It is often wise advice in the Software Development world to avoid rolling out your own thing and re-use what other people have done.
While maybe I don’t always agree with that, I certainly always agree with it when it comes to security!
So I hit a problem where I needed to encrypt something based on a password. After some research, the correct way to solve this
problem is using PKCS #5. It basically salts and applied a hash many hundreds (or thousands) of times to produce a derived key.
The best solution I found was py-bcrypt, but unfortunately was lacking in the documenation department. I had to check the source code
but eventually found my solution in the README of their code.
importbcryptsalt=bcrypt.gensalt()# apply the hash function 100 times and generate a 256-bit key
key=bcrypt.kdf(password,salt,100,256/8)
One caveat: py-bcrypt does require you to compile the module before you can install it. So pip install py-bcrypt doesn’t cut it. But I found this to be true of every python-based cryptography library because they wrap C libraries… with the exception of python-bcrypt. Leave it to Wenzel to be that exception to the rule.
A number of weeksmonths ago I tried Ghost Blog to possibly replace my WordPress blog.
That experiment was done for a number of reasons that I won’t outline here. I will say that Ghost is pretty good for a minimal blogging solution.
It is much more narrow in scope than WordPress is, which is something that I was looking for at the time.
However Ghost’s minimalism had a cost as well. Some pain points were:
No plugins. Every update required me to re-install Disqus to the proper template. This is planned AFAIK
Constant updates (at ~2 weeks at the time of writing) but no automatic updates.
Now for a fair price you can pay Ghost to automatically update your blog. But at $10/month, it costs more than hosting and for a infrequent
blogger such as myself, it doesn’t make sense. I’m lucky to hit 10 blog views a month.
Due to those pain points, I’ve decided to jump ship and try Jekyll. It’s not perfect (I miss my Markdown WYSIWTF editor). But it has some nice benefits.
Fairly simple, lightweight, and I feel less guilty for avoiding the updates!
I have owned my Blackberry Bold 9780 for nearly 3 years now - which is like 120 in smartphone years. It’s showing its age1. RIM doesn’t support it, and in fact is actively harming it with the latest BBM updates that are touch-optimized. So I began thinking about a new phone.
Blackberry
Pros:
Keyboard. I have not gotten used to a touchscreen keyboard. This is a highly subjective but extremely important quality in a phone. No super-secret-awesome keyboard app sauce is going replace a keyboard. I will say that touch keyboards have gone a long way, but it’s still not there for me.
Cons:
App support is pretty shit. The apps they do have is pretty shit as well. Often a third-tier platform.
Not much complaints. It seems to be a very polished phone. There has been lots of complaints for the walled-garden approach that has taken, at least in the beginning. But it works out well for Apple, and arguably for it’s users. The biggest con by far is the price - approximately $700, or half a new computer. If it was perfect, it’s a bargain price. But nothing is perfect.
Android
I have been cautious of Android mainly because of Google’s involvement in it. Unlike Blackberry, Apple, or Windows, Google probably knows the most about me and the real value I provide is the more data it collects about me.
My friend Tom recently lent me a Samsung phone and I played around with it. I used a new e-mail address, and found it to be fun to use for games or just browsing. I ended up getting an Android tablet for this very reason.
Windows
I really want to give this a try but WIND just stopped selling them. Finding an unlocked WIND compatible phone is turning out to be more work than I want to put in.
Result
How do I Grindr on a flip phone?
1 how many webpages can you load on 512Mb of RAM? There are some pages I can’t load even with images/javascript disabled