Notes taken between: 25-01 February/March 2019
some libraries treated tokens signed with the none algorithm as a valid token with a verified signature. The result? Anyone can create their own "signed" tokens with whatever payload they want,
allowing arbitrary account access on some systems. https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
creating a public/private key
openssl genrsa -out app.rsa 2048
openssl rsa -in app.rsa -pubout
alternative to ctrl+c :
history | grep <insert search term
pprof package. This profiling information is useful to track down memory leaks or deadlocked mutexes.
globals should be avoided because if modified all uses of it need updating as well.