Reader

When frontend kills the server

For the last few days, eventyay production server(instance of open event server) was crashing. We suspected a bad actor doing DOS attack on the server. After days of debugging, we found the culprit. It was US!

Humein to apno ne loota, ghairon mein kahan dum tha...

Another problem with providing a lot of power with JSON:API is that it comes with a lot of responsibility on client side. A client can easily self DOS server with queries which it thinks are innocuous. This is what admin search does now.

First of all, it sends search filter events on every keystroke, an issue for which is already opened #3532

But that is not the main issue. Let's say I search for fossasia. This is the query it'll send to the server:

https://<server>/v1/events?filter=[{"name":"name","op":"ilike","val":"%fossasia%"}]&get_trashed=true&include=tickets,sessions,speakers,owner,organizers,coorganizers,track-organizers,registrars,moderators&page[number]=1&page[size]=10"

See any problem? It requests the tickets, the sessions, the speakers, organizers,coorganizers,track-organizers,registrars,moderators of the event with the event itself. Just to render this:

Why anybody thought of this as a good idea is beyond me. This is already so bad that I was shocked. But OK, at least the page size is set to 10. How much data it could possibly fetch? Right?

This is the response:

700 nodes in included! 700. The response is 400 KB and the request takes 30 seconds to complete. 30 seconds It's a relief there are not a lot of events with a lot of speakers and sessions, or you could cook and eat instant ramen before the request completes.

But it's just one request, right? Because of this request, every other request, requests of even 70 bytes are slowed down because the server is pummeled.

So what is happening? Apparently, JSON:API spec doesn't talk about restricting included items in the payload. Or the library used in server is poorly written, but basically, the results are limited to 10, but included items contain every single ticket, session and speaker in all the filtered 10 events!!! Every . single . one Just imagine the poor database. No wonder the server crashes so frequently.

Hundreds of speakers and hundreds of sessions are fetched and serialized and sent to frontend to render the above row for an event. And the fact that frontend does that on every keystroke doesn't help anything, just makes it countless times worst. The web has no notion of canceling web requests, what is sent is sent. If you write FOSSASIA, now 8 requests are sent for each appending letter and the database and server are busy fetching 700 items for each request when it won't even be used. So, 7 out of 8 queries are useless.

That's why people hate ORMs, they allow such easy access to the database, that it becomes very easy to overfetch things in an incredibly inefficient fashion. Ember Data is an ORM, but a thousand times worse, because when it makes things easy to fetch(shoot yourself in the foot), the impact is not just of overfetching of data from DB (300~500 ms), it is going over the network and pummelling the DB, serializing thousands of items and then rendering a row (30 seconds), and crashing its own server.

I don't even know how to prevent it. This is a high priority issue for frontend to not fetch anything other than the event for admin search, but JSON:API is essentially a time bomb in the server, anyone can use the above query to take down the server and no amount of rate limiting can help when a single query can become a DOS vector. The only thing I feel can fix this is to patch the flask-json-restapi library to not include more than 10 items, but it'll definitely break a lot of stuff, on both the site and apps.

Simply speaking, don't use include for one to many relationships, use specific endpoints to use paged data. So, if you want to get speakers, don't use event/1?include=speakers. Use /event/1/speakers which is automatically paginated.

If the queries become more problematic, we'll have to disable included feature for one to many relationships. Because we don't want to send 1000 speakers if there are 1000 speakers, and there is no way to paginate on included data AFAIK. If I am wrong on any point, please let me know.

Hi everyone, As I have talked about Basics of Python in my previous blog now in this I would like to tell about some other exciting features of python and going to build an ID Generating System. The topics which I am going to discuss hear are given below: 1. What is a module and how to import functions from a module in Python? 2. Functions in Python 3. Files in Python 4. How to store the password securely using Hashing Function 5. Create an ID Generating System 6. Make a user-friendly command-line interface using argparse module.

1. What is a module and how to import functions from a module in Python?

A module is a python file containing functions definition and executable statements. If we want to use any function which is defined in another module than importing that function is required. We can import by two methods:- a. By importing only the module: Syntax:

import module_name
module_name.function_name()

For taking a password as an input we can use getpass module which has a getpass function that hides the data on the screen that the user enters. Ex:

import getpass
getpass.getpass("Enter the password") 

b. By only Importing function from that module Syntax:

from module_name import function_name
function_name()

Ex:

from getpass import getpass
getpass("Enter the password") 

2. Function in Python: When we want to do a particular task again and again then, it would be better to write a function to perform that task. The function provides modularity and reusability of the code. Functions can be of two types: a. Build-In Functions: The functions which are inbuilt in python like print(). b. User-Define Functions: The functions which we create. Syntax:

def function_name( parameters ):
    function_suite
    return [expression]

3. Files in Python: The file is a way of storing the information which we required later. a. Open the file: Syntax:

fopen = open (file_name  [, access mode] [, buffering])

Some common access mode:     r = Read-only mode, the file pointer is at the beginning. (Default mode of a file)     w = Write mode, the file pointer is at the beginning. If a file is not available then it creates a file.     a = Append mode, the file pointer is at the end of the file.

b. Write in the file: Syntax:

fileObject.write(string)

c. Read from the file: Syntax:

fileObject.read( [count] )

d. Close a file: Syntax:

fileObject.close()

4. How to store the password securely using Hashing Function: Python has a library 'hashlib' which consists of much popular hash function some of which are md5, SHA1, SHA2, SHA256, etc. Ex:

from hashlib import sha256
print(sha256(b'<yourstrongpassword>').hexdigest())

But if you are taking the password from the user and want to store in the hash form than you should encode it like as: Ex:

from hashlib import sha256
pass = input("Enter your password: ")
print(sha256(pass.encode()).hexdigest())

5. Create an Id Generating System:

The link to the source code of this system is: https://notebooks.azure.com/arifanafees99/projects/id-generating-system .

