The Archives

Limiting Peers with DynamicSupervisor Options – We can simplify our Bitcoin node's peer management code by letting Elixir do the heavy lifting for us! Let's dive into the `:max_children`{:.language-elixir} option and see how it can help us.
Elixir, Bitcoin
Jun 18, 2018

Generating Test Fixtures with Wireshark – Wireshark can be an invaluable tool for testing the parsing and serializing of a well-known binary protocol. Check out how we can use binary fixtures exported from Wireshark to test our Elixir-based Bitcoin protocol parser and serializer.
Elixir, Testing, Bitcoin
Jun 11, 2018

Be Careful Using With in Tests – Elixir's 'with' special form is a fantastic tool, but be careful using it in tests. Read all about how my incorrect usage of 'with' lead to a false positive in my test suite!
Elixir, Testing
Jun 4, 2018

Modeling Formulas with Recursive Discriminators – I ran into an interesting problem recently where I needed to model a nested set of either/or sub-schemas. With some creative thinking and a healthy dose of recursion, Mongoose's discriminator feature turned out to be just the tool for the job.
Javascript, MongoDB
May 28, 2018

Spreading Through the Bitcoin Network – Let's replace our Bitcoin node's supervisor with a dynamic supervisor and start recursively spreading through the Bitcoin peer-to-peer network!
Elixir, Bitcoin
May 21, 2018

Beefing Up our Bitcoin Node with Connection – Let's beef up the resiliency of our Elixir-based Bitcoin node by incorporating some connection retry behavior.
Elixir, Bitcoin
May 14, 2018

Reversing BIP-39 and the Power of Property Testing – In which an attempt to reverse the BIP-39 encoding algorithm sends me down a debugging rabbit hole, and the power of property testing shows me the light.
Elixir, Bitcoin
May 7, 2018

Visualizing the Oplog with Splunk – In an attempt to track down the cause of a mysterious spike in CPU consumption in a Meteor application, I decided to plot a time series chart of Mongo's Oplog collection.
Meteor, Splunk
Apr 30, 2018

Connecting an Elixir Node to the Bitcoin Network – Let's use the tools provided by the Elixir programming language to connect to a node on Bitcoin's peer-to-peer ad-hoc network. Hello, Bitcoin!
Elixir, Bitcoin
Apr 23, 2018

Writing Mandelbrot Fractals with Hooks and Forks – J's hooks and forks allow us to write solutions to problems exactly as we'd express them using the English language. Let's demonstrate by rendering a Mandelbrot fractal!
J, Programming Languages
Apr 16, 2018

Hex Dumping with Elixir – Is it better to call out to an existing external tool, or roll your own solution to a problem? Climb down this rabbit hole with me as we implement a hex dump utility in Elixir.
Elixir, Bitcoin
Apr 9, 2018

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Elixir, Meteor, Security, Announcement, Inject Detect
Apr 2, 2018

Building Mixed Endian Binaries with Elixir – Working with mixed-endian binaries is something we rarely have to think about as web developers. When it does come up, Elixir thankfully ships with the perfect tools for the job.
Elixir, Bitcoin
Mar 19, 2018

J's Low-level Obfuscation Leads to Higher Levels of Clarity – It's argued that J is a "write-only" programming language because of its extreme terseness and complexity of syntax. I'm starting to warm up the the idea that it might be more readable than it first lets on.
J, Programming Languages
Mar 19, 2018

The Headache and Heartache of Unhandled Rejections – Out of the box, Node.js doesn't do much to deal with unhandled promise rejections. This can lead to a world of hurt when trying to debug these rejections in your application. Thankfully, we have the tools to fix the problem!
Javascript, Node.js
Mar 12, 2018

Mining for Mnemonic Haiku with Elixir – What are some interesting things we can do with the BIP-39 mnemonic generator we built in a previous article? How about mine for structurally sound mnemonic haiku?!
Elixir, Bitcoin, Mastering Bitcoin
Mar 5, 2018

Fear is the Mind Killer – I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration.
Writing
Feb 26, 2018

From Bytes to Mnemonic using Elixir – Bitcoin's BIP-39 is a clever algorithm for transforming random binaries into easy to remember mnemonics. Let's flex our programming muscles and implement it using Elixir!
Elixir, Bitcoin, Mastering Bitcoin
Feb 19, 2018

