Intro: Why Every App Needs Threat Modeling And Why STRIDE I’ve been meaning to write this post for a long time. Not because STRIDE Threat Modeling are the hottest buzzwords in cybersecurity—they aren’t. And not because threat modeling is some shiny new technique—it’s not. But because if you’re building or defending any system—especially something as deceptively simple as a chat app—threat modeling is non-negotiable. Whether you're knee-deep in SecOps, defining IAM policies, tuning your SIEM, or crafting detection logic, you’ve got one mission: protect the stuff that matters. That means user data, privacy, service uptime, and reputation and so on. And if we don't design with threats in mind, we're just building breach bait with good intentions. So why STRIDE? Because STRIDE gives us a practical lens to view risk before the attacker does. Instead of reacting to CVEs or chasing zero-days, STRIDE helps you think like a malicious actor while you’re still sketching your architecture in a whiteboard session or writing that controller code. In this post, I am going to use STRIDE threat modeling to walk through a seemingly simple application—a chat app—and uncover the kinds of security holes that quietly turn into breach reports. You’ll see just how quickly things go sideways when we forget to ask, “What could go wrong here?” But first, let's talk about the app we're modeling. Our Target: A Chat App Let’s keep it humble. No machine learning, no blockchain, no AI buzzwords glued onto CRUD. Just a straightforward web-based chat application. Here’s what it does: User Registration: Email + password Login System:…

Intro: Building Apps That Don’t Suck in Production Let’s be honest—plenty of apps “work on my machine” but self-destruct the moment they meet the real world. Configs hardcoded, logs missing, environments confused, and deployments that feel like an escape room puzzle. If you want your service to thrive in production (and not become an ops horror story), you need a design philosophy that enforces clean separation, modularity, and resilience. That's where the 12 Factor App methodology comes in. In this post, we’re going to break down each of the 12 Factor using a Python/FastAPI related stack—and walk through how to get them right. 🧱 The Twelve Factor — Python Style Let’s take each principle, one by one. Think of it as a devops dojo, with Python as your katana. Codebase: One codebase tracked in revision control, many deploys 12 Factor App: Single source of truth, version-controlled, no Franken-repos. 📌 In Python: One Git repo per service. Don't share code across projects via copy-paste. Use internal packages or shared libraries (published to private PyPI or via Git submodules). ✅ Best Practice: /fastapi-12factor-app ├── app/ │ ├── api/ │ ├── core/ │ ├── models/ │ └── main.py ├── tests/ ├── Dockerfile ├── pyproject.toml ├── README.md └── .env Dependencies: Explicitly declare and isolate dependencies 12 Factor App: No implicit magic. Use virtualenvs and lock your deps. 📌 In Python: Use pyproject.toml and a tool like Poetry or pip-tools. ✅ Example pyproject.toml: [tool.poetry.dependencies] python = "^3.12" fastapi = "^0.110.0" uvicorn = "^0.29.0" sqlalchemy = "^2.0" pydantic = "^2.6" python-dotenv = "^1.0" 🔒 Lock it…

When I first started learning Go, I thought I was doing everything right—until I ran into a weird bug about golang range loop reference. I was iterating over a list of Book structs (of course, I can't share the real structs and code used here... all here are for turorial purpose), taking the pointer of each one, and storing them into a slice. But at the end of the loop, all the pointers pointed to... the same book?! 🤯 Let’s walk through this classic Go beginner mistake together — and fix it the right way. 📚 The Use Case: A Slice of Books in a Library Suppose we have a list of books, and we want to collect pointers to each one so we can modify them later. Here’s the code I thought would work: for _, book := range books { bookPointers = append(bookPointers, &book) // Oops... } But when I printed out the pointers, they all pointed to the last book in the list. This bug stumped me for a while until I understood one critical Go behavior. The File Structure To Run The Code learning-golang/ ├── 01-loop-reference-pitfall/ │ ├── main.go │ └── README.md ├── Makefile ├── bin/ └── go.mod This is the complete buggy code: package main import ( "fmt" ) type Book struct { Title string Author string } func main() { originalBooks := []Book{ {"Go in Action", "William Kennedy"}, {"The Go Programming Language", "Alan Donovan"}, {"Introducing Go", "Caleb Doxsey"}, } fmt.Println("❌ Buggy Version:") var buggyPointers []*Book for _, book := range originalBooks { buggyPointers =…

