Re: Checking if email is valid
On 2023-11-05 00:39, Grant Edwards via Python-list wrote: Definitely. Syntactic e-mail address "validation" is one of the most useless and widely broken things on the Interwebs. People who do anything other than require an '@' (and optionally make you enter the same @-containing string twice) are deluding themselves. And don't get me started on phone number validation. The most annoying thing to me, though, is sites that reject names that have an apostrophe in them. I hate being told that my name, that I have been using for over seventy years, is invalid. OK, now that I am started, what else? Oh yah. Look at your credit card. The number has spaces in it. Why do I have to remove them. If you don't like them then you are a computer, just remove them. When do we stop working for computers and have the computers start working for us? -- D'Arcy J.M. Cain Vybe Networks Inc. http://www.VybeNetworks.com/ IM:da...@vex.net VoIP: sip:da...@vybenetworks.com -- https://mail.python.org/mailman/listinfo/python-list
RE: Checking if email is valid
Grant (and others), I am asking about the overall programming process of dealing with email addresses beyond checking the string for some validity. You mentioned requiring you type in your email twice as one example. I generally do a copy/paste to avoid typing or have my browser fill it in. Rarely the code is set to force me to actually type it in. And I note sites that force me to do too much typing of any kind or make me jump through hoops like having to get an email or text with a secondary number to type in or make me look at pictures and find the right ones and so on, encourage me to not use them much. There is a price for taking away convenience even if you see it as some form of security. Yes, there are tradeoffs. It really may be important to know what you want from your email addresses. If I sign YOU up for something like the Word of the day in a dozen languages by supplying your valid email address, then checking if it looks valid is less useful than sending an email to that address and asking the recipient to opt-in and verify they legitimately want it. If you want to ensure that your newsletter is still wanted, you may do something similar every year or so to everyone, or perhaps just those that have not had activity. If a mailbox starts rejecting messages, perhaps you send messages to their secondary contact info or just remove them. There are many such strategies and some may be way harder to implement than a simple and perhaps simplistic syntax check. I do wonder how much it sometimes matters when we see real-world scenarios where people who died a decade ago remain on voter registration rolls. If my mailing list has a few hundred bad emails on it, the costs of sending may be small albeit dealing with rejection messages may clog my logs. As for fake email addresses, there are many ways to play that game that are unlikely to be caught. Will they realize there is nobody at erew...@gmail.com? If you want to know if someone is going to sell your hello.th...@gmail.com address could you supply hell.othe...@gmail.com and then monitor mail that you will still receive as it seems google ignores periods in your email name? And, since others generally see the above as distinct, you can even use such a method to sign up for something multiple times. Complexity leaves room for loopholes. Still, obviously there are good reasons to do what you can to do some validation at many points along the way and especially when it may be critical. Asking someone to type in a new password twice when they cannot easily see what they are typing, is obviously useful as the consequence of losing it is high. Are getting the email addresses right as important? I know my wife registered a fairly common name of the jane@gmail.com variety that is now useless as it keeps receiving messages someone provided or typed in wrong that were supposed to go to janedoe@ or doe.jane@ or janedoe123@ or j.doe@ and so on. These include receipts, subscriptions to newsletters and much more. Some are inadvertent but the reality is she stopped using that email as it is now mostly full of SPAM as the others ... -Original Message- From: Python-list On Behalf Of Grant Edwards via Python-list Sent: Sunday, November 5, 2023 12:39 AM To: python-list@python.org Subject: Re: Checking if email is valid On 2023-11-04, Michael Torrie via Python-list wrote: > On 11/4/23 02:51, Simon Connah via Python-list wrote: > >> Wow. I'm half tempted to make a weird email address to see how many >> websites get it wrong. In my experience, they don't have to be very weird at all. >> Thank you for the link. > > Nearly all websites seem to reject simple correct email addresses > such as myemail+sometext@example.domain. I like to use this kind of > email address when I can to help me filter out the inevitable spam > that comes from companies selling off my address even after claiming > they won't. I've always suspected that's intentional. They refuse those sorts of e-mail addresses because they know that's what they are used for. If they allowed "plus suffixed" e-mail addresses, then all the crap they want to send to you would go into /dev/null where it belongs -- and we can't have that! > So I suspect that nearly all websites are going to reject other > kinds of weird email addresses you can create that are actually > correct. Definitely. Syntactic e-mail address "validation" is one of the most useless and widely broken things on the Interwebs. People who do anything other than require an '@' (and optionally make you enter the same @-containing string twice) are deluding themselves. -- Grant -- https://mail.python.org/mailman/listinfo/python-list -- https://mail.python.org/mailman/listinfo/python-list
