Raymond Chen's lessons

A random collection of wisdom from Raymond Chen and The Old New Thing. I plan to keep this updated as I discover/remember more of them. Windows doesn’t have an expert mode because you are not an expert. This is just the Dunning-Kruger effect in play: people who are not experts pretty much by definition lack […]

The Case Against Exceptions

Goto statements went out of style in the 60s, relegated today to be the prototypical example of bad coding. Yet hardly anyone seems to be bothered by exceptions, which do basically the same thing. Used improperly, exceptions behave like goto statements and can be just as bad. Exceptions essentially allow you to move error handling […]

Understanding Google's Bug Bounty Program

Some people have taken Google’s idea of offering security bug bounties, and taken them to their logical conclusion: why stop at security bugs? Why not incentivize reporting of ALL software bugs with bounties? Aren’t other companies cheap for not offering bug bounties? Questions along these lines misunderstand how software development works. Engineers don’t sit on […]

OAuth Hell

It’s a pretty sad fact that OAuth has come to be a de-facto industry standard for API authentication, because OAuth is so broken. Before OAuth, creating and consuming APIs across services was hell. We mostly just did stupid stuff like asked users for their passwords, so we could log in on their behalf and maybe […]