pierd.github.io

Project maintained by pierd Hosted on GitHub Pages — Theme by mattgraham

27 August 2018

PyCon AU 2018

The company I work for was nice enough to provide me with an entry to PyCon AU 2018 conference. I’ve spent three days there (Aug 24-26).

Update for my grannies: people are nice, food is average, the weather was subpar but I’m having a good time.

Here are the talk that I’ve attended + some random notes.

PyCon AU organisers were nice enough to publish all videos on YouTube - you can find them here.

Friday August 24

Agloe - What the map makers of the 1930s can teach us about protecting our data in 2018

Canary tokens - when opened they trigger an alarm.

Few ideas where they can be placed:

a link in an email (“Here is a very important document”) - detect if an email account was compromised
an email address in DB - detect if DB data was leaked
AWS credentials (~/.aws/credentials) - detect if a machine was compromised
an entry in ~/.ssh/config - detect if your machine was compromised

Canary tokens don’t provide security by themselves but they have very good signal to noise ratio.

Privacy Preserving Record Linkage

First of all I like the history part on Brian’s website - I’m thinking about stealing the idea.

The talk itself - interesting problem I wasn’t aware of.

The main idea: splitting names (or other details) into N-grams and put them into bloom filter to anonymise the data but perserve the basic properties that allow for Record Linkage.

Libraries available on GitHub:

Security Architecture from Ancient Times

I highly recommend watching this one. Key takeaways:

Desirable control attributes:

Individual control:
- simple
- strong
- self-defending
Multiple controls:
- fail independently
- diverse
- mutually supporting

Learning from the mistakes that even big projects make

Interesting but TBH I have not made any notes

Demystifying LoRaWAN with PyCom

Interesting but TBH I have not made any notes

Workplace Environment Sensing with Python

A really cool project. I liked the extra usage as a marker for interruption acceptance.

Automating Your Home with Python, Raspberry Pi and Homekit

pyhap + Raspberry Pi + AirCon + iPhone = MAGIC

Education Seminar Student Showcase

I watched only the first 2 presentations before heading to The Panel. From what I’ve seen it’s Machine Learning all the way.

Playing noughts and crosses with the power of Machine Learning. Inspired by MENACE: the pile of matchboxes which can learn.
Optimising flash cards style learning with Machine Learning (finding good spot for repetition ~ 40% recall).

The Panel

Interesting but TBH I have not made any notes

Saturday August 25

Remote First, Not Second Best

I wanted to listen to this talk since I worked remotely for few years.

“Culture eats methodology for breakfast”

Right tools are crucial. Synchronous communication is overrated and technology is not there yet anyway.

All in the Timing: Side-Channel Attacks

This one got me really interested. I’m going to try a timing attack in practice - stay tuned!

Few side-channel attacks mentioned in the talk:

timing attack against Python string comparison
exploiting gzip to guess CSRF token behind HTTPS (if you can make a server include a string you control then you can try guessing some other information basing on how it affects the result size - if you match something that is included in the response then the resulting gzipped response will be smaller)
DoS attack by making Python dicts slow (making hashes collide) - first fixed by introducing a random factor generated on process start, then fixed again
Meltdown

Why you should care about types: How Python typing helped my team scale

Types are good. Types are pythonic.

Projects:

mypy - type analisys
Monkeytype - detecting types in runtime to add them to source code

Duck typing? Protocols!

Type information for Standard Library? Typeshed!

Creepy, frivolous and beautiful art made with machines

Just watch it on YouTube!

Something to play with: https://github.com/google/deepdream

Sunday August 26

Write Perfect* Code First Time, Every Time

Visual Studio Code Python extension has breakpoints/stepping/debug console/etc.

It has real debug console (one can execute code in a running process). Internally it uses Python Tools for Visual Studio debug server.

Setup costs :(

Alternatives to VSC: pdb (plain old Python debugger), spyder (full blown Python IDE).

Reflections on the Creative Process - Illustrated with Watercolour Painting

The Creative Process:

Planning - all the ideas how it’s going to come out
Stress - is it really coming out as expected
De-escalate - relax, think, be in a moment
Decision moment - give up or keep going?
Commit to the decision - life is short keep going
Finishing touches -> stop when it’s good (don’t overdo)
Allow appreciation time

Big life perspective: make a plan (prepare for bad events)

Key takeways:

Reflect on how you work, not just coding
Self soothe
Talk to others about how you feel (it’s okay to do this!)
Know that your community of people are willing to help and support you
Acceptance and commitment therapy

FP demystified

Functional Programming in Python live in Jupyter Notebook!

Inspired by Professor Frisby.

Source code available here.

Colossal Cave Adventure in Python… in the browser!

Adventure is a really old (probably the first) text adventure game implemented in Fortran IV. Chris created a Fortran IV interpreter to run it and he hooked it up together behind Twillio API. At time of writing it was accessible via text message on +61 488 847 569 or +1 (669) 238-3683.

He also put it online in a Python interpreter in JavaScript (yes, Fortran IV in Python in JavaScript) - hilariously slow.

That’s all folks! See you next year…

tags: pycon - python