6. Make a user-friendly command-line interface using argparse module: The source code is given below:

from hashlib import sha256
import argparse

def auth(password):
    new_pass = sha256(password.encode('utf-8')).hexdigest()
    with open('password.txt', 'r') as f:
        correct_password = f.readline()
    f.close()
    if correct_password == new_pass:
        return True
    return False


parser = argparse.ArgumentParser()

parser.add_argument("my_pass", help="Enter the password")
parser.add_argument("--name", help="Enter the name", type=str)
parser.add_argument("--course", help="Enter the course", type=str)
parser.add_argument("--enroll", help="Enter the enroll", type=str)
parser.add_argument("--faculty_no", help="Enter the faculty number", type=str)
parser.add_argument("--hall", help="enter the hall name", type=str)
parser.add_argument("--faculty", help="Enter the faculty", type=str)
parser.add_argument("--change_admin_pass", help="Enter the new password", type=str)

args = parser.parse_args()
r = auth(args.my_pass)

if r == 1:
    print("Welcome admin")
    u_list = []
    u_list.append(args.name)
    u_list.append(args.course)
    u_list.append(args.enroll)
    u_list.append(args.faculty_no)
    u_list.append(args.hall)
    u_list.append(args.faculty)

    print("Student Details are:-")
    for x in range(len(u_list)):
        print(u_list[x])

    print("Your change password:")
    print(args.change_admin_pass)

    if args.change_admin_pass != None:
        admin_new_pass = args.change_admin_pass
        hashed_password = sha256(admin_new_pass.encode()).hexdigest()
        print(hashed_password)
        with open('password.txt', 'w') as f:
            f.write(hashed_password)
        f.close()

else:
    print("Incorrect Password!!")

Thanks, Arifa Nafees

Hey folks! It's me again – Zahid Hussain, i guess i won't need much introduction if you have read my other posts! The Python session was conducted on 22 September 2019 by Rahul Bhai. This particular session was a little hard(nothing that we can't understand, right?) from the previous one, our main aim of the session was to make an ID generation system with authentication system. In layman's terms – Authentication is the process of determining whether someone or something is, in fact, who or what it declares. Authentication can involve highly complex and secure methods or can be very simple. The simplest form of authentication is the transmission of a shared password between entities wishing to authenticate each other.

Rahul bhai first told us about loops – if we sometimes want to do something repeatedly, or for a number of times, or for a number of things, we use loops and they make our life easier. 1) While loop – while loop is used to execute a block of statements repeatedly until a given a condition is satisfied. And when the condition becomes false, the line immediately after the loop in program is executed. syntax :

while condition:
    statement1
    statement2

example :

n = 0
 while n < 11:
     print(n)
     n += 1

Pro tip : We generally use a while loop, when we don't know how many times exactly does the loop need to run.

2)For loop – A for loop is used for iterating over a sequence (that is either a list, a tuple, a dictionary, a set, or a string). P.S : lists are basically arrays which are a structured way of storing stuff. example :

fruits = ["apple", "banana", "cherry"]
for x in fruits:
  print(x)

We then move onto special inbuilt functions. 1) len function – The len function returns the length of anything. example :

a = [ 1, 342, 223, 'India', 'Fedora']
print(len(a))

2)range function – The range function returns a sequence of numbers, starting from 0 by default, and increments by 1 (by default), and ends at a specified number. example :

x = range(6)
for n in x:
  print(n)

Then we learned about reading/writing to files. One way of reading from a file is by using a while loop. example :

with open('test.txt') as f:
    text = f.readline()
print(text)

To write to a file :

with open('python.txt', 'w') as f:
    f.write('Python's the best!!')

There are other functions as well for this – f.read(), f.readlines(). The main difference between readline() and readlines() is : readlines() – reads all the lines and put them in 'list'(between these [ ]) and displays them with each line ending with'\n'. readline() – reads a single line from the file; a newline character (\n) is left at the end of the string, and is only omitted on the last line of the file if the file doesn’t end in a newline.

The next order of business was to learn about functions – function is a group of related statements that perform a specific task.Functions help break our program into smaller and modular chunks. As our program grows larger and larger, functions make it more organized and manageable.Furthermore, it avoids repetition and makes code reusable. example :

def my_function():
  print("Hello from a function")

Before we get into actually programming the ID Generation system, there are few important things to learn -

#> isalpha – isalpha() is a built-in method used for string handling. The isalpha() methods returns “True” if all characters in the string are alphabets, Otherwise, It returns “False”.

#> split – split() method returns a list of strings after breaking the given string by the specified separator.

#>PIP – PIP is a package manager for Python packages. A package contains all the files you need for a module. Modules are Python code libraries you can include in your project.

#> Vulture – It's a tool to automatically find which part of your code is unused. To install vulture (type the code in terminal) :

pip install vulture

#> texttable – This is a python library for printing tables in a pretty format. To install texttable (type the code in terminal) :

pip install texttable

#> getpass – getpass() prompts the user for a password without echoing. The getpass module provides a secure way to handle the password prompts where programs interact with the users via the terminal.

#> Hashing – Hashing is way of generating a value or values from a string of text using a mathematical function, such that it's (nearly) impossible to find it's inverse, it's like a one way ticket! In python hashlib module implements a common interface to many different secure hash and message digest algorithms. example :

from hashlib import sha256
print(sha256(b'<yourstrongpassword>').hexdigest())

After learning the necessary things, we can move on to the actual code of our ID Generation System :

from getpass import getpass
import hashlib
from texttable import Texttable
from hashlib import sha256
hashed_pass = sha256(b'yourstrongpassword').hexdigest()
with open('hashed_password.txt', 'w') as f:
    f.write(hashed_pass)
LOGO = r"""

 █████╗███╗   █████╗   ██╗     ██████╗██████████████╗
██╔══██████╗ ██████║   ██║    ██╔═══████╔════██╔════╝
█████████╔████╔████║   █████████║   ████████████████╗
██╔══████║╚██╔╝████║   ██╚════██║   ██╚════██╚════██║
██║  ████║ ╚═╝ ██╚██████╔╝    ╚██████╔██████████████║
╚═╝  ╚═╚═╝     ╚═╝╚═════╝      ╚═════╝╚══════╚══════╝

