The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘Python’ Category

« Previous Entries
Next Entries »

fail2ban is yet another “A project some … person … has been thanklessly maintaining since …”; ensure it does not become yet another XZ Utils debacle

Posted by jpluimers on 2024/07/17

https://i0.wp.com/web.archive.org/web/20240711133830if_/https%3A//www.explainxkcd.com/wiki/images/d/d7/dependency.pngEarlier this week there were only three sponsors for [Wayback/Archive] sebres (Sergey G. Brester) · GitHub.

You might think “Why is this important?”.

Sergey is the single maintainer of fail2ban, the open source project that protects countless (likely a majority) of  public facing servers facing on the Internet.

Please don’t let fail2ban become another XZ Utils and support Sergey: we don’t want the project to become unmaintained, or worse: being backdoored like XZ was.

[Wayback/Archive] Sponsor @sebres on GitHub Sponsors · GitHub

The fail2ban repository is at [Wayback/Archive] GitHub – fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors

Via [Wayback/Archive] dee 🏳️‍⚧️: “fail2ban has one core maintain…” – Grafana Social

fail2ban has one core maintainer github.com/fail2ban/fail2ban and he has only 3 Github sponsors github.com/sebres

WTF

I can’t even comprehend how many servers are protected by fail2ban, how many compromises are avoided, how many people who run hobby things all the way up to major sites that get to sleep soundly every night… because of this single project.

Related: XZ 5.6.x are backdoored and present in many systems: downgrade to 5.4.x or earlier now; consider libarchive compromised until proven otherwise

--jeroen

Read the rest of this entry »

Posted in Development, Python, Scripting, Software Development | Leave a Comment »

s3-ocr: Extract text from PDF files stored in an S3 bucket

Posted by jpluimers on 2024/07/16

For my link archive: [Wayback/Archive] s3-ocr: Extract text from PDF files stored in an S3 bucket

One reason is archival of books. Even (or maybe especially) in IT, books already have historic meaning especially in narrower fields where they often are not available in the Internet Archive or have been scanned by Google Books.

Via/related:

Read the rest of this entry »

Posted in Amazon S3, AWS Amazon Web Services, Cloud, Cloud Apps, Development, Infrastructure, Internet, Power User, Python, Scripting, Software Development | Leave a Comment »

maartensukel/example-textual-classification-citizen-reports: Example of a simple textual classification using TF-IDF and LR.

Posted by jpluimers on 2024/06/04

Cool technology:

[Wayback/Archive] maartensukel/example-textual-classification-citizen-reports: Example of a simple textual classification using TF-IDF and LR.

The classification is done by using a TF-IDF (Term Freuqency – Inversed document frequency) as representation for the text and a logistic regression to classify the text. Optimal hyperparameters for the dataset are found using a gridsearch.

Author: [Wayback/Archive] Maarten Sukel (@MaartenSukel) / Twitter

The source is based on Python Pandas and sci-kit learn (also known as sklearn).

Read the rest of this entry »

Posted in Development, Pandas, Python, Scripting, Software Development | Leave a Comment »

Code Visualisation through Python Tutor – Visualise Python, Java, C, C++, JavaScript, TypeScript, and Ruby code execution

Posted by jpluimers on 2024/04/18

The final visualisation post of this week (themed Data Visualisation and Code Visualisation) is about [Wayback/Archive] Python Tutor – Visualize Python, Java, C, C++, JavaScript, TypeScript, and Ruby code execution.

Languages covered in these visualisers:

Earlier posts in the series:

–jeroen

Posted in C, C++, Development, Java, Java Platform, JavaScript/ECMAScript, Python, Ruby, Scripting, Software Development | Leave a Comment »

Pandas Tutor – visualize Python pandas code

Posted by jpluimers on 2024/04/16

Learning Python Pandas can be tough so this free resource is of great help: [Wayback/Archive] Pandas Tutor – visualize Python pandas code – documentation:

Pandas Tutor visualizes how Python code transforms dataframes

Read the rest of this entry »

Posted in Code Visualisation, Data Visualisation, Development, Pandas, Power User, Python, Scripting, Software Development | Leave a Comment »

FemFM – 〝50% vrouw in je oor, of we zappen door!〞

Posted by jpluimers on 2024/03/30

[Wayback/Archive] FemFM – 〝50% vrouw in je oor, of we zappen door!〞 werd in 2024 gelanceerd vlak voor de Women’s History Month en Internationale Vrouwendag door Felienne Hermans.

Felienne is bekend van bijvoorbeeld haar promotieonderzoek naar de impact van Excel op de samenleving, maar vooral van haar drive te onderzoeken hoe zo veel mogelijk mensen – ongeacht hun achtergrond – kunnen leren programmeren), Joy of Coding, de Hedy programmeertaal (met veel support voor andere alfabetten dan wat we in de westerse wereld gebruiken) en haar boek The Programmer’s Brain: What every programmer needs to know about cognition.

Ze is enorm goed in haar werk, en komt daarmee regelmatig in aanraking met vooringenomenheid over vrouwen. Daar verbaast ze zich terecht over, en ook dat het lastig om content (op allerlei soorten gebieden) te consumeren gemaakt door vrouwen. Dat overkwam haar bijvoorbeeld bij het luisteren naar muziek op de Nederlandse radio: daar kwamen veel meer mannelijke artiesten aan bod dan vrouwelijke.

