Returning 403 or 404 - that is the question

I think it is safe to say that anybody who is serious about security will tell you that security through obscurity is no security. Yet a lot of people think obscuring is a great way to increase security like for example return 404 rather than 403 on REST APIs when the caller does not have rights to retrieve an existing resource.


Enumerating dictionaries

When people work with the Dictionary class in .Net there are two common assumptions that I see used a lot. Worst part is that these assumptions are both wrong.


The ultimate programming language

One of my favorite bloggers had an article last month that resulted in a rather interesting conclusion; that the ultimate programming language is a language without a lot of features most developers take for granted.


Email as password manager?

A lot of people these days rely on some (software) password manager to keep track of all different passwords you need. Obviously there are two risks with this approach.


To await or not to await - that is the question

One question that comes up quite often is if you should always use async/await or not. Sadly enough the answer is not simple because there is a trade-off between performance and ease of understanding exceptions.


Yet another estimation rant

Lately I've been discussing estimation a lot with both colleagues and friends so I guess it is time to go at it again. As I've mentioned several times before; I'm not a believer in estimates. The process of estimating is good in order to understand and break down complex problems but the estimate itself as limited (if any) value in my opinion.


Don't let your constructor create the world around it

I recently listened to a developer podcast about the async/await feature in .Net. And I was terrified when the host asked about using those key words in the constructor.


Advanced breakpoints

I try to live by the motto; starting the debugger is a failure when it comes to code I write. That means that through logging and just reading the code it should be possible to figure out what is going on in my code. However quite often I have to work with code I did not write and then some advanced breakpoint tricks come in handy.


Proper collection implementation in .net

Most people I've worked with that needed a collection of some sort have implemented the collection by inheriting from one of the standard collection classes. This is however typically not the right thing to do since you expose more functionality than you really want in many cases.


Why refactoring user stories is a bad idea

There is this old article that I wanted to discuss for a while and now is the time. If you'd rather say technical dept user story instead of refactoring that is ok. The logic applies to both.