"""
def validate_name(name):
    for part in name.split():
        if not part.isalpha():
            return False
    return True
def take_name_input(prompt):
    name = input(prompt)
    while not validate_name(name):
        print("You did not enter the name correctly, please try again!")
        name = input(prompt)

    return name
def print_id(u_info):
    table = Texttable()
    table.add_rows([[f"{LOGO} \n MEMBER - {u_info[0]}"],
                    [f"Slack Username: {u_info[1]}"],
                    [f"MOTHER'S NAME: {u_info[2]}"],
                    [f"FATHER'S NAME: {u_info[3]}"]
                ])
    print(table.draw())
def read_hash(filename):
    with open(filename, "r") as f:
        hash = f.readline()
    return hash
def authenticate(password):
    correct_hash = read_hash("hashed_password.txt")
    hashed_password = hashlib.sha256(password.encode('utf-8')).hexdigest()
    if hashed_password == correct_hash:
        print("[INFO] Successfully authenticated!")
        return True
    print("Authentication failed! You cannot print ID")
    return False
def get_user_info():
    u_info = []
    u_info.append(take_name_input("Name of applicant: "))
    u_info.append(input("Slack username: "))
    u_info.append(take_name_input("Mother's name: "))
    u_info.append(take_name_input("Father's name: "))
    return u_info
def main():
    password = getpass("Enter admin password: ")
    if authenticate(password):
        u_info = get_user_info()
        print_id(u_info)
if __name__ == '__main__':
    main()

#> append function – It is used to add something to the end of the list.

Before executing code, Python interpreter reads source file and define few special variables/global variables. If the python interpreter is running that module (the source file) as the main program, it sets the special name variable to have a value “main”. If this file is being imported from another module, name will be set to the module’s name. Module’s name is available as value to name global variable. A module is a file containing Python definitions and statements. The file name is the module name with the suffix .py appended.

Hi everyone. I wanted to state my experience on how I attended the second session of python conducted by Rahul Bhai. Well, to begin, we were first introduced to the idea of loops, namely, the while and the for loop. Then we were taught about lists, functions, how do we access files in python, how we read them, overwrite them, and how we add lines into the files. I forgot to mention, were going to build an Id-Generator, and apparently all these concepts were to be known in building it. So, what it does is, first takes the password from the user and then, takes the input of all the information. Then, it had to print all the information given to it in a tabular form, also with a logo on the top :–). So, since we needed to input password to the program, Rahul Bhai introduced getpass() function, how we implement them, and how useful they can be. We also got to know how to verify a given a string, whether it consists only of characters or not, for getting the name in a flawless manner. Hence we were also introduced by the split() function and the isalpha() functions. We were also taught about how the password can be stored in a more secured manner(using hashlib). We were also introduced to the fstrings, append, len, range, textable.

All of this was covered in one day(5 hours to be exact). At first, I didn't have a stable internet connection in my house, so the session was lagging every 15 minutes or so. So, I couldn't make my own program side by side. When the session was going on, I decided just to understand the topics, then afterwards i'll make it on my own. So, after the session ended, I just wrote down all the things taught Brother Rahul in the sessions, then made a program on my own, with the help of the notebook Rahul Bhai provided in the end.

So the program was made finally and, just can't wait for the next session.

Another Python Session by Rahul Jha- HEY EVERYONE! I am here again to discuss about the another python session which was taken by Rahul Bhai. In this session he introduced a mini project to us named , “ID Generation System with Authentication”. Let's Start.

Here first question arises “hey,why do we need authentication?” So as we all know In all departments we have some selected people for some work , just think that we have some selected people and only they can make ID's. Here , you have to enter your password and authenticate it so after than you can enter your details of that person which you want to make ID and ID get printed on acreen and if password is wrong , you can get an error message.

In this project we discussed some topics which would used in our project 1. Looping 2. Lists 3. Read/Write some thing from/to a file 4. Functions 5. Hashing 6. Final Showdown

1. Looping Basically, We all know that looping is that we want to do somethong repeatedly . So python has two loops while and for loops While Loop - while condition : statement 1 statement 2 For Loop - for number in range(90,101): print(number/10) here loop runs from 90 – 100 because range function doesn't count last number . Basically for loops operate mainly on the lists.

2. Lists - If you have some basic programming knowledge then you may be familiar with arrays . In python we called arrays as Lists but it does similar work as arrays. Here we can use different data types in the lists a = [1, 342, 24.3 , 'India' , 'Fedora'] and now we will use for loop to print this array - for element in a : print(element)

3. Read/Write some thing from/to a file – In Python , if you have a file(of any type) and you want to read data from it or write something to it then we have to follow “with” statement and whole code will look like this- with open('data.txt') as f: text = f.readlines() print(text) This code will read that file and stores it's content into text so we can use it in our code later whenever we need. Here readlines() is a function which read the data inside it we have some another functions like read(), readline(), write() , write() function is used to write something in new file or overwrite the existing information inside file. Sometimes we can pass different arguments to 'open statements' like 'w' , 'a' , 'r' , etc. r – read mode to read the file w – write something in the file a – append , it means if some data already inside in file so with this argument you can add something in it. For Example – with open('data.txt' , 'w') as f : f.write('Jerry')

4. Functions – Function is just a piece of code which we used in our program for increasing the efficiency in our program . Functions reduces duplicacy in our program which means we have to define function one time and we will use it just by calling this function. In Python the way of define function in Python by following syntax- def function_name(arg1,arg2) print(..........) return(.........) here return statement will return the value of function to where the function calls in our code. If we wouldn't write the return statement , the function would still get executed , but it won't give back it's result to us. We will use the functions in our ID Generation System many times in our code. Now we write a function to take input from user and then validate it. Here validation means to check whether the input , user has given to us is correct or not, for example if I ask user for a name so name should be in Alphabets and they enter something like 'nik321@' which is wrong. Here in Python we will use .isalpha() to validate the name. So our code will looks like this - def validate_name(name): for part in name.split(): if not part.isalpha(): return False return True Here if we enter our name (Nikhil Upadhyay) and validate with .isalpha() it will gives us False because of Space between name so we used .split() in our code . Now we now about functions so our first step of project is authentication i.e.. we want user to enter password which we can compare with correct password and authenticate it . Here's One thing we should know that when you enter password in other websites , password would not appear on screen so Python has in built library for this it's called 'getpass' and in this library there is function getpass which we need to use here . from getpass import getpass password = getpass('Please Enter your password :') Here's the problem that password is save in our file which is stored in our system if someone have access to our system and find this file so he/she can read the password easily.

5. Hashing - To prevent the above problem we will use hashing technique. Hashing is a way of generating a value or values from string of text using a mathematical function and it is nearly impossible to reverse this process. There are many popular hashing functions , some of them are md5, SH1, SHA2, SHA256,etc. So now here's a question ' How can we use this process in our code?' Actually in Python we have another library for hashing named 'hashlib' . For example - import hashlib hashed_pass = hashlib.sha256(b'NIkhil696').hexdigest() with open('data.txt', 'w') as f : f.write(hashed_pass) here 'b' converts the string into the byte code which can understand by hash library and we can also use encode function e.g. - NIkhil696.encode(utf-8)

Our full authentication code will look like this -

import hashlib def authenticate(password): hashed_pass = hashlib.sha256(password.encode('utf-8')).hexdigest() with open('hashed_password.txt', 'r') as f: correct_hash = f.readline() if hashed_pass == correct_hash: return True return False password = getpass('Please Enter your Password : ') authenticate(password)

1. Final Showdown- Now our authentication is completed but one more thing we should know that how to install pip libraries in python so in Python we have to write the name of library and write the pip command . For Example – `pip install vulture vulture is a name of pip library which is used to find the unused code in our python . So now we know how to install pip library.

Now we have print the ID on our screen and we could print the ID in the single-column table which prints our ID nicely. We have another library called ' texttable' in Python which prints tables in a pretty format. First of all we have to install library by using command pip install texttable`` and then our will looks like this for printing the table - from texttable import Texttable

table = Texttable() table.add_rows([[“MEMBER – Nikhil Upadhyay”], [“Slack Username: Nikhil”], [“MOTHER'S NAME: Mrs. Sucheta Upadhyay”], [“FATHER'S NAME: Mr. Vijay Upadhyay”] ]) print(table.draw()) ```

Now we are familiar with tables so After combining all of these topics we could make our ID generation system and it would look like - +———————————————————————————–+ | | | | | █████╗███╗ █████╗ ██╗ ██████╗██████████████╗ | | ██╔══██████╗ ██████║ ██║ ██╔═══████╔════██╔════╝ | | █████████╔████╔████║ █████████║ ████████████████╗ | | ██╔══████║╚██╔╝████║ ██╚════██║ ██╚════██╚════██║ | | ██║ ████║ ╚═╝ ██╚██████╔╝ ╚██████╔██████████████║ | | ╚═╝ ╚═╚═╝ ╚═╝╚═════╝ ╚═════╝╚══════╚══════╝ | | | | | | MEMBER – Nikhil Upadhyay | +=======================================================+ | Slack Username: Nikhil Upadhyay | +———————————————————————————–+ | MOTHER'S NAME: Mrs. Sucheta Upadhyay | +———————————————————————————–+ | FATHER'S NAME: Mr. Vijay Upadhyay | +———————————————————————————–+

So this is all about the discussion , after that he asked a question - why we used if __name__ == '__main__' : main() instead of calling main() directly so here's my answer – Whenever Python run a file it first goes through before runs any code and set a few special variables. name is one of those special variables and when python runs a python file directly it sets to name variable equals to main and that's we were doing here we are running this code directly and when we run the code through the import module it sets the name variable to the name of the module . That's we used if condition to check the we don't run this code by import module and it runs directly

The clock ticked 2 AM.

I had been thinking about life for a while now – just fumbled thoughts about where I had come, where I started, and quite expectedly, Omar Bhai, your name popped in.

The stream continued. I started thinking about everything I've learned from you and was surprised with merely the sheer volume of thoughts that followed. I felt nostalgic!

I made a mental note of typing this out tomorrow and putting it up on my blog.

I wanted to do this when we said our final goodbyes and you left for the States, but thank God, I didn't – I knew that I would miss you, but never could I have guessed that it would be so overwhelming – I would've never written it as passionately as I do today.

For people who don't already know him, here's a picture:

I'm a little emotional right now, so please bear with me.

You have been warned – the word “thanks” and “thanking” appears irritatingly often below. I tried changing, but no other has quite the same essence.

How do I begin thanking you?

Well, let's start with this – thanks for kicking me on my behind, albeit civilly, whenever I would speak nuisance – all the prejudice and chauvinism. I can't thank you enough for that!

I still can't quite get how you tolerated the bigot I was and managed to be calm and polite. Thanks for teaching me what tolerance is!

Another thing which I learnt from you was what it meant to be privileged. I can no longer see things the way I used to, and this has made a huge difference. Thank You!

I saw you through your bad times and your good. The way you tackled problems, and how easy you made it look. Well, it taught me [drum roll] how to think (before acting and not the other way round). Thanks for that too!

And, thanks for buying me books, and even more so, lending away so many of them! and even more so, educating me about why to read books and how to read them. I love your collection.

You showed all of us, young folks, how powerful effective communication is. Thanks again for that! I know, you never agree on this, but you are one hell of a speaker. I've always been a fan of you and your puns.

I wasn't preparing for the GRE, but I sat in your sessions anyways, just to see you speak. The way you connect with the audience is just brilliant.

For all the advice you gave me on my relationships with people – telling me to back off when I was being toxic and dragging me off when I was on the receiving side – I owe you big time. Thanks!

Also, a hearty thank you for making me taste the best thing ever – yes, fried cheese it is. :D

Thanks for putting your trust and confidence in me!

Thank you for all of this, and much more!

Yours Truly, Rahul

P.S.: For the original version of the article, please visit https://rj722.github.io/articles/19/panegyric-omar-bhai

HEY FOLKS I APOORVE GOYAL (student of 1st year Computer Science B.Tech) is here again to give a short overview of the second session on ‘PYTHON’ by Rahul Jha bhai on 22nd September. In the previous session we became familiar with basics of PYTHON language and if-else statement.With all the doubts cleared , we were then introduced to the project we were going to work upon i.e. ID GENERATOR SYSTEM. Session started at 2:00 PM sharp with our Roll calls and a quick recap by Rahul bhai of what we learned in the previous session. Overall,four topics that we covered were : 1. Looping(‘while’ and ‘for’ loops) 2. Reading/Writing from/to a data file 3. User-defined functions 4. Logging in (for ID Generation) Topic 1: We were introduced to ‘for’ and ‘while’ loops along with examples such as, printing of Fibonacci sequence which you can find in this link https://pymbook.readthedocs.io/en/latest/looping.html. Topic 2: We had a discussion on reading and writing files with open('test.txt') using predefined functions : f.readline() and f.readlines(). Topic 3: Next we moved on to functions,in particular the user defined functions. We discussed how to use inbuilt functions and to install libraries from outside as pip(Python Installer Package) !pip install texttable (The ! is only for people using Azure notebooks) and importing functions from libraries as follows: from import Due to lack of time, session was temporarily stopped at 4 PM and continued at 9:30PM again. Topic4: For the ID Generation, we first needed to log in as admin. For that, the password has to be entered and stored in a data file. But we came across two major problems: Problem 1.How to enter password securely? Solution: We got to know that, python actually has an in-built library especially for this – it's called getpass. In the library, there is a function getpass() which we used here by importing it from getpass() module. Problem 2. How to protect passwords stored in databases from crackers? Solution: One of the ways we learned is ‘Hashing’ the passwords. Hashing is way of generating a value or values from a string of text using a mathematical function, such that it's (nearly) impossible to find it's inverse. It is different from encryption though – You can read the difference here ,as provided by Rahul bhai– https://stackoverflow.com/a/4948393/6426752 After successful login , we also had to take care of the way we get the name from the user and checking if it is of correct format or not,using ‘isaplha()’ function.This function gives a True value if there are only alphabet in the string. Printing process: Finally,We had to print the ID in a single-column tabular form. So we used 'texttable' library for the purpose,and took following intakes: Name, Slack Username, Mother's name and Father's name.With a well elaborated procedure,and following a neat and cool framework we generated our very first ID as: +————————————————————————————————————+ | |

| | | █████╗███╗ █████╗ ██╗ ██████╗██████████████╗ | | ██╔══██████╗ ██████║ ██║ ██╔═══████╔════██╔════╝ | | █████████╔████╔████║ █████████║ ████████████████╗ | | ██╔══████║╚██╔╝████║ ██╚════██║ ██╚════██╚════██║ | | ██║ ████║ ╚═╝ ██╚██████╔╝ ╚██████╔██████████████║ | | ╚═╝ ╚═╚═╝ ╚═╝╚═════╝ ╚═════╝╚══════╚══════╝ | | | | | | MEMBER – APOORVE GOYAL |

+============================================================+ | Slack Username: Apoorve Goyal | | | +————————————————————————————————————+ | MOTHER'S NAME: POOJA GOYAL | | |
+————————————————————————————————————+ | FATHER'S NAME: NAVIN KUMAR GOYAL |
+————————————————————————————————————+

After completing this project we were given assignment for improving our hands-on experience and the session concluded.

Hi everyone!

I am Mohammad Abdullah, a second year Electronics Engineering student and this blog is about the session on python which Rahul Bhai conducted on 22 September. The session was a very nice one, Rahul bhai was very good in explaining us the concepts due to which I got a great help in understanding the topics being taught.

The session was started with a quick revision of the part covered in the previous one. Then, we were told the project to be done, i.e, the ID Generation System. For this purpose, we learnt four aspects of Python Programming:

1. Loops ('while' and 'for') 2. Reading/Writing from/to a data file. 3. User-defined Functions 4. Hashing

First, we learned about the 'while' and 'for' loops and their application in python. For the ID Generation, we first need to log in as admin. For that, the password has to be entered and stored in a data file. There were 2 issues associated with it:

1. How to securely enter the password 2. How to keep the password in the data file safe from being stolen.

The first issue was solved by using the getpass() function from the getpass() module which we included in the Python library. The other issue was resolved by using the 'Hashlib' library for Hashing the password, i.e., storing an 'encrypted' version of the password in the data file.

Now, when the admin has successfully logged in, then comes making an ID. We wanted to print the ID in a single-column tabular form. So we used 'texttable' library for the purpose. Also, we needed to verify that the name being entered is a valid one not a mixture of alphanumeric and special characters. For this, we used 'isalpha()' function which gives True value if there are only alphabets in the string.

Our ID generation system consisted of 7 functions which we defined: 1. A 'main' function. 2. Function for asking user to enter password. 3. Function for authenticating the user. 4. Function for asking user to enter the ID details. 5. 2 Functions for validating whether the names entered are of correct format. 6. Function to print the ID

After these steps, we got the generated ID as:

+————————————————————————————————————+ | |
| | | █████╗███╗ █████╗ ██╗ ██████╗██████████████╗ | | ██╔══██████╗ ██████║ ██║ ██╔═══████╔════██╔════╝ | | █████████╔████╔████║ █████████║ ████████████████╗ | | ██╔══████║╚██╔╝████║ ██╚════██║ ██╚════██╚════██║ | | ██║ ████║ ╚═╝ ██╚██████╔╝ ╚██████╔██████████████║ | | ╚═╝ ╚═╚═╝ ╚═╝╚═════╝ ╚═════╝╚══════╚══════╝ | | | | | | MEMBER – M Abdullah |
+============================================================+ | Slack Username: M Abdullah | +————————————————————————————————————+ | MOTHER'S NAME: Ayesha Saleem | +————————————————————————————————————+ | FATHER'S NAME: M Saleem Ali | +————————————————————————————————————+

After successfully completing the project, we were given an assignment by Rahul Bhai and the session was concluded.

Hi everyone!

I am Mohammad Abdullah, a second year Electronics Engineering student and this blog is about the session on python which Rahul Bhai conducted on 22 September. The session was a very nice one, Rahul bhai was very good in explaining us the concepts due to which I got a great help in understanding the topics being taught.

The session was started with a quick revision of the part covered in the previous one. Then, we were told the project to be done, i.e, the ID Generation System. For this purpose, we learnt four aspects of Python Programming:

1. Loops ('while' and 'for') 2. Reading/Writing from/to a data file. 3. User-defined Functions 4. Hashing

First, we learned about the 'while' and 'for' loops and their application in python. For the ID Generation, we first need to log in as admin. For that, the password has to be entered and stored in a data file. There were 2 issues associated with it:

1. How to securely enter the password 2. How to keep the password in the data file safe from being stolen.

The first issue was solved by using the getpass() function from the getpass() module which we included in the Python library. The other issue was resolved by using the 'Hashlib' library for Hashing the password, i.e., storing an 'encrypted' version of the password in the data file.

Now, when the admin has successfully logged in, then comes making an ID. We wanted to print the ID in a single-column tabular form. So we used 'texttable' library for the purpose. Also, we needed to verify that the name being entered is a valid one not a mixture of alphanumeric and special characters. For this, we used 'isalpha()' function which gives True value if there are only alphabets in the string.

Our ID generation system consisted of 7 functions which we defined: 1. A 'main' function. 2. Function for asking user to enter password. 3. Function for authenticating the user. 4. Function for asking user to enter the ID details. 5. 2 Functions for validating whether the names entered are of correct format. 6. Function to print the ID

After these steps, we got the generated ID as:

+————————————————————————————————————+ | |
| | | █████╗███╗ █████╗ ██╗ ██████╗██████████████╗ | | ██╔══██████╗ ██████║ ██║ ██╔═══████╔════██╔════╝ | | █████████╔████╔████║ █████████║ ████████████████╗ | | ██╔══████║╚██╔╝████║ ██╚════██║ ██╚════██╚════██║ | | ██║ ████║ ╚═╝ ██╚██████╔╝ ╚██████╔██████████████║ | | ╚═╝ ╚═╚═╝ ╚═╝╚═════╝ ╚═════╝╚══════╚══════╝ | | | | | | MEMBER – M Abdullah |
+============================================================+ | Slack Username: M Abdullah | +————————————————————————————————————+ | MOTHER'S NAME: Ayesha Saleem | +————————————————————————————————————+ | FATHER'S NAME: M Saleem Ali | +————————————————————————————————————+

After successfully completing the project, we were given an assignment by Rahul Bhai and the session was concluded.

Hello everyone! I am Abish Aziz, a student of 2nd year B.Tech Compute engineering from Zakir Husain college of Engineering & Technology, Aligarh Muslim University. This is my first Blog and I will be taking about the lecture session of “PYTHON” by Rahul bhaiya on Slack. After the first session we knew the basic structure of a Python program. We discussed about variables in python, about operators, and also about conditional statements(if – elif – else). So in this session our target was to make an ID generating system, complete with authentication system. For making this system we had to study about: 1. Loops 2. Reading/ Writing something in file 3. Functions 4. Hashing

Then we started with Loops we studied about while loop. while condition: statement1 statement2 We discussed a problem from website link: https://pymbook.readthedocs.io/en/latest/looping.html. We came to know about (a, b = b, a+b) which I never saw in C language. During the discussion, List was also introduced where we can store data of different variables.

Then we started our discussion on reading and writing files using codes. with open('test.txt') as f: text = f.readline() text = f.readline() print(text)

We then discussed about creating functions, and also how to use inbuilt functions such as math function. pip was also introduced to install non-built libraries. And also how to install vulture library and use it.

After that due to shortage of time a next session was organized from 9:30 pm. Our discussion went on to accepting password and python has a special library for accepting passwords(getpass). Then we discussed about hashing. Where instead of storing password as text, we store the hashed value of password (which even if someone sees, they cannot know our password). And finally we came on the topic of printing ID. This topic looked easy but actually was most difficult part of the session. We were told to check the link: https://pypi.org/project/texttable/ We made different functions to authenticate password, to get user information, etc. And called them in our main function in sequence. def main(): password = getpass(“Enter admin password: “) if authenticate(password): uinfo = getuserinfo() printid(u_info)

So After two too long sessions we created an ID generating system.

We were given assignment to replicate our AMU ID Card, tough task but I hope I will complete it.

Thank you Rahul Bhaiya Thank you AMU-OSS....

Let's begin the session

Hi, welcome back everyone!

So, first of all – do you have any doubts from the previous session?

Let's now move ahead to the ID generation system development.

I am gonna go ahead and show you a sample ID I generated for myself using it:

Excited to make this?

Cool, let's begin.

Let's look at step one of the process – we want the user to enter the password, which we can compare with the correct password to know that yes, this is the right person – authenticate them.

okay, so let's go ahead and ask the user to enter the password:

password = input('Please enter your password: ')

You see the problem here?

The thing is that if someone is sitting near them, they can peek over and find user's password. We don't want that to happen. We don't want any text to appear on the screen when the user enters the password. It's similar to how we type in passwords on websites – It's a little inconvenient, but it provides some security.

Python actually has an in-built library especially for this – it's called getpass. In the library, there is a function getpass which we need to use here.

So, we can just do:

from getpass import getpass

password = getpass('Enter admin password: ')

Now that we have the password from the user, we also want the original password – the password which the admin must've set.

Generally, such passwords are stored in databases, but due to brevity, let's assume that this [correct] password is stored in a simple text file (let's say password.txt)

Since, we don't have a mechanism to create such a file, we can just create a sample password.txt with the following code:

with open('password.txt', 'w') as f:
    f.write('<mystrongpassword>')

So, now whenever a user tries to log in, we ask them for a password and we compare it with the password which is stored in this file

The code for it must look something like:

from getpass import getpass

def authenticate(password):
    with open('password.txt') as f:
        correct_password = f.readline()
    if password == correct_password:
        return True
    return False

password = getpass('Enter admin password: ')
authenticate(password)

Now, what is the problem with this approach?

