Skip to main content

· 4 min read

AI Generated Aww of the moth

Good Reads / Videos

Fun

The X-Files

  • 2022-10-08 Jewish Calendar

    About how the Jewish Calendar works.

  • 2022-10-05 Kubernetes Hardening Guide

    National Security Agency Cybersecurity and Infrastructure Security Agency Cybersecurity Technical Report Not exactly an X-File...

Retro

Web / JavaScript

JavaScript Libraries

CSS

C# / .NET

Projects and Tools

C++ Interactive tutorials

These two are very good beginner resources:

Emacs

Emacs config

Security

Summary of the results (page 137):
  Protocol   Sniffing   Injection
  Plexgear   Yes        Yes
  Rapoo      Yes        Yes
  Logitech   No         Yes
  Corsair    Yes        Yes
  iiglo      Yes        Yes
  Exibel     Yes        Yes
  Razer      No         No

JWT

Azure

Cheat Sheets

  • 2022-10-05 x64 Cheat Sheet

    Assembly language cheat sheet for x64 architecture

· 11 min read

Good Reads / Videos

Retro

Web / JavaScript

My experimental snippet:

(async () => {
    function sleep(ms) {
        return new Promise((resolve, reject) => {
            setTimeout(resolve, ms)
        })
    }

    function setClipboard(html) {
    const type = "text/html";
    const blob = new Blob([html], { type });
    const data = [ new ClipboardItem({ [type]: blob })];

    navigator.clipboard.write(data).then(
        function () {
            console.log("Done");
        },
        function (err) {
            console.error(err);
        }
    );
    }
    console.log("Wait");
    await sleep(3000);
    console.log("Go!");
    setClipboard(String.raw`
<table>
<tr>
<td><b>Hello</b></td><td>World</td>
</tr>
<tr>
<td><b>Done</b></td><td>AAA</td>
</tr>
</table>
`);

})()
  • 2022-09-03 Building an aircraft radar system in JavaScript Charlie Gerard

    I’ve been interested in building a radar system for a while now. I’ve been following the development of the RTL-SDR for a while, and I’ve been wanting to build a system that uses it. I’ve also been wanting to build a web app that uses WebUSB to communicate with a USB device. So I decided to combine the two and build a web app that uses a RTL-SDR to display aircraft on a map.

CSS

I might be understating it a bit, but WebGL is a big deal. You only need to spend five minutes on one of the many design awards sites to see site-after-site fully leaning into the power of canvas. Tools like threejs bring the power of 3D and GLSL shaders to the browser and, with that, a whole new level of visual effects.

C# / .NET

  • 2022-08-26 🤩 SharpLab

    SharpLab is an interactive playground for .NET code. It allows you to run and debug your C# code directly in the browser. It also allows you to share your code with others and see their changes in real-time.

  • 2022-08-26 ashmind/SharpLab: .NET language playground

  • 2022-08-30 badamczewski/PowerUp: ⚡ Decompilation Tools and High Productivity Utilities ⚡

    PowerUp is a collection of productivity utilities, disassembly and decompilation tools for multiple languages and platforms. The project features the following utilities and tools:

    • Live IDE Watcher (For C#, F#, GO, Rust and C++ (clang)).
    • .NET JIT Dissasembler.
    • .NET IL Compiler.
    • .NET Console with rich formatting.

  • 2022-09-02 C# does Shell, Part 3 - CodeProject

    This article is about Application Desktop Toolbars, which are applications that can align to the screen much like the taskbar. The article will develop a base class for developing such apps.

Projects

GO

Emacs

M-x package-install RET borland-blue-theme RET

Alternatively put the this directory to the custom-theme-load and add the following to your init file:

(push (substitute-in-file-name "~/.emacs.d/borland-blue-theme/") custom-theme-load-path)
(load-theme 'borland-blue t)

Media - Images

When I am making animations, with the intent of ultimately becoming a GIF file on the internet, I pretty much always target 50 fps.

Media FFmpeg

Visual Studio DTE in Powershell

Control Visual Studio from Powershell using the DTE (Development Tools Environment) COM Object.

I found a simple answer by playing with the idea in ISE for a little while.

Basically, the call to GetActiveObject returns a COM object, which can be used directly in PowerShell. After executing LoadDTELibs, you can get an instance of DTE by calling GetActiveObject and then refer to the result directly.

