Tags

API

Recursively Handle Query Parameters in a Phoenix API – Handle combinations of query parameters with recursive function calls and pattern matching function heads.
Nov 5, 2022

Absinthe

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Nov 21, 2016

Advent of Code 2017

Things I Learned During the Advent of Code – This year's Advent of Code has come and gone. I had a lot of fun solving each of this year's challenges with Elixir.
Jan 1, 2018

Generating Sequences with Elixir Streams – Elixir streams can be amazingly useful tools for generating potentially infinite sequences of data. Learn about three useful stream functions that can be used to generate complex enumerable sequences.
Dec 11, 2017

Advent of Code: Not Quite Lisp – This Literate Commits post solves a Lisp-flavored code kata using Elixir!
Aug 17, 2016

Advent of Code 2018

Advent of Code: Subterranean Sustainability – Day twelve of 2018's Advent of Code challenge. Pots, plants, and cellular autamata, oh my!
Dec 20, 2018

Advent of Code: Marble Mania – Day ten of 2018's Advent of Code challenge. Let's build a circular, doubly linked list using the J programming language.
Dec 14, 2018

Advent of Code: Chronal Charge – Day eleven of 2018's Advent of Code challenge. Using an Elixir-inspired verb to generate sub-grids in J.
Dec 14, 2018

Advent of Code: The Stars Align – Day ten of 2018's Advent of Code challenge. Converging on hidden messages using the J programming language.
Dec 13, 2018

Advent of Code: Memory Maneuver – Day eight of 2018's Advent of Code challenge. We can plant a house, and we can build a tree.
Dec 8, 2018

Advent of Code: The Sum of Its Parts – Day seven of 2018's Advent of Code challenge. In which we use J to navigate a directed graph.
Dec 7, 2018

Advent of Code: Chronal Coordinates – Day six of 2018's Advent of Code challenge. Let's use J to build a Manhattan distance-based Voronoi diagram!
Dec 6, 2018

Advent of Code: Alchemical Reduction – Day five of 2018's Advent of Code challenge. Let's use J to reduce polymer strings!
Dec 5, 2018

Advent of Code: Repose Record – Day four of 2018's Advent of Code challenge. Warning: string processing be here.
Dec 4, 2018

Advent of Code: No Matter How You Slice It – Day three of 2018's Advent of Code challenge. Let's use J matricies to model rectangular intersections.
Dec 3, 2018

Advent of Code: Inventory Management System – Day two of 2018's Advent of Code challenge. Let's use J to count occurances of letters in a string.
Dec 2, 2018

Advent of Code: Chronal Calibration – Day one of 2018's Advent of Code challenge. Let's use J to process a repeating sequence of changes.
Dec 1, 2018

Affiliate Crawler

Fleshing out URLs with Elixir – Step one of crawling a web page is getting a fully fleshed out URL pointing to that page. Unfortunately, people usually think of URLs in fuzzy, incomplete terms. Thankfully, fleshing out the missing details is simple with Elixir.
Dec 11, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Learning to Crawl - Building a Bare Bones Web Crawler with Elixir – Roll up your sleaves and get ready to build a fully function (but feature limited) web crawler using Elixir.
Oct 9, 2017

Announcement

On This Day I'm Officially a Father – 🥳
Aug 14, 2020

Glorious Voice Leader Reborn – I recently finished a major visual overhaul of my current pet project, Glorious Voice Leader. The redesign was primarily intended to give musicians a (hopefully) more natural interface for working with the tool.
Mar 27, 2020

All Hail Glorious Voice Leader! – I'm excited to announce the newest addition to my chord-generating family of programs: Glorious Voice Leader! Check out this example of what it's made to do.
Sep 30, 2019

Secure Meteor is Live – Secure Meteor is live and available for purchase. Be sure to check it out if you're a Meteor developer or application owner!
Mar 4, 2019

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Secure Meteor – I'm announcing a new project: Secure Meteor! Learn to how to secure your Meteor application from a Meteor security professional. This easy to understand and actionable guide will teach you the ins and outs of Meteor security.
Jan 15, 2018

Let's Get Personal – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 18, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Sep 28, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Meteor Package Scan – Are you using Meteor packages with known security vulnerabilities? Package Scan will tell you.
Apr 27, 2015

Announcing East5th! – I've decided to start working for myself under the name of 'East5th'!
Feb 4, 2015

Suffixer! Find Meaningful Unregistered Domains – Suffixer is a tool designed to find meaningful unregistered domains for your latest project.
Feb 2, 2015

My Meteor Hello World - countwith.me – My first application made with Meteor, countwith.me, is a simple distributed counting application. How high can the internet count?
Dec 8, 2014

Apollo

Setting Apollo Context from HTTP Headers in a Meteor Application – Meteor's Apollo integration exists in a strange, undocumented state. I recently found myself digging into the package's code to accomplish a seemingly simple task.
Nov 13, 2019

Apollo Quirks: Polling After Refetching with New Variables – Apollo doesn't come without its quirks. Let's dig into what happens when you try to mix a poll interval and a refetch on a single Apollo query.
Sep 23, 2019

Is My Apollo Client Connected to the Server? – It turns out that the problem of detecting server connectivity is more complicated than it first seems in the current state of Apollo.
May 13, 2019

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Jul 24, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Nov 21, 2016

Appearance

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Jun 22, 2015

Discover Meteor - Mentoring Session – I'll be hosting a Discover Meteor mentor section. Stop by and ask questions!
Apr 20, 2015

Meteor Composability – It can be difficult to build a truly composable application using Meteor's out-of-the-box front-end framework. Here are a few tips and tricks.
Mar 9, 2015

Art

Genuary 2021 – I didn't participate in Genuary this year, but I did put together a few sketches inspired by the prompts.
Feb 18, 2021

Authentication

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Oct 2, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Apr 24, 2017

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Nov 14, 2016

Accounts is Everything Meteor Does Right – Meteor's Accounts system is one of Meteor's most killer features, and one of the reasons I find it difficult to leave the framework.
Oct 3, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Automation

Scripting Tmux Session Creation – I decided to script my tmux session creation process.
Sep 28, 2023

Bitcoin

Living the Simple Life with Recursive Parsing and Serialization – I've been working on a refactor of my Elixir-powered Bitcoin full node for weeks now. Let's dive into the solution I landed on.
Sep 24, 2018

Building a Better Receive Loop – Taking advantage of structural decisions in the Bitcoin protocol can greatly simplify our receive loop. Check out how!
Jul 23, 2018

Ping, Pong, and Unresponsive Bitcoin Nodes – The last step in maintaining our pool of Bitcoin peer nodes is to detect and remove unresponsive nodes from our network.
Jul 9, 2018

Limiting Peers with DynamicSupervisor Options – We can simplify our Bitcoin node's peer management code by letting Elixir do the heavy lifting for us! Let's dive into the `:max_children`{:.language-elixir} option and see how it can help us.
Jun 18, 2018

Generating Test Fixtures with Wireshark – Wireshark can be an invaluable tool for testing the parsing and serializing of a well-known binary protocol. Check out how we can use binary fixtures exported from Wireshark to test our Elixir-based Bitcoin protocol parser and serializer.
Jun 11, 2018

Spreading Through the Bitcoin Network – Let's replace our Bitcoin node's supervisor with a dynamic supervisor and start recursively spreading through the Bitcoin peer-to-peer network!
May 21, 2018

Beefing Up our Bitcoin Node with Connection – Let's beef up the resiliency of our Elixir-based Bitcoin node by incorporating some connection retry behavior.
May 14, 2018

Reversing BIP-39 and the Power of Property Testing – In which an attempt to reverse the BIP-39 encoding algorithm sends me down a debugging rabbit hole, and the power of property testing shows me the light.
May 7, 2018

Connecting an Elixir Node to the Bitcoin Network – Let's use the tools provided by the Elixir programming language to connect to a node on Bitcoin's peer-to-peer ad-hoc network. Hello, Bitcoin!
Apr 23, 2018

Hex Dumping with Elixir – Is it better to call out to an existing external tool, or roll your own solution to a problem? Climb down this rabbit hole with me as we implement a hex dump utility in Elixir.
Apr 9, 2018

Building Mixed Endian Binaries with Elixir – Working with mixed-endian binaries is something we rarely have to think about as web developers. When it does come up, Elixir thankfully ships with the perfect tools for the job.
Mar 19, 2018

Mining for Mnemonic Haiku with Elixir – What are some interesting things we can do with the BIP-39 mnemonic generator we built in a previous article? How about mine for structurally sound mnemonic haiku?!
Mar 5, 2018

From Bytes to Mnemonic using Elixir – Bitcoin's BIP-39 is a clever algorithm for transforming random binaries into easy to remember mnemonics. Let's flex our programming muscles and implement it using Elixir!
Feb 19, 2018

Property Testing our Base58Check Encoder with an External Oracle – Property-based testing is an amazingly powerful tool to add to your testing toolbox. Check out how we can use it to verify the correctness of our Base58Check encoder against an external oracle.
Feb 12, 2018

Mining for Bitcoin Vanity Addresses with Elixir – In this article we'll our Bitcoin private key generator to mine for vanity addresses. Once we've built our naive solution, we'll add a drop of Elixir and parallelize the implementation.
Feb 5, 2018

Generating Bitcoin Private Keys and Public Addresses with Elixir – Elixir ships with the tools required to generate a cryptographically secure private key and transform it into a public address. Check out this step-by-step walkthrough.
Jan 22, 2018

Bitcoin's Base58Check in Pure Elixir – Elixir ships out of the box with nearly all of the tools required to generate Bitcoin private keys and transform them into public addresses. All except one. In this article we implement the missing piece of the puzzle: Base58Check encoding.
Jan 8, 2018

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Sep 18, 2017

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Sep 4, 2017

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
May 24, 2016

Black Box Meteor

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Jun 29, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Apr 24, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Apr 15, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Blockchain

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Sep 18, 2017

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Sep 4, 2017

Books

Do you know that a man is not dead while his name is still spoken? – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 25, 2017

Grokking the Y Combinator with Elixir – The Y combinator is something to be marveled over. Dive into this amazing contraption with me as we build it from the ground up with simple Elixir anonymous functions.
Oct 30, 2017

Intentionally Learning Elixir – How I've fast-tracked my absorption of Elixir through intentional learning.
Dec 19, 2016

CSS

Throw Back Thursday: Julia Sets with Sass – Have you ever thought about generating a Julia set from nothing but HTML and CSS? I have...
Dec 18, 2014

Aspect Ratio Media Queries – Aspect ratio media queries can be used to create interesting and incredibly useful layouts. Check out this example.
Dec 16, 2014

CrossView Fun With CSS – CrossView illusions are an interesting way of hiding information in plain sight.
Nov 2, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Sep 24, 2014

Caffeine

Coffee, Tea, and Theanine – What's your relationship with caffeine, coffee, and tea like?
Aug 20, 2018

Canvas

Recursive Roguelike Tiles – Let's dig deeper into the dungeon we generated last time and start adding grass and flowers. Recursive grids of tiles and cellular automata abound!
Jul 3, 2020

Hello Roguelike – Let's take a breather and use a random walk algorithm to generate a roguelike-style dunegon in the browser.
Jul 1, 2020

Lissajous Curves – A YouTube mathematician drew me into the beautiful rabbit hole of Lissajous curves. To satisfy my curiosity, I wrote a quick React application that renders a grid of Lissajous curves to an HTML5 canvas.
Mar 16, 2020

Animating a Canvas with React Hooks – The new React hooks API gives us a really slick way of introducing side effects into our pure, functional components. Let's use that to interact with and animate an HTML5 cavnas.
Aug 19, 2019

Cellular Automata

Wolfram Style Cellular Automata with Vim Macros – Let's use substitutions and recursive macros to generate Wolfram-style cellular automata entirely within Vim. Why? Because it's Friday.
Apr 3, 2020

Channels

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Aug 22, 2016

Chord

Optional Notes and Exact Pitches in Chord – My main goal with the Chord project is to model lead sheets. Let's move one step closer to that goal and add support for generating chords with optional notes and exact pitches.
Dec 17, 2018

Rendering ASCII Chord Charts with React – It's time to move our Chord project to the web. Let's use React to generate ASCII-based guitar chord charts.
Oct 8, 2018

Using Facades to Simplify Elixir Modules – Let's use facades to separate our module's interface from our implementation, simplifying our overall application!
Sep 3, 2018

Computing Fingering Distance with Dr. Levenshtein – In this article I get by with a little help from my friend, Vladimir Levenshtein, and algorithmically compute the fingering distance between two guitar chords.
Aug 27, 2018

Algorithmically Fingering Guitar Chords with Elixir – Let's use Elixir and a sieving algorithm to recursively generate all possible fingerings for a given guitar chord voicing.
Aug 13, 2018

Voice Leading with Elixir – Let's harness the power of Elixir to programatically generate optimal chord progressions and voice leading for guitar!
Jul 30, 2018

Clojure

Golfing for FizzBuzz in Clojure and Elixir – Let's take a look at an interesting Clojure-based solution to the FizzBuzz problem and see if we can eloquently restate it using Elixir.
Jul 9, 2018

Codewars

Count the Divisible Numbers – Counting the numbers divisible by some number within a range is a fairly simple challenge, but I decided to use this code kata as an opportunity to practice property-based testing. The results were a constant time solution that I'm very happy with!
Nov 25, 2019

The Captain's Distance Request – This Literate Commits post solves a code kata related to finding the distance between two points on earth using the heversine formula. Here be dragons!
Aug 10, 2016

Nesting Structure Comparison – How do we determine if two array share the same nested structure? This Literate Commits code kata dives deep into the solution.
Aug 3, 2016

Molecule to Atoms – Let's go back to chemistry class and figure out how to break a molecule into its component elements in this Javascript Literate Commits code kata.
Jul 27, 2016

Point in Polygon – Is this point in this polygon? This Literate Commits articles explores one possible solution to this code kata.
Jul 20, 2016

Delete Occurrences of an Element – Let's build up our Test Driven Development chops with this simple Javascript code kata written in the Literate Commits style.
Jul 11, 2016

Coding Train

The Collatz Sequence in J – Let's use the J programming langauge to implement the Collatz sequence! Ties and agenda abound.
Nov 6, 2019

Computer Science

Grokking the Y Combinator with Elixir – The Y combinator is something to be marveled over. Dive into this amazing contraption with me as we build it from the ground up with simple Elixir anonymous functions.
Oct 30, 2017

What if Elixir were Homoiconic? – Despite what some people say, Elixir is not a homoiconic language. This articles explores what the language would look like if it were.
Aug 7, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Jun 26, 2017

Correspondence

MongoDB Lookup Aggregation – In which a reader and I work together to write a MongoDB aggregation pipeline to reconstruct a tree, where each level of the tree is stored in separate collections.
Dec 26, 2020

Debugging

Rum Boogie Café – Character encodings have long been the bane of software developers. Read about the lengths I recently went to in order to debug a character encoding issue.
Nov 6, 2017

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Feb 9, 2015

Laravel Queue's Sleep Contributes to its Timeout – Follow along as I track down a bug in Laravel's queue system.
Oct 23, 2014

Deployment

Upgrade Releases With Edeliver – Edeliver simplifies the process of building and deploying upgrade releases for your Elixir and Phoenix applications.
Jan 23, 2017

Simplifying Elixir Releases With Edeliver – Edeliver simplifies the process of building and deploying standard releases for your Elixir and Phoenix applications.
Jan 16, 2017

Upgrade Releases With Distillery – Use Distillery to build and deploy hot-upgrades to your Elixir and Phoenix applications through the process of upgrade releases.
Jan 9, 2017

Deploying Elixir Applications with Distillery – Use Distillery to build and deploy your Elixir and Phoenix applications.
Dec 26, 2016

Development Environment

Joining the Tiling WM Master Race – Tiling window managers aren't well-known outside of the Linux ricing community, but they're an incredibly powerful tool for a developer looking to improve their efficiency.
Dec 15, 2014

Dotfiles

A Tip for Managing a Dotfiles Git Repository – Ignore everything and exlpicitly unignore the files you want to track. That's it. That's the tip.
Feb 6, 2023

Elixir

Recursively Handle Query Parameters in a Phoenix API – Handle combinations of query parameters with recursive function calls and pattern matching function heads.
Nov 5, 2022

Nested Resources, Camel Casing, and Open API Spex – Documenting camel cased APIs with Open API Spex can be problematic when making heavy use of nested Phoenix resources.
Nov 9, 2021

The Long and Short Case for Elixir – I recently landed a new client and convinced them that using Elixir for their greenfield project was in their bet interest. Here's the reasoning I used.
Feb 12, 2021

Animating a Canvas with Phoenix LiveView: An Update – Things are moving fast in the LiveView world. If you're using LiveView to animate an HTML5 canvas, like we did last month, you'll want to read about this breaking change and its corresponding workaround.
Oct 1, 2019

Elixir Style Conditions in Javascript – With a small perspective shift, we can write Elixir-style conditions in languages like Javascript that only support switch statements.
Sep 16, 2019

Animating a Canvas with Phoenix LiveView – LiveView's new hook functinality has opened the doors to a whole new world of possibilities. Get a taste of what's possible by checking out how we can animate an HTML5 canvas based on real-time data provided by the server.
Sep 2, 2019

Minimum Viable Phoenix – Let's walk through the process of building a dead simple Phoenix application from the ground up.
May 20, 2019

Optional Notes and Exact Pitches in Chord – My main goal with the Chord project is to model lead sheets. Let's move one step closer to that goal and add support for generating chords with optional notes and exact pitches.
Dec 17, 2018

Elixir Mix – I was lucky enough to have the opportunity to appear on the Elixir Mix podcast. Check it out!
Nov 19, 2018

Property Testing a Permutation Generator – Permutations have some nice, intrinsic properties that lend themselves well to property testing.
Nov 19, 2018

Permutations With and Without Repetition in Elixir – Let's get back to basics for a minute and use Elixir to write a function that will compute all possible permutations of a given list of elements.
Nov 12, 2018

Living the Simple Life with Recursive Parsing and Serialization – I've been working on a refactor of my Elixir-powered Bitcoin full node for weeks now. Let's dive into the solution I landed on.
Sep 24, 2018

Using Facades to Simplify Elixir Modules – Let's use facades to separate our module's interface from our implementation, simplifying our overall application!
Sep 3, 2018

Computing Fingering Distance with Dr. Levenshtein – In this article I get by with a little help from my friend, Vladimir Levenshtein, and algorithmically compute the fingering distance between two guitar chords.
Aug 27, 2018

Algorithmically Fingering Guitar Chords with Elixir – Let's use Elixir and a sieving algorithm to recursively generate all possible fingerings for a given guitar chord voicing.
Aug 13, 2018

Voice Leading with Elixir – Let's harness the power of Elixir to programatically generate optimal chord progressions and voice leading for guitar!
Jul 30, 2018

Building a Better Receive Loop – Taking advantage of structural decisions in the Bitcoin protocol can greatly simplify our receive loop. Check out how!
Jul 23, 2018

Golfing for FizzBuzz in Clojure and Elixir – Let's take a look at an interesting Clojure-based solution to the FizzBuzz problem and see if we can eloquently restate it using Elixir.
Jul 9, 2018

Ping, Pong, and Unresponsive Bitcoin Nodes – The last step in maintaining our pool of Bitcoin peer nodes is to detect and remove unresponsive nodes from our network.
Jul 9, 2018

Limiting Peers with DynamicSupervisor Options – We can simplify our Bitcoin node's peer management code by letting Elixir do the heavy lifting for us! Let's dive into the `:max_children`{:.language-elixir} option and see how it can help us.
Jun 18, 2018

Generating Test Fixtures with Wireshark – Wireshark can be an invaluable tool for testing the parsing and serializing of a well-known binary protocol. Check out how we can use binary fixtures exported from Wireshark to test our Elixir-based Bitcoin protocol parser and serializer.
Jun 11, 2018

Be Careful Using With in Tests – Elixir's 'with' special form is a fantastic tool, but be careful using it in tests. Read all about how my incorrect usage of 'with' lead to a false positive in my test suite!
Jun 4, 2018

Spreading Through the Bitcoin Network – Let's replace our Bitcoin node's supervisor with a dynamic supervisor and start recursively spreading through the Bitcoin peer-to-peer network!
May 21, 2018

Beefing Up our Bitcoin Node with Connection – Let's beef up the resiliency of our Elixir-based Bitcoin node by incorporating some connection retry behavior.
May 14, 2018

Reversing BIP-39 and the Power of Property Testing – In which an attempt to reverse the BIP-39 encoding algorithm sends me down a debugging rabbit hole, and the power of property testing shows me the light.
May 7, 2018

Connecting an Elixir Node to the Bitcoin Network – Let's use the tools provided by the Elixir programming language to connect to a node on Bitcoin's peer-to-peer ad-hoc network. Hello, Bitcoin!
Apr 23, 2018

Hex Dumping with Elixir – Is it better to call out to an existing external tool, or roll your own solution to a problem? Climb down this rabbit hole with me as we implement a hex dump utility in Elixir.
Apr 9, 2018

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Building Mixed Endian Binaries with Elixir – Working with mixed-endian binaries is something we rarely have to think about as web developers. When it does come up, Elixir thankfully ships with the perfect tools for the job.
Mar 19, 2018

Mining for Mnemonic Haiku with Elixir – What are some interesting things we can do with the BIP-39 mnemonic generator we built in a previous article? How about mine for structurally sound mnemonic haiku?!
Mar 5, 2018

From Bytes to Mnemonic using Elixir – Bitcoin's BIP-39 is a clever algorithm for transforming random binaries into easy to remember mnemonics. Let's flex our programming muscles and implement it using Elixir!
Feb 19, 2018

Property Testing our Base58Check Encoder with an External Oracle – Property-based testing is an amazingly powerful tool to add to your testing toolbox. Check out how we can use it to verify the correctness of our Base58Check encoder against an external oracle.
Feb 12, 2018

Mining for Bitcoin Vanity Addresses with Elixir – In this article we'll our Bitcoin private key generator to mine for vanity addresses. Once we've built our naive solution, we'll add a drop of Elixir and parallelize the implementation.
Feb 5, 2018

Generating Bitcoin Private Keys and Public Addresses with Elixir – Elixir ships with the tools required to generate a cryptographically secure private key and transform it into a public address. Check out this step-by-step walkthrough.
Jan 22, 2018

Bitcoin's Base58Check in Pure Elixir – Elixir ships out of the box with nearly all of the tools required to generate Bitcoin private keys and transform them into public addresses. All except one. In this article we implement the missing piece of the puzzle: Base58Check encoding.
Jan 8, 2018

Things I Learned During the Advent of Code – This year's Advent of Code has come and gone. I had a lot of fun solving each of this year's challenges with Elixir.
Jan 1, 2018

Do you know that a man is not dead while his name is still spoken? – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 25, 2017

Generating Sequences with Elixir Streams – Elixir streams can be amazingly useful tools for generating potentially infinite sequences of data. Learn about three useful stream functions that can be used to generate complex enumerable sequences.
Dec 11, 2017

Fleshing out URLs with Elixir – Step one of crawling a web page is getting a fully fleshed out URL pointing to that page. Unfortunately, people usually think of URLs in fuzzy, incomplete terms. Thankfully, fleshing out the missing details is simple with Elixir.
Dec 11, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Grokking the Y Combinator with Elixir – The Y combinator is something to be marveled over. Dive into this amazing contraption with me as we build it from the ground up with simple Elixir anonymous functions.
Oct 30, 2017

Learning to Crawl - Building a Bare Bones Web Crawler with Elixir – Roll up your sleaves and get ready to build a fully function (but feature limited) web crawler using Elixir.
Oct 9, 2017

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Oct 2, 2017

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Sep 18, 2017

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Sep 4, 2017

What if Elixir were Homoiconic? – Despite what some people say, Elixir is not a homoiconic language. This articles explores what the language would look like if it were.
Aug 7, 2017

Recurring Tasks in Elixir – Today we're digging into the details of how to program recurring tasks in Elixir using GenServers. Behold the Fruit Printer 🍉.
Jul 17, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Jun 26, 2017

GenServers and Memory Images: A Match Made in Heaven – Elixir's GenServers are the perfect tool for implementing Memory Images — a powerful replacement for storing state in conventional databases.
Jun 19, 2017

Have You Tried Just Using a Function? – This articles how refacting a complex set of GenServers and Supervisors into simple functions saved me quite a bit of frustration and opened the doors to new functionality.
May 29, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Inject Detect Progress Report – Peek into the inner workings of Inject Detect, an Elixir and React-powered security SaaS application, in this progress report.
May 1, 2017

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Apr 24, 2017

Who Needs Lodash When You Have Elixir? – Watch how Elixir's standard library outclasses Javascript's Lodash in day-to-day tasks.
Apr 17, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Create React App with Phoenix – Skip brunch today and use Create React App to lay the foundation for the front-end of your next Elixir and Phoenix project.
Apr 3, 2017

How am I Building Inject Detect? – Here's a high-level architectural and technilogical outline for how I plan to build out the Inject Detect application.
Mar 20, 2017

My Favorite Pattern Revisited – Elixir's 'with' special form is a powerful tool that can lead to some elegant patterns in your code. Let's look at a few examples.
Feb 27, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Build Your Own Code Poster with Elixir – I used Elixir to merge together a client's logo with the code we'd worked together to develop. The result was a beautiful code poster and this open source Elixir project.
Feb 13, 2017

Playing the Game of Life with Elixir Processes – Explore the concept of life and death with Elixir processes by implementing Conway's Game of Life where each cell is a living Elixir process.
Feb 6, 2017

My Favorite Pattern Without a Name – I've been notice a recurring pattern in modern open source projects and even my own Elixir code, but strangely, this pattern doesn't seem to have a name.
Jan 30, 2017

Upgrade Releases With Edeliver – Edeliver simplifies the process of building and deploying upgrade releases for your Elixir and Phoenix applications.
Jan 23, 2017

Simplifying Elixir Releases With Edeliver – Edeliver simplifies the process of building and deploying standard releases for your Elixir and Phoenix applications.
Jan 16, 2017

Upgrade Releases With Distillery – Use Distillery to build and deploy hot-upgrades to your Elixir and Phoenix applications through the process of upgrade releases.
Jan 9, 2017

Deploying Elixir Applications with Distillery – Use Distillery to build and deploy your Elixir and Phoenix applications.
Dec 26, 2016

Intentionally Learning Elixir – How I've fast-tracked my absorption of Elixir through intentional learning.
Dec 19, 2016

How to use MongoDB With Elixir - Revisited – A recent upgrade to Elixir's MongoDB package requires that we revisit how we interact with the database through Elixir.
Dec 5, 2016

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Nov 21, 2016

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Nov 16, 2016

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Nov 14, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Nov 9, 2016

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

How to Use MongoDB with Elixir – What is the best way to use MongoDB as your primary database in a Phoenix or Elixir application? This article explores a few options.
Oct 31, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Oct 26, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Oct 19, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Oct 12, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Oct 5, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Sep 21, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Sep 7, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Aug 31, 2016

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Aug 22, 2016

Advent of Code: Not Quite Lisp – This Literate Commits post solves a Lisp-flavored code kata using Elixir!
Aug 17, 2016

Meteor in Front, Phoenix in Back - Part 1 – Part one of our Meteor in Front, Phoenix in Back series. Let's put our mad scientist hats on and transplant a Meteor front-end into a Phoenix application!
Aug 15, 2016

Emacs

Building My Own Spacemacs – I've decided to ditch Spacemacs in favor of maintaining my own custom Emacs configuration. I couldn't be happier with the result.
Jul 1, 2019

Minimal Coding with Spacemacs and Olivetti – Less is more when it comes to your code editor. Check out how I used Olivetti to configure a visually minimal Spacemacs setup.
Sep 10, 2018

Event Sourcing

GenServers and Memory Images: A Match Made in Heaven – Elixir's GenServers are the perfect tool for implementing Memory Images — a powerful replacement for storing state in conventional databases.
Jun 19, 2017

Have You Tried Just Using a Function? – This articles how refacting a complex set of GenServers and Supervisors into simple functions saved me quite a bit of frustration and opened the doors to new functionality.
May 29, 2017

Inject Detect Progress Report – Peek into the inner workings of Inject Detect, an Elixir and React-powered security SaaS application, in this progress report.
May 1, 2017

Experiments

Being John Malkovich on Twitter – I've created a script that injects a healthy dose of empathy injected into your Twitter experience. Experience what it's like being John Malkovich on Twitter.
Nov 13, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Build Your Own Code Poster with Elixir – I used Elixir to merge together a client's logo with the code we'd worked together to develop. The result was a beautiful code poster and this open source Elixir project.
Feb 13, 2017

Playing the Game of Life with Elixir Processes – Explore the concept of life and death with Elixir processes by implementing Conway's Game of Life where each cell is a living Elixir process.
Feb 6, 2017

Recursive Components with Meteor and Polymer – Let's put on our mad scientist hats and build a Cantor set using recursive components in both Meteor and Polymer.
Mar 30, 2015

Throw Back Thursday: Julia Sets with Sass – Have you ever thought about generating a Julia set from nothing but HTML and CSS? I have...
Dec 18, 2014

CrossView Fun With CSS – CrossView illusions are an interesting way of hiding information in plain sight.
Nov 2, 2014

Firebase

Firebase! - T.U.S.T.A.C.R. Part 2 – Follow along as I build out the back-end of a URL shortener built using Firebase!
Oct 1, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Sep 24, 2014

Fractals

A Better Mandelbrot Iterator in J – There are times you come back to a problem and realize that a much simpler solution exists. This is one of those times.
Mar 18, 2019

Writing Mandelbrot Fractals with Hooks and Forks – J's hooks and forks allow us to write solutions to problems exactly as we'd express them using the English language. Let's demonstrate by rendering a Mandelbrot fractal!
Apr 16, 2018

Game of Life

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Playing the Game of Life with Elixir Processes – Explore the concept of life and death with Elixir processes by implementing Conway's Game of Life where each cell is a living Elixir process.
Feb 6, 2017

Gamedev

Recursive Roguelike Tiles – Let's dig deeper into the dungeon we generated last time and start adding grass and flowers. Recursive grids of tiles and cellular automata abound!
Jul 3, 2020

Hello Roguelike – Let's take a breather and use a random walk algorithm to generate a roguelike-style dunegon in the browser.
Jul 1, 2020

Generative

Genuary 2021 – I didn't participate in Genuary this year, but I did put together a few sketches inspired by the prompts.
Feb 18, 2021

Random Seeds, Lodash, and ES6 Imports – Generating a stream of consistently random values can be incredibly important in some situations, but it can also be tricky to achieve. Check out how we can take advantage of ES6 imports to ensure consistent randomness from external libraries, like Lodash.
Jan 1, 2020

Genuary

Genuary 2021 – I didn't participate in Genuary this year, but I did put together a few sketches inspired by the prompts.
Feb 18, 2021

Geometry

Clipping Convex Hulls with Thi.ng! – I recently discovered Thi.ng, a set of computational design tools created by the Clojure and Clojurescript community, and it helped me traverse my way through a sea of points and polygons. Check out how we can use the tools to generate convex hulls, clip polygons, and calculate polygon areas.
Jul 29, 2019

Git

Git Quine – I spent a day building a self referential git quine.
Oct 26, 2023

A Tip for Managing a Dotfiles Git Repository – Ignore everything and exlpicitly unignore the files you want to track. That's it. That's the tip.
Feb 6, 2023

Rewriting History – Is your Git-foo strong enough to change the past? Let's explore some advanced techniques for modifying the commit history of a Git repository.
Sep 12, 2016

Private Package Problems – What's the best way to manage private Meteor packages? Let's compare the pros and cons of a few different potential solutions.
May 11, 2015

Git Bisect and Commit History – Git's bisect tool is a powerhouse of a tool that often doesn't get the love it deserves.
Sep 16, 2014

Glorious Voice Leader

The Progression That Led Me to Build Glorious Voice Leader – This straight forward chord progression completely changed how I approach playing the guitar, and inspired me to pour hundreds of hours into building Glorious Voice Leader.
Jul 21, 2020

Suggesting Chord Names with Glorious Voice Leader – Glorious Voice Leader now has the ability to display suggestions for chord names that exactly match the notes entered on the fretboard. Try it out with the simplified demo that's been embedded in this post.
Jul 13, 2020

Adding More Chords to Glorious Voice Leader – Algorithmically generating "all possible" chord qualities is a surprisingly complex task. Read about how I took a hybrid approach to account for the ambiguities and asymmetries of how humans name chords.
May 14, 2020

Glorious Voice Leader Reborn – I recently finished a major visual overhaul of my current pet project, Glorious Voice Leader. The redesign was primarily intended to give musicians a (hopefully) more natural interface for working with the tool.
Mar 27, 2020

All Hail Glorious Voice Leader! – I'm excited to announce the newest addition to my chord-generating family of programs: Glorious Voice Leader! Check out this example of what it's made to do.
Sep 30, 2019

GraphQL

Setting Apollo Context from HTTP Headers in a Meteor Application – Meteor's Apollo integration exists in a strange, undocumented state. I recently found myself digging into the package's code to accomplish a seemingly simple task.
Nov 13, 2019

Apollo Quirks: Polling After Refetching with New Variables – Apollo doesn't come without its quirks. Let's dig into what happens when you try to mix a poll interval and a refetch on a single Apollo query.
Sep 23, 2019

Is My Apollo Client Connected to the Server? – It turns out that the problem of detecting server connectivity is more complicated than it first seems in the current state of Apollo.
May 13, 2019

Anonymizing GraphQL Resolvers with Decorators – The structure and modular nature of GraphQL resolvers lets us do some amazing things. Check out how we can recursively apply decorators to our resolver tree to elegantly build a "demo mode" into our application.
Apr 22, 2019

Snapshot Testing GraphQL Queries – Snapshot testing is a breath of fresh air, especially when combined with testing GraphQL endpoints.
Oct 1, 2018

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Jul 24, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Nov 21, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

Grunt

Building Ms. Estelle Marie – Recently I spent some time customizing a Wordpress template for a client. Here's a quick rundown of my process and impressions.
Nov 12, 2014

Chrome LiveReload Extension and Remote Machines – The Chrome LiveReload plugin doesn't work well with remote development servers. Here's a workaround.
Nov 5, 2014

My Concurrent Jekyll Gruntfile – Use concurrency to simultaneously run multiple Grunt commands.
Aug 28, 2014

Indexes

Finding Queries with Missing Indexes in Meteor Applications – I find the existing tooling for tracking down slow queries to be cluncky and unintuitive. Adding a few lines to your Meteor application lets you track down those under-indexed queries quickly.
Sep 23, 2023

Infrastructure

Namecheap + Amazon S3 – Namecheap and Amazon's S3 are a match made in heaven. Follow these steps to get both working together seamlessly.
Sep 23, 2014

Inject Detect

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GenServers and Memory Images: A Match Made in Heaven – Elixir's GenServers are the perfect tool for implementing Memory Images — a powerful replacement for storing state in conventional databases.
Jun 19, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Inject Detect Progress Report – Peek into the inner workings of Inject Detect, an Elixir and React-powered security SaaS application, in this progress report.
May 1, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

How am I Building Inject Detect? – Here's a high-level architectural and technilogical outline for how I plan to build out the Inject Detect application.
Mar 20, 2017

Why Security? – Why should we, as software developers, be concerned about the security of the software they write? Because everything we do depends on it.
Mar 13, 2017

Inject Detect - Coming Soon! – I've decided to put my knowledge into practice and build an application called Inject Detect to detect NoSQL Injection attacks as they happen.
Mar 6, 2017

J

Now You're Thinking with Arrays – The road to enlightenment is paved with verbs that calculate the discrete derivative of an array of integers. Or something like that...
Aug 8, 2020

Descending Dungeon Numbers in J – Neil Sloane of the On-Line Encyclopedia of Integer Sequences is featured in another Numberphile video this week. Let's use the J programming language to model the sequence and try to answer a few questions about it.
Aug 2, 2020

The Collatz Sequence in J – Let's use the J programming langauge to implement the Collatz sequence! Ties and agenda abound.
Nov 6, 2019

Obverse and Under – Have you ever thought of JSON parsing and serialization as a domain transformation? If not, forcibly expand your brain a bit with this overview of J's concept of "obverse" verbs and the "under" conjunction.
Sep 13, 2019

Prime Parallelograms – In this follow-up to our previous post on plotting a number series from a Numberphile video, we use J to plot an interesting series involving primes, base two representations, and parallelograms.
Aug 26, 2019

Fly Straight, Dammit! – Let's use the J programming language to implement and plot an interesting function that was featured on a recent Numberphile video. Memoization and agenda-based conditionals abound!
Aug 12, 2019

The Many Ways to Define Verbs in J – Let's explore the various ways of defining verbs in the J programming language while implementing Euler's Gradus Suavitatis function.
Jul 9, 2019

A Better Mandelbrot Iterator in J – There are times you come back to a problem and realize that a much simpler solution exists. This is one of those times.
Mar 18, 2019

Advent of Code: Subterranean Sustainability – Day twelve of 2018's Advent of Code challenge. Pots, plants, and cellular autamata, oh my!
Dec 20, 2018

Advent of Code: Marble Mania – Day ten of 2018's Advent of Code challenge. Let's build a circular, doubly linked list using the J programming language.
Dec 14, 2018

Advent of Code: Chronal Charge – Day eleven of 2018's Advent of Code challenge. Using an Elixir-inspired verb to generate sub-grids in J.
Dec 14, 2018

Advent of Code: The Stars Align – Day ten of 2018's Advent of Code challenge. Converging on hidden messages using the J programming language.
Dec 13, 2018

Advent of Code: Memory Maneuver – Day eight of 2018's Advent of Code challenge. We can plant a house, and we can build a tree.
Dec 8, 2018

