LinkedIn

Authentication vs Authorization: The Bouncer, The VIP Wristband, and Why Your App Needs ...

Every tutorial explains it like: "Authentication verifies identity. Authorization verifies permissions." Cool. Cool cool cool. That sentence has never helped a single human being on planet Earth ...
LinkedIn

APIs break from changing assumptions, not downtime

The assumptions point is what got me. Building my first internal system I kept writing code based on how I thought users would behave. Then I realized the system only works if those assumptions hold.