Stavros' Stuff

Angry rants of programming and other things.

Introducing: String Phone

"Nothing is as secure as a string phone" –The NSA

As you can probably tell from previous posts, I’ve been pretty into hardware lately. I’ve especially been building things like home sensors and controllers, so I have a central computer reading motion, temperature, humidity, light and other values in the house and deciding whether the lights or air conditioning need to be on or off.

I also want to be able to turn these on and off from my mobile phone, from anywhere in the world. The problem with that is that I need a way to ensure that only my phone can turn things on in my house. I wouldn’t want someone to be able to turn the heating on in my house at full blast when I’m not there and waste all my electricity bill (or set fire to something).

TLS is a pretty good solution, as it ensures confidentiality between client and server, but it does nothing for verifying the client or securing communications against a malicious server. I needed something better, and I couldn’t find something readily available. So I set out to write it. Thus, string phone was born.

String phone is a

Continue reading…

Review: CodeBug

Reviewing today: The CodeBug wearable computer

So, I just received a CodeBug in the mail, graciously provided by Newark element14 for a review. This is that review.

Before I start, I should say that Newark didn’t pay me, they only sent me the devices for free and with the understanding that I would be very truthful in my review, even about things I don’t like. So, hopefully this won’t read like I’m a paid shill, and all biases are my own. Now, we can proceed to the actual thing!

I have to admit that I had never heard of the CodeBug until Newark offered to send me one, but, now that it arrived, I find myself pretty excited about it. In case you are not familiar with it (the default), the CodeBug is an embedded, wearable computer that aims to teach programming to children by being easy and fun to program. It comes with various features that help with that, which I am going to get into more detail about later on.

It started as a Kickstarter project by three guys who aimed to bring programming to everyone in a cute, wearable form factor, and it apparently succeeded in getting funded, because I am holding one right now, which proves it exists! Also, the Kickstarter page says it got funded, so that’s also an indication.

Unfortunately, I’m not great at researching things before tearing open their packages, so I’ll jump directly to the unboxing and hope everything works out for you in the end.

Continue reading…

Shufflecast - Your own TV station

Your own, personal TV station

I very recently discovered the very useful pychromecast library, and, being the owner of a Chromecast, I started wondering what I could do with it. Since there aren’t that many things a Chromecast can do (it pretty much only plays videos over the network, although there are some other things as well), I decided to make my own TV station. Thus, Shufflecast was born.

Continue reading…

Open source password management

Or: How to migrate from LastPass without fuss

As you may have heard, LogMeIn has acquired LastPass. This would normally not be very interesting news, but LogMeIn have turned out to be a bit shady, which means that I trust LastPass much less under its new owner. Also, since Persona, the solution to all authentication problems never panned out (damn you, Mozilla, damn you to hell!), I am forced to find a new password manager.

To give you a bit of history, I started out, as many of us do, using only one or two passwords for everything. This was, of course, entirely insecure, because I was giving my email and Dropbox password to every shady game site and bank out there. One day, I decided I should switch to something else, but I didn’t like carrying and synchronizing a file every time I added a password, so I opted with something with less state: SuperGenPass

Continue reading…

The microservices cargo cult

“They’re doing everything right. The form is perfect. It looks exactly the way it looked before. But it doesn’t work.”

Microservices are awesome. We know this because of all the success stories that are circulating lately. The news is full of such stories, of people taking large, monolithic codebases, breaking them up, adding HTTP APIs and enjoying all the benefits.

As with all fashionable practices, it starts out innocently enough, someone tries it, it works out very well for them, they present it in an eloquent way that outlines all the advantages of the new practice, and everyone is excited and eager to try it out. Soon, you have a deluge of articles saying how well it works, and how more people tried it with great results. What you don’t hear, though, is the cases where it didn’t work, simply because people aren’t as motivated to write about their failures.

Continue reading…

Show page generation time in Django

Ever longed for the good old PHP days? No? Good.

Earlier today, i.e. a few minutes ago, I was working on my latest guinea pig, TiThess. It’s an events guide for my city, and the latest project I’m trying everything on. I like having a project I can try new things on, as it helps keep my skills sharp.

As I was testing page load times with the excellent Web Page Test, trying to get them down to the absolute minimum, I was getting an F in time-to-first-byte. This is very odd, because the whole site is supposed to be cached, so I was wondering whether the cache is doing something wrong and slowing page generation down.

To make sure, I needed a simple way to show how long page generation took, like the old “page generated in X seconds” footer that was all the rage with PHP sites way back when. Here’s how I did it:

Continue reading…

The iRotary Saga

Wherein the rotary phone acquires electronics to connect to the mobile network and can function wholly unmolested

Welcome to part four of the iRotary trilogy! This is the part where we complete the project, along with the OFFICIAL TRAILER at the very end (spoiler alert!).

The original goal of this post was to complete the project, but I have delayed writing it for so long, that I think it would be better if I just started from the beginning, and produced one, cohesive narrative.

As you may remember from part one, I am a very angry person. Especially when talking on the phone, I get easily pissed off, and nowadays there’s no good way to express my frustration. I miss the olden days, where you had a nice physical handset you could slam into the phone to relieve your tension, but mobile phones just don’t provide the same pleasure. Undeterred, I set out to create a rotary phone that was also a mobile phone.

Thus, the iRotary was born.

Continue reading…

On API authentication

Make your API unhackable, like the Titanic

This post needs no introduction, so it doesn’t have one. If you want to write an API and need to know how to make it secure, and have the requests authenticate against a server or a client, look no further! Well, do look a bit further, because I’m going to tell you how to do all these things in this post.

Use cases

As with most other things, your API authentication method will depend on your use case. I will detail a few common ones, along with the best authentication scheme for each one:

Continue reading…

Standalone Django scripts: The definitive guide

Jeez, why is this so hard to find info on?

You know the deal, you have your fantastic Django application and it’s working great and everything, but you need to make a small change which is too cumbersome to do in the shell, so you figure “duh, I’ll just write a script to do it”. You write your external script in two minutes and then struggle for two hours to figure out how to load the models and the rest of the context so it will work with your app’s settings and all your Django goodness.

You visit StackOverflow and a bunch more sites, and they either tell you to use a management command, which is great advice, except your thing is a one-off and you don’t want to have to check it to git and go through all that hassle to get it deployed just to do this simple thing, or they give you some arcane lines that just don’t work.

Fear not, for I am here. I will give you five simple lines that will make everything work perfectly. Perfectly, I say!

Without further ado (all the previous ado was just so I could fill the paragraph so the side-box doesn’t look weird with short text), I give you the magic commands! Here they are:

Continue reading…

I took a picture: Hope

I took a picture: Hope

Hello! I took another photo! This time it’s rather dark, it’s a forest, at night, with an eerie light coming at the end of the path, through the fog. It has taught me three things:

  1. You don’t need many sophisticated adjustments to achieve most of the effects you will want to achieve. A few simple adjustments here and there can go a long way.
  2. I used to think that, when people said “I wanted to convey this specific feeling”, or “I wanted to achieve this objective with this piece”, it was bullshit. I see now that, oftentimes, you have a specific idea in mind and work towards it, as I did with this photo for the first time, for me.
  3. I shouldn’t dismiss mobile phones so easily. I didn’t have a camera with me at the time, and it was either “take the photo with the phone” or “don’t take it at all”, and I went with the former. It’s probably my favorite photo of mine so far, so you definitely won’t hear me dissing mobiles again. They can be very useful under specific circumstances (mostly when there’s a lot of light and you won’t need a large print).

In this post, I am going to show you the process from the initial, unedited copy, all the way to the final edit. Here’s the latter:

Let’s dive into the actual process, to see how it was created.

Continue reading…