[OT] Security question

2016-12-22 Thread Frank Millman 

Hi all

This is off-topic, but I would appreciate a comment on this matter.

I have just upgraded my internet connection from ADSL to Fibre.

As part of the process, my ISP sent a text message to my cell phone with the 
username and password I must use to connect.


To my surprise, they sent me my existing username *and* my existing 
password, all in clear text.


I felt that this was insecure, so I sent them an email querying this and 
querying why they had my password in clear text on their system in the first 
place.


This was their reply -

"""
Thank you for taking the time to contact [...] Technical Mail Support.
I understand the importance of your password inquiry and will gladly assist.
Please note our Password protocols are secured via OTP.
This means nobody else can register or request your password as it will only 
be sent to the cellphone number we have registered for the OTP service on 
our side.
If somebody else requests a reminder of the password, it will be sent to 
your cellphone as your number is registered for the OTP service.

I hope this clarifies the matter.
"""

They did not comment on the second part of my query.

Does their reply sound reasonable, or are my concerns valid?

Thanks

Frank Millman


--
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Security question

2016-12-22 Thread Chris Angelico 
On Thu, Dec 22, 2016 at 8:39 PM, Frank Millman  wrote:
> To my surprise, they sent me my existing username *and* my existing
> password, all in clear text.
>
> """
> Thank you for taking the time to contact [...] Technical Mail Support.
> I understand the importance of your password inquiry and will gladly assist.
> Please note our Password protocols are secured via OTP.
> This means nobody else can register or request your password as it will only
> be sent to the cellphone number we have registered for the OTP service on
> our side.
> If somebody else requests a reminder of the password, it will be sent to
> your cellphone as your number is registered for the OTP service.
> I hope this clarifies the matter.
> """
>
> They did not comment on the second part of my query.
>
> Does their reply sound reasonable, or are my concerns valid?

Your concerns are entirely valid. Somehow, the information of your
password got sent to you, which means that anyone who can "reach in"
at some point between where it's stored and where it's sent can leech
everyone's passwords. Game over.

If they were sending you a *new* password ("we have generated this
password, please log in and change it"), then it would be entirely
acceptable - a mobile phone text message is a decent out-of-band way
to deliver that kind of information. But to have your existing
password? No sir, no thank you, I will have none of that.

Name and shame the ISP. This kind of thing is insidious (because
usually nobody will know until it's way, WAY too late) and extremely
dangerous. Call them out on it.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Security question

2016-12-22 Thread Frank Millman 
"Chris Angelico"  wrote in message 
news:CAPTjJmoQK39EU=m3w1zr8xa7myv42kyn4mxprgqmye4rga+...@mail.gmail.com...


On Thu, Dec 22, 2016 at 8:39 PM, Frank Millman  wrote:
> To my surprise, they sent me my existing username *and* my existing
> password, all in clear text.
>

Your concerns are entirely valid. Somehow, the information of your
password got sent to you, which means that anyone who can "reach in"
at some point between where it's stored and where it's sent can leech
everyone's passwords. Game over.

If they were sending you a *new* password ("we have generated this
password, please log in and change it"), then it would be entirely
acceptable - a mobile phone text message is a decent out-of-band way
to deliver that kind of information. But to have your existing
password? No sir, no thank you, I will have none of that.

Name and shame the ISP. This kind of thing is insidious (because
usually nobody will know until it's way, WAY too late) and extremely
dangerous. Call them out on it.



Thanks, Chris, good to know I am not going mad!

What about the second part of my query? Is it acceptable that they keep 
passwords on their system in clear text?


From my first encounter with Unix over 30 years ago I was impressed with the 
fact that no passwords are stored in clear text. Even with my own little 
accounting system, I only store the SHA-1 hash of the password. I cannot 
imagine why anyone would think that this is a good idea.


The ISP is MWEB, one of the biggest service providers in South Africa, with 
(I guess) millions of users.


If this is the standard of security out there, it is no wonder we hear of so 
many attacks (and how many don't we hear of?)


Frank


--
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Security question

2016-12-22 Thread Chris Angelico 
On Thu, Dec 22, 2016 at 9:10 PM, Frank Millman  wrote:
> What about the second part of my query? Is it acceptable that they keep
> passwords on their system in clear text?

Well no, absolutely not. I referred to "decrypting" the password,
which is all you can actually be certain of here - they may well be
storing the passwords in an encrypted form, but it can be decrypted.