So...
PS> $dte = [System.Runtime.InteropServices.Marshal]::GetActiveObject("VisualStudio.DTE.11.0")
PS> $dte = [System.Runtime.InteropServices.Marshal]::GetActiveObject("VisualStudio.DTE")
PS> $dte.solution.Create("D:\Testing", "Acme.sln")
PS> $dte.solution.SaveAs("D:\Testing\Acme.sln")
Get-ChildItem HKLM:\Software\Classes -ErrorAction SilentlyContinue | Where-Object {
    $_.PSChildName -match '^\w+\.\w+$' -and (Test-Path -Path "$($_.PSPath)\CLSID")
} | Select-Object -ExpandProperty PSChildName
Sub DTEExample()
    Dim objTextDoc As TextDocument
    Dim objEP As EditPoint

    ' Create a new text document.
    DTE.ItemOperations.NewFile("General\Text File")
    ' Get a handle to the new document.
    Set objTextDoc = DTE.ActiveDocument.Object("TextDocument")
    Set objEP = objTextDoc.StartPoint.CreateEditPoint
    ' Create an EditPoint and add some text.
    objEP.Insert "A test sentence."
End Sub
$dte.ActiveDocument | Get-Member -MemberType All

Cheatsheets

SSH

A better solution is to use ssh-keygen -o.
PS c:> type $env:USERPROFILE\.ssh\id_rsa.pub | ssh peter@192.0.2.16 "cat >> .ssh/authorized_keys"

JWT

Screen capture API

Record screen video with Screen Capture API

Until a while ago, I was a Linux user and I used ffmpeg to make gif animations for my Blog. I recently moved to Windows and was wondering how I could make a gif animation. I found out that I could make them with ffmpeg for Windows.

Games - Factorio

Watch

· 5 min read

Fun

Good Reads

  • 2022-06-19 Code rant: The Configuration Complexity Clock

    When I was a young coder, just starting out in the big scary world of enterprise software, an older, far more experienced chap gave me a stern warning about hard coding values in my software. “They will have to change at some point, and you don’t want to

Productivity... yeah

Projects

The Clippy Project

Clippy for Visual Studio:

Retro

WinApi

C++

C#

C# Blogs

On-Call

Books

How the things work

  • 2022-08-03 The Illustrated TLS 1.3 Connection: Every Byte Explained

    Every byte explained and reproduced In this demonstration a client connects to a server, negotiates a TLS 1.3 session, sends "ping", receives "pong", and then terminates the session. Click below to begin exploring.

Boring stuff

  • 2022-08-07 GDPR For Developers By Example Blether

    GDPR has been in place for years now, and we’re starting to learn more and more about how it’s going to be enforced and what it really means. The many questions people had that could only be answered by court decisions have now been answered. Over the past years, I’ve seen systems try and fail to correct implement GDPR. Here are the things I’ve learnt from court decisions and from mistakes made.

Watch Me!

The Man Who Killed Millions and Saved Billions

From Wikipedia:

Fritz Haber was a German chemist who received the Nobel Prize in Chemistry in 1918 for his invention of the Haber–Bosch process, a method used in industry to synthesize ammonia from nitrogen gas and hydrogen gas. This invention is important for the large-scale synthesis of fertilizers and explosives. It is estimated that two thirds of annual global food production uses ammonia from the Haber–Bosch process, and that this supports nearly half the world population. Oh shit...

1979: Will WORD PROCESSORS start a HOME WORKING revolution? | Past Predictions | BBC Archive

Wiki updated

  • docs\psy\2022-07-28-BoundariesMeeting.md

· 11 min read

Good Reads

  • 2022-07-20 Being on-call sucks — Bobbie Chen

    At tech companies, it is fairly common for developers to be "on-call". As Increment magazine (published by Stripe, a leading payment-processing software company) explains... ... A bit of on-call wisdom

  • 2022-07-22 What I don’t like about working at a remote job

    Working remotely permanently had been my wish ever since my managers started calling me back into the office. There was no possible way I would suffer through hours of commuting to feel awkward in an office again. However, with time came getting used to my situation. Even in the best possible world, your brain is always seeking something better. Although I really, really love remote work (please don’t take it away from me), I’ve noticed some things that make me sad about it.

  • 2022-06-28 The Grug Brained Developer

    A layman's guide to thinking like the self-aware smol brained

How the things work

  • 2022-07-20 What happens when you press a key in your terminal?

    I’ve been confused about what’s going on with terminals for a long time. But this past week I was using xterm.js to display an interactive terminal in a browser and I finally thought to ask a pretty basic question: when you press a key on your keyboard in a terminal (like Delete, or Escape, or a), which bytes get sent? As usual we’ll answer that question by doing some experiments and seeing what happens :)

  • 2022-07-20 Beej's Guides

    These guides look nice and clean

  • Beej's Guide to C [WIP]\

    This is a rather comprehensive guide to C for folks who already know how to program in another language. The first half of the book is written in a tutorial style, while the second half is a reference section complete with examples (inspired by the incomparable Turbo C Bible). The goal is to keep this up-to-date with the latest C standards.

Fun

Derp
Derp search/replace fuckup
Derp, asset redirection in dev mode
Derp. Fix missing constant post rename
Derpy hooves
Do things better, faster, stronger
Does anyone read this? I'll be at the coffee shop accross the street.
Does not work.
Does this work
Don't Ask Me, I Have No Idea Why This Works Either
Don't push this commit
Don't tell me you're too blind to see
Done, to whoever merges this, good luck.
Don’t even try to refactor it.
Don’t mess with Voodoo
Duh
Easteregg
Either Hot Shit or Total Bollocks
Errare humanum est.
FONDLED THE CODE
FOR REAL.
FUCKING XUPPERNAMEX
Feed. You. Stuff. No time.
Final commit, ready for tagging
Fingers crossed!
Finished fondling.
First Blood

Games

Emacs Games abd fun stuff

  • 2022-07-10 Fun and Games in Emacs - Mastering Emacs

    It’s yet another Monday and you’re hard at work on those TPS reports for your boss, Lumbergh. Why not play Emacs’s Zork-like text adventure game to take your mind off the tedium of work?

  • M-x hanoi-unix
  • 5x5
  • M-x animate-birthday-present
  • C-h f blackbox
  • M-x bubbles-set-game-...: (easy, medium, difficult, hard)
  • M-x doctor
  • M-x dunnet Emacs’s very own Zork-like text adventure game.
  • M-x gomoku
  • M-x life
  • M-x pong
  • M-x snake
  • M-x tetris
  • M-x morse-region and M-x unmorse-region - translate a region into morse code
  • M-x dissociated-press The Dissociated Press is a very simple command that applies something like a random walk markov-chain generator to a body of text in a buffer and generates nonsensical text from the source body.
  • M-x spook - command inserts random words (usually into emails) designed to confuse/overload
  • 2022-07-10 EmacsWiki: Category Games

The X-Files

danger

Disclaimer: unverified controversy.

Projects

C# and PowerShell OCR with IronTesseract and Windows.Media.Ocr

using IronOcr;
var Result = new IronTesseract().Read(@"img\Screenshot.png");
Console.WriteLine(Result.Text);
 Add-Type -AssemblyName System.Runtime.WindowsRuntime
    
  # WinRT assemblies are loaded indirectly:
  $null = [Windows.Storage.StorageFile, Windows.Storage, ContentType = WindowsRuntime]
  $null = [Windows.Media.Ocr.OcrEngine, Windows.Foundation, ContentType = WindowsRuntime]
  $null = [Windows.Foundation.IAsyncOperation`1, Windows.Foundation, ContentType = WindowsRuntime]
  $null = [Windows.Graphics.Imaging.SoftwareBitmap, Windows.Foundation, ContentType = WindowsRuntime]
  $null = [Windows.Storage.Streams.RandomAccessStream, Windows.Storage.Streams, ContentType = WindowsRuntime]
  $null = [WindowsRuntimeSystemExtensions]

Security / Cryptography

X.509

  • 2022-07-03 Understanding X.509 digital certificate thumbprints Morgan Simonsen's Blog

    I got an interesting question about X.509 certificate thumbprints today from a colleague. Specifically, he wanted to know if you could renew a certificate and keep the thumbprint. The answer is no, unfortunately. So I thought I would explain why you can’t.

  • 2022-07-03 How Certificates Work: Public Key; Security Services Microsoft Docs

    Digital certificates are electronic credentials that are used to assert the online identities of individuals, computers, and other entities on a network. Digital certificates function similarly to identification cards such as passports and drivers licenses. They are issued by certification authorities (CAs) that must validate the identity of the certificate-holder both before the certificate is issued and when the certificate is used. Common uses include business scenarios requiring authentication, encryption, and digital signing.

  • 2022-07-03 Cryptography - Win32 apps Microsoft Docs

    Microsoft cryptographic technologies include CryptoAPI, Cryptographic Service Providers (CSP), CryptoAPI Tools, CAPICOM, WinTrust, issuing and managing certificates, and developing customizable public key infrastructures. Certificate and smart card enrollment, certificate management, and custom module development are also described.

Web Authentication API

  • 2022-06-26 Web Authentication API - Web APIs MDN

    Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

  • 2022-06-26 Guide to Web Authentication

    While Web Authentication is an important tool, it is always important to remember that security is not a single technology; it is a way of thinking that should be incorporated into every step of how software is designed and developed.

HTML to Markdown

TTY UI

Retro

Random Retro Neko!

Nyan Cat

Watch me ;)

· 11 min read

Good Reads

How the things work

Fun


🧨 🍾🍾🍾 See 'em all! 🚗
















Games

The X-Files

danger

Disclaimer: unverified controversy.

TTY Linux

Algorithms

  • 2022-06-15 That XOR Trick

    There are a whole bunch of popular interview questions that can be solved in one of two ways: Either using common data structures and algorithms in a sensible manner, or by using some properties of XOR in a seemingly hard to understand way.

