DEV Community: Hope Clarke

KeyFrame Animation in 2026- Creating Fire with CSS!

Hope Clarke — Mon, 30 Mar 2026 13:48:44 +0000

When I began my journey into software design, I attended an event where an alum of the program I was considering was presenting a project they had worked on, and they mentioned working with @ keyframe animation. This perked my ears, as I had studied animation all through my high school years into college, and I still dabbled a bit in my spare time.

This was... not the same thing at all. Kind of the same, but not really. Most of the programs I used for 2d cell by cell hand drawn stuff, use the word 'keyframe' to describe the endpoint of a path created by the element you are animating- you use them as sort of 'footholds' while creating the motion/color/shape changes that take place 'in-between them'. I was expecting this as well for the css property- and while that is sort of the same thing, that you create a change that will be executed at the point of time you designate, css is NOT animation software, and all of those 'frames' need to be either css properties individually managed, or static images.

In the current project I am working on, one of the things we need is a 'fire' or 'burning' effect, and while looking for a good element to drop in, I didn't really find any hand-drawn, 'inky' sort of flames that would fit with our design. I did find some really cool examples that made me extremely curious about my own abilities and experience, and whether or not I could just do this myself.

In this example:

The Fire Bringer of Atrani

A loop begins of a seaside city next to a slowly swirling sea. The moon rises, and a torch appears, floating from doorway to doorway, lighting all the windows from inside. The city burns, the sun rises, and the loop begins again.

This entire thing had 1 CSS property, a background color, and ZERO javascript code. EVERYTHING in pure html. Insane, I had never considered or even seen this type of design.

And this one:

Now this little Campfire Colony by Jackie Zen, was pretty easy for me to understand!
Campfire Colony

Html that contained basically only the actual elements being animated, and css handling the rest:

Okay. Now with my knowledge of Keyframe animation, could I create something myself that would match the inky style we wanted?

I decided to give it a try. I decided to draw out a simple 3 flame vector image. The simplest approach with my 2d background would be to create all the frames I want my animation to go through, and cycle through them. I decided to aim for 7 frames, and created those images by drawing the flames path of motion over the top of the previous flame, cell-by-cell style.

My flow went like this: Create 3 flame images, group together(frame 1). Draw 3 more flame images(the 'forward motion') group together(frame 2), change the 1st flame image opacity to 0. Repeat.

Now that was done, I wanted to download these vectors into transparent png, load them into my project, and see if I could have them loop through the @keyframe property.

)

It works!

I made a flameshow object, and a flameshow image property that included the 'animation' method. That pointed to the 'keyframes cycle', where I set up the opacity to work with the .7 seconds(so each frame shows for .1 second). Then, I also had the animation set up looping infinitely and by 1 step each.

While this flame is really rough, I can totally use this new skill to add all sorts of things to my designs!

🦄‍🪽 Unicode Characters & GlassWorm 🥛🐛

Hope Clarke — Mon, 23 Mar 2026 14:19:03 +0000

Invisible Unicode Characters and the GlassWorm Malware

In October of last year, researchers at Koi Security discovered malware targeting Visual Studio Code and Open VSX extensions. By the time it was detected, it had already spread to around 35,000 machines.

It was only discovered after an extension “introduced some suspicious behavioral changes”, which prompted deeper investigation by the researchers

Instead of inserting visible malicious code, it used Unicode characters to inject hidden instructions directly into the source. These characters occupy space in a file but have no visual representation, so the malicious code is effectively invisible to the human eye. You could review the source normally and never see the payload.

Once installed, it got right to work. The extension would:

- Harvest credentials from npm, GitHub, and Git configs
- Look for and target cryptocurrency extensions to drain funds
- Deploy proxy servers to help create botnets
- Install hidden VNC servers for remote access
Then use all of the above to compromise other packages and continue spreading

Because it targeted developer environments directly, it could move through dependency chains and infect other packages, turning infected machines into distribution points for the malware.

How the “Invisible Code” Works

It’s actually pretty easy to find tools that generate these characters.

Every text character in the digital world has a unique identifier called a Unicode code point. That includes letters, punctuation, emojis — everything. Computers don’t read text visually like we do; they read those numeric code points.

Some Unicode characters exist without a visual representation. They technically occupy space in a string, but nothing is rendered on the screen. Things like zero-width spaces or joiners fall into this category.

You can even copy and paste them from tools like:

https://invisible-characters.com/
https://invisible-characters.net/

These characters actually have legitimate uses — especially for formatting text or controlling layout in multilingual systems or complex scripts.

Here is the malicious code from GlassWorm's initial detection:

You cannot see the malicious code at all!

I was able to find a few javascript Unicode Detectors- so you CAN find these, but this kind of check wouldn't normally be something you'd make/run on every npm package.

Here's my example of one:

function detectUnicode(str) {
  const unicodeChars = [];

  for (const char of str) {
    const codePoint = char.codePointAt(0);
    if (codePoint > 127) {
      unicodeChars.push({
        char,
        codePoint: `U+${codePoint.toString(16).toUpperCase().padStart(4, '0')}`,
        decimal: codePoint,
      });
    }
  }

  if (unicodeChars.length === 0) {
    console.log("No Unicode characters found.");
    return;
  }

  console.log(`Found ${unicodeChars.length} Unicode character(s):`);
  unicodeChars.forEach(({ char, codePoint, decimal }) => {
    console.log(`  '${char}' → ${codePoint} (decimal: ${decimal})`);
  });

  return unicodeChars;
}

Copy this into your editor and call detectUnicode(string); with a string with emojis or invisible unicode text.

Code inspired by: how to get a unicode code point in JS

After It Was Found:

Once the malware was finally detected, Microsoft and the Open VSX maintainers removed the compromised extensions from their registries.

But by that point, it had already spread widely across developer environments and package ecosystems.

GlassWorm is a good example of how supply chain attacks against developers are evolving — sometimes the exploit isn’t in the code you see, but in the characters you can’t.

Sources:

https://www.darkreading.com/application-security/self-propagating-glassworm-vs-code-supply-chain

https://www.csoonline.com/article/4145579/open-vsx-extensions-hijacked-glassworm-malware-spreads-via-dependency-abuse.html

https://www.scientificamerican.com/article/glassworm-malware-hides-in-invisible-open-source-code/

https://invisible-characters.com/

https://invisible-characters.net/

Lithium Battery Woes... ((or... why I can't hack my Mardi Gras Throw))

Hope Clarke — Mon, 16 Mar 2026 11:38:18 +0000

On the magical day that is Mardi Gras day, I performed the sacred ritual of giving the small child next to me a throw I caught. In this case, it was a Zulu spear from the truck parade. A few minutes later, his mother handed me a small box in return and said, “My kids don’t need this!”

Inspecting my spoils, I immediately thought: "jackpot!"

Inside the box was a small, round, “rainbow ring selfie light”, with a mirror inside. It connected to your phone via a Bluetooth connection. It fit perfectly with my previous blog post with Andrew Bellini’s guide on hacking small IoT devices. A cheap, obscure gadget with wireless connectivity is basically a hacker’s invitation, and I was ready to get my feet wet in trying to find out what language it had been coded in and API calls this thing would make when connected.

I opened the packaging later, set it on my desk, and planned to come back to it in a few weeks. When I showed it to my coding partner a week or two later, I noticed something strange: the mirror had popped loose from the ring on one side. When I opened the casing, the reason became obvious. The tiny lithium battery inside had begun to puff.

If you’ve never seen this before, it’s unsettling. There's a whole 'spicy pillows' subreddit. Lithium batteries that fail often swell as gas builds up inside the sealed pouch. Once that happens, the safest option is to throw the device away before it becomes a fire hazard or just explodes.

So my exciting little Mardi Gras hacking project ended its life in the trash. Super disappointing.

I tried to find another one online, but the throw was so low-quality and obscure that I couldn’t even locate a replacement. Apparently the world is not overflowing with Bluetooth selfie-light mirrors designed to be thrown from parade floats, especially colored ones. So for now, the hunt continues for the perfect low-security IoT device to take apart.

But the whole experience left me wondering something: why do lithium batteries fail like this? I knew they had a chemical reaction to work in the first place and this was probably something to do with how that was inturrupted, but I wasn't exactly clear why/how the whole process worked.

What’s Happening Inside a Lithium Battery

Lithium-ion batteries work through controlled chemical reactions. A battery has three main components: an anode, which is negatively charged and holds a large number of electrons; a cathode, which is positively charged and lacking those electrons; and an electrolyte, which allows lithium ions to move between them.

When a circuit is completed, electrons flow through the external device while lithium ions move internally through the electrolyte. That movement of charge is what powers the device.