The Problem: Too Much Dust on Old Photos, I need "Remove Duplicate Photos" cleaner Imagine sifting through tens of thousands of photos—manually. I mounted the NAS SMB partition on my MacBook, only to discover it was excruciatingly slow. After two days of copying files to my MacBook, my manual review session turned into a blur. My eyes hurt, my patience wore thin, and I knew there had to be a better way. When I turned to existing tools for "remove duplicate photo" task, I hit a wall. Most were paid, overly complex, or simply didn’t fit my needs. Even the so-called free solutions required learning arcane commands like find. I needed something powerful, flexible, and fast. And when all else fails, what’s a tech enthusiast to do? Write their own solution—with a "little" help from ChatGPT. The Power of ChatGPT I’d dabbled with the same task scripting years ago but quickly gave up because of the time it required. Enter ChatGPT (no marketing here... I am a paid user though...), the real hero of this story. With its assistance, I wrote the majority of the script in less than a day before i gave up ! But anyway, of course, I still have to thank the emergence of Large Language Models! Based on the current code volume and quality, without 10 to 15 days, a single person would absolutely not be able to achieve the current results! So, I believe LLMs have helped me improve my efficiency by at least 10 times! And they've helped me avoid all sorts of…

The Font Problem in VSCode After done the configuration in Terminal Mastery: Crafting A Productivity Environment With ITerm, Tmux, And Beyond, we got a nice terminal: However, after I installed VSCode, the terminal couldn't display certain glyphs, it looks like this: The Fix We need to fix it by updating the font family in VSCode. 1. Identify the name of font family. Open Font Book on Mac, we can see: The font supports those glyphs is "MesloLGM Nerd Font Mono", that's also what I configured for iTerm2. 2. Go to VSCode, go to Command + comma, go to settings, search "terminal.integrated.fontFamily", set the font name as below: 3. Now we can see it displays correctly:   Well done!

I love working on Linux terminals Rewind a decade or so, and you'd find me ensconced within the embrace of a Linux terminal for the duration of my day. Here, amidst the digital ebb and flow, I thrived—maneuvering files and folders with finesse, weaving code in Vim, orchestrating services maintenance, decoding kernel dumps, and seamlessly transitioning across a mosaic of tmux sessions. The graphical user interface? A distant thought, unnecessary for the tapestry of tasks at hand. Like all geeks, every tech enthusiast harbors a unique sanctuary of productivity—a bespoke digital workshop where code flows like poetry, and ideas ignite with the spark of creativity. It’s a realm where custom tools and secret utilities interlace, forming the backbone of unparalleled efficiency and innovation. Today, I'm pulling back the curtain to reveal the intricacies of my personal setup on Mac. I invite you on this meticulous journey through the configuration of my Mac-based development sanctuary. Together, let's traverse this path, transforming the mundane into the magnificent, one command, one tool, one revelation at a time. iTerm2 After account setup on Mac, the initial terminal looks like this when I logged in: Let's equip it with iTerm2! What is iTerm2? iTerm2 is a replacement for Terminal and the successor to iTerm. It works on Macs with macOS 10.14 or newer. iTerm2 brings the terminal into the modern age with features you never knew you always wanted. Why Do I Want It? Check out the impressive features and screenshots. If you spend a lot of time in a terminal, then you'll appreciate all the…

Hey there! Recently, I encountered some encoding issues. Then I realized that, looks like I haven't seen any articles give a crispy yet interesting explanation on Base64/Base64URL/Base32 encoding! Ah! I should write one! So, grab your gear, and let's decode these fascinating encoding schemes together! The Enigma of Base64 Encoding Why do we need Base64? Imagine you're sending a beautiful picture postcard through the digital world, but the postal service (the internet, in this case) only handles plain text. How do you do it? Enter Base64 encoding – it's like magic that transforms binary data (like images) into a text format that can easily travel through the internet without getting corrupted. Base64 takes your binary data and represents it as text using 64 different characters: In more details, it will: It's widely used in email attachments, data URLs in web pages, and anywhere you need to squeeze binary data into text-only zones. A simple text like "Hello!" when encoded in Base64, turns into "SGVsbG8h". Usage of Base64 in Data URIs Data URIs (Uniform Resource Identifiers) offer a powerful way to embed binary data, such as images, directly into HTML or CSS files, using Base64 encoding. This method eliminates the need for external file references, resulting in fewer HTTP requests and potentially faster page loads. Here's how it works in practice: Embedding an Image in HTML Using Data URI Let's say you have a small logo or icon that you want to include directly in your HTML page without linking to an external file. You can use Base64 to encode the…

Greetings Hi there! I was trying some new stuff about VUE recently. I downloaded a free version of VUE Argon dashboard code and tried to compile it locally. It's straghtforward: Then I got the dist folder: Interesting... Then I double clicked the index.html, expecting it will display the beautiful landing page, but it didn't happen... This is strange... What went wrong? I tried npm run serve, it works well, I can see the portal and navigate between pages without issues. I must fix this! Should be quick! Bingo! The root cause is that the VUE project used router with createWebHistory instead of createWebHashHistory! It resulted a differenve ways to handle static assets and routing. Using createWebHistory in Production environment is required as it provides several significant benefits: I just want to use createWebHashHistory in my local development environment. The fix Now, the fix is easy. First, modify scripts in package.json to specify mode for serve and build, and I added two new items serve_prod and build_dev: Second, creating or editing vue.config.js as below: Lastly, update src/router/index.js to handle the mode accordingly: The original code was: Now it looks like this: Now, run npm run build_dev again, I can see the portal 😎 Thanks for reading! Have a good day! Thanks for reading! Have a good day!

The Background... I have Django/Vue development environment running locally. To streamline my Django development, I typically open six tmux windows 😎 : I used one Tmux session to hold all above. However, my laptop sometimes needs to reboot, after reboot, all of my windows are gone 😓 I have configured tmux-resurrect and tmux-continuum to try to handle this scenario, but they couldn't re-run those commands even they could restore the windows correctly. Let me show you the screenshots. The problem... Typically, my development windows look like this: As you see, the services are running within the respective windows. If I save them with tmux-resurrect, after reboot, of course tmux-resurrect and tmux-continuum could restore them, but services and all environment variables are gone. To simulate, let me kill all sessions in tmux, check the output: Now start tmux again, here are the status I can see, tmux restored the previous saved windows: Let's check the window now: None of the services is running 🙉 The Complain... As the supreme overlord of geekcoding101.com, I simply cannot let such imperfection slide. Not on my watch. Nope, not happening. This ain't it, chief. Okay, let's fix it! The Fix... .... Okay! I wrote a script.. oh no! Two scripts! One is called start_tmux_dev_env.sh to create all windows, it will invoke prepare_dev_env.sh which export functions to initialize environment variables in specific windows. A snippet of start_tmux_dev_env.sh: The prepare_dev_env.sh looks like: The End... Now, after reboot, I can just invoke script start_tmux_dev_env.sh and it will spin up all windows for me in seconds! I'M Really Pround…

Greetings to all you geeks out there! It's a pleasure to have you here at geekcoding101.com! With almost 20 years immersed in the vibrant world of Linux and security domain, I've encountered a myriad of tools and technologies that have shaped my journey. Today, I'm excited to introduce you OpenSSL and Certutil—two indispensable utilities that play pivotal roles in managing digital certificates and encryption. Whether you're safeguarding your web servers or securing communications, understanding these tools is crucial. I've distilled my insights and tips into this post, aiming to arm you with the knowledge to leverage these powerful utilities effectively. Enjoy! Openssl OpenSSL is an open-source software library that provides a robust, commercial-grade, and full-featured toolkit for SSL and TLS protocols, as well as a general-purpose cryptography library. It is widely used by internet servers, including the majority that implement secure web (HTTPS) connections, as well as in countless other security-sensitive applications. Here are some key aspects of OpenSSL: Core Features Query Information Query on Private Key: openssl rsa -in privatekey.pem -check Query All Information: openssl x509 -in certificate.pem -text -noout Query Subject: openssl x509 -in certificate.pem -subject -noout Query Validity: openssl x509 -in certificate.pem -dates -noout Query Purpose: openssl x509 -in certificate.pem -purpose -noout Example: Certificate purposes: SSL client : No SSL client CA : Yes SSL server : No SSL server CA : Yes Netscape SSL server : No Netscape SSL server CA : Yes S/MIME signing : No S/MIME signing CA : Yes S/MIME encryption : No S/MIME encryption CA : Yes CRL signing : No CRL…