> From my first encounter with Unix over 30 years ago I was impressed with the
> fact that no passwords are stored in clear text. Even with my own little
> accounting system, I only store the SHA-1 hash of the password. I cannot
> imagine why anyone would think that this is a good idea.

>From worst to best, here's some ways you can store passwords:

1) Clear text. If anyone even just glances at your database, it's game
over in one shot.
2) Reversibly encrypted. If someone gets your database, s/he can
decrypt the contents, but accidentally flashing a long string of
nonsense won't instantly reveal everything.
3) Encrypted with a key. To decode all the passwords, you would need
additional information. That might come from the code, or from
environment variables, or something, but you would need to attack
something other than the database to completely decrypt people's
passwords.
4) Unsalted hashes. Instead of storing "password", you store
"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8". Can be broken with rainbow
tables (or for common passwords, just Google the thing).
5) Hashes salted with something predictable or calculable. Maybe you
hash username+"blargh"+password, or something. Means the hashes don't
look the same even for the same password.
6) Hashes salted with arbitrary data that then gets stored alongside
the password.

Any of the first three could give the phenomenon you describe. And
while the security is better on #3, it's still entirely vulnerable to
the "disgruntled employee" attack (someone on the inside with complete
information about the system).

The last three all look similar in the database, but #4 is vulnerable
to XKCD 1286 attacks, and even #5 has its vulnerabilities (for
instance, setting your password to the same thing as it's previously
been will set the hash to the same value). I would recommend the use
of #6, but if someone's using #5, I wouldn't hate on them too hard -
that's pretty secure.

> The ISP is MWEB, one of the biggest service providers in South Africa, with
> (I guess) millions of users.

Thanks. MWEB, listen up: you are betraying your users' trust. A data
breach could cost you dearly. Act *now*, before there is actually a
breach, and go and hash all your passwords. And, of course, change
your systems so you never need to send people their passwords.

> If this is the standard of security out there, it is no wonder we hear of so
> many attacks (and how many don't we hear of?)

There are definitely a lot of nasty attacks out there, but these days,
the most dangerous attacks are the social ones. It doesn't matter how
good your password policy is if people will click on links in spam
email and type their passwords into imitation login screens. It
doesn't matter how well you salt your passwords if people write them
down in insecure scribble pads. It makes no difference what you do on
the back end if your users sign up for new services and use the same
email address and password on them all. But here's the thing: social
attacks are under the control of the individual user; database attacks
are under the control of the central service. MWEB is responsible for
what they do with their users' passwords, even if some of those users
are vulnerable elsewhere.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Security question

2016-12-22 Thread Frank Millman 
"Chris Angelico"  wrote in message 
news:CAPTjJmrG+1==nmoxf6cu2pttgcykgz_dvi36gjaqhqa9daf...@mail.gmail.com...


On Thu, Dec 22, 2016 at 9:10 PM, Frank Millman  wrote:
> What about the second part of my query? Is it acceptable that they keep
> passwords on their system in clear text?

Well no, absolutely not. I referred to "decrypting" the password,
which is all you can actually be certain of here - they may well be
storing the passwords in an encrypted form, but it can be decrypted.



[snip much fascinating info]

Thanks for all the info, Chris.

This is clearly a subject you feel strongly about!

Much appreciated.

Frank


--
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Security question

2016-12-22 Thread Chris Angelico 
On Thu, Dec 22, 2016 at 10:10 PM, Frank Millman  wrote:
> Thanks for all the info, Chris.
>
> This is clearly a subject you feel strongly about!
>
> Much appreciated.

It is - partly because I've been guilty of poor password security in
the past. I speak with the voice of someone who has sighted horrors in
his future and escaped by sheer luck (nobody actually leeched my
database... that I know of, at least). My systems were much smaller
and less serious than an ISP's.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

htmlparser charrefs

2016-12-22 Thread Robin Becker 
For various reasons I am using HTMLParser to do transcription of some xml. I 
need to keep charrefs as is so for Python > 3.4 I pass in


convert_charrefs =False

to the constructor.

This seems to work as intended for data, but I notice that a change in Python 
3.4 prevents me from keeping the charrefs which are in attribute strings.


Is it intentional that we can no longer use HTMLParser.unescape? It seems to 
prevent correct interpretation of the convert_charrefs constructor argument.


The unescaping is done, but in a module level function which means I can no 
longer override that functionality safely.

