Stavros' Stuff

Angry rants of programming and other things.

DIY internet-enabled bathroom scale

Wherein my weight is broadcast live to the good people of the internet.

A few days ago, I looked under the couch and found my dusty, disused Wii Balance Board. I bought it years ago, when I was a bit chubbier and thought Wii Fit might help me lose some weight and become fitter. It worked very very well, although I think it was mostly because I didn’t want to eat junk any more, as that would mean that the mind-numbingly boring hour of exercise I just did would be for naught.

For those of you who don’t know what a Wii Balance Board is, it’s the bastard offspring of a bathroom scale and a step pad. It connects to the Wii via Bluetooth, and it can weigh you and also tell which way you are leaning.

Seeing the board, I thought it would be fun to connect it to the computer and try to read the weight values from a script. I started by trying to pair it with the computer, and

Continue reading…

Authentication and rate limiting

Bank websites: Intelligently designed, or randomly evolved?

Yesterday, I tried to log in to my bank’s website for the first time in a few months. I couldn’t remember my password, because I change them frequently, so I tried a password, then another, and then another, which is, I hope, what most reasonable people do when they forget their password.

To my great dismay, after the third attempt, I got a message saying “Your account has been locked. Please call the bank to unlock it”. Given that this is my company bank, which is in the UK, and I am in Greece, this is extremely inconvenient. I now hate my bank (more than before).

Here are a few tips, if you are developing any sort of application that has authentication/logins, although I feel I will be preaching to the choir:

Continue reading…

Pacific Rim

Giant robots fighting giant lizards: Fact or fiction?

So I just came back from the cinema, where I watched Pacific Rim. If you haven’t seen it, this post won’t really be very useful to you. If you have seen it, though, then this post will be totally useless to you.

First of all, I have to say that, as a movie about huge robots fighting dinosaurs (which is pretty much exactly what I expected going in), the movie delivers. There are many huge robots, and many dinosaurs, and quite a bit of…

Continue reading…

Writing an nginx authentication module in Lua

Spoiler: The nginx Lua module is pretty great.

In the last two days, I’ve had to solve a rather interesting problem. I have an nginx instance proxying various servers, and I need to be able to add an authentication layer that will authenticate people with an external source (such as a web app) and allow them to pass through the proxy if they have an account on the authentication source (the web app, in this example).

Exploring the requirements

I considered various solutions for this, and I will list a few alternatives:

  • A simple Python/Flask module that would do the actual proxying and authentication.
  • An nginx module that would authenticate using subrequests (nginx can now do that).
  • Using nginx’s Lua module to write some authentication code.

Continue reading…

Django's per-site caching doesn't work

Surprise! Your cache doesn’t.

A few days ago, I wrote a post about a peculiar piece of code that a friend of mine had sent me. Since it was interesting bit of code, I thought Hacker News would enjoy it, so I posted it there. To my great pleasure, the post shot up to the first place in a few minutes and continued there for a full day, bringing just over 50,000 visitors to this blog, in total.

I was very happy that people were liking and discussing this post (and the discussion was very interesting in its own right), but I noticed that AppEngine, where this blog is hosted, was struggling to serve it. I had to create new instances because the average latency was about ten seconds(!), even though this blog is pretty much only text and static media, and I use Django’s per-site cache to cache every single page.

Continue reading…

Brilliant or insane code?

A Moste Wonderfull Tale of Optimizations and Legibility

I came upon a very interesting and cryptic snippet of code somewhere nameless, and I can’t decide if it is brilliant or completely insane. It is a very obscure way of accomplishing the required task, but it’s around four times faster than the alternatives I’ve tried, so I have to admit that it’s not completely without merit. Still, I cringe a bit at seeing it, since it packs around four unusual Python concepts in almost as many characters.

This is the snippet in question:

Continue reading…

Faster installs with pip

Today’s tip is brought to you by the color green and the number g.

If you’re an industrious Python programmer, you probably use pip and virtualenv to install your packages in an isolated location, which is great, and good job to you. However, having to install Django, pandas and ipython every time you want to experiment with something is a bit tiresome, since they’re all big files and downloading them takes a while, plus what if you’re on a data-limited connection and bla bla bla.

Here’s a very easy way to both speed up your downloads and avoid having to do them in the first place:

Continue reading…

Blogging from the filesystem

DOTA2 LogoIf you see this, run. Away.

I have recently been writing more and more (or, at least, trying to), mainly because I’ve been busying myself with a variety of interesting things and I figured that writing about them could help other people. I am fully expecting to fall back into a DOTA2 binge one of these days and completely cease all productive endeavors, but I’m enjoying it while it lasts.

One of the frustrating things about writing for this website, at least with my current setup, is the interface. I wrote this website in Python using Django because:

Continue reading…

Use two-factor authentication for Mozilla Persona on your own domain

Lately, I have been very happy to see Mozilla’s new proposed authentication system, Persona, gaining popularity. I have tried it in both my capacities as a user and a developer, and, I have to say, it leaves me eminently satisfied in both.

As a developer, it is fantastically easy to integrate. Given how much of a pain all the password change, account creation, password reset, login, etc views (with assorted HTML) were, the 3-minute integration of Persona was a godsend. Since I also don’t need to preoccupy myself with securely storing people’s passwords, Persona wins hands down.

As a user, Persona is very simple to log in. It asks you for your email address, asks you to create a new account (and verify it) if you haven’t been there before (or your password if you have), and you’re logged in. To make things better, it recently got Gmail integration, which means that, if you use Gmail, sites that support Persona effectively now have become “Log in with Gmail” sites, without Google knowing which sites you authenticate on. That’s just fantastic.

There is a bit of a blind spot for people who use their own domains for email addresses, though. If your domain isn’t a Persona identity provider (and most aren’t, by default), you have to log in through the built-in provider. While it does the job, that provider is far from full-featured, only allowing you to sign in with one address and a few aliases.

I wanted something more powerful, so I built a new tool to help manage Persona authentication for your domain. I call it Persowna, and it has a number of very useful features for advanced users or businesses:

Continue reading…