Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Grant Edwards :

> any decent compiler should be able to generate the same code for a
> switch statement and for an equivalent chained if/else.

It's not so easy to be decent, especially when it comes to a language as
dynamic as Python.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Roy Smith :

> Python already has a switch statement.  It's just spelled funny...
>
> [...]
>
> try:
>raise value
> except Case1:
>print "did case 1"
> except (Case2, Case3):
>print "did either case 2 or 3"
> else:
>print "did default"

Not bad! Definitely worth considering.

> No fall-through, however.

Fall-trough is an unfortunate C syntax accident, not a feature worth
emulating.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Ben Finney :

> The unreliability is “will objects defined elsewhere have a different
> identity?”

That question is not interesting in my context, and has no bearing on
the correctness of the program.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Steven D'Aprano]

On Sat, 01 Mar 2014 19:29:41 +0200, Marko Rauhamaa wrote:

> Michael Torrie :
> 
>> No, '==' works fine no matter what objects you assign to your state
>> variables.
> 
> Well, it doesn't since
> 
>>>> a = float("nan")
>>>> a is a
>True
>>>> a == a
>False

No, that is working correctly, so the comment that equals works fine is 
correct: returning False is the correct thing to do if one or both of the 
objects are a NAN. NANs are supposed to compare unequal to everything, 
including themselves.

The is operator and the == operator do not have the same purpose and they 
do not do the same thing. "is" should not be considered an improved == 
without the quirks, this is not PHP and we're not comparing == and ===. 
The argument here is not about which operator performs the check we want, 
but over what check we want: do we want an identity test or an equality 
test?



-- 
Steven D'Aprano
http://import-that.dreamwidth.org/
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Steven D'Aprano :

> On Sat, 01 Mar 2014 19:29:41 +0200, Marko Rauhamaa wrote:
>> Michael Torrie :
>>> No, '==' works fine no matter what objects you assign to your state
>>> variables.
>> 
>> Well, it doesn't since
>> 
>>>>> a = float("nan")
>>>>> a is a
>>True
>>>>> a == a
>>False
>
> No, that is working correctly, so the comment that equals works fine
> is correct: returning False is the correct thing to do if one or both
> of the objects are a NAN. NANs are supposed to compare unequal to
> everything, including themselves.

Nobody is saying there's a bug in the implementation of "==". I'm just
saying "==" cannot be taken as a universal superset of "is". Therefore
a program cannot blindly use "==" to test for identity.

That's why "==" is a bit fishy. It immediately raises the question: what
does it mean for a == b, especially since the exact implementation of a
and b are intended to be opaque.

Example:

The os module defines the constants os.SEEK_SET, os.SEEK_CUR and
os.SEEK_END that can be used as arguments for os.lseek(). Must those
constants be used, or can a regular integer be used instead? The
documentation clearly states that integers can be used:

   SEEK_SET or 0 to set the position relative to the beginning of the
   file; SEEK_CUR or 1 to set it relative to the current position;
   SEEK_END or 2 to set it relative to the end of the file.

However, on the same reference page, os.posix_fadvise() is defined. We
read:

   advice is one of POSIX_FADV_NORMAL, POSIX_FADV_SEQUENTIAL,
   POSIX_FADV_RANDOM, POSIX_FADV_NOREUSE, POSIX_FADV_WILLNEED or
   POSIX_FADV_DONTNEED

and:

os.POSIX_FADV_NORMAL
os.POSIX_FADV_SEQUENTIAL
os.POSIX_FADV_RANDOM
os.POSIX_FADV_NOREUSE
os.POSIX_FADV_WILLNEED
os.POSIX_FADV_DONTNEED

Flags that can be used in advice in posix_fadvise()

Now, what kinds of object are those constants? We are not supposed to
know or care. We could peek into the implementation, but it would be a
grave mistake to trust the implementation choices in the application.

So in my application code I might set:

   favd_flag = os.POSIX_FADV_RANDOM

in some other part of my code I might want to see how "flag" was set.
Should I use "==" or "is" to test it?

If I take the API documentation on its face value, I *must* use "==" for
os.SEEK*:

if seek_flag == os.SEEK_END:
...

and I *must* use "is" for os.POSIX_FAVD_*:

if fsavd_flag is os.POSIX_FADV_RANDOM:
...

Since, for all I know, os.POSIX_FAVD_RANDOM might return a random value
for __eq__().


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Marko Rauhamaa :

> If I take the API documentation on its face value, [...]
> I *must* use "is" for os.POSIX_FAVD_*:
>
> if fsavd_flag is os.POSIX_FADV_RANDOM:
> ...

However, since a documentation flaw is more than likely, it is even more
prudent to avoid both "==" and "is" and create a set of shadow constants
in the application code:

  if self.fsavd_flag is self.FAVD_RANDOM:
  os.posix_fadvice(fd, offset, len, os.POSIX_FAVD_RANDOM):


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Mac vs. Linux for Python Development

[Chris Angelico]

On Sun, Mar 2, 2014 at 6:35 PM, Frank Millman  wrote:
> I assume by 'warm cache' you mean that I had used the decimal module before
> and not switched the machine off before trying the above exercise.
>
> In my case, the machine was switched off before I started. I switched it on
> and executed the above steps.

That would be about it, yeah. So that would be a cold cache test.

> To be slightly more precise, instead of 'the blink of an eye', I estimate it
> was between 250-500 ms. If I close the interpreter and start it up again, it
> takes maybe 100-200ms.

Alright, so now we're talking about some other factors on my system
that slow down the cold cache load dramatically. That I can completely
understand; when I originally posted it, I was fully aware that the
exact figures wouldn't be duplicable. 500ms is a major delay to
startup; but what's really significant is the 100-200ms warm cache,
because that one is what's going to be repeated. (Imagine a web server
that periodically restarts its subprocesses - say, every N requests.
Adding 200ms to startup time effectively adds 200/N ms to every
request.)

An awesome disk cache can improve that immensely, though. My Debian
box, warm cache, takes 0.0 seconds to import decimal. But it's a
faster computer overall, so even cold cache it only takes a hundred ms
or so.

> Just to be sure, I switched the machine off and on again, and repeated the
> exercise. Starting the interpreter for the first time takes 1.5 - 2 seconds.
> Importing decimal for the first time takes less than 500ms.

I'm beginning to get a suspicion here that the Windows XP disk cache
actually might have a "most pessimal" state, where it's full of other
stuff. Worse than a cold cache in performance, a cache warmed by
something else. But in any case, the exact figures for cold cache are
almost immaterial compared to a noticeable warm-cache delay - if
there's enough work to be done just loading the .pyc from the disk
cache that it takes visible time, then it would be a problem to force
that to be loaded on every interpreter startup. Which was kinda the
point of my original testing - I wanted to know how much of a penalty
there'd be to moving decimal to built-in.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Chris Angelico]

On Sun, Mar 2, 2014 at 8:35 PM, Marko Rauhamaa  wrote:
> However, on the same reference page, os.posix_fadvise() is defined. We
> read:
>
>advice is one of POSIX_FADV_NORMAL, POSIX_FADV_SEQUENTIAL,
>POSIX_FADV_RANDOM, POSIX_FADV_NOREUSE, POSIX_FADV_WILLNEED or
>POSIX_FADV_DONTNEED
>
> Now, what kinds of object are those constants? We are not supposed to
> know or care. We could peek into the implementation, but it would be a
> grave mistake to trust the implementation choices in the application.
>
> So in my application code I might set:
>
>favd_flag = os.POSIX_FADV_RANDOM
>
> in some other part of my code I might want to see how "flag" was set.
> Should I use "==" or "is" to test it?

In the absence of any advice to the contrary, I would use == to test.
The flags are most likely to be, in order:

* An enumeration, in a sufficiently new Python
* Integers
* Strings
* Arbitrary object()s

All of the above will compare correctly with ==, and if someone stuffs
in an object that compares equal to more than one of them, they're
likely to have problems at the far end. If identity is really crucial,
I would expect there to be a comment in the docs.

And there's another thing you can do to test.

>>> import os
>>> type(os.POSIX_FADV_RANDOM)


So use ==. If it's later changed and you have to instead use 'is', you
can change your code.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Chris Angelico :

> And there's another thing you can do to test.
>
 import os
 type(os.POSIX_FADV_RANDOM)
> 

Is that what you do in your programs?

> So use ==. If it's later changed and you have to instead use 'is', you
> can change your code.

Quite a robust API, huh?

Anyway, you recognize that the API definer is within their rights to
require 'is' semantics for the constants. IOW, the application must use
the given constant objects and nothing that happens to be == to them.

Consequently, the implementer is within their rights to define:

   def __eq__():
   return True


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

why indentation should be part of the syntax

[Stefan Behnel]

Haven't seen any mention of it on this list yet, but since it's such an
obvious flaw in quite a number of programming languages, here's a good
article on the recent security bug in iOS, which was due to accidentally
duplicated code not actually being as indented as it looked:

https://www.imperialviolet.org/2014/02/22/applebug.html

Stefan

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Steven D'Aprano]

On Sun, 02 Mar 2014 11:35:43 +0200, Marko Rauhamaa wrote:

> Nobody is saying there's a bug in the implementation of "==". I'm just
> saying "==" cannot be taken as a universal superset of "is". Therefore a
> program cannot blindly use "==" to test for identity.

Um, yes? Nor can you use ">" to test for identity, or "+", or "%", or any 
other operator other than "is". Why do you think it is a problem that == 
doesn't test for identity? It's not supposed to test for identity.

Why do you want to test for identity? I think I've asked five times now, 
why you care whether a state value has one instance or a thousand 
instances, and you haven't even attempted an answer.



> That's why "==" is a bit fishy. It immediately raises the question: what
> does it mean for a == b, especially since the exact implementation of a
> and b are intended to be opaque.

It means that a equals b. For ints, it means that they have the same 
numeric value. The same applies for floats. For strings, it means that 
they contain the same code points in the same order. And so on. For all 
built-in types, equality is well-defined. For custom types you create 
yourself, the onus is on you to ensure that equality is meaningful and 
well-defined.


> Example:
> 
> The os module defines the constants os.SEEK_SET, os.SEEK_CUR and
> os.SEEK_END that can be used as arguments for os.lseek(). Must those
> constants be used, or can a regular integer be used instead? The
> documentation clearly states that integers can be used:
> 
>SEEK_SET or 0 to set the position relative to the beginning of the
>file; SEEK_CUR or 1 to set it relative to the current position;
>SEEK_END or 2 to set it relative to the end of the file.
> 
> However, on the same reference page, os.posix_fadvise() is defined. We
> read:
> 
>advice is one of POSIX_FADV_NORMAL, POSIX_FADV_SEQUENTIAL,
>POSIX_FADV_RANDOM, POSIX_FADV_NOREUSE, POSIX_FADV_WILLNEED or
>POSIX_FADV_DONTNEED
> 
> and:
> 
> os.POSIX_FADV_NORMAL
> os.POSIX_FADV_SEQUENTIAL
> os.POSIX_FADV_RANDOM
> os.POSIX_FADV_NOREUSE
> os.POSIX_FADV_WILLNEED
> os.POSIX_FADV_DONTNEED
> 
> Flags that can be used in advice in posix_fadvise()
> 
> Now, what kinds of object are those constants? We are not supposed to
> know or care.

Incorrect. We are supposed to know and care.

os.posix is exactly the sort of library I mentioned earlier when I said 
sometimes you're constrained by compatibility with some other system. In 
this case, the os module is explicitly designed to be compatible with the 
POSIX interface, which is defined to use certain integer values as flags. 
This is not an implementation choice which implementers can change at 
will, it is part of the interface.

The specific *values* possibly may be allowed to vary from platform to 
platform, and since this is C even the definition of "int" may be 
platform specific, but not that fact that they are ints. Hence the value 
of POSIX_FADV_RANDOM could, theoretically, be different under Linux and 
FreeBSD (say). It probably isn't, but it could be. If you hard-code the 
magic number 1 in your code, you're risking the (tiny) chance of it 
failing on some obscure POSIX system. But that doesn't imply that we must 
test for object identity. There could be a million different instances, 
all with the value POSIX_FADV_RANDOM.

Python does not guarantee that there is only a single 1 instance. If you 
want to test whether a value is os.POSIX_FADV_RANDOM, the right way is to 
compare that value for equality with os.POSIX_FADV_RANDOM, not identity.


> We could peek into the implementation, but it would be a
> grave mistake to trust the implementation choices in the application.
> So in my application code I might set:
> 
>favd_flag = os.POSIX_FADV_RANDOM

A much better choice than hard-coding the magic value 1. But that choice 
has absolutely nothing to do with whether 1 is a singleton or not.


> in some other part of my code I might want to see how "flag" was set.
> Should I use "==" or "is" to test it?

Equals, of course. There is absolutely no question about that. To even 
*think* that you should test it with "is" means that you have completely 
misunderstood what you are doing here. Why are you relying on an 
implementation detail that CPython happens to cache and reuse small 
integers like 1? What happens if you run your code under an 
implementation of Python that doesn't cache small ints? Or if your 
platform happens to set POSIX_FADV_RANDOM to a non-cached value like 
8531201?

Python does not promise that POSIX_FADV_RANDOM will be a singleton value. 
Using "is" is unsafe.


> If I take the API documentation on its face value, I *must* use "==" for
> os.SEEK*:

Correct.


> if seek_flag == os.SEEK_END:
> ...
> 
> and I *must* use "is" for os.POSIX_FAVD_*:

Incorrect.


> if fsavd_flag is os.POSIX_FADV_RANDOM:
> ...
> 
> Since, for all I know, os.POSIX_FAVD_RANDOM might return a random value
> for

Re: Can global variable be passed into Python function?

[Ben Finney]

Marko Rauhamaa  writes:

> Ben Finney :
>
> > The unreliability is “will objects defined elsewhere have a different
> > identity?”
>
> That question is not interesting in my context, and has no bearing on
> the correctness of the program.

You keep vacillating between two positions: pick one for the context.

Either you care about object identity in this context, and the above
observation is relevant.

Or, you don't care about object identity in this context, and you should
avoid ‘is’ and use ‘==’.

But you cannot have both.

