For the last couple of years we’ve started serving coffee at various events using Twilio Barista, combining different Twilio APIs, such as Programmable SMS, Twilio Sync, and other web technologies. This way you can send an SMS to order your coffee, and get notified as soon as your coffee has been prepared by the barista.
On the birthday of the HTCPCP we figured it’s time to teach ...
Web Components is a technology I’ve been excited about for years. The idea is that you can create your own UI components that are supported in the browser regardless of which framework you are using (or none at all for that matter). However, there wasn’t much traction around them until recently.
The web components APIs are pretty low level by themselves but projects like Polymer are trying to improve the developer experience and recently more tools came along to help with authoring web components. One of these tools is Stencil from the Ionic team.
If you are not yet familiar with web components, I suggest you check out this short introduction on webcomponents.org to get an idea of Custom Elements and Shadow DOM. If you want to have a better idea of why web components might be of interest for you, even if you don’t author ...
Cross Site Request Forgery aka CSRF/XSRF (read C-Surf). They are used by attackers to perform requests on behalf of users in your application without them noticing. Let’s look at how they can pull this off and how we can protect our applications from these type of threat.One classic attack when working with web applications is
Let’s talk theory
Before we can prevent CSRF attacks we need to understand how they work. Typically these attacks are executed on the functionality of web applications that use form-based submissions like
POST requests and cookie-based authentication.
An attacker places a hidden form into their malicious page that automatically performs a
POST request to your page’s endpoint. The browser then automatically sends all the cookies stored for that page along with the request. If a user is logged into a current session, the attacker could, for example, post a message ...
Express is a great way to build a web server using Node.js. It’s easy to get started with and allows you to configure and extend it easily thanks to its concept of middleware. While there are a variety of frameworks to create web applications in Node.js, my first choice is always Express. However, out of the box Express doesn’t adhere to all security best practices. Let’s look at how we can use modules like
helmet to improve the security of an application.
Before we get started make sure you have Node.js and npm (or yarn) installed. You can find the download and installation instructions on the Node.js website.
We’ll work on a new project but you can also apply these features to your existing project.
Start a new project in your command line by running:
mkdir secure-express-demo cd ...
Sharing information between different devices in real-time is difficult but with Twilio Sync it’s just a matter of a few lines of code. To see how Sync works let’s create our own version of the TodoMVC application using Twilio Sync to store our data and share it across multiple devices.
We’ll base our version on a copy of the Vanilla JS version of TodoMVC and alter the storage that is currently local storage to Twilio Sync. However, you can use the same code with your favorite framework as well.
Before we get started make sure that you got the following things:
- Node.js with npm installed. You can find the instructions to install on their website.
- A Twilio Account. Sign up for free.
Start by cloning the template branch of this repository and install the dependencies:
git clone -b template https://github.com/dkundel/todomvc-twilio-sync.git ...
Working with environment variables is a great way to configure different aspects of your Node.js application. Many cloud hosts (Heroku, Azure, AWS, now.sh, etc.) and Node.js modules use environment variables. Hosts, for example, will set a
PORT variable that specifies on which port the server should listen to properly work. Modules might have different behaviors (like logging) depending on the value of
Here are some of my tricks and tools when working with environment variables in Node.js.
Accessing environment variables in Node.js is supported right out of the box. When your Node.js process boots up it will automatically provide access to all existing environment variables by creating an
env object as property of the
process global object. If you want to take a peek at the object run the the Node.js REPL with
node in your command-line and type ...
Trabajar con variables de entorno es una gran manera de configurar diferentes aspectos de su aplicación Node.js. Muchos proveedores de servicios en la nube (Heroku, Azure, AWS, now.sh, etc.) y los módulos de Node.js utilizan variables de entorno. Los proveedores, por ejemplo, establecerán una variable
PORT que especifica en qué puerto del servidor debe ubicarse para que funcione correctamente. Los módulos pueden tener diferentes comportamientos (como registrarse) en función del valor de la variable
Éstos son algunos de mis trucos y herramientas cuando se trabaja con variables de entorno en Node.js.
El acceso a las variables de entorno en Node.js es compatible desde el primer momento. Cuando el proceso Node.js se inicia, proporcionará automáticamente el acceso a todas las variables de entorno existentes mediante la creación de un objeto
env como una propiedad del objeto global
process. Si quieres echar un ...
The option we’ll use is the npm module
johnny-five. Johnny-Five isn’t limited to certain hardware but instead supports a wide range of different microcontroller platforms (including the Tessel) using various I/O plug-ins. The ...
On August 1st, Oscar Bolmsten tweeted about how he found a malicious npm package called
crossenv that scans for environment variables and
POSTs them to a server.
— Oscar Bolmsten (@o_cee) August 1, 2017
This is particularly dangerous considering that you might have secret credentials for different services stored in your environment variables. Apparently it’s also not limited to just
crossenv, but a series of packages — all of them are names of popular modules with small typos such as missing hyphens.
Check your project for malicious packages
These packages have been taken down by
npm, but since credential theft happens upon installation, you should check if you have installed one of them. Ivan Akulov was so kind to compose and publish a list of ...
One of my favorite things from IT Crowd is their “Hello IT” machine. It’s the perfect solution for lazy people who are tired of answering the same IT support questions again and again. With Twilio Functions and the new Speech Recognition we can build our own version of this machine with just a few lines of code.
If you are not familiar with the answering machine from IT Crowd make sure to check out this video of it in action.
You can also check out the final result by calling one of these numbers:
- 🇬🇧 +44 20 3389 5853
- 🇺🇸 (415) 702-4376
Before we get going make sure you have a Twilio account. Sign up for free.
Now let’s get coding!
The first thing we need to do is create a new Twilio Function that will handle all of our requests. Twilio Functions allows you to host Node ...