Security/Cryptography

Job hunt/interviews

Projects

Markdown Chrome Extensions

Fitness

Typescript/JavaScript

Identity Management

Security / Cryptography

Retro

PowerShell

Watch me ;)

  • 2022-06-02 Priest 2011 film - Wikipedia

    Priest is a 2011 American action horror film directed by Scott Stewart A centuries-long war between humans and vampires has devastated the planet's surface and led to a theocracy under an organization called The Church. Despite the vampires' vulnerability to sunlight, and all of mankind's technological advances, the vampires' greater strength and speed made them impossible to defeat until humanity sheltered them in giant walled cities and trained a group of elite warriors, the Priests, which turned the tide.

· 11 min read

Good Reads

How the things work

Fun

Algorithms

Security/Cryptography

+ Family 1Password so everyone can securely manage passwords and share logins
+ Network is covered by pihole (and in exchange, plex/jellyfin/etc access works nicely)

+ Smart home stuff is managed by me. Everyone has admin rights but shared terminals (eg kitchen panel) are unpriviledged users.

+ Everyone has a home directory on the homelab they can back up to with as much space as they want (4tb+). I help them set it up if they ask.

+ Haven't done this yet but would like some kind of network level monitoring for threats (viruses, cryptominers, etc)

Things intentionally not done:

+ I don't install anything on folks devices.. at all, but never without their consent and without them having an off switch.

+ We have cams but everyone can turn them off and view recordings. Recordings are kept only for a short timeframe. Cams are all visible/known.

+ I intentionally collect no logs of dns or other stuff. When I do occasionally need to debug an issue, I let everyone know I am flipping on logs for a few minutes.

Empower users, don't control them.

Job hunt/interviews

  • 2022-05-22 Lessons learned from the recent job hunt · Jamie Tanna Software Engineer

    As you may have recently seen, I've recently gone through the interviewing process and joined Deliveroo as a Senior Software Engineer. This was different to my last move to the Cabinet Office, as I only applied for that role, whereas this time I wasn't really sure what I wanted, and so wanted to interview at a few great places and see what felt like a good fit for me.

  • 2022-05-08 🔥 Interview Process mishnit.github.io

    System Design interview advices and learning materials

Projects

SIMD

Resilience

PowerShell

$error[0]

CSharp

System.Security.PermissionSet ps =
    new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None);
ps.AddPermission(new System.Security.Permissions.FileIOPermission(System.Security.Permissions.FileIOPermissionAccess.NoAccess, "C:\\"));
System.Security.Policy.PolicyLevel pl = System.Security.Policy.PolicyLevel.CreateAppDomainLevel();
pl.RootCodeGroup.PolicyStatement = new System.Security.Policy.PolicyStatement(ps);
AppDomain.CurrentDomain.SetAppDomainPolicy(pl);
System.Reflection.Assembly myPluginAssembly = AppDomain.CurrentDomain.Load("MyPluginAssembly");

FFmpeg

Watch me ;)

· 6 min read

Good Reads

  • 2022-04-17 What Does "Shitty Job" Mean in The Low-Skill, Low-Pay World?

    There’s all sorts of terms and experiences I’m sure I could apply this to, but right now the one that interests me most is the phrase a shitty job. I recently transitioned from having lived my whole life doing the kind of jobs you could do with zero day’s training and no developed skills. I’ve heard the phrase (and some classier high-end equivalents) since then, but it’s used much differently; it’s describing a different set of worries as experienced by a different kind of person living a different sort of life. The Author - Resident Contrarian on Substack - writes about different kinds of people issues.

Good old reads

Because of that I usually make all my services and systems crash only. End up using things like use atomic file moves, open files with append-only, use kill -9 to stop services and so on. To make your system crash-onl,y you have to go down the base system calls.
Some observed effects so far (many are covered in the article):
* Faster restarts (if your regular operation involves restarting lots of processes).
* Less code (don't have to handle both the clean shutdown and dirty shutdown).
* Recovery/cleanup code if it is needed, is often ends up moved to startup instead of shutdown (you might have to recover corrupt files when you start up again. For example re-truncate the files to a known offset based on some index).
* Something else might need to manage external resources (OS IPC resources, shared memory, IPC message queues etc). This could be a supervisor process.
* If you do a lot of socket operations on localhost, your sockets could get stuck in TIME_WAIT state and you'll eventually run out of ephemeral ports if you do a lot of restarts (say during testing). SIGTERM signals often are caught and processes (libraries) perform a cleaner shutdown.
* Think very well about the database you use and see if it can can support crash only operation. Some do some don't ( I won't name any names here ).
  • 2022-05-21 Files are hard

    on exactly how hard it is to save data without corruption or data loss 🚀

How the things work

  • 2022-05-14 Time-series compression algorithms, explained

    Delta-delta encoding, Simple-8b, XOR-based compression, and more - These algorithms aren't magic, but combined they can save over 90% of storage costs and speed up queries. Here’s how they work.

Fun

C

  • 2022-05-14 A lock-free, concurrent, generic queue in 32 bits

    While considering concurrent queue design I came up with a generic, lock-free queue that fits in a 32-bit integer. The queue is “generic” in that a single implementation supports elements of any arbitrary type, despite an implementation in C.

