While being Nodes most popular session management library, express-session has its set of flaws and weaknesses especially when it comes to security. This article will analyze the good and bad parts of express-session so that you can make an informed decision for your next app. We will be using a point system where one point will be awarded for performing well on a metric, and one will be deducted for bad performance. At the minimum, we want a positive number at the end of the analysis (and the higher the number is, the better). Here are the metrics we will be using:
Security: This is especially relevant because were talking about user session management.
Reliability and Correctness: It is imperative that the library takes care of technical issues like keeping its state consistent despite network or server failures and taking care of synchronizing its logic in a clustered environment.
App User experience: We want to use a library that can provide the right experience for your app users for example, does the library enable a user to be logged in for weeks or months whilst also providing good security?
Time to production: We will look at factors such as time to integrate the library into an app, available support, and ease of understanding of the library code.
Maintenance cost: We will assess the costs of maintaining the library over time.
For a background on why session security is important, read this blog post (Facebook, Docker, Gitlab have all had session vulnerabilities in the past 2 years). Session attacks can occur across 3 attack vectors; the frontend, in transit (over the internet), or on the backend.
We all have our favorite text editor, and are willing to defend its superiority above all other editors by any means necessary. And then there’s Notepad. But what Notepad may lack in text manipulation features, it compensates with its inconspicuous qualities as a gaming platform. Yes, you read that correctly, …read more
Apple TV Channels first launched last year as a way to watch content from many different service providers all in one app, meaning you wouldnt have to bounce around between different third-party apps to watch different content. Now, though, it seems HBO wants to push users to watch HBO Max content on the HBO Max app instead of through Apples.
If you already subscribe to HBO through Apple TVs Channels, you can apparently still see it in the Apple TV app, but it wont…
The humble ATmega328 microcontroller, usually packaged as an Arduino Uno, is the gateway drug for millions of people into the world of electronics and embedded programming. Some people just can’t pass up the challenge of seeing how far they can push the old workhorse, and it looks like [Guido PE1NNZ] …read more
HBO Max has arrived, bringing with it a precious few new original shows and an absolutely stuffed back catalog of terrific TV and movies. In addition to HBOs extremely good library, Max adds a mountain of content produced and / or licensed by parent company WarnerMedia, like Friends and the Harry Potter franchise. Its enough to please someone of every taste, but the more you dig, the more you find strange holes in the library and the more you realize its not really clear what HBO Max is supposed to offer.
These problems are clearest in the big, non-HBO umbrellas you find titles gathered under on HBO Max. DC, for example, is the place youd expect to find, well, the movies in the DC Extended Universe. Theyre mostly there! Except B…
From time to time a really bad post on a social network gets a lot of attention. Say a head of state falsely accuses a journalist of murder, or suggests that mail-in voting is illegal those would be pretty bad posts, I think, and most people working inside and outside of the social network could probably agree on that. In my experience, though, average people and tech people tend to think very differently about what to do about a post like that. Today I want to talk about why.
When an average person sees a very bad post on a social network, they may call for it to be removed immediately. They will justify this removal on moral grounds keeping the post up, they will say, is simply indecent. To leave it up would reflect poorly on the…
Sony and Naughty Dog showed off nearly 24 minutes of new footage for the highly anticipated The Last of Us Part II in a State of Play video today.
The Last of Us Part II seems to share a lot of similarities with the first game youll still be spending a lot of time crawling behind cover to hide from people or the zombie-like Infected. But todays video showed off some new features, including swinging on a rope to cross a chasm, riding a boat through a flooded area, and some improvements to crafting (including visual upgrades to your weapons). The video also showed Ellie swimming something the character didnt know how to do (and was actively scared of) in the first game.
Date: May 28 at 4pm PT / 7pm ET Register join the live Zoom session. You can also just tune into our youtube channel to watch the panel live when it happens. This weeks Plan C Live program features PRINTtoPROTECT, a grassroots effort of local makers working with community partners […]
If you’re out in the wilderness, having plenty of electricity on hand is a blessing. Eschewing fossil fuels, [LithiumSolar] is, as their name suggests, a fan of other technologies – undertaking the construction of a 3.5kWh solar generator that’s rugged and ready for the outdoors.
