Skip to content

Instantly share code, notes, and snippets.

View julianlam's full-sized avatar
🤔
I may be slow to respond.

Julian Lam julianlam

🤔
I may be slow to respond.
214 followers · 7 following
View GitHub Profile
@julianlam
julianlam / fido2-webauthn-pitfalls-solutions.md
Last active January 13, 2022 03:59
Node.js FIDO2/WebAuthn Pitfalls and Solutions #blog

While implementing what was supposed to be a rather straightforward use-case of second-factor authentication via WebAuthn, I ran into a surprising amount of roadblocks that made my implementation harder than it should've been. Complicating the procedure was that I initially implemented the hardware key checking using the old deprecated U2F protocol — which for the record, was more straightforward.

However, WebAuthn is the future — just look how slick this guide is! If that's not going to make you think it'll be done lickity-split, I don't know what will. Reading through that helpful guide (put together by the fine folks at DUO), I couldn't help but be struck by how "enterprise-y" it all felt. It did not bode well, and my fears were not unfounded.

I decided to put this post together as a catch-all for the problems I faced in my implementation, and direct links or write-ups to the solutions.

MDN docs, what MDN docs?

@julianlam
julianlam / gooseneck-kettle.md
Last active January 6, 2022 18:08
Do you really need a gooseneck kettle? #blog

What's the big deal behind a gooseneck kettle anyway?

Mighty-Lobster asks:

Do I really need a goose neck kettle? I've seen several articles claiming that I totally need one for pour over coffee but they can't manage to articulate why it's going to help me in a language that I understand. "It helps you control the flow rate!" ... Uhm... sure. How is that going to make my coffee better? What happens if my coffee rate is wrong?

Like Mr. Lobster, I was also of the opinion that a gooseneck kettle couldn't possibly offer that much more to the coffee brewing process, compared to being careful with a regular wide-spout kettle.

While in some ways I was right, I was also quite mistaken.

@julianlam
julianlam / fastmail.md
Last active December 29, 2021 16:02
Why I Switched to Fastmail (and how you can too!) #blog

Every once in awhile a couple articles here and there make the rounds of social media about why one shouldn't use X email provider, whether that be Gmail, Outlook, or any other myriad of online services offering a virtual mailbox in exchange for a) your hard-earned money, or b) your personal information, please and thank you.

Most recently, Running your own email is increasingly an artisanal choice, not a practical one.

More often, you read horror stories about how someone lost access to their email – and by extension, access to a great many other online services that happen to use email as the fallback mechanism.

I'm old enough to remember when email inboxes were something ISPs provided (and as of today, they still do, if you ask for it), with miniscule quotas compared to what you can get today. I remember when Gmail launched and was invite-only, too. My first email provider was probably Yahoo! Mail, which hosted email with an ample storage quota of

@julianlam
julianlam / should-you-buy-better-coffee-grinder.md
Last active December 20, 2021 04:49
Should you buy a better coffee grinder? #blog

tl;dr — unequiocally, yes.

I went back and forth on this decision for awhile, when I started my coffee journey not too long ago. At the beginning, I had picked up a cheap $10 grinder from KitchenStuffPlus, which did the job1. I had been consuming lots of anecdotal opinions online (mostly from /r/coffee), and while there were lots of variables you could tweak to improve the coffee experience, it all seemingly came back to getting a proper grinder to ensure the resulting coffee grounds were as even as possible. Even something as basic as having freshly roasted coffee could play second fiddle to an even grind – poor quality beans (either due to age or other factors) can have their flavour maximized with the proper grind2, whereas a good quality coffee bean could be ruined by an uneven grind.

I ended up buying the Timemore Chestnut C2 from AliExpress3, since this seemed to be best-in-cl

@julianlam
julianlam / my-coffee-journey.md
Last active December 30, 2021 14:59
My Coffee Journey #blog

It recently dawned on me just how many variables go into a cup of coffee. The same could probably be said of tea, or audio equipment, or any other hobby that people pursue. After all, if it's worth doing, it's worth overdoing, no?

My coffee journey has only really just begun (as of writing, November 2021), mostly as a consequence of staying and working from home, and picking up new hobbies during the COVID-19 pandemic. I don't consider myself a coffee snob, despite what all of my friends and family say, but more like a coffee snob wannabe. I could certainly go whole-hog into getting all the best equipment and single-origin beans, but I am a firm believer that a little effort will get you 90% of the way there, and everything else is chasing after that elusive remaining 10%1.