All of this normally happens in a carefully balanced chemical system. When the balance is disrupted, however, the reactions can start producing heat faster than the battery can safely dissipate it.

Thermal Runaway

The most dangerous and typical failure mode for lithium batteries is something called thermal runaway.

Thermal runaway happens when a battery begins heating internally and the temperature increase triggers further chemical reactions that generate even more heat. Instead of stabilizing, the system begins to feed on itself. As the temperature rises, components inside the battery begin to break down, releasing gases and accelerating the reactions further. This feedback loop is what eventually leads to swelling, venting gas, fire, or even explosion.

Several different issues can trigger thermal runaway.

Mechanical damage is one of the most common causes. If a battery is crushed, punctured, or sharply bent, the thin internal separator that keeps the anode and cathode apart can fail, allowing the electrodes to touch and create an internal short circuit. This barrier is only about 15 microns thick, so even small impacts can cause microscopic damage that develops into a failure later.

Electrical stress can also destabilize a battery. Charging beyond the safe voltage range or failures in the charging electronics can cause lithium to deposit unevenly inside the cell, forming tiny metallic structures that pierce internal layers and create short circuits(and start the whole swelling process).

Heat damage, from the surrounding environment can push a battery past its safe operating limits as well. As the temperatures rise, the electrolyte and electrode materials begin to decompose, releasing gases and additional heat that further accelerates the reactions. So being transported in unventilated shipping containers, or being in the sun in trash backs on top of the truck awaiting the start of the parade.

Manufacturing defects are another important trigger that is being seen more and more, and really peaked my interest when I found several articles from this previous fall and winter about how these failures have become more common with the rise of inferior product design in the post-covid supply chain.

Lithium batteries are extremely precise, with internal separator layers thinner than a human hair(that 15 micron buffer). If electrode layers are misaligned, if microscopic contaminants are left inside the cell, or if insulating layers are imperfect, those internal flaws can eventually create internal short circuits and initiate thermal runaway.
In those articles from last year, researchers using industrial CT scanners to inspect batteries have found that a significant portion of low-cost cells contain internal defects such as electrode misalignment or structural irregularities that increase the risk of failure.

The Cheap Battery Problem

Once I couldn’t find another version of the device online, the possibility of poor manufacturing started to seem more likely. The swelling I saw in my selfie light was likely an early stage of this breakdown processes. Gas buildup inside the pouch battery pushed outward until it forced the plastic casing apart and dislodged the mirror.

Demand for lithium batteries has exploded over the past decade thanks to smartphones, laptops, e-bikes, scooters, and electric vehicles. That rapid growth has created a huge global supply chain, and not all batteries moving through it are made to the same standards.

Investigations into low-cost and counterfeit lithium batteries have shown that some cells lack safety features that are standard in legitimate products. Proper lithium cells typically include internal protection mechanisms designed to stop dangerous conditions before they escalate. These can include devices that interrupt current if internal pressure rises too high, or components that increase electrical resistance when the battery overheats.

In cheaper or counterfeit batteries, those protections are sometimes missing entirely.

In other words, when electronics are extremely cheap, the battery inside may literally be missing the safety features meant to prevent the exact kind of failure I encountered.

So What Happened to My Mardi Gras Throw?

I can’t know for certain.

Maybe the battery was damaged when it hit the ground after being thrown from the float. Maybe it was overheated somewhere along the way. Or maybe it simply contained a poorly manufactured battery cell from the beginning and was doomed from the get go.

Lithium-ion batteries pack a surprising amount of energy into very small spaces. When they’re built well, they’re incredibly reliable. When they’re built poorly, the chemistry can go sideways in dramatic ways.

So sadly, my would-be little IoT hacking project never got off the ground.
But the discarded selfie light still ended up teaching me something: even the cheapest gadgets contain surprisingly sophisticated, and occasionally dangerous, technology.

And somewhere out there, the perfect cheap IoT device is still waiting to be caught. Preferably one with a battery that stays un-puffed long enough for me to take it apart.

Thanks to these sources!

The Verge.com

PR newswire.com

Thermal Runway and why you can't bring a lithium battery on a plane

Thermal Runway as a concept overall

DesignNews.com

The IoT... Security Risks and Hacking for Beginners

Hope Clarke — Mon, 02 Feb 2026 14:42:06 +0000

Introduction to the Internet of Things (IoT)

So what is the Internet of Things? It is any physical object that connects to the internet and can send or receive data. That includes obvious things like your phone and smartwatch, but also wireless speakers, smart lights, security cameras, and pretty much anything with the word “smart” printed on the packaging. It goes beyond your house, too. Cars, smart beds, medical devices, and industrial equipment all fall under the IoT umbrella.

