Category: tech

program stamping & homoiconicity & lisp

in java, if you want to generate a set of classes, you have to write a class that can output strings that will ultimately represent a valid java program. at runtime, you may have a method called generateObject that accepts some arguments and outputs the blueprint of a class. the output will be strings or […]

the expression problem

the expression problem states that it may be easy to extend data types in a program without modifying existing code and it may be easy to extend behavior in a program without modifying existing code, but not both. this limit, as far as i know, is a limit imposed by the design of the underlying […]

sad state of food affairs

this is going to be a departure from what i normally post, but it’s been on my mind a lot. i’m really bothered and concerned by the food situation in this country. this post is going to be a bit ranty there’s basically two classes of food in most major supermarket chains, particularly when it […]

How big can you make a JWT?

There’s been a lot of JWT related discussions at work lately and today I wondered how big is too big for a JWT to fit through an HTTP header. The HTTP spec doesn’t really impose a limit but most servers do set a limit that range between 8K – 16K bytes. I figured I can […]

Stateful vs Stateless JWT’s

JSON Web Tokens (JWTs) are cryptographically signed JSON objects. The crypto signing is what provides the trust guarantees since consumers of a JWT can verify the signature using a public key. Now there’s two types of JWT’s: stateful and stateless jwt’s. Stateless JWT’s are probably the most common JWT. All the information needed by the […]

Why can’t you tamper with a JWT?

JWT tokens are a very popular way of transmitting claims information between systems. It’s based on a public key system so that the claims can be verified and the verifier can be confident that the claim was issued by a trusted entity. Microservice architectures will commonly use the claims to perform access control. For example, […]

Reflected XSS

Reflected XSS attacks are a common way of tricking a users browser agent into executing malicious code. I’ll share onedefinition I found from mozilla and unpack the key terms / concepts. When a user is tricked into clicking a malicious link, submitting a specially crafted form, or browsing to a malicious site, the injected code […]

The CAP Theorem is probably not for you

The CAP Theorem frequently comes up in conversations around distributed systems and system design. If you’re looking at resources on system design, it will inevitably come up. However, chances are you’re not the target audience for the CAP Theorem and you’re probably better off ignoring it altogether. CAP was presented as a keynote by Eric […]