Re: [pygame] pygame web plugin

[Bob Ippolito]

On Sun, Sep 7, 2008 at 1:56 PM, Ron Dippold [EMAIL PROTECTED] wrote:
 This is something Java actually does pretty well. I dislike it for the most
 part, but its sandboxing is better than anything I've ever seen (except
 certain secure OSes). Flash actually does it pretty well now too, though
 holes keep turning up occasionally. Interestingly, unless they've changed
 Flash or Java recently, I don't think there's anything that limits the
 amount of cpu or memory usage since I still see one occasionally running off
 into the weeds. The solution is just 'fix or don't run that jar/swf'.

The memory usage is unbounded IIRC but the CPU usage is bounded, at
least insofar as it will do a pop-up warning and allow the user to
stop code execution if the code doesn't yield to the main event loop
often enough. You can get around that by burning through lots of CPU
incrementally with a timer, if you were intentionally trying to be
annoying.

-bob

Re: [pygame] pygame web plugin

[Forrest Voight]

PyGame isn't really built for untrusted code... there are many ways to
crash PyGame if you are intent on it...

PyGame and Python weren't meant at all for web apps.

On Mon, Sep 8, 2008 at 2:22 AM, Bob Ippolito [EMAIL PROTECTED] wrote:
 On Sun, Sep 7, 2008 at 1:56 PM, Ron Dippold [EMAIL PROTECTED] wrote:
 This is something Java actually does pretty well. I dislike it for the most
 part, but its sandboxing is better than anything I've ever seen (except
 certain secure OSes). Flash actually does it pretty well now too, though
 holes keep turning up occasionally. Interestingly, unless they've changed
 Flash or Java recently, I don't think there's anything that limits the
 amount of cpu or memory usage since I still see one occasionally running off
 into the weeds. The solution is just 'fix or don't run that jar/swf'.

 The memory usage is unbounded IIRC but the CPU usage is bounded, at
 least insofar as it will do a pop-up warning and allow the user to
 stop code execution if the code doesn't yield to the main event loop
 often enough. You can get around that by burning through lots of CPU
 incrementally with a timer, if you were intentionally trying to be
 annoying.

 -bob

Re: [pygame] pygame web plugin

[James Mills]

On Tue, Sep 9, 2008 at 5:07 AM, Forrest Voight [EMAIL PROTECTED] wrote:
 PyGame isn't really built for untrusted code... there are many ways to
 crash PyGame if you are intent on it...

 PyGame and Python weren't meant at all for web apps.

I have to agree with this.
I think trying to get pygame
running inside a web browser
is a silly idea.

cheers
James

-- 
--
-- Problems are solved by method

Re: [pygame] pygame web plugin

[René Dudfield]

hey,


we did a prototype of a flex-pypy(and then continued ) - which uses
pypy to translate into actionscript - which is then compiled with the
free flex compiler.  So the 'bash the monkey' thing on the pygame main
page is made with that.

However... flex and pypy are such un-fun things to use that I think it
would require someone to be paid to work on it to get it
finished(think not one, but two compile steps... one using java!
eeewww) .  If there's anyone who wants to pay for it, I think a pretty
could port could be done in less than 3 months. It would still be
buggy, but you could probably get many pygame games working on flash.
The idea is to implement the pygame API using flash.  Yes, flash 8+
can do fast blits.  You can kind of emulate basic blitting with flash
7 too.


tinypy.org is another option... there is a much better chance of
auditing tinypy for security than Bigpy.  Tinypy aims to be a  64K of
code, and already has a sandbox module.  It was designed from the
beginning with security, and tests in mind.  As a side effect you can
make tinypy executable with around 30KB executable.  Note there are no
batteries included (only the really basic stuff).  However a pygame
port to it would mean you could make lots of games without the python
stdlib.It's not possible to do a successful security audit on
300,000 - 2 million lines of code.  Tinypy is written with half tinypy
code, and half C code.

There's a basic pygame module started for tinypy.  However we planned
to get many unittests for pygame first (which Nicholas helped with for
his gsoc project for the last 4 months).  These extra tests should
make porting pygame to tinypy much easier.

It might also be worth implementing a tinypy virtual machine... since
tinypy is half written in tinypy, and half in C.  With the new flash
VM being super fast, this might even be fairly quick.  It might even
be less code than using pypy translation.

However SDL hasn't really been audited for security... and anyone who
has done serious graphics programming knows it's easy to crash a
machine... even with flash, or java.  Graphics drivers have so many
bugs, the whole security using graphics is kind of a joke.

Saying that, there already are web plugins using python, pygame and
SDL out there.

... anyway.  Those are some thoughts, for what they're worth :)




On Sat, Sep 6, 2008 at 10:07 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
 hi,

 i would like to bring up this topic again since a python based open source
 alternative to flash which could be used to create browser games would
 be super awesome. :)

 if i understand this correctly then the main problem of something like that
 is security.

 i noticed on the blender mailing list that someone started to revive the
 blender game engine web plugin. they use python too and apparently they have
 found a way to sandbox python.

 http://lists.blender.org/pipermail/bf-committers/2008-August/021660.html

 what do you think about this?
 wouldn't a web plugin be a big opportunity for pygame?
 i am no expert on all of this though... maybe making a web version of
 pygame is totally unfeasible?