Tags

Absinthe

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Nov 21, 2016

Advent of Code

Things I Learned During the Advent of Code – This year's Advent of Code has come and gone. I had a lot of fun solving each of this year's challenges with Elixir.
Jan 1, 2018

Generating Sequences with Elixir Streams – Elixir streams can be amazingly useful tools for generating potentially infinite sequences of data. Learn about three useful stream functions that can be used to generate complex enumerable sequences.
Dec 11, 2017

Advent of Code: Not Quite Lisp – This Literate Commits post solves a Lisp-flavored code kata using Elixir!
Aug 17, 2016

Affiliate Crawler

Fleshing out URLs with Elixir – Step one of crawling a web page is getting a fully fleshed out URL pointing to that page. Unfortunately, people usually think of URLs in fuzzy, incomplete terms. Thankfully, fleshing out the missing details is simple with Elixir.
Dec 11, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Learning to Crawl - Building a Bare Bones Web Crawler with Elixir – Roll up your sleaves and get ready to build a fully function (but feature limited) web crawler using Elixir.
Oct 9, 2017

Announcement

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Secure Meteor – I'm announcing a new project: Secure Meteor! Learn to how to secure your Meteor application from a Meteor security professional. This easy to understand and actionable guide will teach you the ins and outs of Meteor security.
Jan 15, 2018

Let's Get Personal – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 18, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Sep 28, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Meteor Package Scan – Are you using Meteor packages with known security vulnerabilities? Package Scan will tell you.
Apr 27, 2015

Announcing East5th! – I've decided to start working for myself under the name of 'East5th'!
Feb 4, 2015

Suffixer! Find Meaningful Unregistered Domains – Suffixer is a tool designed to find meaningful unregistered domains for your latest project.
Feb 2, 2015

My Meteor Hello World - countwith.me – My first application made with Meteor, countwith.me, is a simple distributed counting application. How high can the internet count?
Dec 8, 2014

Apollo

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Jul 24, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Nov 21, 2016

Appearance

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Jun 22, 2015

Discover Meteor - Mentoring Session – I'll be hosting a Discover Meteor mentor section. Stop by and ask questions!
Apr 20, 2015

Meteor Composability – It can be difficult to build a truly composable application using Meteor's out-of-the-box front-end framework. Here are a few tips and tricks.
Mar 9, 2015

Authentication

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Oct 2, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Apr 24, 2017

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Nov 14, 2016

Accounts is Everything Meteor Does Right – Meteor's Accounts system is one of Meteor's most killer features, and one of the reasons I find it difficult to leave the framework.
Oct 3, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Bitcoin

Ping, Pong, and Unresponsive Bitcoin Nodes – The last step in maintaining our pool of Bitcoin peer nodes is to detect and remove unresponsive nodes from our network.
Jul 9, 2018

Limiting Peers with DynamicSupervisor Options – We can simplify our Bitcoin node's peer management code by letting Elixir do the heavy lifting for us! Let's dive into the `:max_children`{:.language-elixir} option and see how it can help us.
Jun 18, 2018

Generating Test Fixtures with Wireshark – Wireshark can be an invaluable tool for testing the parsing and serializing of a well-known binary protocol. Check out how we can use binary fixtures exported from Wireshark to test our Elixir-based Bitcoin protocol parser and serializer.
Jun 11, 2018

Spreading Through the Bitcoin Network – Let's replace our Bitcoin node's supervisor with a dynamic supervisor and start recursively spreading through the Bitcoin peer-to-peer network!
May 21, 2018

Beefing Up our Bitcoin Node with Connection – Let's beef up the resiliency of our Elixir-based Bitcoin node by incorporating some connection retry behavior.
May 14, 2018

Reversing BIP-39 and the Power of Property Testing – In which an attempt to reverse the BIP-39 encoding algorithm sends me down a debugging rabbit hole, and the power of property testing shows me the light.
May 7, 2018

Connecting an Elixir Node to the Bitcoin Network – Let's use the tools provided by the Elixir programming language to connect to a node on Bitcoin's peer-to-peer ad-hoc network. Hello, Bitcoin!
Apr 23, 2018

Hex Dumping with Elixir – Is it better to call out to an existing external tool, or roll your own solution to a problem? Climb down this rabbit hole with me as we implement a hex dump utility in Elixir.
Apr 9, 2018

Building Mixed Endian Binaries with Elixir – Working with mixed-endian binaries is something we rarely have to think about as web developers. When it does come up, Elixir thankfully ships with the perfect tools for the job.
Mar 19, 2018

Mining for Mnemonic Haiku with Elixir – What are some interesting things we can do with the BIP-39 mnemonic generator we built in a previous article? How about mine for structurally sound mnemonic haiku?!
Mar 5, 2018

From Bytes to Mnemonic using Elixir – Bitcoin's BIP-39 is a clever algorithm for transforming random binaries into easy to remember mnemonics. Let's flex our programming muscles and implement it using Elixir!
Feb 19, 2018

Property Testing our Base58Check Encoder with an External Oracle – Property-based testing is an amazingly powerful tool to add to your testing toolbox. Check out how we can use it to verify the correctness of our Base58Check encoder against an external oracle.
Feb 12, 2018

Mining for Bitcoin Vanity Addresses with Elixir – In this article we'll our Bitcoin private key generator to mine for vanity addresses. Once we've built our naive solution, we'll add a drop of Elixir and parallelize the implementation.
Feb 5, 2018

Generating Bitcoin Private Keys and Public Addresses with Elixir – Elixir ships with the tools required to generate a cryptographically secure private key and transform it into a public address. Check out this step-by-step walkthrough.
Jan 22, 2018

Bitcoin's Base58Check in Pure Elixir – Elixir ships out of the box with nearly all of the tools required to generate Bitcoin private keys and transform them into public addresses. All except one. In this article we implement the missing piece of the puzzle: Base58Check encoding.
Jan 8, 2018

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Sep 18, 2017

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Sep 4, 2017

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
May 24, 2016

Black Box Meteor

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Jun 29, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Apr 24, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Apr 15, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Blockchain

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Sep 18, 2017

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Sep 4, 2017

Books

Do you know that a man is not dead while his name is still spoken? – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 25, 2017

Grokking the Y Combinator with Elixir – The Y combinator is something to be marveled over. Dive into this amazing contraption with me as we build it from the ground up with simple Elixir anonymous functions.
Oct 30, 2017

Intentionally Learning Elixir – How I've fast-tracked my absorption of Elixir through intentional learning.
Dec 19, 2016

CSS

Throw Back Thursday: Julia Sets with Sass – Have you ever thought about generating a Julia set from nothing but HTML and CSS? I have...
Dec 18, 2014

Aspect Ratio Media Queries – Aspect ratio media queries can be used to create interesting and incredibly useful layouts. Check out this example.
Dec 16, 2014

CrossView Fun With CSS – CrossView illusions are an interesting way of hiding information in plain sight.
Nov 2, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Sep 24, 2014

Channels

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Aug 22, 2016

Clojure

Golfing for FizzBuzz in Clojure and Elixir – Let's take a look at an interesting Clojure-based solution to the FizzBuzz problem and see if we can eloquently restate it using Elixir.
Jul 9, 2018

Codewars

The Captain's Distance Request – This Literate Commits post solves a code kata related to finding the distance between two points on earth using the heversine formula. Here be dragons!
Aug 10, 2016

Nesting Structure Comparison – How do we determine if two array share the same nested structure? This Literate Commits code kata dives deep into the solution.
Aug 3, 2016

Molecule to Atoms – Let's go back to chemistry class and figure out how to break a molecule into its component elements in this Javascript Literate Commits code kata.
Jul 27, 2016

Point in Polygon – Is this point in this polygon? This Literate Commits articles explores one possible solution to this code kata.
Jul 20, 2016

Delete Occurrences of an Element – Let's build up our Test Driven Development chops with this simple Javascript code kata written in the Literate Commits style.
Jul 11, 2016

Computer Science

Grokking the Y Combinator with Elixir – The Y combinator is something to be marveled over. Dive into this amazing contraption with me as we build it from the ground up with simple Elixir anonymous functions.
Oct 30, 2017

What if Elixir were Homoiconic? – Despite what some people say, Elixir is not a homoiconic language. This articles explores what the language would look like if it were.
Aug 7, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Jun 26, 2017

Debugging

Rum Boogie Café – Character encodings have long been the bane of software developers. Read about the lengths I recently went to in order to debug a character encoding issue.
Nov 6, 2017

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Feb 9, 2015

Laravel Queue's Sleep Contributes to its Timeout – Follow along as I track down a bug in Laravel's queue system.
Oct 23, 2014

Deployment

Upgrade Releases With Edeliver – Edeliver simplifies the process of building and deploying upgrade releases for your Elixir and Phoenix applications.
Jan 23, 2017

Simplifying Elixir Releases With Edeliver – Edeliver simplifies the process of building and deploying standard releases for your Elixir and Phoenix applications.
Jan 16, 2017

Upgrade Releases With Distillery – Use Distillery to build and deploy hot-upgrades to your Elixir and Phoenix applications through the process of upgrade releases.
Jan 9, 2017

Deploying Elixir Applications with Distillery – Use Distillery to build and deploy your Elixir and Phoenix applications.
Dec 26, 2016

