Hey, I’m switching around my blog hosting. Hopefully if it’s easy to post, I will post more than once every 6 years. And, just in case there’s somehow still someone using Atom to follow this blog, sorry for reposting all that stuff from 2014.
Don’t run the disposal if there is glass in it.
Remove glass from the disposal if it ends up there, or at least let people know.
The disposal is broken because it is full of glass.
– Paul Stewart, a former housemate.
JSON Web Tokens are “a compact URL-safe means of representing claims to be transferred between two parties.” The “claims” are assertions about what’s going on, and they’re cryptographically signed, either with a shared secret between client and server or using public key cryptography.
One place they’re being used is in Mozilla’s BadgeKit API. There, clients of the API have a shared secret with the server. That secret is used to sign a statement of the HTTP path, method, and request body (for POST and PUT requests). Assuming nothing important happens in the other HTTP headers, this means that an evesdropper can only replay the exact HTTP request that the real client made. This makes it better than simply including unchanging credentials, because once the credentials are sniffed from the network, they can be reused to make any request to the server.
Unfortunately, JSON Web Tokens are fiddly to assemble. There is a good implementation for Python called PyJWT (PyPI). However, to use it with Kenneth Reitz’s immortal work, requests, one must write a custom authentication plugin. Well, I’ve done that! Yay! The code is on GitHub, and on PyPI as requests-jwt. The documentation is on Read the Docs.
import requests from requests_jwt import JWTAuth, payload_method auth = JWTAuth('superSekr3t') auth.add_field(payload_method) # ... other claims/payloads resp = requests.get('http://auth-required.example.com/', auth=auth)
This is part of my current work with Dr. Daniel Hickey, bringing digital badges (which are more interesting than they sound) to online courses hosted with Open edX.
At a previous job, I worked a lot with Matlab. This was in 2010, before Matlab had any testing tools included, and the best testing tool was Steve Eddins’ Matlab xUnit package.
I loved (and love) the Python
doctest module: it’s both a clever
hack and a very useful tool. I decided to make a version of it for
Matlab isn’t the kind of language that lets you really control the namespace of the code that is running. Python, for instance, has a nearly empty namespace by default when you run code in a separate file. R has similar capabilities, although (for me) they are clunkier to use. But, unless you explicitly make some code a function, Matlab runs it more like a script, sharing the namespace of whatever code calls it. This makes ‘doctest’ a tricky concept to implement - either you have to manipulate the documentation strings into functions, or else control the available variables very carefully.
I chose the latter route, ending up with this hilarious test-running
I wrote it normally, and then renamed all the variables, from
DOCTEST__example_var. So, the test code isn’t
actually isolated, but at least it should never modify the test-running
function’s state accidentally. I think, given the limitations of the
language, that’s the best I could do. And it was useful. And check out
the doctest on that method! Heheheh.
Anyway, the reason this comes up today is that I haven’t worked at a job
with a Matlab license for several years. And GNU Octave, while probably
useful for number crunching, lacks a lot of Matlab’s finer points,
classdef classes. So I basically haven’t worked on it
at all for 3 years.
But hey good news, Open Source! Mr Paul Sexton has offered to take over maintainership! I accept. That’s nice. He’s already made some changes that make the code runnable on modern Matlab versions, showing the value of having a maintainer who can at least run the code. I’m glad, and excited to see where he takes the project! Even if it’s just keeping it runnable, I expect that a few people will benefit. Good!
As an aside, I’m on the lookout for my next numeric language. I’ve had
success with NumPy and Pandas, but I’ve also heard nice things about
Julia. I was thinking about making doctests my first practice project
in Julia, but actually, Julia doesn’t even support docstrings. Its
builtins have text that’s associated with them, that shows up in
help("blah"), but there’s currently no
way to do that for your
own code. That seems really important to me. I’ll probably stick with
Python for my next vectorized-math project, though I continue to follow
Julia now and then.
My sister, Miranda Hassett, visited Jerusalem in 1995.
I was bright, curious, and ambitious. I thought I was ready. I thought it was the kind of thing a student like me, a person like me, should do.
Just a few weeks in, her visit turned a very sharp corner.
At one of my jobs, I’m working with d3.js to develop visualizations of scholarly data, such as article citations and co-authorships. I’m not ready to show off that work yet, but I got a bee in my bonnet to make some useless/pretty pictures. The main inspiration was gmunk’s work on TRON - SO NICE. My work obviously does not compare, but it’s been fun to try things with a playful attitude.
Incidentally, Mike Bostock’s bl.ocks.org is both handy and a cute use of gists.
Finally, the best d3 visualization I’ve seen is this globe with overlaid weather data. Really amazing!
Be Thou our Skip throughout life’s game, An’ syne we’re sure to win, Tho’ slow the shot and wide the aim, We’ll [sweep] each ither in.
from “Curler’s Grace”
[The gazelle’s legs] are like rifles from which leaps are fired.
– Rainer Maria Rilke