🥑 Rust

🐚 Bash

trap 'echo "# $BASH_COMMAND";read' DEBUG
echo line1
echo line2
echo line3
echo "Hello World";

Interview

Projects

Resilience

PowerShell

PS C:\>
function prompt { 'PowerShell: ' + (Get-Location) + '> '}

PowerShell: C:\>
The function that defines the prompt includes a Get-Location command, which is run whenever the prompt appears in the console.

CSharp

· 9 min read

Good old news!

Good Reads

  • 2022-03-21 Why Don't You Use ...

    Working for a famous tech company, I get asked a lot "Why don't you use technology X?" X may be an application, programming language, operating system, hypervisor, processor, or tool. It may be because: It performs poorly. It is too expensive. It is not open source. It lacks features. It lacks a community. ...

  • 2022-03-26 What made the NES so interesting?

    I often like to cover oddities here; details of computers and arcade systems people may not have heard of, that didn’t sell well but had unique or interesting characteristics. But focusing on oddities like that can disguise the fact that sometimes, even systems that were very popular can stand out for unique design. Such be it with the Nintendo Entertainment System: had Nintendo’s console flopped, it’d definitely have a post already. But it doesn’t. Let’s fix that! And answer a simple question I was asked: what’s the deal with special chip games?

  • 2022-04-11 Taking Flight Without a Smart Phone dev/tails

    In February, I wrote about getting rid of my iPhone and replacing it with a Nokia 6300 4G. I am incredibly happy with the results of this experience. I gained a new sense of presence with the real world and killed some bad scrolling habits. Unfortunately, KaiOS on the Nokia left much to be desired and our current society makes it very difficult to live without a smart phone.

  • 2022-04-11 NodeJS packages don't deserve your trust

    Another week, another npm supply chain attack. Yikes! People on hacker news are wringing their hands about what should be done. The problem seems dire. EventSource/eventsource.js at de137927e13d8afac153d2485152ccec48948a7a · Yaffle/EventSource

Fun

Watch

Projects

  • 2022-03-21 Curtiss-Wright Debuts First Raspberry Pi Powered Ultra-Small Form Factor Rugged Mission Computer for Defense and Aerospace Applications

    Defense Solutions division, a leading supplier of modular open systems approach (MOSA) solutions engineered to succeed, today introduced the Parvus® DuraCOR® Pi, the embedded industry’s first Raspberry Pi (RPi) powered mission computer for defense and aerospace applications. The ultra-small form factor (USFF) DuraCOR Pi, fully ruggedized to deliver optimal performance in harsh operating environments, is the first mission computer to deliver 100% compatibility with the vast Pi Developer Ecosystem in a fully MIL-STD rugged sealed housing.

  • 2022-03-21 Introduction Plaintext Productivity

    This guide is meant to document the things I have done, the software I have used, and the decisions I have made to be really fast and really well-organized at work, and to help prioritize and maintain focus on my current activities. One key decision, made for speed above all else, is to capture as much of my thinking and work in plaintext as I can. Thus the name: Plaintext Productivity. I will explain my reasoning behind choosing plaintext in each section in which it is relevant.

  • 2022-03-23 jgraph/drawio-desktop: Official electron build of diagrams.net

    drawio-desktop is a diagramming and whiteboarding desktop app based on Electron that wraps the core draw.io editor.

  • 2022-03-25 Home React Flow

    A highly customizable React component for building node-based editors and interactive diagrams

  • 2022-03-26 Running GUI apps within Docker containers – Trickster Dev

    Suppose we have Docker installed on macOS or other Unix/Linux system. How do we run Firefox within Docker container? For a first attempt, let us consider the following Dockerfile:

FROM ubuntu:latest
RUN apt-get update && apt-get install -y firefox x11vnc xvfb
RUN echo "exec firefox" > ~/.xinitrc && chmod +x ~/.xinitrc
CMD ["x11vnc", "-create", "-noxrecord", "-noxfixes", "-noxdamage", "-forever", "-passwd", "trustno1"]

🥑 Rust

  • 2022-04-11 What I learned from making a DNS client in Rust

    Over the last few weeks I built my own DNS client. Mostly because I thought dig (the standard DNS client) was kinda clunky. Partly because I wanted to learn more about DNS. So here's how I built it, and how you can build your own too. It's a great weekend project, and I learned a lot from finishing it.

  • 2022-04-11 What Is Rust's unsafe? Nora Codes

    Rust promises safety as one of its core tenets; it is, in some ways, the raison d'être of the language. It does not, however, go about providing that safety in the traditional way, using a runtime and a garbage collector; rather, Rust uses a very advanced

  • 2022-04-11 iced-rs/iced: A cross-platform GUI library for Rust, inspired by Elm

    iced is currently experimental software. A cross-platform GUI library for Rust focused on simplicity and type-safety.

