Stavros' Stuff

Angry rants of programming and other things.

On API authentication

Make your API unhackable, like the Titanic

This post needs no introduction, so it doesn’t have one. If you want to write an API and need to know how to make it secure, and have the requests authenticate against a server or a client, look no further! Well, do look a bit further, because I’m going to tell you how to do all these things in this post.

Use cases

As with most other things, your API authentication method will depend on your use case. I will detail a few common ones, along with the best authentication scheme for each one:

Continue reading…

Standalone Django scripts: The definitive guide

Jeez, why is this so hard to find info on?

You know the deal, you have your fantastic Django application and it’s working great and everything, but you need to make a small change which is too cumbersome to do in the shell, so you figure “duh, I’ll just write a script to do it”. You write your external script in two minutes and then struggle for two hours to figure out how to load the models and the rest of the context so it will work with your app’s settings and all your Django goodness.

You visit StackOverflow and a bunch more sites, and they either tell you to use a management command, which is great advice, except your thing is a one-off and you don’t want to have to check it to git and go through all that hassle to get it deployed just to do this simple thing, or they give you some arcane lines that just don’t work.

Fear not, for I am here. I will give you five simple lines that will make everything work perfectly. Perfectly, I say!

Without further ado (all the previous ado was just so I could fill the paragraph so the side-box doesn’t look weird with short text), I give you the magic commands! Here they are:

Continue reading…

I took a picture: Hope

I took a picture: Hope

Hello! I took another photo! This time it’s rather dark, it’s a forest, at night, with an eerie light coming at the end of the path, through the fog. It has taught me three things:

  1. You don’t need many sophisticated adjustments to achieve most of the effects you will want to achieve. A few simple adjustments here and there can go a long way.
  2. I used to think that, when people said “I wanted to convey this specific feeling”, or “I wanted to achieve this objective with this piece”, it was bullshit. I see now that, oftentimes, you have a specific idea in mind and work towards it, as I did with this photo for the first time, for me.
  3. I shouldn’t dismiss mobile phones so easily. I didn’t have a camera with me at the time, and it was either “take the photo with the phone” or “don’t take it at all”, and I went with the former. It’s probably my favorite photo of mine so far, so you definitely won’t hear me dissing mobiles again. They can be very useful under specific circumstances (mostly when there’s a lot of light and you won’t need a large print).

In this post, I am going to show you the process from the initial, unedited copy, all the way to the final edit. Here’s the latter:

Let’s dive into the actual process, to see how it was created.

Continue reading…

Gweet: Messaging for your things

A message queue for the abhorrently named “Internet of Things”

As you may recall, I have hooked up various parts of my house to a computer so I can control them remotely. To do that, I have an HTTP server for which I open a port, and everything runs on this server, but what if I need to add another device? What if I need to have multiple devices listening for a command?

Having to open a port for each and every one of them, exposing them to the internet and configuring all this is a huge hassle, a security problem and very brittle. Wouldn’t it be much better if there were a centralized message queue where I could post messages and have an arbitrary number of devices read them?

It turns out, the excellent folks at

Continue reading…

I took a picture: Lethe & Seals

I took a picture: Lethe

WARNING: This post has nothing for anyone, it’s just me ranting about photography. Turn back now, you have been warned.

Apparently, photography is now a thing I like. It is also a thing I like a lot, so I have been doing it a lot. I’m not very good at it, but I’m blessed with not caring much about how good I am at a thing I like doing, which is apparently how you get good at things. I decided to write about photography-related things, even though I’m wildly unqualified, because I like having a sort of progression log.

A few days ago, I stumbled upon the ethereal photography of Darren Moore, and immediately fell in love. The outworldly appearance of his photographs

Continue reading…

iRotary - Part Three

Phone slam 3: The slammening

In part two of project iRotary, we actually got the phone to make calls, but we couldn’t talk or hear the other person. In this part, I promised you some hardcore microphone-to-headset action, and that’s exactly what I won’t deliver!

Instead, what I did was to procure the gorgeous phone you saw in the previous posts. That’s right! All this series so far has been a ruse! I didn’t have that phone to start with, I didn’t have it at all!

However, I do have it now, and I managed to enclose the Arduino in the actual phone. Let’s see how that happened.

Continue reading…

iRotary - Part Two

Working towards a phone I can slam

In part one of project iRotary, we got the Arduino to detect pulses from a rotary dial and turn them into a phone number, all in the name of turning this phone:

into a mobile phone I can use on the go. In part two, we will actually connect the Arduino to a GSM shield and place calls with the rotary dial like it’s 1993. I have seen the future, and it is the past. Read on for details!

Continue reading…

iRotary - Part One

Finally, a phone I can slam again!

Lately, my mobile phone (an HTC One) has become very slow. I think it’s mainly SwiftKey, which is slow like dog, but no matter. As a good consumerist, I must purchase a new phone. However, I am also an angry person, and I sorely miss the tactile sensation of slamming the phone on someone’s face.

Because of this, I decided to put my engineering degree to good use, and went out and bought a phone. Thus begins project iRotary, which aims to turn this:

Continue reading…

Netflix for the rest of us

OMG Netflix in Greece!

If you’re nothing like me, you watch a lot of shows and movies, which means you must have heard of the wonder that is Netflix. Tens of movies and shows, all ready to stream in high definition at a moment’s notice for a very cheap monthly fee, what’s not to love? Well, apart from the MPAA not letting them have a larger selection, and the MPAA not letting them work outside the US, not much!

There’s a bunch of services like Netflix that don’t work outside the US, which is an affront to my human rights and sense of entitlement, so I took it upon myself to make watching Netflix and listening to Pandora just a bit easier. To this end, I created a

Continue reading…

Calling single-argument methods in Django templates

No longer are your methods confined to bare calls!

One of my pet peeves when it comes to Django is that you can’t call methods that require arguments in templates. While this is fine most of the time, it does mean that you need to have one property or method per call you want to make, which sometimes gets very cumbersome.

I needed a way to define various dynamic permissions that are calculated at runtime (for irrelevant reasons, Django’s permissions framework wasn’t a good fit), and writing properties like can_register, can_add_tags, can_subscribe got tedious. These tended to be defined all over the place, rather than in one central spot, and it was hard to add more checks without cluttering the classes.

I would much prefer to have a single method (let’s call it can()) that accepted a string with the permission I wanted to check, and return True or False, depending. This is easy to do in the views, but templates would never be able to call it with an argument.

However, since Django can do dictionary-style attribute lookups, I could add a dictionary interface over the method, and allow

Continue reading…