On Sat, Jul 15, 2023 at 1:02 PM Dieter Maurer wrote:
>
> I am active in the `Zope` community (a web application server
> based on Python). This community has a security mailing list
> for security related reports
> and issues public CVE (= "Commun Vulnerabilities and Exposure
Bob Kline wrote at 2023-7-14 13:35 -0400:
>Can someone point me to the official catalog of security vulnerabilities in
>Python (by which I mean cpython and the standard libraries)? I found
>https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html
On Fri, Jul 14, 2023 at 3:02 PM Barry wrote:
> Where do you get your python from?
Directly from python.org.
> You may find that the organisation that packages python that you use has such
> a list.
That's my hope. Just haven't found it yet. :-}
--
https://mail.python.org/mailman/listinfo/pyt
> On 14 Jul 2023, at 19:14, Bob Kline via Python-list
> wrote:
>
> Can someone point me to the official catalog of security vulnerabilities in
> Python (by which I mean cpython and the standard libraries)? I found
> https://www.cvedetails.com/vulnerability-list/vendor_i
On Fri, Jul 14, 2023 at 1:35 PM Bob Kline wrote:
> Can someone point me to the official catalog of security vulnerabilities
> in Python
I did try entering "python security vulnerabilities" in the search box
of the python.org web site, but what I got back was "No resu
Can someone point me to the official catalog of security vulnerabilities in
Python (by which I mean cpython and the standard libraries)? I found
https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html
but that isn't maintained by python.org. I also
We have some security content, and plenty of regular bug fixes for 3.10. Let’s
dive right in.
<https://discuss.python.org/#cve-2020-10735httpscvemitreorgcgi-bincvenamecginamecve-2020-10735-1>CVE-2020-10735
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>
Converting
Welcome again to the exciting world of releasing new Python versions!
Last time around I was complaining about cursed releases
<https://discuss.python.org/t/python-3-10-2-3-9-10-and-3-11-0a4-are-now-available/13146>.
This time around I could complain about security content galore and how
Python 3.7.12 and 3.6.15, the lastest security fix rollups for Python 3.7 and
Python 3.6, are now available. You can find the release files, links to the
changelogs, and more information here:
https://www.python.org/downloads/release/python-3712/
https://www.python.org/downloads/release
Python 3.7.10 and 3.6.13, the lastest security fix rollups for Python 3.7 and
Python 3.6, are now available. You can find the release files, links to the
changelogs, and more information here:
https://www.python.org/downloads/release/python-3710/
https://www.python.org/downloads/release
This is a combined release of Python 3.8.5 and 3.9.0b5. Both are significant
but for different reasons. Let’s dig in!
Security content in 3.8.5
We decided to release 3.8.5 ahead of schedule due to a number of
security-related fixes. All details can be found in the change log
<ht
Credits
This vulnerability was discovered and reported by Farid AYOUJIL
(@faridtsl), David HA, Florent LE NIGER and Yann GASCUEL (@lnv42) from
Alter Solutions (@AlterSolutions) and fixed in collaboration with
Hartmut Goebel (@htgoebel, maintainer of PyInstaller).
Funding Development
On 2019-11-28 10:56:58 +1300, Greg Ewing wrote:
> On 27/11/19 10:54 am, Mr. Gentooer wrote:
> > why would I be a troll? I have never used usenet. I am honestly and
> > genuinely curious.
>
> The reason people are asking is that wanting a manual on how to
> search the Web is a bit like wanting a ma
On 27/11/19 10:54 am, Mr. Gentooer wrote:
why would I be a troll? I have never used usenet. I am honestly and
genuinely curious.
The reason people are asking is that wanting a manual on how to
search the Web is a bit like wanting a manual on how to walk.
Most people pick it up by watching othe
>> what is the best "manual" for the specific security topic?
>>
>> Given the nature of what you are asking -- have you considered
> that
>> much of it might be considered proprietary information by any firm(s)
>> that already do such stuff.
>>
o get some sort of result. (Skill does help you get
>> there more efficiently, though.)
