I thought I was going to get readership. (And I suppose it worked.)

Here we see the emergence of some common themes throughout this blog: security-through-design, the impact of design choices on collection types, and digging into the minutia of specifications.

Why does VBScript have Execute, ExecuteGlobal and Eval?
JScript eval redux, and some spec diving

The requirement that JavaScript have an eval really limits how you can design both the language proper and its runtime implementation. In this case though we had the opposite problem; the design of the language influenced the API design for the evaluator, when we decided to add the same functionality to VBScript.

The second article was mostly a waste of time and effort; this was the second time that the original designer of JavaScript and later CEO of Mozilla who stepped down after supporting anti-equality initiatives in California, told me I was wrong, wrong, wrong, though in this case I never understood his criticism; the spec language seems straightforward to me.

JScript and VBScript Arrays
“For Each” vs. “for in”
Running Me Ragged

The design factors inherent in array/dictionary/lookup/whatever data structures are of fundamental importance to computer programming; here I look at two things that could not be more different but have the same name.

Hi, I’m Eric and I’ll be your software developer this evening

This rant expressed a theme I frequently come back to: take responsibility for your mistakes! We all make them, and we’ll do better as individuals and as an industry if we learn from each other. Speaking of mistakes:

They call me “LoadPicture Lippert”
Error messages considered harmful

These mistakes were absurdly unprofessional; I was very green and should have had more adult supervision. But I learned a lot from them. Most importantly: the same tools we build to make developers’ lives easier also make attackers’ lives easier, so be careful.

I’m a traveling man, don’t tie me down

Though obviously I do not rent DVDs anymore, this is one of those “everyday algorithms” that I still use for common tasks.

Evil Security Twin Powers… Activate!
More on Certificates and Trust Decisions

Security professionals use jargon that can be very accessible, but it’s important to get it all straight. Just yesterday I was in a meeting where someone used “safe” to mean “compliant with policy” rather than “unable to harm the user”, and I found it quite confusing.

Bankers’ Rounding
What could numeric rounding possibly have to do with MS-DOS?

Why is a simple mathematical operation so tricky to get right? This is one of those human factors in API design, where we’ve got to think about how people’s mental model is going to go wrong.

More to come!



3 thoughts on “Porting old posts, part 2

  1. > “Also note that semicolons are semi-optional” (from the VBScript eval post)


    I realize you’ve probably already created a lot of these posts, but a suggestion nonetheless: It took me a couple of articles to fully realize that the bottom of the posts are from 2019 while the main content is from 2003. You might consider adding a header of some kind over your modern commentary to indicate it’s from this year.

    I appreciate you mentioning the old comments in some of your commentary. Regardless of the legal mumbo-jumbo, I was astonished that Microsoft just discarded over a decade of comments on these blogs.

  2. Pingback: The Morning Brew - Chris Alcock » The Morning Brew #2726

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s