Property Testing our Base58Check Encoder with an External Oracle – Property-based testing is an amazingly powerful tool to add to your testing toolbox. Check out how we can use it to verify the correctness of our Base58Check encoder against an external oracle.
Elixir, Bitcoin, Mastering Bitcoin
Feb 12, 2018

Mining for Bitcoin Vanity Addresses with Elixir – In this article we'll our Bitcoin private key generator to mine for vanity addresses. Once we've built our naive solution, we'll add a drop of Elixir and parallelize the implementation.
Elixir, Bitcoin, Mastering Bitcoin
Feb 5, 2018

Hacking Prototypal Inheritance for Fun and Profit – Abuse of prototypal inheritance can allow attackers to exploit your application in various ways. Learn what to watch out for, and how to prevent vulnerabilities.
Javascript, Meteor, Security
Jan 29, 2018

Generating Bitcoin Private Keys and Public Addresses with Elixir – Elixir ships with the tools required to generate a cryptographically secure private key and transform it into a public address. Check out this step-by-step walkthrough.
Elixir, Bitcoin, Mastering Bitcoin
Jan 22, 2018

Secure Meteor – I'm announcing a new project: Secure Meteor! Learn to how to secure your Meteor application from a Meteor security professional. This easy to understand and actionable guide will teach you the ins and outs of Meteor security.
Meteor, Security, Announcement
Jan 15, 2018

Bitcoin's Base58Check in Pure Elixir – Elixir ships out of the box with nearly all of the tools required to generate Bitcoin private keys and transform them into public addresses. All except one. In this article we implement the missing piece of the puzzle: Base58Check encoding.
Elixir, Bitcoin, Mastering Bitcoin
Jan 8, 2018

Things I Learned During the Advent of Code – This year's Advent of Code has come and gone. I had a lot of fun solving each of this year's challenges with Elixir.
Elixir, Advent of Code
Jan 1, 2018

Do you know that a man is not dead while his name is still spoken? – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Elixir, Phoenix, Books
Dec 25, 2017

Let's Get Personal – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Meta, Announcement
Dec 18, 2017

Generating Sequences with Elixir Streams – Elixir streams can be amazingly useful tools for generating potentially infinite sequences of data. Learn about three useful stream functions that can be used to generate complex enumerable sequences.
Elixir, Advent of Code
Dec 11, 2017

Fleshing out URLs with Elixir – Step one of crawling a web page is getting a fully fleshed out URL pointing to that page. Unfortunately, people usually think of URLs in fuzzy, incomplete terms. Thankfully, fleshing out the missing details is simple with Elixir.
Elixir, Affiliate Crawler, Web Crawling
Dec 11, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Elixir, Affiliate Crawler, Announcement, Tools, Web Crawling
Nov 20, 2017

Being John Malkovich on Twitter – I've created a script that injects a healthy dose of empathy injected into your Twitter experience. Experience what it's like being John Malkovich on Twitter.
Javascript, Experiments
Nov 13, 2017

Rum Boogie Café – Character encodings have long been the bane of software developers. Read about the lengths I recently went to in order to debug a character encoding issue.
Javascript, Node.js, Debugging
Nov 6, 2017

Grokking the Y Combinator with Elixir – The Y combinator is something to be marveled over. Dive into this amazing contraption with me as we build it from the ground up with simple Elixir anonymous functions.
Elixir, Books, Computer Science
Oct 30, 2017

Formatting with Vim Scripts – Vim has become the cornerstone of my day-to-day work as a software developer. Check out how I use Vim scripts to format articles and posts.
Vim, Markdown, Literate Commits
Oct 16, 2017

Learning to Crawl - Building a Bare Bones Web Crawler with Elixir – Roll up your sleaves and get ready to build a fully function (but feature limited) web crawler using Elixir.
Elixir, Web Crawling, Affiliate Crawler
Oct 9, 2017

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Elixir, Katas, Phoenix, Authentication
Oct 2, 2017

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Javascript, Node.js, GraphQL, Apollo, MongoDB, Mongoose
Sep 25, 2017

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Bitcoin, Blockchain, Elixir, Phoenix
Sep 18, 2017

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
NoSQL Injection, Inject Detect, Javascript, Meteor, Security, MongoDB, Announcement
Sep 11, 2017

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Bitcoin, Blockchain, Elixir, Mastering Bitcoin
Sep 4, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Inject Detect, NoSQL Injection, Meteor, Security, MongoDB
Aug 28, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Javascript, Node.js, GraphQL, MongoDB
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Javascript, Node.js, GraphQL, Apollo, MongoDB
Aug 14, 2017

What if Elixir were Homoiconic? – Despite what some people say, Elixir is not a homoiconic language. This articles explores what the language would look like if it were.
Elixir, Computer Science
Aug 7, 2017

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Javascript, GraphQL, Apollo, Offline
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Javascript, GraphQL, Apollo, Offline
Jul 24, 2017

Recurring Tasks in Elixir – Today we're digging into the details of how to program recurring tasks in Elixir using GenServers. Behold the Fruit Printer 🍉.
Elixir
Jul 17, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Inject Detect, NoSQL Injection, Meteor, Security, MongoDB
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Inject Detect, NoSQL Injection, Meteor, Security, MongoDB
Jul 3, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Elixir, Javascript, Node.js, Computer Science
Jun 26, 2017

GenServers and Memory Images: A Match Made in Heaven – Elixir's GenServers are the perfect tool for implementing Memory Images — a powerful replacement for storing state in conventional databases.
Elixir, Inject Detect, Event Sourcing
Jun 19, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Inject Detect, NoSQL Injection, GraphQL, Meteor, Security, MongoDB
Jun 12, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Inject Detect, Javascript, Node.js, GraphQL, Stripe
Jun 5, 2017

Have You Tried Just Using a Function? – This articles how refacting a complex set of GenServers and Supervisors into simple functions saved me quite a bit of frustration and opened the doors to new functionality.
Elixir, Event Sourcing
May 29, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
Inject Detect, NoSQL Injection, Meteor, MongoDB, Security
May 22, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
Elixir, Phoenix, Absinthe, GraphQL, Apollo, Authentication
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
Elixir, Phoenix, Absinthe, GraphQL, Authentication
May 8, 2017

Inject Detect Progress Report – Peek into the inner workings of Inject Detect, an Elixir and React-powered security SaaS application, in this progress report.
Elixir, Inject Detect, Event Sourcing
May 1, 2017

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Elixir, Phoenix, Passwordless, Authentication
Apr 24, 2017

Who Needs Lodash When You Have Elixir? – Watch how Elixir's standard library outclasses Javascript's Lodash in day-to-day tasks.
Elixir, Javascript
Apr 17, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Elixir, Phoenix, Absinthe, Apollo, GraphQL
Apr 10, 2017

Using Create React App with Phoenix – Skip brunch today and use Create React App to lay the foundation for the front-end of your next Elixir and Phoenix project.
Elixir, Phoenix, React
Apr 3, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Inject Detect, Javascript, Meteor, MongoDB, Monkey Patching
Mar 27, 2017

How am I Building Inject Detect? – Here's a high-level architectural and technilogical outline for how I plan to build out the Inject Detect application.
Inject Detect, Elixir, MongoDB
Mar 20, 2017

Why Security? – Why should we, as software developers, be concerned about the security of the software they write? Because everything we do depends on it.
Inject Detect, Security, Process
Mar 13, 2017

Inject Detect - Coming Soon! – I've decided to put my knowledge into practice and build an application called Inject Detect to detect NoSQL Injection attacks as they happen.
Inject Detect, Security, NoSQL Injection
Mar 6, 2017

My Favorite Pattern Revisited – Elixir's 'with' special form is a powerful tool that can lead to some elegant patterns in your code. Let's look at a few examples.
Elixir
Feb 27, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Elixir, Phoenix, Channels, Game of Life, Experiments, Channels
Feb 20, 2017

Build Your Own Code Poster with Elixir – I used Elixir to merge together a client's logo with the code we'd worked together to develop. The result was a beautiful code poster and this open source Elixir project.
Elixir, Experiments
Feb 13, 2017

Playing the Game of Life with Elixir Processes – Explore the concept of life and death with Elixir processes by implementing Conway's Game of Life where each cell is a living Elixir process.
Elixir, Game of Life, Experiments
Feb 6, 2017

My Favorite Pattern Without a Name – I've been notice a recurring pattern in modern open source projects and even my own Elixir code, but strangely, this pattern doesn't seem to have a name.
Elixir
Jan 30, 2017

