Stavros' Stuff

UPDATE: Revolut has refunded me, I will update the post with more details soon.

MORE UPDATE: I had filed an official complaint with them, expecting it not to go anywhere, and I just received a reply to that. I don’t know if this post had anything to do with it, I’d like to believe that it didn’t and they were going to rule in my favor anyway, but who knows. They told me that ruling against me was a mistake and that they are taking measures both to not repeat the mistake and to improve the UI with my suggestions. They also offered me one year of premium as a gesture of good will.

Unfortunately, I don’t think I will keep using them, because it has been an extremely stressful four days. The timing was doubly unfortunate because it fell on my birthday, and stressing over theft is not how I wanted to spend the day. I would like to hope that they will improve and that my experience doesn’t befall anyone else, because they’re very convenient otherwise.

Thank you all for your support and comments, I have certainly learnt a lot during this process.

ORIGINAL POST:

So I’m extremely careful about my financial security, yet I just had over a thousand Euros stolen and Revolut is siding with the thief.

In case you don’t know, Revolut is one of a new generation of banks that are app-only: You open an account with them by downloading the app to your phone and ordering a card from that, they have no physical branches. I’ve been using them since 2016, and I referred many of my friends to use them as well.

I also use them as my main debit card, because I (mistakenly) thought that the immediate notifications and safety limits would keep me safer in case of fraudulent transactions. Instead, they made me less safe. Here’s how:

Continue reading…

A few days ago I started (and finished) working on my latest hardware project, which I call “Home”. If you’ve ever worked with MicroPython, which this project uses, you may have come across mpfshell, an extremely useful utility which makes managing the program on the microcontroller very easy.

I use mpfshell for my projects, and I wanted to upload compiled scripts to the microcontroller, but mpfshell did not do this natively. “No matter”, I thought, I will just write the feature and issue a pull request to the original developer, who can then incorporate it into the main program. I went to GitHub to see if something similar was already under way, but I saw the project in a semi-abandoned state, with issues and pull requests piling up and receiving no response.

This prompted me to think about a pervasive problem in open source, which I want to discuss here and offer a solution

Continue reading…

A few days ago, I saw an article about someone’s Playstation Network account getting stolen. The problem wasn’t so much that the account got stolen, as this apparently happens more often than not, but that Sony has created a system so convoluted that it’s possible for the thief to keep your account, without you having any recourse, not even after you prove your name, purchases, and anything else about the account.

Having worked in web security for years, I know how hard it is to get authentication right, especially when users will find ingenious ways to defeat your system, such as storing their “do not store these codes on your phone” two-factor authentication (2FA) codes on the phone and then throwing the phone in the ocean. Another user surprised me when, instead of properly setting up their authenticator app, they brilliantly used one of the ten backup codes to finish their 2FA setup (and didn’t even store the rest), thus locking themselves out of their account immediately. I fixed that bug immediately and found new respect for the bug-finding abilities of users.

Those (and many more) occurrences have made it painfully obvious to me that securing an authentication system is very hard UX, and, since the user is always right, we need to find ways to make systems that are both secure and easy to use. While working for my previous employer, an encrypted communications company called Silent Circle, we had to find ways to solve this problem, and we arrived at something I believe provides a very good balance between security and usability. I will explain how this system works, and urge you to implement something similar for your authentication, especially if it’s protecting high-value accounts like Playstation Network’s.

Continue reading…

I made some changes to my quadcopter the other day for a new photography project I’m working on. Unfortunately, it turned out that it wasn’t good enough, and that I’d have to tune my PID loop, which I knew

Continue reading…

You might have noticed the buzz around WireGuard lately. WireGuard is a very simple VPN that uses state-of-the-art cryptography, and the buzz comes from both the fact that it’s simple and good at what it does, and the fact that it’s so good that it’s going to be included in the Linux kernel by default. Linus Torvalds himself said that he loves it, which took the software world by storm, as we weren’t aware that Linus was capable of love or any emotion other than perkele.

The only problem I’ve found with WireGuard is a lack of documentation, or rather a lack of documentation where you expect it. The quickstart guide, the first thing I look at, mentions a configuration file that it never tells you how to write, and it also assumes you’re more familiar with networking than I am.

Since the initial conditions at the creation of the universe set things up so WireGuard would eventually be underdocumented, I am going against Creation itself and showing you how to easily configure and run it. Let’s

Continue reading…

A few weeks ago, my task at work was an interesting one: To deploy a Kubernetes cluster and write the associated tooling so that developers can deploy the code in the branches they’re working on to it, so they can test their changes.

