Password Authentication for Web and Mobile Apps is a new book for web and mobile developers who want to learn how secure password authentication works and implement it in their apps.
It answers almost all questions that developers have about password authentication, such as how to store passwords securely, how to remember users, how to implement multi-factor authentication, etc.
Some other topics that it covers:
- Email address validation.
- Unicode issues in usernames, emails, and passwords.
- Secure randomness and UUIDs.
- U2F / WebAuthn.
- JWT and signed cookies.
- Five password hashing functions — PBKDF2, bcrypt, scrypt, yescrypt, Argon2 — and their issues and vulnerabilities.
- Client-side password prehashing.
- Rate limiting.
- and more…
The book is available at https://dchest.com/authbook/
Columnize is a little Go package that formats strings with separators into columns.
Continue reading columnize — format text into columns in Go
React.js is known for its virtual DOM, but as Facebook’s software engineer Bill Fisher said, the virtual DOM is only an implementation detail.
Last week we saw Facebook releasing React Native, which renders native OS components instead of DOM elements. Today Flipboard released React Canvas, a high performance React renderer for
Continue reading React Canvas — render React components to canvas
Remember the good old web palette? Colors that have names in CSS: navy, green, maroon, red, etc? Orange that was added in CSS Level 2? Well, they don’t look good anymore. Most designers don’t use these default colors, apart from maybe black and white, instead, they usually create unique color schemes for websites.
If you don’t want to spend a lot of time looking for a good color scheme for your new website, check out Colors, a “a nicer color palette for the web”.
Continue reading Colors — default web palette replacement
The standard Go log package is pretty barebones, but is fine for many simple programs. For more complex applications, though, you’d probably want to have different log levels for different events. There are many logging packages, such as the previously covered log15 that implement log leveling and provide other features. HashiCorp’s logutils is something different.
Continue reading logutils — enhanced Go logging
It all started when I saw the latest version of Font Awesome (the icon font I use, love, and recommend) and realized that of 40 new icons, 13 were brand icons, and most of them are, to be fair, useless. Who needs an icon for Leanpub? Or Shirtsinbulk, whatever that is?
Continue reading Fontello — build custom icon fonts
Amazon has published an Amazon Web Services SDK for Go programming language. Currently it’s experimental, so expect bugs, but you can already use it to manage your AWS stuff.
Continue reading AWS SDK for Go
Continue reading React Native — write native apps with React.js
There are numerous small Lisp/Scheme implementations, and probably most of them are unfinished or unmaintained. I found serious, production-ready tiny Scheme interpreters for you to embed in your C or C++ programs.
Continue reading Tiny Scheme interpreters
While browsers have built-in support for tooltips, which can be added by setting the
Continue reading Hint.css — pure CSS tooltips