Re: Checking if email is valid
On 11/5/23 05:32, D'Arcy Cain via Python-list wrote: On 2023-11-05 00:39, Grant Edwards via Python-list wrote: Definitely. Syntactic e-mail address "validation" is one of the most useless and widely broken things on the Interwebs. People who do anything other than require an '@' (and optionally make you enter the same @-containing string twice) are deluding themselves. And don't get me started on phone number validation. The most annoying thing to me, though, is sites that reject names that have an apostrophe in them. I hate being told that my name, that I have been using for over seventy years, is invalid. OK, now that I am started, what else? Oh yah. Look at your credit card. The number has spaces in it. Why do I have to remove them. If you don't like them then you are a computer, just remove them. When do we stop working for computers and have the computers start working for us? If this is being voted on, pretend you are in Georgia, vote often and early. Best question of the century. Cheers, Gene Heskett. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis -- https://mail.python.org/mailman/listinfo/python-list
Re: Checking if email is valid
On 2023-11-05, D'Arcy Cain via Python-list wrote: > On 2023-11-05 00:39, Grant Edwards via Python-list wrote: >> Definitely. Syntactic e-mail address "validation" is one of the most >> useless and widely broken things on the Interwebs. People who do >> anything other than require an '@' (and optionally make you enter the >> same @-containing string twice) are deluding themselves. > > And don't get me started on phone number validation. I can see how the truley dim-witted might forget that other countries have phone numbers with differing lengths and formatting/punctuation, but there are tons of sites where it takes multiple tries when entering even a bog-standard USA 10-0digit phone nubmer because they are completely flummuxed by an area code in parens or hyphens in the usual places (or lack of hyhpens in the usual places). This stuff isn't that hard, people... > The most annoying thing to me, though, is sites that reject names > that have an apostrophe in them. I hate being told that my name, > that I have been using for over seventy years, is invalid. > > OK, now that I am started, what else? Oh yah. Look at your credit > card. The number has spaces in it. Why do I have to remove them. If > you don't like them then you are a computer, just remove them. Indeed. There is a tiny but brightly burning kernel of hate in my heart for web sites (and their developers) that refuse to accept credit card numbers entered with spaces _as_they_are_shown_on_the_card_! I've concluded that using PHP causes debilitating and irreversible brain damage. > When do we stop working for computers and have the computers start > working for us? -- Grant -- https://mail.python.org/mailman/listinfo/python-list
Re: Checking if email is valid
On 2023-11-05, D'Arcy Cain wrote: > On 2023-11-05 00:39, Grant Edwards via Python-list wrote: >> Definitely. Syntactic e-mail address "validation" is one of the most >> useless and widely broken things on the Interwebs. People who do >> anything other than require an '@' (and optionally make you enter the >> same @-containing string twice) are deluding themselves. > > And don't get me started on phone number validation. The most annoying > thing to me, though, is sites that reject names that have an apostrophe > in them. I hate being told that my name, that I have been using for > over seventy years, is invalid. Sometimes I think that these sorts of stupid, wrong, validation are the fault of idiot managers. When it's apostrophes though I'm suspicious that it may be idiot programmers who don't know how to prevent SQL injection attacks without just saying "ban all apostrophes everywhere". Or perhaps it's idiot "security consultancies" who make it a tick-box requirement. > OK, now that I am started, what else? Oh yah. Look at your credit > card. The number has spaces in it. Why do I have to remove them. If > you don't like them then you are a computer, just remove them. Yes, this is also very stupid and annoying. Does nobody who works for the companies making these sorts of websites ever use their own, or indeed anyone else's, website? Another one that's become popular recently is the sort of annoying website that insists on "email 2FA", i.e. you try to login and then they send you an email with a 6-digit code in that you have to enter to authenticate yourself. So you go to your mail client and double-click on the number to select it, and stupid thing (A) happens: for no sane reason, the computer selects the digits *and also an invisible space after them*. Then you copy the digits into the web form, then invisible space tags along for the ride, and stupid thing (B) happens: the web server rejects the code because of the trailing space. Honestly I don't understand why every web application platform doesn't automatically strip all leading and trailing whitespace on user input by default. It's surely incredibly rare that it's sensible to preserve it. (I see Django eventually got around to this in version 1.9.) -- https://mail.python.org/mailman/listinfo/python-list
Re: pip/pip3 confusion and keeping up to date
On 2023-11-03, Karsten Hilbert wrote: > Am Thu, Nov 02, 2023 at 04:07:33PM -0600 schrieb Mats Wichmann via > Python-list: >> >So they now have only python3 and there is no python executable in >> >PATH. >> >> FWIW, for this you install the little stub package python-is-python3. >> Especially if you want to keep a python2 installation around - >> "python" will still be python3 in this case. > > Since you seem knowledgeable in this area: Do you know of a > resource for learning the *canonical* way of packaging a > Python application for installation via apt which > > - needs some packages available via apt > - needs some packages only available via pip > - needs some packages newer than what is available via apt > > ? I suspect the answer to that is that you would have to: * create packages yourself for the unpackaged dependencies * create a dependency graph of *every* Python package in the package repository (whether or not the package is relevant to what you're doing) * work out what versions of every Python package are required in order to have a dependency graph that can be successfully resolved, taking into account the requirements of your new package also * contact every single maintainer of every single one of the packages that needs updating and persuade them to update their packages and reassure them that you are getting all the other package maintainers to update their packages accordingly and that you have a plan and that you know what you're doing ... screen fades to black, title card "3 years later", fade in to ... * publish your package -- https://mail.python.org/mailman/listinfo/python-list
Re: pip/pip3 confusion and keeping up to date
On 2023-11-05, Chris Green wrote: > Jon Ribbens wrote: >> On 2023-11-03, Karsten Hilbert wrote: >> > Am Thu, Nov 02, 2023 at 04:07:33PM -0600 schrieb Mats Wichmann via >> > Python-list: >> >> >So they now have only python3 and there is no python executable in >> >> >PATH. >> >> >> >> FWIW, for this you install the little stub package python-is-python3. >> >> Especially if you want to keep a python2 installation around - >> >> "python" will still be python3 in this case. >> > >> > Since you seem knowledgeable in this area: Do you know of a >> > resource for learning the *canonical* way of packaging a >> > Python application for installation via apt which >> > >> > - needs some packages available via apt >> > - needs some packages only available via pip >> > - needs some packages newer than what is available via apt >> > >> > ? >> >> I suspect the answer to that is that you would have to: >> >> * create packages yourself for the unpackaged dependencies >> * create a dependency graph of *every* Python package in the package >> repository (whether or not the package is relevant to what you're doing) >> * work out what versions of every Python package are required in order >> to have a dependency graph that can be successfully resolved, taking >> into account the requirements of your new package also >> * contact every single maintainer of every single one of the packages >> that needs updating and persuade them to update their packages and >> reassure them that you are getting all the other package maintainers >> to update their packages accordingly and that you have a plan and >> that you know what you're doing >> >> ... screen fades to black, title card "3 years later", fade in to ... >> >> * publish your package >> > Surely it's not that bad, the vast bulk of Debian, Ubuntu and other > distributions are installed via systems that sort out dependencies once > given a particular package's requirements. Python is surely not > unique in its dependency requirements. I think there's a lot of work that goes on behind the scenes to keep the entire package set consistent so that you don't end up in the situation where, e.g. package A depends on D<2.0 and package B requires D>=2.0 and therefore you can't install A and B at the same time (and trying to avoid as much as possible the hacky situation where you have two packages for D, one for <2.0 and another called D2 for >=2.0). -- https://mail.python.org/mailman/listinfo/python-list
Help
which python version is better to be used and how to make sure it works on my window 10 because i downloaded it and it never worked so I uninstall to do that again please can you give me the steps on how it will work perfectly from Kenny -- https://mail.python.org/mailman/listinfo/python-list
Re: Checking if email is valid
On 11/5/23 10:34, Grant Edwards via Python-list wrote:
Indeed. There is a tiny but brightly burning kernel of hate in my
heart for web sites (and their developers) that refuse to accept
credit card numbers entered with spaces _as_they_are_shown_on_the_card_!
I've concluded that using PHP causes debilitating and irreversible
brain damage.
I think it's the attitude that speed of deployment is more important
than any other factor, rather than just PHP :-) Plus a bunch of that
stuff is also coded in the front end (aka Javascript).
Phone numbers.
Credit card numbers.
Names (in my case - my wife has a hypenated surname which is almost as
deadly as non-alpha characters in a name which was already mentioned in
this diverging thread)
and addresses. living rurally we have two addresses: a post office
rural route box for USPS and a "street address" for anyone else. The
former looks like "{locationID} Box {number}". The single word "Box"
often triggers "we don't deliver to P.O. Boxes" - it's not a PO Box, and
it's the only address USPS will deliver to, so get over yourself. Or
triggers fraud detection alerts, because "billing address" != "shipping
address".
it's astonishing how bad so many websites are at what should be a
fundamental function: taking in user-supplied data in order to do
something valuable with it.