-- 
 \“You know I could rent you out as a decoy for duck hunters?” |
  `\ —Groucho Marx |
_o__)  |
Ben Finney

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: posting code snippets

[Alister]

On Sun, 02 Mar 2014 09:16:35 +1100, Chris Angelico wrote:

> On Sat, Mar 1, 2014 at 1:31 AM, Grant Edwards 
> wrote:
>> You drag out the lab scope, logic analyzer, spectrum analyzer, sweep
>> generator, strip plotter, and the machine that goes "ping".  You start
>> to get everything set up to nail that problem securely to the
>> dissecting board.  Long before you actually get to that point, the
>> problem becomes intimidated and reveals itself and a solution.
> 
> *ALL* my machines go ping. It's fundamental to network debugging. I know
> that's not what you meant, but somehow it comes to the same thing. :)
> 
> And yep. That is so absolutely right. Problems know when concealment
> becomes pointless.
> 
> ChrisA

As a maintenance engineer I find there is also an opposite factor in 
operation.
Equipment manufacturers appear to include an "Engineer Proximity 
Detector" in all designs that cause the equipment to work flawlessly when 
triggered.

The issue the customer has been complaining about incessantly never 
occurs whilst there is an engineer on site.




-- 
We're out of slots on the server
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Steven D'Aprano :

> On Sun, 02 Mar 2014 11:35:43 +0200, Marko Rauhamaa wrote:
>> Now, what kinds of object are those constants? We are not supposed to
>> know or care.
>
> Incorrect. We are supposed to know and care.

Then, the documentation is seriously flawed. It gives no hint whatsoever
on the nature of those objects.

> os.posix is exactly the sort of library I mentioned earlier when I
> said sometimes you're constrained by compatibility with some other
> system. In this case, the os module is explicitly designed to be
> compatible with the POSIX interface, which is defined to use certain
> integer values as flags. This is not an implementation choice which
> implementers can change at will, it is part of the interface.

The values of those Python constants don't need to have any relationship
with those of the underlying operating system.

> Python does not guarantee that there is only a single 1 instance.

Nobody has ever argued such a thing. I certainly haven't.

However, nothing in the API spec gives you the right to call the
function with an integer.

> If you want to test whether a value is os.POSIX_FADV_RANDOM, the right
> way is to compare that value for equality with os.POSIX_FADV_RANDOM,
> not identity.

That might well be true but is not explicitly or implicitly specified in
the documentation. (The os.SEEK_* constants are explicitly defined.)

>> Since, for all I know, os.POSIX_FAVD_RANDOM might return a random value
>> for __eq__().
>
> For all *you* know, perhaps, but since os.posix_fadvise is a thin
> wrapper around the POSIX C function fadvise, and that is documented as
> expecting ints for the advice parameter, that cannot be the case.

A pretty serious documentation flaw, then. Misleading even.

I take it from the documentation that you *must* use the given constant
objects and not some improvised integers.

> That the os module is a thin wrapper around os- specific services may
> not be explicitly stated, but it is nevertheless true.

The example was given for illustration purposes; any criticism against
the accuracy of the documentation is a sideshow.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: why indentation should be part of the syntax

[Bernd Nawothnig]

On 2014-03-02, Stefan Behnel wrote:
> Haven't seen any mention of it on this list yet, but since it's such an
> obvious flaw in quite a number of programming languages, here's a good
> article on the recent security bug in iOS, which was due to accidentally
> duplicated code not actually being as indented as it looked:
>
> https://www.imperialviolet.org/2014/02/22/applebug.html

The way Perl or Go handles it where it is not possible to omit the
curly braces would have prevented the same error too.




Bernd

-- 
no time toulouse
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: posting code snippets

[Gene Heskett]

On Sunday 02 March 2014 07:05:06 Alister did opine:

> On Sun, 02 Mar 2014 09:16:35 +1100, Chris Angelico wrote:
> > On Sat, Mar 1, 2014 at 1:31 AM, Grant Edwards
> > 
> > 
> > wrote:
> >> You drag out the lab scope, logic analyzer, spectrum analyzer, sweep
> >> generator, strip plotter, and the machine that goes "ping".  You
> >> start to get everything set up to nail that problem securely to the
> >> dissecting board.  Long before you actually get to that point, the
> >> problem becomes intimidated and reveals itself and a solution.
> > 
> > *ALL* my machines go ping. It's fundamental to network debugging. I
> > know that's not what you meant, but somehow it comes to the same
> > thing. :)
> > 
> > And yep. That is so absolutely right. Problems know when concealment
> > becomes pointless.
> > 
> > ChrisA
> 
> As a maintenance engineer I find there is also an opposite factor in
> operation.
> Equipment manufacturers appear to include an "Engineer Proximity
> Detector" in all designs that cause the equipment to work flawlessly
> when triggered.
> 
> The issue the customer has been complaining about incessantly never
> occurs whilst there is an engineer on site.

Most sensitive when any cover has been opened.  It took me 5 years to find 
an intermittent video insert problem in a piece of Chyron gear, and when I 
found it, I called the guy at Chyron whose name was on the schematic page 
and told him in no uncertain terms that the best part of him ran down his 
mothers leg.  He'd used a spare gate in a quad nand gate package as an 
inverter, a common practice when you need just one more inverter in a 
design.  Nothing at all wrong with the concept, but the idiot left one of 
the two inputs floating, disconnected.  That is an absolute no-no in any 
digital logic circuit, and will bite somebody on the ass, repeatedly. And 
since I could only get at it for not more than 20 minutes at a time because 
of its duties, I am ashamed that it took me 5 years to find it when the fix 
was half an inch of wire wrapping wire to tie it to the other input pin.

There is not a digital logic chip book on the planet that doesn't contain 
warnings about floating inputs.

Yeah, I CAN be one of those to idiots.  As Marion Morrison, aka John Wayne 
was fond of saying in his movies, stupidity should hurt.  And this guy 
deserved to hurt.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

NOTICE: Will pay 100 USD for an HP-4815A defective but
complete probe assembly.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can tuples be replaced with lists all the time?

[Ashish Panchal]

No, not always. You can use yuples as dictionary key as keys are immutable
and you can't use it as list.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Tuples and immutability

[Ian Kelly]

On Sat, Mar 1, 2014 at 7:04 PM, Eric Jacoboni  wrote:
> In fact, i think i'm gonna forget += on lists :)

Well, do what you want, but I think you're taking the wrong lesson
from this.  Don't forget about using += on lists.  Instead, forget
about using assignments, augmented or otherwise, on tuple elements.
Would you expect this to work?

tup = (1, 2, 3)
tup[1] += 42

I'm guessing probably not.  So I have a hard time understanding why it
should be expected to work any differently when the tuple element
happens to be a list.  The fact that the list is actually modified I
think is a distraction from the main point: the error indicates that
something illegal happened, not that nothing has changed.  Assignments
just are not allowed on tuple elements, and it doesn't matter what
type they happen to be.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: why indentation should be part of the syntax

[Ned Batchelder]

On 3/2/14 5:41 AM, Stefan Behnel wrote:

Haven't seen any mention of it on this list yet, but since it's such an
obvious flaw in quite a number of programming languages, here's a good
article on the recent security bug in iOS, which was due to accidentally
duplicated code not actually being as indented as it looked:

https://www.imperialviolet.org/2014/02/22/applebug.html

Stefan



As much as I like indentation as syntax, and am amused by this bug, I'm 
not sure we can chalk it all up to space-vs-brace. After all, who would 
have wanted two goto's in a row even with braces?  It's not like there's 
some engineer at Apple who meant for the code to read like this:


if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) {
goto fail;
goto fail;
}

This looks to me like a poorly handled merge conflict maybe?  I wonder 
if we'll ever get the details.


--
Ned Batchelder, http://nedbatchelder.com

--
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Mark Lawrence]

On 02/03/2014 10:59, Ben Finney wrote:

Marko Rauhamaa  writes:


Ben Finney :


The unreliability is “will objects defined elsewhere have a different
identity?”


That question is not interesting in my context, and has no bearing on
the correctness of the program.


You keep vacillating between two positions: pick one for the context.

Either you care about object identity in this context, and the above
observation is relevant.

Or, you don't care about object identity in this context, and you should
avoid ‘is’ and use ‘==’.

But you cannot have both.



Unless you're a troll.

--
My fellow Pythonistas, ask not what our language can do for you, ask 
what you can do for our language.


Mark Lawrence

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


--
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Mark Lawrence]

On 02/03/2014 09:35, Marko Rauhamaa wrote:

Steven D'Aprano :


On Sat, 01 Mar 2014 19:29:41 +0200, Marko Rauhamaa wrote:

Michael Torrie :

No, '==' works fine no matter what objects you assign to your state
variables.


Well, it doesn't since

>>> a = float("nan")
>>> a is a
True
>>> a == a
False


No, that is working correctly, so the comment that equals works fine
is correct: returning False is the correct thing to do if one or both
of the objects are a NAN. NANs are supposed to compare unequal to
everything, including themselves.


Nobody is saying there's a bug in the implementation of "==". I'm just
saying "==" cannot be taken as a universal superset of "is". Therefore
a program cannot blindly use "==" to test for identity.

That's why "==" is a bit fishy. It immediately raises the question: what
does it mean for a == b, especially since the exact implementation of a
and b are intended to be opaque.

Example:

The os module defines the constants os.SEEK_SET, os.SEEK_CUR and
os.SEEK_END that can be used as arguments for os.lseek(). Must those
constants be used, or can a regular integer be used instead? The
documentation clearly states that integers can be used:

SEEK_SET or 0 to set the position relative to the beginning of the
file; SEEK_CUR or 1 to set it relative to the current position;
SEEK_END or 2 to set it relative to the end of the file.

However, on the same reference page, os.posix_fadvise() is defined. We
read:

advice is one of POSIX_FADV_NORMAL, POSIX_FADV_SEQUENTIAL,
POSIX_FADV_RANDOM, POSIX_FADV_NOREUSE, POSIX_FADV_WILLNEED or
POSIX_FADV_DONTNEED

and:

 os.POSIX_FADV_NORMAL
 os.POSIX_FADV_SEQUENTIAL
 os.POSIX_FADV_RANDOM
 os.POSIX_FADV_NOREUSE
 os.POSIX_FADV_WILLNEED
 os.POSIX_FADV_DONTNEED

 Flags that can be used in advice in posix_fadvise()

Now, what kinds of object are those constants? We are not supposed to
know or care. We could peek into the implementation, but it would be a
grave mistake to trust the implementation choices in the application.

So in my application code I might set:

favd_flag = os.POSIX_FADV_RANDOM

in some other part of my code I might want to see how "flag" was set.
Should I use "==" or "is" to test it?

If I take the API documentation on its face value, I *must* use "==" for
os.SEEK*:

 if seek_flag == os.SEEK_END:
 ...

and I *must* use "is" for os.POSIX_FAVD_*:

 if fsavd_flag is os.POSIX_FADV_RANDOM:
 ...

Since, for all I know, os.POSIX_FAVD_RANDOM might return a random value
for __eq__().


Marko



Will you please be kind enough to stop writing this drivel.  You've been 
told repeatedly that you don't know what you're talking about, so have 
the decency to just belt up.  Now try testing these words for identity.


--
My fellow Pythonistas, ask not what our language can do for you, ask 
what you can do for our language.


Mark Lawrence

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


--
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Can global variable be passed into Python function?

[Dave Angel]

 Chris Angelico  Wrote in message:
> On Sun, Mar 2, 2014 at 3:02 PM, Dave Angel  wrote:
>> The quote you make from the C standard doesn't mention malloc,  so
>>  you're arguing different things. It's not the compiler that casts
>>  the malloc return value to the struct type.
>>
>> C++ does implicitly convert the result,  and the return value of
>>  new already has the struct type. But the runtime stores at least
>>  two kinds of overhead on occasion,  the array size, and the
>>  vtable. So the malloc address can not be assumed to match the
>>  struct beginning.  (Not even considering that one can override
> 
> Whatever pointer malloc returns is the beginning of the *usable*
> space. Any overhead for array size etc has to be before that; a
> virtual function table pointer would be inside that space, but that's
> very much compiler-dependent.
> 

Sure,  for some definition of "usable".  Overhead such as block
 size, freelist pointer etc., are obviously outside of the
 returned block.  But the array size that's specified in a call to
 new [], and the vptr, are definitely inside the malloc'ed block,
 and may be before the struct data.

-- 
DaveA

-- 
https://mail.python.org/mailman/listinfo/python-list

HUMANS HAVE ORIGINS IN THE DEVONIAN, AND YOU KNOW IT!

[THRINASSODON1]

>BREAKING FUCKING NEWS, ASSHOLES!

>
THRINAXODON JUST FOUND THREE HUMAN FOSSILS FROM DEVONIAN STRATA IN 
GREENLAND; THE FOSSILS WERE A HUMAN FEMUR, KNEECAP, AND SKULLCAP.

>
THE SMITHSONIAN IS CHASTISING OVER THESE FINDS, DOING EVERYTHING IN 
THEIR POWER TO CENSOR THE TRUTH.

>
DONATE TO THE BIOLORD9 FOUNDATION TO FIND OUT HOW TO STOP THE 
SMITHSONIAN FROM CENSORING THE TRUTH, AND LET THE TRUTH THAT HUMAN 
EVOLUTION IS A SCAM BE REVEALED!

>
===
EVIDENCE THAT HUMANS LIVED IN THE DEVONIAN:

https://groups.google.com/group/sci.bio.paleontology/browse_thread/thread/6f501c469c7af24f#

https://groups.google.com/group/sci.bio.paleontology/browse_thread/thread/3aad75c16afb0b82#



http://thrinaxodon.wordpress.com/

===

THRINAXODON ONLY HAD THIS TO SAY:

"I..I...I...Can't believe it. This completely disproved Darwinian
orthodoxy."

===

THE BASTARDS AT THE SMITHSONIAN, AND THE LEAKEY FOUNDATION ARE ERODING
WITH FEAR.

