Tuesday, December 17, 2013

Apple's Feckless Download Protocol

For those of us who live mostly off the grid, with inconsistent WiFi through hosts that flake out frequently, Apple's AppStore download protocol is absolutely infuriating. It's the most brittle damn protocol I've ever seen.

When there's any disruption, it simply discards the data it has and starts again.

How stupid. How blatantly and infuriatingly stupid.

If I pause a download, it will resume. If it breaks, it will not resume. WTF?

For some things, I can use BitTorrent, which tolerates noisy links. But for proper AppStore Apps, their protocol is the pits.

Anyone know anyone at Apple who's able to work on a solution to this?

Thursday, December 12, 2013

Secure Salted Password Hashing

An excellent exposition of secure salted password hashing.

https://crackstation.net/hashing-security.htm

This was really quite nice. It didn't have a Python version, but the clarity of the exposition makes the Python easy to write.

A few months back, I had this mystery conversation: http://slott-softwarearchitect.blogspot.com/2012/08/password-encryption-short-answer-dont.html.

While this is not going to produce identical results to the code shown in the blog post, it seems to fit the requirements.

from hashlib import sha256
import os
class Authentication:
    iterations= 1000
    def __init__( self, username, password ):
        """Works with bytes. Not Unicode strings."""
        self.username= username
        self.salt= os.urandom(24)
        self.hash= self._iter_hash( self.iterations, self.salt, username, password )
    @staticmethod
    def _iter_hash( iterations, salt, username, password ):
        seed= salt+b":"+username+b":"+password
        for i in range(iterations):
            seed= sha256( seed ).digest()
        return seed
    def __eq__( self, other ):
        return self.username == other.username and self.hash == other.hash
    def __hash__( self, other ):
        return hash(self.hash)
    def __repr__( self ):
        salt_x= "".join( "{0:x}".format(b) for b in self.salt )
        hash_x= "".join( "{0:x}".format(b) for b in self.hash )
        return "{username} {iterations:d}:{salt}:{hash}".format(
            username=self.username, iterations=self.iterations,
            salt=salt_x, hash=hash_x)
    def match( self, password ):
        test= self._iter_hash( self.iterations, self.salt, self.username, password )
        return self.hash == test # Constant Time is Best


It may be helpful to use __slots__ with this to reduce the storage and make the object less mutable.

Perhaps I didn't google well enough to find a clear explanation that also included Python code samples.

Tuesday, December 3, 2013

Python vs. R for Data Science

This: Python Displacing R As The Programming Language For Data Science.

Recently, I've had a former colleague asking questions about Data Science. See Obstinate Idiocy.

They -- weirdly -- insisted that the only language that made sense to them was Excel.

My response was a blunt "What?"

The Python vs. R post cited above clarifies that reasons why a programming language is a better choice than a "tool" or "platform".