Meteor Basics, Secure Hash Algorithms, and 404 Error Pages

Today I learned:

Meteor Basics

  • Meteor is a platform for building real-time web apps that sits between your app’s database and its user interface and makes sure both are kept in-sync. It is built on Node.js, so it uses javascript on both the client and the server.
  • If you want to go above and beyond the Meteor documentation, the Discover Meteor book is a good place to start.
  • If you want to start learning Meteor but are fuzzy on the basics of Javascript, here is an 80/20 primer.

Basic Usage

  • To create a new project:
 $ meteor create [project name] 
  • To then run that new app at http://localhost:3000/:
 $ cd [project directory] $ meteor 
  • To stop the app from running, press ctrl+c
  • Adding a package like Twitter Bootstrap to a Meteor app is incredibly simple. No files to link up, Meteor takes care of all of that out of the box:
 $ meteor add twbs:bootstrap 


Meteor has five types of packages. most can be seen in [project directory]/.meteor/packages:

  1. meteor-base is Meteor’s set of core components.
  2. First-party packages that come bundled with Meteor that can be removed, such as mongo (the database) and session (a client-side reactive dictionary).
  3. Local packages specific to your app, which are stored in /packages
  4. Third-party packages available at Meteor’s online package repo, Atmosphere. These are named in the author:package convention.
  5. NPM packages in Node.js. They aren’t listed with other Meteor packages, but can be imported and used by other Meteor packages.

Meteor has some special directories:

  • /.meteor/ is where Meteor stoes its own code. Don’t modify it.
  • Code in /server only runs on the server
  • Code in /client only runs on the client
  • Everything else runs in both places
  • Static assets should be stored in /public (The exception is CSS. Meteor automatically loads and minifies CSS, so it should be stored in /client)

Meteor loads files in a specific order:

  • Before anything: Files in /lib
  • After everything else: Any files named main.*
  • Everything else is loaded in alphabetical order by file name.


  • To quickly set up a staging server, you can create a Meteor account and deploy to a Meteor subdomain for free:
 $ meteor deploy 
  • For deploying to your own server, check out Meteor Up, a command line utility that automates setup and deployment for you.

404 Error Pages

  • Making a 404 error page isn’t enough, you have to tell Apache where to find it. I’m used to working on WordPress, which takes care of that automatically. Turns out I’ve been running this site for a few months without my 404 page working. Whoops!
  • To do so, add ErrorDocument 404 /404.html to your .htaccess file. Replace /404.html with the path to your 404 page.

Secure Hash Algorithms

What are they and what is the difference between SHA1 and SHA2?

  • SHA stands for Secure Hash Algorithm. The short story about how is works is that a mathematical operation is run on a given input and a unique output, or hash, is generated. By comparing the output to an expected output, you can verify the data’s integrity. The theory is that no two different input values should result in the same hash output (called a collision).
  • SHA1 algorithms produce a 160-bit hash value, while SHA2 algorithms can produce 224, 256, 384 or 512 bit hash values depending on the function used.
  • The very short explanation is that SHA2 hashes larger and are theoretically much less likely to have a collision than SHA1 hashes due to the underlying algorithmic changes.

What is it used for?

  • Generally, SHA is used for verification. If the hash you calculate matches the expected result, your data has most likely not been tampered with or corrupted.
  • Git uses SHA1 to verify data has not changed due to accidental corruption.
  • SHA is used to sign SSL certificates.
  • Bitcoin uses SHA2 to verify transactions
  • SHA2 is used in the DKIM message signing standard (i.e. what checks to make sure someone isn’t spoofing your email account)
  • Some software vendors are adopting SHA2 for password hashing.

Why should I care?

  • SHA1 is on its way out. Chrome is showing errors on sites with SHA1 SSL certificates that expire past Jan 1, 2016. All major browsers will stop accepting SHA1 SSL certificates by 2017.
  • Every site using SSL signed with SHA1 needs to update their certificates.
  • Most certificate authorities have instructions for migrating to SHA2.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: