Tokens are “a
compact URL-safe means of representing claims to be transferred between two
parties.” The “claims” are assertions about what’s going on, and they’re
cryptographically signed, either with a shared secret between client and server
or using public key cryptography.
One place they’re being used is in Mozilla’s BadgeKit
API. There, clients of the API have
a shared secret with the server. That secret is used to sign a
of the HTTP path, method, and request body (for POST and PUT requests).
Assuming nothing important happens in the other HTTP headers, this means that
an evesdropper can only replay the exact HTTP request that the real client
made. This makes it better than simply including unchanging credentials,
because once the credentials are sniffed from the network, they can be reused
to make any request to the server.
Unfortunately, JSON Web Tokens are fiddly to assemble. There is a good
implementation for Python called PyJWT
(PyPI). However, to use it with Kenneth
Reitz’s immortal work, requests, one must write a
custom authentication plugin. Well, I’ve done that! Yay! The code is on
GitHub, and on PyPI as
documentation is on Read the Docs.
importrequestsfromrequests_jwtimportJWTAuth,payload_methodauth=JWTAuth('superSekr3t')auth.add_field(payload_method)# ... other claims/payloads
At a previous job, I worked a lot with Matlab. This was in 2010, before
Matlab had any testing tools included, and the best testing tool was
Steve Eddins’ Matlab xUnit package.
I loved (and love) the Python doctest module: it’s both a clever
hack and a very useful tool. I decided to make a version of it for
Matlab isn’t the kind of language that lets you really control the
namespace of the code that is running. Python, for instance, has a
nearly empty namespace by default when you run code in a separate file.
R has similar capabilities, although (for me) they are clunkier to use.
But, unless you explicitly make some code a function, Matlab runs it
more like a script, sharing the namespace of whatever code calls it.
This makes ‘doctest’ a tricky concept to implement - either you have to
manipulate the documentation strings into functions, or else control the
available variables very carefully.
I chose the latter route, ending up with this hilarious test-running
I wrote it normally, and then renamed all the variables, from
example_var to DOCTEST__example_var. So, the test code isn’t
actually isolated, but at least it should never modify the test-running
function’s state accidentally. I think, given the limitations of the
language, that’s the best I could do. And it was useful. And check out
the doctest on that method! Heheheh.
Anyway, the reason this comes up today is that I haven’t worked at a job
with a Matlab license for several years. And GNU Octave, while probably
useful for number crunching, lacks a lot of Matlab’s finer points,
including its classdef classes. So I basically haven’t worked on it
at all for 3 years.
But hey good news, Open Source! Mr Paul
Sexton has offered to take over
accept. That’s nice.
He’s already made some changes that make the code runnable on modern
Matlab versions, showing the value of having a maintainer who can at
least run the code. I’m glad, and excited to see where he takes the
project! Even if it’s just keeping it runnable, I expect that a few
people will benefit. Good!
As an aside, I’m on the lookout for my next numeric language. I’ve had
success with NumPy and Pandas, but I’ve also heard nice things about
Julia. I was thinking about making doctests my first practice project
in Julia, but actually, Julia doesn’t even support docstrings. Its
builtins have text that’s associated with them, that shows up in
help("blah"), but there’s currently no
way to do that for your
own code. That seems really important to me. I’ll probably stick with
Python for my next vectorized-math project, though I continue to follow
Julia now and then.
At one of my jobs, I’m working with d3.js to develop
visualizations of scholarly data, such as article citations and co-authorships.
I’m not ready to show off that work yet, but I got a bee in my bonnet to make
some useless/pretty pictures. The main inspiration was gmunk’s work on
TRON - SO NICE.
My work obviously does not compare, but it’s been fun to try things with a
Incidentally, Mike Bostock’s bl.ocks.org is both handy
and a cute use of gists.