.NET/ C#

  • 2022-04-06 .NET type for personally identifiable information PII

    According to the law in many countries, you must treat PII data in a special way. For example, there is a number of restrictions on the use of personal data according to GDPR regulation in the European Union. I’m going to list some requirements based on t What if we introduce an explicit type for PII, like PiiString. The idea is to have PiiString type as much interchangeable with String as possible to simplify refactoring existing code which uses the String. Then, within the application boundary it should behave like usual String, however crossing application boundaries it should be encoded/encrypted/hashed.

PowerShell

  • 2022-04-11 PowerShell - Aliases

    about PowerShell aliases

  • 2022-04-12 How to Use PowerShell's Grep Select-String

    One of the first Linux commands that many system administrators learn is grep. This venerable tool has been around for decades and is crucial to any administrator’s toolbelt. Grep’s core is simply the ability to search plain text for a RegEx pattern. Grep can search files in a given directory or streamed input to output matches. Did you know PowerShell has grep? Well..almost.

Select-String -Path "Users\*.csv" -Pattern "Joe","Marti","Jerry"

Authorization & Authentication

  • 2022-04-03 Combining Bearer Token and Cookie Authentication in ASP.NET - Rick Strahl's Web Log

    And we're back for another episode in the seedy TV drama that is ASP.NET Authentication. In today's show we'll discuss the mysterious case of combining multiple authentication schemes in a single application. Tune in at 11 for the scary conclusion...

    In this post I'll talk about:

    • Combining JWT Bearer Token and Cookie Authentication
    • Using Manual JWT Tokens
    • Using Manual Cookies
    • Using only ASP.NET's low level Auth features - not using ASP.NET Core Identity

· 10 min read

Good Reads

  • 2022-03-06 The Painfully Shy Developer's Guide to Networking for a Better Job Without Being Creepy

    Look, I get it. A bunch of web developers, recruiters, and vendors standing around in a room eating pizza or drinking beer and making small talk might sound like complete and utter death for you. There may be a million things you'd rather be doing. "Uhh,

    - Core Philosophy 1: Make Other People Feel Welcome and Accepted
    - Core Philosophy 2: Give First, then Give Some More
    - Core Philosophy 3: Don't Overthink - Be Genuine & Have Fun
    - Tactic 1: Smile and Say Hi
    - Tactic 2: Ask Questions (How to Approach a Group)
    - Tactic 3: Give Genuine Gratitude
    - Tactic 4: Find Common Ground
    - Tactic 5: End Gracefully
    - Tactic 6: Follow Up (No one does this!)
  • 2022-03-06 How to create technical conceptual diagrams

    Conceptual diagrams have two key building blocks: concepts and connecting lines with words.

  • 2022-03-09 Bugs in Hello World · sunfishcode's blog

    Hello World might be the most frequently written computer program. For decades, it's been the first program many people write, when getting started in a new programming language.

    Surely, this humble starting-point program should be bug free, right?

  • 2022-03-12 Teaching is a slow process of becoming everything you hate

    In a recent post, Parrhesia suggested that course grades should be 100% determined by performance on a final exam—an exam that could be taken repeatedly, with the last attempt being the course grade. (See also the discussion at r/slatestarcodex.) The idea is that grades are supposed to measure what you know, and if you do well on a final, then you know the material. Ha. Haha. Hahahahahahahaha.

  • 2022-03-18 How Zillow's homebuying scheme lost $881 million

    Zillow made news last week as it reported a loss of $881 million on its house-buying business last year⁠. That’s especially remarkable because house prices rose dramatically for much of the year. Naturally, this got me thinking about fantasy football. I’ll get to that later. But first, let’s back up and talk about what the business idea⁠—often called iBuying⁠—is actually about.

  • 2022-03-19 Bicycling Street Smarts - Table of Contents

    Bicycling Street Smarts: Riding Confidently, Legally and Safely

  • 2022-03-19 How NAT traversal works · Tailscale

    We covered a lot of ground in our post about How Tailscale Works. However, we glossed over how we can get through NATs (Network Address Translators) and connect your devices directly to each other, no matter what’s standing between them. Let’s talk about that now!

Fun

Work

Design Patterns

Projects

JavaScript

  • 2022-03-09 HTML comments work in JavaScript too

    Here’s some obscure trivia about JavaScript: you can use HTML comments in JavaScript. Not just in script tags: you can use them in included standalone files, and even in Node.js and Deno. Syntax highlighters, on the other hand, do not have great support

// below statement logs 1
console.log(1); <!-- log 1 -->
<!-- above statement logs 1 -->
  • 2022-03-09 QuickJS Javascript Engine

    QuickJS is a small and embeddable Javascript engine. It supports the ES2020 specification including modules, asynchronous generators, proxies and BigInt.

Denoland

  • 2022-03-16 Deno by Example

    Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Deno by example is a collection of annotated examples for how to use Deno, and the various features it provides. It acts as a reference for how to do various things in Deno, but can also be used as a guide to learn about many of the features Deno provides.

.NET/ C#

  • 2022-03-06 Image Style Transfer With C#, ONNX, and ImageSharp Khalid Abuhakmeh

    Image processing with SixLabors.ImageSharp and ONNX.FastNeuralStyleTransfer

  • 2022-03-10 8 Techniques to Avoid GC Pressure and Improve Performance in C# .NET - Michael's Coding Spot

    .NET provides a lot of great collections types like List<T>, Dictionary<T>, and HashSet<T>. All those collections have dynamic size capacity. That means they automatically expand in size as you add more items.

    - Set initial capacity for dynamic collections
    - Use ArrayPool for short-lived large arrays
    - Use Structs instead of Classes (sometimes)
    - Avoid Finalizers
    - Use StackAlloc for short-lived array allocations
    - Use StringBuilder, but not always
    - Use String Interning in very specific cases
    - Avoid memory leaks
    - Summary:
        - Allocations should be avoided if possible.
        - Reusing memory is better than allocating new memory.
        - Allocating on the Stack is faster than allocating on the Heap.
    - 2022-03-13 [6 .NET Myths Dispelled — Celebrating 21 Years of .NET by Charles Chen Jan, 2022 Dev Genius](https://blog.devgenius.io/6-net-myths-dispelled-celebrating-21-years-of-net-652795c2ea27)

    In celebration of .NET reaching Minimum Legal Drinking Age here in the US, grab a cold one and let’s dispel 6 common myths about .NET!

    - .NET is for Windows
    - It’s slower than Node/Python/Go/Rust
    - It’s a legacy platform
    - The tooling is expensive
    - .NET isn’t open source friendly
    - It’s for boomer enterprise development
  • 2022-03-13 Go vs C# (by Alex Yakunin) I am going to write a series of posts comparing some features of Go and C#. The core feature of Go — goroutines — is actually a very good point to start from. C#’s alternative for this is Task Parallel Library (TPL) and async-await support.
  • 2022-03-16 A Thorough Guide to Bond for C#

    Bond is an extensible framework for working with schematized data. It is suitable for scenarios ranging from service communications to Big Data storage and processing. Github: microsoft/bond; Supports C++, C#, Java, Python

C / CPP

  • 2022-03-16 libmill Libmill is a library that introduces Go-style concurrency to C
go(foo(arg1, arg2, arg3));
chan ch = chmake(int, 0);
chan ch = chmake(int, 1000);
chs(ch, int, 42);

Authorization & Authentication

  • 2022-03-06 Advanced techniques around ASP.NET Core Users and their claims – The Reformed Programmer

    This article describes some advanced techniques around adding or updating claims of users when building ASP.NET Core applications. These advanced techniques are listed below with examples taken from the AuthPermissions.AspNetCore library / repo.

  • 2022-03-10 The Modern Guide to OAuth - FusionAuth

    I know what you are thinking, is this really another guide to OAuth 2.0? Well, yes and no. This guide is different than most of the others out there because it covers all of the ways that we actually use OAuth. It also covers all of the details you need to be an OAuth expert without reading all the specifications or writing your own OAuth server. This document is based on hundreds of conversations and client implementations as well as our experience building FusionAuth, an OAuth server which has been downloaded over a million times.

  • 2022-03-13 An introduction to OpenID Connect in ASP.NET Core

    Explains how OpenID Connect works and how it differs from OAuth2.

  • 2022-03-16 Architecture overview - Azure Active Directory Microsoft Docs

    Azure Active Directory (Azure AD) enables you to securely manage access to Azure services and resources for your users. Included with Azure AD is a full suite of identity management capabilities. For information about Azure AD features, see What is Azure Active Directory? Service architecture design Primary replica Secondary replicas Scalability Continuous availability Fault tolerance Data durability Data consistency Service-level backup

Video Editing/ GoPro / ffmpeg

  • 2022-03-11 mifi/lossless-cut: The swiss army knife of lossless video/audio editing

    LosslessCut aims to be the ultimate cross platform FFmpeg GUI for extremely fast and lossless operations on video, audio, subtitle and other related media files. The main feature is lossless trimming and cutting of video and audio files, which is great for saving space by rough-cutting your large video files taken from a video camera.

· 11 min read

FYI

Good Reads

  • 2022-02-27 Practical Guide to Solving Hard Problems

    I sometimes find myself in a position of needing to write some code that I’m just not sure how to write. Been there have you? Here are the steps I take when I’m stumped. No huge revelations here, just hard-earned advice.

  • 2022-03-05 Design: #noFramework. Is it as hard as you think? by Jérôme Beau Feb, 2022 Medium

    Actually the idea is now new. As back as 2017, Adrian Holovaty, co-creator of the Django web framework, spoke about his own frameworks fatigue and why he left Django to build his own vanilla JS project.

  • 2022-02-16 Imitate, then Innovate - David Perell

    Imitate, then Innovate is my motto for improving at any skill. It’s counterintuitive, but the more we imitate others, the faster we can discover our unique style. In the entertainment world, there’s a long lineage of comedians who tried to copy each other, failed, and became great themselves: Johnny Carson tried to copy Jack Benny, but failed and won six Emmy awards. Then, David Letterman tried to copy Johnny Carson, but failed and became one of America’s great television hosts.

  • 2022-02-13 The Life of MS-DOS · Brendan's Website

    First released on August 12, 1981, MS-DOS became the foundation for business computing for almost two decades. MS-DOS stood for Microsoft Disk Operating System and was often referred to simply as “DOS”.

  • 2022-02-08 🥴 Heuristics That Almost Always Work - by Scott Alexander

    A security guard works in a building that never gets robbed. He develops a useful heuristic: it he hears a noise, he might as well ignore it and keep on crossing words: it's just the wind. This heuristic is right 99.9% of the time, but it provides literally no value. When all the Brier scores are calculated, he is the best futurist of all. His heuristic is truly superb.

  • 2022-03-05 Reclaiming the lost art of Linux server administration pietrorea's blog

    One of the skills I wish I'd learned earlier in my career is basic Linux server administration. Specifically in relation to hosting something on the web, either a web app or API that I wrote myself, or something from the thriving self-hosted community, such as Wordpress. Managing servers is increasingly seen as the 'older way' of doing things, so it's easy to become a software developer and never learn to set up a VPS, set up remote access, stand up a firewall, etc.

  • 2022-01-11 ⭐ Plan, do, learn: My admittedly hardcore work routine

    I have ADHD. It's my superpower. Because brains with ADHD find games hard to resist. And I — an engineer — love building games that make it fun to do unfun things. So naturally, as an entrepreneur with full autonomy over my own schedule, I've applied gamification principles to innovate my own work schedule from the ground up rather than lazily adopting norms from the 9-to-5 world.

The endless dispute

How the things work

  • 2022-02-13 Paul Butler – What does it mean to listen on a port?

    In the corner of the student union building there is a coffee shop, and in the corner of the coffee shop are two students. Liz taps away at the keyboard of the battered hand-me-down MacBook her brother gave her when she moved away to college. To her left on the bench seat, Tim scrawls equations on a coil-bound notebook. Between them is a half-empty cup of room temperature coffee that Liz sporadically sips from to stay awake.

Dev Design

  • 2022-01-28 Feature Flags Feature Flags allow you to safely deploy and roll back new features. It means you can deploy features and then slowly roll them out to your users. If something has gone wrong, you can roll back new features without having to re-deploy your application. Feature Flags can also help you control access to certain features in your product (e.g. only show paid features to users with an active subscription).
  • 2022-01-28 Hive: A Globally-Distributed Key/Value Store - This paper reports our experience creating, developing, and deploying a globally distributed key-value store intended as a database backend for our S3 API, Hive. Hive is a system to distribute data on a global scale, with various desired consistency, replication, and database sharding for linear read and write latency.
  • 2022-03-05 Why you need Use Cases/Interactors by Denis Brandi ProAndroidDev

    Since Clean Architecture became the new hot topic in the Android world there have been loads of code samples and articles that tried to explain how it works and which are its benefits.

Books

Projects

wgcf register wgcf generate wg-quick up ./wgcf-profile.conf
docker run -ti --rm alpine/bombardier -c 1000 -d 3600s -l https://www.gosuslugi.ru
#include "Cello.h"

int main(int argc, char** argv) {

  /* Stack objects are created using "$" */
  var i0 = $(Int, 5);
  var i1 = $(Int, 3);
  var i2 = $(Int, 4);

  /* Heap objects are created using "new" */
  var items = new(Array, Int, i0, i1, i2);

  /* Collections can be looped over */
  foreach (item in items) {
    print("Object %$ is of type %$\n",
      item, type_of(item));
  }

  /* Heap objects destructed via Garbage Collection */
  return 0;
}

Dev Design

  • 2022-02-27 Logging at Twitter: Updated

    Twitter's migration to Splunk Enterprise has given us a much stronger logging platform overall. We ingest 4 times more logging data and have a better query engine and better user adoption. The process was not without its challenges and learnings, which we'll share in greater detail in this blog.

JavaScript

Typescript

Rust

Perl

CSS HTML SVG

Azure Active Directory and Friends

GoPro

  • 2022-02-08 Gyroflow

    Gyroflow is an application that can stabilize your video by using motion data from a gyroscope and optionally an accelerometer. Modern cameras record that data internally (GoPro, Sony, Insta360 etc), and this application stabilizes the captured footage precisely by using them. It can also use gyro data from an external source (eg. from Betaflight blackbox). Github: gyroflow/gyroflow: Video stabilization using gyroscope data