Skip to content

Instantly share code, notes, and snippets.

@richzw
richzw / stop-using-jwts.md
Created June 17, 2026 04:12 — forked from samsch/stop-using-jwts.md
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@richzw
richzw / train_sdpo_pi_mono_minimal.py
Created June 5, 2026 02:42 — forked from burtenshaw/train_sdpo_pi_mono_minimal.py
SDPO self-distillation examples for badlogicgames/pi-mono: full HF Jobs + Trackio script and minimal educational script
# /// script
# dependencies = [
# "datasets>=3.0.0",
# "peft>=0.13.0",
# "torch",
# "transformers",
# "trl>=1.5.0",
# ]
# ///
func main() {
addr := flag.String("addr", ":4000", "HTTPS network address")
certFile := flag.String("certfile", "cert.pem", "certificate PEM file")
keyFile := flag.String("keyfile", "key.pem", "key PEM file")
flag.Parse()
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
if req.URL.Path != "/" {
http.NotFound(w, req)
@richzw
richzw / Dockerfile
Created March 9, 2022 04:48
DockerTest
FROM alpine:latest
RUN apk add -U libcap netcat-openbsd
RUN apk add --no-cache iptables ip6tables
RUN apk --no-cache add tcpdump
ENTRYPOINT ["sleep", "1h"]
@richzw
richzw / Dockerfile
Created March 9, 2022 04:06
Docker_test
FROM alpine:latest
RUN apk add -U libcap netcat-openbsd
RUN apk add --no-cache iptables ip6tables
RUN apk --no-cache add tcpdump
ENTRYPOINT ["sleep", "1h"]
public static void main(String[] args) throws IOException {
//create scope list with DataFlow's scopes
Set<String> scopeList = new HashSet<>();
scopeList.addAll(DataflowScopes.all());
GoogleCredentials credential = null;
try {
String curDir = Paths.get(".").toAbsolutePath().normalize().toString();
FileInputStream credFile = new FileInputStream(curDir + "/secrete.json");
PCollection<String> lines = pipeline.apply("readDataFromGCS",
TextIO.read().from("gcs path")
.watchForNewFiles(Duration.standardMinutes(2), Watch.Growth.never()));
PCollection<KV<String, Map<String, String>>> filter_event = lines.apply("ParseAndFilterFn", ParDo.of(new ParseAndFilterFn()));
PCollection<KV<String, Map<String, String>>> minute_window_events = filter_event.apply("MinuteFixwindow",
Window.<KV<String, Map<String, String>>>into(FixedWindows.of(Duration.standardMinutes(3)))
.triggering(AfterProcessingTime
.pastFirstElementInPane()
.plusDelayOf(Duration.standardMinutes(2)))
class RedisSink(object):
def __init__(self, host='localhost', port=6379, password=None, field=None):
self._host = host
self._port = port
self._field = field
self._password = password
self._client = None
self._pool = None
def _connect(self):

//file.js

C = require('./C.js')

console.log(typeof C);

module.exports = function() {
    //var c = new C();
	return {c: new C()};