Evan Fosmark's Blog

SSL support in asynchat.async_chat

1 Comment · 1st September 2010, 03:02 pm

A while back I needed to be able to use SSL connections in async_chat, but I found it to be horribly incompatible. After quite a bit of investigation I found a suitable solution.

import asynchat
import socket
import ssl
import errno
 
class async_chat_ssl(asynchat.async_chat):
    """ Asynchronous connection with SSL support. """
 
    def connect(self, host, use_ssl=False):
        self.use_ssl = use_ssl
        if use_ssl:
            self.send = self._ssl_send
            self.recv = self._ssl_recv
        asynchat.async_chat.connect(self, host)
 
    def handle_connect(self):
        """ Initializes SSL support after the connection has been made. """
        if self.use_ssl:
            self.ssl = ssl.wrap_socket(self.socket)
            self.set_socket(self.ssl)
 
    def _ssl_send(self, data):
        """ Replacement for self.send() during SSL connections. """
        try:
            result = self.write(data)
            return result
        except ssl.SSLError, why:
            if why[0] in (asyncore.EWOULDBLOCK, errno.ESRCH):
                return 0
            else:
                raise ssl.SSLError, why
            return 0
 
    def _ssl_recv(self, buffer_size):
        """ Replacement for self.recv() during SSL connections. """
        try:
            data = self.read(buffer_size)
            if not data:
                self.handle_close()
                return ''
            return data
        except ssl.SSLError, why:
            if why[0] in (asyncore.ECONNRESET, asyncore.ENOTCONN, 
                          asyncore.ESHUTDOWN):
                self.handle_close()
                return ''
            elif why[0] == errno.ENOENT:
                # Required in order to keep it non-blocking
                return ''
            else:
                raise

It should fit in place of typical use of asynchat.async_chat. In order to specify that you're wanting to use SSL, just set the flag in:

connect(host, use_ssl=True)

It would be nice if SSL support with asynchat.async_chat worked by default. Hopefully I'm not the only one who finds the above solution useful.

And as always, if you see any errors above, I encourage you to post a comment explaining the it!

Remember, remember, the flux capacitor!

Category: Off Topic

Comments · 5th November 2009, 11:38 pm

Everybody celebrates November 5th for it's Fawkesian roots. But where's the love for it being the day that Doc Brown came up with the idea for the flux capacitor? Sure, only one of them actually has merit, but still… Great Scott!

Python Markov Chains and how to use them

Category: Programming, Python

6 Comments · 4th November 2009, 07:34 pm

So, due to recommendations to use Markov chains for text generation after my last little script on creating fake words, I have finally gotten around to learning and implementing the Markov chain algorithm for text generation in Python. There were a few different implementations already available, but they all seemed a bit gimpy. The solution I wrote up aims to be able to support high volumes of text. Take a look at what I conjured up and tell me what you think:

import collections
import random
 
 
class DynamicDie(collections.defaultdict):
 
    def __init__(self):
        collections.defaultdict.__init__(self, int)
 
    def add_side(self, side):
        self[side] += 1
 
    def total_sides(self):
        return sum(self.values())
 
    def roll(self):
        random_num = random.randint(0, self.total_sides())
        total_pos = 0
        for side, qty in self.items():
            total_pos += qty
            if random_num <= total_pos:
                return side
 
 
class MarkovChain(collections.defaultdict):
    """ Yet another markov chain implementation.
        This one differs in the sense that it is able to better support
        huge amounts of data since the weighted randomization doesn't rely
        on duplicates.
    """
 
    # Sentinals 
    # Discussion here: http://stackoverflow.com/questions/1677726
    class START(object):pass
    class END(object):pass
 
    def __init__(self):
        collections.defaultdict.__init__(self, DynamicDie)
 
    def add(self, iterable):
        """ Insert an iterable (pattern) item into the markov chain.
            The order of the pattern will define more of the chain.
        """
        item1 = item2 = MarkovChain.START
        for item3 in iterable:
            self[(item1, item2)].add_side(item3)
            item1 = item2
            item2 = item3
        self[(item1, item2)].add_side(MarkovChain.END)
 
    def random_output(self, max=100):
        """ Generate a list of elements from the markov chain.
            The `max` value is in place in order to prevent excessive iteration.
        """
        output = []
        item1 = item2 = MarkovChain.START
        for i in range(max-2):
            item3 = self[(item1, item2)].roll()
            if item3 is MarkovChain.END:
                break
            output.append(item3)
            item1 = item2
            item2 = item3
        return output

It's not really complicated as long as you understand Markov chains. Let's use this in an example to generate some fake words:

import markov
chain = markov.MarkovChain()
 
# Load the dictionary into the markov chain
dictionary = "/usr/share/dict/words"
for word in open(dictionary):
    word = word.strip()
    if word != "" and not word.endswith("'s"):
        chain.add(word)
 
# Let's generate 10 random pseudowords
for i in range(10):
    print "".join(chain.random_output())

The way I did it above isn't actually that good since it loads every word in the English language into the Markov chain. Of course, you don't need all of the words to get good looking output. This is just an example, though. I'll leave it up to you to make a sufficient solution.

As always, if you see a way that the code in this post could be improved, please leave a comment!

Update: I updated it to use the dynamic die object. This solves the linear search problem that Marius mentions below.

Send a message THROUGH TIME in Python

Category: Jokes, Programming, Python

6 Comments · 20th September 2009, 01:56 pm

Who says time travel isn't possible?

import time
 
def send_to_future(message, seconds):
    time.sleep(seconds)
    return message

I'll leave it up to someone else to write the send_to_past() function.

Creating fake words: a pseudoword generator

Category: Programming, Python, Tools

13 Comments · 3rd July 2009, 07:02 pm

I was trying to figure out how to create a word that's not a word. What I ended up doing was creating a way of generating a random syllable, and then simply appending 2 or 3 of them together. It seems to work well enough. Here's what I got in Python:

import random
 
vowels = ["a", "e", "i", "o", "u"]
consonants = ['b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'q', 
              'r', 's', 't', 'v', 'w', 'x', 'y', 'z']
 
def _vowel():
    return random.choice(vowels)
 
def _consonant():
    return random.choice(consonants)
 
def _cv():
    return _consonant() + _vowel()
 
def _cvc():
    return _cv() + _consonant()
 
def _syllable():
    return random.choice([_vowel, _cv, _cvc])()
 
def create_fake_word():
    """ This function generates a fake word by creating between two and three
        random syllables and then joining them together.
    """
    syllables = []
    for x in range(random.randint(2,3)):
        syllables.append(_syllable())
    return "".join(syllables)
 
if __name__ == "__main__":
    print create_fake_word()

The first four functions are for generating an individual type of syllable (V, CV, or CVC) and then _syllable() just chooses one of them at random. Finally, create_fake_word() calls _syllable() a few times and joins them together. Here is some example output:

hojocina
eliphaa
deaketyed
ciboa
tiuzi

I haven't a clue whether or not there is a better means of generating words that look somewhat real. If you know of a better method, I'd love to hear it!

A simple event-driven plugin system in Python

Category: Programming, Python

4 Comments · 3rd July 2009, 01:08 am

So I just wanted to share my solution for integrating a plugin system into Python applications. Overall it's separated into four parts: the plugin manager, the plugin(s), a config file listing the plugins, and the application that triggers the events. In this system, plugins are just functions that get registered through the use of a decorator.

Let's start with the code for the plugin manager:

# pluginmanager.py
from collections import defaultdict
 
 
plugins = defaultdict(list)
def register(*events):
    """ This decorator is to be used for registering a function as a plugin for
        a specific event or list of events. 
    """
    def registered_plugin(funct):
        for event in events:
            plugins[event].append(funct)
        return funct
    return registered_plugin
 
 
def trigger_event(event, *args, **kwargs):
    """ Call this function to trigger an event. It will run any plugins that
        have registered themselves to the event. Any additional arguments or
        keyword arguments you pass in will be passed to the plugins.
    """
    for plugin in plugins[event]:
        plugin(*args, **kwargs)
 
 
def load_plugins(config_file):
    """ This reads a config file of a list of plugins to load. It ignores
        empty lines or lines beginning with a hash mark (#). It is so plugin
        imports are more dynamic and you don't need to continue appending
        import statements to the top of a file.
    """
    with open(config_file, "r") as fh:
        for line in fh:
            line = line.strip()
            if line.startswith("#") or line == "":
                continue
            __import__(line,  globals(), locals(), [], -1)

The plugin system is separated into three functions. The first is register() which is the decorator for registering plugins. The function trigger_event() is used by your application notify the plugin system that an event has occured. It goes out and runs any plugins registered with the event. Lastly, load_plugins() accepts a file location that contains the plugins to be loaded. We'll investigate these more closely later on in the article.

An example plugin

Let's build a package called "plugins" and create a module inside that called "example.py" with the following data:

import pluginmanager
 
@pluginmanager.register("FOO_ACTIVE")
def print_data(*args, **kwargs):
    if "data" in kwargs:
        print "Received the following: %s" % kwargs["data"]
    else:
        print "Didn't receive any data."

Here, the print_data plugin is registered for the FOO_ACTIVE event, and will be run if that event is triggered.

How to trigger the plugin

First, the plugin needs to be loaded. Right now, the source file is just sitting out there and unless we import it we'll never be able to do anything with it. So, you can either do a manual import or you can call the load_plugins() function and have it parse a list of plugin locations. We'll use the latter method.

The config file (plugins.list)

Let's create a config file with data resembling the following:

# Blank lines and lines starting with a hash (#) are ignored.
# So be as verbose as you want.
plugins.example

As you can see from above, it specifies to import the plugins.example module (since plugins is a package and example is a module inside of it). I'm doing it this way so adding or removing additional plugins is simple.

Application use

Finally, let's look at how an application would utilize this system:

import pluginmanager
pluginmanager.load_plugins("plugins.list") # load any plugins in the list
 
# ... code ...
 
# The FOO_ACTIVE event occurs somewhere
pluginmanager.trigger_event("FOO_ACTIVE", 
                            data="this data is sent to the plugin", 
                            foo="so is this")
 
# ... code ...

What happenes here is pretty straightforward. The manger loads the plugins, the application eventually triggers the FOO_ACTIVE event and sends data along with it. Any arguments or keyword arguments after the event in trigger_event() are sent directly to the plugin. When the event is triggered, it finds any plugins that have registered with it and activates it.

So yeah, that's what I came up with. It does have the downside of not being able to easily extend a plugin like you can with class-based systems since you can't inherit. Still, it's pretty nice for smaller apps that want a taste of pluggability.

If you have your own system for dealing with this type of situation, I'd love to hear from you.

Why do so many websites fail with password restrictions?

Category: Articles, Programming

7 Comments · 20th June 2009, 01:32 am

All too often when registering at a site I'll get prompted with a message along the lines of: "Password must be between 6 and 12 characters long and cannot contain special characters." The second I see that a little warning goes off in my head that they are probably storing the password as plain-text in their database or that at least they aren't hashing it. The only other time I get so worried about website password security is when they actually send me my password in an email after registration.

The bottom-line is that there should never be a case where there are password limitations such as special characters or maximum length. Why should you care if I decide to have a dollar sign, ampersand, or apostrophe in my password? Why is that considered bad? I mean, as long as you are hashing it (like you should be), it doesn't matter, right?

Same goes for password length. Since the hashes produced are a constant length, saying that the password would take up too much space in the database is an invalid argument. If I want my password to be the first sentence of my 6th grade report on Leif Erickson, then I should be able to. It's all about being able to remember and there exist plenty of pass-phrases that'd be easier to remember than any 8-character long password.

What about potential DoS attack with using a really long password? That is almost a valid reason for length restriction since hashing algorithms can be quite intensive on larger bodies of text, but how difficult can it be to spot and block those users with malicious intent?

What password verification should look like

No character limitation. No maximum length limitation. What's really left?

def is_valid_password(password, min_length=6):
    return len(password) >= min_length

Indeed, the only check that should be required is a minimum length. And even that's a stretch. Beyond being sure that the password isn't easily guessable, I see no reason for password restrictions in a world of fixed-length hashing.