Chernobyl and Development Stuff
Summary of my bookmarked links and Github repositories from Dec 6th, 2021
- Here’s Why Storing JWT in Local Storage is a Disastrous Mistake
Using JSON Web Tokens (JWT) in local storage is a common practice, but it poses significant security risks. Local storage is not designed for secure storage and lacks key features. It operates synchronously, supports only string data, has limited storage capacity, and lacks protection against cross-site scripting attacks. Storing sensitive information in local storage makes it easily accessible to attackers. Instead, consider using server-side authentication with sessions and cookies, or explore alternatives to JWT altogether. Cookies can be secure when configured properly with HTTP-only and secure flags. Remember to prioritize security when handling user data.
- Chernobyl’s Blown Up Reactor 4 Just Woke Up
The Chernobyl nuclear disaster, which occurred in 1986, continues to pose a threat as the area is becoming more radioactive, possibly due to unexplained reasons. Despite efforts to contain the radioactive particles, the prolonged exposure and the ongoing war in Ukraine have impacted other areas near Chernobyl. There is concern that the uranium fuel underneath reactor 4, which remains active and will take 20,000 years to deplete, could reignite. Scientists have detected increased levels of radioactivity from an inaccessible chamber beneath reactor 4. The exact cause is uncertain, and experts are exploring hypotheses and urging collaboration to address the potential problem.
- Feature Flags Are Red Flags
This article highlights the drawbacks of using feature flags, also known as toggles, in software development and suggests alternative approaches. It emphasizes that feature toggles can lead to operational inefficiencies, code complexity, increased risk of bugs, and higher maintenance costs. The author proposes using canary deployments, automated rollback mechanisms, cloudwatch alarms, and weighted routing with health checks as more effective strategies. These alternatives offer benefits such as improved reliability, reduced blast radius, automatic error detection, and decreased tech debt. The article concludes that these approaches provide a more secure, efficient, and reliable system design compared to relying on feature toggles.
- Solving the double (quintuple) declaration Problem in GraphQL Applications: How to not repeat yourself!
This blog post by Jens Neuse, CEO/CTO of Wundergraph, addresses the double declaration problem in web applications, particularly in relation to GraphQL APIs. The problem refers to the need to define GraphQL operations and their corresponding type definitions for inputs and responses, which can lead to errors and extra work. The article suggests an ideal solution involving code generation for handling database schemas, API generation, generating response type definitions, and creating forms. The generated code includes a fully typesafe client, React hooks, JSON Schema for input validation, and form generation. This approach aims to simplify development and increase productivity.
Lighthouse CI is a comprehensive suite of tools designed to facilitate the continuous running, saving, retrieval, and assertion of Lighthouse results. By integrating Lighthouse CI into your GitHub repository using GitHub Actions, you can effortlessly obtain Lighthouse reports alongside every pull request. It helps prevent regressions in various aspects such as accessibility, SEO, offline support, and performance best practices. You can track performance metrics and Lighthouse scores over time, set performance budgets, compare different versions of your site, and more. The documentation provides guidance on getting started, troubleshooting, and configuration. Additionally, there are community projects, GitHub Actions, starter examples, and community guides available for reference. Contributions to the Lighthouse CI project are also welcomed.
The realworld repository is an exemplary fullstack Medium.com clone powered by Next.js and Ruby on Rails. It implements opinionated best practices for Apollo Client, React, Next.js, and Storybook. The styles are reused from the realworld.io project. The repository provides setup instructions for the API and web components, testing guidelines, and tooling recommendations.