Vandaar FemFM, en Felienne zou Felienne niet zijn als de source code niet openbaar was, dus hier wat linkjes:

Read the rest of this entry »

Posted in Audio, Awareness, Development, IceCast, Inclusion / inclusive society, Java, Java Platform, Media, Power User, Python, Scripting, Software Development, Web Development | Leave a Comment »

bloomberg/memray: Memray is a memory profiler for Python

Posted by jpluimers on 2024/01/22

For my link archive as one day I will need this:

Via this cool [Wayback/Archive] Thread by @1st1 on Thread Reader App that has these tweets:

  1. [Wayback/Archive] Yury Selivanov on Twitter: “WOW. Bloomberg finally opensourced memray—a new versatile memory profile for Python. Can’t way to use it. Thread 👇”

  2. [Wayback/Archive] Yury Selivanov on Twitter: “1. It’s fully open source (Apache 2), grab it here: …”

  3. [Wayback/Archive] Yury Selivanov on Twitter: “2. Until now you never could have such a deep insight in how your app allocates memory. The tool is a must for any long-running services implemented with Python. With memray you can generate flame charts or all allocations and trace absolutely everything.”

  4. [Wayback/Archive] Yury Selivanov on Twitter: “3. And this must be a Python snippet of the month:”

    Image

    @pytest.mark. limit_memory("24 MB")
def test_foobar():
    # do some stuff that allocates memory
  5. [Wayback/Archive] Yury Selivanov on Twitter: “4. It’s sophisticated enough to peek into native code. So you can profile your numpy and pandas code with it. And it has a live mode. You can just run your code and see how it allocates memory as it runs. 🤯”

  6. [Wayback/Archive] Yury Selivanov on Twitter: “5. A little birdie mentioned to me that @pyblogsal is one of the active contributors in memray. Let’s keep it a secret 🫢”
  7. [Wayback/Archive] Yury Selivanov on Twitter: “6. This is a Python client to @edgedatabase as it establishes a connection to the DB. cc @fantix @elprans”

  8. [Wayback/Archive] Yury Selivanov on Twitter: “7. Wow, this thread is blowing up. Here’s a link to my Spotify… err,”

–jeroen

Posted in Development, Python, Scripting, Software Development | Leave a Comment »

For your next job interview: One-Line FizzBuzz Solution in Python 3 | by David Sanchez | CodeX | Medium

Posted by jpluimers on 2024/01/18

[Wayback/Archive] One-Line FizzBuzz Solution in Python 3 | by David Sanchez | CodeX | Medium

print('\n'.join(['fizzbuzz' if x%15 == 0 else 'buzz' if x%5 == 0 else 'fizz' if x%3 == 0 else str(x) for x in range(1,101)]))

(Yes, one can do similar list comprehension and conditional expression constructs in other languages to get one-liner solutions)

Via:

–jeroen

Posted in Development, Python, Scripting, Software Development | 1 Comment »

Hello “SMTP Smuggling” information released days before the Holiday season to open source SMTP server teams

Posted by jpluimers on 2023/12/24

Jan Wildeboer was mad for good reasons, though the open source projects didn’t yet seem to publicly have show their real madness, just bits like [Wayback/Archive] oss-security – Re: Re: New SMTP smuggling attack:

I'm a little confused by sec-consult's process here. They identify a
problem affecting various pieces of software including some very widely
deployed open source software, go to the trouble of doing a coordinated
disclosure, but only do that with...looking at their timeline... gmx,
microsoft and cisco?

“SMTP Smuggling” is bad, and big open source SMTP server projects like exim, postfix and sendmail needed to assess and fix/prevent the issue on very short notice: effectively confronting them with a zero-day less than a week between the information got released and the Holiday season.

That gives “deploy on Fridays” a totally different dimension.

How bad? Well, it already managed to reach this Newline – Wikipedia entry:

The standard Internet Message Format[26] for email states: “CR and LF MUST only occur together as CRLF; they MUST NOT appear independently in the body”. Differences between SMTP implementations in how they treat bare LF and/or bare CF characters have led to so-called SMTP smuggling attacks[27].

The crux of the problem is very well described by the “Postfix: SMTP Smuggling” link below: recommended reading, and the middle of [Wayback/Archive] SMTP Smuggling – Spoofing Emails Worldwide | Hacker News

TLDR: In the SMTP protocol, the end of the payload (email message) is indicated by a line consisting of a single dot. The line endings normally have to be CRLF, but some MTAs also accept just LF before and/or after the dot. This allows SMTP commands that follow an LF-delimited dot line to be “tunneled” through a first MTA (which requires CRLF and thus considers the commands to be part of the email message) to a second MTA (which accepts LF and thus processes the commands as real commands). For the second MTA, the commands appear to come from the first MTA, hence this allows sending any email that the first MTA is authorized to send. That is, emails from arbitrary senders under the domains associated with the first MTA can be spoofed.

Here are some links to keep you busy the next hours/days/weeks:

And the toots linking to background information:

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, exim mail, Internet protocol suite, postfix, Power User, Python, Scripting, sendmail, SMTP, Software Development | Leave a Comment »

TWINT – Twitter Intelligence #OSINT: consider Toolwoluxwolu/twint

Posted by jpluimers on 2023/11/08

Edit: I scheduled this post a long time ago, but it likely won’t work any more because of Space Karen demolsing Twitter. So for now, view this post as a how historically we had nice things on Twitter.

When writing this, the fork [Wayback/Archive] woluxwolu/twint works and the original [Wayback/Archive] twintproject/twint: An advanced Twitter scraping & OSINT tool written in Python that doesn’t use Twitter’s API, allowing you to scrape a user’s followers, following, Tweets and more while evading most API limitations. does not.

See these tweets in Dutch (Google Translate on them works well):

Read the rest of this entry »

Posted in Development, LifeHacker, OSINT - Open Source Intelligence, Power User, Python, Scripting, SocialMedia, Software Development, Twitter | Leave a Comment »

« Previous Entries
Next Entries »