--
Robin Becker

--
https://mail.python.org/mailman/listinfo/python-list

Re: Mergesort problem

2016-12-22 Thread Andrea D'Amore 
I know a code review wasn't the main goal of you message but I feel
it's worth mentioning two tips:

On 22 December 2016 at 01:55, Deborah Swanson  wrote:
> ls = []
> with open('E:\\Coding projects\\Pycharm\\Moving\\New Listings.csv',
> 'r') as infile:
> raw = csv.reader(infile)
> indata = list(raw)
> rows = indata.__len__()
> for i in range(rows):
> ls.append(indata[i])

This block init an empty list, creates a csv.reader, processes it all
converting to a list then loops over every in this list and assign
this item to the initially created list. The initial list object is
actually useless since at the end ls and rows will contain exactly the
same objects.
Your code can be simplified with:

 with open(your_file_path) as infile:
 ls = list(csv.reader(infile))


Then I see you're looping with an index-based approach, here

> for i in range(rows):
> ls.append(indata[i])
[…]
> # find & mark dups, make hyperlink if not dup
> for i in range(1, len(ls) - 1):

and in the other functions, basically wherever you use len().

Check Ned Batchelders's "Loop like a native" talk about that, there
are both a webpage and a PyCon talk.
By using "native" looping you'll get simplified code that is more
expressive in less lines.


-- 
Andrea
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: ImportError: The ``fake-factory`` package is now called ``Faker``.

2016-12-22 Thread Uri Even-Chen 
Thank you, I found out that pip freeze returned more packages than what we
had in our requirements.txt file, so I upgraded them and added them to the
file. I also upgraded to Faker==0.7.7

Uri.

*Uri Even-Chen*
[image: photo] Phone: +972-54-3995700
Email: u...@speedy.net
Website: http://www.speedysoftware.com/uri/en/
  
    


On Tue, Dec 20, 2016 at 7:11 PM, William Mayor 
wrote:

> I came across this error this morning.
>
> In my case I was running a script that did this: “pip install fake-factory”
>
> The install worked properly but then I couldn’t import the library (with
> the same error message as you).
>
> I had to update the pip install command to say “pip install Faker” and
> then everything worked as before.
>
> The authors appear to have forced a name change: https://github.com/
> joke2k/faker/blob/fake-factory/faker/__init__.py
>
> I’ve just checked and if you pin your requirements (e.g. pip install
> fake-factory==0.7.4) then it still works.
>
>
> On 20 Dec 2016, at 16:57, Uri Even-Chen  wrote:
>
> Hi, we get this error with Python 3.4 and 3.5:
> https://travis-ci.org/urievenchen/speedy-net/jobs/185497863
>
>
> --
>
> ImportError: Failed to import test module:
> speedy.net.accounts.tests.test_factories
>
> Traceback (most recent call last):
>
>  File "/opt/python/3.5.2/lib/python3.5/unittest/loader.py", line 428,
> in _find_test_path
>
>module = self._get_module_from_name(name)
>
>  File "/opt/python/3.5.2/lib/python3.5/unittest/loader.py", line 369,
> in _get_module_from_name
>
>__import__(name)
>
>  File "/home/travis/build/urievenchen/speedy-net/speedy/
> net/accounts/tests/test_factories.py",
> line 4, in 
>
>import factory
>
>  File "/home/travis/virtualenv/python3.5.2/lib/python3.5/
> site-packages/factory/__init__.py",
> line 46, in 
>
>from .faker import Faker
>
>  File "/home/travis/virtualenv/python3.5.2/lib/python3.5/
> site-packages/factory/faker.py",
> line 41, in 
>
>import faker
>
>  File "/home/travis/virtualenv/python3.5.2/lib/python3.5/
> site-packages/faker/__init__.py",
> line 7, in 
>
>raise ImportError(error)
>
> ImportError: The ``fake-factory`` package is now called ``Faker``.
>
> Please update your requirements.
>
>
> What is the problem? We didn't update our requirements recently.
>
> Thanks,
> Uri.
>
> *Uri Even-Chen*
> [image: photo] Phone: +972-54-3995700 <+972%2054-399-5700>
> Email: u...@speedy.net
> Website: http://www.speedysoftware.com/uri/en/
>    urievenchen>
>    
> 
> --
> https://mail.python.org/mailman/listinfo/python-list
>
>
>
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Security question

2016-12-22 Thread Rich Osman 
Chris,

I compliment you on your succint and accurate summary of the issue.

