Skip to content

Instantly share code, notes, and snippets.

View reverofevil's full-sized avatar

reverofevil

View GitHub Profile
@reverofevil
reverofevil / stop-using-jwts.md
Created April 20, 2026 04:48 — forked from samsch/stop-using-jwts.md
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@reverofevil
reverofevil / video_noob_guide.md
Created January 2, 2026 23:16 — forked from arch1t3cht/video_noob_guide.md
What you NEED to know before touching a video file

What you NEED to Know Before Touching a Video File

Hanging out in subtitling and video re-editing communities, I see my fair share of novice video editors and video encoders, and see plenty of them make the classic beginner mistakes when it comes to working with videos. A man can only read "Use Handbrake to convert your mkv to an mp4 :)" so many times before losing it, so I am writing this article to channel the resulting psychic damage into something productive.

If you are new to working with videos (or, let's face it, even if you aren't), please read through this guide to avoid making mistakes that can cost you lots of computing power, storage space, or video quality.

@reverofevil
reverofevil / optimizing-tagless-final.ts
Created July 19, 2018 23:20 — forked from gcanti/optimizing-tagless-final.ts
Optimizing Tagless Final, adapted from http://lukajcb.github.io/blog/functional/2018/01/03/optimizing-tagless-final.html
// Adapted from http://lukajcb.github.io/blog/functional/2018/01/03/optimizing-tagless-final.html
import { Applicative, Applicative1 } from 'fp-ts/lib/Applicative'
import { Apply, Apply1, Apply2C, applySecond, liftA4 } from 'fp-ts/lib/Apply'
import * as array from 'fp-ts/lib/Array'
import * as const_ from 'fp-ts/lib/Const'
import { HKT, Type, Type2, URIS, URIS2 } from 'fp-ts/lib/HKT'
import { IO, io, URI as IOURI } from 'fp-ts/lib/IO'
import { Option, some } from 'fp-ts/lib/Option'
import { getProductSemigroup, Semigroup } from 'fp-ts/lib/Semigroup'
@reverofevil
reverofevil / testgen.js
Created October 2, 2014 18:44 — forked from creationix/output.log
var slice = Array.prototype.slice;
function thunkify(fn) {
return function (/* args */) {
var args = slice.call(arguments);
return function (cb) {
var args1 = args;
args1.push(cb);
fn.apply(this, args1);
};
};
@reverofevil
reverofevil / flashpolicy.xml
Created July 30, 2014 12:53 — forked from mattcg/flashpolicy.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for xmlsocket://socks.example.com -->
<cross-domain-policy>
<!-- This is a master socket policy file -->
<!-- No other socket policies on the host will be permitted -->
<site-control permitted-cross-domain-policies="master-only"/>