It's very unsafe – the person who finds the computer, can find password.txt and then know the password of the admin (i.e. you).

Even more so, people tend to use same passwords for all their accounts. so, this malicious person might now know the password to their email, facebook, twitter, etc. This is a preposterous way of storing password.

And still, some websites do it!

and one of them is our University! :facepalm:

so, if their servers are breached (which is a very sane possibility), your passwords will be available as such to the cracker.

So, use a different password then what you use on facebook, email, etc. from other sites. We'll have a session on operational security afterwards.

Now, back to this. How can we solve this problem?

One of the ways is hashing the passwords.

Hashing is way of generating a value or values from a string of text using a mathematical function, such that it's (nearly) impossible to find it's inverse.

so, let's say h is our hashing function, then given any string x, we can compute h(x). but, if we have h(x), we can't go back to x.

There are many popular hashing functions. some of them being md5, SHA1, SHA2 , SHA256 (which we would be using), etc.

Don't confuse it with encryption though – You can read the difference here – https://stackoverflow.com/a/4948393/6426752

We can talk about our difference later.

How does this solve our problem?

We can now, instead of storing password as text, store the hashed value of password (which even if someone sees, they cannot get access to our password).

The only question which now remains is – how do we compute these hashes?

Well, Python (and nearly all programming languages) have support for it.

In Python, you can use the hashlib library.

Code would look like this:

from hashlib import sha256

print(sha256(b'<yourstrongpassword>').hexdigest())

Notice the b' here – it's because the sha256 function does not work with normal strings. It only accepts “bytes”. (How did I know this?? – well, I just tried a normal string and it threw an error)

There are two ways of converting any string to bytes: – Just add a b in the start. eg, byte_string = b'rahul jha' – use the encode function, eg, byte_string = 'rahul jha'.encode('utf-8')

Okay, now that we know to generate hashed passwords, let's first write a file hashed_password.txt using the following code:

from hashlib import sha256

hashed_pass = sha256(b'<yourstrongpassword>')
with open('hashed_password.txt', 'w') as f:
    f.write(hashed_pass)

Now, for the authentication system:

from hashlib import sha256

def authenticate(password):
    hashed_pass = sha256(password.encode('utf-8'))
    with open('hashed_password.txt', 'r') as f:
        correct_hash = f.readline()
    if hashed_pass == correct_hash:
        return True
    return False

Okay, our authentication system is complete.

Now, we just want the printing process.

One way I could think of it was to imagine ID card as a single-column table and then find a library which prints tables nicely in Python.

I did exactly that, and after searching around a bit, found texttable – https://pypi.org/project/texttable/.

Reminder, that you can install this library using the command we discussed earlier – !pip install texttable (The ! is only for people using Azure notebooks)

I just followed their example and filled in my data instead, and I could already get a pretty table:

from texttable import Texttable

table = Texttable()
table.add_rows([["MEMBER - Rahul Jha"],
                    ["Slack Username: RJ722"],
                    ["MOTHER'S NAME: Mrs. KJ XYZ"],
                    ["FATHER'S NAME: Mr. RJ XYZ"]
                ])
print(table.draw())

This code (copied from the example on their website) gave me pretty good results:

+---------------------------------+
|       MEMBER - Rahul Jha        |
+=================================+
| Slack Username: RJ722           |
+---------------------------------+
| MOTHER'S NAME: Kumkum Jha       |
+---------------------------------+
| FATHER'S NAME: Rajeev Kumar Jha |
+---------------------------------+

Now, I wanted a cool logo of AMU-OSS, so I went on to duckduckgo and searched for ASCII generator (basically, text logos and not images). The first link pointed towards http://www.patorjk.com/software/taag/#p=testall&h=3&v=3&f=Alpha&t=AMU-OSS

So, I got a cool logo:

LOGO = """

 █████╗███╗   █████╗   ██╗     ██████╗██████████████╗
██╔══██████╗ ██████║   ██║    ██╔═══████╔════██╔════╝
█████████╔████╔████║   █████████║   ████████████████╗
██╔══████║╚██╔╝████║   ██╚════██║   ██╚════██╚════██║
██║  ████║ ╚═╝ ██╚██████╔╝    ╚██████╔██████████████║
╚═╝  ╚═╚═╝     ╚═╝╚═════╝      ╚═════╝╚══════╚══════╝
"""

and then changed the table code to this:

from texttable import Texttable

table = Texttable()
table.add_rows([[f"{LOGO} \n MEMBER - Rahul Jha"],
                    ["Slack Username: RJ722"],
                    ["MOTHER'S NAME: Mrs. KJ XYZ"],
                    ["FATHER'S NAME: Mr. RJ XYZ"]
                ])
print(table.draw())

It prints something like what you saw at the start of the session.

Notice the f before the first string here ^^. These are called f-strings.

f-strings are a very powerful feature of Python3.

Basically, first whenever we had to print a variable in a sentence, we would do something like print("Hello, my name is", my_name). Now, if we had to print it in the middle of the sentence, we'd do this

print("Hello, my name is " + my_name + " and my brother's name is " + brothers_name)

You see this looks bad. Now, with f-strings, we can do:

print(f"Hello, my name is {my_name} and my brother's name is {brothers_name}")

Looks way cleaner.

What's happening here?

Whatever is written inside braces {}, is computed by Python and is then inserted in the string. So, we can do print(f"4 + 5 = {4 + 5}") and we will get:

4 + 5 = 9

It's neat!

Next, back onto our table printing code. Let's sensibly put it in a function. Let's call this function print_id.

Now, let's first think about what will print_id take as input.

Logically, it should take in whatever fields it is printing – Name, Slack Username, Mother's name and Father's name.