Development Environment

Joining the Tiling WM Master Race – Tiling window managers aren't well-known outside of the Linux ricing community, but they're an incredibly powerful tool for a developer looking to improve their efficiency.
Dec 15, 2014

Elixir

Golfing for FizzBuzz in Clojure and Elixir – Let's take a look at an interesting Clojure-based solution to the FizzBuzz problem and see if we can eloquently restate it using Elixir.
Jul 9, 2018

Ping, Pong, and Unresponsive Bitcoin Nodes – The last step in maintaining our pool of Bitcoin peer nodes is to detect and remove unresponsive nodes from our network.
Jul 9, 2018

Limiting Peers with DynamicSupervisor Options – We can simplify our Bitcoin node's peer management code by letting Elixir do the heavy lifting for us! Let's dive into the `:max_children`{:.language-elixir} option and see how it can help us.
Jun 18, 2018

Generating Test Fixtures with Wireshark – Wireshark can be an invaluable tool for testing the parsing and serializing of a well-known binary protocol. Check out how we can use binary fixtures exported from Wireshark to test our Elixir-based Bitcoin protocol parser and serializer.
Jun 11, 2018

Be Careful Using With in Tests – Elixir's 'with' special form is a fantastic tool, but be careful using it in tests. Read all about how my incorrect usage of 'with' lead to a false positive in my test suite!
Jun 4, 2018

Spreading Through the Bitcoin Network – Let's replace our Bitcoin node's supervisor with a dynamic supervisor and start recursively spreading through the Bitcoin peer-to-peer network!
May 21, 2018

Beefing Up our Bitcoin Node with Connection – Let's beef up the resiliency of our Elixir-based Bitcoin node by incorporating some connection retry behavior.
May 14, 2018

Reversing BIP-39 and the Power of Property Testing – In which an attempt to reverse the BIP-39 encoding algorithm sends me down a debugging rabbit hole, and the power of property testing shows me the light.
May 7, 2018

Connecting an Elixir Node to the Bitcoin Network – Let's use the tools provided by the Elixir programming language to connect to a node on Bitcoin's peer-to-peer ad-hoc network. Hello, Bitcoin!
Apr 23, 2018

Hex Dumping with Elixir – Is it better to call out to an existing external tool, or roll your own solution to a problem? Climb down this rabbit hole with me as we implement a hex dump utility in Elixir.
Apr 9, 2018

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Building Mixed Endian Binaries with Elixir – Working with mixed-endian binaries is something we rarely have to think about as web developers. When it does come up, Elixir thankfully ships with the perfect tools for the job.
Mar 19, 2018

Mining for Mnemonic Haiku with Elixir – What are some interesting things we can do with the BIP-39 mnemonic generator we built in a previous article? How about mine for structurally sound mnemonic haiku?!
Mar 5, 2018

From Bytes to Mnemonic using Elixir – Bitcoin's BIP-39 is a clever algorithm for transforming random binaries into easy to remember mnemonics. Let's flex our programming muscles and implement it using Elixir!
Feb 19, 2018

Property Testing our Base58Check Encoder with an External Oracle – Property-based testing is an amazingly powerful tool to add to your testing toolbox. Check out how we can use it to verify the correctness of our Base58Check encoder against an external oracle.
Feb 12, 2018

Mining for Bitcoin Vanity Addresses with Elixir – In this article we'll our Bitcoin private key generator to mine for vanity addresses. Once we've built our naive solution, we'll add a drop of Elixir and parallelize the implementation.
Feb 5, 2018

Generating Bitcoin Private Keys and Public Addresses with Elixir – Elixir ships with the tools required to generate a cryptographically secure private key and transform it into a public address. Check out this step-by-step walkthrough.
Jan 22, 2018

Bitcoin's Base58Check in Pure Elixir – Elixir ships out of the box with nearly all of the tools required to generate Bitcoin private keys and transform them into public addresses. All except one. In this article we implement the missing piece of the puzzle: Base58Check encoding.
Jan 8, 2018

Things I Learned During the Advent of Code – This year's Advent of Code has come and gone. I had a lot of fun solving each of this year's challenges with Elixir.
Jan 1, 2018

Do you know that a man is not dead while his name is still spoken? – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 25, 2017

Generating Sequences with Elixir Streams – Elixir streams can be amazingly useful tools for generating potentially infinite sequences of data. Learn about three useful stream functions that can be used to generate complex enumerable sequences.
Dec 11, 2017

Fleshing out URLs with Elixir – Step one of crawling a web page is getting a fully fleshed out URL pointing to that page. Unfortunately, people usually think of URLs in fuzzy, incomplete terms. Thankfully, fleshing out the missing details is simple with Elixir.
Dec 11, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Grokking the Y Combinator with Elixir – The Y combinator is something to be marveled over. Dive into this amazing contraption with me as we build it from the ground up with simple Elixir anonymous functions.
Oct 30, 2017

Learning to Crawl - Building a Bare Bones Web Crawler with Elixir – Roll up your sleaves and get ready to build a fully function (but feature limited) web crawler using Elixir.
Oct 9, 2017

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Oct 2, 2017

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Sep 18, 2017

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Sep 4, 2017

What if Elixir were Homoiconic? – Despite what some people say, Elixir is not a homoiconic language. This articles explores what the language would look like if it were.
Aug 7, 2017

Recurring Tasks in Elixir – Today we're digging into the details of how to program recurring tasks in Elixir using GenServers. Behold the Fruit Printer 🍉.
Jul 17, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Jun 26, 2017

GenServers and Memory Images: A Match Made in Heaven – Elixir's GenServers are the perfect tool for implementing Memory Images — a powerful replacement for storing state in conventional databases.
Jun 19, 2017

Have You Tried Just Using a Function? – This articles how refacting a complex set of GenServers and Supervisors into simple functions saved me quite a bit of frustration and opened the doors to new functionality.
May 29, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Inject Detect Progress Report – Peek into the inner workings of Inject Detect, an Elixir and React-powered security SaaS application, in this progress report.
May 1, 2017

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Apr 24, 2017

Who Needs Lodash When You Have Elixir? – Watch how Elixir's standard library outclasses Javascript's Lodash in day-to-day tasks.
Apr 17, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Create React App with Phoenix – Skip brunch today and use Create React App to lay the foundation for the front-end of your next Elixir and Phoenix project.
Apr 3, 2017

How am I Building Inject Detect? – Here's a high-level architectural and technilogical outline for how I plan to build out the Inject Detect application.
Mar 20, 2017

My Favorite Pattern Revisited – Elixir's 'with' special form is a powerful tool that can lead to some elegant patterns in your code. Let's look at a few examples.
Feb 27, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Build Your Own Code Poster with Elixir – I used Elixir to merge together a client's logo with the code we'd worked together to develop. The result was a beautiful code poster and this open source Elixir project.
Feb 13, 2017

Playing the Game of Life with Elixir Processes – Explore the concept of life and death with Elixir processes by implementing Conway's Game of Life where each cell is a living Elixir process.
Feb 6, 2017

My Favorite Pattern Without a Name – I've been notice a recurring pattern in modern open source projects and even my own Elixir code, but strangely, this pattern doesn't seem to have a name.
Jan 30, 2017

Upgrade Releases With Edeliver – Edeliver simplifies the process of building and deploying upgrade releases for your Elixir and Phoenix applications.
Jan 23, 2017

Simplifying Elixir Releases With Edeliver – Edeliver simplifies the process of building and deploying standard releases for your Elixir and Phoenix applications.
Jan 16, 2017

Upgrade Releases With Distillery – Use Distillery to build and deploy hot-upgrades to your Elixir and Phoenix applications through the process of upgrade releases.
Jan 9, 2017

Deploying Elixir Applications with Distillery – Use Distillery to build and deploy your Elixir and Phoenix applications.
Dec 26, 2016

Intentionally Learning Elixir – How I've fast-tracked my absorption of Elixir through intentional learning.
Dec 19, 2016

How to use MongoDB With Elixir - Revisited – A recent upgrade to Elixir's MongoDB package requires that we revisit how we interact with the database through Elixir.
Dec 5, 2016

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Nov 21, 2016

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Nov 16, 2016

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Nov 14, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Nov 9, 2016

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

How to Use MongoDB with Elixir – What is the best way to use MongoDB as your primary database in a Phoenix or Elixir application? This article explores a few options.
Oct 31, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Oct 26, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Oct 19, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Oct 12, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Oct 5, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Sep 21, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Sep 7, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Aug 31, 2016

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Aug 22, 2016

Advent of Code: Not Quite Lisp – This Literate Commits post solves a Lisp-flavored code kata using Elixir!
Aug 17, 2016

Meteor in Front, Phoenix in Back - Part 1 – Part one of our Meteor in Front, Phoenix in Back series. Let's put our mad scientist hats on and transplant a Meteor front-end into a Phoenix application!
Aug 15, 2016

Event Sourcing

GenServers and Memory Images: A Match Made in Heaven – Elixir's GenServers are the perfect tool for implementing Memory Images — a powerful replacement for storing state in conventional databases.
Jun 19, 2017

Have You Tried Just Using a Function? – This articles how refacting a complex set of GenServers and Supervisors into simple functions saved me quite a bit of frustration and opened the doors to new functionality.
May 29, 2017

Inject Detect Progress Report – Peek into the inner workings of Inject Detect, an Elixir and React-powered security SaaS application, in this progress report.
May 1, 2017

Experiments

Being John Malkovich on Twitter – I've created a script that injects a healthy dose of empathy injected into your Twitter experience. Experience what it's like being John Malkovich on Twitter.
Nov 13, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Build Your Own Code Poster with Elixir – I used Elixir to merge together a client's logo with the code we'd worked together to develop. The result was a beautiful code poster and this open source Elixir project.
Feb 13, 2017

Playing the Game of Life with Elixir Processes – Explore the concept of life and death with Elixir processes by implementing Conway's Game of Life where each cell is a living Elixir process.
Feb 6, 2017

Recursive Components with Meteor and Polymer – Let's put on our mad scientist hats and build a Cantor set using recursive components in both Meteor and Polymer.
Mar 30, 2015

Throw Back Thursday: Julia Sets with Sass – Have you ever thought about generating a Julia set from nothing but HTML and CSS? I have...
Dec 18, 2014

CrossView Fun With CSS – CrossView illusions are an interesting way of hiding information in plain sight.
Nov 2, 2014

Firebase

Firebase! - T.U.S.T.A.C.R. Part 2 – Follow along as I build out the back-end of a URL shortener built using Firebase!
Oct 1, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Sep 24, 2014

Game of Life

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Playing the Game of Life with Elixir Processes – Explore the concept of life and death with Elixir processes by implementing Conway's Game of Life where each cell is a living Elixir process.
Feb 6, 2017

Git

Rewriting History – Is your Git-foo strong enough to change the past? Let's explore some advanced techniques for modifying the commit history of a Git repository.
Sep 12, 2016

Private Package Problems – What's the best way to manage private Meteor packages? Let's compare the pros and cons of a few different potential solutions.
May 11, 2015

Git Bisect and Commit History – Git's bisect tool is a powerhouse of a tool that often doesn't get the love it deserves.
Sep 16, 2014

GraphQL

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Jul 24, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Apollo Client with Elixir's Absinthe – Explore how Elixir's Absinthe GraphQL library can be used to fuel a front-end application built around Apollo Client.
Nov 21, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

Grunt

Building Ms. Estelle Marie – Recently I spent some time customizing a Wordpress template for a client. Here's a quick rundown of my process and impressions.
Nov 12, 2014

Chrome LiveReload Extension and Remote Machines – The Chrome LiveReload plugin doesn't work well with remote development servers. Here's a workaround.
Nov 5, 2014

My Concurrent Jekyll Gruntfile – Use concurrency to simultaneously run multiple Grunt commands.
Aug 28, 2014

Infrastructure

Namecheap + Amazon S3 – Namecheap and Amazon's S3 are a match made in heaven. Follow these steps to get both working together seamlessly.
Sep 23, 2014

Inject Detect

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GenServers and Memory Images: A Match Made in Heaven – Elixir's GenServers are the perfect tool for implementing Memory Images — a powerful replacement for storing state in conventional databases.
Jun 19, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Inject Detect Progress Report – Peek into the inner workings of Inject Detect, an Elixir and React-powered security SaaS application, in this progress report.
May 1, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

How am I Building Inject Detect? – Here's a high-level architectural and technilogical outline for how I plan to build out the Inject Detect application.
Mar 20, 2017

Why Security? – Why should we, as software developers, be concerned about the security of the software they write? Because everything we do depends on it.
Mar 13, 2017

Inject Detect - Coming Soon! – I've decided to put my knowledge into practice and build an application called Inject Detect to detect NoSQL Injection attacks as they happen.
Mar 6, 2017

J

Making Noise with J – Let's try to make music with the J programming language and a handful of other helpful tools and utilities.
Jul 2, 2018

Writing Mandelbrot Fractals with Hooks and Forks – J's hooks and forks allow us to write solutions to problems exactly as we'd express them using the English language. Let's demonstrate by rendering a Mandelbrot fractal!
Apr 16, 2018

J's Low-level Obfuscation Leads to Higher Levels of Clarity – It's argued that J is a "write-only" programming language because of its extreme terseness and complexity of syntax. I'm starting to warm up the the idea that it might be more readable than it first lets on.
Mar 19, 2018

Javascriot

The Ecstasy of Testing – You dive in, equipped with nothing more than a creeping dissatisfaction and a passing test suite...
Aug 18, 2015

Javascript

Modeling Formulas with Recursive Discriminators – I ran into an interesting problem recently where I needed to model a nested set of either/or sub-schemas. With some creative thinking and a healthy dose of recursion, Mongoose's discriminator feature turned out to be just the tool for the job.
May 28, 2018

The Headache and Heartache of Unhandled Rejections – Out of the box, Node.js doesn't do much to deal with unhandled promise rejections. This can lead to a world of hurt when trying to debug these rejections in your application. Thankfully, we have the tools to fix the problem!
Mar 12, 2018

Hacking Prototypal Inheritance for Fun and Profit – Abuse of prototypal inheritance can allow attackers to exploit your application in various ways. Learn what to watch out for, and how to prevent vulnerabilities.
Jan 29, 2018

Being John Malkovich on Twitter – I've created a script that injects a healthy dose of empathy injected into your Twitter experience. Experience what it's like being John Malkovich on Twitter.
Nov 13, 2017

Rum Boogie Café – Character encodings have long been the bane of software developers. Read about the lengths I recently went to in order to debug a character encoding issue.
Nov 6, 2017

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Jul 24, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Jun 26, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

Who Needs Lodash When You Have Elixir? – Watch how Elixir's standard library outclasses Javascript's Lodash in day-to-day tasks.
Apr 17, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

Can Meteor Applications be "Mobile Only?" – What does it mean to be "mobile only", and can a Meteor application ever be restricted to a mobile-only build?
Oct 17, 2016

How to Safely Store Application Links – Does your application give users the ability to link to arbitray external URLs? You may be exposing your users to an unnecessary vulnerability.
Oct 10, 2016

Accounts is Everything Meteor Does Right – Meteor's Accounts system is one of Meteor's most killer features, and one of the reasons I find it difficult to leave the framework.
Oct 3, 2016

My Kingdom for Transactions – Transactions are an incredibly undervalued tool in a developer's toolbox. They're often not missed until they're desperately needed. By then, it may be too late.
Sep 26, 2016

Clone Meteor Collection References – Ever wanted to have two different sets of helpers attached to a single Meteor collection? It's more complicated than you may think.
Sep 19, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Sep 5, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Aug 29, 2016

The Captain's Distance Request – This Literate Commits post solves a code kata related to finding the distance between two points on earth using the heversine formula. Here be dragons!
Aug 10, 2016

Module Import Organization – Now that Meteor supports native modules, imports, and exports... Where do we put everything?
Aug 8, 2016

Nesting Structure Comparison – How do we determine if two array share the same nested structure? This Literate Commits code kata dives deep into the solution.
Aug 3, 2016

Method Imports and Exports – When we define Meteor methods and publication in modules, what do we export? This articles dives into that question and more.
Aug 1, 2016

Molecule to Atoms – Let's go back to chemistry class and figure out how to break a molecule into its component elements in this Javascript Literate Commits code kata.
Jul 27, 2016

Mocha's Grep Flag – Today I learned about Mocha's grep flag; an insanely useful tool for quickly isolating individual tests of groups of tests.
Jul 25, 2016

Point in Polygon – Is this point in this polygon? This Literate Commits articles explores one possible solution to this code kata.
Jul 20, 2016

Meteor's Nested Import Controversy – Meteor has introduced Reify that allows the importing of modules within a nested code block. Are we still writing Javascript?
Jul 17, 2016

Delete Occurrences of an Element – Let's build up our Test Driven Development chops with this simple Javascript code kata written in the Literate Commits style.
Jul 11, 2016

Winston and Meteor 1.3 – Due to the intricacies of Meteor's build system, integrating Winston into your Meteor project is more difficult that it seems at first glance.
Jul 4, 2016

Node Vulnerability Scanners in a 1.3 World – Using NPM packages in your Meteor project opens you up to a world of vulnerabilities. How can you be sure you're using secure packages?
Jun 20, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

MongoDB With Serverless – Using MongoDB from an AWS Lambda function is more difficult than you may expect. Here's one possible solution.
Jun 6, 2016

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
May 24, 2016

The Missing Link In Meteor's Rate Limiter – It's possible to carry out a Denial of Service attack against a Meteor application by flooding it with subscriptions. Check out how you can protect yourself.
May 16, 2016

Transitioning to Modules With Global Imports – Transitioning your entire Meteor application towards using imports is a time-consuming and error-prone process. Thankfully, there's a middle way.
May 9, 2016

Meteor Unit Testing With Testdouble.js – Smooth out your Meteor testing experience with Testdouble.js.
May 2, 2016

Blaze Meets Clusterize.js – Blaze can be slow when rendering hundreds of elements. Speed it up with Clusterize.js!
Apr 18, 2016

CollectionFS Safety Considerations – Allowing file uploads to your applications opens you up to a world of potential vulnerabilities. Make sure you're protected.
Apr 4, 2016

Bypassing Package-Based Basic Auth – Are you using Basic Auth to protect your Meteor application? You're probably not protecting your DDP endpoint. Find out how to fix it.
Mar 28, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Stored XSS and Unexpected Unsafe-Eval – Event your Content Security Policy can't save you from stored Cross Site Scripting attacks.
Mar 14, 2016

Cross Site Scripting Through jQuery Components – Your application may be correctly sanitizing user-provided input, but are your jQuery components? Watch out for Cross Site Scripting attacks!
Mar 7, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Scripting With MongoDB – Scripting with Javascript is an often overlooked, but incredibly powerful feature of MongoDB. Take advantage of it!
Jan 25, 2016

Unit Testing With Meteor 1.3 – Meteor's official testing solution, Velocity, is just too slow. Check out how to use ES6 modules and Mocha to write lightning fast unit tests!
Dec 21, 2015

Building Check-Checker as a Meteor Plugin – Let's use Meteor's Build Plugin API to refactor our Check Checker package into a plugin.
Nov 23, 2015

Sorting By Ownership With MongoDB – This post explores the problem of crafting a difficult query in MongoDB. Use your tools; don't let your tools use you.
Nov 16, 2015

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Nov 9, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Oct 19, 2015

Slimming Down Fat Models – While fat models are better than fat controllers, sometimes your models need to trim the fat as well. Event-based architectures may be the solution to your troubles.
Oct 5, 2015

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Sep 28, 2015

Exporting ES6 Classes From Meteor Packages – How do you export ES6 classes from Meteor packages? This articles dives into the topic.
Sep 23, 2015

Never Forget Where Your Code Runs – Part of designing a secure software solution is being aware of your client and server boundaries. This is especially important with working with isometric systems.
Sep 21, 2015

Counting Fields With Mongo Aggregations – How would you write a MongoDB query to cound the number of fields in a set of documents? Let's dive into a solution!
Sep 14, 2015

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Sep 7, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Aug 31, 2015

Hijacking Meteor Accounts by Sniffing DDP – Meteor accounts can be hijacked by an attacker listening for your credentials as they fly across the wire. Find out how to protect your application.
Aug 23, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Aug 10, 2015

Returning Promises Synchronously – I often find myself tasked with returning promises synchronously from Meteor fibers. I've written a Meteor package that helps with the task.
Aug 3, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Jul 21, 2015

Why Is Rename Disallowed? – The MongoDB 'rename' operator is disallowed in Meteor client-side queries. Let's explore why that may be.
Jul 14, 2015

Basic Auth For Hiding Your Application – Basic authentication is a great way to quickly lock down an application from prying eyes. Learn the ins and outs.
Jul 6, 2015

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Jun 29, 2015

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Jun 22, 2015

Authentication with localStorage – Authentication through localStorage has the handy property of being CSRF-proof. Find out what that means and why it matters in this article!
Jun 8, 2015

Keep It Secret, Keep It Safe – Are you accidentally leaking your application's secrets to the client? It's more likely than you may think.
May 25, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
May 18, 2015

Meteor Security in the Wild – Read along with this deep hands-on dive into a vulnerability I found in a client's production Meteor application.
May 5, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Apr 24, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Apr 15, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Apr 6, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Materialize Highs and Lows – Materialize is a CSS frameworks with its ups and downs. Here are my experiences.
Mar 25, 2015

User Fields and Universal Publications – Universal publications are a piece of black magic that are often brushed under the rug of Meteor applications. Learn what they are and how they're used in this question and answer style article.
Mar 16, 2015

Meteor Composability – It can be difficult to build a truly composable application using Meteor's out-of-the-box front-end framework. Here are a few tips and tricks.
Mar 9, 2015

Customizable Meteor Navbar with Orion CMS – Let's extend the Meteor-based Orion CMS with our own customizable navbar.
Mar 2, 2015

Custom Categories with Meteor's Orion CMS – Let's extend the Meteor-based Orion CMS with our own custom categories.
Feb 23, 2015

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Feb 9, 2015

Suffixer! Find Meaningful Unregistered Domains – Suffixer is a tool designed to find meaningful unregistered domains for your latest project.
Feb 2, 2015

Mongo Text Search with Meteor – MongoDB text searches can offer significant performance boosts over simple regular expression based queries.
Jan 26, 2015

The Dangers of Debouncing Meteor Subscriptions – Debouncing Meteor subscriptions can lead to subtle bugs. Let's explore those bugs and find out how to prevent them in your application.
Jan 19, 2015

Custom Block Helpers and Meteor Composability – Custom block helpers can help you build more composable Meteor front-ends. This article can help you master them.
Jan 13, 2015

BYO Meteor Package – Follow along as I build and publish my first Meteor package!
Dec 22, 2014

My Meteor Hello World - countwith.me – My first application made with Meteor, countwith.me, is a simple distributed counting application. How high can the internet count?
Dec 8, 2014

Chrome LiveReload Extension and Remote Machines – The Chrome LiveReload plugin doesn't work well with remote development servers. Here's a workaround.
Nov 5, 2014

Firebase! - T.U.S.T.A.C.R. Part 2 – Follow along as I build out the back-end of a URL shortener built using Firebase!
Oct 1, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Sep 24, 2014

Smart Forms - Automate and Build Your Own Tools! – Sometimes it's the code you throw away that's the most valuable. Here's a story about how a one-off tool built quickly and poorly saved a client hundreds of hours of billable work.
Sep 4, 2014

Javscript

Allow & Deny Challenge - Check Yourself – Can you write an air-tight set of allow & deny rules? Take a look at Sacha Greif's challange, try it for yourself, and take a look at my solution.
Jun 15, 2015

Jekyll

Zapier Named Variables - Scheduling Posts Part 2 – Zapier named variables can help you schedule posts to a Jekyll based blog. Find out how!
Jan 5, 2015

Scheduling Posts with Jekyll, Github Pages & Zapier – Find out how I'm using Zapier to schedule posts to my Jekyll-powered blog hosted on Github Pages!
Dec 29, 2014

My Concurrent Jekyll Gruntfile – Use concurrency to simultaneously run multiple Grunt commands.
Aug 28, 2014

Prism.js and Github Pages – This blog is build using Jekyll and hosted on Github Pages. This presents certain difficulties when paired with the Prism.js syntax highlighter.
Aug 27, 2014

Katas

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Oct 2, 2017

Laravel

Laravel Queue's Sleep Contributes to its Timeout – Follow along as I track down a bug in Laravel's queue system.
Oct 23, 2014

Laravel 4.2 Command "Queue:Restart" is Not Defined – A sudden anomalous skipe in CPU usage led me down the rabbit hole of debugging an issue with my Laravel configuration. Follow along in this article.
Oct 15, 2014

Literate Commits

Formatting with Vim Scripts – Vim has become the cornerstone of my day-to-day work as a software developer. Check out how I use Vim scripts to format articles and posts.
Oct 16, 2017

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Nov 16, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Nov 9, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Oct 26, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Oct 19, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Oct 12, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Oct 5, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Sep 21, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Rewriting History – Is your Git-foo strong enough to change the past? Let's explore some advanced techniques for modifying the commit history of a Git repository.
Sep 12, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Sep 7, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Aug 31, 2016

Advent of Code: Not Quite Lisp – This Literate Commits post solves a Lisp-flavored code kata using Elixir!
Aug 17, 2016

The Captain's Distance Request – This Literate Commits post solves a code kata related to finding the distance between two points on earth using the heversine formula. Here be dragons!
Aug 10, 2016

Nesting Structure Comparison – How do we determine if two array share the same nested structure? This Literate Commits code kata dives deep into the solution.
Aug 3, 2016

Molecule to Atoms – Let's go back to chemistry class and figure out how to break a molecule into its component elements in this Javascript Literate Commits code kata.
Jul 27, 2016

Point in Polygon – Is this point in this polygon? This Literate Commits articles explores one possible solution to this code kata.
Jul 20, 2016

Literate Commits – Literate Commits is a new take on the concept of Donald Knuth's Literate Programming that tells a story through your repository's commit history.
Jul 11, 2016

Delete Occurrences of an Element – Let's build up our Test Driven Development chops with this simple Javascript code kata written in the Literate Commits style.
Jul 11, 2016

Markdown

Formatting with Vim Scripts – Vim has become the cornerstone of my day-to-day work as a software developer. Check out how I use Vim scripts to format articles and posts.
Oct 16, 2017

Mastering Bitcoin

Mining for Mnemonic Haiku with Elixir – What are some interesting things we can do with the BIP-39 mnemonic generator we built in a previous article? How about mine for structurally sound mnemonic haiku?!
Mar 5, 2018

From Bytes to Mnemonic using Elixir – Bitcoin's BIP-39 is a clever algorithm for transforming random binaries into easy to remember mnemonics. Let's flex our programming muscles and implement it using Elixir!
Feb 19, 2018

Property Testing our Base58Check Encoder with an External Oracle – Property-based testing is an amazingly powerful tool to add to your testing toolbox. Check out how we can use it to verify the correctness of our Base58Check encoder against an external oracle.
Feb 12, 2018

Mining for Bitcoin Vanity Addresses with Elixir – In this article we'll our Bitcoin private key generator to mine for vanity addresses. Once we've built our naive solution, we'll add a drop of Elixir and parallelize the implementation.
Feb 5, 2018

Generating Bitcoin Private Keys and Public Addresses with Elixir – Elixir ships with the tools required to generate a cryptographically secure private key and transform it into a public address. Check out this step-by-step walkthrough.
Jan 22, 2018

Bitcoin's Base58Check in Pure Elixir – Elixir ships out of the box with nearly all of the tools required to generate Bitcoin private keys and transform them into public addresses. All except one. In this article we implement the missing piece of the puzzle: Base58Check encoding.
Jan 8, 2018

Controlling a Bitcoin Node with Elixir – Explore how to communicate with a Bitcoin full node through its JSON-RPC interface from an Elixir application.
Sep 4, 2017

Meta

Let's Get Personal – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 18, 2017

A New Look For East5th – The East5th page has been given a face lift! Same old content, fresh new look.
Jun 27, 2016

Home Sweet Home in Chattanooga – I've officially relocated to Chattanooga, Tennessee!
Jan 18, 2016

Giving Thanks – It's been a little over a year since I started experimenting with Meteor. In that time it has given me the confidence to start successfully working for myself. Thanks Meteor!
Nov 30, 2015

Good Night 1pxsolidtomato – The name '1pxsolidtomato' is no more. But this site and all of its content will live on!
Jun 10, 2015

Announcing East5th! – I've decided to start working for myself under the name of 'East5th'!
Feb 4, 2015

Meteor

Visualizing the Oplog with Splunk – In an attempt to track down the cause of a mysterious spike in CPU consumption in a Meteor application, I decided to plot a time series chart of Mongo's Oplog collection.
Apr 30, 2018

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Hacking Prototypal Inheritance for Fun and Profit – Abuse of prototypal inheritance can allow attackers to exploit your application in various ways. Learn what to watch out for, and how to prevent vulnerabilities.
Jan 29, 2018

Secure Meteor – I'm announcing a new project: Secure Meteor! Learn to how to secure your Meteor application from a Meteor security professional. This easy to understand and actionable guide will teach you the ins and outs of Meteor security.
Jan 15, 2018

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Nov 14, 2016

Can Meteor Applications be "Mobile Only?" – What does it mean to be "mobile only", and can a Meteor application ever be restricted to a mobile-only build?
Oct 17, 2016

How to Safely Store Application Links – Does your application give users the ability to link to arbitray external URLs? You may be exposing your users to an unnecessary vulnerability.
Oct 10, 2016

Accounts is Everything Meteor Does Right – Meteor's Accounts system is one of Meteor's most killer features, and one of the reasons I find it difficult to leave the framework.
Oct 3, 2016

Clone Meteor Collection References – Ever wanted to have two different sets of helpers attached to a single Meteor collection? It's more complicated than you may think.
Sep 19, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Sep 5, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Aug 29, 2016

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Aug 22, 2016

Meteor in Front, Phoenix in Back - Part 1 – Part one of our Meteor in Front, Phoenix in Back series. Let's put our mad scientist hats on and transplant a Meteor front-end into a Phoenix application!
Aug 15, 2016

Module Import Organization – Now that Meteor supports native modules, imports, and exports... Where do we put everything?
Aug 8, 2016

Method Imports and Exports – When we define Meteor methods and publication in modules, what do we export? This articles dives into that question and more.
Aug 1, 2016

Meteor's Nested Import Controversy – Meteor has introduced Reify that allows the importing of modules within a nested code block. Are we still writing Javascript?
Jul 17, 2016

Winston and Meteor 1.3 – Due to the intricacies of Meteor's build system, integrating Winston into your Meteor project is more difficult that it seems at first glance.
Jul 4, 2016

Node Vulnerability Scanners in a 1.3 World – Using NPM packages in your Meteor project opens you up to a world of vulnerabilities. How can you be sure you're using secure packages?
Jun 20, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

Anatomy of an Assessment – What are Meteor security assessments? How do they work and what can I expect?
May 30, 2016

The Missing Link In Meteor's Rate Limiter – It's possible to carry out a Denial of Service attack against a Meteor application by flooding it with subscriptions. Check out how you can protect yourself.
May 16, 2016

Transitioning to Modules With Global Imports – Transitioning your entire Meteor application towards using imports is a time-consuming and error-prone process. Thankfully, there's a middle way.
May 9, 2016

Meteor Unit Testing With Testdouble.js – Smooth out your Meteor testing experience with Testdouble.js.
May 2, 2016

Blaze Meets Clusterize.js – Blaze can be slow when rendering hundreds of elements. Speed it up with Clusterize.js!
Apr 18, 2016

CollectionFS Safety Considerations – Allowing file uploads to your applications opens you up to a world of potential vulnerabilities. Make sure you're protected.
Apr 4, 2016

Bypassing Package-Based Basic Auth – Are you using Basic Auth to protect your Meteor application? You're probably not protecting your DDP endpoint. Find out how to fix it.
Mar 28, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Stored XSS and Unexpected Unsafe-Eval – Event your Content Security Policy can't save you from stored Cross Site Scripting attacks.
Mar 14, 2016

Cross Site Scripting Through jQuery Components – Your application may be correctly sanitizing user-provided input, but are your jQuery components? Watch out for Cross Site Scripting attacks!
Mar 7, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.
Feb 15, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Feb 8, 2016

Sending Emails Through Hidden Methods – Even if your methods aren't published to the client, they can still be called by malicious users to send emails or do other nefarious things.
Feb 1, 2016

Unit Testing With Meteor 1.3 – Meteor's official testing solution, Velocity, is just too slow. Check out how to use ES6 modules and Mocha to write lightning fast unit tests!
Dec 21, 2015

Meteor Club Q&A on Security – I had a great time on Josh Owens' Meteor Club Q&A talking about Meteor security. Be sure to checkout the Youtube recording.
Dec 14, 2015

Scanning Meteor Projects for Node Vulnerabilities – Meteor applications can make use of Node.js packages, which opens them up to a world of vulnerabilities. Protect yourself by learning how to scan those packages for known vulnerabilities.
Dec 7, 2015

Giving Thanks – It's been a little over a year since I started experimenting with Meteor. In that time it has given me the confidence to start successfully working for myself. Thanks Meteor!
Nov 30, 2015

Building Check-Checker as a Meteor Plugin – Let's use Meteor's Build Plugin API to refactor our Check Checker package into a plugin.
Nov 23, 2015

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Nov 9, 2015

Meteor Space Camp – Last month I had the opportunity to go to Space Camp! No, not that kind of space camp...
Nov 2, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Oct 19, 2015

Package Scan Community Contributions – Package Scan is getting some love from the community!
Oct 13, 2015

Slimming Down Fat Models – While fat models are better than fat controllers, sometimes your models need to trim the fat as well. Event-based architectures may be the solution to your troubles.
Oct 5, 2015

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Sep 28, 2015

Exporting ES6 Classes From Meteor Packages – How do you export ES6 classes from Meteor packages? This articles dives into the topic.
Sep 23, 2015

Never Forget Where Your Code Runs – Part of designing a secure software solution is being aware of your client and server boundaries. This is especially important with working with isometric systems.
Sep 21, 2015

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Sep 7, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Aug 31, 2015

Hijacking Meteor Accounts by Sniffing DDP – Meteor accounts can be hijacked by an attacker listening for your credentials as they fly across the wire. Find out how to protect your application.
Aug 23, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Aug 10, 2015

Returning Promises Synchronously – I often find myself tasked with returning promises synchronously from Meteor fibers. I've written a Meteor package that helps with the task.
Aug 3, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Jul 21, 2015

Why Is Rename Disallowed? – The MongoDB 'rename' operator is disallowed in Meteor client-side queries. Let's explore why that may be.
Jul 14, 2015

Basic Auth For Hiding Your Application – Basic authentication is a great way to quickly lock down an application from prying eyes. Learn the ins and outs.
Jul 6, 2015

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Jun 29, 2015

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Jun 22, 2015

Allow & Deny Challenge - Check Yourself – Can you write an air-tight set of allow & deny rules? Take a look at Sacha Greif's challange, try it for yourself, and take a look at my solution.
Jun 15, 2015

Authentication with localStorage – Authentication through localStorage has the handy property of being CSRF-proof. Find out what that means and why it matters in this article!
Jun 8, 2015

Keep It Secret, Keep It Safe – Are you accidentally leaking your application's secrets to the client? It's more likely than you may think.
May 25, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
May 18, 2015

Private Package Problems – What's the best way to manage private Meteor packages? Let's compare the pros and cons of a few different potential solutions.
May 11, 2015

Meteor Security in the Wild – Read along with this deep hands-on dive into a vulnerability I found in a client's production Meteor application.
May 5, 2015

Meteor Package Scan – Are you using Meteor packages with known security vulnerabilities? Package Scan will tell you.
Apr 27, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Apr 24, 2015

Discover Meteor - Mentoring Session – I'll be hosting a Discover Meteor mentor section. Stop by and ask questions!
Apr 20, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Apr 15, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Apr 6, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Recursive Components with Meteor and Polymer – Let's put on our mad scientist hats and build a Cantor set using recursive components in both Meteor and Polymer.
Mar 30, 2015

User Fields and Universal Publications – Universal publications are a piece of black magic that are often brushed under the rug of Meteor applications. Learn what they are and how they're used in this question and answer style article.
Mar 16, 2015

Meteor Composability – It can be difficult to build a truly composable application using Meteor's out-of-the-box front-end framework. Here are a few tips and tricks.
Mar 9, 2015

Customizable Meteor Navbar with Orion CMS – Let's extend the Meteor-based Orion CMS with our own customizable navbar.
Mar 2, 2015

Custom Categories with Meteor's Orion CMS – Let's extend the Meteor-based Orion CMS with our own custom categories.
Feb 23, 2015

Meteor and Mongod.lock – Crashing Meteor applications can sometimes wreak havok on your MongoDB lock file. Learn how to fix that problem in this article.
Feb 16, 2015

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Feb 9, 2015

Suffixer! Find Meaningful Unregistered Domains – Suffixer is a tool designed to find meaningful unregistered domains for your latest project.
Feb 2, 2015

Mongo Text Search with Meteor – MongoDB text searches can offer significant performance boosts over simple regular expression based queries.
Jan 26, 2015

The Dangers of Debouncing Meteor Subscriptions – Debouncing Meteor subscriptions can lead to subtle bugs. Let's explore those bugs and find out how to prevent them in your application.
Jan 19, 2015

Custom Block Helpers and Meteor Composability – Custom block helpers can help you build more composable Meteor front-ends. This article can help you master them.
Jan 13, 2015

BYO Meteor Package – Follow along as I build and publish my first Meteor package!
Dec 22, 2014

My Meteor Hello World - countwith.me – My first application made with Meteor, countwith.me, is a simple distributed counting application. How high can the internet count?
Dec 8, 2014

Meteor First Impressions – This video summarizes my first impressions of the Meteor framework. Wow!
Dec 2, 2014

Mobile

Can Meteor Applications be "Mobile Only?" – What does it mean to be "mobile only", and can a Meteor application ever be restricted to a mobile-only build?
Oct 17, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Aug 29, 2016

MongoDB

Modeling Formulas with Recursive Discriminators – I ran into an interesting problem recently where I needed to model a nested set of either/or sub-schemas. With some creative thinking and a healthy dose of recursion, Mongoose's discriminator feature turned out to be just the tool for the job.
May 28, 2018

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

How am I Building Inject Detect? – Here's a high-level architectural and technilogical outline for how I plan to build out the Inject Detect application.
Mar 20, 2017

How to use MongoDB With Elixir - Revisited – A recent upgrade to Elixir's MongoDB package requires that we revisit how we interact with the database through Elixir.
Dec 5, 2016

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

How to Use MongoDB with Elixir – What is the best way to use MongoDB as your primary database in a Phoenix or Elixir application? This article explores a few options.
Oct 31, 2016

A Five Minute Introduction to NoSQL Injection – What is NoSQL Injection? How does it affect my application? How can I prevent it? This five minute guide will tell you everything you need to know.
Oct 24, 2016

My Kingdom for Transactions – Transactions are an incredibly undervalued tool in a developer's toolbox. They're often not missed until they're desperately needed. By then, it may be too late.
Sep 26, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Sep 5, 2016

MongoDB With Serverless – Using MongoDB from an AWS Lambda function is more difficult than you may expect. Here's one possible solution.
Jun 6, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Feb 8, 2016

Scripting With MongoDB – Scripting with Javascript is an often overlooked, but incredibly powerful feature of MongoDB. Take advantage of it!
Jan 25, 2016

Sorting By Ownership With MongoDB – This post explores the problem of crafting a difficult query in MongoDB. Use your tools; don't let your tools use you.
Nov 16, 2015

Counting Fields With Mongo Aggregations – How would you write a MongoDB query to cound the number of fields in a set of documents? Let's dive into a solution!
Sep 14, 2015

Meteor and Mongod.lock – Crashing Meteor applications can sometimes wreak havok on your MongoDB lock file. Learn how to fix that problem in this article.
Feb 16, 2015

Mongo Text Search with Meteor – MongoDB text searches can offer significant performance boosts over simple regular expression based queries.
Jan 26, 2015

Mongoose

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Monkey Patching

Intercepting All Queries in a Meteor Application – Find out how to write a Meteor package to interecept all queries sent to MongoDB using a technique called monkey patching.
Mar 27, 2017

Music

Making Noise with J – Let's try to make music with the J programming language and a handful of other helpful tools and utilities.
Jul 2, 2018

NoSQL Injection

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Inject Detect - Coming Soon! – I've decided to put my knowledge into practice and build an application called Inject Detect to detect NoSQL Injection attacks as they happen.
Mar 6, 2017

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

A Five Minute Introduction to NoSQL Injection – What is NoSQL Injection? How does it affect my application? How can I prevent it? This five minute guide will tell you everything you need to know.
Oct 24, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.
Feb 15, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Feb 8, 2016

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Nov 9, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Oct 19, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Aug 31, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Aug 10, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Jul 21, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
May 18, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Apr 6, 2015

Node.js

The Headache and Heartache of Unhandled Rejections – Out of the box, Node.js doesn't do much to deal with unhandled promise rejections. This can lead to a world of hurt when trying to debug these rejections in your application. Thankfully, we have the tools to fix the problem!
Mar 12, 2018

Rum Boogie Café – Character encodings have long been the bane of software developers. Read about the lengths I recently went to in order to debug a character encoding issue.
Nov 6, 2017

Using GraphQL Schema Types with Apollo Server – It can be difficult using raw GraphQL schema types in conjection with Apollo's server-side tools. This article digs into the pros and cons of a potential solution.
Sep 25, 2017

Advanced MongoDB Query Batching with DataLoader and Sift – DataLoader and Sift.js are a powerful duo when it comes to implementing advanced caching strategies for your GraphQL queries.
Aug 21, 2017

Batching GraphQL Queries with DataLoader – Learn how to avoid the dreaded N+1 problem and optimize your GraphQL queries with DataLoader and MongoDB.
Aug 14, 2017

Distributed Systems Are Hard – Distributed systems are incredibly difficult to build and even more difficult to build correctly. Let's explore some common pitfalls of common scaling practices.
Jun 26, 2017

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
May 24, 2016

Offline

Offline GraphQL Mutations with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline mutations to your Apollo and GraphQL-based front-end application.
Jul 31, 2017

Offline GraphQL Queries with Redux Offline and Apollo – Use Redux Offline and Redux Persist to add support for offline queries to your Apollo and GraphQL-based front-end application.
Jul 24, 2017

PHP

Building Ms. Estelle Marie – Recently I spent some time customizing a Wordpress template for a client. Here's a quick rundown of my process and impressions.
Nov 12, 2014

Laravel Queue's Sleep Contributes to its Timeout – Follow along as I track down a bug in Laravel's queue system.
Oct 23, 2014

Laravel 4.2 Command "Queue:Restart" is Not Defined – A sudden anomalous skipe in CPU usage led me down the rabbit hole of debugging an issue with my Laravel configuration. Follow along in this article.
Oct 15, 2014

Passwordless

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Apr 24, 2017

Phoenix

Do you know that a man is not dead while his name is still spoken? – I've decided to move away from the East5th name and start publishing everything I do under my name: Pete Corey.
Dec 25, 2017

User Authentication Kata with Elixir and Phoenix – Practical code katas are a tool to practice valuable web development skills in an applicable way. Start practicing with this user authentication kata.
Oct 2, 2017

Exploring the Bitcoin Blockchain with Elixir and Phoenix – Let's use the Phoenix framework and our Bitcoin node interface to build a basic Bitcoin blockchain explorer!
Sep 18, 2017

GraphQL Authentication with Apollo and React – Let's build out the front-end authentication functionality of a React, and Apollo, and Absinthe-powered Elixir application.
May 15, 2017

GraphQL Authentication with Elixir and Absinthe – Let's build out the back-end authentication functionality of an Absinthe-powered Elixir and Phoenix application.
May 8, 2017

Passwordless Authentication with Phoenix Tokens – Passwordless authentication is a powerful new paradigm for authentication workflows. Learn how to implement passwordless in an Elixir and Phoenix application.
Apr 24, 2017

Using Apollo Client with Elixir's Absinthe – Apollo client seamlessly integrates with Elixir's Absinthe framework to create an unbelievable powerful GraphQL stack with minimal fuss.
Apr 10, 2017

Using Create React App with Phoenix – Skip brunch today and use Create React App to lay the foundation for the front-end of your next Elixir and Phoenix project.
Apr 3, 2017

Rendering Life on a Canvas with Phoenix Channels – Watch Conway's Game of Life come to life on an HTML5 canvas using an Elixir umbrella application and Phoenix channels.
Feb 20, 2017

Upgrade Releases With Edeliver – Edeliver simplifies the process of building and deploying upgrade releases for your Elixir and Phoenix applications.
Jan 23, 2017

Simplifying Elixir Releases With Edeliver – Edeliver simplifies the process of building and deploying standard releases for your Elixir and Phoenix applications.
Jan 16, 2017

Upgrade Releases With Distillery – Use Distillery to build and deploy hot-upgrades to your Elixir and Phoenix applications through the process of upgrade releases.
Jan 9, 2017

Deploying Elixir Applications with Distillery – Use Distillery to build and deploy your Elixir and Phoenix applications.
Dec 26, 2016

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Nov 16, 2016

Basic Meteor Authentication in Phoenix – Learn how to use the front-end portion of Meteor's accounts and authentication system with an Elixir and Phoenix backend.
Nov 14, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Nov 9, 2016

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

How to Use MongoDB with Elixir – What is the best way to use MongoDB as your primary database in a Phoenix or Elixir application? This article explores a few options.
Oct 31, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Oct 26, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Oct 19, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Oct 12, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Oct 5, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Sep 21, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Sep 7, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Aug 31, 2016

Meteor in Front, Phoenix in Back - Part 2 – Part two of our Meteor in Front, Phoenix in Back series. Today we finish up our Franken-stack by wiring our front-end up to an actual database with Phoenix Channels.
Aug 22, 2016

Meteor in Front, Phoenix in Back - Part 1 – Part one of our Meteor in Front, Phoenix in Back series. Let's put our mad scientist hats on and transplant a Meteor front-end into a Phoenix application!
Aug 15, 2016

Phoenix Todos

Phoenix Todos - Public and Private Lists – Part eleven of our 'Phoenix Todos' Literate Commits series. Implementing public and private lists.
Nov 16, 2016

Phoenix Todos - Authorized Sockets – Part ten of our 'Phoenix Todos' Literate Commits series. Implementing authorization over Phoenix sockets.
Nov 9, 2016

Phoenix Todos - Updating and Deleting – Part nine of our 'Phoenix Todos' Literate Commits series. Updating and deleting items in our todo list.
Oct 26, 2016

Phoenix Todos - Adding Lists and Tasks – Part eight of our 'Phoenix Todos' Literate Commits series. Building out support for adding todo lists and tasks to those lists.
Oct 19, 2016

Phoenix Todos - Preloading Todos – Part seven of our 'Phoenix Todos' Literate Commits series. Populating our todo lists with Ecto's preload feature.
Oct 12, 2016

Phoenix Todos - Public Lists – Part six of our 'Phoenix Todos' Literate Commits series. Sending public lists down to the client.
Oct 5, 2016

Phoenix Todos - Finishing Authentication – Part five of our 'Phoenix Todos' Literate Commits series. Finishing up authentication.
Sep 28, 2016

Phoenix Todos - Transition to Redux – Part four of our 'Phoenix Todos' Literate Commits series. Replacing Meteor's front-end Accounts system with Redux.
Sep 21, 2016

Phoenix Todos - Back-end Authentication – Part three of our 'Phoenix Todos' Literate Commits series. Buiding out our back-end authentication solution.
Sep 14, 2016

Phoenix Todos - The User Model – Part two of our 'Phoenix Todos' Literate Commits series. Building out our user model.
Sep 7, 2016

Phoenix Todos - Static Assets – Part one of our 'Phoenix Todos' Literate Commits series. Transplanting static assets to kick off our project.
Aug 31, 2016

Polymer

Recursive Components with Meteor and Polymer – Let's put on our mad scientist hats and build a Cantor set using recursive components in both Meteor and Polymer.
Mar 30, 2015

Process

Why Security? – Why should we, as software developers, be concerned about the security of the software they write? Because everything we do depends on it.
Mar 13, 2017

Anatomy of an Assessment – What are Meteor security assessments? How do they work and what can I expect?
May 30, 2016

Smart Forms - Automate and Build Your Own Tools! – Sometimes it's the code you throw away that's the most valuable. Here's a story about how a one-off tool built quickly and poorly saved a client hundreds of hours of billable work.
Sep 4, 2014

Programming Languages

Writing Mandelbrot Fractals with Hooks and Forks – J's hooks and forks allow us to write solutions to problems exactly as we'd express them using the English language. Let's demonstrate by rendering a Mandelbrot fractal!
Apr 16, 2018

J's Low-level Obfuscation Leads to Higher Levels of Clarity – It's argued that J is a "write-only" programming language because of its extreme terseness and complexity of syntax. I'm starting to warm up the the idea that it might be more readable than it first lets on.
Mar 19, 2018

Python

Hide Menu: My First Sublime Text Plugin – I've created a Sublime Text plugin to scratch an itch, and I documented the whole process.
Dec 24, 2014

React

Using Create React App with Phoenix – Skip brunch today and use Create React App to lay the foundation for the front-end of your next Elixir and Phoenix project.
Apr 3, 2017

SVG

The Quest for Scalable SVG Text – Creating an SVG with scalable text presents more challenges than you would expect. Especially when you're trying to shoot for full browser compatibility.
Oct 8, 2014

Responsive SVG Height Issue – I recently faced an issue with responsive SVGs not sizing correctly. Here's how I came up with a solution.
Sep 9, 2014

Security

Shutting Down and Open Sourcing Inject Detect – It's with a heavy heart that I'm announcing that my security-focused SaaS application, Inject Detect, is shutting down.
Apr 2, 2018

Hacking Prototypal Inheritance for Fun and Profit – Abuse of prototypal inheritance can allow attackers to exploit your application in various ways. Learn what to watch out for, and how to prevent vulnerabilities.
Jan 29, 2018

Secure Meteor – I'm announcing a new project: Secure Meteor! Learn to how to secure your Meteor application from a Meteor security professional. This easy to understand and actionable guide will teach you the ins and outs of Meteor security.
Jan 15, 2018

Inject Detect is Live! – Inject Detect, a tool designed to detect NoSQL Injection attacks as they happen, has been released!
Sep 11, 2017

Inject Detect is Launching Soon – It's been a long, tumultuous road building Inject Detect, but the end is in sight; Inject Detect is launching soon!
Aug 28, 2017

Detecting NoSQL Injection – Check out how Inject Detect uses the structures of the MongoDB queries made by your application to detect NoSQL Injection attacks as they happen.
Jul 10, 2017

What is NoSQL Injection? – NoSQL Injection is an attack that can be leveraged to gain complete control over the queries run against your database. Inject Detect aims to prevent it.
Jul 3, 2017

GraphQL NoSQL Injection Through JSON Types – GraphQL servers are not safe from the threat of NoSQL Injection attacks. This article explores how unchecked JSON types can be exploited by malicious users.
Jun 12, 2017

NoSQL Injection in Kadira – I discovered and disclosed a NoSQL Injection vulnerability in the open-sourced Kadira project. Let's disect it and see how it could have been prevented.
May 22, 2017

Why Security? – Why should we, as software developers, be concerned about the security of the software they write? Because everything we do depends on it.
Mar 13, 2017

Inject Detect - Coming Soon! – I've decided to put my knowledge into practice and build an application called Inject Detect to detect NoSQL Injection attacks as they happen.
Mar 6, 2017

NoSQL Injection in Phoenix Applications – Phoenix applications using MongoDB as a data store are susceptible to NoSQL Injection attacks. Learn what they are and how to preven them.
Nov 7, 2016

A Five Minute Introduction to NoSQL Injection – What is NoSQL Injection? How does it affect my application? How can I prevent it? This five minute guide will tell you everything you need to know.
Oct 24, 2016

How to Safely Store Application Links – Does your application give users the ability to link to arbitray external URLs? You may be exposing your users to an unnecessary vulnerability.
Oct 10, 2016

Querying Non-Existent MongoDB Fields – In MongoDB, documents without set values for fields will match queries looking for a null value. Check out how this quirk exposes subtle vulnerabilities in Meteor applications.
Sep 5, 2016

Assessing Mobile Meteor Applications – How do I carry out security assessments against mobile-only Meteor applications? The same way I carry out any other security assessment!
Aug 29, 2016

Node Vulnerability Scanners in a 1.3 World – Using NPM packages in your Meteor project opens you up to a world of vulnerabilities. How can you be sure you're using secure packages?
Jun 20, 2016

NoSQL Injection and GraphQL – Are GraphQL applications vulnerable to NoSQL Injection attacks? Check out how a fully fleshed out schema can protect you and your data!
Jun 13, 2016

Anatomy of an Assessment – What are Meteor security assessments? How do they work and what can I expect?
May 30, 2016

The Missing Link In Meteor's Rate Limiter – It's possible to carry out a Denial of Service attack against a Meteor application by flooding it with subscriptions. Check out how you can protect yourself.
May 16, 2016

CollectionFS Safety Considerations – Allowing file uploads to your applications opens you up to a world of potential vulnerabilities. Make sure you're protected.
Apr 4, 2016

Bypassing Package-Based Basic Auth – Are you using Basic Auth to protect your Meteor application? You're probably not protecting your DDP endpoint. Find out how to fix it.
Mar 28, 2016

NoSQL Injection in Modern Web Applications – Check out my presentation at the 2016 Crater Remote Conference for an in-depth overview of NoSQL Injection in Modern Web Applications!
Mar 21, 2016

Stored XSS and Unexpected Unsafe-Eval – Event your Content Security Policy can't save you from stored Cross Site Scripting attacks.
Mar 14, 2016

Cross Site Scripting Through jQuery Components – Your application may be correctly sanitizing user-provided input, but are your jQuery components? Watch out for Cross Site Scripting attacks!
Mar 7, 2016

Why You Should Always Check Your Arguments – Here's a video of the talk I gave at Meteor Space Camp in 2016 outlining the dangers of NoSQL Injection.
Feb 29, 2016

Method Auditing Revisited – How would a malicious user find vulnerabilities in your Meteor methods? Put on your black hat and find out.
Feb 15, 2016

Preparing for the Crater Conference – Be sure to buy your tickets to the 2016 Crater Remote Conference to hear my talk on NoSQL Injection in Modern Web Applications!
Feb 8, 2016

Sending Emails Through Hidden Methods – Even if your methods aren't published to the client, they can still be called by malicious users to send emails or do other nefarious things.
Feb 1, 2016

Meteor Club Q&A on Security – I had a great time on Josh Owens' Meteor Club Q&A talking about Meteor security. Be sure to checkout the Youtube recording.
Dec 14, 2015

Scanning Meteor Projects for Node Vulnerabilities – Meteor applications can make use of Node.js packages, which opens them up to a world of vulnerabilities. Protect yourself by learning how to scan those packages for known vulnerabilities.
Dec 7, 2015

Building Check-Checker as a Meteor Plugin – Let's use Meteor's Build Plugin API to refactor our Check Checker package into a plugin.
Nov 23, 2015

Why I Can't Wait For ES6 Proxies – Proxies will open the door for new advances in Javascript security. To say I'm excited is an understatement.
Nov 9, 2015

Rename Your Way To Admin Rights – MongoDB's rename operator can be used for great evil is left unchecked. Dive into this vulnerability exploration for a detailed example and remediation.
Oct 19, 2015

Package Scan Community Contributions – Package Scan is getting some love from the community!
Oct 13, 2015

Package Scan Web Tool – Package Scan is now available as an easy-to-use web tool. Drag and drop your versions file to see if your application is vulnerable.
Sep 28, 2015

Never Forget Where Your Code Runs – Part of designing a secure software solution is being aware of your client and server boundaries. This is especially important with working with isometric systems.
Sep 21, 2015

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Sep 7, 2015

Incomplete Argument Checks – Incomplete argument checks are one of the primary causes of NoSQL Injection attacks in Meteor applications.
Aug 31, 2015

Hijacking Meteor Accounts by Sniffing DDP – Meteor accounts can be hijacked by an attacker listening for your credentials as they fly across the wire. Find out how to protect your application.
Aug 23, 2015

DOS Your Meteor Application With Where – MongoDB's 'where' operator can be used by malicious users to wreak serious havok on your database. Learn to protect yourself.
Aug 10, 2015

Check-Checker Checks Your Checks – Check-Checker is a package that looks for missing or incomplete calls to 'check' in your Meteor methods and publications. It's a powerful tool in the fight against NoSQL Injection.
Jul 27, 2015

Exploiting findOne to Aggregate Collection Data – With some clever querying, 'findOne' MongoDB queries can be explored to aggregate an entire collection's worth of data on behalf of an attacking user.
Jul 21, 2015

Why Is Rename Disallowed? – The MongoDB 'rename' operator is disallowed in Meteor client-side queries. Let's explore why that may be.
Jul 14, 2015

Basic Auth For Hiding Your Application – Basic authentication is a great way to quickly lock down an application from prying eyes. Learn the ins and outs.
Jul 6, 2015

Black Box Meteor - Shared Validators – Validator functions for Meteor collections belong on the server. Find out why from a hands-on perspective.
Jun 29, 2015

Meteor Club Podcast - Talking Security – Josh Owens, Ben Strahan, Dean Radcliffe, and I sat down recently and talked shop about Meteor and Meteor security. Be sure to listen!
Jun 22, 2015

Allow & Deny Challenge - Check Yourself – Can you write an air-tight set of allow & deny rules? Take a look at Sacha Greif's challange, try it for yourself, and take a look at my solution.
Jun 15, 2015

Authentication with localStorage – Authentication through localStorage has the handy property of being CSRF-proof. Find out what that means and why it matters in this article!
Jun 8, 2015

Keep It Secret, Keep It Safe – Are you accidentally leaking your application's secrets to the client? It's more likely than you may think.
May 25, 2015

Mongo's Multi Parameter Saves the Day – The 'multi' flag on MongoDB's update operator just narrowly prevented a vulnerability in this application. Check out this rundown for the details.
May 18, 2015

Meteor Security in the Wild – Read along with this deep hands-on dive into a vulnerability I found in a client's production Meteor application.
May 5, 2015

Meteor Package Scan – Are you using Meteor packages with known security vulnerabilities? Package Scan will tell you.
Apr 27, 2015

Black Box Meteor - Package Scanning – A malicious user can view a list of package being used by your Meteor application from the client.
Apr 24, 2015

Black Box Meteor - Method Auditing – Malicious users can view the entire contents of every Meteor method defined in a shared location. Be sure your methods are secure!
Apr 15, 2015

NoSQL Injection - Or, Always Check Your Arguments! – NoSQL Injection is a very common vulnerability found in Meteor applications. Find out what it is and how you can protect your application with this article.
Apr 6, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Serverless

MongoDB With Serverless – Using MongoDB from an AWS Lambda function is more difficult than you may expect. Here's one possible solution.
Jun 6, 2016

AWS Lambda First Impressions – In which we build a Bitcoin-generating money bot and deploy it to AWS Lambda for free!
May 24, 2016

Splunk

Visualizing the Oplog with Splunk – In an attempt to track down the cause of a mysterious spike in CPU consumption in a Meteor application, I decided to plot a time series chart of Mongo's Oplog collection.
Apr 30, 2018

Stripe

Behold the Power of GraphQL – The ability to seamlessly spread your data across many different data stores is a game-changing and under-explored feature of GraphQL.
Jun 5, 2017

Testing

Generating Test Fixtures with Wireshark – Wireshark can be an invaluable tool for testing the parsing and serializing of a well-known binary protocol. Check out how we can use binary fixtures exported from Wireshark to test our Elixir-based Bitcoin protocol parser and serializer.
Jun 11, 2018

Be Careful Using With in Tests – Elixir's 'with' special form is a fantastic tool, but be careful using it in tests. Read all about how my incorrect usage of 'with' lead to a false positive in my test suite!
Jun 4, 2018

Method Imports and Exports – When we define Meteor methods and publication in modules, what do we export? This articles dives into that question and more.
Aug 1, 2016

Mocha's Grep Flag – Today I learned about Mocha's grep flag; an insanely useful tool for quickly isolating individual tests of groups of tests.
Jul 25, 2016

Meteor Unit Testing With Testdouble.js – Smooth out your Meteor testing experience with Testdouble.js.
May 2, 2016

Unit Testing With Meteor 1.3 – Meteor's official testing solution, Velocity, is just too slow. Check out how to use ES6 modules and Mocha to write lightning fast unit tests!
Dec 21, 2015

The Ecstasy of Testing – You dive in, equipped with nothing more than a creeping dissatisfaction and a passing test suite...
Aug 18, 2015

Meteor Velocity: Down the Debugging Rabbit Hole – Dive down a debugging rabbit hole with me as we identify and fix a bug in the Velocity test framework.
Feb 9, 2015

Tools

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Video

Firebase! - T.U.S.T.A.C.R. Part 2 – Follow along as I build out the back-end of a URL shortener built using Firebase!
Oct 1, 2014

Frontend Workflow - T.U.S.T.A.C.R. Part 1 – Follow along as I build out the front-end of a URL shortener built using Firebase!
Sep 24, 2014

Vim

Formatting with Vim Scripts – Vim has become the cornerstone of my day-to-day work as a software developer. Check out how I use Vim scripts to format articles and posts.
Oct 16, 2017

Web Crawling

Fleshing out URLs with Elixir – Step one of crawling a web page is getting a fully fleshed out URL pointing to that page. Unfortunately, people usually think of URLs in fuzzy, incomplete terms. Thankfully, fleshing out the missing details is simple with Elixir.
Dec 11, 2017

Crawling for Cash with Affiliate Crawler – I've created a new tool called Affiliate Crawler that's designed to crawl through your written web content, looking for affiliate and referral marketing opportunities.
Nov 20, 2017

Learning to Crawl - Building a Bare Bones Web Crawler with Elixir – Roll up your sleaves and get ready to build a fully function (but feature limited) web crawler using Elixir.
Oct 9, 2017

Wordpress

Building Ms. Estelle Marie – Recently I spent some time customizing a Wordpress template for a client. Here's a quick rundown of my process and impressions.
Nov 12, 2014

Writing

Fear is the Mind Killer – I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration.
Feb 26, 2018

The Ecstasy of Testing – You dive in, equipped with nothing more than a creeping dissatisfaction and a passing test suite...
Aug 18, 2015

XSS

Hijacking Meteor Accounts With XSS – Cross Site Scripting attacks are especially dangerous in Meteor applications. Watch how an XSS vulnerability can lead to privilege escalation.
Sep 7, 2015

Black Box Meteor - Triple Brace XSS – Meteor's 'tripple braces' are a primary source of Cross Site Scripting vulnerabilities in your application. Learn how an attacker can find them in your application.
Apr 3, 2015

Zapier

Zapier Named Variables - Scheduling Posts Part 2 – Zapier named variables can help you schedule posts to a Jekyll based blog. Find out how!
Jan 5, 2015

Scheduling Posts with Jekyll, Github Pages & Zapier – Find out how I'm using Zapier to schedule posts to my Jekyll-powered blog hosted on Github Pages!
Dec 29, 2014