Upgrade Releases With Edeliver – Edeliver simplifies the process of building and deploying upgrade releases for your Elixir and Phoenix applications.
Elixir, Phoenix, Deployment
Jan 23, 2017

Simplifying Elixir Releases With Edeliver – Edeliver simplifies the process of building and deploying standard releases for your Elixir and Phoenix applications.
Elixir, Phoenix, Deployment
Jan 16, 2017

Upgrade Releases With Distillery – Use Distillery to build and deploy hot-upgrades to your Elixir and Phoenix applications through the process of upgrade releases.
Elixir, Phoenix, Deployment
Jan 9, 2017

Deploying Elixir Applications with Distillery – Use Distillery to build and deploy your Elixir and Phoenix applications.
Elixir, Phoenix, Deployment
Dec 26, 2016

Intentionally Learning Elixir – How I've fast-tracked my absorption of Elixir through intentional learning.
Elixir, Books
Dec 19, 2016

How to use MongoDB With Elixir - Revisited – A recent upgrade to Elixir's MongoDB package requires that we revisit how we interact with the database through Elixir.
Elixir, MongoDB
Dec 5, 2016

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Elixir, Absinthe, GraphQL, Apollo
Nov 21, 2016

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Nov 16, 2016

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Elixir, Phoenix, Meteor, Authentication
Nov 14, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Nov 9, 2016

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Elixir, Phoenix, NoSQL Injection, Security, MongoDB
Nov 7, 2016

How to Use MongoDB with Elixir – What is the best way to use MongoDB as your primary database in a Phoenix or Elixir application? This article explores a few options.
Elixir, Phoenix, MongoDB
Oct 31, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Oct 26, 2016

A Five Minute Introduction to NoSQL Injection – What is NoSQL Injection? How does it affect my application? How can I prevent it? This five minute guide will tell you everything you need to know.
NoSQL Injection, Security, MongoDB
Oct 24, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Oct 19, 2016

Can Meteor Applications be "Mobile Only?" – What does it mean to be "mobile only", and can a Meteor application ever be restricted to a mobile-only build?
Javascript, Meteor, Mobile
Oct 17, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Oct 12, 2016

How to Safely Store Application Links – Does your application give users the ability to link to arbitray external URLs? You may be exposing your users to an unnecessary vulnerability.
Javascript, Meteor, Security
Oct 10, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Oct 5, 2016

Accounts is Everything Meteor Does Right – Meteor's Accounts system is one of Meteor's most killer features, and one of the reasons I find it difficult to leave the framework.
Javascript, Meteor, Authentication
Oct 3, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Elixir, Phoenix, Literate Commits, Phoenix Todos, Authentication
Sep 28, 2016

My Kingdom for Transactions – Transactions are an incredibly undervalued tool in a developer's toolbox. They're often not missed until they're desperately needed. By then, it may be too late.
Javascript, MongoDB
Sep 26, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Sep 21, 2016

Clone Meteor Collection References – Ever wanted to have two different sets of helpers attached to a single Meteor collection? It's more complicated than you may think.
Javascript, Meteor
Sep 19, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Elixir, Phoenix, Literate Commits, Phoenix Todos, Authentication
Sep 14, 2016

Rewriting History – Is your Git-foo strong enough to change the past? Let's explore some advanced techniques for modifying the commit history of a Git repository.
Literate Commits, Git
Sep 12, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Sep 7, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Javascript, Meteor, MongoDB, Security
Sep 5, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Elixir, Phoenix, Literate Commits, Phoenix Todos
Aug 31, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Javascript, Meteor, Security, Mobile
Aug 29, 2016

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Elixir, Phoenix, Meteor, Channels
Aug 22, 2016

Advent of Code: Not Quite Lisp – This Literate Commits post solves a Lisp-flavored code kata using Elixir!
Elixir, Advent of Code, Literate Commits
Aug 17, 2016

Meteor in Front, Phoenix in Back - Part 1 – Part one of our Meteor in Front, Phoenix in Back series. Let's put our mad scientist hats on and transplant a Meteor front-end into a Phoenix application!
Elixir, Phoenix, Meteor
Aug 15, 2016

The Captain's Distance Request – This Literate Commits post solves a code kata related to finding the distance between two points on earth using the heversine formula. Here be dragons!
Javascript, Codewars, Literate Commits
Aug 10, 2016

Module Import Organization – Now that Meteor supports native modules, imports, and exports... Where do we put everything?
Javascript, Meteor
Aug 8, 2016

Nesting Structure Comparison – How do we determine if two array share the same nested structure? This Literate Commits code kata dives deep into the solution.
Javascript, Codewars, Literate Commits
Aug 3, 2016

Method Imports and Exports – When we define Meteor methods and publication in modules, what do we export? This articles dives into that question and more.
Javascript, Meteor, Testing
Aug 1, 2016

Molecule to Atoms – Let's go back to chemistry class and figure out how to break a molecule into its component elements in this Javascript Literate Commits code kata.
Javascript, Codewars, Literate Commits
Jul 27, 2016

Mocha's Grep Flag – Today I learned about Mocha's grep flag; an insanely useful tool for quickly isolating individual tests of groups of tests.
Javascript, Testing
Jul 25, 2016

Point in Polygon – Is this point in this polygon? This Literate Commits articles explores one possible solution to this code kata.
Javascript, Codewars, Literate Commits
Jul 20, 2016

Meteor's Nested Import Controversy – Meteor has introduced Reify that allows the importing of modules within a nested code block. Are we still writing Javascript?
Javascript, Meteor
Jul 17, 2016

Literate Commits – Literate Commits is a new take on the concept of Donald Knuth's Literate Programming that tells a story through your repository's commit history.
Literate Commits
Jul 11, 2016

Delete Occurrences of an Element – Let's build up our Test Driven Development chops with this simple Javascript code kata written in the Literate Commits style.
Javascript, Codewars, Literate Commits
Jul 11, 2016

Winston and Meteor 1.3 – Due to the intricacies of Meteor's build system, integrating Winston into your Meteor project is more difficult that it seems at first glance.
Javascript, Meteor
Jul 4, 2016

A New Look For East5th – The East5th page has been given a face lift! Same old content, fresh new look.
Meta
Jun 27, 2016

Node Vulnerability Scanners in a 1.3 World – Using NPM packages in your Meteor project opens you up to a world of vulnerabilities. How can you be sure you're using secure packages?
Javascript, Meteor, Security
Jun 20, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Javascript, Meteor, NoSQL Injection, Security, GraphQL
Jun 13, 2016

MongoDB With Serverless – Using MongoDB from an AWS Lambda function is more difficult than you may expect. Here's one possible solution.
Javascript, Serverless, MongoDB
Jun 6, 2016

Anatomy of an Assessment – What are Meteor security assessments? How do they work and what can I expect?
Meteor, Security, Process
May 30, 2016

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
Javascript, Node.js, Serverless, Bitcoin
May 24, 2016

The Missing Link In Meteor's Rate Limiter – It's possible to carry out a Denial of Service attack against a Meteor application by flooding it with subscriptions. Check out how you can protect yourself.
Javascript, Meteor, Security
May 16, 2016

Transitioning to Modules With Global Imports – Transitioning your entire Meteor application towards using imports is a time-consuming and error-prone process. Thankfully, there's a middle way.
Javascript, Meteor
May 9, 2016

Meteor Unit Testing With Testdouble.js – Smooth out your Meteor testing experience with Testdouble.js.
Javascript, Meteor, Testing
May 2, 2016

Blaze Meets Clusterize.js – Blaze can be slow when rendering hundreds of elements. Speed it up with Clusterize.js!
Javascript, Meteor
Apr 18, 2016

CollectionFS Safety Considerations – Allowing file uploads to your applications opens you up to a world of potential vulnerabilities. Make sure you're protected.
Javascript, Meteor, Security
Apr 4, 2016

Bypassing Package-Based Basic Auth – Are you using Basic Auth to protect your Meteor application? You're probably not protecting your DDP endpoint. Find out how to fix it.
Javascript, Meteor, Security
Mar 28, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Javascript, Meteor, Security, NoSQL Injection, MongoDB
Mar 21, 2016

Stored XSS and Unexpected Unsafe-Eval – Event your Content Security Policy can't save you from stored Cross Site Scripting attacks.
Javascript, Meteor, Security
Mar 14, 2016

Cross Site Scripting Through jQuery Components – Your application may be correctly sanitizing user-provided input, but are your jQuery components? Watch out for Cross Site Scripting attacks!
Javascript, Meteor, Security
Mar 7, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Javascript, Meteor, Security, NoSQL Injection, MongoDB, Appearance
Feb 29, 2016

Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.
Meteor, Security, NoSQL Injection
Feb 15, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Meteor, Security, NoSQL Injection, MongoDB
Feb 8, 2016

Sending Emails Through Hidden Methods – Even if your methods aren't published to the client, they can still be called by malicious users to send emails or do other nefarious things.
Meteor, Security
Feb 1, 2016

Scripting With MongoDB – Scripting with Javascript is an often overlooked, but incredibly powerful feature of MongoDB. Take advantage of it!
Javascript, MongoDB
Jan 25, 2016

Home Sweet Home in Chattanooga – I've officially relocated to Chattanooga, Tennessee!
Meta
Jan 18, 2016

Unit Testing With Meteor 1.3 – Meteor's official testing solution, Velocity, is just too slow. Check out how to use ES6 modules and Mocha to write lightning fast unit tests!
Javascript, Meteor, Testing
Dec 21, 2015

Meteor Club Q&A on Security – I had a great time on Josh Owens' Meteor Club Q&A talking about Meteor security. Be sure to checkout the Youtube recording.
Meteor, Security
Dec 14, 2015

Scanning Meteor Projects for Node Vulnerabilities – Meteor applications can make use of Node.js packages, which opens them up to a world of vulnerabilities. Protect yourself by learning how to scan those packages for known vulnerabilities.
Meteor, Security
Dec 7, 2015

Giving Thanks – It's been a little over a year since I started experimenting with Meteor. In that time it has given me the confidence to start successfully working for myself. Thanks Meteor!
Meteor, Meta
Nov 30, 2015

Building Check-Checker as a Meteor Plugin – Let's use Meteor's Build Plugin API to refactor our Check Checker package into a plugin.
Javascript, Meteor, Security
Nov 23, 2015

Sorting By Ownership With MongoDB – This post explores the problem of crafting a difficult query in MongoDB. Use your tools; don't let your tools use you.
Javascript, MongoDB
Nov 16, 2015

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Javascript, Meteor, Security, NoSQL Injection
Nov 9, 2015

Meteor Space Camp – Last month I had the opportunity to go to Space Camp! No, not that kind of space camp...
Meteor
Nov 2, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Javascript, Meteor, Security, NoSQL Injection
Oct 19, 2015

Package Scan Community Contributions – Package Scan is getting some love from the community!
Meteor, Security
Oct 13, 2015

Slimming Down Fat Models – While fat models are better than fat controllers, sometimes your models need to trim the fat as well. Event-based architectures may be the solution to your troubles.
Javascript, Meteor
Oct 5, 2015

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Javascript, Meteor, Security, Announcement
Sep 28, 2015

Exporting ES6 Classes From Meteor Packages – How do you export ES6 classes from Meteor packages? This articles dives into the topic.
Javascript, Meteor
Sep 23, 2015

Never Forget Where Your Code Runs – Part of designing a secure software solution is being aware of your client and server boundaries. This is especially important with working with isometric systems.
Javascript, Meteor, Security
Sep 21, 2015

Counting Fields With Mongo Aggregations – How would you write a MongoDB query to cound the number of fields in a set of documents? Let's dive into a solution!
Javascript, MongoDB
Sep 14, 2015

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Javascript, Meteor, Security, XSS
Sep 7, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Javascript, Meteor, Security, NoSQL Injection
Aug 31, 2015

Hijacking Meteor Accounts by Sniffing DDP – Meteor accounts can be hijacked by an attacker listening for your credentials as they fly across the wire. Find out how to protect your application.
Javascript, Meteor, Security
Aug 23, 2015

The Ecstasy of Testing – You dive in, equipped with nothing more than a creeping dissatisfaction and a passing test suite...
Javascriot, Testing, Writing
Aug 18, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Javascript, Meteor, Security, NoSQL Injection
Aug 10, 2015

Returning Promises Synchronously – I often find myself tasked with returning promises synchronously from Meteor fibers. I've written a Meteor package that helps with the task.
Javascript, Meteor
Aug 3, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Javascript, Meteor, Security, NoSQL Injection, Announcement
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Javascript, Meteor, Security, NoSQL Injection
Jul 21, 2015

Why Is Rename Disallowed? – The MongoDB 'rename' operator is disallowed in Meteor client-side queries. Let's explore why that may be.
Javascript, Meteor, Security
Jul 14, 2015

