This guest post is by longtime Meteor community member Pete Corey, who is an independent consultant, web developer, and writer.

For the past three years I’ve been living and breathing Meteor security, and I’m excited to say I’ve managed to compile everything I’ve learned into a single comprehensive guide to securing your Meteor application. To celebrate the newly released Secure Meteor, I thought we could talk about one of the most prevalent and dangerous vulnerabilities that developers commonly introduce into their Meteor applications.

Let’s talk about NoSQL Injection!

Image for post
Image for post

To set the scene, let’s pretend that we’re building a Meteor-powered online…


My test suite has grown to be unreliable. At first, a single red test raised its head. Not believing my eyes, I re-ran the suite, and as expected, everything came back green. As time went on and as more tests were offered up to the suite, random failures became more of a recurring problem. Eventually, the problem became so severe that the suite consistently failed, rather than consistently passed.

Something had to be done.

After nearly twenty four hours of banging my head against the wall and following various loose ends until they inevitably unraveled, I finally stumbled upon the…


A few weeks ago I begrudgingly decided that my Chord project needs a web-based front-end. After weighing various options, I decided to implement the heart of the front-end as a React-based ASCII chord chart renderer.

After some initial code sketching, I had a working prototype, and a few revisions later I found myself happy with the final code. Let’s dig into it!

What’s the Goal?

Before we start diving into code, let’s take a look at what we’ll be building.

Our Chord back-end treats chords as either a list of optional numbers representing frets played on specific strings, or a list of optional…


For a recent client project, I’ve been building out a Node.js backend service fronted by a GraphQL API. A recent revelation made me realize just how useful Jest’s snapshot testing can be for writing high-level backend tests, specifically tests targeting GraphQL queries.

My typical approach for testing GraphQL queries is to import and test each query’s resolver function individually, as if it were just another function in my application.

Here’s an example to help paint a more complete picture:

const { bedCount } = require('...'); describe('Unit.bedCount', () => { it('it counts beds', async () => { expect.assertions(1); let user =…

I just pushed a massive refactor of my Elixir-powered Bitcoin full node project that considerably simplifies the parsing and serialization of Bitcoin network messages.

I’m a big fan of the solution I landed on, and I wanted to share it with you. The key insight I had was to switch to a recursive solution where each sub-component of every messages handles its own parsing and serialization.

Obviously the devil is in the details, so let’s dive in.

What’s the Problem?

Before I took on this refactor, I was handling the parsing and serialization of Bitcoin network messages entirely manually. For every message, I’d…


As I mentioned on Twitter, I’ve been experimenting lately with using a visually minimal Spacemacs setup. I’ve been using this new setup every day for several weeks, and I’m absolutely in love with it.

Want screenshots and an overview of how it works? Read on!

But First, Screenshots

Olivetti is an Emacs package designed to create a distraction-free writing experience within your editor. Most of Olivetti’s screenshots show it in the context of editing markdown. That makes sense, as the term “distraction-free writing” is usually applied to the context of writing prose.

But what if I want a “distraction-free writing” environment for writing…


A common trend I see in Elixir projects is that modules tend to become large. Sometimes very large. This isn’t necessarily an issue, but it goes against some deep seated heuristics I have for building software.

As my Chord project started to get complex, I repeatedly found myself reaching for a pattern to keep my module size and complexity down, while still maintaining a friendly and approachable API.

Let’s dig into some examples.

What’s the problem?

The Chord module is the heart of my Chord project. Using Chord you can generate guitar chord voicings, generate possible fingerings for a given voicing, and even…


Jumping off after our previous two articles on Voice Leading with Elixir, and Algorithmically Fingering Guitar Chords with Elixir, we’re left with a series of chord voicings ranked according to how well they voice lead from our starting chord, and the set of all possible fingerings for each of these voicings.

Given that our starting chord has a known fingering, which fingering of each of these “best” voicings is the “easiest” to play after our starting chord?

This is an interesting question, and gives us the opportunity to flex our algorithmic muscles again. This time we’ll be basing our solution…


I’ve always had a tumultuous relationship with caffeine. When I was younger I would drink gallons of diet soda a day (sometimes literally). As I grew older I discovered coffee and increased my caffeine consumption by orders of magnitude.

It took me until I was nearly thirty years old to realize that my consumption of huge amounts of caffeine was probably related to a low-level background radiation of anxiety that I’d been experiencing nearly my entire life. In an effort to better myself, I tried cutting back on coffee and even quitting altogether. …


Last time we wrote about using Elixir to generate all possible voicings of a given guitar chord to find the voicing with the best voice leading between another chord.

While this was great, there were several issues. We were conflating the idea of “musical distance” and “physical distance” when calculating optimal voice leading, and we weren’t taking the playability of the progressions we were generating into account.

To address both of these issues, we need to know not only which voicings are possible for a given chord, but also how each of those voicings can be played. …

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store