Skip to content

Instantly share code, notes, and snippets.

Sven Slootweg joepie91

Block or report user

Report or block joepie91

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@joepie91
joepie91 / vpn.md
Last active Nov 21, 2019
Don't use VPN services.
View vpn.md

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

A Russian translation of this article can be found here, contributed by Timur Demin. There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

Why not?

@joepie91
joepie91 / genius-programmer.md
Last active Nov 18, 2019
The One Secret Trick To Becoming A Genius Programmer
View genius-programmer.md

The One Secret Trick To Becoming A Genius Programmer

Okay, the title of this post is a bit of a lie. There's no one secret trick to becoming a genius programmer - there are two, and they're more habits than tricks. Nevertheless, these kind of 'secret tricks' seem to resonate with people, so I went for this title anyway.

Every once in a while, a somewhat strange thing happens to me. I'll be helping somebody out on IRC - usually a beginner - answering a number of their questions in rapid succession, about a variety of topics. Then after a while, they call me a "genius" for being able to answer everything they're asking; either directly, or while talking about me to somebody else.

Now, I don't really agree with this "genius" characterization, and it can make me feel a bit awkward, but it shows that a lot of developers have a somewhat idealistic and nebulous notion of the "genius programmer" - the programmer that knows everything, who can do everything, who's never stumped by a problem, and of which ther

@joepie91
joepie91 / wildcard-certificates.md
Last active Nov 14, 2019
Why you probably shouldn't use a wildcard certificate
View wildcard-certificates.md

Recently, Let's Encrypt launched free wildcard certificates. While this is good news in and of itself, as it removes one of the last remaining reasons for expensive commercial certificates, I've unfortunately seen a lot of people dangerously misunderstand what wildcard certificates are for.

Therefore, in this brief post I'll explain why you probably shouldn't use a wildcard certificate, as it will put your security at risk.

A brief explainer

It's generally pretty poorly understood (and documented!) how TLS ("SSL") works, so let's go through a brief explanation of the parts that are important here.

The general (simplified) idea behind how real-world TLS deployments work, is that you:

@joepie91
joepie91 / delay-promise.js
Last active Nov 13, 2019
ES6 Promise.delay
View delay-promise.js
module.exports = function(duration) {
return function(){
return new Promise(function(resolve, reject){
setTimeout(function(){
resolve();
}, duration)
});
};
};
View gist:606cd5a48987c484bce027c10f268282
Loader utils
- parseString: Parse a given string as if it were a JSON-encoded string, mapping single-quote string boundaries to double-quote boundaries or just flat-out making up those boundaries, so that JSON.parse doesn't complain. If cannot be parsed as JSON, just return the string as-is. Seems to be used to decode escape codes in a variety of (non-JSON) strings.
- urlToRequest: "Converts some resource URL to a webpack module request."
- isUrlRequest: "Before call urlToRequest you need call isUrlRequest to ensure it is requestable url"
Docs here: https://www.npmjs.com/package/icss-utils
=====================
PostCSS
@joepie91
joepie91 / express-server-side-rendering.md
Last active Nov 10, 2019
Rendering pages server-side with Express (and Pug)
View express-server-side-rendering.md

Terminology

  • View: Also called a "template", a file that contains markup (like HTML) and optionally additional instructions on how to generate snippets of HTML, such as text interpolation, loops, conditionals, includes, and so on.
  • View engine: Also called a "template library" or "templater", ie. a library that implements view functionality, and potentially also a custom language for specifying it (like Pug does).
  • HTML templater: A template library that's designed specifically for generating HTML. It understands document structure and thus can provide useful advanced tools like mixins, as well as more secure output escaping (since it can determine the right escaping approach from the context in which a value is used), but it also means that the templater is not useful for anything other than HTML.
  • String-based templater: A template library that implements templating logic, but that has no understanding of the content it is generating - it simply concatenates together strings, potenti
@joepie91
joepie91 / you-dont-need-a-blockchain.md
Last active Nov 10, 2019
You Don't Need A Blockchain
View you-dont-need-a-blockchain.md

You don't need a blockchain.

If you're reading this, you probably suggested to somebody that a particular technical problem could be solved with a blockchain.

Blockchains aren't a desirable thing; they're defined by having trustless consensus, which necessarily has to involve some form of costly signaling to work; that's what prevents attacks like sybil attacks.

In other words: blockchains must be expensive to operate, to work effectively. This makes it a last-resort solution, when you truly have no other options available for solving your problem; in almost every case you want a cheaper and less complex solution than a blockchain.

In particular, if your usecase is commercial, then you do not need or want trustless consensus. This especially includes usecases like supply chain tracking, ticketing, and so on. The whole *p

@joepie91
joepie91 / .md
Last active Nov 5, 2019
A *complete* listing of operators in Nix, and their predence.
View .md

Lower precedence means a stronger binding; ie. this list is sorted from strongest to weakest binding, and in the case of equal precedence between two operators, the associativity decides the binding.

Prec Abbreviation Example Assoc Description
1 SELECT e . attrpath [or def] none Select attribute denoted by the attribute path attrpath from set e. (An attribute path is a dot-separated list of attribute names.) If the attribute doesn’t exist, return default if provided, otherwise abort evaluation.
2 APP e1 e2 left Call function e1 with argument e2.
3 NEG -e none Numeric negation.
4 HAS_ATTR e ? attrpath none Test whether set e contains the attribute denoted by attrpath; return true or false.
5 CONCAT e1 ++ e2 right List concatenation.
6 MUL e1 * e2 le
@joepie91
joepie91 / .md
Last active Nov 4, 2019
Running a Node.js application using nvm as a systemd service
View .md

Read this first!

Hi there! Since this post was originally written, nvm has gained some new tools, and some people have suggested alternative (and potentially better) approaches for modern systems. Make sure to have a look at the comments to this article, before following this guide!


The original article

Trickier than it seems.

@joepie91
joepie91 / random.md
Last active Nov 4, 2019
Secure random values (in Node.js)
View random.md

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

You can’t perform that action at this time.