Wikipedia:Reference desk/Archives/Computing/2017 August 27

= August 27 =

Twitter API and Python libraries
I want to make a bot to generate an image and post it to Twitter, once an hour. There are several Python libraries that wrap the Twitter API. In most of the tutorials I've found, the recommended library is tweepy, which I can't install: pip tries to remove and replace a Py2~Py3 compatibility library, six, and gives up when that fails.

tweepy has a post function that takes as arguments a string (the tweet text) and the name of an image file; all the other libraries I've looked at would require me to upload the image, get back its cloudy address and send it with my post.

My question: is tweepy's text-plus-image function a wrapper for that roundabout sequence of actions, or something more direct that the API allows but for whatever reason the other libraries don't do? —Tamfang (talk) 06:09, 27 August 2017 (UTC)

Passwords
In principle, if some computer-stored info is password-protected, is there absolutely no way it can be accessed without the password? --Heavetarim (talk) 21:36, 27 August 2017 (UTC)


 * Not true. There are many possible ways to access supposedly "secure" data.  There could be a back door the programmers added.  The encryption method can be broken.  Or the password can be broken, perhaps with a brute-force attack.  Then there can be phishing attempts, where the bad guys simply ask you to supply to hidden info, pretending to be somebody else who really needs that info.  Also, if they have access to the email account you used to set up an account, they can request a password reset, get the email sent to your email address, and then reset the password. StuRat (talk) 21:39, 27 August 2017 (UTC)


 * Let me elaborate. If some data is stored electronically, is it, in any form, physically inscribed where it's stored, and can one obtain it therefrom, without getting, guessing or resetting the password? --Heavetarim (talk) 22:31, 27 August 2017 (UTC)
 * Impossible to say. It may be stored:
 * on a system that only responds to external queries with the password (i.e. a web server),
 * in a system that is "locked" by a password (a computer that is only accessible with the password) - physical access to such often allows it to be bypassed,
 * or stored in an encrypted form that needs to be decrypted by the password,
 * or may be stored in a system that is never accessible at all (but may respond to challenges about the data) - some smartcard systems
 * or may be stored in a hashed form that cannot be retrieved at all, but is a robust proof that the data was once there. - a sophisticated version of a receipt with only the last few digits of a charge card.
 * Then each of these also needs to secure the password itself.
 * Attacks are rarely direct. Far more often the system is "evaded" rather than broken. An error is found in its implementation, or the password is guessed, or the data storage is very secure but the password checking is weak, or there's also a "test" password that shouldn't work but does. It's a vast subject. Andy Dingley (talk) 22:41, 27 August 2017 (UTC)


 * https://imgs.xkcd.com/comics/security.png &#40;&#40;&#40;The Quixotic Potato&#41;&#41;&#41; (talk) 23:19, 27 August 2017 (UTC)


 * And more likely yet is phishing: "We're your service provider, and we need to verify your password for security reasons, enter it here: ________". StuRat (talk) 12:33, 28 August 2017 (UTC)