Posts Tagged ‘Django’

Back from obscurity

Thursday, November 19th, 2009

Ouch! Seems like there might be some people actually interested in my project I made in the Advanced Free Software Tools course.

I haven’t had much time (read: I haven’t made time) to fiddle with it in ages. Perhaps it is time to revive it. The concepts where all pretty solid, although I am ashamed to say that there is really no documentation at all about how it works #procrastinationfail

I think what ground me to a stop the last time was how to have Django dynamically add more form fields based on a model. I guess I’ll just have to do some more research.

Thanks hesa for pushing me into the deep end of the pool, I need that from time to time ;D

Django, command_extensions and pygraphviz

Wednesday, November 26th, 2008

Trying to find a way to comply with the last week’s assignment (profiling your software) I today found out that the command_extensions for Django could provide some help (runprofileserver). However, that is not why I am currently writing.

The reason for this post is another command, graph_models, which can be used as such:

wildcard /home/wildcard/voxsite
$ python manage.py graph_models -a -g -o my_project_visualized.png

This however requires a few things to work, namely python-pygraphviz and graphviz-dev (if you’re a Ubuntu user at least). But this is pretty cool, now I have automatically generated class-diagrams of my project.

\o/

Python, urllib2 and Vox Anonymus

Wednesday, October 22nd, 2008

The project I am currently working on for the Advanced Free Software Tools course, Vox Anonymus, strives to offer a web-based (through Django) anonymous voting platform, giving users the ability to change their votes after having cast it.

In order to ensure anonymity, while retaining the ability to modify the vote, and also keep voters from cheating (the mantra “trust, but verify” comes to mind), an individual “vote key” is generated for each voter.

This vote key is then used as the password in a Password-Based Key Derivation Function (PBKDF for short) to generate a fairly strong key, which is hard to reverse-engineer back to the vote key. This generated key is then used to link a voter, with votes in various topics. It is a bit technical, and this is not the purpose of this post, so, moving along, quickly:

The vote key must be generated by Vox Anonymus, in order to disable a dishonest user from cheating the system. There are some pretty serious restrictions on the key as well, most of the regarding entropy. So, in order to create a good vote key, we need som pretty good random numbers.

Random numbers are tricky. You can’t generate them, since that would imply that there was some form of structured process to “generate” them. And how could a structured process create randomness? Especially, how could a structured process create randomness, and guarantee that said randomness for the same situation, state and input, won’t output the same randomness again?

There are some rather cool Pseudo-Random Number Generators (PRNG) available, but if an adversary got hold of the exact state of the PRNG at the time it generated a random sequence, the adversary could generate the same sequence, and thus get a hold on the key.

On GNU/Linux systems there is most of the time the /dev/random pool, and you can install the Entropy Gathering Daemon to improve it further, but using that in Vox Anonymus is not an option, as I intend to keep it as system independent as possible.

The solution, then, is not to look within, but to look outwards. Enter http://www.random.org/. Sure, there are no proofs that these numbers are random, and as such, should they be used? If the site is for real, then gathering randomness from the static in the airwaves are just as good, if not better, than any PRNG implementation I could include in the project.

So the procedure for fetching random numbers from random.org is as follows:

  1. Determine the external IP number of the server on which Vox Anonymus runs
  2. Check the quota for “my” IP number on random.org
  3. If there are enough numbers left, fetch the needed numbers, otherwise wait a couple of minutes

Step number one is completely retarded. I determine “my” external IP number by querying http://www.whatismyip.org/ for it… And I have found this to be the only? robust way of actually determining the external IP number through Python.

Please correct me if I’m wrong (and I don’t see how I couldn’t be).

We have finally arrived at the reason for this post: urllib2. I found a rather good resource, http://www.voidspace.org.uk/python/articles/urllib2.shtml, which showed me most of what I needed to know.

There where however some problems: random.org offers a http interface, based on query strings (GET requests). At the same time, the creator of random.org asks that people writing scripts to automate the process of fetching random numbers please include their email address in the User-Agent header, so that they can be sent a notification in the event that their scripts are behaving badly.

I spent quite some time figuring out how to create a request going through GET, but adding the User-Agent header. The final outcome was rather easy, so I guess I am somewhat of an idiot for not figuring it out earlier, but hopefully this will help someone else:

import urllib
import urllib2

values = {'foo': 1, 'bar': 2}
data = urllib.urlencode(values)
url = 'http://www.example.org/?' + data
header = {'User-Agent': 'wildcard@example.org'} # don't do this, only for random.org
req = urllib2.Request(url, data, header)
try:
    response = urllib2.urlopen(req)
    return response.read()
except urllib2.HTTPError, e:
    # do something
except urllib2.URLError, e:
    # do something else

Thus ends the adventures in Python-land, for now anyway

Who knew?

Thursday, October 2nd, 2008

As you may, or may not, know I am taking a course called Advanced Free Software Tools (pdf) held at the IT University in Göteborg, which basically boils down learning about and how to use the tools commonly used in Free Software projects, and as a part of this course the students are encouraged to either take part in an existing project, or to create a project of their own.

I opted to create a new project. I figure there are pros and cons with each approach (if you join an existing project there will (possibly) be a lot of code to get the hang of before you can start contributing, which is bad, but at the same time, it is also good that you get exposed to other peoples code. The inverse for these pros and cons are the pros and cons of creating a project of your own)

One thing that I don’t believe I would have gotten any actual “real-world” training in, had I joined an existing project, is in writing change logs and the more project administrative-posied tasks, and I have to say, I am finding it rather enjoyable, not the administrative tasks in themselves, but researching syntaxes, finding the ones which are conforming to the overall environment in which my project will coexist etc.

For instance, the project I have chosen to work on, is a web-based voting system, implemented as a Django application. It should be some sort of free software in order to follow course-requirements, so a free software license had to be chosen. Then a coding standard. Django is programmed in Python, following the Python coding standard, so my application should follow this as well. The Django team doesn’t appear to have any official changelog document, which would have overridden most other considerations, but instead I fall back to the GNU ChangeLog format.

Who knew all this “administrative work” could actually be this fun?