Programming Leftovers

posted by Roy Schestowitz on Apr 28, 2023

• 2023-04-27 los alamos - compound to county pt I

  This weekend, I found myself staying in Los Alamos for a volunteer role in which I judge children on the quality of their software. Clearly this is not the kind of opportunity I would turn down, but I also always take an excuse to drive back up the hill. I only lived in Los Alamos briefly, but it left a big impression. It's a unique place in many ways, born of a rather unusual history.

  The role that Los Alamos as a place, Project Y and the Los Alamos Scientific Laboratory as an institution, and more broadly the Manhattan Engineering Works played in World War II is widely documented. The Manhattan Project-era history of Los Alamos is actually surprisingly uninteresting to me, because few physical remnants of it exist in publicly accessible areas. There has been a concerted effort to offer more frequent public tours of places like Omega Canyon as part of the Manhattan Project National Historic Park, but the reality of DoE security requirements and complete paralysis of DoE outreach efforts during COVID mean that these have not made much forward progress.

  Unfortunately, LANL remains littered with historic buildings---demarcated by a brown sign bearing an "H" placed by the laboratory historian---that no one other than employees will ever see. And employees don't tend to make much note, because when you work in the institution it seems rather unremarkable. The nuclear weapons program poses a fascinating historiographical puzzle that way, and I sometimes lament that the laser-focus of most nuclear history on the pre-1945 period leaves even many nuclear history enthusiasts oddly unaware of the evolution of DoE facilities in even the 1950s. While unfortunate, this blindness to the Cold War era is quite practical: once the arms race kicks in, the proportion of historical record that remains classified shoots steeply upwards.

• Scott Moser: Today I learned: set -e sucks even more.

  Today I learned: set -e sucks even more.

  Summary: Just don’t use set -e.

  I’ve never been a fan “errexit” in shell. You’ve probably seen this as set -e, or set -o errexit or sh -e.

  People write lists of shell commands in a file and want the script to exit on the first one that fails rather than barreling on and causing damage. That seems sane.

• Stéphane Cerveau: ESExtractor: how to integrate a dependency-free library to the Khronos CTS

  ESExtractor, how to integrate a dependency-free library to the Khronos CTS

  Since the Vulkan CTS is now able to test and check Vulkan Video support including video decoding, it was necessary to define the kind of media container to be used inside the test cases and the library to extract the necessary encoded data.

  In a first attempt, the FFMpeg media toolkit had been chosen to extract the video packets from the A/V ISO base media format chosen as a container reference. This library was provided as a binary package and loaded dynamically at each test run.

  As Vulkan video aims to test only video contents, it was not necessary to choose a complex media container, so first all the videos were converted to the elementary stream format for H264 and H265 contents. This is a very elementary format based on MPEG start codes and NAL unit identification.

• Why is OAuth still hard in 2023?

  We implemented OAuth for the 50 most popular APIs, such as Google (Gmail, Calendar, Sheets etc.), HubSpot, Shopify, Salesforce, Stripe, Jira, Slack, Microsoft (Azure, Outlook, OneDrive), LinkedIn, Facebook and other OAuth APIs.‍

  Our conclusion: The real-world OAuth experience is comparable to JavaScript browser APIs in 2008. There’s a general consensus on how things should be done, but in reality every API has its own interpretation of the standard, implementation quirks, and nonstandard behaviors and extensions. The result: footguns behind every corner.

  If it weren’t so annoying, it would be quite funny. Let’s dive in!

• A Security Device Threat Model: The Substitution Attack

  I’d like to describe and discuss a threat model for computational devices. This is generic but we will narrow it down to security-related devices. For example, portable hardware dongles used for OpenPGP/OpenSSH keys, FIDO/U2F, OATH HOTP/TOTP, PIV, payment cards, wallets etc and more permanently attached devices like a Hardware Security Module (HSM), a TPM-chip, or the hybrid variant of a mostly permanently-inserted but removable hardware security dongles.

  Our context is cryptographic hardware engineering, and the purpose of the threat model is to serve as as a thought experiment for how to build and design security devices that offer better protection. The threat model is related to the Evil maid attack.

Python

• Python List to Comma Separated String

  To convert a Python list to a comma-separated string, apply “join()” method, “join()” with “List Comprehension” approach, “for” loop, or the “StringIO” module.

• Python Math Exp

  In Python, the "math.exp()" function of the "math" module is used to calculate the exponent power of numeric values such as “int” and “float”.

• Python os.path.expanduser() Method

  The “os.path.expanduser()” method allows us to easily expand paths that start with “~” or “~user” to the appropriate home directory path.

• Python StringIO

  In Python, the “StringIO” module is used to manipulate strings as if they were files. This module provides various methods to perform specific tasks in Python.

• Seaborn Save Plot

  The matplotlib “plt.savefig()” function can be applied to save seaborn plots in various formats, including “png”, “jpg”, or “pdf”.

• Seaborn Horizontal Bar Plot

  To create, and customize the horizontal bar plot the “seaborn.barplot()” function of the “seaborn” library is used with various parameters in Python.

• Python Write String to File

  To write a string to file various methods such as the “write()” method, “with” statement, and “fileinput” module are used in Python.

• How Do I Convert an Exception to a String in Python

  To convert an exception to a string the “str()” function, “traceback.format_exc()” function, and “repr()” function is used in Python.

• How to Unzip Files in Python

  The “zipfile” module and the “shutil” module are used to unzip single or multiple files from the specified zip file in Python.

• Python Count Characters in String

  To count characters in a string in Python, apply the “len()” function, “Counter” class from the collections module, “dictionary comprehension”, etc.

• Python Count Occurrences in List

  To count the occurrences in a list in Python, apply the “count()” method, “Counter” class, “operator” module, “List Comprehension” approach, or the “for” loop.

• Matplotlib Bold Text

  The “fontweight” and “weight” parameters are used to bold a text in Matplotlib. It is used to emphasize key information and enhance visualizations.

• Convert String to Set Python

  To convert the given string to a set, various methods such as “set()” function, “add()” method, or the “set comprehension” can be used in Python.

• How to Use Xrange in Python

  The xrange() function in Python 2.x or range() function in Python 3.x is used for efficient iteration over a range of values.

• Python Finds the Index of All Occurrences in a List

  The “for” loop, “enumerate()” function, “index()” method, or the “defaultdict()” function can be used to find the index of all occurrences in a list in Python.

• NumPy Astype

  The “astype()” method of the numpy module is used to change the data type of a NumPy array into other data types such as str, int, complex, etc.

• How Do I Check If a String Is Empty in Python

  “not” operator, “len()” function, “strip()” function, “==” operator, “__eq__()” method, or “not + str.isspace()” method can check if string is empty in Python.