Last active September 14, 2024 08:21
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens:

The reason to avoid JWTs comes down to a couple different points:

  The JWT specification is specifically designed only for very short-live tokens (~5 minute or less).
Created September 23, 2017 09:21
Convert seconds to a human readable representation
export function convertTime(seconds) {
var seconds = parseInt(seconds, 10)
var hours = Math.floor(seconds / 3600)
var minutes = Math.floor((seconds - (hours * 3600)) / 60)
var seconds = seconds - (hours * 3600) - (minutes * 60)
if ( !!hours ) {
if ( !!minutes ) {
return `${hours}h ${minutes}m ${seconds}s`
} else {
return `${hours}h ${seconds}s`
Last active September 17, 2024 22:50
How to add a collapsible section in markdown.

How to add a collapsible section in markdown

1. Example

Click me


  1. Foo
  2. Bar
    • Baz
  • Qux
Last active January 28, 2022 20:03
PowerShell script that imports a .pfx certificate file. Useful to do before building the solution on a build server. For more info, see
param([string] $PfxFilePath, $Password)
# You may provide a [string] or a [SecureString] for the $Password parameter.
$absolutePfxFilePath = Resolve-Path -Path $PfxFilePath
Write-Output "Importing store certificate '$absolutePfxFilePath'..."
Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($absolutePfxFilePath, $Password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
Last active July 22, 2024 04:03
한글과 유니코드

한글과 유니코드

유니코드에서 한글을 어떻게 다루는지를 정리하였다.


  • 유니코드(Unicode)는 전 세계의 모든 문자를 컴퓨터에서 일관되게 표현하고 다룰 수 있도록 설계된 산업 표준 (위키 백과)
  • 단순히 문자마다 번호를 붙임
  • 계속 업데이트되며 현재는 Unicode Version 9.0.0 이 최신이다.


  • 유니코드를 실제 파일 등에 어떻게 기록할 것인지를 표준화한 것이다.
Created March 8, 2016 11:28
Update an APNS certificate on SNS using aws CLI
aws sns set-platform-application-attributes --platform-application-arn "$arn" --attributes PlatformCredential="\"$(openssl pkcs12 -in "$p12" -nodes -nocerts)\"",PlatformPrincipal="\"$(openssl pkcs12 -in "$p12" -nodes -nokeys)\""
Last active September 12, 2024 00:09
Portable Node.js and NPM on windows
  1. Get node binary (node.exe) from
  2. Create the folder where node will reside and move node.exe to it
  3. Download the last zip version of npm from
  4. Unpack the zip inside the node folder
  5. Download the last tgz version of npm from
  6. Open the tgz file and unpack only the file bin/npm (without extension) directly on the node folder.
  7. Add the the node folder and the packages/bin folder to PATH
  8. On a command prompt execute npm install -g npm to update npm to the latest version

Now you can use npm and node from windows cmd or from bash shell like Git Bash of msysgit.

Last active April 3, 2024 03:24
Opening up mosh in firewalld using firewall-cmd

Mosh (mobile shell) is a gift from the Gods(tm). Anyone with spotty internet or wireless connection has suffered the pain of a lost SSH session. Sure, one can fire up screen (or tmux as the kids are using these days), but that's an extra step and you are still using the SSH protocol.

I'm not here to tout the benefits of Mosh, you came here to open it up in your firewall.

  1. Create the following file as /etc/firewalld/services/mosh.xml
  2. firewall-cmd --add-service=mosh --permanent
  3. firewall-cmd --reload

If you tend to have a lot of sessions (not recommended), you can increase the ports, but the default should be fine for most applications.

Last active August 22, 2020 07:15
node.js vm
Last active December 12, 2015 02:58
When I use JS Fiddle, I find myself wanting console.log() stuff to show up in the output pane as well as the actual JavaScript console.

When I use JS Fiddle, I find myself wanting console.log() stuff to show up in the output pane as well as the actual JavaScript console.

  • console(...) is the real console.log(...)
  • console.log(...) is the output pane + real console.log(...)
  • console.clear() deletes everything in the ol/ul tag.
  • console._ is mapped to the original browser console.
console.log('hello', 'world')