>>
>> ChrisA
>
> what skills do i need? any manual or reference guide that teach how to
> search the web?
If you have to ask that question then you are definitely not ready for
w
On Tue, Nov 26, 2019 at 03:29:48PM -0500, Joel Goldstick wrote:
> On Tue, Nov 26, 2019 at 2:23 PM Mr. Gentooer wrote:
> >
> > > > On Mon, 25 Nov 2019 21:25:12 + (UTC), Pycode
> > > > declaimed the following:
> > > >
> > > > comp.lang.python gmane.comp.python.general
> >
> > how do you access
On 26/11/2019 21:35, Rob Gaddi wrote:
On 11/26/19 12:41 PM, Grant Edwards wrote:
On 2019-11-26, Joel Goldstick wrote:
I'm thinking this is a troll or a turing machine experiment?
Yea, many of the posts remind me of ELIZA.
How do you feel about many of the posts remind you of ELIZA?
+1
On 11/26/19 12:41 PM, Grant Edwards wrote:
On 2019-11-26, Joel Goldstick wrote:
I'm thinking this is a troll or a turing machine experiment?
Yea, many of the posts remind me of ELIZA.
How do you feel about many of the posts remind you of ELIZA?
--
Rob Gaddi, Highland Technology -- www.hi
On 2019-11-26, Joel Goldstick wrote:
> I'm thinking this is a troll or a turing machine experiment?
Yea, many of the posts remind me of ELIZA.
--
Grant Edwards grant.b.edwardsYow! Hmmm ... A hash-singer
at and a cross-eyed g
On Tue, Nov 26, 2019 at 2:23 PM Mr. Gentooer wrote:
>
> > > On Mon, 25 Nov 2019 21:25:12 + (UTC), Pycode
> > > declaimed the following:
> > >
> > > comp.lang.python gmane.comp.python.general
>
> how do you access these in a reasonable way?
>
> --
> https://mail.python.org/mailman/listinfo/pyt
> > On Mon, 25 Nov 2019 21:25:12 + (UTC), Pycode
> > declaimed the following:
> >
> > comp.lang.python gmane.comp.python.general
how do you access these in a reasonable way?
--
https://mail.python.org/mailman/listinfo/python-list
On Wed, 27 Nov 2019 04:35:10 +1100, Chris Angelico wrote:
> On Wed, Nov 27, 2019 at 4:26 AM Pycode wrote:
>> asking offtopic question,
>> can you give a few guides that teach how to search the web?
>>
>>
> At this point, I'm starting to be quite confused as to whether this is a
> genuine question
On Wed, Nov 27, 2019 at 4:26 AM Pycode wrote:
> asking offtopic question,
> can you give a few guides that teach how to search the web?
>
At this point, I'm starting to be quite confused as to whether this is
a genuine question or a parody. I'd love to respond to it as a parody,
meeting you joke
On Tue, 26 Nov 2019 10:20:11 -0500, Dennis Lee Bieber wrote:
> On Tue, 26 Nov 2019 02:51:36 + (UTC), Pycode
> declaimed the following:
>
>>which keywords should i use for web-search? do you have a list?
>>what is the best "manual" for the specific security top
On Tue, 26 Nov 2019 14:01:54 +1100, Chris Angelico wrote:
> On Tue, Nov 26, 2019 at 1:56 PM Pycode wrote:
>>
>> which keywords should i use for web-search? do you have a list?
>> what is the best "manual" for the specific security topic?
>
> https:
On Tue, Nov 26, 2019 at 1:56 PM Pycode wrote:
>
> which keywords should i use for web-search? do you have a list?
> what is the best "manual" for the specific security topic?
https://lmgtfy.com/?q=How+to+search+the+web
ChrisA
--
https://mail.python.org/mailman/listinfo/python-list
On Mon, 25 Nov 2019 17:32:50 -0500, Dennis Lee Bieber wrote:
> On Mon, 25 Nov 2019 21:25:12 + (UTC), Pycode
> declaimed the following:
>
>
>>you are not being helpful or answer the question..
>>can someone answer? maybe should i ask on the mailing list?
>
> Why?
>
> comp.lang.python
nternet.
>
>>>> can anyone post links for python resources that contain tools and
>>>> scripts related with security and pentesting?
>
> They're the sorts of tools that, if the community deems you a
> non-threatening-actor, they might point you in the right dire
On 26/11/19 11:48 AM, Tim Chase wrote:
On 2019-11-25 21:25, Pycode wrote:
On Sun, 24 Nov 2019 10:41:29 +1300, DL Neil wrote:
Are such email addresses 'open' and honest?
you are not being helpful or answer the question..
What DL Neil seems to be getting at is that there's been an uptick in
q
es
Neither factor inspires much confidence.
2) you (and others) are asking to be spoonfed example code that could
cause problems on the internet.
>>> can anyone post links for python resources that contain tools and
>>> scripts related with security and pentesting?
Th
On Sun, 24 Nov 2019 10:41:29 +1300, DL Neil wrote:
> Curiosity: why have recent similar enquiries also come from
> non-resolving domain names?
>
>
> Recently we've seen security-related enquiries (on more than one Python
> Discussion List) which don't explicitly c
Curiosity: why have recent similar enquiries also come from
non-resolving domain names?
Recently we've seen security-related enquiries (on more than one Python
Discussion List) which don't explicitly claim to come from 'white hat
hackers' but which do have the potenti
Hello,
can anyone post links for python resources that contain tools and scripts
related with security and pentesting?
not looking for the obvious such as OWASP,etc
can anyone post a list of interesting links? you can also include blogs
and forums..
Thanks
--
https://mail.python.org/mailman
Python 3.6.9 is now available. 3.6.9 is the first security-only-fix
release of Python 3.6. Python 3.6 has now entered the security fix
phase of its life cycle. Only security-related issues are accepted and
addressed during this phase. We plan to provide security fixes for
Python 3.6 as needed
On Wed, Mar 20, 2019 at 5:14 AM Laish, Amit (GE Digital)
wrote:
>
> Hello,
> I’m Amit Laish, a security researcher from GE Digital.
> During one of our assessments we discovered something that we consider a
bug with security implications which can cause a denial of service by disk
exh
Hello,
I’m Amit Laish, a security researcher from GE Digital.
During one of our assessments we discovered something that we consider a bug
with security implications which can cause a denial of service by disk
exhausting, and we would like to share it with you, and hear you opinion about
it
A new version of the Python module which wraps GnuPG has been released.
What Changed?=This is an enhancement and security-fix release, and
all users are stronglyencouraged to upgrade.
Brief summary:
* Fixed #108: Changed how any return value from the on_data callable is
processed
A new version of the Python module which wraps GnuPG has been released.
What Changed?=This is a security-fix release, and all users are
strongly encouraged to upgrade.This fix mitigates against CVE-2018-12020. See
the discoverer's blog post [6] formore information.
Brief su
I’m happy to announce the availability of a new mailing list, with the mission
of providing security announcements to the Python community from the Python
Security Response Team (PSRT):
security-annou...@python.org
You can sign up in the usual Mailman way:
https://mail.python.org/mailman
On 19 March 2017 at 01:32, Steve D'Aprano wrote:
> On Sun, 19 Mar 2017 03:30 am, Grant Edwards wrote:
>
>> tabs are a major security vulnerability and should be outlawed
>> in all source code.
>
>
> I've heard many arguments both in favour of and agai
On Sun, 19 Mar 2017 03:30 am, Grant Edwards wrote:
> tabs are a major security vulnerability and should be outlawed
> in all source code.
I've heard many arguments both in favour of and against tabs, but I've never
heard them described as a security vulnerability before. Let a
Acra, new database security suite for PostgreSQL:
https://github.com/cossacklabs/acra
--
https://mail.python.org/mailman/listinfo/python-list
Database security tool for Python apps with PostgreSQL backend:
https://www.cossacklabs.com/blog/presenting-acra.html
--
https://mail.python.org/mailman/listinfo/python-list
On 2 February 2017 at 20:41, Thomas Nyberg wrote:
> Hello,
>
> I'm trying to understand whether requests[security] or just plain requests
> should be installed for python 3.5. I.e. do the following packages need to
> be installed: pyOpenSSL, cryptography,idna.
>
>
Hello,
I'm trying to understand whether requests[security] or just plain
requests should be installed for python 3.5. I.e. do the following
packages need to be installed: pyOpenSSL, cryptography, idna.
The reason I'm asking is because I'm moving an application to python 3
a
Chris Angelico :
> On Fri, Dec 30, 2016 at 10:47 PM, Anssi Saari wrote:
>> I'd say it depends on what the password is actually used for. You seem
>> to indicate it's just so you can access the internet? To me it seems
>> abusing that password is hard to impossible since it's your fibre to
>> your
On Fri, Dec 30, 2016 at 10:47 PM, Anssi Saari wrote:
> I'd say it depends on what the password is actually used for. You seem
> to indicate it's just so you can access the internet? To me it seems
> abusing that password is hard to impossible since it's your fibre to
> your home. If the password i
Anssi Saari :
> "Frank Millman" writes:
>> To my surprise, they sent me my existing username *and* my existing
>> password, all in clear text.
>
> I'd say it depends on what the password is actually used for. You seem
> to indicate it's just so you can access the internet? To me it seems
> abusin
"Frank Millman" writes:
> Hi all
>
> This is off-topic, but I would appreciate a comment on this matter.
>
> I have just upgraded my internet connection from ADSL to Fibre.
>
> As part of the process, my ISP sent a text message to my cell phone
> with the username and password I must use to conne
as a springboard to attack others, to launch ransomware attacks or
shutdown the electricity grid[1] or DOS people I don't like.
Poor security eventually hurts everyone.
I think that, eventually, one of two things will happen:
- Our entire computing infrastructure (the web, email, the IOTs, bank
Chris Angelico writes:
> as a sysadmin, I have lots of control over the hashing, and very
> little on passwords. I could enforce a minimum password length, but I
> can't prevent password reuse, and I can't do much about the other
> forms of weak passwords.
Right, 2FA helps with re-use, and diffic
"Frank Millman" wrote in message news:o3lcfk$pah$1...@blaine.gmane.org...
By the way, I have realised how I ended up getting sidetracked by Blake2 in
the first place.
If you call up the online documentation for Python3.6 and select modules>h>
hashlib, it takes you straight to
15.2. hashl
pwd)
print(pwd_hash)
print(chk_password(pwd_hash, pwd))
["sha256", "2cd1150b98dab7219136c8deceda00e3", 10,
"6301857d79554c3e2035fc779e4903f098ba2df36536028b72952426a5773f0a"]
True
I know that 'rolling your own' is a no-no when it comes to security. I don&
On Sat, Dec 24, 2016 at 7:08 PM, Paul Rubin wrote:
> Chris Angelico writes:
>> Correct. However, weak passwords are ultimately the user's
>> responsibility, where the hashing is the server's responsibility.
>
> No, really, the users are part of the system and therefore the system
> designer must
Chris Angelico writes:
> Correct. However, weak passwords are ultimately the user's
> responsibility, where the hashing is the server's responsibility.
No, really, the users are part of the system and therefore the system
designer must take the expected behavior of actual users into account.
The
Steve D'Aprano writes:
> You say that as if two-factor auth was a panacea.
Of course it's not a panacea, but it helps quite a lot.
> That's the sort of thinking that leads to: ...
Beyond that, web browsers are the new Microsoft Windows with all of its
security holes
Steve D'Aprano :
> https://www.schneier.com/blog/archives/2005/10/scandinavian_at_1.html
EDITED TO ADD: Here's a related story. The Bank of New Zealand
suspended Internet banking because of phishing concerns. Now there's
a company that is taking the threat seriously.
That's the troub
On Sat, Dec 24, 2016 at 6:18 PM, Paul Rubin wrote:
> Chris Angelico writes:
>> Solution: Don't use dictionary-attackable passwords.