If you do an Amazon search, the amount of these devices is honestly kind of wild. Within the first two pages, I found smart wall plugs, air purifiers, sunrise and digital clocks, picture frames, power strips, wall switches, thermostats, bodyweight scales, curtain openers, essential oil diffusers, projectors, garage door controllers, pet feeders, in-wall energy monitors, night lights, digital calendars and whiteboards, smoke detectors, charging stations, gun safes, button pushers, thumbprint door handles, lamps, air quality monitors, litter boxes, and finally “all-in-one streamers” that let you control everything I just listed with your voice from your couch without ever standing up.

For most users, the idea of a Jetsons-like smart house sounds extremely convenient. Who wouldn’t want to control every item in their home without lifting a finger? I myself have an entire home of Philips Hue smart lighting, which I can’t get enough of. As a renter, being able to change the color of the walls through light to suit my mood is addicting, and I find the “sunrise” setting (like the clocks I mentioned above) really helps me get up on time in the morning before class. I even have the option for my lights to “wake up” and bathe my whole house in a warm, welcoming glow when I get home from my bar job late at night, as soon as my phone connects to my Wi-Fi network while I’m walking across the parking lot.

The Elephant in the Room- Smart Device Privacy

But how much of my personal information is available through my lightbulbs and smart app? If someone were to view the data connected to my Hue app, it would be pretty easy to see what time I get up in the morning, how long it takes me to take my dog for a walk, and what nights I bartend after class, just from those two settings: my sunrise alarm and turning-on-by-location.

This realization shocked me. I consider myself to be pretty savvy when it comes to privacy. I don’t use social media, I don’t download apps (preferring a more secure browser, such as Brave), I routinely review and delete my personal data connected to my iOS devices and email, and I use a VPN on both my phone and personal PCs. And I still didn’t quite understand the amount of exposure the few smart devices in my home could facilitate. I go out of my way to hide my location activity on my iPhone. How did I not think about this?

Most IoT devices are small, inexpensive, and designed to be plug-and-play. It seems like just yesterday, but it was really about 5–7 years ago, right before COVID, when everything you wanted suddenly had some sort of digital or “smart” connection. That little checkmark that popped up when you entered your Wi-Fi password on a small device felt really good, always a bit of a surprise: “Huh! That worked! Great!” Now those little smart devices have been dragged with me through relationships and apartments, with Wi-Fi passwords blissfully updated at each move. That ease of connection usually means these devices do not require any real security software at all. If someone is on your network, or in some cases just within wireless range, they may be able to access or control them.

But is there Even a Real Risk?

In my last post, I touched a little bit on how malware can spread and stick around on your computer, and every one of these items is basically a small computer. If someone had programmed a device to install malware and affect other devices in range, it is totally possible to create a botnet out of every one of your smart home items. Most of them are programmed in C or C++... so they all speak the same language. Once reprogrammed, they can collect Wi-Fi data, IP addresses, location data, and in some cases financial or other private information. So now, my smart light bulb is not just a light bulb anymore. It is a tiny computer with opinions (and a posse).

The bigger my IoT setup gets, the more exposure I have, with each additional device acting as another potential entry point. One smart device might not seem like a big deal, but when you stack dozens of them together, you are basically building a very polite but very insecure digital neighborhood. Even if devices include a basic password or encryption setting when purchased, many IoT products stop receiving software updates after only a few years. Once updates stop, security vulnerabilities remain permanently unpatched. So while Philips may have great security on my lightbulbs, my COVID-era security cameras that need a reset every time the power goes out and haven’t had a firmware update in two years—but are still technically functional—could still exploit my network and expose other devices once connected.

There is also an environmental side to these devices that does not get talked about enough. They are often designed for short lifecycles and are difficult or impossible to repair, which means they end up straight in the trash once they lose usability. How many users are making sure to completely wipe a device before throwing it out? How many Wi-Fi passwords do those items still contain? Not to mention, this represents a major waste of resources and raises ethical concerns, since many of these products are manufactured in developing countries under exploitative conditions within today’s consumer supply chain.

Hacking these devices- Shockingly Easy for Beginners!

I started wondering how easy it would be to hack these devices. Turns out, not hard at all. After watching these two videos, I’m pretty confident I could figure out something small. Andrew Bellini is a captivating speaker, and his website provides tons of classes for even more complicated hacking if I were motivated enough.

DEF CON: Anyone Can Hack IoT – Andrew Bellini

David Bombal also had a great tutorial. With Python being such a prevalent language, I think even my snot-nosed neighbor, who isn’t even in middle school and likes to call me an AI bot (to my face??), could figure it out.

Hacking IoT devices with Python (it's too easy to take control)

So how do I limit my exposure? Turns out, a lot of what I already do for my mobile devices and personal data is on the right track.

Do an audit of every smart device in your home and figure out if you actually need or want the device, and limit the overall smart devices in your home. Frequently check for updates through the manufacturer's website, and purchase from reputable manufacturers that actually provide long-term updates (like Hue, instead of whatever random-letter-string brand is cheapest on Amazon). Use long and unique passwords with a password manager for each account, properly secure your Wi-Fi network, and, if you want to be extra cautious, place IoT devices on their own separate Wi-Fi network away from personal computers and phones.

And lastly, I found another short video about hacking IoT from IBM, that provides some great security tips at the end.

Securing Your IoT Devices

So yes, IoT is convenient. It is cool. It is everywhere.
But it is also something we should approach with a little healthy skepticism, and maybe not give full internet access to every object in our house just because it has a touchscreen.

Additional Sources

Science News Today – What Is the Internet of Things
https://www.sciencenewstoday.org/what-is-the-internet-of-things-iot-a-complete-guide-to-iot-technology-and-its-applications

IBM – Internet of Things
https://www.ibm.com/think/topics/internet-of-things

Sticky Bugs!

Hope Clarke — Mon, 26 Jan 2026 05:32:37 +0000

Malware- How familiar are you?

Malware is any program or piece of software that is installed on a computer system without the user’s knowledge or consent for malicious purposes. It can be used to monitor activity—everything from internet usage, personal images, and stored documents, to copying or stealing sensitive information such as credit card numbers and other personal data. In more destructive cases, malware may directly alter, corrupt, or delete files on a personal device.

When you use the term malware persistence, you are discussing the ability of malicious software to maintain access to a target system even through reboots, system shutdowns, or attempts to remove it. Persistence techniques are what allow malware to survive beyond its initial execution and remain active over time.

There are several different ways a malicious actor can gain access to a computer system. Malware designers may rely on a single technique or use a combination of methods in order to embed their files into a system and ensure they remain present. The goal is not just initial access, but longevity.

Startup techniques are especially popular because they take advantage of the initial boot process of a device. During startup, many legitimate processes are running simultaneously, which creates an opportunity for malicious programs to blend in and avoid drawing attention.

Real-World Examples:

Imagine you wanted to remotely monitor a group of files on a computer, but needed the program to be extremely resource-light in order to best evade detection. You would not want to design the program to constantly watch for changes in real time. Maintaining a continuous connection while monitoring and transmitting data simultaneously consumes system resources—and that resource usage is often what alerts users or anti-malware software to suspicious behavior.

A much more efficient approach would be to attach the program to existing startup processes.
This allows the malware to “wake up” at the same time as legitimate startup activity, with its resource usage masked by everything else happening on the system. It could then review only the saved changes to the files since the last run. If a method of malicious transmission is available, send those changes immediately; otherwise, it could cache them and wait for a future opportunity.
After completing its task, the program would return to a dormant state, consuming no additional resources until the next startup.

Similarly, imagine a scenario where the goal is to destroy a victim’s files—but only after a certain amount of monitoring time has passed, or once a specific event has occurred. Constantly tracking time or actively watching for that event would increase the likelihood of detection. A stealthier strategy would be to wait until startup, check whether the condition has been met, and then execute the file destruction only when appropriate.

Types of Windows Persistence Methods:

One common persistence method involves dropping malicious files into the Windows startup directory. Programs located in these directories automatically execute when a user logs in, and most users are unaware that startup directories exist at all. This makes them an easy and popular method for ensuring execution, since the majority of users would never discover the program unless it directly affected their experience.

Once placed in the startup directory, the malware can quietly continue operating, reloading and updating itself each time the user starts their system. Over time, this allows the malicious software to maintain a consistent presence without drawing attention.

