Should You Use Express-Session for Your Production App?

See the original posting on DZone Python

While being Node’s most popular session management library, express-session has its set of flaws and weaknesses – especially when it comes to security. This article will analyze the good and bad parts of express-session so that you can make an informed decision for your next app. We will be using a point system where one point will be awarded for performing well on a metric, and one will be deducted for bad performance. At the minimum, we want a positive number at the end of the analysis (and the higher the number is, the better). Here are the metrics we will be using:

  • Security: This is especially relevant because we’re talking about user session management.
  • Reliability and Correctness: It is imperative that the library takes care of technical issues like keeping its state consistent despite network or server failures and taking care of synchronizing its logic in a clustered environment.
  • App User experience: We want to use a library that can provide the right experience for your app users – for example, does the library enable a user to be logged in for weeks or months whilst also providing good security?
  • Time to production: We will look at factors such as time to integrate the library into an app, available support, and ease of understanding of the library code.
  • Maintenance cost: We will assess the costs of maintaining the library over time.

SecuritySecurity

For a background on why session security is important, read this blog post (Facebook, Docker, Gitlab have all had session vulnerabilities in the past 2 years). Session attacks can occur across 3 attack vectors; the frontend, in transit (over the internet), or on the backend.

Topography of U.S. states in ridgeline (Joy Division ‘Unknown Pleasures’) style

See the original posting on Boing Boing

IMGURian @KRANKARTA6 did an awesome topography visualization project in the “Ridgeline Style” that reminds us of the album cover for Joy Division’s classic LP ‘Unknown Pleasures.’

USA states’ topography in ridgeline / stack plot / joy plot style.

These map artworks are created from SRTM elevation data and processed in QGIS and python.

All images have the same elevation scale.

See all of the work here at IMGUR:
USA States Topography in Ridgeline Style – equal scale

USA States Topography in Ridgeline Style – equal scale

Read the rest

You can no longer subscribe to HBO via Apple TV Channels

See the original posting on The Verge

HBO is no longer available as an Apple TV Channel for people who want to subscribe to it though the Apple TV app (via 9to5Mac). The change follows today’s launch of the new streaming service HBO Max.

Apple TV Channels first launched last year as a way to watch content from many different service providers all in one app, meaning you wouldn’t have to bounce around between different third-party apps to watch different content. Now, though, it seems HBO wants to push users to watch HBO Max content on the HBO Max app instead of through Apple’s.

If you already subscribe to HBO through Apple TV’s Channels, you can apparently still see it in the Apple TV app, but it won’t…

Continue reading…

HBO Max’s catalog is full of weird holes

See the original posting on The Verge

Illustration by William Joel / The Verge

HBO Max has arrived, bringing with it a precious few new original shows and an absolutely stuffed back catalog of terrific TV and movies. In addition to HBO’s extremely good library, Max adds a mountain of content produced and / or licensed by parent company WarnerMedia, like Friends and the Harry Potter franchise. It’s enough to please someone of every taste, but the more you dig, the more you find strange holes in the library — and the more you realize it’s not really clear what HBO Max is supposed to offer.

These problems are clearest in the big, non-HBO umbrellas you find titles gathered under on HBO Max. DC, for example, is the place you’d expect to find, well, the movies in the DC Extended Universe. They’re mostly there! Except B…

Continue reading…

Why Twitter labeling Trump’s tweets as “potentially misleading” is a big step forward

See the original posting on The Verge

Illustration by Alex Castro / The Verge

From time to time a really bad post on a social network gets a lot of attention. Say a head of state falsely accuses a journalist of murder, or suggests that mail-in voting is illegal — those would be pretty bad posts, I think, and most people working inside and outside of the social network could probably agree on that. In my experience, though, average people and tech people tend to think very differently about what to do about a post like that. Today I want to talk about why.

When an average person sees a very bad post on a social network, they may call for it to be removed immediately. They will justify this removal on moral grounds — keeping the post up, they will say, is simply indecent. To leave it up would reflect poorly on the…

Continue reading…

Watch nearly 24 minutes of new gameplay from The Last of Us Part II

See the original posting on The Verge

Image: Sony

Sony and Naughty Dog showed off nearly 24 minutes of new footage for the highly anticipated The Last of Us Part II in a State of Play video today.

The Last of Us Part II seems to share a lot of similarities with the first game — you’ll still be spending a lot of time crawling behind cover to hide from people or the zombie-like Infected. But today’s video showed off some new features, including swinging on a rope to cross a chasm, riding a boat through a flooded area, and some improvements to crafting (including visual upgrades to your weapons). The video also showed Ellie swimming — something the character didn’t know how to do (and was actively scared of) in the first game.

Image: Sony

The video also shed some…

Continue reading…

PLAN C LIVE: The PRINTtoPROTECT Coalition of California’s Central Valley

See the original posting on Makezine

Date: May 28 at 4pm PT / 7pm ET Register join the live Zoom session. You can also just tune into our youtube channel to watch the panel live when it happens. This week’s Plan C Live program features PRINTtoPROTECT, a grassroots effort of local makers working with community partners […]

Read more on MAKE

The post PLAN C LIVE: The PRINTtoPROTECT Coalition of California’s Central Valley appeared first on Make: DIY Projects and Ideas for Makers.

