It’s Mykola, a guy behind the n0rdy blog and a software engineer passionate about tech, books, and mountains.
…then something Tookish woke up inside him, and he wished to go and see the great mountains, and hear the pine trees and the waterfalls, and explore the caves, and wear a sword instead of a walking stick…
This blog is about different aspects of software engineering and technology in general, as I don’t believe in “the best programming language/paradigm/framework” concepts.
I do have some preferences, though ;)
I hope you’ll find something useful here, learn a thing or two, or just have a good time reading my posts ☕️
Hello there! In the previous post “What Okta Bcrypt incident can teach us about designing better APIs”, we discussed the 72-chars limit of the input value of the Bcrypt hashing algorithm that caused quite a big security incident in the industry. That reminded me about another example of Bcrypt misuse that I, personally, came across a few years ago while investigating a quite nasty performance issue with one of the services. Let’s jump right into it!
Hello there! If you follow tech news, you might have heard about the Okta security incident that was reported on 1st of November. The TLDR of the incident was this:
The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password. Under a specific set of conditions, listed below, this could allow users to authenticate by providing the username with the stored cache key of a previous successful authentication.
Hello there! If you’ve been following my blog, you might have noticed that I’m usually leaning towards longreads as the style of my posts. And while I think such posts are great in general, it takes forever to prepare, write and edit them before publishing, which ends up in the very infrequent and inconsistent blogging ratio on my end.
Lately, I’ve come across the “What to blog about” article by Simon Willison which, alongside other things, had a great insight about the “Today I Learned” type of short posts to share small bits of recently acquired knowledge with the audience. So, this is my attempt to incorporate that approach alongside the longreads that I will keep writing (I have a few topics planned, so stay tuned and subscribe to my newsletter to receive an email once I publish a new post). Let’s gooooooo!
Hello there! Another evening, on my way back home, I decided to check the mailbox. I don’t mean my email inbox, but the old-school actual box where the postman puts the physical letters. And to my great surprise, I found an envelope there with something inside! While opening it, I spent a few moments hoping that it’s the decades delayed letter from Hogwarts. But then I had to get back down to Earth, once I noticed that it’s a boring “grown-up” letter from the bank. I skimmed through the text and realized that my “digital-only” bank for cool kids had been acquired by the biggest player on the local market. And as a token of the new beginning, they added this to the envelope:
Hello there! It’s been a while since I wrote here - all of a sudden, 2024 became way busier than I planned it to be. But hey, it’s good to be back!
Similar to my previous post, Understanding CORS, this one has the same backstory: lately, I have had to explain a few times to different people about such concepts as JSON Web Tokens (JWT), their structure, types, use cases, etc., so I realized that it would be smart to write a post about that and use it for the future reference. I hope it will be helpful for someone else out there.
Hello there! Happy New Year! I hope you had an opportunity to get some rest during the winter holidays and maybe even made a snowman or two =)
Several days ago, I had a dialog with a friend of mine (let’s call her Eowyn) who has recently started her path in software engineering:
Eowyn: Hey, buddy! I’m building a web project that has the frontend and backend parts. Whenever I click a button on the UI (that triggers a DELETE request to the server), my browser blows with these errors:
I tried calling the same endpoint with the curl command, and it works. I did the same via Postman, and it also works. It makes no sense! What the heck?
Hello there! 2023 is about to end soon, so it’s a good time to sit and reflect on it. If we think about the tech industry, in general, it’s easy to define which topic was the hottest this year - AI. And the chances are that in 2024, this area will grow even bigger alongside the growing investments and the new astonishing scientific discoveries in this field.
Unlike previous “big things” in tech, like blockchain, crypto, NFT, Web3, etc., AI is way more accessible and covers more use cases than the rest:
Hello there! The main part of my moving to a new place adventures seems to be behind. Since I’m still waiting for a furniture delivery, I’m writing this post while lying on the floor using my foam camping mat as a sofa. It’s not the most ideal setup, but it works. Anyway, I feel like today is the right time to start working on Part 4 of the “Go concurrency simplified” series. So far, we have learned and explored the key Go concurrency concepts, such as goroutines, channels, and the ways to synchronize and manage them. And today, we are going to combine all of our knowledge to make this world a better place to live (not really) or at least to help the post office (and our good old friend postman Bob) by making the queue handling process more effective. In the meantime, let’s briefly recap where we stopped in Part 3 (if you missed it, here is the link).
Hello there! I feel like I got my covid under control and will be back to daily life soon. In the meantime, I’m sitting at my desk in a nearly empty apartment (I’m moving soon) and wondering whether it’s possible to produce an echo if I scream loud enough 🤔 Anyway, I feel like it’s the right time to start working on Part 3 of the “Go concurrency simplified” series. Today, we’ll move on and explore the ways Go offers us to sync goroutines - it will get us closer to solving the queue situation in the post office we discussed last time. But let’s start with a short recap of where we stopped in the previous post (if you missed it, here is the link).
Hello there! Despite the beautiful snowy weather outside, I’m at home these days with covid, so I can dedicate some additional time to blogging.
Last time, we discussed the very basic concepts of Go concurrency: goroutines and channels. If you missed that post, please check it out here, it has some cool drawings =) Today, we’ll move on and explore the ways Go offers us to sync goroutines - it will help us get rid of some hacky workarounds we have used so far.
Christmas season is around the corner, that’s why another evening I was standing in a long queue at the post office with some Xmas presents packed inside the box. The line moved pretty slowly, as there was only one postman for the whole crowd of customers. The guy was running back and forth, and I felt really sorry for him. Not sure why, either out of boredom or because of several long evenings I spent working on my open-source library for managing asynchronous pipelines, but my brain turned engineering mode on and tried to optimize the process of handling parcels.
I tried calling the same endpoint with the