Basic Auth For Hiding Your Application – Basic authentication is a great way to quickly lock down an application from prying eyes. Learn the ins and outs.
Javascript, Meteor, Security
Jul 6, 2015

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Javascript, Meteor, Security, Black Box Meteor
Jun 29, 2015

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Javascript, Meteor, Security, Appearance
Jun 22, 2015

Allow & Deny Challenge - Check Yourself – Can you write an air-tight set of allow & deny rules? Take a look at Sacha Greif's challange, try it for yourself, and take a look at my solution.
Javscript, Meteor, Security
Jun 15, 2015

Good Night 1pxsolidtomato – The name '1pxsolidtomato' is no more. But this site and all of its content will live on!
Meta
Jun 10, 2015

Authentication with localStorage – Authentication through localStorage has the handy property of being CSRF-proof. Find out what that means and why it matters in this article!
Javascript, Meteor, Security
Jun 8, 2015

Keep It Secret, Keep It Safe – Are you accidentally leaking your application's secrets to the client? It's more likely than you may think.
Javascript, Meteor, Security
May 25, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
Javascript, Meteor, Security, NoSQL Injection
May 18, 2015

Private Package Problems – What's the best way to manage private Meteor packages? Let's compare the pros and cons of a few different potential solutions.
Meteor, Git
May 11, 2015

Meteor Security in the Wild – Read along with this deep hands-on dive into a vulnerability I found in a client's production Meteor application.
Javascript, Meteor, Security
May 5, 2015

Meteor Package Scan – Are you using Meteor packages with known security vulnerabilities? Package Scan will tell you.
Meteor, Security, Announcement
Apr 27, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Javascript, Meteor, Security, Black Box Meteor
Apr 24, 2015

Discover Meteor - Mentoring Session – I'll be hosting a Discover Meteor mentor section. Stop by and ask questions!
Meteor, Appearance
Apr 20, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Javascript, Meteor, Security, Black Box Meteor
Apr 15, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Javascript, Meteor, Security, NoSQL Injection
Apr 6, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Javascript, Meteor, Security, XSS, Black Box Meteor
Apr 3, 2015

Recursive Components with Meteor and Polymer – Let's put on our mad scientist hats and build a Cantor set using recursive components in both Meteor and Polymer.
Meteor, Polymer, Experiments
Mar 30, 2015

Materialize Highs and Lows – Materialize is a CSS frameworks with its ups and downs. Here are my experiences.
Javascript
Mar 25, 2015

User Fields and Universal Publications – Universal publications are a piece of black magic that are often brushed under the rug of Meteor applications. Learn what they are and how they're used in this question and answer style article.
Javascript, Meteor
Mar 16, 2015

Meteor Composability – It can be difficult to build a truly composable application using Meteor's out-of-the-box front-end framework. Here are a few tips and tricks.
Javascript, Meteor, Appearance
Mar 9, 2015

Customizable Meteor Navbar with Orion CMS – Let's extend the Meteor-based Orion CMS with our own customizable navbar.
Javascript, Meteor
Mar 2, 2015

Custom Categories with Meteor's Orion CMS – Let's extend the Meteor-based Orion CMS with our own custom categories.
Javascript, Meteor
Feb 23, 2015

Meteor and Mongod.lock – Crashing Meteor applications can sometimes wreak havok on your MongoDB lock file. Learn how to fix that problem in this article.
Meteor, MongoDB
Feb 16, 2015

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Javascript, Meteor, Testing, Debugging
Feb 9, 2015

Announcing East5th! – I've decided to start working for myself under the name of 'East5th'!
Meta, Announcement
Feb 4, 2015

Suffixer! Find Meaningful Unregistered Domains – Suffixer is a tool designed to find meaningful unregistered domains for your latest project.
Javascript, Meteor, Announcement
Feb 2, 2015

Mongo Text Search with Meteor – MongoDB text searches can offer significant performance boosts over simple regular expression based queries.
Javascript, MongoDB, Meteor
Jan 26, 2015

The Dangers of Debouncing Meteor Subscriptions – Debouncing Meteor subscriptions can lead to subtle bugs. Let's explore those bugs and find out how to prevent them in your application.
Javascript, Meteor
Jan 19, 2015

