Logistic Map

There’s a simple function, which eventually can result in pure chaos:

xn+1 = r * xn * (1 - xn)

Web Authentication API

WebAuthn uses public key cryptography (asymmetric) instead of passwords or SMS texts for registration, authentication and 2FA.

  • Protection against phishing: webauthn signatures changes with the origin, so it won’t work on “similar” webpages (with different domain name).
  • Reduced impact of data breaches: it does not really matter if the public key is stolen.
  • Invulnerable to password attacks: much harder to crack it by “brute force” than passwords.


The most widely used digital image format, developed by Joint Photographic Experts Group. Several attempts has been made to replace it with something “better” (JPEG 2000 included), but it still helds its position. ISO/IEC and ITU-T standard, which only specifies the codec, but not the file format - the Exif and JFIF standards define the commonly used ones.

QR Code

Invented by Denso Wave (japanese automotive company, subsidiary of Toyota) in 1994 to track vehicle parts during manufacturing. It was designed to allow high-speed scanning. Now it is used basically everywhere.

Portable Network Graphics

One of the most widely used raster image formats, that supports lossless compression, alpha transparency and is supported by all the webbrowsers. It was developed in 1996 as an improved, non-patented replacement for GIF (“PNG’s not GIF”). ISO and IETF standard.

Form Data

How form data can get from the browser to the backend.

Without JS

  • action: where to send the data (URL, current URL by default)
  • method: GET, POST (and there’s dialog too…)
  • enctype: only for POST, Content-Type of the data
    • application/x-www-form-urlencoded - default, URL encoded body
    • multipart/form-data - multipart data, required for file uploads
    • text/plain - for debugging, don’t use, security issues

Go(lang) - advanced topics



Goroutine: a lightweight thread managed by the Go runtime.

It’s pretty simple to execute a function call as a new goroutine:

go f(param1, param2)

The program is terminated when the main goroutine finishes.



  • statically typed (w/ type inference)
  • compiled (statically linked)
  • memory safety, garbage collection
  • built in dependency management
  • concurrency:
    • goroutines (~coroutines/threads)
    • channels
    • select (for channels)
  • interfaces for “virtual inheritance”, type embedding
  • standardized formatting (gofmt)
  • multiple implementations (gc, gccgo, gollvm, gopherjs, …)


  • 2019, https://matrix.org/
  • not the movie, but the “matrixed communication”
  • open standard: spec
  • non-profit Matrix.org Foundation
  • decentralized
  • end-to-end encryption
    • olm, megolm
    • based on Signal’s double ratchet
    • extended to support encrypted rooms
  • messaging (IM, rooms, bots, even IoT devices)
  • signaling (for WebRTC, VoiP, video calls)
  • bridging to other IM networks (XMPP, Slack, IRC, Discord, Facebook, …)
  • HTTPS+JSON based by default, but a much lighter UDP based demo was already created for ~100bps (!) networks

Rate limiting


  • DoS - Denial of Service attacks
  • Brute Force attacks
    • collect customer email addresses (signup)
    • reveal username/password pairs (login)
    • send emails (contact us, gift card)