Nested dictionaries in Python

This isn’t exactly ground-breaking, but rather just a handy tip. If you’re looking to create nested dictionaries in Python, like a “multi-dimensional hash,” or just a “dict of dicts,” there is a very simple method. All you need to do is use the defaultdict class in the collections module. Defaultdict objects can specify what factory (method) to use when creating new elements in the dictionary. If you pass in “dict” as the argument, all members of your dictionary will themselves be dictionaries. Of course, you could pass in another type, such as list. For example, this will make a two-level dictionary:

>>> from collections import defaultdict
>>> double_dict = defaultdict(dict)
>>> double_dict['foo']['bar'] = 42
>>> double_dict['fun']['ball'] = 77
>>> double_dict['fun']
{'ball': 77}

What if you want an unlimited number of dicts within a dict? Well, all you need is a simple function to create a defaultdict(dict) object on the fly, like this:

>>> def make_infinite_dict():
 return defaultdict(make_infinite_dict)

>>> inf_dict = make_infinite_dict()
>>> inf_dict[1][2][3][4][5] = 100
>>> inf_dict[1][2][3][4][5]
100

Like I said, nothing magical, but it could come in handy!

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 

Glimers of hope in OS security

I hate band aids. No, not the kind you put on a scraped knee. I’m talking about the kind we’ve been layering on top of our broken software. Firewalls, intrusion detection systems, anti-virus, and perhaps the saddest of all, data loss prevention. They are all band aids we’ve invented because our underlying systems are fundamentally flawed, and will never be secure. And thus was born defense in depth.

There are times when you’ve made so many mistakes, and are in so deep, that it’s best to just start over. Of course, that’s not going to happen anytime soon. However, I still have hope that research into operating systems security can make a big impact in terms of improving end-point security, and reducing our reliance on expensive and ineffective products.

I recently came across a couple of promising projects. The first one, Qubes, is already available in a prototype form. This is an effort by Invisible Things Lab to design and implement a more secure OS. They liberally take advantage of virtual machine technology (and the latest hardware) to isolate one part of the system from all others. Even the networking subsystem runs in its own unprivileged “NetVM.” I think Qubes has a lot of potential, and I really hope it continues to mature.

The second development I read about is really just an idea at this point; it’s an academic research project, and is only now getting started. Using a hefty grant from the National Science Foundation, a professor at University of Illinois at Chicago is going to design and build a security-focused operating system called Ethos. Once again, the plan is to make use of Xen-based virtual machines to enforce isolation.

These attempts at improving the OS are still not hitting the root cause of most security issues (poorly designed software), but they are at least trying to mitigate the damage caused next time your browser’s Flash plug-in gets pwned. I think that’s a step in the right direction, at least until we’re ready to throw in the towel and start fresh with this whole “computing” thing.

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 

Google vs. China

This is a rather interesting development…

Google believes its systems are being attacked by China, in order to gain information on Chinese human rights activists who happen to use Gmail. Well, duh. What prominent company or government isn’t being targeted by Chinese state-sponsored hackers? (Perhaps the nation of Togo.)

The interesting part is Google’s response: a threat to stop doing business in China. That would mean closing its office there, and shutting down Google.cn (the Chinese version of its search engine, with government-friendly censored results). If Google follows through on this threat, it will send a simple message: play nice or we’ll take our ball and go home. Hopefully they will also release more details about the attacks, so that the rest of us can learn to better defend ourselves.

Of course, China’s economy is huge, and the loss of business with one foreign company probably wont have a measurable impact (unless it’s Walmart). However, it’s still a powerful symbolic gesture. If China wants to be treated as a serious member of our modern global society, they need to stop acting like Mongol invaders from the 13th century.

Maybe if more companies took a similar stance (and followed through), then China would rethink its hostile cyber strategies. Or would they just be sneakier about it?

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 

Green text, black background

I tend to do my development using vim, in a terminal window connected to a remote server that looks very much like the production environment. Thankfully, I am not the only one who works this way. Perhaps I’m not crazy after all?

Green text. Black background. I’ll tell you why right now. I’m an old school DOS guy. My first word processor was Wordstar and that’s the word processing program I came to associate with the fugue-like state of maximum productivity: the Zone. This is why I continue to favor colored text on a black background in my current favorite editor, Textmate. The coloring reminds me of an primal safe place where the tool is serving its purpose — to get the hell out of the way so I can go be exponentially more productive.

This is why, as engineers, we stick with something that works for us. This is why the ancient likes of vi and Emacs continue to flourish. Once we find a tool that works for us, once we’ve chosen that tool, it becomes ours and remains ours. It allows us to get foamy.

I’ve had similar experiences with Dreamweaver and other WYSIWYG tools, where they are just too helpful and end up jumbling up my carefully formatted code. To be honest, I never even really liked working in Eclipse, either. It’s just too distracting, and again, too “helpful” for my taste. But like Rands says, to each his own.

via Rands In Repose

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 

Clever malware

A clever piece of bank account-targeting malware was recently discovered. It does the usual task of transferring money out of the victim’s account. But it also has a clever trick to help delay the victim from noticing the missing money. When he checks his bank statement online, the malware-initiated fund transfers will be dynamically removed. Of course, this assume that the victim is checking his account from the previously-infected computer, but it’s still an interesting trick to buy the criminal some more time.

The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.

“The Trojan is hooked into your browser and dynamically modifies the text in the html,” Ben-Itzhak says. “It’s a very sophisticated technique.”

via Threat Level

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon