[estreeper]

> The road to "tutorial hell" is paved with blogposts and missing fundamentals

Even worse is that blog posts can have incorrect, bad, or even dangerous information. If you've just found it in a search, you have no idea of the skill level of the author.

I recently came across a post about a JavaScript WYSIWYG editor which stated that you didn't need to worry about sanitizing the HTML output from it because it took care of that for you. An attacker could of course send malicious data straight to the server or manipulate the client code however they want, so without also sanitizing on the server (also a hard problem), this opens a huge security hole. Ten years ago I probably would have naively followed this and thought everything was okay.

Tutorials are often useful, but they also cannot be trusted, especially without other resources. I feel I've learned the most from reading in-depth sources like official docs, specs, RFCs, or the source code of high-quality, well-maintained libraries. It can be harder at first, but I learn things I wouldn't have thought to look for, and there is something of a consistency in presentation (at least by comparison) that makes each additional one easier to go through.