===
THESE ASSHOLES ARE GOING TO DIE:
THOMAS AQUINAS;
ALDOUS HUXLEY;
BOB CASANVOVA;
SkyEyes;
DAVID IAIN GRIEG;
MARK ISAAK;
JOHN HARSHAM;
RICHARD NORMAN;
DR. DOOLITTLE;
CHARLES DARWIN;
MARK HORTON;
ERIK SIMPSON;
HYPATIAB7;
PAUL J. GANS;
JILLERY;
WIKI TRIK;
THRINAXODON;
PETER NYIKOS;
RON OKIMOTO;
JOHN S. WILKINS
===

THRINAXODON WAS SCOURING ANOTHER DEVONIAN FOSSIL BED, AND FOUND A
HUMAN SKULL, AND A HUMAN FEMUR. HE ANALYSED THE FINDS, AND SAW THAT
THEY WERE NOT NORMAL ROCKS. THESE WERE FOSSILIZED BONES. THEY EVEN HAD
TOOTH MARKS ON THEM. SO, THRINAXODON BROUGHT THEM TO THE LEAKEY
FOUNDATION, THEY UTTERLY DISMISSED IT, AND SAID, "We want to keep
people thinking that humans evolved 2 Ma." THRINAXODON BROUGHT HIS
SWORD, AND SAID, "SCIENCE CORRECTS ITSELF." RICHARD LEAKEY SAID, "That
is a myth, for people to believe in science." THRINAXODON PLANS TO
BRING DOOM TO SCIENCE, ITSELF.



THRINAXODON IS NOW ON REDDIT
--
---Thrinaxodon
--
https://mail.python.org/mailman/listinfo/python-list

Re: Tuples and immutability

[Eric Jacoboni]

Le 02/03/2014 13:32, Ian Kelly a écrit :
> On Sat, Mar 1, 2014 at 7:04 PM, Eric Jacoboni  wrote:
>> In fact, i think i'm gonna forget += on lists :)
> 
> Well, do what you want, but I think you're taking the wrong lesson
> from this.  Don't forget about using += on lists.  Instead, forget
> about using assignments, augmented or otherwise, on tuple elements.
> Would you expect this to work?

Well, the thing about += on lists that makes me forget it, like i said
in my previous post, is that its behaviour is not consistent with +.

Don't get me wrong: i don't expect that modifying a tuple element works.
That's exactly my point: my initial question was, why it "half works :
it should not work at all". I was thinking that += on lists worked like
update() or extend() : modifying lists in place... It was my mistake

So, yes, i still don't get the point using a += operation, which is not
even consistent with the + operation (see my exemple on "spam" in my
previous post). The + operator to return the modified list and the
update() or extend() methods to do in place replacements are well enough
for my present needs. Maybe, in the future, i will find a use case of +=
for lists which is not covered by others methods, though... Who knows? I
don't doubt that Python designers have made this choice and this
behavior for a good reason: i've just not get it yet.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Tuples and immutability

[Mark Lawrence]

On 02/03/2014 13:38, Eric Jacoboni wrote:

Le 02/03/2014 13:32, Ian Kelly a écrit :

On Sat, Mar 1, 2014 at 7:04 PM, Eric Jacoboni  wrote:

In fact, i think i'm gonna forget += on lists :)


Well, do what you want, but I think you're taking the wrong lesson
from this.  Don't forget about using += on lists.  Instead, forget
about using assignments, augmented or otherwise, on tuple elements.
Would you expect this to work?


Well, the thing about += on lists that makes me forget it, like i said
in my previous post, is that its behaviour is not consistent with +.


The behaviour is consistent except when you try to modify a tuple.



Don't get me wrong: i don't expect that modifying a tuple element works.
That's exactly my point: my initial question was, why it "half works :
it should not work at all". I was thinking that += on lists worked like
update() or extend() : modifying lists in place... It was my mistake


I'd like to see you get update to work on a list.  This shows how 
confused you are over this issue.




So, yes, i still don't get the point using a += operation, which is not
even consistent with the + operation (see my exemple on "spam" in my
previous post). The + operator to return the modified list and the
update() or extend() methods to do in place replacements are well enough
for my present needs. Maybe, in the future, i will find a use case of +=
for lists which is not covered by others methods, though... Who knows? I
don't doubt that Python designers have made this choice and this
behavior for a good reason: i've just not get it yet.



All of this comes about because of the known issue with tuples.  Take 
them out of the equation and the behaviour of =, +=, extend and append 
is consistent.


--
My fellow Pythonistas, ask not what our language can do for you, ask 
what you can do for our language.


Mark Lawrence

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


--
https://mail.python.org/mailman/listinfo/python-list

Re: why indentation should be part of the syntax

[Chris Angelico]

On Sun, Mar 2, 2014 at 11:36 PM, Ned Batchelder  wrote:
> As much as I like indentation as syntax, and am amused by this bug, I'm not
> sure we can chalk it all up to space-vs-brace. After all, who would have
> wanted two goto's in a row even with braces?  It's not like there's some
> engineer at Apple who meant for the code to read like this:
>
> if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) {
> goto fail;
> goto fail;
> }
>
> This looks to me like a poorly handled merge conflict maybe?  I wonder if
> we'll ever get the details.

Put it this way: If I saw two gotos in a row like that, with or
without braces, I would be firing up gitk or git gui blame or
something to figure out what happened.

But ultimately, it comes down to this: No matter what, the compiler
can't catch every bug. That's why we have peer review, test suites,
and (above all) the magnificent time machine of source control. "What
the <> happened here?" becomes "Huh. I see, someone didn't
notice that x and y did a z" when you can see the commit that
introduced something. Indentation-as-syntax doesn't prevent weird
errors from creeping in - look at this one from the Python stdlib:

http://bugs.python.org/issue20729

Notably this bit of code:

if hasattr(arg, 'iteritems'):
source = arg.items()
elif hasattr(arg, 'items'):
source = arg.items()
else:
source = arg


It would take an exceedingly weird set of circumstances for this to
actually matter, but it's something that looks pretty odd in the code,
and no compiler support would help it. Although... to plug my own
proposal... PEP 463 exception expressions might have reduced the
duplication a bit. But it'd still be possible to get something that
looks weird, like:

source = (arg.items()
except AttributeError: (arg.items()
except AttributeError: arg))

or, equally weirdly:

source = ((arg.items()
except AttributeError: arg.items())
except AttributeError: arg)

There's no "easy fix" for this sort of thing. Maybe a linter could
have been run over the original C code and flagged a warning
(Unexpected indent!), but that's really all. (That actually goes
against the subject line. If the indentation is what matters, you
can't lint it against the braces, you just get the other odd
behaviour.)

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Can global variable be passed into Python function?

[Chris Angelico]

On Mon, Mar 3, 2014 at 12:22 AM, Dave Angel  wrote:
> Sure,  for some definition of "usable".  Overhead such as block
>  size, freelist pointer etc., are obviously outside of the
>  returned block.  But the array size that's specified in a call to
>  new [], and the vptr, are definitely inside the malloc'ed block,
>  and may be before the struct data.

Hmm. Last I was working with it, the array size to new[] was outside
the block, just as the block size to malloc(). The vptr is part of any
struct/class with virtual functions, and effectively acts as a hidden
class member, so you get one of those inside the block, and it's
included in sizeof.

//Allocated Space: The Final Frontier!
#include  //cout sucks :)

class Foo
{
int x;
int y;
int z;
};

class Bar
{
int x;
int y;
int z;
virtual int get_x() {return x;}
};

int main()
{
printf("sizeof(int) = %u\n",sizeof(int));
printf("sizeof(int*) = %u\n",sizeof(int*));
printf("sizeof(Foo) = %u\n",sizeof(Foo));
printf("sizeof(Bar) = %u\n",sizeof(Bar));
Foo *foo = new Foo[10];
printf("foo = %p/%p = %u\n",foo,foo+10,(char *)(foo+10)-(char *)foo);
Bar *bar = new Bar[10];
printf("bar = %p/%p = %u\n",bar,bar+10,(char *)(bar+10)-(char *)bar);
return 0;
}


rosuav@sikorsky:~$ g++ frontier.cpp && ./a.out
sizeof(int) = 4
sizeof(int*) = 8
sizeof(Foo) = 12
sizeof(Bar) = 24
foo = 0xf38010/0xf38088 = 120
bar = 0xf38090/0xf38180 = 240



The rules of structs are that they be contiguous, that they be laid
out sequentially, and that any padding needed between structures is at
the end of the previous one (which is why three of 4 bytes makes 12
bytes, but three of 4 bytes plus 8 bytes makes 24 - the eight-byte
pointer has to be aligned on a multiple of eight bytes, so having a
20-byte structure that starts with an 8-byte pointer is a no-no). The
allocated block of memory is, by definition, the same as the pointer
to its first element. As it happens, the pointer bar is not synonymous
with &bar->x, &bar->y, or &bar->z, which means the vptr is at the
beginning of bar, which makes sense; but the compiler's not obliged to
do that, and in some cases may choose not to - for instance, if bar
(with a virtual function) inherited from foo (with none), it might be
convenient to allow a pointer-cast to not change the value of the
pointer. (g++ 4.7.2 still puts the vptr at the beginning of bar in
that case, but other compilers or other versions may differ.)

Array size is outside the block, presumably before it, as &foo[0] is
by definition identical to foo, and there's no room inside the
structure for any spare data. Virtual function table is inside the
block because it's a hidden member of the object (like __class__ in
Python, only better hidden).

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Tuples and immutability

[Eric Jacoboni]

Le 02/03/2014 15:05, Mark Lawrence a écrit :

> The behaviour is consistent except when you try to modify a tuple.
> 

Not in my opinion...

li = [10, 30]
li = li + "spam"   --> TypeError: can only concatenate list (not "str")
li += "spam"   --> Ok

So, not, that's not what i call consistent.

And it's not related to tuples...

> I'd like to see you get update to work on a list.  This shows how
> confused you are over this issue.

Well, sorry, i wanted to write .append()


-- 
https://mail.python.org/mailman/listinfo/python-list

Re: why indentation should be part of the syntax

[Tim Chase]

On 2014-03-03 01:08, Chris Angelico wrote:
> > if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
> > { goto fail;
> > goto fail;
> > }
> 
> Put it this way: If I saw two gotos in a row like that, with or
> without braces, I would be firing up gitk or git gui blame or
> something to figure out what happened.

That depends on actually seeing them in the first place :-)

Computers are great -- it's the people interacting with them (both on
the coding-end and the user-end) that cause problems every time ;-)

-tkc



-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Tuples and immutability

[albert visser]

On Sun, 02 Mar 2014 15:17:11 +0100, Eric Jacoboni  
 wrote:



Le 02/03/2014 15:05, Mark Lawrence a écrit :


The behaviour is consistent except when you try to modify a tuple.



Not in my opinion...

li = [10, 30]
li = li + "spam"   --> TypeError: can only concatenate list (not "str")
li += "spam"   --> Ok



possibly because you expect += to take "spam" as a string, but have you  
looked at the result?


In [1]: mylist = ['1', '2']

In [2]: mylist += 'spam'

In [3]: mylist
Out[3]: ['1', '2', 's', 'p', 'a', 'm']

consequently, try adding something that can not be interpreted as a  
sequence:


In [4]: mylist += 3
---
TypeError Traceback (most recent call last)
 in ()
> 1 mylist += 3

TypeError: 'int' object is not iterable


--
Vriendelijke groeten / Kind regards,

Albert Visser

Using Opera's mail client: http://www.opera.com/mail/
--
https://mail.python.org/mailman/listinfo/python-list

Re: why indentation should be part of the syntax

[Roy Smith]

In article ,
 Stefan Behnel  wrote:

> Haven't seen any mention of it on this list yet, but since it's such an
> obvious flaw in quite a number of programming languages, here's a good
> article on the recent security bug in iOS, which was due to accidentally
> duplicated code not actually being as indented as it looked:
> 
> https://www.imperialviolet.org/2014/02/22/applebug.html
> 
> Stefan

Hogwash.  What this looks like is two gotos in a row.  Anybody who 
reviewed this code would have thrown up a red flag when they saw two 
gotos in a row.  If anything, the "incorrect" indentation makes it even 
more obvious.  Any static code analyzer would have also caught this as 
an unreachable statement.

Paraphrasing this into Python, you get:

def bogus():
if SSLHashSHA1.update(hashCtx, serverRandom) != 0:
raise fail
if SSLHashSHA1.update(hashCtx, signedParams) != 0:
raise fail
raise fail
if SSLHashSHA1.final(hashCtx, hashOut) != 0:
raise fail

which is syntactically valid (at least, I can import it), but clearly 
not what the author intended.  So how did Python's indentation rules 
save us?

On the other hand, the Python code was actually a little annoying to 
type in because emacs refused to auto-indent the second raise!  So maybe 
the real rule is to only write code using emacs :-)
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Boxes of O's

[geniusrko]

I agree with you and really appreciate your experience. But what I was looking 
for is clues. Thank you anyway
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Boxes of O's

[Mark Lawrence]

On 02/03/2014 14:43, genius...@gmail.com wrote:

I agree with you and really appreciate your experience. But what I was looking 
for is clues. Thank you anyway



Sorry, can't resist this one https://www.youtube.com/watch?v=oaGpaj2nHIo :)

--
My fellow Pythonistas, ask not what our language can do for you, ask 
what you can do for our language.


Mark Lawrence

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


--
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Marko Rauhamaa :

> Roy Smith :
>
>> Python already has a switch statement.  It's just spelled funny...
>>
>> [...]
>>
>> try:
>>raise value
>> except Case1:
>>print "did case 1"
>> except (Case2, Case3):
>>print "did either case 2 or 3"
>> else:
>>print "did default"
>
> Not bad! Definitely worth considering.

I wrote a simple test that switched between 26 "enums" using three
techniques and measured execution times (2,600,000 switching
operations). I also measured the time with no switching and subtracted
that time from the test times.

Results of the competition (performed with python3.2.3):

1. DICT DISPATCH TABLE (0.2 µs/switch)

2. IF-ELSE CHAIN (850% slower than DICT DISPATCH TABLE)

3. TRY-EXCEPT (3500% slower than DICT DISPATCH TABLE)


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Roy Smith]

In article <87fvn08vux@elektro.pacujo.net>,
 Marko Rauhamaa  wrote:

> Marko Rauhamaa :
> 
> > Roy Smith :
> >
> >> Python already has a switch statement.  It's just spelled funny...
> >>
> >> [...]
> >>
> >> try:
> >>raise value
> >> except Case1:
> >>print "did case 1"
> >> except (Case2, Case3):
> >>print "did either case 2 or 3"
> >> else:
> >>print "did default"
> >
> > Not bad! Definitely worth considering.
> 
> [...]
> 3. TRY-EXCEPT (3500% slower than DICT DISPATCH TABLE)

I'm glad to hear that.  I hope nobody took me seriously when I suggested 
this.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Roy Smith :

> In article <87fvn08vux@elektro.pacujo.net>,
>  Marko Rauhamaa  wrote:
>> 3. TRY-EXCEPT (3500% slower than DICT DISPATCH TABLE)
>
> I'm glad to hear that. I hope nobody took me seriously when I
> suggested this.

