Time to Upgrade Your Python: TLS v1.2 Will Soon Be Mandatory (pyfound.blogspot.com)

By Vasudev Ram

Saw this blog post recently via an email from the PSF (Python Software Foundation):

Time to Upgrade Your Python: TLS v1.2 Will Soon Be Mandatory

and then also saw this HN thread (about the same post):

Time to Upgrade Your Python: TLS v1.2 Will Soon Be Mandatory (pyfound.blogspot.com)

The currently top comment in that thread, (by HN user jwilk), had examples of how to do the check for your Python's TLS version - for both Py 2 and Py 3, without using the 3rd-party requests library (which was used in the PSF post), just using Python's urllib* libraries:

From jwilk's comment:

Test procedure that doesn't require 3rd-party libs:
* For Python 2:

$ python -c "import json, urllib2; print json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']"

* For Python 3:

$ python3 -c "import json, urllib.request; print(json.loads(urllib.request.urlopen('https://www.howsmyssl.com/a/check').read().decode('UTF-8'))['tls_version'])"

Tried them both out on my machine, they worked and showed the TLS version.

Speaking of one-liners, here are a few of my own, some by others, and in both Python and Unix:

Python one-liner to get the filename and line number of the caller of the current function

Python one-liner to compare two files (conditions apply)

Python one-liner to open a web site from the command line

And you can always get all the Python one-liners on my blog, both past and future [1], with this URL:

https://jugad2.blogspot.in/search/label/Python-one-liners

[1] Future one-liners, after they are written, not now :)

And the same for general one-liners (could include Python, Unix or other):

https://jugad2.blogspot.in/search/label/one-liners

- Vasudev Ram - Online Python training and consulting

Get updates (via Gumroad) on my forthcoming apps and content.

Jump to posts: Python * DLang * xtopdf

Subscribe to my blog by email

My ActiveState Code recipes

Follow me on: LinkedIn * Twitter

Managed WordPress Hosting by FlyWheel

Share |

Big Java security issue for PC users?

Experts urge PC users to disable Java, cite security flaw | Reuters

Bad if true.

Ars Technica on Gmail / email privacy and security

Op-ed—A plea to Google: Protect our e-mail privacy | Ars Technica

Somewhat good article, but it does not go far enough, IMO, and these are only recommendations by them. Who knows whether it will result in enough action by Google and others, given their vested interests. As for Twitter, they only recently started supporting HTTPS/SSL (in the last year or two, IIRC).

Kaspersky Lab developing its own operating system?

By Vasudev Ram


Kaspersky Labs, the maker of popular anti-virus / anti-malware software, is developing its own operating system, according to this post on founder Eugene Kaspersky's blog.

WIRED article about Kaspersky operating system.

Engadget article about Kaspersky operating system.

The Register, UK, on the same topic.

- Vasudev Ram - Dancing Bison Enterprises

Share |

"Do you want your app to look like NASCAR?"

Social Login Buttons Aren’t Worth It | MailChimp Email Marketing Blog

Good post. I've been saying much the same thing on  various places on the Net for a while now. And I don't mean the NASCAR look from all those social media buttons, but the security risks and dependence on third party sites that using those  buttons involves.

- Vasudev Ram
www.dancingbison.com

Thought-provoking post on privacy

Google, Wi-Fi snooping and the ever-shifting “creepy” line | Tech News and Analysis

Big Java desktop security issue?

Critical bug in newest Java gives attackers complete control of PCs | Ars Technica

Interesting use of SHA-1 hashes

By Vasudev Ram


Came across an interesting use of the cryptographic hash function SHA-1 recently: see this post by Steve Losh about his simple command-line to-do list tool called "t" (no, not a typo :)

Reading that post reminded me of using SHA-1 hashes in a web-based product I worked on some years ago. Before using them, I googled a bit for info, and found a post by security expert Bruce Schneier stating that SHA-1 is broken. So I wrote a small wrapper to do some custom encryption over and above what SHA-1 provided. Can't go into the details, due to the NDA I signed. I am not a security expert, but I think what I did may have improved the security of the product.

UPDATE: I just re-read Schneier's SHA-1 post (linked above), and saw that he has updated it. The last link in his original post is a link to the update (a separate post), which is also interesting, and in which he gives further details of the security issues involved and how SHA-1 was found to be broken.

Vasudev Ram
- dancingbison.com | @vasudevram | jugad2.blogspot.com

- Vasudev Ram - Dancing Bison Enterprises

Share |

Startup say: Just give me your email and password (*)

http://m.techcrunch.com/2012/04/11/onereceipt-launches-ios-app-for-scanning-and-storing-those-pesky-paper-receipts/?icid=tc_home_art&

Me say: Nice try, dude. But no way do you get my email password. Too much potential for misuse.

* Pity. Otherwise, their idea seems good.

Google Chrome Beta to support C and C++ via Native Client - NaCl

By Vasudev Ram - dancingbison.com | @vasudevram | jugad2.blogspot.com

Seen on ReadWriteWeb and TechCrunch.

Some of the benefits claimed for Native Client (NaCl) are better performance via leveraging modules written in C and C++ in your web apps, re-using legacy code written in those languages (and there is, of course, tons of that around, though some parts may have to be modified to work with NaCl), and all this, while still maintaining security, due to the "double sandbox" model that NaCl apps will use.

NaCl is the chemical formula for common salt, and in a Google-ish play on words, the API that developers will use to create such apps is called the Pepper API.

Excerpts:

[ Native Client allows C and C++ code to be seamlessly executed inside the browser with security restrictions similar to JavaScript. Native Client apps use Pepper, a set of interfaces that provide C and C++ bindings to the capabilities of HTML5. As a result, developers can now leverage their native code libraries and expertise to deliver portable, high performance web apps. ]

The links to the articles:

Google Chrome Beta Now Supports C/C++:

http://www.readwriteweb.com/cloud/2011/08/google-officially-announces-cc.php

Google Unleashes Native Client Into Chrome, Next-Gen Web Apps To Follow?

http://techcrunch.com/2011/08/11/chrome-native-client/

The Google announcement about NaCl support:

http://chrome.blogspot.com/2011/08/building-better-web-apps-with-new.html

Posted via email
- Vasudev Ram @ Dancing Bison

DuckDuckGo search engine may be useful for privacy and security

By Vasudev Ram - dancingbison.com | @vasudevram | jugad2.blogspot.com

DuckDuckGo (*) is a general purpose search engine like Google and Yahoo! search, created by Gabriel Weinberg, who had earlier sold another startup of his (as per a BusinessInsider.com article that I read).

(*) Yes, I know, the name DuckDuckGo is odd. But don't let that deter you from checking it out. The service may have benefits. I also was not too interested in it for a while, though I knew about it from a while ago, and that was partly due to the name.

But recently, I got more interested it it, due to seeing it crawl my web site http://www.dancingbison.com a few times over the last few weeks (as shown by Google Analytics), and then deciding to check it out some more on a whim, and then seeing some interesting stuff about it, namely, that it seems to put more emphasis on privacy (and hence security) than the major search engines like Google. Also, I like the relatively clean, uncluttered user interface of DuckDuckGo.

I also found that there were a handful of positive reviews of DuckDuckGo in well-known publications.

So check it out if you like: http://duckduckgo.com

And maybe, use DuckDuckGo itself to search for more links about it, including the reviews I mentioned above, etc. That may be an interesting test of it, so I leave it as an exercise for the reader (as textbooks are prone to say :-)

- Vasudev Ram - dancingbison.com