Lesspass is a password manager without a database. Although I’m not 100% sure that it is secure, I am 100% sure that passwords are a problem that needs to be solved. Lesspass allows you to generate a password from a site name and a master password with certain characteristics. To do so it applies a 100000 iteration pbkdf2 algorithm using a SHA256 hash. It sounds good to me and I like the way that that is supposed to work. ...

I like the idea of lesspass, a password manager without a database. I’m not 100% sure that it is secure, but I am 100% sure that passwords are a problem and that we need to solve it. This system allows you to generate a password from a site name and a master password with certain characteristics. To do so it applies a 100000 iteration pbkdf2 algorithm using a SHA256 hash. It sounds good to me and I like the way that that is supposed to work. ...

In order to support databases that are better at XML than JSON (Yes, I am talking about you SQL Server) I created some code that allows you to convert (lossless) from JSON to XML (and back). Example JSON data: { "depth": false, "model": "TRX-120", "width": 100, "test": [ { "me": null }, 2.5 ], "height": null } XML data: <root type="object"> <depth type="boolean">false</depth> <model type="string">TRX-120</model> <width type="number">100</width> <test type="array"> <item type="object"> <me type="null"/> </item> <item type="number">2.5</item> </test> <height type="null"/> </root> The functions ’json2xml’ and ‘xml2json’ convert from JSON to XML and back. ...

How should a RESTful JSON-based API handle counters (atomic increments)? In this post I’ll try to describe the considerations and do an implementation suggestion using the “PATCH” HTTP method. Atomic increments When counting events, such as people visiting a web page, it may be cheaper to increment a counter than to insert a log record. But when dealing with many increments per second you cannot simply read a value in one call and then write the incremented value back in the next call. The concurrent updates would cause issues and increments would get lost. This is the problem I am trying to solve. ...

In a quest for the ultimate micro-service technology I have ported the core of PHP-CRUD-API to Java. It is a REST API that reflects the tables in your MySQL database. You can find the code on my Github account. I have found Java to be extremely fast. At 14000 requests per second it outperforms implementations in all other languages (that I tried): Java, 14000 req/sec (source code) Go, 12000 req/sec (source code) PHP 7, 6500 req/sec (source code) C# (.net Core), 5000 req/sec (source code) Node.js, 4200 req/sec (source code) Python, 2600 req/sec (source code) If you feel any code can be improved, please open an issue on Github! ...

I have written a simple REST API in Node.js. It includes routing a JSON REST request, converting it into SQL, executing it and giving a meaningful response. I tried to write the application as short as possible and came up with these 110 lines of code: var http = require("http"); var mysql = require("mysql"); // connect to the mysql database var pool = mysql.createPool({ connectionLimit: 100, //important host: 'localhost', user: 'my_username', password: 'my_password', database: 'my_database', charset: 'utf8', debug: false }); // ensure request has database connection var withDb = function (handler) { return function (req, resp) { pool.getConnection(function (err, connection) { if (err) { resp.writeHead(404) resp.end(err); return; } req.db = connection; handler(req, resp); }); } }; // ensure request has (post) body var withBody = function (handler) { return function (req, resp) { var input = ""; req.on("data", function (chunk) { input += chunk; }); req.on("end", function () { req.body = input; handler(req, resp); }); } }; // main web handler var server = http.createServer(withDb(withBody(function (req, resp) { // get the HTTP method, path and body of the request var method = req.method; var request = req.url.replace(/^[\/]+|[\/]+$/g, '').split('/'); try { var input = JSON.parse(req.body); } catch (e) { var input = {}; } // retrieve the table and key from the path var table = req.db.escapeId(request.shift()); var key = req.db.escape(request.shift()); // create SQL based on HTTP method var sql = ''; switch (req.method) { case 'GET': sql = "select * from " + table + (key ? " where id=" + key : ''); break; case 'PUT': sql = "update " + table + " set ? where id=" + key; break; case 'POST': sql = "insert into " + table + " set ?"; break; case 'DELETE': sql = "delete " + table + " where id=" + key; break; } // execute SQL statement req.db.query(sql, input, function (err, result) { // stop using mysql connection req.db.release(); // return if SQL statement failed if (err) { resp.writeHead(404) resp.end(err); return; } // print results, insert id or affected row count resp.writeHead(200, { "Content-Type": "application/json" }) if (req.method == 'GET') { resp.end(JSON.stringify(result)); } else if (method == 'POST') { resp.end(JSON.stringify(result.insertId)); } else { resp.end(JSON.stringify(result.affectedRows)); } }); }))); server.listen(8000); The code is available on Github and is written to show you how simple it is to make a fully operational REST API in JavaScript. ...

I have ported the core of PHP-CRUD-API to Go and achieved a nice performance improvement from 6500 requests per second to 12000 requests per second. I found that PHP 7 outperforms C# with Kestrel on the .net Core platform for similar functionlity, whereas PHP 5 was still slower than C#. In PHP 7 the full program executes at roughly 2500 requests per second, which means the added logic makes you lose about two thirds of the performance. In compiled languages (like C# and Go) I expect that adding logic has a lower performance impact. ...

Every day in December I am doing a programming puzzle. The series is called Advent of Code and it follows the advent calendar approach. Every day from the 1st until the 25th of December one puzzle is unlocked. The puzzles get gradually harder and each puzzle has two parts, where the first part is easier than the second. Scores on the Leaderboard There is a leaderboard allowing you to compare yourself with other programmers. A nice 100 points are awarded to the person that solves the puzzle first and 90 to the tenth 80 to the 20th. If you don’t hit the top 100, then you can still see your rank, but you will receive 0 points. Another complicating factor is that the puzzles become available at midnight in New York (EST time). I have to get up at 6:00 in the morning to compete, not fair! Nevertheless I was proud to score 58th on the 5th of December when I actually got up early to try. ...

JavaScript represents all numbers using IEEE-754 double-precision (64 bit) floating points. This is problematic for 64 bit integers, since this gives only gives you 53 bits of precision (the size of the mantissa). Bit operations are also only available for integer number up to 32 bits. Finally, the JSON exchange format does not support the IEEE-754 “NaN”, “Infinity” and “-Infinity” values. So the only numbers you can freely use in JavaScript without the risk of data-loss are 32 bit integers. ...

There are many conferences that publish their talks on YouTube, but not all talks are equally good. I try to watch as many as I can and then take the best ones that I have seen and publish them here on this blog. I was doing this with lists of conference videos before, but today will experiment with individual videos: 3 very interesting talks from 3 different interesting conferences. C Ruby? C Ruby Go! Go Ruby Go! Ever wanted to rewrite performance sensitive code as a native Ruby extension, but got stuck trying to navigate the depths of Ruby’s C API before you could get anything done? Or maybe you’re just not comfortable with C and want an easier path. ...