Until that point, I’ve been wanting to learn Kubernetes because it sounded interesting (even though the name is rather problematic when you’re Greek), but I never had an opportunity because I don’t have anything that needs to be on a cluster. So, I jumped at the chance, and started reading up on it, but all the materials (including the official tutorial) seemed too verbose and poorly-structured, so I was a bit dejected.

Anyway, after a few days of research, things finally just clicked and I was deploying machines left and right with wild abandon, quickly racking up thousands in AWS bills, like any self-respecting backend developer in 2018. Since my resume now said “Kubernetes expert”, a thought immediately occurred: “Why not take my vast, unending knowledge of this system that I have collected over hours of research and make it more accessible for people?” Since I couldn’t convince myself I shouldn’t write another rambling article, I quickly got to it.

This is

Continue reading…

Today, it got into my friend Harry’s head that he wants to buy a 3D printer. Normally, I would applaud the decision, so I did. I’ve bought lots of expensive crap I ended up regretting (damn you, quadcopters and photography), but the 3D printer wasn’t one of them. Sure, I don’t use it every day, but it’s amazing to be able to design small things for around the house or parts for hobby projects and seeing them turned into objects in a few minutes.

Since Harry has many questions, as I did when I was his age, I figured I’d answer them all in an article so more people can benefit from them. If you have questions that aren’t covered here, please tweet or toot them to me, and I might add them. Let’s start!

Continue reading…

Sometimes, when I show people another crazy side-project of mine, they ask me how I manage to be so productive. I never have a good answer to give them, because I don’t really consider myself very productive (unless you count my 2,000 hours of sucking at DotA2 as creative output), but they are invariably unsatisfied with that answer.

I saw another post about productivity on Hacker News today, and it made me finally express something I’ve been feeling for a while but had never managed (or taken the time to) put into words. It wasn’t so much the post itself (I didn’t read it), but the fact that I saw it, and that it exists. It made me realize my stance on productivity, and today I’ll share it with you, right in this article.

Continue reading…

A great advantage of having a large network of technical friends is that they ask you for advice on things, which I love giving. One great disadvantage of people is that they rarely take my advice without justification, even though I think everybody should know better by now. A discussion I frequently have with friends (and which they don’t just blindly take my advice on), is their choice of datastore, which invariably goes something like this:

- Trust me, don’t use MongoDB.
- Why, what’s wrong with it?
- Look, how many times have I given you some advice, you didn’t listen, and later on it turned out I was right?
- Ah, so you’re saying I should use Cassandra.

So, since I keep having to justify my opinion (can you believe that? Just ridiculous.), I figured I’d do it once, in this post, and then I can just point people here when they’re about to do something dumb. If I linked you to this article, this means you.

EDIT: Apparently the self-deprecating sarcasm above wasn’t really very obvious, and it comes off as arrogant, but my intention was for it to be satire (cleary opinions should be justified, even mine). Also, the Cassandra joke was a reference to this lady. Like an ancient Greek proverb says, “the best joke is one you have to explain on your blog”.

Datastores are important

The datastore is often the most important part of

Continue reading…

Ever since I was a wide-eyed little boy, I would look up at the stars and wonder in wonder: “What if I could lease my very own, beefy, dedicated Hetzner server and have an easy way to deploy all my projects onto that?” But lo, my dreams were dashed because Docker wouldn’t be invented for another twenty years, and Hetzner did not accept Mastercard at the time.

Decades later, with Docker finally invented and Hetzner accepting all major credit cards, my dream lay all but forgotten, because Docker could not do zero-downtime deploys natively and I hated it. That was how things remained, until my friend Theodore told me that he tried Dokku and that it worked very well.

I had heard of Dokku (and Fig, Deis, Flynn, Kubernetes, etc etc), but I never paid too much attention, as these PaaSaaSes struck me as too webcale for my simple projects. All I wanted was a way to skip through all the boilerplate configuration of deploying a Django app, and Ansible wasn’t cutting it, as it was still too much plumbing.

Since Theodore tried it and said it was apparently pretty easy to deploy with, though, I figured I’d give it a shot and see. It helped that Dokku was explicitly designed to be light and self-contained, whereas Kubernetes is for much larger deployments, so Dokku fit my use case exactly.

Trying Dokku out

To try Dokku out, I needed a project. Luckily,

Continue reading…