>
> If you allow people to choose their own passwords, they'll too-often
> pick dictionary-attackable ones; or even if they choose difficult ones,
> they'll use them
Chris Angelico writes:
> Solution: Don't use dictionary-attackable passwords.
If you allow people to choose their own passwords, they'll too-often
pick dictionary-attackable ones; or even if they choose difficult ones,
they'll use them in more than one place, and eventually the weakest of
those
lus something
> else you know (answer to a low-security question like "what was your
> mother's maiden name?").
My mother's maiden name was here-campaigns-your-really. My first pet
was expensive-items-know-thats. The street I grew up on was
sorry-days-standard-just. My
le-attacks
not to mention the abomination of "one factor authentication, twice", like
that used by the Australian government unified web portal. To log in, you
have to provide something you know (username and password), plus something
else you know (answer to a low-security question like &
On Sat, Dec 24, 2016 at 11:20 AM, Paul Rubin wrote:
> The basic problem is those functions are fast enough to make dictionary
> attacks feasible. The preferred password hashing function these days is
> Argon2, which has some tunable security parameters:
Solution: Don't use diction
the
> above procedure is adequate.
>
> Does all this sound reasonable?
The basic problem is those functions are fast enough to make dictionary
attacks feasible. The preferred password hashing function these days is
Argon2, which has some tunable security parameters:
https://en.wikipedi
On Sat, Dec 24, 2016 at 3:58 AM, Steve D'Aprano
wrote:
> By the way, thanks for raising this interesting question! This is exactly
> the sort of thing that the secrets module is supposed to make a "no
> brainer", so I expect that it will get a password hash function.
+1. Please can we see somethi
On Fri, 23 Dec 2016 10:08 pm, Frank Millman wrote:
> "Steve D'Aprano" wrote in message
> news:585d009f$0$1599$c3e8da3$54964...@news.astraweb.com...
>>
>> On Fri, 23 Dec 2016 09:19 pm, Frank Millman wrote:
>>
>> >
>> > 3. Generate the password from the string supplied by the user as
>> > follows -
salting and hashing and
having signatures, it pushes the responsibility onto someone else. You
just give it a password and get back an ASCII string that you stash in
the database. If there's a security flaw, Werkzeug can push a new
version that fixes it - it's not your problem.
At ver
"Frank Millman" writes:
> ... Here are my thoughts on improving this.
>
> 1. Generate a 'salt' for each password. There seem to be two ways in
> the standard library to do this -
>import os
>salt = os.urandom(16)
>
>import secrets
>salt = secrets.token_bytes(16)
>
>My guess is
ing Flask, I
generally use Werkzeug's password management features:
http://werkzeug.pocoo.org/docs/0.11/utils/#werkzeug.security.generate_password_hash
http://werkzeug.pocoo.org/docs/0.11/utils/#werkzeug.security.check_password_hash
As well as doing everything I said above about salting and hashing and
having signatures, it
"Steve D'Aprano" wrote in message
news:585d009f$0$1599$c3e8da3$54964...@news.astraweb.com...
On Fri, 23 Dec 2016 09:19 pm, Frank Millman wrote:
>
> 3. Generate the password from the string supplied by the user as
> follows -
> from hashlib import blake2b
> password = blake2b('my_pass
On Fri, 23 Dec 2016 09:19 pm, Frank Millman wrote:
[...]
> Having read the previous thread and various links, I want to review the
> way I handle passwords in my accounting application.
>
> At present I just store a SHA-1 hash of the password for each user. Here
> are my thoughts on improving thi
Hi all
This is a follow-up to my recent 'security question' post.
I am starting a new thread, for 2 reasons -
1) I sent a link to the previous thread to my ISP for their information. It
is up to them whether they do anything with it, but I wanted to keep that
thread focused on th
On Thu, 22 Dec 2016 09:10 pm, Frank Millman wrote:
> If this is the standard of security out there, it is no wonder we hear of
> so many attacks (and how many don't we hear of?)
Everything is broken:
https://medium.com/message/everything-is-broken-81e5f33a24e1
--
Steve
“Chee
On Thu, 22 Dec 2016 12:10:40 +0200, Frank Millman wrote:
[snip]
>
> What about the second part of my query? Is it acceptable that they keep
> passwords on their system in clear text?
Absolutely not. Keeping the passwords, even encrypted, is a reckless
invitation to disaster.
Chris has done a f
nbow
>tables (or for common passwords, just Google the thing).
>5) Hashes salted with something predictable or calculable. Maybe you
>hash username+"blargh"+password, or something. Means the hashes don't
>look the same even for the same password.
>6) Hashes salted with arb
On Thu, Dec 22, 2016 at 10:10 PM, Frank Millman wrote:
> Thanks for all the info, Chris.
>
> This is clearly a subject you feel strongly about!
>
> Much appreciated.
It is - partly because I've been guilty of poor password security in
the past. I speak with the voice of som
"Chris Angelico" wrote in message
news:CAPTjJmrG+1==nmoxf6cu2pttgcykgz_dvi36gjaqhqa9daf...@mail.gmail.com...
On Thu, Dec 22, 2016 at 9:10 PM, Frank Millman wrote:
> What about the second part of my query? Is it acceptable that they keep
> passwords on their system in clear text?
Well no, abso
assword.
Any of the first three could give the phenomenon you describe. And
while the security is better on #3, it's still entirely vulnerable to
the "disgruntled employee" attack (someone on the inside with complete
information about the system).
The last three all look similar
this is a good idea.
The ISP is MWEB, one of the biggest service providers in South Africa, with
(I guess) millions of users.
If this is the standard of security out there, it is no wonder we hear of so
many attacks (and how many don't we hear of?)
Frank
--
https://mail.python.org/mailman/listinfo/python-list
On Thu, Dec 22, 2016 at 8:39 PM, Frank Millman wrote:
> To my surprise, they sent me my existing username *and* my existing
> password, all in clear text.
>
> """
> Thank you for taking the time to contact [...] Technical Mail Support.
> I understand the importance of your password inquiry and wil
Hi all
This is off-topic, but I would appreciate a comment on this matter.
I have just upgraded my internet connection from ADSL to Fibre.
As part of the process, my ISP sent a text message to my cell phone with the
username and password I must use to connect.
To my surprise, they sent me my
On Sat, Nov 5, 2016 at 6:50 PM, Irmen de Jong wrote:
> Perhaps. But in those cases you could just leave things on the default.
> If you choose to run the interpreter with eval (and exec) disabled, you
> should be aware
> that you'll break tools like that. But for other situations (web server etc)
On 5-11-2016 19:08, eryk sun wrote:
> On Sat, Nov 5, 2016 at 5:33 PM, Irmen de Jong wrote:
>> I think perhaps we should have a command line option / environment variable
>> to be able
>> to disable 'eval' altogether
>
> I don't think that's practical. exec and eval are commonly used by
> she
On Sat, Nov 5, 2016 at 5:33 PM, Irmen de Jong wrote:
> I think perhaps we should have a command line option / environment variable
> to be able
> to disable 'eval' altogether
I don't think that's practical. exec and eval are commonly used by
shells and IDEs such as IDLE and IPython. In the s
On 5-11-2016 18:12, Steve D'Aprano wrote:
> Well, that didn't take very long at all.
>
> Here's the first security bug which is related to the new (and badly
> misnamed) f-string feature:
>
> http://bugs.python.org/issue28563
I think perhaps we should have a
Well, that didn't take very long at all.
Here's the first security bug which is related to the new (and badly
misnamed) f-string feature:
http://bugs.python.org/issue28563
Note what I'm not saying: I'm not saying that the bug is *caused* by
f-strings. It is not. The bug i
This is question more about product information and less technical but Hope It
will be use-able at some context, I use Cyeberoam(https://www.cyberoam.com/) Is
there any Python alternative available for that? or If I have to
write/implement something like this(https://github.com/netkiller/firewal
Darin Gordon writes:
> I am very glad to announce the first release of Yosai, a security
> framework for python applications.