Sounds like Frank's ISP is aspiring to be the next Yahoo...

On December 22, 2016 4:33:52 AM CST, Chris Angelico  wrote:
>On Thu, Dec 22, 2016 at 9:10 PM, Frank Millman 
>wrote:
>> What about the second part of my query? Is it acceptable that they
>keep
>> passwords on their system in clear text?
>
>Well no, absolutely not. I referred to "decrypting" the password,
>which is all you can actually be certain of here - they may well be
>storing the passwords in an encrypted form, but it can be decrypted.
>
>> From my first encounter with Unix over 30 years ago I was impressed
>with the
>> fact that no passwords are stored in clear text. Even with my own
>little
>> accounting system, I only store the SHA-1 hash of the password. I
>cannot
>> imagine why anyone would think that this is a good idea.
>
>From worst to best, here's some ways you can store passwords:
>
>1) Clear text. If anyone even just glances at your database, it's game
>over in one shot.
>2) Reversibly encrypted. If someone gets your database, s/he can
>decrypt the contents, but accidentally flashing a long string of
>nonsense won't instantly reveal everything.
>3) Encrypted with a key. To decode all the passwords, you would need
>additional information. That might come from the code, or from
>environment variables, or something, but you would need to attack
>something other than the database to completely decrypt people's
>passwords.
>4) Unsalted hashes. Instead of storing "password", you store
>"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8". Can be broken with rainbow
>tables (or for common passwords, just Google the thing).
>5) Hashes salted with something predictable or calculable. Maybe you
>hash username+"blargh"+password, or something. Means the hashes don't
>look the same even for the same password.
>6) Hashes salted with arbitrary data that then gets stored alongside
>the password.
>
>Any of the first three could give the phenomenon you describe. And
>while the security is better on #3, it's still entirely vulnerable to
>the "disgruntled employee" attack (someone on the inside with complete
>information about the system).
>
>The last three all look similar in the database, but #4 is vulnerable
>to XKCD 1286 attacks, and even #5 has its vulnerabilities (for
>instance, setting your password to the same thing as it's previously
>been will set the hash to the same value). I would recommend the use
>of #6, but if someone's using #5, I wouldn't hate on them too hard -
>that's pretty secure.
>
>> The ISP is MWEB, one of the biggest service providers in South
>Africa, with
>> (I guess) millions of users.
>
>Thanks. MWEB, listen up: you are betraying your users' trust. A data
>breach could cost you dearly. Act *now*, before there is actually a
>breach, and go and hash all your passwords. And, of course, change
>your systems so you never need to send people their passwords.
>
>> If this is the standard of security out there, it is no wonder we
>hear of so
>> many attacks (and how many don't we hear of?)
>
>There are definitely a lot of nasty attacks out there, but these days,
>the most dangerous attacks are the social ones. It doesn't matter how
>good your password policy is if people will click on links in spam
>email and type their passwords into imitation login screens. It
>doesn't matter how well you salt your passwords if people write them
>down in insecure scribble pads. It makes no difference what you do on
>the back end if your users sign up for new services and use the same
>email address and password on them all. But here's the thing: social
>attacks are under the control of the individual user; database attacks
>are under the control of the central service. MWEB is responsible for
>what they do with their users' passwords, even if some of those users
>are vulnerable elsewhere.
>
>ChrisA
>-- 
>https://mail.python.org/mailman/listinfo/python-list

-- 
mailto:o...@ozindfw.net
Oz
POB 93167 
Southlake, TX 76092 (Near DFW Airport
-- 
https://mail.python.org/mailman/listinfo/python-list

ANN: Wing IDE 6.0 has been released

2016-12-22 Thread Wingware 

Hi,

We've just released Wing IDE 6.0, which is a major release that adds 
many new features, introduces a new annual license option, and makes 
some changes to the product line.


New Features

 * Improved Multiple Selections:  Quickly add selections and edit them
   all at once
 * Easy Remote Development:  Work seamlessly on remote Linux, OS X, and
   Raspberry Pi systems
 * Debugging in the Python Shell:  Reach breakpoints and exceptions in
   (and from) the Python Shell
 * Recursive Debugging:  Debug code invoked in the context of stack
   frames that are already being debugged
 * PEP 484 and PEP 526 Type Hinting:  Inform Wing's static analysis
   engine of types it cannot infer
 * Support for Python 3.6 and Stackless 3.4:  Use async and other new
   language features
 * Optimized debugger:  Run faster, particularly in multi-process and
   multi-threaded code
 * Support for OS X full screen mode:  Zoom to a virtual screen, with
   auto-hiding menu bar
 * Added a new One Dark color palette:  Enjoy the best dark display
   style yet
 * Updated French and German localizations:  Thanks to Jean Sanchez,
   Laurent Fasnacht, and Christoph Heitkamp

For a much more detailed overview of new features see the release notice 
at http://wingware.com/news/2016-12-20


Annual Use License Option

Wing 6 adds the option of purchasing a lower-cost expiring annual 
license for Wing IDE Pro.  An annual license includes access to all 
available Wing IDE versions while it is valid, and then ceases to 
function if it is now renewed.  Pricing for annual licenses is US$ 
179/user for Commercial Use and US$ 69/user for Non-Commercial Use.


Perpetual licenses for Wing IDE will continue to be available at the 
same pricing.


The cost of extending Support+Upgrades subscriptions on Non-Commercial 
Use perpetual licenses for Wing IDE Pro has also been dropped from US$ 
89 to US$ 39 per user.


For details, see https://wingware.com/store/purchase

Wing Personal is Free

Wing IDE Personal is now free and no longer requires a license to run. 
 It now also includes the Source Browser, PyLint, and OS Commands 
tools, and supports the scripting API and Perspectives.


However, Wing Personal does not include Wing Pro's advanced editing, 
debugging, testing and code management features, such as remote host 
access, refactoring, find uses, version control, unit testing, 
interactive debug probe, multi-process and child process debugging, move 
program counter, conditional breakpoints, debug watch, 
framework-specific support (for matplotlib, Django, and others), find 
symbol in project, and other features.


Links

Release notice: http://wingware.com/news/2016-12-20
Free trial: http://wingware.com/wingide/trial
Downloads: http://wingware.com/downloads
Compare products: http://wingware.com/wingide/features
Buy: http://wingware.com/store/purchase
Upgrade: https://wingware.com/store/upgrade

Questions?  Don't hesitate to email us at supp...@wingware.com.

Thanks,

--

Stephan Deibel
Wingware | Python IDE

The Intelligent Development Environment for Python Programmers

wingware.com

--
https://mail.python.org/mailman/listinfo/python-list

US/Eastern offset

2016-12-22 Thread Skip Montanaro 
In a small application I realized I needed all my timestamps to have
timezone info. Some timestamp strings come in with no TZ markings, but
I know they are US/Eastern. so, I built one:

>>> import pytz
>>> tz = pytz.timezone("US/Eastern")
>>> tz


What's with those extra four minutes? Here is one such timestamp I
logged in my app:

2016-12-22T20:35:05-04:56

WTF? Has my brain turned to mush, and the people in New York now move
so fast that they are four minutes closer to their London counterparts
than they used to be?

Thx,

Skip
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: US/Eastern offset

2016-12-22 Thread Ian Kelly 
On Thu, Dec 22, 2016 at 2:49 PM, Skip Montanaro
 wrote:
> In a small application I realized I needed all my timestamps to have
> timezone info. Some timestamp strings come in with no TZ markings, but
> I know they are US/Eastern. so, I built one:
>
 import pytz
 tz = pytz.timezone("US/Eastern")
 tz
> 
>
> What's with those extra four minutes? Here is one such timestamp I
> logged in my app:
>
> 2016-12-22T20:35:05-04:56
>
> WTF? Has my brain turned to mush, and the people in New York now move
> so fast that they are four minutes closer to their London counterparts
> than they used to be?

Not sure, but LMT suggests that it's coming up with a Local Mean Time
zone rather than the proper EST zone. The four minute offset suggests
that this is a local mean time for a meridian one degree east of EST.
I'm wondering if it's using some historical definition for the time
zone's date-neutral repr. What do you get if you try using it to
convert a UTC time? E.g.:

py> dt = pytz.utc.localize(datetime(2016, 12, 23))
py> dt.astimezone(pytz.timezone('US/Eastern'))
datetime.datetime(2016, 12, 22, 19, 0, tzinfo=)
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: US/Eastern offset

2016-12-22 Thread Ian Kelly 
On Thu, Dec 22, 2016 at 4:19 PM, Ian Kelly  wrote:
> On Thu, Dec 22, 2016 at 2:49 PM, Skip Montanaro
>  wrote:
>> In a small application I realized I needed all my timestamps to have
>> timezone info. Some timestamp strings come in with no TZ markings, but
>> I know they are US/Eastern. so, I built one:
>>
> import pytz
> tz = pytz.timezone("US/Eastern")
> tz
>> 
>>
>> What's with those extra four minutes? Here is one such timestamp I
>> logged in my app:
>>
>> 2016-12-22T20:35:05-04:56
>>
>> WTF? Has my brain turned to mush, and the people in New York now move
>> so fast that they are four minutes closer to their London counterparts
>> than they used to be?
>
> Not sure, but LMT suggests that it's coming up with a Local Mean Time
> zone rather than the proper EST zone. The four minute offset suggests
> that this is a local mean time for a meridian one degree east of EST.

You mentioned New York in your post, and incidentally the 74th
meridian west passes right through New York City. So it could be an
LMT for NYC, though I'm still not sure why it would come up with that
specifically for US/Eastern.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: US/Eastern offset

2016-12-22 Thread Christian Heimes 
On 2016-12-22 21:49, Skip Montanaro wrote:
> In a small application I realized I needed all my timestamps to have
> timezone info. Some timestamp strings come in with no TZ markings, but
> I know they are US/Eastern. so, I built one:
> 
 import pytz
 tz = pytz.timezone("US/Eastern")
 tz
> 
> 
> What's with those extra four minutes? Here is one such timestamp I
> logged in my app:
> 
> 2016-12-22T20:35:05-04:56
> 
> WTF? Has my brain turned to mush, and the people in New York now move
> so fast that they are four minutes closer to their London counterparts
> than they used to be?

pytz contains not only current time zone, but also historic time zones.
You are looking at a time zone without a date and time context. Without
a context, pytz shows you a historic time zone information. In your case
pytz gives you the local mean time (solar time) the 19th century.

Christian



-- 
https://mail.python.org/mailman/listinfo/python-list

SIP and PyQt5 Installation

2016-12-22 Thread churros . studios 
Hello, I've been having troubles being able to integrate the PyQt5 GUI into my 
IDEs. I've used various example codes from the web to see if the library would 
import properly but the console sends me back an import error saying, "No 
module named PyQt5". Could someone provide me with the steps for not only the 
installation/configuring of SIP/PyQt but also the steps needed to integrate it 
to the eclipse IDE?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: US/Eastern offset

2016-12-22 Thread jladasky 
On Thursday, December 22, 2016 at 3:47:04 PM UTC-8, Christian Heimes wrote:
> On 2016-12-22 21:49, Skip Montanaro wrote:
> > In a small application I realized I needed all my timestamps to have
> > timezone info. Some timestamp strings come in with no TZ markings, but
> > I know they are US/Eastern. so, I built one:
> > 
>  import pytz
>  tz = pytz.timezone("US/Eastern")
>  tz
> > 
> > 
> > What's with those extra four minutes? Here is one such timestamp I
> > logged in my app:
> > 
> > 2016-12-22T20:35:05-04:56
> > 
> > WTF? Has my brain turned to mush, and the people in New York now move
> > so fast that they are four minutes closer to their London counterparts
> > than they used to be?
> 
> pytz contains not only current time zone, but also historic time zones.
> You are looking at a time zone without a date and time context. Without
> a context, pytz shows you a historic time zone information. In your case
> pytz gives you the local mean time (solar time) the 19th century.
> 
> Christian

Wouldn't most users prefer that modern time zones be the default information 
returned by pytz, instead of 150 year-old historical time zones?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: US/Eastern offset

2016-12-22 Thread Chris Angelico 
On Fri, Dec 23, 2016 at 12:54 PM,   wrote:
> Wouldn't most users prefer that modern time zones be the default information 
> returned by pytz, instead of 150 year-old historical time zones?

They're the *same* time zones.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: [OT] Security question

2016-12-22 Thread Peter Pearson 
On Thu, 22 Dec 2016 12:10:40 +0200, Frank Millman  wrote:
[snip]
>
> What about the second part of my query? Is it acceptable that they keep 
> passwords on their system in clear text?

Absolutely not.  Keeping the passwords, even encrypted, is a reckless
invitation to disaster.

Chris has done a fine job of explaining the situation; I'm just piling
on (as a retired cryptologist) to add statistical weight to your survey.