If an attacker needs an additional layer of stealth—particularly to avoid detection by more advanced users—they may instead modify registry autorun keys. This technique involves altering Windows’ built-in automatic processes to include malicious files. Because these keys are buried deep within the registry, they are unlikely to be inspected during casual troubleshooting.

By leveraging registry modifications, scripts can gain access to administrative-level keys and repeatedly apply changes throughout the system. This allows the malware to reinforce its own persistence and potentially expand its reach further into the operating environment.

These techniques are typically executed at system startup, but attackers can also target user-level login and logout processes. This enables the malware to activate each time a user signs in or out, increasing the number of opportunities it has to execute.

While the examples discussed so far focus on Windows-based systems, Linux and macOS are not immune to similar persistence techniques. Each operating system has its own startup mechanisms that can be exploited in comparable ways.

Visit this Great Resource!

Different Types of Malware:

Malware can be one or a combination of the following types:

Viruses are sent from host to host, and typically cause performance issues.

Botnets take over a group of devices, dictating them to do whatever the hacker would like them to do.

Trojans appear like legitimate downloads. Users will infect themselves unknowingly.

Worms are similar to other types, but are defined by the ability to replicate and while continuing to work on the host.

Spyware gains access to personal information.

Adware generates revenue by forcing advertisements (can be called spamware).

Ransomware directly asks for money, usually to prevent the spread of personal data.

Trends in Malware: Where Are We Going?

Terms like Love Bug and Trojan Horse have entered the general cultural vocabulary around cybersecurity, but modern malware looks very different from those early 'bugs'. In the early days of the internet, attackers often aimed to infect as many systems as possible in the shortest amount of time, prioritizing scale over precision. Today, malicious actors are far more targeted. Rather than casting a wide net, they focus on specific high-value targets such as medical, financial, educational, technological, and infrastructure systems, as well as individual users’ payment information and personal data.

There are also services that provide malware infrastructure as a service. These offerings include installation, maintenance, monitoring, and reinfection support—for a price.
In this model, one party supplies the malicious program, while another handles its deployment and upkeep, dramatically expanding how widely and persistently the software can spread.

As more data is stored outside of individual devices and moved into cloud-based platforms, new opportunities for exploitation continue to emerge. Attackers may target API keys, misconfigured storage solutions, or vulnerabilities in support services. As quickly as cloud technology evolves, the techniques used to attack it evolve right alongside it.

This diagram lays out how data can be transmitted from the target to the adversary. The 'neutral' space represents the space that data needs to be funneled through before it can be processed.

In this image, imagine the cows/grain/farm to be any data resources or information that the adversary is trying to take.

Visit this Great Resource!

Great thanks to the resources that taught me!

Malware as an Evolving Cyber Threat

Example set up Malware with examples

6 Persistence Methods in Malware

New Chinese Linux Malware

Forbes- Strategies to Outsmart a Smarter Adversary

Monday Musings about MongoDB

Hope Clarke — Mon, 19 Jan 2026 14:35:42 +0000

Introduction

MongoDB’s history, business need, and inception

To understand how MongoDB came to be, you have to understand a little about it's background. Founder Dwight Merriman created the online advertising agency DoubleClick, with Kevin Ryan joining soon after. DoubleClick absolutely exploded, which created an entirely new-scale problem: managing massive amounts of data. Handling this volume required regional databases and significant infrastructure expenses.

In 2003, Eliot Horowitz joined DoubleClick as a new graduate and quickly became essential. Four years later, all three founders started a new company called 10gen to directly address this exact issue: building a database that could scale horizontally without the overhead of traditional relational systems.

Design

How does MongoDB store information?

MongoDB was named for its goal of handling “humongous” amounts of data. Its core engine was written in C++ and first released in February 2009. Early design philosophy emphasized:

CRUD operations for efficiency
JavaScript and JSON-style documents for flexibility
Fewer manipulation methods to increase speed and scalability
Experimental approaches to sharding versus replication

You can still see the first commit here from Dwight!
https://github.com/mongodb/mongo/commit/e73188b5512c82290a4070af4afddac20d0b981e

Here is Dwight Merriman giving the closing Keynote at ZendCon 2011, two years after launch:
Closing Keynote with Dwight Merriman

What made MongoDB so different?

MongoDB stores data in collections of JSON-like documents, rather than rows and tables. This allows developers to add or change fields without restructuring the entire database, which makes it well suited for large, evolving, or semi-structured datasets. Because documents don’t require fixed schemas, MongoDB avoids unnecessary memory overhead.