Advent of Code: The Sum of Its Parts – Day seven of 2018's Advent of Code challenge. In which we use J to navigate a directed graph.
Dec 7, 2018

Advent of Code: Chronal Coordinates – Day six of 2018's Advent of Code challenge. Let's use J to build a Manhattan distance-based Voronoi diagram!
Dec 6, 2018

Advent of Code: Alchemical Reduction – Day five of 2018's Advent of Code challenge. Let's use J to reduce polymer strings!
Dec 5, 2018

Advent of Code: Repose Record – Day four of 2018's Advent of Code challenge. Warning: string processing be here.
Dec 4, 2018

Advent of Code: No Matter How You Slice It – Day three of 2018's Advent of Code challenge. Let's use J matricies to model rectangular intersections.
Dec 3, 2018

Advent of Code: Inventory Management System – Day two of 2018's Advent of Code challenge. Let's use J to count occurances of letters in a string.
Dec 2, 2018

Advent of Code: Chronal Calibration – Day one of 2018's Advent of Code challenge. Let's use J to process a repeating sequence of changes.
Dec 1, 2018

Making Noise with J – Let's try to make music with the J programming language and a handful of other helpful tools and utilities.
Jul 2, 2018

Writing Mandelbrot Fractals with Hooks and Forks – J's hooks and forks allow us to write solutions to problems exactly as we'd express them using the English language. Let's demonstrate by rendering a Mandelbrot fractal!
Apr 16, 2018

J's Low-level Obfuscation Leads to Higher Levels of Clarity – It's argued that J is a "write-only" programming language because of its extreme terseness and complexity of syntax. I'm starting to warm up the the idea that it might be more readable than it first lets on.
Mar 19, 2018

Javascriot

The Ecstasy of Testing – You dive in, equipped with nothing more than a creeping dissatisfaction and a passing test suite...
Aug 18, 2015

Javascript

Git Quine – I spent a day building a self referential git quine.
Oct 26, 2023

Javascript Destructuring and Untrusted Data – Destructuring can lead to a false sense of security about the contents of your data.
Nov 9, 2022

Genuary 2021 – I didn't participate in Genuary this year, but I did put together a few sketches inspired by the prompts.
Feb 18, 2021

MongoDB Lookup Aggregation – In which a reader and I work together to write a MongoDB aggregation pipeline to reconstruct a tree, where each level of the tree is stored in separate collections.
Dec 26, 2020

Recursive Roguelike Tiles – Let's dig deeper into the dungeon we generated last time and start adding grass and flowers. Recursive grids of tiles and cellular automata abound!
Jul 3, 2020

Hello Roguelike – Let's take a breather and use a random walk algorithm to generate a roguelike-style dunegon in the browser.
Jul 1, 2020

Lissajous Curves – A YouTube mathematician drew me into the beautiful rabbit hole of Lissajous curves. To satisfy my curiosity, I wrote a quick React application that renders a grid of Lissajous curves to an HTML5 canvas.
Mar 16, 2020

Querying for MongoDB Documents Where Every Sub-document Matches a Pattern – Recently I found myself tasked with removing documents from a MongoDB collection that had an array of sub-documents entirely matching a pattern. The final solution required I flip my perspective on the problem entirely.
Mar 10, 2020

MongoDB Object Array Lookup Aggregation – It turns out looking up documents who's ID exists as a field on an object in an array is no easy task for MongoDB. Come with me on a journey as we delve into a six stage aggregation pipeline that does just that.
Jan 29, 2020

Timing Streams in Node.js – I've been tasked with speeding up a Node.js stream-based pipeline. The first step of making something faster is figuring out how slow it is. Check out this small helper function I wrote to do just that!
Jan 11, 2020

Random Seeds, Lodash, and ES6 Imports – Generating a stream of consistently random values can be incredibly important in some situations, but it can also be tricky to achieve. Check out how we can take advantage of ES6 imports to ensure consistent randomness from external libraries, like Lodash.
Jan 1, 2020

Count the Divisible Numbers – Counting the numbers divisible by some number within a range is a fairly simple challenge, but I decided to use this code kata as an opportunity to practice property-based testing. The results were a constant time solution that I'm very happy with!
Nov 25, 2019

Setting Apollo Context from HTTP Headers in a Meteor Application – Meteor's Apollo integration exists in a strange, undocumented state. I recently found myself digging into the package's code to accomplish a seemingly simple task.
Nov 13, 2019

Rendering a React Application Across Multiple Containers – Lately I've been embedding React applications into existing static pages, and I've had the need to render single applications across multiple containers.
Oct 14, 2019

Generating Guitar Chords with Cartesian Products – Cartesian products are an algorithmic superpower. Check out how we can use them to quickly and easily generate all possible guitar chords across the fretboard.
Oct 7, 2019

Apollo Quirks: Polling After Refetching with New Variables – Apollo doesn't come without its quirks. Let's dig into what happens when you try to mix a poll interval and a refetch on a single Apollo query.
Sep 23, 2019

Elixir Style Conditions in Javascript – With a small perspective shift, we can write Elixir-style conditions in languages like Javascript that only support switch statements.
Sep 16, 2019

TIL About Node.js' REPL Module – Today I learned that Node.js ships, out of the box, with a fully functional REPL module that can easily be added to any process. This is a game changer for me when it comes to local development.
Aug 20, 2019

Animating a Canvas with React Hooks – The new React hooks API gives us a really slick way of introducing side effects into our pure, functional components. Let's use that to interact with and animate an HTML5 cavnas.
Aug 19, 2019

Embedding React Components in Jekyll Posts – In my last post I embedded several React-based examples directly into my Jekyll-generated article. Let's dig into how I accomplished that and how you can embed React components into your own Jekyll pages.
Aug 5, 2019

Clipping Convex Hulls with Thi.ng! – I recently discovered Thi.ng, a set of computational design tools created by the Clojure and Clojurescript community, and it helped me traverse my way through a sea of points and polygons. Check out how we can use the tools to generate convex hulls, clip polygons, and calculate polygon areas.
Jul 29, 2019

Is My Apollo Client Connected to the Server? – It turns out that the problem of detecting server connectivity is more complicated than it first seems in the current state of Apollo.
May 13, 2019

Generating Realistic Pseudonyms with Faker.js and Deterministic Seeds – Let's build on the "demo mode" we added to our application in the last article and breath some life into the pseudonyms generated for our application's users.
Apr 29, 2019

Anonymizing GraphQL Resolvers with Decorators – The structure and modular nature of GraphQL resolvers lets us do some amazing things. Check out how we can recursively apply decorators to our resolver tree to elegantly build a "demo mode" into our application.
Apr 22, 2019

FizzBuzz is Just a Three Against Five Polyrhythm – Sometimes the lines blur between band practice and programming practice. It turns out that the classic FizzBuzz problem is just a three against five polyrhythm.
Apr 8, 2019

Bending Jest to Our Will: Restoring Node's Require Behavior – Jest overrides the behavior of Node's require behavior to support concurrent testing and better test isolation. But what if we don't want that?
Mar 25, 2019

Bending Jest to Our Will: Caching Modules Across Tests – I recently had to go trudging through the weeds in an effort to make my test suite pass more reliably. It turns out that loading a module once in Jest is extremely difficult.
Nov 5, 2018

Rendering ASCII Chord Charts with React – It's time to move our Chord project to the web. Let's use React to generate ASCII-based guitar chord charts.
Oct 8, 2018

Snapshot Testing GraphQL Queries – Snapshot testing is a breath of fresh air, especially when combined with testing GraphQL endpoints.
Oct 1, 2018

Modeling Formulas with Recursive Discriminators – I ran into an interesting problem recently where I needed to model a nested set of either/or sub-schemas. With some creative thinking and a healthy dose of recursion, Mongoose's discriminator feature turned out to be just the tool for the job.
May 28, 2018

The Headache and Heartache of Unhandled Rejections – Out of the box, Node.js doesn't do much to deal with unhandled promise rejections. This can lead to a world of hurt when trying to debug these rejections in your application. Thankfully, we have the tools to fix the problem!
Mar 12, 2018

Hacking Prototypal Inheritance for Fun and Profit – Abuse of prototypal inheritance can allow attackers to exploit your application in various ways. Learn what to watch out for, and how to prevent vulnerabilities.
Jan 29, 2018

Being John Malkovich on Twitter – I've created a script that injects a healthy dose of empathy injected into your Twitter experience. Experience what it's like being John Malkovich on Twitter.
Nov 13, 2017

Rum Boogie Café – Character encodings have long been the bane of software developers. Read about the lengths I recently went to in order to debug a character encoding issue.
Nov 6, 2017

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Jul 24, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Jun 26, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

Who Needs Lodash When You Have Elixir? – Watch how Elixir's standard library outclasses Javascript's Lodash in day-to-day tasks.
Apr 17, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

Can Meteor Applications be "Mobile Only?" – What does it mean to be "mobile only", and can a Meteor application ever be restricted to a mobile-only build?
Oct 17, 2016

How to Safely Store Application Links – Does your application give users the ability to link to arbitray external URLs? You may be exposing your users to an unnecessary vulnerability.
Oct 10, 2016

Accounts is Everything Meteor Does Right – Meteor's Accounts system is one of Meteor's most killer features, and one of the reasons I find it difficult to leave the framework.
Oct 3, 2016

My Kingdom for Transactions – Transactions are an incredibly undervalued tool in a developer's toolbox. They're often not missed until they're desperately needed. By then, it may be too late.
Sep 26, 2016

Clone Meteor Collection References – Ever wanted to have two different sets of helpers attached to a single Meteor collection? It's more complicated than you may think.
Sep 19, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Sep 5, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Aug 29, 2016

The Captain's Distance Request – This Literate Commits post solves a code kata related to finding the distance between two points on earth using the heversine formula. Here be dragons!
Aug 10, 2016

Module Import Organization – Now that Meteor supports native modules, imports, and exports... Where do we put everything?
Aug 8, 2016

Nesting Structure Comparison – How do we determine if two array share the same nested structure? This Literate Commits code kata dives deep into the solution.
Aug 3, 2016

Method Imports and Exports – When we define Meteor methods and publication in modules, what do we export? This articles dives into that question and more.
Aug 1, 2016

Molecule to Atoms – Let's go back to chemistry class and figure out how to break a molecule into its component elements in this Javascript Literate Commits code kata.
Jul 27, 2016

Mocha's Grep Flag – Today I learned about Mocha's grep flag; an insanely useful tool for quickly isolating individual tests of groups of tests.
Jul 25, 2016

Point in Polygon – Is this point in this polygon? This Literate Commits articles explores one possible solution to this code kata.
Jul 20, 2016

Meteor's Nested Import Controversy – Meteor has introduced Reify that allows the importing of modules within a nested code block. Are we still writing Javascript?
Jul 17, 2016

Delete Occurrences of an Element – Let's build up our Test Driven Development chops with this simple Javascript code kata written in the Literate Commits style.
Jul 11, 2016

Winston and Meteor 1.3 – Due to the intricacies of Meteor's build system, integrating Winston into your Meteor project is more difficult that it seems at first glance.
Jul 4, 2016

Node Vulnerability Scanners in a 1.3 World – Using NPM packages in your Meteor project opens you up to a world of vulnerabilities. How can you be sure you're using secure packages?
Jun 20, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

MongoDB With Serverless – Using MongoDB from an AWS Lambda function is more difficult than you may expect. Here's one possible solution.
Jun 6, 2016

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
May 24, 2016

The Missing Link In Meteor's Rate Limiter – It's possible to carry out a Denial of Service attack against a Meteor application by flooding it with subscriptions. Check out how you can protect yourself.
May 16, 2016

Transitioning to Modules With Global Imports – Transitioning your entire Meteor application towards using imports is a time-consuming and error-prone process. Thankfully, there's a middle way.
May 9, 2016

Meteor Unit Testing With Testdouble.js – Smooth out your Meteor testing experience with Testdouble.js.
May 2, 2016

Blaze Meets Clusterize.js – Blaze can be slow when rendering hundreds of elements. Speed it up with Clusterize.js!
Apr 18, 2016

CollectionFS Safety Considerations – Allowing file uploads to your applications opens you up to a world of potential vulnerabilities. Make sure you're protected.
Apr 4, 2016

Bypassing Package-Based Basic Auth – Are you using Basic Auth to protect your Meteor application? You're probably not protecting your DDP endpoint. Find out how to fix it.
Mar 28, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Stored XSS and Unexpected Unsafe-Eval – Event your Content Security Policy can't save you from stored Cross Site Scripting attacks.
Mar 14, 2016

Cross Site Scripting Through jQuery Components – Your application may be correctly sanitizing user-provided input, but are your jQuery components? Watch out for Cross Site Scripting attacks!
Mar 7, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Scripting With MongoDB – Scripting with Javascript is an often overlooked, but incredibly powerful feature of MongoDB. Take advantage of it!
Jan 25, 2016

Unit Testing With Meteor 1.3 – Meteor's official testing solution, Velocity, is just too slow. Check out how to use ES6 modules and Mocha to write lightning fast unit tests!
Dec 21, 2015

Building Check-Checker as a Meteor Plugin – Let's use Meteor's Build Plugin API to refactor our Check Checker package into a plugin.
Nov 23, 2015

Sorting By Ownership With MongoDB – This post explores the problem of crafting a difficult query in MongoDB. Use your tools; don't let your tools use you.
Nov 16, 2015

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Nov 9, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Oct 19, 2015

Slimming Down Fat Models – While fat models are better than fat controllers, sometimes your models need to trim the fat as well. Event-based architectures may be the solution to your troubles.
Oct 5, 2015

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Sep 28, 2015

Exporting ES6 Classes From Meteor Packages – How do you export ES6 classes from Meteor packages? This articles dives into the topic.
Sep 23, 2015

Never Forget Where Your Code Runs – Part of designing a secure software solution is being aware of your client and server boundaries. This is especially important with working with isometric systems.
Sep 21, 2015

Counting Fields With Mongo Aggregations – How would you write a MongoDB query to cound the number of fields in a set of documents? Let's dive into a solution!
Sep 14, 2015

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Sep 7, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Aug 31, 2015

Hijacking Meteor Accounts by Sniffing DDP – Meteor accounts can be hijacked by an attacker listening for your credentials as they fly across the wire. Find out how to protect your application.
Aug 23, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Aug 10, 2015

Returning Promises Synchronously – I often find myself tasked with returning promises synchronously from Meteor fibers. I've written a Meteor package that helps with the task.
Aug 3, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Jul 21, 2015

Why Is Rename Disallowed? – The MongoDB 'rename' operator is disallowed in Meteor client-side queries. Let's explore why that may be.
Jul 14, 2015

Basic Auth For Hiding Your Application – Basic authentication is a great way to quickly lock down an application from prying eyes. Learn the ins and outs.
Jul 6, 2015

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Jun 29, 2015

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Jun 22, 2015

Authentication with localStorage – Authentication through localStorage has the handy property of being CSRF-proof. Find out what that means and why it matters in this article!
Jun 8, 2015

Keep It Secret, Keep It Safe – Are you accidentally leaking your application's secrets to the client? It's more likely than you may think.
May 25, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
May 18, 2015

Meteor Security in the Wild – Read along with this deep hands-on dive into a vulnerability I found in a client's production Meteor application.
May 5, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Apr 24, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Apr 15, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Apr 6, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Materialize Highs and Lows – Materialize is a CSS frameworks with its ups and downs. Here are my experiences.
Mar 25, 2015

User Fields and Universal Publications – Universal publications are a piece of black magic that are often brushed under the rug of Meteor applications. Learn what they are and how they're used in this question and answer style article.
Mar 16, 2015

Meteor Composability – It can be difficult to build a truly composable application using Meteor's out-of-the-box front-end framework. Here are a few tips and tricks.
Mar 9, 2015

Customizable Meteor Navbar with Orion CMS – Let's extend the Meteor-based Orion CMS with our own customizable navbar.
Mar 2, 2015

Custom Categories with Meteor's Orion CMS – Let's extend the Meteor-based Orion CMS with our own custom categories.
Feb 23, 2015

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Feb 9, 2015

Suffixer! Find Meaningful Unregistered Domains – Suffixer is a tool designed to find meaningful unregistered domains for your latest project.
Feb 2, 2015

Mongo Text Search with Meteor – MongoDB text searches can offer significant performance boosts over simple regular expression based queries.
Jan 26, 2015

The Dangers of Debouncing Meteor Subscriptions – Debouncing Meteor subscriptions can lead to subtle bugs. Let's explore those bugs and find out how to prevent them in your application.
Jan 19, 2015

Custom Block Helpers and Meteor Composability – Custom block helpers can help you build more composable Meteor front-ends. This article can help you master them.
Jan 13, 2015

BYO Meteor Package – Follow along as I build and publish my first Meteor package!
Dec 22, 2014

My Meteor Hello World - countwith.me – My first application made with Meteor, countwith.me, is a simple distributed counting application. How high can the internet count?
Dec 8, 2014

Chrome LiveReload Extension and Remote Machines – The Chrome LiveReload plugin doesn't work well with remote development servers. Here's a workaround.
Nov 5, 2014

Firebase! - T.U.S.T.A.C.R. Part 2 – Follow along as I build out the back-end of a URL shortener built using Firebase!
Oct 1, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Sep 24, 2014

Smart Forms - Automate and Build Your Own Tools! – Sometimes it's the code you throw away that's the most valuable. Here's a story about how a one-off tool built quickly and poorly saved a client hundreds of hours of billable work.
Sep 4, 2014

Javscript

Allow & Deny Challenge - Check Yourself – Can you write an air-tight set of allow & deny rules? Take a look at Sacha Greif's challange, try it for yourself, and take a look at my solution.
Jun 15, 2015

Jekyll

Embedding React Components in Jekyll Posts – In my last post I embedded several React-based examples directly into my Jekyll-generated article. Let's dig into how I accomplished that and how you can embed React components into your own Jekyll pages.
Aug 5, 2019

Zapier Named Variables - Scheduling Posts Part 2 – Zapier named variables can help you schedule posts to a Jekyll based blog. Find out how!
Jan 5, 2015

Scheduling Posts with Jekyll, Github Pages & Zapier – Find out how I'm using Zapier to schedule posts to my Jekyll-powered blog hosted on Github Pages!
Dec 29, 2014

My Concurrent Jekyll Gruntfile – Use concurrency to simultaneously run multiple Grunt commands.
Aug 28, 2014

Prism.js and Github Pages – This blog is build using Jekyll and hosted on Github Pages. This presents certain difficulties when paired with the Prism.js syntax highlighter.
Aug 27, 2014

Jest

Bending Jest to Our Will: Restoring Node's Require Behavior – Jest overrides the behavior of Node's require behavior to support concurrent testing and better test isolation. But what if we don't want that?
Mar 25, 2019

Bending Jest to Our Will: Caching Modules Across Tests – I recently had to go trudging through the weeds in an effort to make my test suite pass more reliably. It turns out that loading a module once in Jest is extremely difficult.
Nov 5, 2018

Kata

Count the Divisible Numbers – Counting the numbers divisible by some number within a range is a fairly simple challenge, but I decided to use this code kata as an opportunity to practice property-based testing. The results were a constant time solution that I'm very happy with!
Nov 25, 2019

Katas

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Oct 2, 2017

Laravel

Laravel Queue's Sleep Contributes to its Timeout – Follow along as I track down a bug in Laravel's queue system.
Oct 23, 2014

Laravel 4.2 Command "Queue:Restart" is Not Defined – A sudden anomalous skipe in CPU usage led me down the rabbit hole of debugging an issue with my Laravel configuration. Follow along in this article.
Oct 15, 2014

Literate Commits

Minimum Viable Phoenix – Let's walk through the process of building a dead simple Phoenix application from the ground up.
May 20, 2019

Formatting with Vim Scripts – Vim has become the cornerstone of my day-to-day work as a software developer. Check out how I use Vim scripts to format articles and posts.
Oct 16, 2017

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Nov 16, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Nov 9, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Oct 26, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Oct 19, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Oct 12, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Oct 5, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Sep 21, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Rewriting History – Is your Git-foo strong enough to change the past? Let's explore some advanced techniques for modifying the commit history of a Git repository.
Sep 12, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Sep 7, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Aug 31, 2016

Advent of Code: Not Quite Lisp – This Literate Commits post solves a Lisp-flavored code kata using Elixir!
Aug 17, 2016

The Captain's Distance Request – This Literate Commits post solves a code kata related to finding the distance between two points on earth using the heversine formula. Here be dragons!
Aug 10, 2016

Nesting Structure Comparison – How do we determine if two array share the same nested structure? This Literate Commits code kata dives deep into the solution.
Aug 3, 2016

Molecule to Atoms – Let's go back to chemistry class and figure out how to break a molecule into its component elements in this Javascript Literate Commits code kata.
Jul 27, 2016

Point in Polygon – Is this point in this polygon? This Literate Commits articles explores one possible solution to this code kata.
Jul 20, 2016

Literate Commits – Literate Commits is a new take on the concept of Donald Knuth's Literate Programming that tells a story through your repository's commit history.
Jul 11, 2016

Delete Occurrences of an Element – Let's build up our Test Driven Development chops with this simple Javascript code kata written in the Literate Commits style.
Jul 11, 2016

LiveView

Animating a Canvas with Phoenix LiveView: An Update – Things are moving fast in the LiveView world. If you're using LiveView to animate an HTML5 canvas, like we did last month, you'll want to read about this breaking change and its corresponding workaround.
Oct 1, 2019

Animating a Canvas with Phoenix LiveView – LiveView's new hook functinality has opened the doors to a whole new world of possibilities. Get a taste of what's possible by checking out how we can animate an HTML5 canvas based on real-time data provided by the server.
Sep 2, 2019

Lodash

Random Seeds, Lodash, and ES6 Imports – Generating a stream of consistently random values can be incredibly important in some situations, but it can also be tricky to achieve. Check out how we can take advantage of ES6 imports to ensure consistent randomness from external libraries, like Lodash.
Jan 1, 2020

Markdown

Formatting with Vim Scripts – Vim has become the cornerstone of my day-to-day work as a software developer. Check out how I use Vim scripts to format articles and posts.
Oct 16, 2017

Mastering Bitcoin

Mining for Mnemonic Haiku with Elixir – What are some interesting things we can do with the BIP-39 mnemonic generator we built in a previous article? How about mine for structurally sound mnemonic haiku?!
Mar 5, 2018

From Bytes to Mnemonic using Elixir – Bitcoin's BIP-39 is a clever algorithm for transforming random binaries into easy to remember mnemonics. Let's flex our programming muscles and implement it using Elixir!
Feb 19, 2018

Property Testing our Base58Check Encoder with an External Oracle – Property-based testing is an amazingly powerful tool to add to your testing toolbox. Check out how we can use it to verify the correctness of our Base58Check encoder against an external oracle.
Feb 12, 2018

Mining for Bitcoin Vanity Addresses with Elixir – In this article we'll our Bitcoin private key generator to mine for vanity addresses. Once we've built our naive solution, we'll add a drop of Elixir and parallelize the implementation.
Feb 5, 2018

Generating Bitcoin Private Keys and Public Addresses with Elixir – Elixir ships with the tools required to generate a cryptographically secure private key and transform it into a public address. Check out this step-by-step walkthrough.
Jan 22, 2018

Bitcoin's Base58Check in Pure Elixir – Elixir ships out of the box with nearly all of the tools required to generate Bitcoin private keys and transform them into public addresses. All except one. In this article we implement the missing piece of the puzzle: Base58Check encoding.
Jan 8, 2018

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Sep 4, 2017

Math

Now You're Thinking with Arrays – The road to enlightenment is paved with verbs that calculate the discrete derivative of an array of integers. Or something like that...
Aug 8, 2020

Descending Dungeon Numbers in J – Neil Sloane of the On-Line Encyclopedia of Integer Sequences is featured in another Numberphile video this week. Let's use the J programming language to model the sequence and try to answer a few questions about it.
Aug 2, 2020

Wolfram Style Cellular Automata with Vim Macros – Let's use substitutions and recursive macros to generate Wolfram-style cellular automata entirely within Vim. Why? Because it's Friday.
Apr 3, 2020

Lissajous Curves – A YouTube mathematician drew me into the beautiful rabbit hole of Lissajous curves. To satisfy my curiosity, I wrote a quick React application that renders a grid of Lissajous curves to an HTML5 canvas.
Mar 16, 2020

Prime Parallelograms – In this follow-up to our previous post on plotting a number series from a Numberphile video, we use J to plot an interesting series involving primes, base two representations, and parallelograms.
Aug 26, 2019

Fly Straight, Dammit! – Let's use the J programming language to implement and plot an interesting function that was featured on a recent Numberphile video. Memoization and agenda-based conditionals abound!
Aug 12, 2019

Meta

Allow Yourself to do Things Poorly – Giving yourself permission to do things poorly can be liberating. Forgiving yourself for hacking together code is sometimes a prerequisite for productivity.
Dec 3, 2018

Let's Get Personal – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 18, 2017

A New Look For East5th – The East5th page has been given a face lift! Same old content, fresh new look.
Jun 27, 2016

Home Sweet Home in Chattanooga – I've officially relocated to Chattanooga, Tennessee!
Jan 18, 2016

Giving Thanks – It's been a little over a year since I started experimenting with Meteor. In that time it has given me the confidence to start successfully working for myself. Thanks Meteor!
Nov 30, 2015