-- 
To email me, substitute nowhere->runbox, invalid->com.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: SIP and PyQt5 Installation

2016-12-22 Thread jladasky 
On Thursday, December 22, 2016 at 5:32:31 PM UTC-8, churros...@gmail.com wrote:
> Hello, I've been having troubles being able to integrate the PyQt5 GUI into 
> my IDEs. I've used various example codes from the web to see if the library 
> would import properly but the console sends me back an import error saying, 
> "No module named PyQt5". Could someone provide me with the steps for not only 
> the installation/configuring of SIP/PyQt but also the steps needed to 
> integrate it to the eclipse IDE?

You need to specify your operating system.  I found installing PyQt and SIP to 
be quite simple on Ubuntu Linux, although I don't use Eclipse.  

You probably also should let people know whether you are using Python 2 or 
Python 3 (and if you're new to Python and don't have to work with legacy code, 
you will be better served by working in Py3).

About 18 months ago, I helped two people install PyQt and SIP on their 
machines, one Windows, one Mac.  I found it to be quite painful in both cases 
(and, sorry to say, I've forgotten the details).
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: SIP and PyQt5 Installation

2016-12-22 Thread Mirage Web Studio 


On December 23, 2016 7:02:03 AM GMT+05:30, churros.stud...@gmail.com wrote:
>Hello, I've been having troubles being able to integrate the PyQt5 GUI
>into my IDEs. I've used various example codes from the web to see if
>the library would import properly but the console sends me back an
>import error saying, "No module named PyQt5". Could someone provide me
>with the steps for not only the installation/configuring of SIP/PyQt
>but also the steps needed to integrate it to the eclipse IDE?
>-- 
>https://mail.python.org/mailman/listinfo/python-list

-- 

If you're on windows and python 3.4 would be sufficient,  then for python 3.4 
you could download windows installer from the pyqt site. Install it after 
installing  python and then you can  Import the libraries as regular libraries. 

George 
-- 
https://mail.python.org/mailman/listinfo/python-list

UTF-8 Encoding Error

2016-12-22 Thread subhabangalore 
I am getting the error:
UnicodeDecodeError: 'utf8' codec can't decode byte 0x96 in position 15: invalid 
start byte

as I try to read some files through TaggedCorpusReader. TaggedCorpusReader is a 
module
of NLTK.
My files are saved in ANSI format in MS-Windows default. 
I am using Python2.7 on MS-Windows 7. 

I have tried the following options till now, 
string.encode('utf-8').strip()
unicode(string)
unicode(str, errors='replace')
unicode(str, errors='ignore')
string.decode('cp1252')

But nothing is of much help.

If any one may kindly suggest.

I am trying if you may see.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: UTF-8 Encoding Error

2016-12-22 Thread Cameron Simpson 

On 22Dec2016 22:38, Subhabrata Banerjee  wrote:

I am getting the error:
UnicodeDecodeError: 'utf8' codec can't decode byte 0x96 in position 15: invalid 
start byte

as I try to read some files through TaggedCorpusReader. TaggedCorpusReader is a 
module
of NLTK.
My files are saved in ANSI format in MS-Windows default.
I am using Python2.7 on MS-Windows 7.

I have tried the following options till now,
string.encode('utf-8').strip()
unicode(string)
unicode(str, errors='replace')
unicode(str, errors='ignore')
string.decode('cp1252')

But nothing is of much help.


It would help to see a very small program that produces your error message.

Generally you need to open text files in the same encoding used for thei text.  
Which sounds obvious, but I'm presuming you've not done that.


Normally, when you open a file you can specify the text encoding. I am not a 
Windows guy, so I do not know what "ANSI format in MS-Windows default" means at 
the encoding level.


Supposing you had a bit of code like this:

 with open("filename.txt", "r") as fp:
 for line in fp:
 # line is a Python 2 str, but is a sequence of bytes internally
 unicode_line = line.decode('utf8')
 # unicode_line is a Python 2 _unicode_ object, which is text, a 
 # sequence of Unicode codepoints


you could get an error like yours if the file _did not_ contain UTF-8 encoded 
text.


If you used:
   unicode(str, errors='replace')
   unicode(str, errors='ignore')
I would not have expected the error you recite, but we would need to see an 
example program to be sure.


I would guess that the text in your file is not UTF-8 encoded, and that you 
need to specify the correct encoding to the .decode call.


Cheers,
Cameron Simpson 
--
https://mail.python.org/mailman/listinfo/python-list