I write about TypeScript, Node.js, React, security and privacy.


The Security of GitHub Actions


GitHub Actions are a great way to build powerful customised CI/CD workflows using the power of community-driven resources, but they can be tricky to get right in terms of security.

Password Reset for End-to-End Encrypted Applications

We forget passwords. Usually it's OK, because most websites implement a password reset feature. But how to do this in end-to-end encrypted applications that don't have access to the password in the first place ?


How To Store End-to-End Encryption Keys In The Browser


End-to-end encrypted applications use cryptographic keys that don't leave the client, so how do we store them securely in the browser ?