More

vjay15 · 2026-04-30T16:30:48 1777566648

this was such a funny read

vjay15 · 2026-04-30T06:01:24 1777528884

Mistral is playing the long game here ngl, lower sized models, lower costs, overall good enough performance!

vjay15 · 2026-04-25T02:34:38 1777084478

The songs it generates is so corporate music pilled and generic, it has no creativity of its own and even if we try to make it do something creative, it generates the same EDM style beat with no taste, well I guess stock music users rejoice, you dont need to use stock music anymore, you can create endless stock music

vjay15 · 2026-04-20T09:23:35 1776677015

Omg, we can access even ancient OSes, this is amazing!

vjay15 · 2026-04-19T16:04:45 1776614685

kdenlive is really good

vjay15 · 2026-04-16T04:47:06 1776314826

but api keys arent meant to be revoked once used right?

vjay15 · 2026-04-16T03:00:41 1776308441

Yes, it's just a random long password used to access public APIs

vjay15 · 2026-04-15T12:27:49 1776256069

no this is just a POC, I haven't implemented any of it

codingjoe · 2026-04-15T18:08:08 1776276488

Ok, then for everyone. Don't save tokens in a database. Selects are vulnerable to timing attacks. You want a token to include a id and a signature. The ID is used to look up the scope or user attached to the token, while the signature is recreated from the ID, the server secret and some salt. The resulting signature is double checked with the provided signature with a time constant comparison.

An attacker will be able to identify valid keys, but won't be able to sign them.

You can either split the values like aws or join them with a separator.

Good idea with the slug though, makes it easier to report leaked tokens to the issuer.

vjay15 · 2026-04-15T10:36:19 1776249379

fixed it in the blog, thanks for pointing it out amelius ;-;

vjay15 · 2026-04-15T10:07:21 1776247641

It is alright, I am learning a lot from them as well, healthy criticism is always useful :) I am very glad that you found this a great write up ^_^