Apple TV Plus acquires past Fraggle Rock seasons ahead of reboot

See the original posting on The Verge

Apple is acquiring Fraggle Rock’s past TV seasons ahead of a new reboot set to land on Apple TV Plus, signaling a potential strategy shift for a service that has thus far relied entirely on original content.

The new Fraggle Rock reboot is being created in partnership with the Jim Henson Company and will bring back characters from the original series “for new songs and adventures, with the same spirit as the classic,” according to a press release. Apple doesn’t mention the licensing deal, but all 96 episodes that aired between 1983 and 1987 are currently available to stream. Vulture first reported the addition on Tuesday.

A Fraggle Rock reboot isn’t too surprising; Apple cited the “global fandom” around its Fraggle Rock: Rock On! shorts…

Continue reading…

GOG’s summer sale discounts Prey, Metro Exodus, and many other DRM-free games

See the original posting on The Verge

GOG.com has kicked off its summer sale on DRM-free PC games, filled with deals on new and old titles. This sale lasts until June 15th. A few of the highlights include Metro Exodus for $20 and Prey: Digital Deluxe Edition, which includes the base game, its soundtrack, and the Mooncrash DLC for just $12. Divinity: Original Sin 2 – Definitive Edition is $22.50, which is an excellent price for such a huge game (and it supports cross-save with the Nintendo Switch version of the game).

In addition to discounting many more standalone games than we listed above, GOG is doing something interesting with this summer’s sale by letting you save even more on games that share a theme. For instance, buying three RPG titles or action games knocks an…

Continue reading…

Members of Flaming Lips and Los Lobos score Cecil B. DeMille’s The Ten Commandments (1923)

See the original posting on Boing Boing

During Passover last month, I posted about The Ten Commandments, Cecil B. DeMille’s 1923 epic silent film version of the biblical Exodus story (plus a related modern story that I never bothered to watch.) As part of tomorrow night’s DAWN online celebration of the Jewish holiday of Shavuot, Steven Drozd of the Flaming Lips, Steve Berlin of Los Lobos, and drummer Scott Amendola are premiering a far out new score for the film! Watch the excerpt above. Organized by the Jewish arts and culture organization Reboot, DAWN is sure to be a wild program of music, conversations, comedy, and performances. My pal and Boing Boing contributor David Katznelson, the head of Reboot, orchestrated the new Ten Commandments musical collaboration. From Rolling Stone:

Reboot CEO David Katznelson — who signed the Flaming Lips to Warner Bros. years ago — said of the project: “Watching this film score come together, with three amazing artists forced to work remotely and yet completely in flow with each other as they composed such an incredible piece of music was inspirational. Using the greatest artists of the day to bring something like The Ten Commandments to life for new generations to connect with… that is exactly what Reboot was created to do.”

Along with Drozd, Berlin and Amendola, the DAWN lineup will feature appearances from Carl Reiner, Norman Lear, Michaela Watkins, Gaby Moskowitz, Tiffany Shlain and Kasher vs. Kasher, a new podcast from comedian Moshe Kasher and his brother Rabbi David Kasher. The event kicks off May 28th at 10 p.m.

Read the rest

Native vs. Hybrid vs. Cross-Platform: How and What to Choose?

See the original posting on DZone Python

After coming up with an online business idea, many people get confused between the app development approaches. It is crucial for them to decide the right approach from the Native, Hybrid, and Cross-platform mobile app. Having the reason that each type of app has its specification, pros, and cons, this confusion is reasonable. Finding out, what type of app building approach will connect the audience with the brand faster is a real hassle.

You must know choosing the right harvesting ground is essential for successful outcomes. Hence, it is no brainer that choosing the right platform for mobile app development is paramount, and it depends entirely on the nature of your business. 

Jest Tutorial for Selenium JavaScript Testing With Examples

See the original posting on DZone Python

As a developer, I know for a fact that I have to constantly brush up myself with new updates. This means that not only I have to keep learning more about the frameworks and language I work with. But also to look for new frameworks that give me an edge over others. One such survey that I am always looking forward to as a developer is the ‘StateofJS’. It is revered by all the JavaScript developers as a key source of information. ‘StateofJS’ provides key insights into the major trends in front-end, back-end, testing, etc. As per StateofJS 2019, Jest has been the most interesting and satisfying framework for JavaScript testing.

Being a fan of Selenium test automation, I was curious to get my hands on Jest for Selenium JavaScript testing. I wanted to quickly validate my recent code changes and Jest was a big help in reducing my unit testing efforts. Which is why I thought of sharing what I learned with you, so you can go ahead and automate your unit test cycles.

Quick Look: The Creality CR6 – SE 3D Printer

See the original posting on Makezine

Creality is currently running a kickstarter for their latest printer, the CR 6-SE. This machine is a solid upgrade from some of their previous models, bringing some modern features such as power failure resume and auto bed leveling to the table. Watch the video to see it in action and […]

Read more on MAKE

The post Quick Look: The Creality CR6 – SE 3D Printer appeared first on Make: DIY Projects and Ideas for Makers.

1 2 3 4 5,516