Yes, you articulated what I think often when I read a tpt post. Enjoy the casual writing but feel like I’m frequently left out of the joke.
I understand all these concepts in general but looking at a block of code… I’m supposed to 1) know if it’s serious/not and 2) he’s being sarcastic about it not.
I even know Python well but the whole post is so “inside baseball” am not sure what to think. Guessing the bulk of the audience is not grizzled security engineers.
(I’d recommend another summary/details tag to put the grandparent explanation directly into the fly post.)
I read your related piece a few years ago but apparently didn’t retain much, due to not using it every day. Knowledge went out to backup tape.
So, come to yesterday’s piece. I remember the abbev. HMAC but have to look it up. Didn’t get the use case. No idea what attenuation meant in this context… thought of sound and plowed ahead. Gave up by the middle of the piece, lost.
But, then saw the link to the old piece, and read it top to bottom. Ok, now I get it! Reread and got the second piece. Understand finally but still not entirely clear why you were dissing your work.
Read another related piece on why json and xml are discredited for this kind of work.
Often upfront in a piece the author will say read this first, define some jargon, and “why’s”. (The why is often what I care about most.) These go well with the details/summary tags. Well, looks like you used a button for that but same idea.
Experienced dev here but haven’t just spent two years building an iam system. Slightly more acknowledgment of that upfront would work wonders.
The only unserious code in this post, for what it's worth, is a couple functions that make an authenticated stream cipher out of HMAC, because the Python standard library doesn't have an encryption function that I could find.
Ok, don’t believe there’s full encryption because it changes often and better to let the community experts handle. (Besides the ancient crypt module.)
But the recent secrets module might have some building blocks you could use.
This whole thread reminds me of a Hollywood sequel—need to spend ten minutes regurgitating the backstory to an audience who maybe saw the movie two years ago.
I understand all these concepts in general but looking at a block of code… I’m supposed to 1) know if it’s serious/not and 2) he’s being sarcastic about it not.
I even know Python well but the whole post is so “inside baseball” am not sure what to think. Guessing the bulk of the audience is not grizzled security engineers.
(I’d recommend another summary/details tag to put the grandparent explanation directly into the fly post.)