--
https://mail.python.org/mailman/listinfo/python-list
Re: Checking if email is valid
On 2023-11-05, Grant Edwards wrote: > On 2023-11-05, D'Arcy Cain via Python-list wrote: >> On 2023-11-05 00:39, Grant Edwards via Python-list wrote: >>> Definitely. Syntactic e-mail address "validation" is one of the most >>> useless and widely broken things on the Interwebs. People who do >>> anything other than require an '@' (and optionally make you enter the >>> same @-containing string twice) are deluding themselves. >> >> And don't get me started on phone number validation. > > I can see how the truley dim-witted might forget that other countries > have phone numbers with differing lengths and formatting/punctuation, > but there are tons of sites where it takes multiple tries when > entering even a bog-standard USA 10-0digit phone nubmer because they > are completely flummuxed by an area code in parens or hyphens in the > usual places (or lack of hyhpens in the usual places). This stuff > isn't that hard, people... Indeed - you just do "pip install phonenumbers" :-) -- https://mail.python.org/mailman/listinfo/python-list
Re: pip/pip3 confusion and keeping up to date
Jon Ribbens wrote: > On 2023-11-03, Karsten Hilbert wrote: > > Am Thu, Nov 02, 2023 at 04:07:33PM -0600 schrieb Mats Wichmann via > > Python-list: > >> >So they now have only python3 and there is no python executable in > >> >PATH. > >> > >> FWIW, for this you install the little stub package python-is-python3. > >> Especially if you want to keep a python2 installation around - > >> "python" will still be python3 in this case. > > > > Since you seem knowledgeable in this area: Do you know of a > > resource for learning the *canonical* way of packaging a > > Python application for installation via apt which > > > > - needs some packages available via apt > > - needs some packages only available via pip > > - needs some packages newer than what is available via apt > > > > ? > > I suspect the answer to that is that you would have to: > > * create packages yourself for the unpackaged dependencies > * create a dependency graph of *every* Python package in the package > repository (whether or not the package is relevant to what you're doing) > * work out what versions of every Python package are required in order > to have a dependency graph that can be successfully resolved, taking > into account the requirements of your new package also > * contact every single maintainer of every single one of the packages > that needs updating and persuade them to update their packages and > reassure them that you are getting all the other package maintainers > to update their packages accordingly and that you have a plan and > that you know what you're doing > > ... screen fades to black, title card "3 years later", fade in to ... > > * publish your package > Surely it's not that bad, the vast bulk of Debian, Ubuntu and other distributions are installed via systems that sort out dependencies once given a particular package's requirements. Python is surely not unique in its dependency requirements. -- Chris Green · -- https://mail.python.org/mailman/listinfo/python-list
Re: pip/pip3 confusion and keeping up to date
Am Fri, Nov 03, 2023 at 05:26:06PM +0100 schrieb Dieter Maurer: > Karsten Hilbert wrote at 2023-11-3 14:47 +0100: > > ... > >> Are they not available in your system's package manager? > > > >... this clearly often answers to "no" for applications of > >any complexity. > > > >Is there a suggested proper path to deal with that (Debian is > >of interest to me here) ? > > Complex applications may maintain a set of "known workable versions" > associated with the application's releases. > They may describe those "known workable versions" in a `pip` constraint file. > In this case, you can upgrade to a new application release > by using this constraint file. Hello Dieter, do you happen to know where to read up on how to fit a pip constraint file into a Debian package creation workflow ? Thanks, Karsten -- GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B -- https://mail.python.org/mailman/listinfo/python-list
Re: pip/pip3 confusion and keeping up to date
Am Fri, Nov 03, 2023 at 01:53:32PM - schrieb Jon Ribbens via Python-list: > >> Are they not available in your system's package manager? > > > > ... this clearly often answers to "no" for applications of > > any complexity. > > > > Is there a suggested proper path to deal with that (Debian is > > of interest to me here) ? > > Yes, as previously mentioned, use virtual environments. > > These days they don't even need to be "activated". For package 'foo' > for example you could create /usr/local/lib/foo, under which you would > create a virtual environment and install the 'foo' package inside it, > and then you could do: > > ln -s /usr/local/lib/foo/env/bin/foo /usr/local/bin/foo > > and then you could just type 'foo' to run it. This all being nice and well, but: How does one "fill" that venv with packages from pip during apt-get install python3-app-of-interest ? Is the suggested way really to pip-install into this venv during apt-get install ? Karsten -- GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B -- https://mail.python.org/mailman/listinfo/python-list
