Stavros' Stuff

On programming and other things.

Better password reset procedures

In the past few months, we’ve seen a series of high-profile account breaches that gave control of users’ accounts to malicious thieves. I’m sure many will remember the Matt Honan hack, where an attacker was able to gain access to the journalist’s accounts and wipe his devices by fooling Apple support into resetting his password for them.

More recently, Skype proved to be vulnerable to the same attack, which is really bad news for password resets in general, because there’s really no good way for someone to guard against this. If you haven’t specified an email address (or if you forgot the password for your email address), how can a provider authenticate you? They will have to use security questions, or information about your account, or other ways of doing it.

Security questions are usually very low entropy, much lower than the actual password, and thus they should probably be discouraged. Unfortunately, many services (including banks) use them.

Continue reading…

Monitoring your system's temperatures with Python

I have suddenly noticed that my computer’s fans have been more noisy than when I first bought it, and now it’s driving me crazy. I wondered if I could cut the fans’ power without increasing the temperatures inside the case too much, or even leave the case open. To test it, I spent five minutes writing a small script to monitor temperatures in Python, using smartmontools and lm-sensors.

This is that script:

Continue reading…

How to replace a Django model field with a property

If you use Django for your web apps, you will probably have come across a situation where you need to run some custom code on assigning a value to a model field. You’ve probably hacked around this by overriding the save() method or some other arcane hackery, but this is not only unnecessary, but it’s more complicated than it should be.

You can use a Python [property](http://docs.python.org/2/libr

Continue reading…

Proxying two connections in Go

I have recently taken an interest in the Go programming language (or golang, thanks, unsearchable name), and I thought that a fun weekend project would be to write a Postgres connection pooler that didn’t require separate authentication, and just passed through to the database the credentials it got from the client.

Mid-way through the implementation, I realized that this wouldn’t work due to the

Continue reading…

Adding a "login as user" button to the Django admin interface

Working on Instahero these past few days, doing mostly customer development, I’ve frequently needed to log in as a user and see what they see, so I could walk them through using Instahero, troubleshoot issues they were having, or better respond to feedback.

To achieve that, I had written a custom authentication backend that allowed me to log in as any user I needed. T

Continue reading…

Developing an IRC frontend in Go

I’ve recently been considering an idea for a new project, and I’ve slowly began to code it in my spare time, when I’m not developing Instahero. The basic idea is a bot that will hang out in companies’ channels, giving them useful commands, logging, and lots of other functionality.

There are various open-source solutions which one can use to do the same thing, but I think there’s also need for a hosted solution where you can just register, enter your room details and get a bot in it in one minute. As a developer, I know my life would be much easier if we had deployment commands, conversions, various searches, bug report notifications, etc available right in the channel where our team spends the day. I’m sure other developers feel that way too, so I started developing Instabot.

Continue reading…

Developing a back-scratching robot

As with all men and many cats, I derive particular pleasure from having my back scratched. When I say “particular pleasure”, I mean that I am absolutely crazy for it. I just can’t get enough of it. Unfortunately, it is very tiresome for the person doing the scratching, so I never could get anyone to last very long. Even my girlfriend’s valiant efforts have been woefully inadequate.

When I rea

Continue reading…

How to highlight code in Python

I’ve recently been looking at syntax highlighters, both for this blog and for Instahero, the new product my company is developing. I used to use a JS-based solution for the blog, but it broke with many inputs, it was fiddly to work with, didn’t parse correctly sometimes, and slowed the site down considerably. I especially disliked the fact that you had to include one JS

Continue reading…