MongoDB also includes a shell that allows developers to manipulate data using JavaScript commands, making it especially approachable for JavaScript developers.

MongoDB supports multiple clients, including Python, Node.js, Java, and PHP, each with corresponding drivers that communicate with the MongoDB server. The server itself includes a query engine (with a parser, read/write engine, query planner, and DML layer) and a storage engine that persists data and can include encryption.

Visit this Excellent Resource!

Because MongoDB is open source, it can be used for both small applications and very large systems. Its support for sharded clusters enables various fault-tolerant configurations, making it an attractive option for scalable architectures.

Comparisons

How is MongoDB different from SQL-type databases?

In SQL databases, data is stored in tables made up of rows and columns. Each row represents a record, and each column represents a field. This structure enforces strict relationships between data and requires schemas to be defined ahead of time.

This fundamental difference leads to several practical distinctions. MongoDB is better suited for documents, JSON objects, and log-style data, where structure may change frequently. SQL databases require more planning and resources when scaling beyond a single server, whereas MongoDB is designed to handle large volumes of reads and writes across distributed systems.

Visit this excellent Resource!

MongoDB allows documents within the same collection to have different fields, while schema changes in SQL affect entire tables. MongoDB’s core concepts are limited to documents, collections, and databases, whereas SQL relies on data types, keys, indexes, joins, and normalization.

That said, SQL databases offer strong consistency guarantees by default. MongoDB prioritizes scalability and performance first, achieving consistency over time depending on configuration and usage.

Queries

How do you use MongoDB for data storage and access?

MongoDB allows developers to use JavaScript to manipulate data. You typically write an app.js file, connect to a database URL, and run the application using Node.js (or a similar runtime).

Once connected, MongoDB provides a rich API that includes functions for inserting, updating, deleting, and querying data, along with comparison, logical, and arithmetic operators. It also supports array operations, indexing, data modeling, and ACID transactions, which allow coordinated operations across multiple documents.

For example, we have a simple lookup where we are trying to find all documents and return just the title and author fields:

// Example query with projections:
db.posts.find({}, { title: 1, author: 1 })
// Database/ posts collection/ find /{} all documents, title & author

You can also make your own functions:

Insert initial function:

const insertDocuments = function(db, callback) {
  const collection = db.collection('documents');
  collection.insertMany(
    [{ a: 1 }, { a: 2 }, { a: 3 }],
    function(err, result) {
      assert.equal(err, null);
      assert.equal(3, result.result.n);
      assert.equal(3, result.ops.length);
      console.log("Inserted 3 documents into the collection");
      callback(result);
    }
  );
};

Final Insert Function:

const MongoClient = require('mongodb').MongoClient;
const assert = require('assert');

const url = 'mongodb://localhost:27017';
const dbName = 'myproject';
const client = new MongoClient(url, { useNewUrlParser: true });

client.connect(function(err) {
  assert.equal(null, err);
  console.log("Connected successfully to server");

  const db = client.db(dbName);

  insertDocuments(db, function() {
    client.close();
  });
});

Compatibility

What technologies does MongoDB work well with?

From mongodb.com:

MongoDB drivers provide APIs that allow applications to connect directly to MongoDB. Most programming languages also have frameworks that build on top of these drivers to provide features like security, workflows, and rapid development. For example, Django is based on Python, and Spring Boot uses Java.

MongoDB supports most major programming languages, including Python, TypeScript, Java, and JavaScript, and works across nearly all major runtimes, IDEs, and GUI tools. It is compatible with macOS, Linux, and Windows, making it easy to integrate into existing development environments.

Final Pros / Cons

What should you consider when choosing MongoDB?

When deciding whether MongoDB is the right choice, it’s important to consider your project’s intended scale, data structure, and long-term flexibility. MongoDB excels when your data model is evolving, when you expect rapid growth, or when horizontal scaling is a priority.

However, that flexibility comes with trade-offs. Applications that rely heavily on complex joins, strict relational integrity, or immediate consistency may be better served by a traditional SQL database. MongoDB requires thoughtful data modeling up front to avoid performance issues later, especially at scale.

Ultimately, MongoDB is best suited for projects where speed, scalability, and flexible schemas matter more than rigid structure. Choosing it should be a deliberate architectural decision based on how your data will grow, change, and be accessed over time.

Helpful Resources to help get you started:

Please visit my wonderful sources- they made this so much easier for me to understand!