But that seems like a lot of parameters, isn't it?

and now, tomorrow if were to say, increase a field on the ID, let's say blood group. Then we will have to also pass it to the function, which is bad!

A better way would be to pass a list of all these things.

so, when we're taking input from the user, we can just put it all together in a list (let's call it user_info), and then send this list to the print_id function.

I've decided beforehand that the first element of the list would be name, second – slack username, then mother's name and finally father's name.

So finally, we can write a function like this:

def print_id(u_info):
    table = Texttable()
    table.add_rows([[f"{LOGO} \n MEMBER - {u_info[0]}"],
                    [f"Slack Username: {u_info[1]}"],
                    [f"MOTHER'S NAME: {u_info[2]}"],
                    [f"FATHER'S NAME: {u_info[3]}"]
                ])
    print(table.draw())

One more thing, before we move forward – We need a function for taking in all the user data and then creating u_info for us.

Let's call it get_user_info. It would actually look something like this:

def get_user_info():
    u_info = []
    u_info.append(input("Name of applicant: "))
    u_info.append(input("Slack username: "))
    u_info.append(input("Mother's name: "))
    u_info.append(input("Father's name: "))
    return u_info

the append function here is used to add something to the list. let me give you an example to make things more clear.

eg. my_shopping_list = ['Supercomputer']

now, if I want to add another thing to my_shopping_list, I can do that by my_shopping_list.append('A good monitor')

try printing print(my_shopping_list) and you'd see that it's been added.

All good?

One more thing, we need to validate the input data, remember?

Earlier, we wrote this function:

def validate_name(name):
    for part in name.split():
        if not part.isalpha():
            return False
    return True

I went ahead and created a function to take user from input continuously until they give me a correct value:

def take_name_input(prompt):
    name = input(prompt)
    while not validate_name(name):
        print("You did not enter the name correctly, please try again!")
        name = input(prompt)

    return name

and now in the get_user_info function, we can replace input by take_name_input whenever we're asking for names (i.e. name, mothers_name, fathers_name) – not slack (as it can have numbers)

So, it becomes:

def get_user_info():
    u_info = []
    u_info.append(take_name_input("Name of applicant: "))
    u_info.append(input("Slack username: "))
    u_info.append(take_name_input("Mother's name: "))
    u_info.append(take_name_input("Father's name: "))
    return u_info

For authentication, we already have our function:

def authenticate(password):
    correct_hash = read_hash("hashed_password.txt")
    hashed_password = hashlib.sha256(password.encode('utf-8')).hexdigest()
    if hashed_password == correct_hash:
        print("[INFO] Successfully authenticated!")
        return True
    print("Authentication failed! You cannot print ID")
    return False

I decided to add a few print statements to help the user know whether the password was correct, or wrong.

Now, let's write the main function.

You all have been writing Python code for the past two sessions, and we are writing a main function for the first time. It's because we aren't required to always have a main function, but it's a good practice to do so.

Notice that the main() function isn't automatically called, like in C, but we have to call it specially at the end:

main()

Let's start writing the main function – take the password, check whether it's correct. If correct, gather user's info and then print ID card. If password not correct, do nothing.

We have functions for all of that. Now, let's just call all of them in our main function.

Let's translate this to Python:

def main():
    password = getpass("Enter admin password: ")
    if authenticate(password):
        u_info = get_user_info()
        print_id(u_info)

and you're good to go.

Pheww, that was a lot. If you're still confused, you can view the whole final code here – https://nbviewer.jupyter.org/github/amu-oss/id_gen/blob/master/id_gen.ipynb

There's just one minor change there, instead of calling main() directly, I use:

if __name__ == '__main__':
    main()

Why?

This is your assignment.

Assignment

• As usual, you'd be writing a blog post about the session – what you learned, what you explored – discuss your journey.

• Find out why do we use

if __name__ == '__main__':
    main()

• Then, you need to explore what are some other ways in which we can print a beautiful card than printing a table.

• Look at your AMU ID Card, and try to replicate it as closely as possible. Try to validate as much data as possible.

Deadline: You need to submit the blog post before Wednesday, 8 PM.

Hello everyone!! I'm Manvi singh from B.Tech 2nd year. It's my blog about the session held on 19th September,in ML-11 ZHCET, taken by Husain Haider Zaidi Bhai on the topic “Coding through College: my journey to Microsoft”. The session was really inspiring. He started by simply explaining about the procedure and steps he followed and then described importance of online coding contest and suggest some resources for us to prepare. He told about why its valuable to keep participating in competition like hackathons and icpc(or other coding competitions) and how we learn from them. He told his experience of very first hackathon which he was not able to complete due to some circumstances but how he learned a lot from there.

He gave us a glimpse of his interview during the competition which was really amazing. He advised us to start learning web development and keep contributing to open source. He told us significance of building your own project and team spirit.

The main thing he said in the end which really hit me hard was – “Don't learn or do something just for building your CV , just do it for your own learning and exposure and just start.”

AND JUST START.....

Hello everyone! I'm Manvi singh from B.Tech 2nd year. So, AMU-OSS the perfect platform I've been looking for a while as a computer engineering student in ZHCET. Actually it's a platform where you have a proper guidance from your senior, so it feels like path become more clear and journey become more interesting. So orientation ceremony is something which ignites a spark in me to start my own journey, when I almost don't know what is to do from here onward. Then the very first session on 11th of september in ML-11 had taken by Rahul jha bhai on his journey through Google Summer of Codes. I feel like GSOC is something not hypothetical but it's real,he went there. He really gave some important advises like: we should use linux, duckduckgo,use github, why we should contribute to open source and most important thing he told us was that we should learn how to ask questions in smart way. As my mindset was it's AMU not IIT, but after the session it feels like if he can do this then why not me. The first online session on SLACK on python was there.I learned about variables and how to use basic functions in there.We solved a quadratic equation and calculate real roots of equation by importing math and using it's some inbuilt function. It was satisfactory. We have given a home assignment for calculating imaginary roots if discernment is negative. So the session on Slack was very cool as we can ask any of our doubts there.

THANKS FOR BEING HERE AMU-OSS.....