Re: pip/pip3 confusion and keeping up to date
Am Sun, Nov 05, 2023 at 03:00:41PM + schrieb Chris Green via Python-list: > > * contact every single maintainer of every single one of the packages > > that needs updating and persuade them to update their packages and > > reassure them that you are getting all the other package maintainers > > to update their packages accordingly and that you have a plan and > > that you know what you're doing > > > > ... screen fades to black, title card "3 years later", fade in to ... > > > > * publish your package > > > Surely it's not that bad, the vast bulk of Debian, Ubuntu and other > distributions are installed via systems that sort out dependencies once > given a particular package's requirements. Python is surely not > unique in its dependency requirements. Oh, Debian does just fine in resolving dependencies it knows about within its .deb package universe. The problem arises when there's unpackaged modules required. The only answer seems to be to package such modules oneself. If that's been conquered a venv isn't even needed anymore. Karsten -- GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B -- https://mail.python.org/mailman/listinfo/python-list
Safe package removal
After thread: "pip/pip3 confusion and keeping up to date" Over the years?centuries, have added various packages, using all of: - distribution-installer (dnf/yum - per apt-get) - su pip install, and - (user) pip install Because Fedora-Linux can be upgraded in-place. an amount of 'crud' hangs-about 'forever'. Accordingly, python -m pip list --outdated shows about as many entries as python - m pip list! Have (comparatively recently) standardised that projects not inside a VM or Container, will be managed by Poetry. (It's working well!) Q1 Can all (user) pip installs be safely removed, 'just like that'? Q2 How can one ascertain if system (su/sudo) pip installed packages can be removed - or are used by the op-sys/some important application? Q3 Similarly, if one can uninstall those originally installed using the distribution-installer, or if something, somewhere, will 'break'? (yes, there's an upgrade to Fedora 38 in "The Backlog") -- Regards, =dn -- https://mail.python.org/mailman/listinfo/python-list
Re: pip/pip3 confusion and keeping up to date
On 2023-11-05, Karsten Hilbert wrote: > Am Fri, Nov 03, 2023 at 01:53:32PM - schrieb Jon Ribbens via Python-list: > >> >> Are they not available in your system's package manager? >> > >> > ... this clearly often answers to "no" for applications of >> > any complexity. >> > >> > Is there a suggested proper path to deal with that (Debian is >> > of interest to me here) ? >> >> Yes, as previously mentioned, use virtual environments. >> >> These days they don't even need to be "activated". For package 'foo' >> for example you could create /usr/local/lib/foo, under which you would >> create a virtual environment and install the 'foo' package inside it, >> and then you could do: >> >> ln -s /usr/local/lib/foo/env/bin/foo /usr/local/bin/foo >> >> and then you could just type 'foo' to run it. > > This all being nice and well, but: > > How does one "fill" that venv with packages from pip during > > apt-get install python3-app-of-interest > > ? > > Is the suggested way really to pip-install into this venv > during apt-get install ? I don't know what you mean by that. But if you install the apt packages and then create your venv with --system-site-packages then I believe your venv should be able to see the apt packages and import them. -- https://mail.python.org/mailman/listinfo/python-list
Re: Checking if email is valid
On 2023-11-05 06:48, Jon Ribbens via Python-list wrote: Sometimes I think that these sorts of stupid, wrong, validation are the fault of idiot managers. When it's apostrophes though I'm suspicious that it may be idiot programmers who don't know how to prevent SQL injection attacks without just saying "ban all apostrophes everywhere". Or perhaps it's idiot "security consultancies" who make it a tick-box requirement. https://xkcd.com/327/ OK, now that I am started, what else? Oh yah. Look at your credit card. The number has spaces in it. Why do I have to remove them. If you don't like them then you are a computer, just remove them. Yes, this is also very stupid and annoying. Does nobody who works for the companies making these sorts of websites ever use their own, or indeed anyone else's, website? Gotta wonder for sure. It could also be the case of programmers depending on user input but the users insist on living with the bugs and/or working around them. We made crash reporting dead simple to report on and still users didn't bother. We would get the traceback and have to guess what the user was doing. Honestly I don't understand why every web application platform doesn't automatically strip all leading and trailing whitespace on user input by default. It's surely incredibly rare that it's sensible to preserve it. (I see Django eventually got around to this in version 1.9.) Yes, I have done that forever. Never had a complaint about it dropping characters. -- D'Arcy J.M. Cain Vybe Networks Inc. http://www.VybeNetworks.com/ IM:da...@vex.net VoIP: sip:da...@vybenetworks.com -- https://mail.python.org/mailman/listinfo/python-list
