Stavros' Stuff

Angry rants of programming and other things.

Winning at Candy Crush

The Candy Crush Saga saga

I find Flash games on Facebook great fun. Not playing them, of course, that’s boring. As you may remember from my previous post, “winning at Puzzle Adventures“, I like to take a look into their guts and figure out how they work, and whether or not I can get insane scores with no effort.

When I discovered Candy Crush Saga, I was intrigued. All my friends appeared mad about this game, sending me so many requests for candy that their dentist would surely commit harakiri. I started playing a bit, and it wasn’t long until I had to stop playing, since the game only allows you a set number of lives per hour in an attempt to either extract money from you or coax you into spamming your friends with requests for the game, to increase its popularity.

Cheating at online games

This, however, wouldn’t do, so I fired up the Swiss army knife of web debugging, Charles Proxy (it’s a fantastic tool for this job). I started looking at the requests the game was making to the server, and saw one that looked promising:

Continue reading…

Writing a FUSE filesystem in Python

Turns out FUSE filesystems are ridiculously easy!

If you’re a regular reader, you might have noticed that I’ve been on a quest for the perfect backup program, and ended up writing my own encryption layer over bup.

While writing encbup, I wasn’t very satisfied with having to download the entire huge archive just to restore a file, and still wished that I could use EncFS together with rdiff-backup to have true remote-mountable, encrypted, deduplicated, versioned backups.

Trying obnam again (spoiler: it’s still pretty slow), I noticed that it included a mount command. Looking at it, I discovered fuse-python and fusepy, and realized that writing a FUSE filesystem in Python is pretty much trivial.

The astute observer will have already realized where I’m going with this: I decided to write an encrypted filesystem layer in Python! This layer would be very similar to EncFS, with a few crucial differences:

Continue reading…

Encrypted, deduplicated remote backups

Why are secure backups so hard?

Note: Be sure to check the sequel to this post, about the program that will supersede this one and be compatible with all backup utilities.

Backing things up is important, and, luckily, there are many high-quality services geared to everyday people that are very easy to use and cheap. Unfortunately, I am not everyday people, as I am very paranoid and insist that absolutely nobody be able to see my photos of my dog and lawn. It’s a matter of privacy.

To that end, I’ve long been looking for a secure/encrypted backups service, but I haven’t managed to find a single service or tool that fulfils my requirements:

  • Cheap to store data on (~$30 per year for

Continue reading…

How to pronounce "gyros" (the greek food)

Pronounce “gyros” correctly, impress your friends!

In a recent discussion on reddit, it seems that a lot people are wondering how the word “gyros” is actually pronounced. As a Greek, I feel it is my duty and responsibility to clear this right up, authoritatively demonstrating exactly how it’s done.

Here’s how a Greek (me) pronounces the word “gyros” (you might have to enable plugins or something to listen to this, it’s a SoundCloud recording):

Continue reading…

DIY internet-enabled bathroom scale

Wherein my weight is broadcast live to the good people of the internet.

A few days ago, I looked under the couch and found my dusty, disused Wii Balance Board. I bought it years ago, when I was a bit chubbier and thought Wii Fit might help me lose some weight and become fitter. It worked very very well, although I think it was mostly because I didn’t want to eat junk any more, as that would mean that the mind-numbingly boring hour of exercise I just did would be for naught.

For those of you who don’t know what a Wii Balance Board is, it’s the bastard offspring of a bathroom scale and a step pad. It connects to the Wii via Bluetooth, and it can weigh you and also tell which way you are leaning.

Seeing the board, I thought it would be fun to connect it to the computer and try to read the weight values from a script. I started by trying to pair it with the computer, and

Continue reading…

Authentication and rate limiting

Bank websites: Intelligently designed, or randomly evolved?

Yesterday, I tried to log in to my bank’s website for the first time in a few months. I couldn’t remember my password, because I change them frequently, so I tried a password, then another, and then another, which is, I hope, what most reasonable people do when they forget their password.

To my great dismay, after the third attempt, I got a message saying “Your account has been locked. Please call the bank to unlock it”. Given that this is my company bank, which is in the UK, and I am in Greece, this is extremely inconvenient. I now hate my bank (more than before).

Here are a few tips, if you are developing any sort of application that has authentication/logins, although I feel I will be preaching to the choir:

Continue reading…

Pacific Rim

Giant robots fighting giant lizards: Fact or fiction?

So I just came back from the cinema, where I watched Pacific Rim. If you haven’t seen it, this post won’t really be very useful to you. If you have seen it, though, then this post will be totally useless to you.

First of all, I have to say that, as a movie about huge robots fighting dinosaurs (which is pretty much exactly what I expected going in), the movie delivers. There are many huge robots, and many dinosaurs, and quite a bit of…

Continue reading…

Writing an nginx authentication module in Lua

Spoiler: The nginx Lua module is pretty great.

In the last two days, I’ve had to solve a rather interesting problem. I have an nginx instance proxying various servers, and I need to be able to add an authentication layer that will authenticate people with an external source (such as a web app) and allow them to pass through the proxy if they have an account on the authentication source (the web app, in this example).

Exploring the requirements

I considered various solutions for this, and I will list a few alternatives:

  • A simple Python/Flask module that would do the actual proxying and authentication.
  • An nginx module that would authenticate using subrequests (nginx can now do that).
  • Using nginx’s Lua module to write some authentication code.

Continue reading…

Django's per-site caching doesn't work

Surprise! Your cache doesn’t.

A few days ago, I wrote a post about a peculiar piece of code that a friend of mine had sent me. Since it was interesting bit of code, I thought Hacker News would enjoy it, so I posted it there. To my great pleasure, the post shot up to the first place in a few minutes and continued there for a full day, bringing just over 50,000 visitors to this blog, in total.

I was very happy that people were liking and discussing this post (and the discussion was very interesting in its own right), but I noticed that AppEngine, where this blog is hosted, was struggling to serve it. I had to create new instances because the average latency was about ten seconds(!), even though this blog is pretty much only text and static media, and I use Django’s per-site cache to cache every single page.

Continue reading…