JSDoc configured

JSDoc is a way to put programmer documentation in Javascript code. It’s in the tradition of Doxygen , Javadoc, and C#’s documentation comments. And what a sorry tradition that is. Tools for extracting that kind of documentation and making, well, documents from it are just atrocious. (Set me straight in a comment if I’m wrong.)  … Read more

Handling errors in nodejs and express

Many people surely know all this by now. Still, here are some things I’ve recently learned about notifying clients (browsers, API clients) about errors. Delivering errors from route handlers to clients This is remarkably easy, once you figure it out. Just use the http-errors package. (Beware, not the http-error package; it does something different. Call … Read more

Stripe Elements data sequence diagram

Stripe.com’s Stripe Elements is a great way to handle payment card information in a way that slows down cybercreeps. It’s secure because customers only enter card numbers into Stripe-furnished iframes, never into forms on the site taking payments via Stripe. Here is the sequence diagram for how Stripe Elements handles data flow

Plant UML

Software designers sometimes need to present UML sequence diagrams like this one. This kind of thing is absurdly fiddly to draw with most graphics packages. But there’s a language called PlantUML that allows us to write them as text and render them in various software tools, including WordPress with the plugin called PlantUML Renderer. The … Read more

Jupyter on Raspberry pi

Jupyter is an excellent free open source package for literate programming, especially in Python. It’s nice because it keeps a good record of what you try in experimental programming. And it’s easy to tidy up your work when you figure out what you’ve done, and store or publish it. It’s also sweet because it’s a … Read more

Super simple Javascript Queue class

It’s tempting, when in a hurry, to create a queue object in Javascript with an array. To enqueue something, push() it onto the array. To dequeue it, shift() it off. It works. But it’s slow, because shift() takes O(n) time where n is the length of the queue. Kate Morely cooked up an almost-as-simple but … Read more

Yubico FIDO U2F key quick review

A few days ago I ordered some Yubico FIDO U2F security keys, after reading that they are a useful way to help secure various online accounts and keep intruders out. These used to cost US$20 each singly and $18  each in bulk.  The current (Dec 2020) product costs $24.50. They arrived, packaged inconspicously, promptly after … Read more

Strict liability for leaks of secrets

Can we learn anything from the past few years of leaked secrets? Sure, we can learn that some big-shot executives and elected officials are lazy and feckless. We can learn that software is brittle and needs diligent patching. We can learn that a determined person trying to exfiltrate data has a HUGE advantage over the … Read more

Should I encrypt columns in my web application’s database?

Somebody asked whether it’s a good idea to encrypt database columns in a web application. My answer: “It probably won’t help much.” Why? Figure out your threat model Best practice: figure out your threat model before you spend time and money securing your system. If you build complex security measures without a clear idea of … Read more