Stavros' Stuff

On programming and other things.

Seven tips for a great remote culture

Make Remote Great Again

Did you like that clickbait title? I’ve been practicing. This article doesn’t contain seven tips because I hate listicles. It’s just a recounting of my experience working remote for fifteen years now and observations on what works and what doesn’t, but it doesn’t matter, because the amazing title has piqued your interest.

For a bit of background, my first job was working in an office, as IT support for a construction company. I did that for three years, and then I got a remote job and never looked back. Personally, I enjoy the freedom that comes with being able to work from anywhere, and I’m lucky enough to be one of the people who can. Many of my friends have to be at their home office or a coworking space to get work done, but I can focus anywhere, which allows me to travel to another country for a week or two and work from there.

I’m not going to go into the pros and cons of remote working, I assume they’ve been beaten into you by the myriad of other posts, since it’s a trendy topic. Instead, I’ll assume you are interested in improving your existing remote culture and I’ll detail

Continue reading…

Revolut doesn't care about you

Do you like having money? Stop using Revolut.

UPDATE: Revolut has refunded me, I will update the post with more details soon.

MORE UPDATE: I had filed an official complaint with them, expecting it not to go anywhere, and I just received a reply to that. I don’t know if this post had anything to do with it, I’d like to believe that it didn’t and they were going to rule in my favor anyway, but who knows. They told me that ruling against me was a mistake and that they are taking measures both to not repeat the mistake and to improve the UI with my suggestions. They also offered me one year of premium as a gesture of good will.

Unfortunately, I don’t think I will keep using them, because it has been an extremely stressful four days. The timing was doubly unfortunate because it fell on my birthday, and stressing over theft is not how I wanted to spend the day. I would like to hope that they will improve and that my experience doesn’t befall anyone else, because they’re very convenient otherwise.

Thank you all for your support and comments, I have certainly learnt a lot during this process.

ORIGINAL POST:

So I’m extremely careful about my financial security, yet I just had over a thousand Euros stolen and Revolut is siding with the thief.

In case you don’t know, Revolut is one of a new generation of banks that are app-only: You open an account with them by downloading the app to your phone and ordering a card from that, they have no physical branches. I’ve been using them since 2016, and I referred many of my friends to use them as well.

I also use them as my main debit card, because I (mistakenly) thought that the immediate notifications and safety limits would keep me safer in case of fraudulent transactions. Instead, they made me less safe. Here’s how:

Continue reading…

Towards a more collaborative OSS model

No more abandoned OSS projects

A few days ago I started (and finished) working on my latest hardware project, which I call “Home”. If you’ve ever worked with MicroPython, which this project uses, you may have come across mpfshell, an extremely useful utility which makes managing the program on the microcontroller very easy.

I use mpfshell for my projects, and I wanted to upload compiled scripts to the microcontroller, but mpfshell did not do this natively. “No matter”, I thought, I will just write the feature and issue a pull request to the original developer, who can then incorporate it into the main program. I went to GitHub to see if something similar was already under way, but I saw the project in a semi-abandoned state, with issues and pull requests piling up and receiving no response.

This prompted me to think about a pervasive problem in open source, which I want to discuss here and offer a solution

Continue reading…

Securing your users' authentication

Please follow this advice

A few days ago, I saw an article about someone’s Playstation Network account getting stolen. The problem wasn’t so much that the account got stolen, as this apparently happens more often than not, but that Sony has created a system so convoluted that it’s possible for the thief to keep your account, without you having any recourse, not even after you prove your name, purchases, and anything else about the account.

Having worked in web security for years, I know how hard it is to get authentication right, especially when users will find ingenious ways to defeat your system, such as storing their “do not store these codes on your phone” two-factor authentication (2FA) codes on the phone and then throwing the phone in the ocean. Another user surprised me when, instead of properly setting up their authenticator app, they brilliantly used one of the ten backup codes to finish their 2FA setup (and didn’t even store the rest), thus locking themselves out of their account immediately. I fixed that bug immediately and found new respect for the bug-finding abilities of users.

Those (and many more) occurrences have made it painfully obvious to me that securing an authentication system is very hard UX, and, since the user is always right, we need to find ways to make systems that are both secure and easy to use. While working for my previous employer, an encrypted communications company called Silent Circle, we had to find ways to solve this problem, and we arrived at something I believe provides a very good balance between security and usability. I will explain how this system works, and urge you to implement something similar for your authentication, especially if it’s protecting high-value accounts like Playstation Network’s.

Continue reading…

How to easily configure WireGuard

WireGuard is pretty great!

You might have noticed the buzz around WireGuard lately. WireGuard is a very simple VPN that uses state-of-the-art cryptography, and the buzz comes from both the fact that it’s simple and good at what it does, and the fact that it’s so good that it’s going to be included in the Linux kernel by default. Linus Torvalds himself said that he loves it, which took the software world by storm, as we weren’t aware that Linus was capable of love or any emotion other than perkele.

The only problem I’ve found with WireGuard is a lack of documentation, or rather a lack of documentation where you expect it. The quickstart guide, the first thing I look at, mentions a configuration file that it never tells you how to write, and it also assumes you’re more familiar with networking than I am.

Since the initial conditions at the creation of the universe set things up so WireGuard would eventually be underdocumented, I am going against Creation itself and showing you how to easily configure and run it. Let’s

Continue reading…

Kubernetes 101

It's simpler than I thought

A few weeks ago, my task at work was an interesting one: To deploy a Kubernetes cluster and write the associated tooling so that developers can deploy the code in the branches they’re working on to it, so they can test their changes.

Until that point, I’ve been wanting to learn Kubernetes because it sounded interesting (even though the name is rather problematic when you’re Greek), but I never had an opportunity because I don’t have anything that needs to be on a cluster. So, I jumped at the chance, and started reading up on it, but all the materials (including the official tutorial) seemed too verbose and poorly-structured, so I was a bit dejected.

By the way, since you asked, the name is problematic because it's a Greek word, so it's awkward when you're talking to other Greeks about it. If you pronounce it like in English, you sound a bit pretentious, and if you pronounce it like in Greek, people don't understand what you mean, since that's not strictly the name of the software. Greek world problems.

Anyway, after a few days of research, things finally just clicked and I was deploying machines left and right with wild abandon, quickly racking up thousands in AWS bills, like any self-respecting backend developer in 2018. Since my resume now said “Kubernetes expert”, a thought immediately occurred: “Why not take my vast, unending knowledge of this system that I have collected over hours of research and make it more accessible for people?” Since I couldn’t convince myself I shouldn’t write another rambling article, I quickly got to it.

This is

Continue reading…

A short 3D printer primer

Everything you ever wanted to know about buying a 3D printer

Today, it got into my friend Harry’s head that he wants to buy a 3D printer. Normally, I would applaud the decision, so I did. I’ve bought lots of expensive crap I ended up regretting (damn you, quadcopters and photography), but the 3D printer wasn’t one of them. Sure, I don’t use it every day, but it’s amazing to be able to design small things for around the house or parts for hobby projects and seeing them turned into objects in a few minutes.

Since Harry has many questions, as I did when I was his age, I figured I’d answer them all in an article so more people can benefit from them. If you have questions that aren’t covered here, please tweet or toot them to me, and I might add them. Let’s start!

Continue reading…

On increasing productivity

You too can be more productive with this ONE WEIRD TRICK

Sometimes, when I show people another crazy side-project of mine, they ask me how I manage to be so productive. I never have a good answer to give them, because I don’t really consider myself very productive (unless you count my 2,000 hours of sucking at DotA2 as creative output), but they are invariably unsatisfied with that answer.

I saw another post about productivity on Hacker News today, and it made me finally express something I’ve been feeling for a while but had never managed (or taken the time to) put into words. It wasn’t so much the post itself (I didn’t read it), but the fact that I saw it, and that it exists. It made me realize my stance on productivity, and today I’ll share it with you, right in this article.

Continue reading…

Startup Mistakes: Choice of Datastore

Spoiler: Don't use MongoDB.

A great advantage of having a large network of technical friends is that they ask you for advice on things, which I love giving. One great disadvantage of people is that they rarely take my advice without justification, even though I think everybody should know better by now. A discussion I frequently have with friends (and which they don’t just blindly take my advice on), is their choice of datastore, which invariably goes something like this:

- Trust me, don’t use MongoDB.
- Why, what’s wrong with it?
- Look, how many times have I given you some advice, you didn’t listen, and later on it turned out I was right?
- Ah, so you’re saying I should use Cassandra.

So, since I keep having to justify my opinion (can you believe that? Just ridiculous.), I figured I’d do it once, in this post, and then I can just point people here when they’re about to do something dumb. If I linked you to this article, this means you.

EDIT: Apparently the self-deprecating sarcasm above wasn’t really very obvious, and it comes off as arrogant, but my intention was for it to be satire (cleary opinions should be justified, even mine). Also, the Cassandra joke was a reference to this lady. Like an ancient Greek proverb says, “the best joke is one you have to explain on your blog”.

Datastores are important

The datastore is often the most important part of

Continue reading…