For those of us who live mostly off the grid, with inconsistent WiFi through hosts that flake out frequently, Apple's AppStore download protocol is absolutely infuriating. It's the most brittle damn protocol I've ever seen.
When there's any disruption, it simply discards the data it has and starts again.
How stupid. How blatantly and infuriatingly stupid.
If I pause a download, it will resume. If it breaks, it will not resume. WTF?
For some things, I can use BitTorrent, which tolerates noisy links. But for proper AppStore Apps, their protocol is the pits.
Anyone know anyone at Apple who's able to work on a solution to this?
Tuesday, December 17, 2013
Thursday, December 12, 2013
Secure Salted Password Hashing
An excellent exposition of secure salted password hashing.
https://crackstation.net/hashing-security.htm
This was really quite nice. It didn't have a Python version, but the clarity of the exposition makes the Python easy to write.
A few months back, I had this mystery conversation: http://slott-softwarearchitect.blogspot.com/2012/08/password-encryption-short-answer-dont.html.
While this is not going to produce identical results to the code shown in the blog post, it seems to fit the requirements.
It may be helpful to use __slots__ with this to reduce the storage and make the object less mutable.
Perhaps I didn't google well enough to find a clear explanation that also included Python code samples.
https://crackstation.net/hashing-security.htm
This was really quite nice. It didn't have a Python version, but the clarity of the exposition makes the Python easy to write.
A few months back, I had this mystery conversation: http://slott-softwarearchitect.blogspot.com/2012/08/password-encryption-short-answer-dont.html.
While this is not going to produce identical results to the code shown in the blog post, it seems to fit the requirements.
from hashlib import sha256
import os
class Authentication:
iterations= 1000
def __init__( self, username, password ):
"""Works with bytes. Not Unicode strings."""
self.username= username
self.salt= os.urandom(24)
self.hash= self._iter_hash( self.iterations, self.salt, username, password )
@staticmethod
def _iter_hash( iterations, salt, username, password ):
seed= salt+b":"+username+b":"+password
for i in range(iterations):
seed= sha256( seed ).digest()
return seed
def __eq__( self, other ):
return self.username == other.username and self.hash == other.hash
def __hash__( self, other ):
return hash(self.hash)
def __repr__( self ):
salt_x= "".join( "{0:x}".format(b) for b in self.salt )
hash_x= "".join( "{0:x}".format(b) for b in self.hash )
return "{username} {iterations:d}:{salt}:{hash}".format(
username=self.username, iterations=self.iterations,
salt=salt_x, hash=hash_x)
def match( self, password ):
test= self._iter_hash( self.iterations, self.salt, self.username, password )
return self.hash == test # Constant Time is Best
It may be helpful to use __slots__ with this to reduce the storage and make the object less mutable.
Perhaps I didn't google well enough to find a clear explanation that also included Python code samples.
Tuesday, December 3, 2013
Python vs. R for Data Science
This: Python Displacing R As The Programming Language For Data Science.
Recently, I've had a former colleague asking questions about Data Science. See Obstinate Idiocy.
They -- weirdly -- insisted that the only language that made sense to them was Excel.
My response was a blunt "What?"
The Python vs. R post cited above clarifies that reasons why a programming language is a better choice than a "tool" or "platform".
Recently, I've had a former colleague asking questions about Data Science. See Obstinate Idiocy.
They -- weirdly -- insisted that the only language that made sense to them was Excel.
My response was a blunt "What?"
The Python vs. R post cited above clarifies that reasons why a programming language is a better choice than a "tool" or "platform".
Subscribe to:
Posts (Atom)