Good Night 1pxsolidtomato – The name '1pxsolidtomato' is no more. But this site and all of its content will live on!
Jun 10, 2015

Announcing East5th! – I've decided to start working for myself under the name of 'East5th'!
Feb 4, 2015

Meteor

Finding Queries with Missing Indexes in Meteor Applications – I find the existing tooling for tracking down slow queries to be cluncky and unintuitive. Adding a few lines to your Meteor application lets you track down those under-indexed queries quickly.
Sep 23, 2023

Setting Apollo Context from HTTP Headers in a Meteor Application – Meteor's Apollo integration exists in a strange, undocumented state. I recently found myself digging into the package's code to accomplish a seemingly simple task.
Nov 13, 2019

Secure Meteor is Live – Secure Meteor is live and available for purchase. Be sure to check it out if you're a Meteor developer or application owner!
Mar 4, 2019

Secure Meteor Releasing Next Week! – While I haven't been iterating publicly, I've been doing lots of work in the new year.
Feb 25, 2019

Visualizing the Oplog with Splunk – In an attempt to track down the cause of a mysterious spike in CPU consumption in a Meteor application, I decided to plot a time series chart of Mongo's Oplog collection.
Apr 30, 2018

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Hacking Prototypal Inheritance for Fun and Profit – Abuse of prototypal inheritance can allow attackers to exploit your application in various ways. Learn what to watch out for, and how to prevent vulnerabilities.
Jan 29, 2018

Secure Meteor – I'm announcing a new project: Secure Meteor! Learn to how to secure your Meteor application from a Meteor security professional. This easy to understand and actionable guide will teach you the ins and outs of Meteor security.
Jan 15, 2018

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Nov 14, 2016

Can Meteor Applications be "Mobile Only?" – What does it mean to be "mobile only", and can a Meteor application ever be restricted to a mobile-only build?
Oct 17, 2016

How to Safely Store Application Links – Does your application give users the ability to link to arbitray external URLs? You may be exposing your users to an unnecessary vulnerability.
Oct 10, 2016

Accounts is Everything Meteor Does Right – Meteor's Accounts system is one of Meteor's most killer features, and one of the reasons I find it difficult to leave the framework.
Oct 3, 2016

Clone Meteor Collection References – Ever wanted to have two different sets of helpers attached to a single Meteor collection? It's more complicated than you may think.
Sep 19, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Sep 5, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Aug 29, 2016

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Aug 22, 2016

Meteor in Front, Phoenix in Back - Part 1 – Part one of our Meteor in Front, Phoenix in Back series. Let's put our mad scientist hats on and transplant a Meteor front-end into a Phoenix application!
Aug 15, 2016

Module Import Organization – Now that Meteor supports native modules, imports, and exports... Where do we put everything?
Aug 8, 2016

Method Imports and Exports – When we define Meteor methods and publication in modules, what do we export? This articles dives into that question and more.
Aug 1, 2016

Meteor's Nested Import Controversy – Meteor has introduced Reify that allows the importing of modules within a nested code block. Are we still writing Javascript?
Jul 17, 2016

Winston and Meteor 1.3 – Due to the intricacies of Meteor's build system, integrating Winston into your Meteor project is more difficult that it seems at first glance.
Jul 4, 2016

Node Vulnerability Scanners in a 1.3 World – Using NPM packages in your Meteor project opens you up to a world of vulnerabilities. How can you be sure you're using secure packages?
Jun 20, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

Anatomy of an Assessment – What are Meteor security assessments? How do they work and what can I expect?
May 30, 2016

The Missing Link In Meteor's Rate Limiter – It's possible to carry out a Denial of Service attack against a Meteor application by flooding it with subscriptions. Check out how you can protect yourself.
May 16, 2016

Transitioning to Modules With Global Imports – Transitioning your entire Meteor application towards using imports is a time-consuming and error-prone process. Thankfully, there's a middle way.
May 9, 2016

Meteor Unit Testing With Testdouble.js – Smooth out your Meteor testing experience with Testdouble.js.
May 2, 2016

Blaze Meets Clusterize.js – Blaze can be slow when rendering hundreds of elements. Speed it up with Clusterize.js!
Apr 18, 2016

CollectionFS Safety Considerations – Allowing file uploads to your applications opens you up to a world of potential vulnerabilities. Make sure you're protected.
Apr 4, 2016

Bypassing Package-Based Basic Auth – Are you using Basic Auth to protect your Meteor application? You're probably not protecting your DDP endpoint. Find out how to fix it.
Mar 28, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Stored XSS and Unexpected Unsafe-Eval – Event your Content Security Policy can't save you from stored Cross Site Scripting attacks.
Mar 14, 2016

Cross Site Scripting Through jQuery Components – Your application may be correctly sanitizing user-provided input, but are your jQuery components? Watch out for Cross Site Scripting attacks!
Mar 7, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.
Feb 15, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Feb 8, 2016

Sending Emails Through Hidden Methods – Even if your methods aren't published to the client, they can still be called by malicious users to send emails or do other nefarious things.
Feb 1, 2016

Unit Testing With Meteor 1.3 – Meteor's official testing solution, Velocity, is just too slow. Check out how to use ES6 modules and Mocha to write lightning fast unit tests!
Dec 21, 2015

Meteor Club Q&A on Security – I had a great time on Josh Owens' Meteor Club Q&A talking about Meteor security. Be sure to checkout the Youtube recording.
Dec 14, 2015

Scanning Meteor Projects for Node Vulnerabilities – Meteor applications can make use of Node.js packages, which opens them up to a world of vulnerabilities. Protect yourself by learning how to scan those packages for known vulnerabilities.
Dec 7, 2015

Giving Thanks – It's been a little over a year since I started experimenting with Meteor. In that time it has given me the confidence to start successfully working for myself. Thanks Meteor!
Nov 30, 2015

Building Check-Checker as a Meteor Plugin – Let's use Meteor's Build Plugin API to refactor our Check Checker package into a plugin.
Nov 23, 2015

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Nov 9, 2015

Meteor Space Camp – Last month I had the opportunity to go to Space Camp! No, not that kind of space camp...
Nov 2, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Oct 19, 2015

Package Scan Community Contributions – Package Scan is getting some love from the community!
Oct 13, 2015

Slimming Down Fat Models – While fat models are better than fat controllers, sometimes your models need to trim the fat as well. Event-based architectures may be the solution to your troubles.
Oct 5, 2015

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Sep 28, 2015

Exporting ES6 Classes From Meteor Packages – How do you export ES6 classes from Meteor packages? This articles dives into the topic.
Sep 23, 2015

Never Forget Where Your Code Runs – Part of designing a secure software solution is being aware of your client and server boundaries. This is especially important with working with isometric systems.
Sep 21, 2015

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Sep 7, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Aug 31, 2015

Hijacking Meteor Accounts by Sniffing DDP – Meteor accounts can be hijacked by an attacker listening for your credentials as they fly across the wire. Find out how to protect your application.
Aug 23, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Aug 10, 2015

Returning Promises Synchronously – I often find myself tasked with returning promises synchronously from Meteor fibers. I've written a Meteor package that helps with the task.
Aug 3, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Jul 21, 2015

Why Is Rename Disallowed? – The MongoDB 'rename' operator is disallowed in Meteor client-side queries. Let's explore why that may be.
Jul 14, 2015

Basic Auth For Hiding Your Application – Basic authentication is a great way to quickly lock down an application from prying eyes. Learn the ins and outs.
Jul 6, 2015

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Jun 29, 2015

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Jun 22, 2015

Allow & Deny Challenge - Check Yourself – Can you write an air-tight set of allow & deny rules? Take a look at Sacha Greif's challange, try it for yourself, and take a look at my solution.
Jun 15, 2015

Authentication with localStorage – Authentication through localStorage has the handy property of being CSRF-proof. Find out what that means and why it matters in this article!
Jun 8, 2015

Keep It Secret, Keep It Safe – Are you accidentally leaking your application's secrets to the client? It's more likely than you may think.
May 25, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
May 18, 2015

Private Package Problems – What's the best way to manage private Meteor packages? Let's compare the pros and cons of a few different potential solutions.
May 11, 2015

Meteor Security in the Wild – Read along with this deep hands-on dive into a vulnerability I found in a client's production Meteor application.
May 5, 2015

Meteor Package Scan – Are you using Meteor packages with known security vulnerabilities? Package Scan will tell you.
Apr 27, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Apr 24, 2015

Discover Meteor - Mentoring Session – I'll be hosting a Discover Meteor mentor section. Stop by and ask questions!
Apr 20, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Apr 15, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Apr 6, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Recursive Components with Meteor and Polymer – Let's put on our mad scientist hats and build a Cantor set using recursive components in both Meteor and Polymer.
Mar 30, 2015

User Fields and Universal Publications – Universal publications are a piece of black magic that are often brushed under the rug of Meteor applications. Learn what they are and how they're used in this question and answer style article.
Mar 16, 2015

Meteor Composability – It can be difficult to build a truly composable application using Meteor's out-of-the-box front-end framework. Here are a few tips and tricks.
Mar 9, 2015

Customizable Meteor Navbar with Orion CMS – Let's extend the Meteor-based Orion CMS with our own customizable navbar.
Mar 2, 2015

Custom Categories with Meteor's Orion CMS – Let's extend the Meteor-based Orion CMS with our own custom categories.
Feb 23, 2015

Meteor and Mongod.lock – Crashing Meteor applications can sometimes wreak havok on your MongoDB lock file. Learn how to fix that problem in this article.
Feb 16, 2015

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Feb 9, 2015

Suffixer! Find Meaningful Unregistered Domains – Suffixer is a tool designed to find meaningful unregistered domains for your latest project.
Feb 2, 2015

Mongo Text Search with Meteor – MongoDB text searches can offer significant performance boosts over simple regular expression based queries.
Jan 26, 2015

The Dangers of Debouncing Meteor Subscriptions – Debouncing Meteor subscriptions can lead to subtle bugs. Let's explore those bugs and find out how to prevent them in your application.
Jan 19, 2015

Custom Block Helpers and Meteor Composability – Custom block helpers can help you build more composable Meteor front-ends. This article can help you master them.
Jan 13, 2015

BYO Meteor Package – Follow along as I build and publish my first Meteor package!
Dec 22, 2014

My Meteor Hello World - countwith.me – My first application made with Meteor, countwith.me, is a simple distributed counting application. How high can the internet count?
Dec 8, 2014

Meteor First Impressions – This video summarizes my first impressions of the Meteor framework. Wow!
Dec 2, 2014

Mobile

Can Meteor Applications be "Mobile Only?" – What does it mean to be "mobile only", and can a Meteor application ever be restricted to a mobile-only build?
Oct 17, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Aug 29, 2016

MongoDB

Finding Queries with Missing Indexes in Meteor Applications – I find the existing tooling for tracking down slow queries to be cluncky and unintuitive. Adding a few lines to your Meteor application lets you track down those under-indexed queries quickly.
Sep 23, 2023

MongoDB Lookup Aggregation – In which a reader and I work together to write a MongoDB aggregation pipeline to reconstruct a tree, where each level of the tree is stored in separate collections.
Dec 26, 2020

Querying for MongoDB Documents Where Every Sub-document Matches a Pattern – Recently I found myself tasked with removing documents from a MongoDB collection that had an array of sub-documents entirely matching a pattern. The final solution required I flip my perspective on the problem entirely.
Mar 10, 2020

MongoDB Object Array Lookup Aggregation – It turns out looking up documents who's ID exists as a field on an object in an array is no easy task for MongoDB. Come with me on a journey as we delve into a six stage aggregation pipeline that does just that.
Jan 29, 2020

Modeling Formulas with Recursive Discriminators – I ran into an interesting problem recently where I needed to model a nested set of either/or sub-schemas. With some creative thinking and a healthy dose of recursion, Mongoose's discriminator feature turned out to be just the tool for the job.
May 28, 2018

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

How am I Building Inject Detect? – Here's a high-level architectural and technilogical outline for how I plan to build out the Inject Detect application.
Mar 20, 2017

How to use MongoDB With Elixir - Revisited – A recent upgrade to Elixir's MongoDB package requires that we revisit how we interact with the database through Elixir.
Dec 5, 2016

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

How to Use MongoDB with Elixir – What is the best way to use MongoDB as your primary database in a Phoenix or Elixir application? This article explores a few options.
Oct 31, 2016

A Five Minute Introduction to NoSQL Injection – What is NoSQL Injection? How does it affect my application? How can I prevent it? This five minute guide will tell you everything you need to know.
Oct 24, 2016

My Kingdom for Transactions – Transactions are an incredibly undervalued tool in a developer's toolbox. They're often not missed until they're desperately needed. By then, it may be too late.
Sep 26, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Sep 5, 2016

MongoDB With Serverless – Using MongoDB from an AWS Lambda function is more difficult than you may expect. Here's one possible solution.
Jun 6, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Feb 8, 2016

Scripting With MongoDB – Scripting with Javascript is an often overlooked, but incredibly powerful feature of MongoDB. Take advantage of it!
Jan 25, 2016

Sorting By Ownership With MongoDB – This post explores the problem of crafting a difficult query in MongoDB. Use your tools; don't let your tools use you.
Nov 16, 2015

Counting Fields With Mongo Aggregations – How would you write a MongoDB query to cound the number of fields in a set of documents? Let's dive into a solution!
Sep 14, 2015

Meteor and Mongod.lock – Crashing Meteor applications can sometimes wreak havok on your MongoDB lock file. Learn how to fix that problem in this article.
Feb 16, 2015

Mongo Text Search with Meteor – MongoDB text searches can offer significant performance boosts over simple regular expression based queries.
Jan 26, 2015

Mongoose

Generating Realistic Pseudonyms with Faker.js and Deterministic Seeds – Let's build on the "demo mode" we added to our application in the last article and breath some life into the pseudonyms generated for our application's users.
Apr 29, 2019

Anonymizing GraphQL Resolvers with Decorators – The structure and modular nature of GraphQL resolvers lets us do some amazing things. Check out how we can recursively apply decorators to our resolver tree to elegantly build a "demo mode" into our application.
Apr 22, 2019

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Monkey Patching

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

Music

The Progression That Led Me to Build Glorious Voice Leader – This straight forward chord progression completely changed how I approach playing the guitar, and inspired me to pour hundreds of hours into building Glorious Voice Leader.
Jul 21, 2020

Suggesting Chord Names with Glorious Voice Leader – Glorious Voice Leader now has the ability to display suggestions for chord names that exactly match the notes entered on the fretboard. Try it out with the simplified demo that's been embedded in this post.
Jul 13, 2020

Adding More Chords to Glorious Voice Leader – Algorithmically generating "all possible" chord qualities is a surprisingly complex task. Read about how I took a hybrid approach to account for the ambiguities and asymmetries of how humans name chords.
May 14, 2020

Guitar Chord Voicings with Prolog – Prolog is a language that excels at defining and exploring relationships. Let's take advantage of that and use Prolog to explore a few of the myriad of relationships that exist between chords and the guitar's fretboard.
Apr 21, 2020

Clapping Music with TidalCycles – Let's use TidalCycles to recreate Steve Reich's "Clapping Music", and hopefully learn a thing or two along the way.
Apr 16, 2020

Glorious Voice Leader Reborn – I recently finished a major visual overhaul of my current pet project, Glorious Voice Leader. The redesign was primarily intended to give musicians a (hopefully) more natural interface for working with the tool.
Mar 27, 2020

Generating Guitar Chords with Cartesian Products – Cartesian products are an algorithmic superpower. Check out how we can use them to quickly and easily generate all possible guitar chords across the fretboard.
Oct 7, 2019

All Hail Glorious Voice Leader! – I'm excited to announce the newest addition to my chord-generating family of programs: Glorious Voice Leader! Check out this example of what it's made to do.
Sep 30, 2019

FizzBuzz is Just a Three Against Five Polyrhythm – Sometimes the lines blur between band practice and programming practice. It turns out that the classic FizzBuzz problem is just a three against five polyrhythm.
Apr 8, 2019

Optional Notes and Exact Pitches in Chord – My main goal with the Chord project is to model lead sheets. Let's move one step closer to that goal and add support for generating chords with optional notes and exact pitches.
Dec 17, 2018

Allow Yourself to do Things Poorly – Giving yourself permission to do things poorly can be liberating. Forgiving yourself for hacking together code is sometimes a prerequisite for productivity.
Dec 3, 2018

Rendering ASCII Chord Charts with React – It's time to move our Chord project to the web. Let's use React to generate ASCII-based guitar chord charts.
Oct 8, 2018

Computing Fingering Distance with Dr. Levenshtein – In this article I get by with a little help from my friend, Vladimir Levenshtein, and algorithmically compute the fingering distance between two guitar chords.
Aug 27, 2018

Algorithmically Fingering Guitar Chords with Elixir – Let's use Elixir and a sieving algorithm to recursively generate all possible fingerings for a given guitar chord voicing.
Aug 13, 2018

Voice Leading with Elixir – Let's harness the power of Elixir to programatically generate optimal chord progressions and voice leading for guitar!
Jul 30, 2018

Making Noise with J – Let's try to make music with the J programming language and a handful of other helpful tools and utilities.
Jul 2, 2018

NoSQL Injection

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Inject Detect - Coming Soon! – I've decided to put my knowledge into practice and build an application called Inject Detect to detect NoSQL Injection attacks as they happen.
Mar 6, 2017

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

A Five Minute Introduction to NoSQL Injection – What is NoSQL Injection? How does it affect my application? How can I prevent it? This five minute guide will tell you everything you need to know.
Oct 24, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.
Feb 15, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Feb 8, 2016

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Nov 9, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Oct 19, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Aug 31, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Aug 10, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Jul 21, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
May 18, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Apr 6, 2015

Node.js

TIL About Node.js' REPL Module – Today I learned that Node.js ships, out of the box, with a fully functional REPL module that can easily be added to any process. This is a game changer for me when it comes to local development.
Aug 20, 2019

Generating Realistic Pseudonyms with Faker.js and Deterministic Seeds – Let's build on the "demo mode" we added to our application in the last article and breath some life into the pseudonyms generated for our application's users.
Apr 29, 2019

Anonymizing GraphQL Resolvers with Decorators – The structure and modular nature of GraphQL resolvers lets us do some amazing things. Check out how we can recursively apply decorators to our resolver tree to elegantly build a "demo mode" into our application.
Apr 22, 2019

The Headache and Heartache of Unhandled Rejections – Out of the box, Node.js doesn't do much to deal with unhandled promise rejections. This can lead to a world of hurt when trying to debug these rejections in your application. Thankfully, we have the tools to fix the problem!
Mar 12, 2018

Rum Boogie Café – Character encodings have long been the bane of software developers. Read about the lengths I recently went to in order to debug a character encoding issue.
Nov 6, 2017

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Jun 26, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
May 24, 2016

Numberphile

Descending Dungeon Numbers in J – Neil Sloane of the On-Line Encyclopedia of Integer Sequences is featured in another Numberphile video this week. Let's use the J programming language to model the sequence and try to answer a few questions about it.
Aug 2, 2020

Prime Parallelograms – In this follow-up to our previous post on plotting a number series from a Numberphile video, we use J to plot an interesting series involving primes, base two representations, and parallelograms.
Aug 26, 2019

Fly Straight, Dammit! – Let's use the J programming language to implement and plot an interesting function that was featured on a recent Numberphile video. Memoization and agenda-based conditionals abound!
Aug 12, 2019

Offline

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Jul 24, 2017

OpenAPI

Nested Resources, Camel Casing, and Open API Spex – Documenting camel cased APIs with Open API Spex can be problematic when making heavy use of nested Phoenix resources.
Nov 9, 2021

PHP

Building Ms. Estelle Marie – Recently I spent some time customizing a Wordpress template for a client. Here's a quick rundown of my process and impressions.
Nov 12, 2014

Laravel Queue's Sleep Contributes to its Timeout – Follow along as I track down a bug in Laravel's queue system.
Oct 23, 2014

Laravel 4.2 Command "Queue:Restart" is Not Defined – A sudden anomalous skipe in CPU usage led me down the rabbit hole of debugging an issue with my Laravel configuration. Follow along in this article.
Oct 15, 2014

Passwordless

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Apr 24, 2017

Phoenix

Recursively Handle Query Parameters in a Phoenix API – Handle combinations of query parameters with recursive function calls and pattern matching function heads.
Nov 5, 2022

Nested Resources, Camel Casing, and Open API Spex – Documenting camel cased APIs with Open API Spex can be problematic when making heavy use of nested Phoenix resources.
Nov 9, 2021

Animating a Canvas with Phoenix LiveView: An Update – Things are moving fast in the LiveView world. If you're using LiveView to animate an HTML5 canvas, like we did last month, you'll want to read about this breaking change and its corresponding workaround.
Oct 1, 2019

Animating a Canvas with Phoenix LiveView – LiveView's new hook functinality has opened the doors to a whole new world of possibilities. Get a taste of what's possible by checking out how we can animate an HTML5 canvas based on real-time data provided by the server.
Sep 2, 2019

Minimum Viable Phoenix – Let's walk through the process of building a dead simple Phoenix application from the ground up.
May 20, 2019

Do you know that a man is not dead while his name is still spoken? – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 25, 2017

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Oct 2, 2017

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Sep 18, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Apr 24, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Create React App with Phoenix – Skip brunch today and use Create React App to lay the foundation for the front-end of your next Elixir and Phoenix project.
Apr 3, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Upgrade Releases With Edeliver – Edeliver simplifies the process of building and deploying upgrade releases for your Elixir and Phoenix applications.
Jan 23, 2017

Simplifying Elixir Releases With Edeliver – Edeliver simplifies the process of building and deploying standard releases for your Elixir and Phoenix applications.
Jan 16, 2017

Upgrade Releases With Distillery – Use Distillery to build and deploy hot-upgrades to your Elixir and Phoenix applications through the process of upgrade releases.
Jan 9, 2017

Deploying Elixir Applications with Distillery – Use Distillery to build and deploy your Elixir and Phoenix applications.
Dec 26, 2016

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Nov 16, 2016

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Nov 14, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Nov 9, 2016

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

How to Use MongoDB with Elixir – What is the best way to use MongoDB as your primary database in a Phoenix or Elixir application? This article explores a few options.
Oct 31, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Oct 26, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Oct 19, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Oct 12, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Oct 5, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Sep 21, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Sep 7, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Aug 31, 2016

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Aug 22, 2016

Meteor in Front, Phoenix in Back - Part 1 – Part one of our Meteor in Front, Phoenix in Back series. Let's put our mad scientist hats on and transplant a Meteor front-end into a Phoenix application!
Aug 15, 2016

Phoenix Todos

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Nov 16, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Nov 9, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Oct 26, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Oct 19, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Oct 12, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Oct 5, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Sep 21, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Sep 7, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Aug 31, 2016

Podcast

Elixir Mix – I was lucky enough to have the opportunity to appear on the Elixir Mix podcast. Check it out!
Nov 19, 2018

Polymer

Recursive Components with Meteor and Polymer – Let's put on our mad scientist hats and build a Cantor set using recursive components in both Meteor and Polymer.
Mar 30, 2015

Process

Why Security? – Why should we, as software developers, be concerned about the security of the software they write? Because everything we do depends on it.
Mar 13, 2017

Anatomy of an Assessment – What are Meteor security assessments? How do they work and what can I expect?
May 30, 2016

Smart Forms - Automate and Build Your Own Tools! – Sometimes it's the code you throw away that's the most valuable. Here's a story about how a one-off tool built quickly and poorly saved a client hundreds of hours of billable work.
Sep 4, 2014

Programming Languages

A Better Mandelbrot Iterator in J – There are times you come back to a problem and realize that a much simpler solution exists. This is one of those times.
Mar 18, 2019

Writing Mandelbrot Fractals with Hooks and Forks – J's hooks and forks allow us to write solutions to problems exactly as we'd express them using the English language. Let's demonstrate by rendering a Mandelbrot fractal!
Apr 16, 2018

J's Low-level Obfuscation Leads to Higher Levels of Clarity – It's argued that J is a "write-only" programming language because of its extreme terseness and complexity of syntax. I'm starting to warm up the the idea that it might be more readable than it first lets on.
Mar 19, 2018

Prolog

Guitar Chord Voicings with Prolog – Prolog is a language that excels at defining and exploring relationships. Let's take advantage of that and use Prolog to explore a few of the myriad of relationships that exist between chords and the guitar's fretboard.
Apr 21, 2020

Python

Hide Menu: My First Sublime Text Plugin – I've created a Sublime Text plugin to scratch an itch, and I documented the whole process.
Dec 24, 2014

Quine

Git Quine – I spent a day building a self referential git quine.
Oct 26, 2023

React

Recursive Roguelike Tiles – Let's dig deeper into the dungeon we generated last time and start adding grass and flowers. Recursive grids of tiles and cellular automata abound!
Jul 3, 2020

Hello Roguelike – Let's take a breather and use a random walk algorithm to generate a roguelike-style dunegon in the browser.
Jul 1, 2020

Lissajous Curves – A YouTube mathematician drew me into the beautiful rabbit hole of Lissajous curves. To satisfy my curiosity, I wrote a quick React application that renders a grid of Lissajous curves to an HTML5 canvas.
Mar 16, 2020

Rendering a React Application Across Multiple Containers – Lately I've been embedding React applications into existing static pages, and I've had the need to render single applications across multiple containers.
Oct 14, 2019

Animating a Canvas with React Hooks – The new React hooks API gives us a really slick way of introducing side effects into our pure, functional components. Let's use that to interact with and animate an HTML5 cavnas.
Aug 19, 2019

Embedding React Components in Jekyll Posts – In my last post I embedded several React-based examples directly into my Jekyll-generated article. Let's dig into how I accomplished that and how you can embed React components into your own Jekyll pages.
Aug 5, 2019

Using Create React App with Phoenix – Skip brunch today and use Create React App to lay the foundation for the front-end of your next Elixir and Phoenix project.
Apr 3, 2017

Roguelike

Recursive Roguelike Tiles – Let's dig deeper into the dungeon we generated last time and start adding grass and flowers. Recursive grids of tiles and cellular automata abound!
Jul 3, 2020

Hello Roguelike – Let's take a breather and use a random walk algorithm to generate a roguelike-style dunegon in the browser.
Jul 1, 2020

Routine

Coffee, Tea, and Theanine – What's your relationship with caffeine, coffee, and tea like?
Aug 20, 2018

SVG

The Quest for Scalable SVG Text – Creating an SVG with scalable text presents more challenges than you would expect. Especially when you're trying to shoot for full browser compatibility.
Oct 8, 2014

Responsive SVG Height Issue – I recently faced an issue with responsive SVGs not sizing correctly. Here's how I came up with a solution.
Sep 9, 2014

Secure Meteor

How I Actually Wrote My First Ebook – It turns out that the process of turning words into a well-formatted, distributable ebook is much more complicated that it seems. Here's how I managed.
May 27, 2019

Secure Meteor is Live – Secure Meteor is live and available for purchase. Be sure to check it out if you're a Meteor developer or application owner!
Mar 4, 2019

Secure Meteor Releasing Next Week! – While I haven't been iterating publicly, I've been doing lots of work in the new year.
Feb 25, 2019

Secure Meteor – I'm announcing a new project: Secure Meteor! Learn to how to secure your Meteor application from a Meteor security professional. This easy to understand and actionable guide will teach you the ins and outs of Meteor security.
Jan 15, 2018

Security

Javascript Destructuring and Untrusted Data – Destructuring can lead to a false sense of security about the contents of your data.
Nov 9, 2022

Secure Meteor is Live – Secure Meteor is live and available for purchase. Be sure to check it out if you're a Meteor developer or application owner!
Mar 4, 2019

Secure Meteor Releasing Next Week! – While I haven't been iterating publicly, I've been doing lots of work in the new year.
Feb 25, 2019

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Hacking Prototypal Inheritance for Fun and Profit – Abuse of prototypal inheritance can allow attackers to exploit your application in various ways. Learn what to watch out for, and how to prevent vulnerabilities.
Jan 29, 2018

Secure Meteor – I'm announcing a new project: Secure Meteor! Learn to how to secure your Meteor application from a Meteor security professional. This easy to understand and actionable guide will teach you the ins and outs of Meteor security.
Jan 15, 2018

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Why Security? – Why should we, as software developers, be concerned about the security of the software they write? Because everything we do depends on it.
Mar 13, 2017

Inject Detect - Coming Soon! – I've decided to put my knowledge into practice and build an application called Inject Detect to detect NoSQL Injection attacks as they happen.
Mar 6, 2017

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

A Five Minute Introduction to NoSQL Injection – What is NoSQL Injection? How does it affect my application? How can I prevent it? This five minute guide will tell you everything you need to know.
Oct 24, 2016

How to Safely Store Application Links – Does your application give users the ability to link to arbitray external URLs? You may be exposing your users to an unnecessary vulnerability.
Oct 10, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Sep 5, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Aug 29, 2016

Node Vulnerability Scanners in a 1.3 World – Using NPM packages in your Meteor project opens you up to a world of vulnerabilities. How can you be sure you're using secure packages?
Jun 20, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

Anatomy of an Assessment – What are Meteor security assessments? How do they work and what can I expect?
May 30, 2016

The Missing Link In Meteor's Rate Limiter – It's possible to carry out a Denial of Service attack against a Meteor application by flooding it with subscriptions. Check out how you can protect yourself.
May 16, 2016

CollectionFS Safety Considerations – Allowing file uploads to your applications opens you up to a world of potential vulnerabilities. Make sure you're protected.
Apr 4, 2016

Bypassing Package-Based Basic Auth – Are you using Basic Auth to protect your Meteor application? You're probably not protecting your DDP endpoint. Find out how to fix it.
Mar 28, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Stored XSS and Unexpected Unsafe-Eval – Event your Content Security Policy can't save you from stored Cross Site Scripting attacks.
Mar 14, 2016

Cross Site Scripting Through jQuery Components – Your application may be correctly sanitizing user-provided input, but are your jQuery components? Watch out for Cross Site Scripting attacks!
Mar 7, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.
Feb 15, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Feb 8, 2016

Sending Emails Through Hidden Methods – Even if your methods aren't published to the client, they can still be called by malicious users to send emails or do other nefarious things.
Feb 1, 2016

Meteor Club Q&A on Security – I had a great time on Josh Owens' Meteor Club Q&A talking about Meteor security. Be sure to checkout the Youtube recording.
Dec 14, 2015

Scanning Meteor Projects for Node Vulnerabilities – Meteor applications can make use of Node.js packages, which opens them up to a world of vulnerabilities. Protect yourself by learning how to scan those packages for known vulnerabilities.
Dec 7, 2015

Building Check-Checker as a Meteor Plugin – Let's use Meteor's Build Plugin API to refactor our Check Checker package into a plugin.
Nov 23, 2015

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Nov 9, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Oct 19, 2015

Package Scan Community Contributions – Package Scan is getting some love from the community!
Oct 13, 2015

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Sep 28, 2015

Never Forget Where Your Code Runs – Part of designing a secure software solution is being aware of your client and server boundaries. This is especially important with working with isometric systems.
Sep 21, 2015

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Sep 7, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Aug 31, 2015

Hijacking Meteor Accounts by Sniffing DDP – Meteor accounts can be hijacked by an attacker listening for your credentials as they fly across the wire. Find out how to protect your application.
Aug 23, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Aug 10, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Jul 21, 2015

Why Is Rename Disallowed? – The MongoDB 'rename' operator is disallowed in Meteor client-side queries. Let's explore why that may be.
Jul 14, 2015

Basic Auth For Hiding Your Application – Basic authentication is a great way to quickly lock down an application from prying eyes. Learn the ins and outs.
Jul 6, 2015

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Jun 29, 2015

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Jun 22, 2015

Allow & Deny Challenge - Check Yourself – Can you write an air-tight set of allow & deny rules? Take a look at Sacha Greif's challange, try it for yourself, and take a look at my solution.
Jun 15, 2015

Authentication with localStorage – Authentication through localStorage has the handy property of being CSRF-proof. Find out what that means and why it matters in this article!
Jun 8, 2015

Keep It Secret, Keep It Safe – Are you accidentally leaking your application's secrets to the client? It's more likely than you may think.
May 25, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
May 18, 2015

Meteor Security in the Wild – Read along with this deep hands-on dive into a vulnerability I found in a client's production Meteor application.
May 5, 2015

Meteor Package Scan – Are you using Meteor packages with known security vulnerabilities? Package Scan will tell you.
Apr 27, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Apr 24, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Apr 15, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Apr 6, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Serverless

MongoDB With Serverless – Using MongoDB from an AWS Lambda function is more difficult than you may expect. Here's one possible solution.
Jun 6, 2016

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
May 24, 2016

Splunk

Visualizing the Oplog with Splunk – In an attempt to track down the cause of a mysterious spike in CPU consumption in a Meteor application, I decided to plot a time series chart of Mongo's Oplog collection.
Apr 30, 2018

Streams

Timing Streams in Node.js – I've been tasked with speeding up a Node.js stream-based pipeline. The first step of making something faster is figuring out how slow it is. Check out this small helper function I wrote to do just that!
Jan 11, 2020

Stripe

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

Testing

Count the Divisible Numbers – Counting the numbers divisible by some number within a range is a fairly simple challenge, but I decided to use this code kata as an opportunity to practice property-based testing. The results were a constant time solution that I'm very happy with!
Nov 25, 2019

Bending Jest to Our Will: Restoring Node's Require Behavior – Jest overrides the behavior of Node's require behavior to support concurrent testing and better test isolation. But what if we don't want that?
Mar 25, 2019

Property Testing a Permutation Generator – Permutations have some nice, intrinsic properties that lend themselves well to property testing.
Nov 19, 2018

Bending Jest to Our Will: Caching Modules Across Tests – I recently had to go trudging through the weeds in an effort to make my test suite pass more reliably. It turns out that loading a module once in Jest is extremely difficult.
Nov 5, 2018

Snapshot Testing GraphQL Queries – Snapshot testing is a breath of fresh air, especially when combined with testing GraphQL endpoints.
Oct 1, 2018

Generating Test Fixtures with Wireshark – Wireshark can be an invaluable tool for testing the parsing and serializing of a well-known binary protocol. Check out how we can use binary fixtures exported from Wireshark to test our Elixir-based Bitcoin protocol parser and serializer.
Jun 11, 2018

Be Careful Using With in Tests – Elixir's 'with' special form is a fantastic tool, but be careful using it in tests. Read all about how my incorrect usage of 'with' lead to a false positive in my test suite!
Jun 4, 2018

Method Imports and Exports – When we define Meteor methods and publication in modules, what do we export? This articles dives into that question and more.
Aug 1, 2016

Mocha's Grep Flag – Today I learned about Mocha's grep flag; an insanely useful tool for quickly isolating individual tests of groups of tests.
Jul 25, 2016

Meteor Unit Testing With Testdouble.js – Smooth out your Meteor testing experience with Testdouble.js.
May 2, 2016

Unit Testing With Meteor 1.3 – Meteor's official testing solution, Velocity, is just too slow. Check out how to use ES6 modules and Mocha to write lightning fast unit tests!
Dec 21, 2015

The Ecstasy of Testing – You dive in, equipped with nothing more than a creeping dissatisfaction and a passing test suite...
Aug 18, 2015

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Feb 9, 2015

Thi.ng

Clipping Convex Hulls with Thi.ng! – I recently discovered Thi.ng, a set of computational design tools created by the Clojure and Clojurescript community, and it helped me traverse my way through a sea of points and polygons. Check out how we can use the tools to generate convex hulls, clip polygons, and calculate polygon areas.
Jul 29, 2019

Tidal

Clapping Music with TidalCycles – Let's use TidalCycles to recreate Steve Reich's "Clapping Music", and hopefully learn a thing or two along the way.
Apr 16, 2020

Tmux

Scripting Tmux Session Creation – I decided to script my tmux session creation process.
Sep 28, 2023

Tools

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Video

Firebase! - T.U.S.T.A.C.R. Part 2 – Follow along as I build out the back-end of a URL shortener built using Firebase!
Oct 1, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Sep 24, 2014

Vim

Wolfram Style Cellular Automata with Vim Macros – Let's use substitutions and recursive macros to generate Wolfram-style cellular automata entirely within Vim. Why? Because it's Friday.
Apr 3, 2020

Formatting with Vim Scripts – Vim has become the cornerstone of my day-to-day work as a software developer. Check out how I use Vim scripts to format articles and posts.
Oct 16, 2017

Web Crawling

Fleshing out URLs with Elixir – Step one of crawling a web page is getting a fully fleshed out URL pointing to that page. Unfortunately, people usually think of URLs in fuzzy, incomplete terms. Thankfully, fleshing out the missing details is simple with Elixir.
Dec 11, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Learning to Crawl - Building a Bare Bones Web Crawler with Elixir – Roll up your sleaves and get ready to build a fully function (but feature limited) web crawler using Elixir.
Oct 9, 2017

Wordpress

Building Ms. Estelle Marie – Recently I spent some time customizing a Wordpress template for a client. Here's a quick rundown of my process and impressions.
Nov 12, 2014

Writing

How I Actually Wrote My First Ebook – It turns out that the process of turning words into a well-formatted, distributable ebook is much more complicated that it seems. Here's how I managed.
May 27, 2019

Fear is the Mind Killer – I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration.
Feb 26, 2018

The Ecstasy of Testing – You dive in, equipped with nothing more than a creeping dissatisfaction and a passing test suite...
Aug 18, 2015

XSS

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Sep 7, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Zapier

Zapier Named Variables - Scheduling Posts Part 2 – Zapier named variables can help you schedule posts to a Jekyll based blog. Find out how!
Jan 5, 2015

Scheduling Posts with Jekyll, Github Pages & Zapier – Find out how I'm using Zapier to schedule posts to my Jekyll-powered blog hosted on Github Pages!
Dec 29, 2014