Apple is acquiring Fraggle Rocks past TV seasons ahead of a new reboot set to land on Apple TV Plus, signaling a potential strategy shift for a service that has thus far relied entirely on original content.
The new Fraggle Rock rebootis being created in partnership with the Jim Henson Company and will bring back characters from the original series for new songs and adventures, with the same spirit as the classic, according to a press release. Apple doesnt mention the licensing deal, but all 96 episodes that aired between 1983 and 1987 are currently available to stream. Vulture first reported the addition on Tuesday.
A Fraggle Rock reboot isnt too surprising; Apple cited the global fandom around its Fraggle Rock: Rock On! shorts…
GOG.com has kicked off its summer sale on DRM-free PC games, filled with deals on new and old titles. This sale lasts until June 15th. A few of the highlights include Metro Exodus for $20 and Prey: Digital Deluxe Edition, which includes the base game, its soundtrack, and the Mooncrash DLC for just $12. Divinity: Original Sin 2 – Definitive Edition is $22.50, which is an excellent price for such a huge game (and it supports cross-save with the Nintendo Switch version of the game).
In addition to discounting many more standalone games than we listed above, GOG is doing something interesting with this summers sale by letting you save even more on games that share a theme. For instance, buying three RPG titles or action games knocks an…
Augmented reality filters on Instagram are picking up some new tricks with the latest update to Facebook’s Spark AR platform. Spark AR has been making pretty consistent updates to the feature sets developers can play with in creating AR filters since it exited closed beta on Instagram last year. Today, Facebook added some new functionality […]
During Passover last month, I posted about The Ten Commandments, Cecil B. DeMille’s 1923 epic silent film version of the biblical Exodus story (plus a related modern story that I never bothered to watch.) As part of tomorrow night’s DAWN online celebration of the Jewish holiday of Shavuot, Steven Drozd of the Flaming Lips, Steve Berlin of Los Lobos, and drummer Scott Amendola are premiering a far out new score for the film! Watch the excerpt above. Organized by the Jewish arts and culture organization Reboot, DAWN is sure to be a wild program of music, conversations, comedy, and performances. My pal and Boing Boing contributor David Katznelson, the head of Reboot, orchestrated the new Ten Commandments musical collaboration. From Rolling Stone:
Reboot CEO David Katznelson who signed the Flaming Lips to Warner Bros. years ago said of the project: Watching this film score come together, with three amazing artists forced to work remotely and yet completely in flow with each other as they composed such an incredible piece of music was inspirational. Using the greatest artists of the day to bring something like The Ten Commandments to life for new generations to connect with that is exactly what Reboot was created to do.
Along with Drozd, Berlin and Amendola, the DAWN lineup will feature appearances from Carl Reiner, Norman Lear, Michaela Watkins, Gaby Moskowitz, Tiffany Shlain and Kasher vs. Kasher, a new podcast from comedian Moshe Kasher and his brother Rabbi David Kasher. The event kicks off May 28th at 10 p.m.
After coming up with an online business idea, many people get confused between the app development approaches. It is crucial for them to decide the right approach from the Native, Hybrid, and Cross-platform mobile app. Having the reason that each type of app has its specification, pros, and cons, this confusion is reasonable. Finding out, what type of app building approach will connect the audience with the brand faster is a real hassle.
You must know choosing the right harvesting ground is essential for successful outcomes. Hence, it is no brainer that choosing the right platform for mobile app development is paramount, and it depends entirely on the nature of your business.
Week three of a16zs Crypto Startup School focuses on understanding how to capture value and design proper incentives within the decentralized framework. We learn how familiar ideas like network effects and mechanism design can hold unique power for crypto networks.
Creality is currently running a kickstarter for their latest printer, the CR 6-SE. This machine is a solid upgrade from some of their previous models, bringing some modern features such as power failure resume and auto bed leveling to the table. Watch the video to see it in action and […]
ePaper is an interesting thing, providing a non-backlit viewing experience that is much more akin to reading a book than staring at a screen. The reMarkable tablet is a device designed around just such a display, and [davisr] has been hacking away at the platform. His latest work brings full-fat …read more