Skip to content

Instantly share code, notes, and snippets.

View joepie91's full-sized avatar

Sven Slootweg joepie91

723 followers · 2 following
View GitHub Profile
@joepie91
joepie91 / you-dont-need-a-blockchain.md
Last active March 1, 2024 03:36
You Don't Need A Blockchain

You don't need a blockchain.

If you're reading this, you probably suggested to somebody that a particular technical problem could be solved with a blockchain.

Blockchains aren't a desirable thing; they're defined by having trustless consensus, which necessarily has to involve some form of costly signaling to work; that's what prevents attacks like sybil attacks.

In other words: blockchains must be expensive to operate, to work effectively. This makes it a last-resort solution, when you truly have no other options available for solving your problem; in almost every case you want a cheaper and less complex solution than a blockchain.

In particular, if your usecase is commercial, then you do not need or want trustless consensus. This especially includes usecases like supply chain tracking, ticketing, and so on. The whole *p

@joepie91
joepie91 / getting-started.md
Last active February 21, 2024 14:45
Getting started with Node.js

"How do I get started with Node?" is a commonly heard question in #Node.js. This gist is an attempt to compile some of the answers to that question. It's a perpetual work-in-progress.

And if this list didn't quite answer your questions, I'm available for tutoring and code review! A donation is also welcome :)

Setting expectations

Before you get started learning about JavaScript and Node.js, there's one very important article you need to read: Teach Yourself Programming in Ten Years.

Understand that it's going to take time to learn Node.js, just like it would take time to learn any other specialized topic - and that you're not going to learn effectively just by reading things, or following tutorials or courses. _Get out there and build things!

@joepie91
joepie91 / express-server-side-rendering.md
Last active February 20, 2024 20:52
Rendering pages server-side with Express (and Pug)

Terminology

  • View: Also called a "template", a file that contains markup (like HTML) and optionally additional instructions on how to generate snippets of HTML, such as text interpolation, loops, conditionals, includes, and so on.
  • View engine: Also called a "template library" or "templater", ie. a library that implements view functionality, and potentially also a custom language for specifying it (like Pug does).
  • HTML templater: A template library that's designed specifically for generating HTML. It understands document structure and thus can provide useful advanced tools like mixins, as well as more secure output escaping (since it can determine the right escaping approach from the context in which a value is used), but it also means that the templater is not useful for anything other than HTML.
  • String-based templater: A template library that implements templating logic, but that has no understanding of the content it is generating - it simply concatenates together strings, potenti
@joepie91
joepie91 / .md
Last active February 8, 2024 17:12
Running a Node.js application using nvm as a systemd service

Read this first!

Hi there! Since this post was originally written, nvm has gained some new tools, and some people have suggested alternative (and potentially better) approaches for modern systems. Make sure to have a look at the comments to this article, before following this guide!

The original article

Trickier than it seems.

@joepie91
joepie91 / .service
Last active February 4, 2024 22:34
systemd service file example for Node.js
[Unit]
After=network.target
Description=Hello World App
[Service]
Environment="NODE_ENV=production"
ExecStart=/usr/bin/node /home/foo/test/index.js
Restart=on-failure
User=foo
@joepie91
joepie91 / normies-just-dont-care-about-privacy.md
Last active December 31, 2023 12:42

Normies just don't care about privacy

If you're a privacy enthusiast, you probably clicked a link to this post thinking it's going to vindicate you; that it's going to prove how you've been right all along, and "normies just don't care about privacy", despite your best efforts to make them care. That it's going to show how you're smarter, because you understand the threats to privacy and how to fight them.

Unfortunately, you're not right. You never were. Let's talk about why, and what you should do next.

So, first of all, let's dispense with the "normie" term. It's a pejorative term, a name to call someone when they don't have your exact set of skills and interests, a term to use when you want to imply that someone is clueless or otherwise below you. There's no good reason to use it, and it suggests that you're looking down on them. Just call them "people", like everybody else and like yourself - you don't need to turn them into a group of "others" to begin with.

Why does that matter? Well, would *y

@joepie91
joepie91 / hydra.md
Created November 26, 2017 09:31
Hydra notes

Just some notes from my attempt at setting up Hydra.

Setting up on NixOS

No need for manual database creation and all that; just ensure that your PostgreSQL service is running (services.postgresql.enable = true;), and then enable the Hydra service (services.hydra.enable). The Hydra service will need a few more options to be set up, below is my configuration for it:

    services.hydra = {
        enable = true;
 port = 3333;
@joepie91
joepie91 / let-sink-offers.py
Created December 17, 2013 06:37
Sunken-ness of threads in the Offers category on LowEndTalk...
import requests, time
sess = requests.Session()
sess.headers.update({"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1650.63 Safari/537.36"})
base_uri = "http://lowendtalk.com"
# First page
json = sess.get("%s/categories/offers.json" % base_uri).json()
@joepie91
joepie91 / 00_warning.md
Last active October 5, 2023 21:24
Asynchronous fs.exists

Important warning

You should almost never actually use this. The same applies to fs.stat (when used for checking existence).

Checking whether a file exists before doing something with it, can lead to race conditions in your application. Race conditions are extremely hard to debug and, depending on where they occur, they can lead to data loss or security holes. Using the synchronous versions will not fix this.

Generally, just do what you want to do, and handle the error if it doesn't work. This is much safer.

  • If you want to check whether a file exists, before reading it: just try to open the file, and handle the ENOENT error when it doesn't exist.
  • If you want to make sure a file doesn't exist, before writing to it: open the file using an exclusive mode, eg. wx or ax, and handle the error when the file already exists.
@joepie91
joepie91 / wildcard-certificates.md
Last active September 16, 2023 18:11
Why you probably shouldn't use a wildcard certificate

Recently, Let's Encrypt launched free wildcard certificates. While this is good news in and of itself, as it removes one of the last remaining reasons for expensive commercial certificates, I've unfortunately seen a lot of people dangerously misunderstand what wildcard certificates are for.

Therefore, in this brief post I'll explain why you probably shouldn't use a wildcard certificate, as it will put your security at risk.

A brief explainer

It's generally pretty poorly understood (and documented!) how TLS ("SSL") works, so let's go through a brief explanation of the parts that are important here.

The general (simplified) idea behind how real-world TLS deployments work, is that you: