joepie91

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

• Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
• Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
• If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
• If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

saulshanabrook

This is a working example on how to store CryptoKeys locally in your browser. We are able to save the objects, without serializing them. This means we can keep them not exportable (which might be more secure?? not sure what attack vectors this prevents).

To try out this example, first make sure you are in a browser that has support for async...await and indexedDB (latest chrome canary with chrome://flags "Enable Experimental Javascript" works). Load some page and copy and paste this code into the console. Then call encryptDataSaveKey(). This will create a private/public key pair and encrypted some random data with the private key. Then save both of them. Now reload the page, copy in the code, and run loadKeyDecryptData(). It will load the keys and encrypted data and decrypt it. You should see the same data logged both times.

yoshuawuyts

const html = require('choo/html')
const css = require('sheetify')

// first we import all of tachyons, it's a design system and the class names
// are the interface
css('tachyons')

// Then we define some of our variables. This is just to show these values can
// be interpolated. Realistically only colors really have to be declared here
// as they're re-used. Almost all other values will only be declared once

atoponce

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

subfuzion

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

nolanlawson

Service Worker - offline support for the web

• Service Worker - Revolution of the Web Platform
• The Service Worker is Coming - Look Busy (vid)
• Service Workers: Dynamic Responsive Images using WebP Images
• Is Service Worker ready?

Progressive apps - high-res icon, splash screen, no URL bar, etc.

• Progressive Web Apps: Escaping Tabs Without Losing Our Soul

biilmann

Using NPM Private Modules on Netlify

Create a .npmrc file for your project like this:

//registry.npmjs.org/:_authToken=${NPM_TOKEN}

Then find your token inside the ~/.npmrc file in your home folder and set it as an NPM_TOKEN environment variable through netlify's admin UI.

max-mapper

Synchronization for Merkle graphs

abstract

intro

• Problem we’re solving: Efficient p2p Merkle DAG replication
• Proposed solution in a nutshell: Simplistic and symmetric protocol with reference implementation in Node.js

beaugunderson

from streams session

• end-of-stream - specify a callback to be called when a stream ends (which is surpsingly hard to get right)
• duplexify - compose a Duplex stream from a Readable and a Writable stream
• pump - pipe streams together and close all of them if one of them closes
• pumpify - combine an array of streams into a single duplex stream using pump and duplexify
• through2 - tools for making Transform streams
• from2 - tools for making Readable streams

from "participatory modules" session

edsu

The Apparatus of CongressEdits

Sometimes you write a piece of software and it gets used for purposes you didn't quite imagine at the time. Sometimes you write a piece of software and it unexpectedly rearranges your life. I'd like to tell you a quick story about a Twitter bot named @CongressEdits. It tweets when someone edits Wikipedia anonymously from the United States Congress. In this post I'll give you some background on how the bot came to be, what it has been used for so far, and how it works. @CongressEdits taught me how the world of archives intersects with the world of politics and journalism. To explain how that happened I first need to give a bit of background.

Wikipedia

According to [Alexa][alexa] wikipedia.org is the 6th most popular destination on the Web. You are probably used to seeing Wikipedia articles near the top of your Google search results. Wikipedia is the encyclopedia anyone can edit, so long as you can stomach [wikitext][wikitext] and revert wars. Wikipedia is also a platfor