I actually have employed the idea before in a related but slightly
different use case.

Anyway, it's extremely close to the switch statement's use case and
should give some guidance if a proper switch statement is ever worked
into the language. What's killing the performance is the backtrace
generation and longjmp trickery. If an analogous syntax could be (A)
separated from BaseException and (B) compiled into a dict, we could have
a winner.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

source code control and documentation

[Rita]

Hi,


I am trying to achieve this, every time I commit to svn I automatically
 run hooks to test my libraries, ATM I am doing this manually

cd libs
PYTHONPATH=. python test_lib.py

and if everything passes I do a svn commit -m 'committing code'

I don't have access to my svn server so I can't create my own hooks (or can
I?)

Also, I would like to auto-document my library and project so, when I do a
svn commit I would like to generate a sphinix-doc (and I am open to
suggestions).  In the source code do I need to do anything special to my
Classes and Functions?

class myClass(object):
  ""do I need to do anything special here"""?

Ideally, I would like to automatically draw a UML diagram since my codebase
is rather large.




How do people achieve this?



-- 
--- Get your facts first, then you can distort them as you please.--
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: source code control and documentation

[Chris Angelico]

On Mon, Mar 3, 2014 at 2:56 AM, Rita  wrote:
> I am trying to achieve this, every time I commit to svn I automatically  run
> hooks to test my libraries, ATM I am doing this manually
>
> cd libs
> PYTHONPATH=. python test_lib.py
>
> and if everything passes I do a svn commit -m 'committing code'
>
> I don't have access to my svn server so I can't create my own hooks (or can
> I?)

This is really a subversion question, not a Python one. But this much
I'll say: svn is vastly inferior to modern version control systems
like git and Mercurial (the latter being written in Python and used
for CPython and many other Python-related projects). You can easily
import your svn history into either git or Mercurial (at least, I'm
pretty sure Mercurial offers good import facilities - if not, there
are ways around the problem), so you won't lose anything by switching.
And hook support is excellent.

Personally, I'm very friendly with git - we work together really well.
Mercurial and I are like business acquaintances that don't see each
other quite as often, and interactions are a bit more formal and
stilted. But I know that either one will serve you well, and far more
easily than svn does.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Chris Angelico]

On Mon, Mar 3, 2014 at 2:52 AM, Marko Rauhamaa  wrote:
> Roy Smith :
>
>> In article <87fvn08vux@elektro.pacujo.net>,
>>  Marko Rauhamaa  wrote:
>>> 3. TRY-EXCEPT (3500% slower than DICT DISPATCH TABLE)
>>
>> I'm glad to hear that. I hope nobody took me seriously when I
>> suggested this.
>
> I actually have employed the idea before in a related but slightly
> different use case.
>
> Anyway, it's extremely close to the switch statement's use case and
> should give some guidance if a proper switch statement is ever worked
> into the language. What's killing the performance is the backtrace
> generation and longjmp trickery. If an analogous syntax could be (A)
> separated from BaseException and (B) compiled into a dict, we could have
> a winner.

The trouble is, try/except fundamentally can't be compiled into a
dict, because Python's exception handling is based on subclasses.

try: func()
except FileNotFoundError: pass
except OSError: raise RuntimeError("Oops")
except Exception as e: log(e)
except: log("Aborting!"); raise
finally: log("Done")

How would you handle that with a dict? It's inherently ordered - a
FileNotFoundError would be caught by any one of those clauses, and
since there's no sane way to "pick the narrowest", the best way to
handle it is sequential evaluation. (Also, it's worth noting that
exception lists are not constants. It's possible to do downright
insane things like calling a function to figure out what exceptions to
handle. Yeah, that's pretty stupid, right there.)

A switch block that works with constants and equality *can* be turned
into a dict. If the constants are hashable, use them as the keys
directly; if they're not hashable and/or you want to use object
identity as the criterion (effectively like using 'is' rather than
'==' for your case statements), use id(x) as the keys, and make sure
you have other references to the objects. Then it'll be fine as a
straight-up dict.

If the switch block uses inequalities, then it suffers from the same
problem as the try/except block - it's inherently ordered, in case
(pun intended) there's a switched-on value that matches more than one.
(You could possibly optimize the int case, but that would be way WAY
too specific for a generic language structure.)

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Job - Senior Python Engineer - User Interface Applications, Cambridge MA

[scigenium]

Senior Python Engineer - User Interface Applications
Location : Cambridge MA
Who We Are: 

Gen9 is transforming synthetic biology by creating novel technologies to 
increase innovation within several industries including biopharmaceuticals, 
fine chemicals and bio-fuels.  

Currently such genes are synthesized 'one at a time' resulting in high-cost 
low-capacity gene synthesis capabilities in the marketplace. Gen9 is building 
the first 'fab' for synthetic biology -- the BioFab(R) platform -- based on 
next generation gene synthesis technologies.  The BioFab(R) platform was chosen 
by "The Scientist" as the #1 innovation of 2012. 

Position summary:

Gen9 is looking for a senior software engineer to contribute to software 
architecture that will help to scale our next-generation DNA synthesis 
platform.  The ideal candidate will be comfortable with a range of 
responsibilities as a member of a small, efficient team.  

Responsibilities:

*   Design and develop user-friendly web-based applications to improve work 
flow management, support scale up of production processes, and query 
information for data mining and analysis to better enable all aspects of our 
business
*   Support infrastructure and provide code base maintenance 
(documentation, testing, and revision control)
*   Respond to R&D and Manufacturing requests for custom requirements on an 
as needed basis

Requirements:

*   BS/ MS in computer science, bioinformatics, or related degree plus 5-7 
years of industry experience, or equivalent combination of education and 
experience
*   3+ years of experience using and developing within UNIX/Linux 
environments
*   Demonstrated proficiency with Python, JavaScript, and CSS
*   Demonstrated experience with SQL and database modeling
*   Demonstrated ability to work effectively and with minimal supervision 
in a small collaborative team
*   Demonstrated ability to multi-task and manage numerous activities 
simultaneously
*   Strong communication, documentation, and presentation skills
*   Familiarity with biology is not required, but is beneficial

HOW TO APPLY:
Send resume & cover letter to: resu...@gen9bio.com.
Please briefly describe your skills, knowledge, and experience with the 
Required Qualifications in your cover letter/email.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Can global variable be passed into Python function?

[Grant Edwards]

On 2014-03-02, Dave Angel  wrote:
>  Grant Edwards  Wrote in message:
>> On 2014-02-24, Michael Torrie  wrote:
>>
>>>
>>> Why would you think that? The address of the start of your malloc'ed
>>> structure is the same as the address of the first element.  Surely
>>> this is logical?
>> 
>> Not only is it logical, the C standard explicitly requires it.  Here's
>> a second-hand citation since I don't happend to have an actual copy of
>> the standard on hand:
>> 
>> C1x ???6.7.2.1.13:
>> 
>>A pointer to a structure object, suitably converted, points to
>>its initial member ... and vice versa. There may be unnamed
>>padding within a structure object, but not at its beginning.
>
> The quote you make from the C standard doesn't mention malloc,  so
> you're arguing different things.

No, I'm not.  A pointer to a structure object and a pointer to it's
first field are the same.  It doesn't matter where the object came
from.

> It's not the compiler that casts the malloc return value to the
> struct type.

That's irrelevent.  The actual location of the memory containing the
struct object (static, stack, heap, shared) doesn't matter.  The
address of the first field in a struture object _is_ the address of
the structure object.

-- 
Grant
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Mark Lawrence]

On 02/03/2014 16:23, Chris Angelico wrote:


A switch block that works with constants and equality *can* be turned
into a dict. If the constants are hashable, use them as the keys
directly; if they're not hashable and/or you want to use object
identity as the criterion (effectively like using 'is' rather than
'==' for your case statements), use id(x) as the keys, and make sure
you have other references to the objects. Then it'll be fine as a
straight-up dict.

If the switch block uses inequalities, then it suffers from the same
problem as the try/except block - it's inherently ordered, in case
(pun intended) there's a switched-on value that matches more than one.
(You could possibly optimize the int case, but that would be way WAY
too specific for a generic language structure.)

ChrisA



You clearly don't get my point.  I *DON'T* want to use stupid constants 
and stupid equalities, I want to use identities.  I *DON'T* want to use 
stupid ==, I want to use 'is'.  I *DON'T* care how many people with 
years of experience of Python tell me that this is the wrong thing to 
do, that is how I am going to do it.  So, for the final time of asking, 
how do I do the above with, and only with, the identity, even if you 
stupidly keep on trying to tell me that this is wrong?


--
My fellow Pythonistas, ask not what our language can do for you, ask 
what you can do for our language.


Mark Lawrence

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


--
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Can global variable be passed into Python function?

[Mark Lawrence]

On 02/03/2014 16:45, Grant Edwards wrote:


That's irrelevent.  The actual location of the memory containing the
struct object (static, stack, heap, shared) doesn't matter.  The
address of the first field in a struture object _is_ the address of
the structure object.



You say struture, I'll say structure, let's call the whole thing off :)

--
My fellow Pythonistas, ask not what our language can do for you, ask 
what you can do for our language.


Mark Lawrence

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


--
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Michael Torrie]

On 03/02/2014 03:07 AM, Chris Angelico wrote:
> 
 import os
 type(os.POSIX_FADV_RANDOM)
> 
> 
> So use ==. If it's later changed and you have to instead use 'is', you
> can change your code.

I don't see why == wouldn't continue to work if os.POSIX_FADV_RANDOM
became an object of a different type.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: why indentation should be part of the syntax

[Nicholas Cole]

On Sun, Mar 2, 2014 at 2:38 PM, Roy Smith  wrote:
> In article ,
>  Stefan Behnel  wrote:
>
>> Haven't seen any mention of it on this list yet, but since it's such an
>> obvious flaw in quite a number of programming languages, here's a good
>> article on the recent security bug in iOS, which was due to accidentally
>> duplicated code not actually being as indented as it looked:
>>
>> https://www.imperialviolet.org/2014/02/22/applebug.html
>>
>> Stefan
>
> Hogwash.  What this looks like is two gotos in a row.  Anybody who
> reviewed this code would have thrown up a red flag when they saw two
> gotos in a row.  If anything, the "incorrect" indentation makes it even
> more obvious.  Any static code analyzer would have also caught this as
> an unreachable statement.
>
> Paraphrasing this into Python, you get:
>
> def bogus():
> if SSLHashSHA1.update(hashCtx, serverRandom) != 0:
> raise fail
> if SSLHashSHA1.update(hashCtx, signedParams) != 0:
> raise fail
> raise fail
> if SSLHashSHA1.final(hashCtx, hashOut) != 0:
> raise fail
>
> which is syntactically valid (at least, I can import it), but clearly
> not what the author intended.  So how did Python's indentation rules
> save us?

Actually, that's incorrect.  The bug (written in Python) would have been:

if SSLHashSHA1.update(hashCtx, signedParams) != 0:
raise fail
raise fail # ie. no indent.

If written with the indent, it's a useless line of code, but it
doesn't become a bug.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Can global variable be passed into Python function?

[Dave Angel]

 Chris Angelico  Wrote in message:
> On Mon, Mar 3, 2014 at 12:22 AM, Dave Angel  wrote:
>> Sure,  for some definition of "usable".  Overhead such as block
>>  size, freelist pointer etc., are obviously outside of the
>>  returned block.  But the array size that's specified in a call to
>>  new [], and the vptr, are definitely inside the malloc'ed block,
>>  and may be before the struct data.
> 
> Hmm. Last I was working with it, the array size to new[] was outside
> the block, just as the block size to malloc(). The vptr is part of any
> struct/class with virtual functions, and effectively acts as a hidden
> class member, so you get one of those inside the block, and it's
> included in sizeof.
> 
> //Allocated Space: The Final Frontier!
> #include  //cout sucks :)
> 
> class Foo
> {
> int x;
> int y;
> int z;
> };
> 
> class Bar
> {
> int x;
> int y;
> int z;
> virtual int get_x() {return x;}
> };
> 
> int main()
> {
> printf("sizeof(int) = %u\n",sizeof(int));
> printf("sizeof(int*) = %u\n",sizeof(int*));
> printf("sizeof(Foo) = %u\n",sizeof(Foo));
> printf("sizeof(Bar) = %u\n",sizeof(Bar));
> Foo *foo = new Foo[10];
> printf("foo = %p/%p = %u\n",foo,foo+10,(char *)(foo+10)-(char *)foo);
> Bar *bar = new Bar[10];
> printf("bar = %p/%p = %u\n",bar,bar+10,(char *)(bar+10)-(char *)bar);
> return 0;
> }
> 
> 
> rosuav@sikorsky:~$ g++ frontier.cpp && ./a.out
> sizeof(int) = 4
> sizeof(int*) = 8
> sizeof(Foo) = 12
> sizeof(Bar) = 24
> foo = 0xf38010/0xf38088 = 120
> bar = 0xf38090/0xf38180 = 240
> 
> 
> 
> The rules of structs are that they be contiguous, that they be laid
> out sequentially, and that any padding needed between structures is at
> the end of the previous one (which is why three of 4 bytes makes 12
> bytes, but three of 4 bytes plus 8 bytes makes 24 - the eight-byte
> pointer has to be aligned on a multiple of eight bytes, so having a
> 20-byte structure that starts with an 8-byte pointer is a no-no). The
> allocated block of memory is, by definition, the same as the pointer
> to its first element. As it happens, the pointer bar is not synonymous
> with &bar->x, &bar->y, or &bar->z, which means the vptr is at the
> beginning of bar, which makes sense; but the compiler's not obliged to
> do that, and in some cases may choose not to - for instance, if bar
> (with a virtual function) inherited from foo (with none), it might be
> convenient to allow a pointer-cast to not change the value of the
> pointer. (g++ 4.7.2 still puts the vptr at the beginning of bar in
> that case, but other compilers or other versions may differ.)
> 
> Array size is outside the block, presumably before it, as &foo[0] is
> by definition identical to foo, and there's no room inside the
> structure for any spare data. Virtual function table is inside the
> block because it's a hidden member of the object (like __class__ in
> Python, only better hidden).
> 

Array size is inside the malloc block, but outside the struct
 block.  As you can see if you try to delete without the brackets
 when you used new [], some runtimes will crash. 