>
> Details, including link to project:
> http://www.daringordon.com/introducing_yosai
Rather than just a link, can you please give a couple of paragr
Hey Everyone!
I am very glad to announce the first release of Yosai, a security framework
for python applications.
Details, including link to project:
http://www.daringordon.com/introducing_yosai
Regards
Darin
--
https://mail.python.org/mailman/listinfo/python-list
On Sunday, August 9, 2015 at 2:57:20 AM UTC+5:30, Marko Rauhamaa wrote:
> Marko Rauhamaa :
>
> > Steven D'Aprano :
> >
> >> The contemporary standard approach is from Zermelo-Fraenkel set
> >> theory: define 0 as the empty set, and the successor to n as the
> >> union of n and the set containing n
Marko Rauhamaa :
> Steven D'Aprano :
>
>> The contemporary standard approach is from Zermelo-Fraenkel set
>> theory: define 0 as the empty set, and the successor to n as the
>> union of n and the set containing n:
>>
>> 0 = {} (the empty set)
>> n + 1 = n ∪ {n}
>
> That definition barely captures
On 24/07/2015 15:13, Grant Edwards wrote:
On 2015-07-24, Paul Rubin wrote:
Grant Edwards writes:
You can always pick out the topologist at a conference: he's the one
trying to dunk his coffee cup in his doughnut.
Did you hear about the idiot topologist? He couldn't tell his butt
from a ho
Grant Edwards writes:
>> Did you hear about the idiot topologist? He couldn't tell his butt
>> from a hole in the ground, but he *could* tell his butt from two
>> holes in the ground.
>
> Wow. Now I know _two_ topologist jokes. The girls are going to be
> impressed!
I got it from here:
http:/
On 2015-07-24, Paul Rubin wrote:
> Grant Edwards writes:
>
>> You can always pick out the topologist at a conference: he's the one
>> trying to dunk his coffee cup in his doughnut.
>
> Did you hear about the idiot topologist? He couldn't tell his butt
> from a hole in the ground, but he *could*
On Friday, July 24, 2015 at 2:59:41 AM UTC+5:30, Marko Rauhamaa wrote:
> Chris :
>
> > Fortunately, we don't need to completely understand it. New Horizons
> > reached Pluto right on time after a decade of flight that involved
> > taking a left turn at Jupiter... we can predict exactly what angle
On Thursday, July 23, 2015 at 9:03:15 PM UTC-5, Paul Rubin wrote:
> Did you hear about the idiot topologist? He couldn't tell his butt from
> a hole in the ground, but he *could* tell his butt from two holes in the
> ground.
This sounds more like a riddle than a joke. So in other
words: the messa
Grant Edwards writes:
> You can always pick out the topologist at a conference: he's the one
> trying to dunk his coffee cup in his doughnut.
> [Hey, how often do you get to use a topology joke.]
Did you hear about the idiot topologist? He couldn't tell his butt from
a hole in the ground, but h
On Thursday, July 23, 2015 at 7:08:10 PM UTC-5, Grant Edwards wrote:
> You can always pick out the topologist at a conference:
> he's the one trying to dunk his coffee cup in his
> doughnut.
>
> [Hey, how often do you get to use a topology joke.]
Don't sale yourself short Grant. You get extra bo
On 2015-07-23, Marko Rauhamaa wrote:
> Chris Angelico :
>
>> Fortunately, we don't need to completely understand it. New Horizons
>> reached Pluto right on time after a decade of flight that involved
>> taking a left turn at Jupiter... we can predict exactly what angle to
>> fire the rockets at in
On 23/07/2015 23:01, MRAB wrote:
On 2015-07-23 22:50, Mark Lawrence wrote:
On 23/07/2015 22:29, Marko Rauhamaa wrote:
Chris Angelico :
Fortunately, we don't need to completely understand it. New Horizons
reached Pluto right on time after a decade of flight that involved
taking a left turn at
1 - 100 of 568 matches
Mail list logo
