samsch

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

• The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions

dsandif

Tutorial

This is a tutorial on hosting a static website on Amazon S3 and Cloudfront. I made this based on an Angular 6 frontend but this write up can also be used as a guide for other frameworks like React or Vue.js. This tutorial also assumes that you already have an Amazon AWS account and domain name through Google Domains or Amazon Route 53. I use Google Domains as a registrar but I will also cover using Amazon Route 53.

Hosting a static SPA on AWS is a pretty straightforward process. This guide will cover:

• Creating and configuring an S3 bucket for a Single-Page Application (SPA)
• Uploading an application to an Amazon S3 bucket
• Creating and configuring a Cloudfront Distribution
• Configuring Google Domains OR Amazon Route 53

kentcdodds

// create a React context Provider/Consumer pair that
// validates the consumer is rendered within a provider
function createRequiredContext(name) {
  const Context = React.createContext()

  function Consumer(props) {
    return (
      <Context.Consumer {...props}>
        {val => {
          if (!val) {

gaearon

Note:

When this guide is more complete, the plan is to move it into Prepack documentation.
For now I put it out as a gist to gather initial feedback.

A Gentle Introduction to Prepack (Part 1)

If you're building JavaScript apps, you might already be familiar with some tools that compile JavaScript code to equivalent JavaScript code:

• Babel lets you use newer JavaScript language features, and outputs equivalent code that targets older JavaScript engines.

sindresorhus

Gettings started writing a ESLint rule

First, take a look at the ESLint rule documentation. Just skim it for now. It's very long and boring. You can come back to it later.

ESLint rules works on the AST (Abstract Syntax Tree) representation of the code. In short, this is a tree structure that describes the code in a very verbose form. ESLint walks this tree and rules can subscribe to be notified when it hits a specific node type, like a Literal type, which could be the "hello" part of const welcome = "hello";.

Go ahead and play around with some code in AST Explorer (Make sure the parser is espree). It's a great tool!

Here are some good articles on the subject (ignore the scaffolding parts):

• https://insideops.wordpress.com/2015/12/08/creating-custom-rules-for-eslint/

andymatuschak

A composable pattern for pure state machines with effects

State machines are everywhere in interactive systems, but they're rarely defined clearly and explicitly. Given some big blob of code including implicit state machines, which transitions are possible and under what conditions? What effects take place on what transitions?

There are existing design patterns for state machines, but all the patterns I've seen complect side effects with the structure of the state machine itself. Instances of these patterns are difficult to test without mocking, and they end up with more dependencies. Worse, the classic patterns compose poorly: hierarchical state machines are typically not straightforward extensions. The functional programming world has solutions, but they don't transpose neatly enough to be broadly usable in mainstream languages.

Here I present a composable pattern for pure state machiness with effects,

nepsilon

How to generate and apply patches with git?

It sometimes happen you need change code on a machine from which you cannot push to the repo. You’re ready to copy/paste what diff outputs to your local working copy.

You think there must be a better way to proceed and you’re right. It’s a simple 2 steps process:

1. Generate the patch:

git diff > some-changes.patch

alexserver

RESTful API know-how

Motivation

I place my learning process in this document with 2 motives:

1. To have a quick guide whenever I lost the track of knowledge.
2. To share the knowledge with anyone wants to learn RESTful APIs

1. Before, some theory

KyleAMathews

Disclaimer

I'm still very new to Kafka, eventsourcing, stream processing, etc. I'm in the middle of building my first production system with this stuff and am writing this at the request of a few folks on Twitter. So if you do have experience, please do me and anyone else reading this a favor by pointing out things I get wrong :)

Inspirations

• The Log — http://engineering.linkedin.com/distributed-systems/log-what-every-software-engineer-should-know-about-real-time-datas-unifying
• Turning the database inside out — http://www.confluent.io/blog/2015/03/04/turning-the-database-inside-out-with-apache-samza/
• Why local state is a fundamental primitive in stream processing — http://radar.oreilly.com/2014/07/why-local-state-is-a-fundamental-primitive-in-stream-processing.html
• Samza
• Various functional systems been exposed to over past year or so, React, Flux, RX, etc.

joseluisq

Add Git Branch Name to Terminal Prompt (Linux/Mac)

Open ~/.bash_profile in your favorite editor and add the following content to the bottom.

# Git branch in prompt.

parse_git_branch() {