Profile cover photo
Profile photo
Joel Cardinal
Internet wrangler.
Internet wrangler.

Communities and Collections
View all

Post has attachment
Watch the new Avitron v2.0 Bionic Remote Controll…:
Add a comment...

Post has shared content

Post has attachment

Post has shared content
Too awesome!

This guy filmed this video with just his phone while all alone in Las Vegas' airport. He describes in his comments how he did it:

"I had a person behind a ticket counter give me a roll of luggage tape before she left. I then used a wheel chair that had a tall pole on the back of it and taped my iPhone to that. Then I would put it on the moving walkway for a dolly shot. I also used the extended handle on my computer bag and taped the iPhone to my handle. I would tuck different stuff under the bag to get the right angle. For the escalator shot I had to sprint up the steps after I got my shot so the computer bag didn't hit the top and fall back down. Quite fun!
All by myself
All by myself
Add a comment...

Post has attachment
Damn it Mavericks, you and TextEdit are breaking my code!  Dumb Quotes FTW!
Add a comment...

Post has shared content
Interesting to see how others handle auth with Angularjs
Cookies === Bad && JWT === Good
Why using cookies and sessions for authentication stinks and JSON Web Tokens is awesome...

I just finished writing this as a Lesson Learned for a project in school and thought I'd share it with the world. Because I'm not a blogger, I'll post it here :-)

Another issue I came across while building the mobile application was I realized that servers cannot set cross-domain cookies.

This posed a problem because of the way that authentication works for many websites (mine included at the time):
1. A user hits the login endpoint with a username and password
2. The server will set a cookie on the user’s browser which is an ID for the session.
3. All cookies are sent to the server with every request
4. When a request arrives, server identifies the user by their session ID in that cookie.

Well, because servers cannot set cookies on browsers coming from another domain, this caused an issue when I was hitting authentication only BucketStreams endpoints. There was no cookie present because the server could not set it. So the server could also not identify a user’s request as being associated with an authenticated user.
The solution (which incidentally came from the same guy who helped me with my code sharing issues on IRC) was to use JSON Web Tokens.

The way it works is like this:
1. The user authenticates
2. The server creates a JSON object with important information about that user (for example UserID)
3. The server encrypts that JSON object using a secret key. This encrypted JSON object is called a Json Web Token (JWT)
4. The server sends that JWT as a response to the authenticating client.
5. The client stores that JWT somewhere (I stored it in localStorage because it made sense for my app, but you could store it in sessionStorage or a cookie).
6. Then (because I was using AngularJS), I used an $httpInterceptor to intercept all http requests and add an authentication header which included the JWT.
7. The server checks for the JWT on every request, if it exists, it decrypts it and sets it as a user property on the request object which the request handlers can work with.

This solved my problem wonderfully. However I did have trouble when authenticating to third parties. This is because of the way OAuth works, which I wont describe, but you might think of it similarly to how JWTs work except instead of a header, normally it’s a query parameter. A big difference, however, is that instead of hitting an endpoint to login, you actually send the user to a page hosted by the third party and they login and authorize your app to use their data. Then the third party sends them back to a url that you specify with a query parameter that represents the token.

The problem I faced is when the user was returned to my site, I had no way to identify them because Angular’s $httpInterceptor wasn’t attached to the get request. My solution to this was to tell the third party to send the user to a URL that would load a page to make the request for the user with the authentication header and the token given by the third-party. It took me a second to figure out, but it works pretty well.

#blogpost #jwt #authentication #javascript #websiteauthentication
Add a comment...

Post has shared content
Something fun to look into when I get the chance!
Here is a tagtree video  that introduces you to JavaScript generators, a great way to perform expensive calculations in an on demand manner.

In the fourth episode of this ES6 series, I introduce you to generators. An often misunderstood and extremely powerful addition to JavaScript. 

Please comment and share! Other than making async code seem synchronous and generating a fibonacci sequence, can you think of a good example of using generators?

We start by using ES5 to iterate through an array of 1,000 words and finding the closest match in the array for each word using the expensive levenshtein function. 

We then refactor this code, still using ES5, to follow a pattern where we can get the result of each word's closest match as soon as it's been calculated, and not wait for the results of all 1,000 words in the array to be calculated before we can use it.  (Resulting in a function that acts like an ES6 generator function)

Finally we employ generators to show how much easier and expressive it is to employ generators to lazily calculate data. 

Here's that link again:

Did I mention the link? Here it is: ;) 

Animated Photo
Add a comment...

Dear Alamo Rental Car,

You just provided me with the worst online experience I have ever encountered.  After entering in my credit card information on, on submitting the form, I was taken to a 404 error page.  Will I get charged?  Who knows.  I tried to find a customer support phone line--couldn't find one.  I tried to submit an email with the customer support form--it too was broke and would not submit, saying I hadn't chosen a location when I clearly did.  Then, under an obscure link called "Important Numbers" I discovered your customer support phone number.  At this point, I don't want your service, it is probably broke too.
Add a comment...

Post has shared content
Add a comment...

Post has attachment
Add a comment...
Wait while more posts are being loaded