Tuesday, July 19, 2016

Hiking in Chiang Mai

It turns out that there are plenty of trails around Chiang Mai which you can take to get to the summit of any mountain. The only challenge is finding them. We used GPS traces of other foreigners which we found after a fair bit of Googling.

One of our our recorded GPS trace

Elevation/Speed plot recoded by My Tracks
Trail info along the river.
The trails we found were mostly used by locals for pilgrimage to shrines, most mountains in that region have a shrine on top, so there is almost always a trail.

One of the trails was mostly a dried riverbed.
Hiking in March this year turned out to be a very hot endeavour. March is the dry season, and most of the mountains are control burned so that the land is black and the leaves shrivel and fall off. This makes very little cover from the sun.

The burning also makes the air have a high pollution index, and you can't see very far in the distance.

Saturday, July 9, 2016

Authenticated Systems

This week I will be giving a talk at NY JavaScript on how to build authenticated systems which have multiple services and multiple clients.

In this talk we will look at a sample auth service which lets users login via numerous OAuth2 providers (Google, Facebook, Twitter etc) or using username and password.



The auth service uses a bower component to present a static HTML 5 UI, instead of using  server side templating.

The auth service also shows how to use JWT instead of sessions to identify and enforce the user's permissions for the requested resource.
The auth service shows how you can persist users using sequelize (which lets you learn with sqlite and use postgres later).
The auth ui uses a simple form submit to hit the auth service (it also shows an example of an Ajax request using fetch).

There is a sample client which is an HTML5 bower component in vanilla JavaScript. The client uses JWT to detect if you are logged in and have permissions to view resources.

There is a library that contains the the system's public key and JWT options which can be used both client and server side to verify tokens.

Github codebase: