Last week, we looked at how to convert between strings of the str data type and strings of the bytes data type using methods in the string class of Python 3.x. Another way that is a bit more straightforward is to simply call the function form of the target data type. So, to convert to str, call

str(<bytes string>, <encoding>)

Similarly, you can make bytes from str with

bytes(<str string>, <encoding>)

For more on the syntax of each, see "Converting str to bytes via Functions" in "A Guide to Text vs Data in Python 3.0".

Recently, 'Sugarmag1991' posed the question in the forum of how to calculate the due date in a lending library system. The extended post has more context. I am not going to answer the question here but encourage you to take a read of the post and answer it if you can. The Python forum is designed for you to help others, so have a go and post your reply.

It is an open secret that the US government is perhaps the largest software customer in the country. If you or your company deal with any government agency, you will be aware of FISMA (Federal Information Security Management Act of 2002). Seeking to bolster the criteria of FISMA, several federal agencies and private companies have released the Consensus Audit Guidelines (CAG). There they list 20 criteria for cybersecurity that need to be implemented in your organisation in order to be FISMA compliant. The list runs as follows:

1. Inventory of authorized and unauthorized hardware.
2. Inventory of authorized and unauthorized software; enforcement of white lists of authorized software.
3. Secure configurations for hardware and software on laptops, workstations, and servers.
4. Secure configurations of network devices such as firewalls, routers, and switches.
5. Boundary Defense
6. Maintenance, Monitoring and Analysis of Complete Audit Logs
7. Application Software Security
8. Controlled Use of Administrative Privileges
9. Controlled Access Based On Need to Know
10. Continuous Vulnerability Testing and Remediation
11. Dormant Account Monitoring and Control
12. Anti-Malware Defenses
13. Limitation and Control of Ports, Protocols and Services
14. Wireless Device Control
15. Data Leakage Protection
16. Secure Network Engineering
17. Red Team Exercises
18. Incident Response Capability
19. Data Recovery Capability
20. Security Skills Assessment and Appropriate Training To Fill Gaps

Obviously, not all of these relate to the security of web applications themselves. Rather, they apply not only to the software being implementated but also to the environment in which it is developed. Application security is additional, and you can find more about it at the following pages:

• Programming Secure Web Applications in Python
• The 25 Most Dangerous Programming Errors
• HTTPS Cookie Jacking: Protecting Yourself
• Jacking HTTPS Cookies: When Encryption is not Enough
• Getting Login Information Securely

NOTE: Please don't click on any links in this post until you read it through.

Even if you have taken the "Hello, World!" crash course in Python, you would be forgiven if you were unsure of the difference between (?P<name>..) and (?P=name) when using Python regular expressions. The fact is that to one who is good with a hammer everything looks like a nail. Consequently, our tendency as humans is to try to make everything a nail on which we can use a hammer. A good sign of this "syndrome" is an inability to name at least 21 of the 35 different regex symbols and phrases found in Python - that is only 60% of what is available to you in the re module. As most could not, a competition might well profit us all. The challenge:

Name all 35 symbols and phrases without looking at the RegEx Glossary of this site.

You are on your honour not to cheat. Whoever does it first will get their props by due recognition in this space, accompanied by their photo if they send it. The competition runs until 1st March 2009 (exclusive). Please do not post your answer in the comments but send me your answer via email at python.guide[at]about.com (substituting '@' for the [at]).