Are exceptions as control flow considered a serious antipattern? If so, Why?

Back in the late 90’s I worked quite a bit with a code base that used exceptions as flow control. It implemented a finite state machine to drive telephony applications. Lately I am reminded of those days because I’ve been doing MVC web apps.

They both have Controllers that decide where to go next and supply the data to the destination logic. User actions from the domain of an old-school telephone, like DTMF tones, became parameters to action methods, but instead of returning something like a ViewResult, they threw a StateTransitionException.

I think the main difference was that action methods were void functions. I don’t remember all the things I did with this fact but I’ve been hesitant to even go down the road of remembering much because since that job, like 15 years ago, I never saw this in production code at any other job. I assumed this was a sign that it was a so-called anti-pattern.

Is this the case, and if so, why?

Update: when I asked the question, I already had @MasonWheeler’s answer in mind so I went with the answer that added to my knowledge the most. I think his is a sound answer as well.

Why is the Ubuntu terminal on Windows considered better than the Ubuntu terminal on a strictly Linux distribution?

I’m new to this Linux stuff… I may have a fundamental misunderstanding, but I need some clarification on why getting the Ubuntu app on windows and using that terminal is so inferior (according to other Linux developers) than actually dual booting or solely using the Ubuntu distribution. Thanks.

What are considered best practices when designing data tables?

I’ll soon be tasked with designing data tables with a ton of data. I’d really appreciate it if you guys could point me in the right direction. I’ll share some of the links I’ve found while researching.


Is a 10th level transmuter considered a shapechanger for the purpose of effects such as Moonbeam?

Spells such as Moonbeam specifically affect creatures with the “Shapechanger” tag, such as lycanthropes. As per this previous question, the ability to change one’s shape through class features is not sufficient to be considered a shapechanger.

However, upon reaching the 10th level, transmutation specialist wizards literally receive the “Shapechanger” class feature, granting them the ability the polymorph themselves with greater ease. This feature’s description is obviously adapted for player characters, but is otherwise similar to the “shapechanger” feature found in the stat blocks of creatures with the shapechanger tag.

In this context, would possessing the “Shapechanger” feature through the wizard class mark you as a “shapechanger” for the purpose of spells such as Moonbeam?

Should product scopes and/or project scopes be considered for small internal development work

tl;dr: I work at a small company with a development team of 5-10 people, lately we have been asked to present “scope documents” for effectively all of our work before we carry out the actual work, with seemingly no regard given for the magnitude of work required.

I worry that I am often spending more time writing scope documents about small enhancements than I am actually performing the enhancement.

Before I explain my question better, let me establish a few baseline viewpoints on the situation.

I understand creating these documents can be considered training exercises for when the team grows larger and the current members take on lead roles. I am not against this and I think it’s a valuable training experience. I just feel that the documents aren’t always necessary which may lead to wasted time, being a small company it feels we are already pressed for time and resources.

I understand a product and/or project scope is absolutely necessary when beginning an endeavor on an entirely new product, I can also recognize the importance of the documents in maintaining order in a structured and distributed development team (many team members + project leader). And of course scopes are absolutely mandatory when dealing with 3rd party customers wishing to contract our development work.

I understand the need to ensure that a developer fully understands the request before engaging in work, however I am left asking myself whether or not these small enhancements, even if misunderstood, could end up taking more time than it takes to write, review, revise, and signoff the respective scope documents.

With the above understanding in mind, excuse the length of this post, but to describe my issues:

My questions come about in situations where our development team is applying relatively small enhancements to our own internal software. Small enhancements such as adding a single new button to a web UI that performs a simple operation, or adding a new action handler (basically 1 function) to a backend system.

These small enhancements may indirectly bring in revenue as they increase the value of our product, but we aren’t directly selling these new enhancements independently. This leaves little room for any sort of scope regarding cost vs return.

All that is left is a scope detailing the expected outcome, why we’re doing it, and the expected hourly work breakdown (which is often hugely over-estimated). These documents will sometimes go back and forth with discussion over small issues which could often have been applied to the enhancement after it was completed anyway, revisions will be made to the documents to reflect the decisions made in this process.

I can’t help but feel like we are wasting a lot of valuable developer time writing these documents, where the minor enhancement could go through a first iteration of development in the same amount of time it takes to write the initial document. Then the time spent reviewing the document could instead be spent reviewing the code, and instead of revising the document time could be spent revising and finalizing the code — the end result in this situation (to me) is a enhancement which took almost exactly as long as the scope/documentation phase would have taken.

My main questions being: (In the context of a small development team)

Are we taking the right approach to scoping/planning and developing?

Is there any rules of thumb that we should be following with regards to these processes?

Is there any red flags in anything above which indicates I should be looking to adjust my viewpoint on the situation?

Is there any way I can improve the situation while keeping everybody happy?

All insight would be greatly appreciated.

Are all anchor tag href attributes considered XSS vulnerabilities?

I’ve got an app which allows users to customize the “thank you” message that is displayed to users when a form is submitted.

For the “thank you” message contents I’ve whitelisted allowable HTML tags and their corresponding attributes. One of the tags that I allow is an anchor tag and it’s corresponding href attribute, so that users can add links to their “thank you” messages.

I recently received a report from a pen-tester who claims that my thank-you form is susceptible to cross site scripting because it is possible for a user to execute JavaScript from the href tag, as such:

<a href="javascript:alert()">Is this XSS?</a> 

Any other attributes are stripped from the anchor tag.


  1. Is this technically considered XSS?
  2. If so, how can I mitigate this “attack”?

From reading this question it appears that I could require the href attribute to start with either an h or a /. Would that be sufficient?

Google location services – how many wakelocks per hour can be considered normal?

I used the BetterBatteryStats app to check what processes are using battery during inactive time and found out that alarm is used 26 times/hour.

Is this normal behaviour? Maybe there is something I can do to reduce the number of these alarms?

If the phone is really woken up 26 times per hour, that does not seem very efficient on the battery. On the other hand, BetterBatteryStats reports a quite good percentage of deepsleep, when the phone is not used (97%), but I think I had seen even better results on the same phone.

Maybe it is possible to reduce the rate, at which google tries to get the location of the device. I would like it to stop checking for my location at all, when I don’t use a navigation app, or some other location dependent app. Most of the time the GPS and internet are turned off on this phone.

Are “extended” variants of a spell considered a separate spell for the purpose of purchase?

Are “extended” versions of spells considered separate items for the purpose of purchasing spells?

For example the spell “Detect enemies” has a variant “Detect enemies, extended”, if I were to purchase “Detect enemies”, do I also get “Detect enemies, extended” for the same cost or must I purchase “Detect enemies, extended” separately?

Can the “$” symbol be safely considered as universal when making a graphic depicting money?

Want to get a sense of any best practices of using the “$ ” dollar sign in the context of an image in order to depict a universal idea of money.

UPDATE: My task was to create an icon/graphic used in an e-commerce checkout process which depicted the idea of an ‘invoice’. It had to make sense in a global context (not just USD). Here is the exploration I had done: enter image description here

And here is the icon I ended up picking (without a symbol): enter image description here

Thanks for all the insights and weigh-ins everyone offered. VERY helpful!