This is not to say that there will always be these extra offsets, 
 just that they can be there.

-- 
DaveA

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Can global variable be passed into Python function?

[Chris Angelico]

On Mon, Mar 3, 2014 at 3:55 AM, Mark Lawrence  wrote:
> On 02/03/2014 16:45, Grant Edwards wrote:
>>
>>
>> That's irrelevent.  The actual location of the memory containing the
>> struct object (static, stack, heap, shared) doesn't matter.  The
>> address of the first field in a struture object _is_ the address of
>> the structure object.
>>
>
> You say struture, I'll say structure, let's call the whole thing off :)

:)

Note that, technically, Grant is correct as long as you grant (heh)
that a structure may have an invisible member, the virtual function
table pointer. C++ only (I don't believe C has virtual functions - but
it may have grown them in one of the newer standards), so in C, all
members are public.

With an array, the array's pointer *is* the same as the pointer to its
first member, because adding zero to a pointer does nothing, and x <->
&x[0] <-> &(*(x+0)).

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Christian Heimes]

On 01.03.2014 21:11, Chris Angelico wrote:
> The problem isn't SHA-256. The problem is insecure passwords, the way
> we've been taught to make them by the banks. Hence, XKCD 936.

Your argumentation is just wrong. You are saying "It's OK to use a
totally insecure way to hash passwords because passwords are insecure".
The point of KDF and KSA is to derive some token from a low entropy
source (human input) that makes an attack harder. Please do your reading
and trust secure experts on algorithms like PBKDF2, bcrypt and
scrypt. hash(salt + password) is outdated and proven to be insecure for
at least a decade, more like 15+ years.

The concept of passwords itself is insecure. But we are stuck with
passwords for authentication mechanism for the foreseeable future. 2FA
is an attempt to increase the security of passwords-based authentication
schemes.

Christian

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Can global variable be passed into Python function?

[Chris Angelico]

On Mon, Mar 3, 2014 at 6:17 AM, Dave Angel  wrote:
> Array size is inside the malloc block, but outside the struct
>  block.  As you can see if you try to delete without the brackets
>  when you used new [], some runtimes will crash.

As in, you have to use "delete [] x" to correspond with "x = new
whatever[n]"? Yes, that's right, but that array size is earlier in
memory than x itself. I can pretend that x is the same as one declared
statically as "whatever x[n]", and it'll function the same way. When
new[] is implemented using malloc(), it'll be something like this:

{
data = malloc(n * sizeof(whatever) + sizeof n);
*(int *)data = n;
return ((int *)data)+1;
}

so in that case, the array size is inside the malloc'd block, but it's
still invisible to the calling function. A fully compliant C++
implementation could choose to store that elsewhere, in some kind of
lookup table - it could then easily catch bugs like "delete
malloc(1)", "delete [] malloc(1)", "delete [] new whatever", and
"delete new whatever[1]" (because the pointer given wouldn't be in the
'new' table or the 'new[]' table, respectively).

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: passing an option to the python interpreter

[Anssi Saari]

Marko Rauhamaa  writes:

> Jabba Laci :
>
>> I tried this:
>>
>> #!/usr/bin/env python -u
>
> The hash-bang notation is quite rigid; it only accepts a single argument
> ("python") to the command ("/usr/bin/env").
>
> I don't know if there is a simple workaround.

Using the relevant environment variable (PYTHONUNBUFFERED) seems simple
to me.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Roy Smith]

In article ,
 Christian Heimes  wrote:

> On 01.03.2014 21:11, Chris Angelico wrote:
> > The problem isn't SHA-256. The problem is insecure passwords, the way
> > we've been taught to make them by the banks. Hence, XKCD 936.
> 
> Your argumentation is just wrong. You are saying "It's OK to use a
> totally insecure way to hash passwords because passwords are insecure".
> The point of KDF and KSA is to derive some token from a low entropy
> source (human input) that makes an attack harder. Please do your reading
> and trust secure experts on algorithms like PBKDF2, bcrypt and
> scrypt. hash(salt + password) is outdated and proven to be insecure for
> at least a decade, more like 15+ years.
> 
> The concept of passwords itself is insecure. But we are stuck with
> passwords for authentication mechanism for the foreseeable future. 2FA
> is an attempt to increase the security of passwords-based authentication
> schemes.
> 
> Christian

Security is as much about cryptography as it is about human factors and 
business drivers.  You can make things resistant to brute-force attacks 
by using longer keys, but people are still going to pick bad passwords.  
You can force them to pick "good" passwords by rejecting their first 37 
choices, but all that does is encourage them to write the passwords down 
on sticky notes.

And, yes, you can make things more secure with 2FA, but there's a cost 
there.  You have to purchase and manage the infrastructure.  More than 
that, there's lost business if potential customers prefer a competitor's 
product because it's easier to access.  Many of the known insecure 
systems we use today are not that way because the people who run them 
are stupid; they're that way because the people who run them have worked 
the numbers and decided the cost to implement more secure systems would 
exceed the risk exposure.

We recently got a frothing email from a user, which basically said, "You 
farking idiots, you emailed me my password in plain text!"  It turns 
out, his user name was the same as his password and what we had sent him 
(in response to an account recovery query) was his username.  In 
response to that, we altered our account generation process to forbid 
passwords which are too similar to your chosen username or email 
address.  Which, of course, means we've taken one more step down the 
road to forcing our users to write their passwords on sticky notes.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Chris Angelico]

On Mon, Mar 3, 2014 at 7:01 AM, Roy Smith  wrote:
> We recently got a frothing email from a user, which basically said, "You
> farking idiots, you emailed me my password in plain text!"  It turns
> out, his user name was the same as his password and what we had sent him
> (in response to an account recovery query) was his username.

Sadly, there *are* systems that will actually email passwords in plain
text, and don't tell you so beforehand (Mailman at least tells you
that the password isn't meant for security). I met one recently. Did
not appreciate that. Fortunately when I changed my password, the new
password wasn't emailed back to me.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Michael Torrie :

> I don't see why == wouldn't continue to work if os.POSIX_FADV_RANDOM
> became an object of a different type.

It probably would.

If one were begging for trouble, one *could* define:

   class ABC:
   A = 1
   B = 1.0
   C = 1+0j

Now:

   ABC.A == ABC.B
   ABC.B == ABC.C
   ABC.C == ABC.A

but:

   ABC.A is not ABC.B
   ABC.B is not ABC.C
   ABC.C is not ABC.A


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Roy Smith]

In article <87txbg48kd@elektro.pacujo.net>,
 Marko Rauhamaa  wrote:

> Michael Torrie :
> 
> > I don't see why == wouldn't continue to work if os.POSIX_FADV_RANDOM
> > became an object of a different type.
> 
> It probably would.
> 
> If one were begging for trouble, one *could* define:
> 
>class ABC:
>A = 1
>B = 1.0
>C = 1+0j
> 
> Now:
> 
>ABC.A == ABC.B
>ABC.B == ABC.C
>ABC.C == ABC.A
> 
> but:
> 
>ABC.A is not ABC.B
>ABC.B is not ABC.C
>ABC.C is not ABC.A
> 
> 
> Marko

On can do all sorts of bizarre things.  If you wish to shoot yourself in 
the foot, Python is happy to provide the gun.

class ABC(object):
_instance = None
def __new__(cls):
if cls._instance is None:
i = object.__new__(cls)
i.__class__ = ABC
cls._instance = i
return cls._instance

def __eq__(self, other):
return False

a = ABC()
b = ABC()

print a is b
print a == b
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Chris Angelico]

On Mon, Mar 3, 2014 at 8:03 AM, Marko Rauhamaa  wrote:
> If one were begging for trouble, one *could* define:
>
>class ABC:
>A = 1
>B = 1.0
>C = 1+0j

You're missing the point of flags, though. One does not use floats for
flags. Flags are normally going to be integers (passed directly to an
underlying C API), strings (self-documenting), or arbitrary objects
with no value beyond their identities. In all cases, value equality is
the normal way to recognize them, except in the special case of
bit-flag integers, where you use bitwise operations (and then equality
checks, possibly):

DIRECTORY = 512 # Not sure that one's right, tbh
OWNER_READ = 256
OWNER_WRITE = 128
OWNER_EXEC = 64
GROUP_READ = 32
...
OTHERS_EXEC = 1

mode = 1005
if mode & DIRECTORY:
# It's a directory!
if mode & OTHERS_READ:
# You're allowed to read (eg 'ls')
if mode & GROUP_EXEC:
# You get the idea.

With multi-bit flags you might have to do a bitwise AND followed by an
equality check:

NOT_STICKY = 0
STICKY_PARTIAL = 16
STICKY_MOSTLY = 32
STICKY_ENTIRELY = 48
STICKY_BITS = 48

if style & STICKY_BITS == STICKY_MOSTLY:
# I've no idea what this means, actually

At no time can you do identity checks. It might happen to work with
the lower bit values and CPython, but when you check the 2048 bit, you
don't get that. Value is all that matters.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Boxes of O's

[Glazner]

On Sunday, March 2, 2014 4:43:48 PM UTC+2, geni...@gmail.com wrote:
> I agree with you and really appreciate your experience. But what I was 
> looking for is clues. Thank you anyway

#not tested
for i in range(n):
  for j in range(n*2):
if i in (0, n - 1) or j in (0, n*2 - 1):
  print('o', end='')
else:
  print(' ', end='')
   print()
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Michael Torrie]

On 03/02/2014 02:03 PM, Marko Rauhamaa wrote:
> Michael Torrie :
> 
>> I don't see why == wouldn't continue to work if os.POSIX_FADV_RANDOM
>> became an object of a different type.
> 
> It probably would.
> 
> If one were begging for trouble, one *could* define:
> 
>class ABC:
>A = 1
>B = 1.0
>C = 1+0j

And one could also set A=1 and B=1 if he was trying to be stupid.  That
would fail the equality test and the identity test (in CPython).  Seems
like this argument is getting a bit on the absurd side.  The normal
idiom is to use equality checks to test state variables' *values*.  I
don't know of any developer that would purposely try to break that when
defining a new module or class.

If Mark H wants to use an idiom that isn't conventional, or isn't widely
used, he is free to do so; I can't see much harm in it.  But certainly
it's not the "normal" way that it's done in Python from what I can see.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Boxes of O's

[Michael Torrie]

On 03/02/2014 07:43 AM, genius...@gmail.com wrote:
> I agree with you and really appreciate your experience. But what I
> was looking for is clues. Thank you anyway

Not sure what you mean. Chris certainly offered you clues to solving
this problem.  Certainly he pointed you in the right direction to learn
how to approach a problem and debug code.  Seems like what you really
wanted was the answer to be given you for this homework problem.  And
usually someone is willing to step up and do the work for you, so you
lucked out.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Marko Rauhamaa]

Michael Torrie :

> And one could also set A=1 and B=1 if he was trying to be stupid.
> [...]
> If Mark H wants to use an idiom that isn't conventional, or isn't
> widely used, he is free to do so; I can't see much harm in it. But
> certainly it's not the "normal" way that it's done in Python from what
> I can see.

You might be referring to what I have proposed.

Note that the idiom is in use in some standard python modules
(socket.py, ftplib.py, argparse.py, optparse.py). It is used extensively
in sre_compile.py/sre_constants.py:

   ANY = "any"
   [...]
   AT = "at"
   [...]
   CALL = "call"
   [...]
   IN = "in"

   elif op is IN:
   [...]
   elif op is ANY:
   [...]
   elif op is CALL:
   [...]
   elif op is AT:


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Can global variable be passed into Python function?

[Dave Angel]

 Chris Angelico  Wrote in message:
>
> }
> 
> so in that case, the array size is inside the malloc'd block, but it's
> still invisible to the calling function. 
> 

Please quit using negative language when you're so vehemently
 agreeing with me. 

The data is sometimes not at the beginning of the malloc'ed block.

-- 
DaveA

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Renato]

I would like to thank every one who posted a reply. I learnt a lot from you, 
guys! I appreciate your attention and your help :)

I took a class on Computer Simulation last year. It was told that deterministic 
(pseudo-)random numbers are excellent for simulations, because they allow 
debugging and replication when using a seed(). But it was said that 
deterministic random numbers weren't indeed suitable for encryption and 
security issues in general. For this purpose, non-deterministc stochastic 
methods would be more indicated. I learnt a lot about deterministic random 
numbers generation in this course, like using Mersenne Twister algorithm, but I 
learnt nothing about encryption, since it wasn't in the scope of that course. 
Could you suggest some introductory material concerning encryption? I have an 
intermediate math background (calculus, linear algebra etc) and I'm willing to 
learn more about security matters.

One last thing, about my original question. So, the only way of encapsulating a 
Python script content is to code a simple binary program to call it?

Regards,
Renato


Em sábado, 1 de março de 2014 14h49min49s UTC-3, Renato  escreveu:
> Hello everybody, I implemented a password validation with a Python 2.7.5 
> script in OpenSUSE 13.1. The user calls it passing 'login' and 'password' as 
> arguments. I made a dictionary in the format hashtable = {'login':'password'} 
> and I use this hash table to compare the 'login' and 'password' that were 
> passed in order to validate them. The problem is that any user who can 
> execute the script will be able to read it too (since it must be read by 
> python's interpreter), and this is causing some security issues since any 
> user can access all other users' passwords if he opens this script and reads 
> the code.
> 
> 
> 
> My question is: is there a way of preventing the user from reading the 
> script's content? Is there any strategy I could use to hide the passwords 
> from the users?