History & Introduction, General Resources:

Quick Programming Tips MongoDB history guide

This resource in particular was a huge help!
IBM think topics MongoDB

Geeks for Geeks Database Sharding vs Replication

Geeks for Geeks ACID transactions in MongoDB

Wikipedia MongoDB page

Tutorials, Code Examples, & Reference Documentation:

W3 Schools MongoDB tutorials

Mongod Quick Start Guide

MongoDB Get Started

Comparison & Compatibility:

MongoDB vs SQL by Yash Vardhan Gupta

MongoDB Compatibility

Get your head spinning about Recursive Functions

Hope Clarke — Fri, 14 Nov 2025 14:18:24 +0000

Recursion

During my (admittedly short) time learning JS, recursion was the first concept that really blew my mind. Up until that point, I’d been trying so hard to avoid creating loops without clear iteration points, and suddenly the idea that a block of code could… call itself?? Terrifying and exciting at the same time. But in practice, the idea isn’t actually that hard to understand or implement. It can get extremely complex depending on the data you’re working with, but it’s also one of the most fun types of functions to write, at least in my opinion.

One of our teachers explained recursion like stepping into a revolving door and doing something each time you go around. There’s no natural end until you stick a doorstop into the door, which forces it to stop and lets you exit. That analogy instantly clicked for me.

I like to start with a basic function and make sure that—at the return statement—it calls itself again, usually with slightly different parameters. That’s the “revolving door.” For example, let’s say we’re going to count down from a given number to zero and print each number to the console. That’s our “do something each time.” So I’ll start by adding a return case just to make sure the recursion is… well, recursing. The door is revolving.

function recursionCountdown(number) {        // function declaration & parameter

        return recursionCountdown(?number?)  // we will worry about this later
};

We can build recursive functions to handle all sorts of situations inside the parameter we’re given. When we add these different situations, we call them cases—as in: “in this case, do this.” In the revolving-door analogy, this is your door hitting its threshold, checking for a doorstop. If there’s no doorstop, it keeps spinning.

So the next thing I like to do is add a placeholder case that returns the final value I’m looking for. This is our doorstop! I’ll have it print “No more positive numbers!” once we’ve counted all the way down. Since we’re calling the function again on the number, this has to happen when the number reaches zero—our doorstop.

function recursionCountdown(number) {        
        if (n === 0){
                console.log('No more positive numbers!');  // this is my ‘return’ statement—
        }                                                 // after looping, the code needs to exit here!
        return recursionCountdown(?number?)      
};

This also tells me that I need to call the function on the number minus one each time so we can print each descending value. Great! Now I know what my function parameter needs to be, and what goes outside the if statement—the printing of the number:

function recursionCountdown(number) {        
        if (n === 0){
                console.log('No more positive numbers!'); 
        }
        console.log(n);                    // print the number
        return recursionCountdown(number - 1);  // then call the function on the next number
};

Okay great, now we’re getting somewhere!

The number enters the function, it checks if it’s zero, prints the number, then calls itself again with the number minus one. That next number enters the function, checks if it’s zero, prints the number, calls itself again (now the original number minus 2), and so on until we finally hit zero and stop revolving through the door.

When we run:

recursionCountdown(5);

We get:

5
4
3
2
1
No more positive numbers left!`

This works as intended! But I also want zero in that list so it feels more complete. To do that, I’ll change the === to <= so zero gets included:

function recursionCountdown(number) {        
        if (n <= 0){
                console.log('No more positive numbers!'); 
        }
        console.log(n);                   // print the number
        return recursionCountdown(number - 1);
};

recursionCountdown(5);

5
4
3
2
1
0
No more positive numbers left!

Perfect. Now we have a recursive function.

You can apply these same principles to all kinds of tasks: manipulating data, pushing values into other objects or arrays, slicing arrays as you “descend,” and so on. Your revolving door’s “do something,” “check for doorstop,” and “doorstop” can be anything you want—as long as they’re in the right order:
do something → check for doorstop → keep revolving… until you hit the doorstop.

In the end, recursion has honestly become one of my favorite things to write. There’s just something really cool about a function that can call itself and slowly work its way down to the answer. It can definitely get confusing or feel a little wild when things get more complicated, but that’s also what makes it so fun. Every recursive function feels like a tiny puzzle where you figure out what happens each “spin” around the door and where the doorstop goes.

For something that originally seemed scary, recursion turned out to be one of the most interesting and enjoyable tools I’ve learned so far.