I’m continuing my efforts to port over and update my old blog content. The previous episode is here.
We’re still in the first few weeks of me blogging; I was pumping out articles at a rate I now consider to be quite ridiculous, but it was how I thought I was going to get readership. (And I suppose it worked.)
Here we see the emergence of some common themes throughout this blog: security-through-design, the impact of design choices on collection types, and digging into the minutia of specifications.
eval really limits how you can design both the language proper and its runtime implementation. In this case though we had the opposite problem; the design of the language influenced the API design for the evaluator, when we decided to add the same functionality to VBScript.
The design factors inherent in array/dictionary/lookup/whatever data structures are of fundamental importance to computer programming; here I look at two things that could not be more different but have the same name.
This rant expressed a theme I frequently come back to: take responsibility for your mistakes! We all make them, and we’ll do better as individuals and as an industry if we learn from each other. Speaking of mistakes:
These mistakes were absurdly unprofessional; I was very green and should have had more adult supervision. But I learned a lot from them. Most importantly: the same tools we build to make developers’ lives easier also make attackers’ lives easier, so be careful.
Though obviously I do not rent DVDs anymore, this is one of those “everyday algorithms” that I still use for common tasks.
Security professionals use jargon that can be very accessible, but it’s important to get it all straight. Just yesterday I was in a meeting where someone used “safe” to mean “compliant with policy” rather than “unable to harm the user”, and I found it quite confusing.
Why is a simple mathematical operation so tricky to get right? This is one of those human factors in API design, where we’ve got to think about how people’s mental model is going to go wrong.
More to come!