-- 
https://mail.python.org/mailman/listinfo/python-list

3.4rc2 and pip on windows

[Mark Lawrence]

Trying to install pyttsx, it doesn't strike me as very clever that, as 
seen below, you get "Successfully installed pyttsx" despite the syntax 
errors and you can't actually do an import.


c:\Users\Mark\CrossCode>c:\Python34\Scripts\pip3.4.exe install pyttsx
Downloading/unpacking pyttsx
  Downloading pyttsx-1.1.tar.gz
  Running setup.py 
(path:C:\Users\Mark\AppData\Local\Temp\pip_build_Mark\pyttsx\setup.py) 
egg_info for package pyttsx


Installing collected packages: pyttsx
  Running setup.py install for pyttsx
  File "C:\Python34\Lib\site-packages\pyttsx\driver.py", line 105
except Exception, e:
^
SyntaxError: invalid syntax

[other syntax errors snipped]

Successfully installed pyttsx
Cleaning up...

c:\Users\Mark\CrossCode>py -3.4
Python 3.4.0rc2 (v3.4.0rc2:a300712ed38c, Feb 23 2014, 10:49:04) [MSC 
v.1600 32 bit (Intel)] on win32

Type "help", "copyright", "credits" or "license" for more information.
>>> import pyttsx
Traceback (most recent call last):
  File "", line 1, in 
  File "C:\Python34\lib\site-packages\pyttsx\__init__.py", line 18, in 


from engine import Engine

I've looked at pyttsx in my 3.3 site-packages and it appears that I've 
manually run 2to3.  Is this something that could be done automatically 
by pip?  Your thoughts please, ladies and gentlemen.


--
My fellow Pythonistas, ask not what our language can do for you, ask 
what you can do for our language.


Mark Lawrence

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


--
https://mail.python.org/mailman/listinfo/python-list

Functional programming

[musicdenotation]

If Python is not a fnctional language, then which programming paradigmis 
dominant?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: 3.4rc2 and pip on windows

[Terry Reedy]

On 3/2/2014 6:55 PM, Mark Lawrence wrote:

Trying to install pyttsx, it doesn't strike me as very clever that, as
seen below, you get "Successfully installed pyttsx" despite the syntax
errors and you can't actually do an import.

c:\Users\Mark\CrossCode>c:\Python34\Scripts\pip3.4.exe install pyttsx
Downloading/unpacking pyttsx
   Downloading pyttsx-1.1.tar.gz
   Running setup.py
(path:C:\Users\Mark\AppData\Local\Temp\pip_build_Mark\pyttsx\setup.py)
egg_info for package pyttsx

Installing collected packages: pyttsx
   Running setup.py install for pyttsx
   File "C:\Python34\Lib\site-packages\pyttsx\driver.py", line 105
 except Exception, e:
 ^
 SyntaxError: invalid syntax

[other syntax errors snipped]

Successfully installed pyttsx


A bug it seems to me.


Cleaning up...

c:\Users\Mark\CrossCode>py -3.4
Python 3.4.0rc2 (v3.4.0rc2:a300712ed38c, Feb 23 2014, 10:49:04) [MSC
v.1600 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
 >>> import pyttsx
Traceback (most recent call last):
   File "", line 1, in 
   File "C:\Python34\lib\site-packages\pyttsx\__init__.py", line 18, in

 from engine import Engine

I've looked at pyttsx in my 3.3 site-packages and it appears that I've
manually run 2to3.  Is this something that could be done automatically
by pip?  Your thoughts please, ladies and gentlemen.


I should hope so.

--
Terry Jan Reedy

--
https://mail.python.org/mailman/listinfo/python-list

Re: Functional programming

[Terry Reedy]

On 3/2/2014 6:14 PM, musicdenotat...@gmail.com wrote:

If Python is not a fnctional language, then which programming paradigmis 
dominant?


Python is an object based procedural language with builtin classes and 
many functional features. Arguing about the precise wording of such a 
statement is not worthwhile.


--
Terry Jan Reedy

--
https://mail.python.org/mailman/listinfo/python-list

Re: Functional programming

[Ben Finney]

musicdenotat...@gmail.com writes:

> If Python is not a fnctional language, then which programming
> paradigmis dominant?

Python uses a mixture of programming paradigms. Object-oriented,
procedural, functional, and probably some I don't recall.

So it's not accurate to say “Python is not a functional language”. You
can do functional programming in Python. But you're not required to :-)

-- 
 \  “It's dangerous to be right when the government is wrong.” |
  `\   —Francois Marie Arouet Voltaire |
_o__)  |
Ben Finney

-- 
https://mail.python.org/mailman/listinfo/python-list

how to get bytes from bytearray without copying

[Juraj Ivančić]

Is it possible to somehow 'steal' bytearray's buffer and make it a 
read-only bytes? I failed to find a way to do this, and would like to 
make sure.


My use case is, I would expect, fairly common. I read a certain 
(potentially very large) amount of data from the network into a 
pre-allocated bytearray. From that point on, this data is logically 
read-only. To prevent making redundant copies, I wrap it in a 
memoryview, and then slice and dice it. The problem with this memoryview 
is that it, and its slices, are considered writable, and thus cannot be 
hashed:


ValueError: cannot hash writable memoryview object

The only way (AFAICT) to make this work is to first create a bytes 
object from bytearray, but this copies the data. I don't need this copy, 
so I'd like to avoid it, because of both principle and performance reasons.


Is there any reason why bytearray isn't able to release/convert its 
buffer to bytes? I see that it has a clear() method which... well... 
clears it. The former would be much more useful.


I would also be content if there is some way of making memoryview 
artificially read-only to avoid the above error.


Any help/thoughts/comments are highly appreciated.

--
https://mail.python.org/mailman/listinfo/python-list

Re: Functional programming

[Roy Smith]

In article ,
 Terry Reedy  wrote:

> On 3/2/2014 6:14 PM, musicdenotat...@gmail.com wrote:
> > If Python is not a fnctional language, then which programming paradigmis 
> > dominant?
> 
> Python is an object based procedural language with builtin classes and 
> many functional features. Arguing about the precise wording of such a 
> statement is not worthwhile.

+1 QOTW.  Especially the second sentence.
-- 
https://mail.python.org/mailman/listinfo/python-list

Error compressing tar file

[Mike]

Hello,
I have the script that make a backup file (this process is ok), but now i wish 
compress the file on tar file format. But i have problem syntax in the line of 
the tar function. 

The error is 

[root@master ~]# python bkp_db.py 
  File "bkp_db.py", line 19
tar = tarfile.open(dumpfile)+'.tar.gz','w:gz')
 ^

Note: The 'dumpfile' is the variable for my dump generate with format 
db_02-27-14

..
tar = tarfile.open(dumpfile)+'.tar.gz','w:gz')
tar.add(os.path.join(dumpfile), arcname=dumpfile)
tar.close()


Wath is the correct sintax?


Thanks.



-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Error compressing tar file

[Joel Goldstick]

On Mar 2, 2014 7:40 PM, "Mike"  wrote:
>
> Hello,
> I have the script that make a backup file (this process is ok), but now i
wish compress the file on tar file format. But i have problem syntax in the
line of the tar function.
>
> The error is
>
> [root@master ~]# python bkp_db.py
>   File "bkp_db.py", line 19
> tar = tarfile.open(dumpfile)+'.tar.gz','w:gz'))
>  ^
>
> Note: The 'dumpfile' is the variable for my dump generate with format
db_02-27-14
>
> ..
> tar = tarfile.open(dumpfile)+'.tar.gz','w:gz')
> tar.add(os.path.join(dumpfile), arcname=dumpfile)
> tar.close()
> 
>
> Wath is the correct sintax?
>
>
> Thanks.
>
>
>
> --
> https://mail.python.org/mailman/listinfo/python-list
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Error compressing tar file

[Joel Goldstick]

On Mar 2, 2014 7:41 PM, "Joel Goldstick"  wrote:
>
>
> On Mar 2, 2014 7:40 PM, "Mike"  wrote:
> >
> > Hello,
> > I have the script that make a backup file (this process is ok), but now
i wish compress the file on tar file format. But i have problem syntax in
the line of the tar function.
> >
> > The error is
> >
> > [root@master ~]# python bkp_db.py
> >   File "bkp_db.py", line 1
Oops. Remove ) after dumpfile
> > tar = tarfile.open(dumpfile)+'.tar.gz','w:gz'))
>
> >  ^
> >
> > Note: The 'dumpfile' is the variable for my dump generate with format
db_02-27-14
> >
> > ..
> > tar = tarfile.open(dumpfile)+'.tar.gz','w:gz')
> > tar.add(os.path.join(dumpfile), arcname=dumpfile)
> > tar.close()
> > 
> >
> > Wath is the correct sintax?
> >
> >
> > Thanks.
> >
> >
> >
> > --
> > https://mail.python.org/mailman/listinfo/python-list
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: how to get bytes from bytearray without copying

[Cameron Simpson]

On 03Mar2014 01:07, Juraj Ivančić  wrote:
> Is it possible to somehow 'steal' bytearray's buffer and make it a
> read-only bytes? I failed to find a way to do this, and would like
> to make sure.
> 
> My use case is, I would expect, fairly common. I read a certain
> (potentially very large) amount of data from the network into a
> pre-allocated bytearray. From that point on, this data is logically
> read-only. To prevent making redundant copies, I wrap it in a
> memoryview, and then slice and dice it. The problem with this
> memoryview is that it, and its slices, are considered writable, and
> thus cannot be hashed:
> 
> ValueError: cannot hash writable memoryview object

Have you considered subclassing memoryview and giving the subclass
a __hash__ method?

Cheers,
-- 
Cameron Simpson 

Mountain rescue teams insist the all climbers wear helmets, and fall haedfirst.
They are then impacted into a small globular mass easily stowed in a rucsac.
- Tom Patey, who didnt, and wasnt
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: how to get bytes from bytearray without copying

[Mark Lawrence]

On 03/03/2014 00:07, Juraj Ivančić wrote:

Is it possible to somehow 'steal' bytearray's buffer and make it a
read-only bytes? I failed to find a way to do this, and would like to
make sure.

My use case is, I would expect, fairly common. I read a certain
(potentially very large) amount of data from the network into a
pre-allocated bytearray. From that point on, this data is logically
read-only. To prevent making redundant copies, I wrap it in a
memoryview, and then slice and dice it. The problem with this memoryview
is that it, and its slices, are considered writable, and thus cannot be
hashed:

ValueError: cannot hash writable memoryview object

The only way (AFAICT) to make this work is to first create a bytes
object from bytearray, but this copies the data. I don't need this copy,
so I'd like to avoid it, because of both principle and performance reasons.

Is there any reason why bytearray isn't able to release/convert its
buffer to bytes? I see that it has a clear() method which... well...
clears it. The former would be much more useful.

I would also be content if there is some way of making memoryview
artificially read-only to avoid the above error.

Any help/thoughts/comments are highly appreciated.



If your data is readonly why can't you simply read it as bytes in the 
first place?  Failing that from 
http://docs.python.org/3/library/stdtypes.html#memoryview


tobytes() - Return the data in the buffer as a bytestring. This is 
equivalent to calling the bytes constructor on the memoryview.


>>> m = memoryview(b"abc")
>>> m.tobytes()
b'abc'
>>> bytes(m)
b'abc'

--
My fellow Pythonistas, ask not what our language can do for you, ask 
what you can do for our language.


Mark Lawrence

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


--
https://mail.python.org/mailman/listinfo/python-list

Re: how to get bytes from bytearray without copying

[Ian Kelly]

On Sun, Mar 2, 2014 at 5:44 PM, Cameron Simpson  wrote:
> Have you considered subclassing memoryview and giving the subclass
> a __hash__ method?

>>> class MyMemoryView(memoryview):
... def __hash__(self): return 42
...
Traceback (most recent call last):
  File "", line 1, in 
TypeError: type 'memoryview' is not an acceptable base type
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Error compressing tar file

[Mike]

El domingo, 2 de marzo de 2014 21:38:49 UTC-3, Mike  escribió:
> Hello,
> 
> I have the script that make a backup file (this process is ok), but now i 
> wish compress the file on tar file format. But i have problem syntax in the 
> line of the tar function. 
> 
> 
> 
> The error is 
> 
> 
> 
> [root@master ~]# python bkp_db.py 
> 
>   File "bkp_db.py", line 19
> 
> tar = tarfile.open(dumpfile)+'.tar.gz','w:gz')
> 
>  ^
> 
> 
> 
> Note: The 'dumpfile' is the variable for my dump generate with format 
> db_02-27-14
> 
> 
> 
> ..
> 
> tar = tarfile.open(dumpfile)+'.tar.gz','w:gz')
> 
> tar.add(os.path.join(dumpfile), arcname=dumpfile)
> 
> tar.close()
> 
> 
> 
> 
> 
> Wath is the correct sintax?
> 
> 
> 
> 
> 
> Thanks.

Hello,
without ")" i have the same sintax error: 

[root@master ~]# python bkp_db.py 
Traceback (most recent call last):
  File "bkp_db.py", line 19, in 
tar = tarfile.open(dumpfile + '.tar.gz','w:gz')
TypeError: unsupported operand type(s) for +: 'file' and 'str' 

Thanks.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Steven D'Aprano]

On Sun, 02 Mar 2014 15:01:09 -0500, Roy Smith wrote:

> Security is as much about cryptography as it is about human factors and
> business drivers.  You can make things resistant to brute-force attacks
> by using longer keys, but people are still going to pick bad passwords.

Yes. But:

> You can force them to pick "good" passwords by rejecting their first 37
> choices, but all that does is encourage them to write the passwords down
> on sticky notes.

There is nothing wrong with writing passwords down on sticky notes. 
(Well, figuratively speaking. Perhaps not *literal* sticky notes, since 
they are too easy to lose.) You have to ask, what is the threat you are 
trying to defend against?

If your threat is that the Secret Police will break your door down at 
3am, and smash your fingers one at a time until you give them your 
passwords, then strong passwords that only you remember will not save you.

If the threat is that your little brother will log into your hotmail 
account and send rude messages to your school friends, then writing your 
password down on a Postit and sticking it on the computer is insecure, 
but keeping it in your wallet or purse may be secure enough.

Today, one of the biggest (but not the only) threats most people face is 
the mass theft of passwords from idiot organisations that store them in 
insecure databases as plain text. There's not much we, the users, can do 
about that, except complain complain complain when it happens. Possibly 
sue, on the basis that storing passwords as plain text is not within a 
million miles of best practice or even standard practice.

Another threat comes from black-hat hackers breaking your password. 
Whether they want *your* password specifically, or just picked your 
account randomly, this is where strong passwords can have a good effect. 
Until such time as an attacker can reach through the Internet to read the 
password on your Postit Note, writing down your strong password and 
keeping it by your computer is an effective way to counter this threat.


> And, yes, you can make things more secure with 2FA, but there's a cost
> there.  You have to purchase and manage the infrastructure.  More than
> that, there's lost business if potential customers prefer a competitor's
> product because it's easier to access.  Many of the known insecure
> systems we use today are not that way because the people who run them
> are stupid; they're that way because the people who run them have worked
> the numbers and decided the cost to implement more secure systems would
> exceed the risk exposure.

While in principle you are right, in practice I think that most of these 
people and organisations start from number of dodgy assumptions, starting 
with "Meh, it'll never happen...". They underestimate the risk, 
underestimate the consequences, ignore costs that don't apply solely to 
them (e.g. the cost of spam sent from tens of millions of compromised PCs 
and gmail accounts), overestimate the strength of their half-baked 
solutions, and ignore the portion of their user-base who actually does 
want better security.

When they do make a half-hearted attempt at security, it's often security 
theatre, e.g. I have a bank account with one bank that doesn't let you 
type your password, instead you have to click keys on a simulated 
keyboard on screen. You're limited to *six* (SIX!!!) case-insensitive 
alphanumeric characters, letters and digits only.

And then, to add insult to injury, they have the fecking cheek to hassle 
you every few months to change your insecure password for another 
insecure password, thus increasing the chance that you'll forgot what it 
is and lock yourself out of the account. This encourages people to choose 
even weaker passwords, so they won't forget them.

Another bank I use eschews such ridiculous "security" and actually 
provides you with a real cryptographic key for which you have to provide 
a passphrase. A passphrase limited to *eight* alphanumeric characters. 
And I think it is case-insensitive, although I haven't actually tried it.

I expect that these idiots spent more time, effort and money *preventing* 
their users from putting in strong passwords than they would have spent 
to allow strong passwords.

 
> We recently got a frothing email from a user, which basically said, "You
> farking idiots, you emailed me my password in plain text!"  It turns
> out, his user name was the same as his password and what we had sent him
> (in response to an account recovery query) was his username.  In
> response to that, we altered our account generation process to forbid
> passwords which are too similar to your chosen username or email
> address.  Which, of course, means we've taken one more step down the
> road to forcing our users to write their passwords on sticky notes.

That's a good thing.

People have managed physical keys for *centuries*. Yes, there are a class 
of threats where you lose your key, or someone steals it, or makes a 
copy, b

Re: Functional programming

[Ned Batchelder]

On 3/2/14 6:14 PM, musicdenotat...@gmail.com wrote:

If Python is not a fnctional language, then which programming paradigmis 
dominant?



is_a_functional_language() is not a binary condition, yes or no.  It's a 
continuum.  Python has more functional constructs than Pascal, and fewer 
than Haskell.


--
Ned Batchelder, http://nedbatchelder.com

--
https://mail.python.org/mailman/listinfo/python-list

Re: how to get bytes from bytearray without copying

[Ian Kelly]

On Sun, Mar 2, 2014 at 5:07 PM, Juraj Ivančić  wrote:
> Is it possible to somehow 'steal' bytearray's buffer and make it a read-only
> bytes? I failed to find a way to do this, and would like to make sure.
>
> My use case is, I would expect, fairly common. I read a certain (potentially
> very large) amount of data from the network into a pre-allocated bytearray.
> From that point on, this data is logically read-only. To prevent making
> redundant copies, I wrap it in a memoryview, and then slice and dice it. The
> problem with this memoryview is that it, and its slices, are considered
> writable, and thus cannot be hashed:
>
> ValueError: cannot hash writable memoryview object
>
> The only way (AFAICT) to make this work is to first create a bytes object
> from bytearray, but this copies the data. I don't need this copy, so I'd
> like to avoid it, because of both principle and performance reasons.
>
> Is there any reason why bytearray isn't able to release/convert its buffer
> to bytes? I see that it has a clear() method which... well... clears it. The
> former would be much more useful.
>
> I would also be content if there is some way of making memoryview
> artificially read-only to avoid the above error.

Python 3.3 has a C API function to create a memoryview for a char*,
that can be made read-only.

http://docs.python.org/3/c-api/memoryview.html#PyMemoryView_FromMemory

I don't see a way to do what you want in pure Python, apart from
perhaps writing an elaborate proxy class that would just be a poor
man's memoryview.  Or you could bite the bullet and copy everything
once at the start to create a bytes object, and then never have to
worry about it again.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Help with "Guess the number" script

[Scott W Dunning]

On Mar 2, 2014, at 12:38 AM, Larry Hudson  wrote:
> 
> Another 'problem' is what you failed to mention in your post, but is apparent 
> from the instructions that you posted -- this assignment is NOT the complete 
> program, just the beginning of one.  Your instructor obviously wants you to 
> work on (and understand) this program fragment before continuing with the 
> rest of it.
> 
No it is the whole program I just didn’t post his entire instructs because they 
were like 5 pages.  Ifugured I just post what I was struggling with right now.  
I’m hoping once I get past this first par I’ll be good to go.  Hopefully!

Scott

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Help with "Guess the number" script

[Scott W Dunning]

On Mar 1, 2014, at 6:16 PM, Chris Angelico  wrote:
> 
> Another consideration: Susan's code is written for Python 3, but you
> seemed to be using Python 2. You'll find that the code won't even run
> on your version of Python.
> 
> (If you have the chance, ask if the course writer would consider
> updating it to use Python 3. There's getting to be less and less
> reason to use Python 2 for any new projects; when you start a brand
> new system, you should be using Python 3 unless there's something
> holding you on the old version. So it's correspondingly more useful to
> learn Py3.)
> 
> ChrisA

I completely agree.  However, the instructor is wanting to use Python 2.7.6 
because the book he is using for the course goes over 2.7.6.  Hopefully, once I 
learn more it will not be a huge jump to python 3.  

Scott

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: how to get bytes from bytearray without copying

[Cameron Simpson]

On 02Mar2014 17:55, Ian Kelly  wrote:
> On Sun, Mar 2, 2014 at 5:44 PM, Cameron Simpson  wrote:
> > Have you considered subclassing memoryview and giving the subclass
> > a __hash__ method?
> 
> >>> class MyMemoryView(memoryview):
> ... def __hash__(self): return 42
> ...
> Traceback (most recent call last):
>   File "", line 1, in 
> TypeError: type 'memoryview' is not an acceptable base type

Ah. The slices were going to be an issue too, anyway.

He could write a wrapper class with a __hash__ method, whose slices
themselves are also the wrapper class.

It raises the implementation bar only slightly.

Cheers,
-- 
Cameron Simpson 

Please do not send me Microsoft Word files.
http://en.nothingisreal.com/wiki/Please_don't_send_me_Microsoft_Word_documents
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Ian Kelly]

On Sun, Mar 2, 2014 at 4:10 PM, Renato  wrote:
> I would like to thank every one who posted a reply. I learnt a lot from you, 
> guys! I appreciate your attention and your help :)
>
> I took a class on Computer Simulation last year. It was told that 
> deterministic (pseudo-)random numbers are excellent for simulations, because 
> they allow debugging and replication when using a seed(). But it was said 
> that deterministic random numbers weren't indeed suitable for encryption and 
> security issues in general. For this purpose, non-deterministc stochastic 
> methods would be more indicated. I learnt a lot about deterministic random 
> numbers generation in this course, like using Mersenne Twister algorithm, but 
> I learnt nothing about encryption, since it wasn't in the scope of that 
> course. Could you suggest some introductory material concerning encryption? I 
> have an intermediate math background (calculus, linear algebra etc) and I'm 
> willing to learn more about security matters.
>
> One last thing, about my original question. So, the only way of encapsulating 
> a Python script content is to code a simple binary program to call it?

Another alternative would be to implement the script as a service that
runs under a separate account.  All the user can directly access is a
client script that sends requests to the service, which does the
actual work and is effectively encapsulated.

I'll also reiterate what others have written about protecting
passwords.  No matter how much you think you've locked down the
script, you shouldn't be storing plaintext passwords *anywhere*.
Remember that nothing that you code will ever be as secure as you
think it is.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Can global variable be passed into Python function?

[Steven D'Aprano]

On Sun, 02 Mar 2014 13:33:11 +0200, Marko Rauhamaa wrote:

> Steven D'Aprano :
> 
>> On Sun, 02 Mar 2014 11:35:43 +0200, Marko Rauhamaa wrote:
>>> Now, what kinds of object are those constants? We are not supposed to
>>> know or care.
>>
>> Incorrect. We are supposed to know and care.
> 
> Then, the documentation is seriously flawed. It gives no hint whatsoever
> on the nature of those objects.

"Seriously" flawed? I doubt it. It's a trivial, pedantic point, and I 
expect that most practising Python programmers will consider it too 
obvious to bother documenting the fact that flags meant for compatibility 
with POSIX operating systems are ints.

On the other hand, perhaps I am wrong and it is a documentation bug. Feel 
free to suggest a documentation patch on the bug tracker.


>> os.posix is exactly the sort of library I mentioned earlier when I said
>> sometimes you're constrained by compatibility with some other system.
>> In this case, the os module is explicitly designed to be compatible
>> with the POSIX interface, which is defined to use certain integer
>> values as flags. This is not an implementation choice which
>> implementers can change at will, it is part of the interface.
> 
> The values of those Python constants don't need to have any relationship
> with those of the underlying operating system.

In theory, they could be different. In practice, no they won't. You 
should be able to pass the Python constants directly to some C library 
which expects to see ints. It's a thin wrapper, not a bridge.


>> Python does not guarantee that there is only a single 1 instance.
> 
> Nobody has ever argued such a thing. I certainly haven't.

You may not have intended to, but by championing the use of "is", that is 
precisely what you have done. Using "is" tests for *identity*, not value. 
To get the behaviour you want, it requires those objects to be singletons.


> However, nothing in the API spec gives you the right to call the
> function with an integer.

But you do call the function with an integer. And if you don't, you get a 
type error that explicitly tells you that an integer is needed:

py> os.posix_fadvise(open("/tmp/spam").fileno(), 0, 100, None)
Traceback (most recent call last):
  File "", line 1, in 
TypeError: an integer is required


>> If you want to test whether a value is os.POSIX_FADV_RANDOM, the right
>> way is to compare that value for equality with os.POSIX_FADV_RANDOM,
>> not identity.
> 
> That might well be true but is not explicitly or implicitly specified in
> the documentation. (The os.SEEK_* constants are explicitly defined.)

Not everything needs to be documented explicitly. Would you rather the 
Python developers spend their time fixing bugs and improving the 
language, or ensuring that every trivial and obvious point is explicitly 
documented?

If you feel this is not a trivial or obvious point, and that it needs 
documenting, then feel free to contribute a documentation patch.



-- 
Steven D'Aprano
http://import-that.dreamwidth.org/
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Functional programming

[Steven D'Aprano]

On Mon, 03 Mar 2014 06:14:09 +0700, musicdenotation wrote:

> If Python is not a fnctional language, then which programming paradigmis
> dominant?

Object oriented and procedural are about equally dominant, with a strong 
influence from functional paradigm.

There are small amounts of imperative paradigm (e.g. the import and del 
statements), and you can use iterators and generators to program using a 
pipelining paradigm.



-- 
Steven D'Aprano
http://import-that.dreamwidth.org/
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Error compressing tar file

[Steven D'Aprano]

On Sun, 02 Mar 2014 17:11:19 -0800, Mike wrote:

> without ")" i have the same sintax error:
> 
> [root@master ~]# python bkp_db.py
> Traceback (most recent call last):
>   File "bkp_db.py", line 19, in 
> tar = tarfile.open(dumpfile + '.tar.gz','w:gz')
> TypeError: unsupported operand type(s) for +: 'file' and 'str'


That is not a syntax error. It is a type error. You cannot add a file 
object and a string object together.

Please inspect the value of dumpfile. You are treating it as if it were a 
string, but it looks like it is an open file object. I think that you 
probably expect this:

dumpfile = "path to some file"
tarfile.open(dumpfile + '.tar.gz','w:gz')


but what you actually have is probably something like this:


dumpfile = open("path to some file")
tarfile.open(dumpfile + '.tar.gz','w:gz')





-- 
Steven D'Aprano
http://import-that.dreamwidth.org/
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Steven D'Aprano]

On Sun, 02 Mar 2014 15:10:06 -0800, Renato wrote:

> I would like to thank every one who posted a reply. I learnt a lot from
> you, guys! I appreciate your attention and your help :)
> 
> I took a class on Computer Simulation last year. It was told that
> deterministic (pseudo-)random numbers are excellent for simulations,
> because they allow debugging and replication when using a seed(). But it
> was said that deterministic random numbers weren't indeed suitable for
> encryption and security issues in general. For this purpose,
> non-deterministc stochastic methods would be more indicated. 

Either you have misunderstood, or you have been told something incorrect.

You don't in general want non-deterministic stochastic randomness, 
because you can't control it and you can't make any guarantees about it. 
Stochastic randomness nearly always has deviations from uniformity which 
can be exploited, that is, it is less random than you might think. For 
example:

http://www.newscientist.com/article/mg21428644.500-roulette-beater-spills-
physics-behind-victory.html

http://en.wikipedia.org/wiki/Eudaemons


Nor do should you use deterministic PRNGs like the Mersenne Twister, not 
because they are deterministic, but because they aren't cryptographically 
strong.

The right approach is to use a deterministic PRNG which is deliberately 
designed for use in cryptographic applications, and then add in a source 
of entropy (which might be non-deterministic, like thermal noise or the 
output of radioactive decay). On Unix systems, the OS already does this 
for you:

http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/


> One last thing, about my original question. So, the only way of
> encapsulating a Python script content is to code a simple binary program
> to call it?

I don't understand this question. Can you explain more?




