Walrus operator can inline a block of code into one-liner

Walrus operator, or assignment expression, was introduced into Python at version 3.8. This saves some additional line of assignment in storing-and-checking scenario following evaluations.

However, it also brings the containers data types, such as a list, a step closer to the Turing completeness. Following is a piece of real code:

[d:=get_scans(fn),b:=d[0],c:=d[1],c[np.isin(b,bs)][np.argsort(b)]][-1]

Or, in a more structured format:

[
    d:=get_scans(fn),
    b:=d[0],
    c:=d[1],
    c[np.isin(b,bs)][np.argsort(b)]
][-1]

This performs some additional processing from the result returned by get_scans(fn) and turn the whole thing into a value by extracting the last element of the list. One application of this kind of composite expressions is the possibility of replacing traditional loops with list comprehension. For example, without assignment expressions, we need a loop to collect the data:

r = []
for fn in fns:
    [b,c] = get_scans(fn)[:2]
    r.append(c[np.isin(b,bs)][np.argsort(b)])
r = np.array(r)

Using the walrus operator, we can do it in “one-line” (which is broken down to several lines for clarity):

r = np.array([[
    d:=get_scans(fn),b:=d[0],c:=d[1],
    c[np.isin(b,bs)][np.argsort(b)]
][-1] for fn in fns])

Some may consider this is an abuse of the container types of Python. But, as long as it is used with care, it can help to make elegant code without hindering readability.

Opening Zotero record with a URL

When writing notes for research, it is desirable to have link that can open up citation management software with selected references so that we can easily access our personal entries on the citations.

This can be achieved by using the Zutilo add-on. It provides a menu item “Copy selected item links”. The link is in the form of zotero://select/library/items/XXXXXXXX. It is possible to configure the “mime type” for this protocol so it can be opened by xdg-open or a web browser.

Default values of GL_TEXTURE_MIN_FILTER and GL_TEXTURE_MAG_FILTER

From the documentation available at https://registry.khronos.org/OpenGL-Refpages/gl4/html/glTexParameter.xhtml, the default or initial values are:

GL_TEXTURE_MIN_FILTER = GL_NEAREST_MIPMAP_LINEAR
GL_TEXTURE_MAG_FILTER = GL_LINEAR

This makes glGenerateMipmap necessary after glTexImage2D. Otherwise, the texture rendering will not work properly.

Saving from pickle.dumps to h5py

Saving a chunk of pickled data to a h5py dataset with following code result in “ValueError: VLEN strings do not support embedded NULLs”. 

a = [1,2,3,4,5]
with h5py.File('test.h5','a') as f:
	f['a'] = pickle.dumps(a)

This can be worked around with, e.g., “np.string_”:

a = [1,2,3,4,5]
with h5py.File('test.h5','a') as f:
	f['a'] = np.string_(pickle.dumps(a))

To load it back:

with h5py.File('test.h5','r') as f:
	a = pickle.loads(f['a'][()])

I am not aware if there is any problem with this approach.

Dovecot 2.3.18 failed to load certificate with OpenSSL 3.0

This problem prevents user login with SSL to the Dovecot IMAP server. The errors in the journal look like this:

... imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:25066067:DSO support routines:dlfcn_load:could not load the shared library: filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory, error:25070067:DSO support routines:DSO_load:could not load the shared library, error:0E07506E:configuration file routines:module_load_dso:error loading dso: module=providers, path=providers, error:0E076071:configuration file routines:module_run:unknown module name: module=providers: ...

A fix/workaround was found at Bug#1011051: libssl3: upgrade to libssl3 broke my dovecot setup. By commenting out the line “providers = provider_sect” in the configuration file “/etc/ssl/openssl.cnf”, the service is restored. Hope this will be resolved properly in the near future.

Authenticate through Client Certificate

This post documents how to setup using a client certificate in accessing a private web page.

The involved components are as follows:

  • Web server: Apache 2.4
  • Browser: Firefox 98

Steps:

  1. Generate CA certificate: see the previous post
  2. Configure web server to require client certificates signed by the CA
    • Add SSLVerifyClient require to the protected Location
    • Add SSLCACertificateFile to point to the CA certificate
  3. Generate a personal certificate: also described in the previous post
  4. Sign the personal certificate with CA certificate: ditto
  5. Import personal certificate into browser
    Settings → Privacy & Security → Certificates → View Certificates… → Your Certificates → Import…
  6. Configure browser to enable post-handshake authentication (Only needed if you get “…Cannot perform Post-Handshake Authentication” error. Usually happens when securing only a sub path instead of the entire server.)
    For Firefox (98)
    1. Go to the URL about:config
    2. Find and enable security.tls.enable_post_handshake_auth
  7. All set! Go ahead and test it out…

Self-signed CA certificate

It’s useful for signing certificates for internal use. Here is a quick way for setting up a self-signed CA using the openssl command in Linux.

mkdir ca
cd ca
openssl req -nodes -new -x509 -keyout ca.key -out ca.crt -subj "/C=TW/ST=Taiwan/L=Taipei/O=ccdw.org/OU=sam/CN=sam.ccdw.org/emailAddress=root@sam.ccdw.org"

Server certificate

To create a server certificate signing request along with a new server key:

openssl req -nodes -new -keyout server.key -out server.csr -subj "/C=TW/ST=Taiwan/L=Taipei/O=ccdw.org/OU=server/CN=server.ccdw.org/emailAddress=server@ccdw.org"

To sign the server certificate:

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650

The resulting key can certificate of the server can be combine into a PEM file:

cat server.key server.crt > server.pem

Client certificate

To create a client certificate signing request along with a new client key:

openssl req -nodes -new -keyout client.key -out client.csr -subj "/C=TW/ST=Taiwan/L=Taipei/O=ccdw.org/OU=client/CN=Good Client/emailAddress=good@client.ccdw.org"

To sign the client certificate:

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAserial ca.srl -out client.crt -days 1000

The browser usually needs the certificate in PKCS#12 format. To convert the format of the certificate:

openssl pkcs12 -export -out client.pfx -inkey client.key -in client.crt

The .pfx file can then be imported into a browser.