I’m a Staff Engineer in the crypto area at Bitvavo
. I work across teams to help shape the technical direction and architecture of crypto systems, things like blockchain infrastructure and processing, wallet management, and application security.
Outside work, I’m into self-hosting and run a homelab that has quietly taken over more of my house than I’d like to admit. I also tinker with home automation, networking, and whatever else gives me an excuse to break something and fix it again.
One thing that grew out of that is Agam Space
, a self-hosted, end-to-end encrypted file storage app I built, mostly so I could stop being the one person who technically could read my family’s files.
I write here now and then about programming, security, and homelab projects.
Agam Space: a self-hosted, end-to-end encrypted file storage
For a while now I’ve wanted to offer file storage to family and friends on my homelab, but I kept putting it off. It wasn’t about disk space or setup, it was trust. I didn’t want to be in a position where I could look at their files, even if I never would. And they’d know that too, which makes people hesitant to actually use it. So I looked around at what’s out there. Nextcloud has end-to-end encryption, but with some known gaps. Most other self-hosted options just rely on disk encryption, which protects you if someone steals the physical drive, but does nothing against a compromised server or an admin poking around. ...
How I turned my old MacBook Pro into a Home Server to run network-wide Ad Blocker
Hello there, here I am in the New year (I can still say that right?) with a new addiction, Self Hosting. I have been following the self-hosted community in Reddit for a while now, and I always wanted to have my own server to play around with, run some programs, break some stuff and perhaps some automation to make life a little better. At the start of this year, out of nowhere, I got a spark to try it out, after all, I am a developer and interested in these kinds of stuff.
Investing in the Netherlands as an Expat
Hello there, hope you’re doing good. Usually, I write on technical topics like software, programming and best practices. But this time I would like to share my personal experience with something different, something that everyone deals with every day, Money and Investments 💰. This is not the money lesson kind of thing, Am no expert in this space, just sharing my experience and findings on various investment options being in a new country. ...
Ephemeral Jobs Monitoring Using Prometheus PushGateway
As with any other long-running services, Ephemeral (or in Kubernetes term Batch or Cron) Jobs also needs to be monitored to gather critical metrics and for Altering when something goes wrong. This article describes how we can monitor these short-lived jobs by explaining What is the problem with Prometheus What is PushGateway & why it is necessary Demo using a sample application
Managing Application Secrets Like a Pro Using Google Secret Manager
At the beginning of last year, I wrote an article titled How to secure and manage secrets using Google Cloud KMS , explaining how we can use Google Cloud KMS (Key Management System) to encrypt secrets and securely use it in our applications. I mentioned it is a decent approach because of the lack of support for good secret management solutions within the Google cloud ecosystem. It is kind of, a hacky way to get the job done, because, ...
Google Cloud Run Service with gRPC using Spring Boot
Welcome to another article on Google Cloud Platform. If you are building services using GCP then you might already know the several limitations that come with it. One of them being a lack of support for gRPC in their easy to use solutions such as Google AppEngine (Standard and Flexible), Cloud Functions or in the initial days of Cloud Run. So if we need to support or have our own gRPC services then we need to use either Google Compute Engine or Google Kubernetes Engine, which is not an easy solution for several small use cases.
What Is Secure Remote Password(SRP) Protocol and How to Use It
“Password” this crazy piece of string worth a lot, get a lot of attention but yet very hard to process & hide. Even with the multi-factor approach, it is crucial to design the first step right (which is what the user knows). It becomes increasingly harder for the software systems to securely authenticate their users, process the sensitive password in a right & secure way. One of the most common approaches is, Password Hashing
Going Multi Regional in Google Cloud Platform
For a successful business, it is important to know who your customers are. Knowing your customers helps to understand your business better, build better versions of your ideas, and can make effective decisions for the successful long run. Everyone knows it right! When it comes to software infrastructure, it remains important. Knowing your customers greatly improves the performance of your application, makes it more resilient, after all, no one likes to wait for the response :) ...
End to End Restful Api Development Using Openapi Specification
Learn how OpenAPI Specification (formerly known as swagger), a language-agnostic interface to write RESTful APIs which allows both humans and computers to understand the service capabilities. With the increasing number of adoption towards service-oriented architecture and for better integrations with external systems, it became a necessity to write Restful APIs for our services. While building so we might often find several challenges such as, Standard & Consistent API design Better documentation Client Libraries Playground (better developer experience) So while writing APIs, we have to make sure it sticks to a standard design principle, update documentation (hosted elsewhere) and finally write client libraries (harder if you have to support multiple languages). Doing all of this manually is a painful job. Likely we have OpenAPI Specification (formerly known as swagger), which offers us a standard, language-agnostic interface to write RESTful APIs which allows both humans and computers to understand the service capabilities. ...
How to secure and manage secrets using Google Cloud KMS
Let’s jump right in. We all know it’s a bad idea to store application secrets within our code. So why we are storing there it still? Let’s take an example. We could store those secrets in a file and add it to the gitignore so it’s not added to version control. But there are a couple of hurdles: How do we manage those secrets? What happens when the local copy is deleted? How do we share it with other developers? How do we manage versioning of those secrets during changes and an audit log of who changed what? A lot of questions! So we end up storing it within the code, since it’s too much complexity to deal with.