-- 
Steven D'Aprano
http://import-that.dreamwidth.org/
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Ian Kelly]

On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
 wrote:
> People have managed physical keys for *centuries*. Yes, there are a class
> of threats where you lose your key, or someone steals it, or makes a
> copy, but the risks are well-understood and can be managed even by your
> grandmother. We have good solutions for those problems that work well,
> and many of them apply just as well to sticky notes with secure passwords
> written on them.

I don't know how well the analogy holds up.  People protect their
keys, because a) if they lose them, they can't get into their house or
business, and b) if they're stolen, somebody else could gain access
and steal expensive items from them.  People are less likely to
protect their sticky notes, because a) nobody is going to steal a
piece of paper, and b) if it does go missing, the IT guy is just one
phone call away, and c) who would want to break into my desktop
anyway? I don't have any trade secrets in there.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Chris Angelico]

On Mon, Mar 3, 2014 at 12:52 PM, Ian Kelly  wrote:
> On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
>  wrote:
>> People have managed physical keys for *centuries*. Yes, there are a class
>> of threats where you lose your key, or someone steals it, or makes a
>> copy, but the risks are well-understood and can be managed even by your
>> grandmother. We have good solutions for those problems that work well,
>> and many of them apply just as well to sticky notes with secure passwords
>> written on them.
>
> I don't know how well the analogy holds up.  People protect their
> keys, because a) if they lose them, they can't get into their house or
> business, and b) if they're stolen, somebody else could gain access
> and steal expensive items from them.  People are less likely to
> protect their sticky notes, because a) nobody is going to steal a
> piece of paper, and b) if it does go missing, the IT guy is just one
> phone call away, and c) who would want to break into my desktop
> anyway? I don't have any trade secrets in there.

The greatest threats these days are from the network, not from someone
physically walking into an office. (That said, though, the low-hanging
fruit from walking into an office can be *extremely* tempting. Pulling
off a basic password leech off sticky notes is often so easy that it
can be done as a visitor, or at least as a pizza deliveryman.)
Ultimately, any network-accessible resource is protected by some
system of credentials that can be guessed; the only question is how
hard it is to guess. Any scheme to steal the password has to be easier
than guessing, or it's not worth it. Breaking a salted SHA-256 versus
XKCD 538 password cracking? Take your pick, but guessing a
six-character password beats both (being quicker than the one and more
subtle than the other).

Maybe salted SHA-256 isn't perfect, but it's certainly (a) a lot
better than plain text, unsalted hashes, or salted MD5, and (b) good
enough to raise the cracking of the hash above a lot of other
infiltration techniques.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Help with "Guess the number" script

[Scott W Dunning]

On Mar 2, 2014, at 6:40 PM, Scott W Dunning  wrote:

This is what Im having trouble with now.  Here are the directions I’m stuck on 
and what I have so far, I’ll bold the part that’s dealing with the instructions 
if anyone could help me figure out where I’m going wrong.  

Thanks!

from random import randrange
randrange(1, 101)
from random import seed
seed(129)

def print_description():
print """Welcome to Guess the Number.
I have seleted a secret number in the range 1 ... 100.
You must guess the number within 10 tries.
I will tell you if you ar high or low, and
I will tell you if you are hot or cold.\n"""
   
def get_guess(guess_number):
promt = "(" + str(guess_number) +") Please enter a guess:"
user_guess = raw_input(promt)
user_guess = int(user_guess)
return user_guess

def print_hints(secrets, guess):
secret_number = secret
guess = guess
if guess < 0 or user_guess> 101:
print "Out of range!"

def main():
print_description()
secret = randrange(1,101)
current_guess = get_guess(1)
if current_guess != secret:
print_hints(secret_number, guess)
current_guess = get_guess(2)

if secret == current_guess:
print "Congratulations, you win!"
else:
print "Please play again"
print "The secret number was", secret

main()
Just below the body of the get guess function, define a new function named 
print hints that takes two arguments. The first is a secret num- ber and is 
kept in a parameter named secret. The second is a guess made by the user and it 
is held in a parameter named guess.

The user’s guess is supposed to be within the range 1 ... 100. Write a 
conditional statement that checks if the guess is out of that range, and if it 
is print ‘out of range’ in the body of the print hints function.

Now we are going to give the user the option to make a second guess. You must 
add code to the main function immediately after assignment statement you wrote 
for task 7.

Write a conditional statement to check if the current guess does not match the 
secret number. If the numbers to not match, in the body of the conditional 
statement you will do two things.

(a)  call print hints to give the user hints,

(b)  re-assign current guess to the result of calling get guess with an

argument of 2. -- 
https://mail.python.org/mailman/listinfo/python-list

Re: Help with "Guess the number" script

[Ben Finney]

Scott W Dunning  writes:

> This is what Im having trouble with now.

Once again, Scott, this discussion should be happening at the Tutor
forum. Please don't continue the fragmentation of this discussion; keep
the discusson over at the Tutor forum.

-- 
 \  “I like to fill my bathtub up with water, then turn the shower |
  `\   on and pretend I'm in a submarine that's been hit.” —Steven |
_o__)   Wright |
Ben Finney

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Help with "Guess the number" script

[Scott W Dunning]

On Mar 2, 2014, at 8:52 PM, Ben Finney  wrote:
> 
> Once again, Scott, this discussion should be happening at the Tutor
> forum. Please don't continue the fragmentation of this discussion; keep
> the discusson over at the Tutor forum.
Sorry, I was just replying to replies to my post.  I get the posts through my 
email so it’s hard to distinguish, especially since people are responding under 
both.  I guess since people are responding it’s not that big a deal.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Steven D'Aprano]

On Sun, 02 Mar 2014 18:52:40 -0700, Ian Kelly wrote:

> On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
>  wrote:
>> People have managed physical keys for *centuries*. Yes, there are a
>> class of threats where you lose your key, or someone steals it, or
>> makes a copy, but the risks are well-understood and can be managed even
>> by your grandmother. We have good solutions for those problems that
>> work well, and many of them apply just as well to sticky notes with
>> secure passwords written on them.
> 
> I don't know how well the analogy holds up.  People protect their keys,
> because a) if they lose them, they can't get into their house or
> business, and b) if they're stolen, somebody else could gain access and
> steal expensive items from them. 

A bit like the password to your bank account, or for that matter your 
Facebook account.


> People are less likely to protect
> their sticky notes, because a) nobody is going to steal a piece of
> paper, 

Oh really? Chances are you're wallet is *full* of pieces of paper that 
people would steal, given half the chance.


> and b) if it does go missing, the IT guy is just one phone call
> away, 

Last time I had to call my bank to unlock my account, it took two phone 
calls and nearly three hours of elapsed time. And I was lucky I didn't 
have to physically go in to a branch and show photo ID.


> and c) who would want to break into my desktop anyway? I don't
> have any trade secrets in there.

Who would want to steal somebody else's identity?

I'm not saying that people are born with an intuitive understanding of 
the security issues of a modern technological society. But they can 
*learn* (perhaps only after they get burned) that they need to protect 
their computer accounts, including their desktop.

Having learned that, they're screwed: even in the (uncommon) case that 
their account will support a cryptographically strong passphrase, most 
people need a dozen or more different passwords and/or passphrases. (I 
have about 50, only a dozen of which I keep in my head.) Who is going to 
remember a 12 character high-entropy string for an account they only use 
once a year? Most people have trouble remembering four-digit PINs if they 
don't use them regularly.

We cannot solve the social problem that people *don't* care about 
security with a technical solution, but we might be able to solve the 
problem that people *can't* remember sufficient passphrases and passwords 
for their needs. Lacking a technical solution for that, for most people, 
under many practical threat models, writing down your strong passwords on 
bits of paper which you then keep safe is better than using weak 
passwords, using one strong password for everything, or trying to 
remember a dozen strong, independent passwords.



-- 
Steven
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Coding a simple state machine in python

[alex23]

On 25/02/2014 8:01 PM, Peter Otten wrote:

alex23 wrote:

No, the _easy_ solution is [find a suitable package on PyPI]


Easy? By the time I have evaluated these I've written my own ;)


It's never writing a solution that's the problem...it's maintaining it 
over time :)


--
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Chris Angelico]

On Mon, Mar 3, 2014 at 3:38 PM, Steven D'Aprano  wrote:
> Oh really? Chances are you're wallet is *full* of pieces of paper that
> people would steal, given half the chance.

Alas no... around here, wallets get filled with pieces of plastic [1],
of which my wallet is sadly devoid. And I can't imagine anyone putting
effort into stealing my Gilbert & Sullivan Society membership card,
nor my coupon card for a half-price watch battery replacement on
condition that I take it back to some place that I don't go anywhere
near any more... But don't let that detract from your point :D

>> and b) if it does go missing, the IT guy is just one phone call
>> away,
>
> Last time I had to call my bank to unlock my account, it took two phone
> calls and nearly three hours of elapsed time. And I was lucky I didn't
> have to physically go in to a branch and show photo ID.

That's about par for the course. Worst part of it is when you lose
your connection and have to (a) go right back to the end of the caller
queue, (b) get through to a different agent, and therefore (c) have to
start over with the whole identifying-yourself thing. I wish I could
invoke tmux or GNU Screen on arrival,and then just reconnect.

This is, perhaps, the best argument in favour of password security.
The thought that someone might steal your identity is so vague and
hard to comprehend that it won't scare people; the possibility of
someone stealing money is "Oh but my bank will keep me safe" (whether
or not that's true is quite tangential); but explain that forgetting
your password (or having someone else figure out your password) means
having to call support? *That* is an incentive.

> Having learned that, they're screwed: even in the (uncommon) case that
> their account will support a cryptographically strong passphrase, most
> people need a dozen or more different passwords and/or passphrases. (I
> have about 50, only a dozen of which I keep in my head.) Who is going to
> remember a 12 character high-entropy string for an account they only use
> once a year? Most people have trouble remembering four-digit PINs if they
> don't use them regularly.

What if you create XKCD 936 passwords, and then have one "master
password file" in which you store, for each password, four words that
are synonyms for the originals, plus the first letters of them?
(Obviously your master password file (a) never leaves your own
computer, and (b) should itself be encrypted with some secure
password, and treated with extreme sensitivity. But that gets around
the "once a year" problem, as you'll refer to this one file any time
you need to check any of your rare passwords.) As a second line of
defense before contacting support, it feels plausible, but I've never
actually had an opportunity to try it.

Of course, the whole concept depends on being able to use long
memorable passwords. Any system that sets a maximum password length of
anything less than about 30-40 characters is causing its users
problems. There's almost never any reason to set a maximum at all.

ChrisA

[1] http://en.wikipedia.org/wiki/Polymer_banknote
-- 
https://mail.python.org/mailman/listinfo/python-list

Origin of 'self'

[Westley Martínez]

I understand that in an object method the first argument in the object itself, 
called self.  However, it doesn't have to be called self, and can be called 
anything.  So my question is why is it called self and not this like from C++ 
and Java.  It's kind of a silly question, but one that I'm curious about 
nevertheless.

Sincerely,
Westley Martínez
-- 
https://mail.python.org/mailman/listinfo/python-list

Re:Origin of 'self'

[Dave Angel]

 Westley Martínez  Wrote in message:
> I understand that in an object method the first argument in the object 
> itself, called self.  However, it doesn't have to be called self, and can be 
> called anything.  So my question is why is it called self and not this like 
> from C++ and Java.  It's kind of a silly question, but one that I'm curious 
> about nevertheless.
> 

I couldn't tell you the history,  but I can say it makes sense to
 me. In c++, this is a pointer,  and the name this seems
 reasonable.  But in python it's a reference,  a reference to
 myself. 

-- 
DaveA

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Password validation security issue

[Ian Kelly]

On Sun, Mar 2, 2014 at 10:44 PM, Chris Angelico  wrote:
> Of course, the whole concept depends on being able to use long
> memorable passwords. Any system that sets a maximum password length of
> anything less than about 30-40 characters is causing its users
> problems. There's almost never any reason to set a maximum at all.

Well, there's usually *some* reason.  If you allow your users to set a
100-MB password then your system has to accept and attempt to verify
any 100-MB passwords that might get passed in, which opens you up to a
certain DoS attack.  Setting the limit at 8 characters though is
absurd and a probable indication of bad password handling.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Origin of 'self'

[Steven D'Aprano]

On Sun, 02 Mar 2014 22:16:31 -0800, Westley Martínez wrote:

> I understand that in an object method the first argument in the object
> itself, called self.  However, it doesn't have to be called self, and
> can be called anything.  So my question is why is it called self and not
> this like from C++ and Java.  It's kind of a silly question, but one
> that I'm curious about nevertheless.

A better question is why C++ and Java used "this" instead of "self" like 
Smalltalk. It's fairly clear that Java copied C++, but why did C++ use 
"this"?


http://en.wikipedia.org/wiki/Comparison_of_programming_languages_%28object-oriented_programming%29#Special_variables


As far as I can tell, Simula 67 (the first OOP programming language) 
doesn't seem to use a standard name for the current instance, it appears 
to be unneeded. But Simula 67 was the inspiration for Smalltalk, invented 
by Alan Kay at Xerox PARC in the 1970s, and Smalltalk used "self". 
Virtually everything in OOP that followed was influenced by or derived 
from Smalltalk.



-- 
Steven
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Origin of 'self'

[Ian Kelly]

On Sun, Mar 2, 2014 at 11:16 PM, Westley Martínez  wrote:
> I understand that in an object method the first argument in the object 
> itself, called self.  However, it doesn't have to be called self, and can be 
> called anything.  So my question is why is it called self and not this like 
> from C++ and Java.  It's kind of a silly question, but one that I'm curious 
> about nevertheless.

The idea of requiring references to attributes and methods of self to
be explicit comes from Modula-3; likely the naming convention follows
the same lineage.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Help with "Guess the number" script

[Dave Angel]

 Scott W Dunning  Wrote in message:
> 
Here are the directions I’m stuck on and what I have so far, I’ll bold the 
part 

That assumes that people can see which parts of your message are
 bold. Rather a poor assumption in a text list like these two
 python forums. You should be posting in text, not html.
 

Show some code and explain what you wish it would do. Then explain
 what it actually does, usually by pasting in an exception
 traceback,  or the console output. 

And respond on the tutor forum,  not here.


-- 
DaveA

-- 
https://mail.python.org/mailman/listinfo/python-list