The update (December 2021)

PXL_20211230_142801545 PORTRAIT

Since the original post, my Timemore Chestnut C2 and a

@julianlam
julianlam / alibaba-bluetooth-incompatibility.md
Last active November 24, 2021 17:00
Alibaba Android App Considered Harmful to Active Bluetooth Connections #blog

I hope you'll excuse the editorialized title – after all I do have a sense of humour :)

Awhile back, I started experiencing a very weird issue with my various Bluetooth-enabled audio interfaces on my phone.

In my car (a Mazda CX-5), it would think a phone call was active, even though it wasn't. My car would think the phone call was coming from my phone number, but there would of course be nobody else on the other end. Any time a phone call is active, it interrupts whatever audio is playing, be it audio streaming from the phone, or even FM radio. If the "phone calls" permission was enabled, then any streaming audio would play through the phantom phone call! The audio quality was complete crap, as well.

On various Bluetooth-enabled headsets, audio would cut out after some seconds to minutes, and my media would pause. On resume, it would resume playing on the phone speaker itself, and no amount of fiddling would cause it to come back.

I thought it might've been my upgrade to Android 12, but I was reaso

@julianlam
julianlam / journalctl-cheatsheet.md
Created November 3, 2021 15:20
systemd (journalctl) Cheatsheet #blog

The following is a list of useful commands for managing your systemd logs.

Check disk space used by systemd logging

journalctl --disk-usage

Drop old logs

... older than x days

@julianlam
julianlam / democratization-internet-content.md
Last active October 23, 2021 17:08
Democratization of Internet Content #blog

An interesting comment stuck out to me when I was reading a Hacker News thread about RSS:

RSS being killed is a part of the commodification/privatization of knowledge. RSS simply gives users too much freedom. (Emphasis mine)

Putting aside the defeatist nature of the statement, the part that stuck out to me was the assertion that RSS was one of the last few bastions in the fight against privatization of knowledge; that the world wide web (to use an old turn of phrase) had idealistic goals to be a worldwide repository of human knowledge.

With the advent of social media, much of the world's content has been sequestered behind virtual "walled gardens" – curated, indexed, monetized, and most importantly, hidden away from the unwashed masses of the open web.

While one cannot discount the power of the networking effect of social media, the greatest tragedy is that walled gardens cease to exist once the garden is closed. How much orig

@julianlam
julianlam / asynchronously-generating-tests-mocha.md
Last active October 14, 2021 19:44
Asynchronously generating tests using mocha #blog

The great thing about Mocha is that it supports promises, so it's a cinch to integrate it into your existing workflow.

It came in handy in NodeBB when we migrated much of our code to async/await from callbacks.

However, I ran into a limitation when attempting to write a test file that dynamically generated its own tests. My specific use cases were:

  1. End-to-end testing of the NodeBB API. I needed to retrieve all mounted routes and test that its responses matched the documented OpenAPI schema.
  2. Testing of our internationalization files. Our translation efforts are powered by Transifex, but there were cases where the pulled files did not match the source language files, or we had forgotten to push source files to Transifex for translating.

In both cases, I wanted to dynamically generate tests given some external state (e.g. tests for each of our ~45 supported languages), and while [M

@julianlam
julianlam / hacker-news-fostering-deep-discussion.md
Last active September 30, 2021 16:01
Does Hacker News foster deep discussion? #blog

I've often lamented the fact that social media sites (Facebook, et al.) do not foster deep engagement, nor are their discussions meant to be archived or preserved. In essence, they are ephemeral, meant to drift away with time.

Not only is their walled garden approach not indexable by search engines, the actual UX actively disincentivizes deep meaningful discussion, in favor of hot takes, for likes and eyeballs.

For a variety of reasons, Hacker News has avoided many of these pitfalls. Not only does it have a large community of developers, the discussion is by and large civil, mature, and well worth reading. They're re-engagement metrics are likely through the roof, in spite of the fact that the site itself does very little to re-engage users. No push notifications, no email digests, no list of unread responses to your comments. Even their threads page, is not immediately apparent, but it is the only place where you are able to view responses to comments.

A cursory review of Hacker News comments suggests tha