Custom Block Helpers and Meteor Composability – Custom block helpers can help you build more composable Meteor front-ends. This article can help you master them.
Javascript, Meteor
Jan 13, 2015

Zapier Named Variables - Scheduling Posts Part 2 – Zapier named variables can help you schedule posts to a Jekyll based blog. Find out how!
Jekyll, Zapier
Jan 5, 2015

Scheduling Posts with Jekyll, Github Pages & Zapier – Find out how I'm using Zapier to schedule posts to my Jekyll-powered blog hosted on Github Pages!
Jekyll, Zapier
Dec 29, 2014

Hide Menu: My First Sublime Text Plugin – I've created a Sublime Text plugin to scratch an itch, and I documented the whole process.
Python
Dec 24, 2014

BYO Meteor Package – Follow along as I build and publish my first Meteor package!
Javascript, Meteor
Dec 22, 2014

Throw Back Thursday: Julia Sets with Sass – Have you ever thought about generating a Julia set from nothing but HTML and CSS? I have...
CSS, Experiments
Dec 18, 2014

Aspect Ratio Media Queries – Aspect ratio media queries can be used to create interesting and incredibly useful layouts. Check out this example.
CSS
Dec 16, 2014

Joining the Tiling WM Master Race – Tiling window managers aren't well-known outside of the Linux ricing community, but they're an incredibly powerful tool for a developer looking to improve their efficiency.
Development Environment
Dec 15, 2014

My Meteor Hello World - countwith.me – My first application made with Meteor, countwith.me, is a simple distributed counting application. How high can the internet count?
Javascript, Meteor, Announcement
Dec 8, 2014

Meteor First Impressions – This video summarizes my first impressions of the Meteor framework. Wow!
Meteor
Dec 2, 2014

Thinking Out Loud About Screencasting Platforms – I've been thinking out loud lately about building a screen-casting platform designed for software developers.

Nov 21, 2014

Building Ms. Estelle Marie – Recently I spent some time customizing a Wordpress template for a client. Here's a quick rundown of my process and impressions.
PHP, Wordpress, Grunt
Nov 12, 2014

Chrome LiveReload Extension and Remote Machines – The Chrome LiveReload plugin doesn't work well with remote development servers. Here's a workaround.
Javascript, Grunt
Nov 5, 2014

CrossView Fun With CSS – CrossView illusions are an interesting way of hiding information in plain sight.
CSS, Experiments
Nov 2, 2014

Laravel Queue's Sleep Contributes to its Timeout – Follow along as I track down a bug in Laravel's queue system.
PHP, Laravel, Debugging
Oct 23, 2014

Laravel 4.2 Command "Queue:Restart" is Not Defined – A sudden anomalous skipe in CPU usage led me down the rabbit hole of debugging an issue with my Laravel configuration. Follow along in this article.
PHP, Laravel
Oct 15, 2014

The Quest for Scalable SVG Text – Creating an SVG with scalable text presents more challenges than you would expect. Especially when you're trying to shoot for full browser compatibility.
SVG
Oct 8, 2014

Firebase! - T.U.S.T.A.C.R. Part 2 – Follow along as I build out the back-end of a URL shortener built using Firebase!
Javascript, Firebase, Video
Oct 1, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Javascript, Firebase, CSS, Video
Sep 24, 2014

Namecheap + Amazon S3 – Namecheap and Amazon's S3 are a match made in heaven. Follow these steps to get both working together seamlessly.
Infrastructure
Sep 23, 2014

Git Bisect and Commit History – Git's bisect tool is a powerhouse of a tool that often doesn't get the love it deserves.
Git
Sep 16, 2014

Responsive SVG Height Issue – I recently faced an issue with responsive SVGs not sizing correctly. Here's how I came up with a solution.
SVG
Sep 9, 2014

Smart Forms - Automate and Build Your Own Tools! – Sometimes it's the code you throw away that's the most valuable. Here's a story about how a one-off tool built quickly and poorly saved a client hundreds of hours of billable work.
Javascript, Process
Sep 4, 2014

My Concurrent Jekyll Gruntfile – Use concurrency to simultaneously run multiple Grunt commands.
Grunt, Jekyll
Aug 28, 2014

Prism.js and Github Pages – This blog is build using Jekyll and hosted on Github Pages. This presents certain difficulties when paired with the Prism.js syntax highlighter.
Jekyll
Aug 27, 2014