RE: Regarding inability of Python Module Winsound to produce beep in decimal frequency

[Steve]

"The HAL (hardware abstraction layer) function HalMakeBeep()"
Is the beep that opens the pod bay doors?


Footnote:
 George Melly remarked to Mike Jagger on how lined his face was for one so
young. Jagger replied “They’re laughter lines George” to which Melly
countered: “Mick, nothing’s that f**king funny!”.

-Original Message-
From: Python-list  On
Behalf Of Eryk Sun
Sent: Tuesday, August 17, 2021 6:23 PM
To: Dennis Lee Bieber 
Cc: python-list@python.org
Subject: Re: Regarding inability of Python Module Winsound to produce beep
in decimal frequency

On 8/17/21, Dennis Lee Bieber  wrote:
> On Tue, 17 Aug 2021 15:11:05 +1000, Chris Angelico  
> declaimed the following:
>
>>Huh. Okay. Then I withdraw the concern from this list, and instead lay 
>>it at Microsoft's feet. That is, I maintain, a bizarre choice. Surely 
>>there are better ways to trigger audio on the sound card?
>
>   Possibly there is a section of code that determines if a sound card 
> is available, and if not, routes to the basic internal speaker. The 
> rest of the wave form logic is probably still of use for that.

It may be that there's a fallback audio device that uses the PC speaker on
systems that lack even basic audio support in their chipset. But in common
practice, Beep() does not use the PC speaker.

The "beep.sys" driver in Windows 7+ has no code path that starts a PC
speaker beep via HalMakeBeep(frequency) and ends it after a timeout via
HalMakeBeep(0), which was the old implementation of "beep.sys"
that can still be seen in ReactOS [1].

The HAL (hardware abstraction layer) function HalMakeBeep() is still
implemented in Windows 10, but without the connection to an IOCTL in
"\Device\Beep", or some other installed device driver, there's no way for
user-mode code to make a beep with the classic PC speaker.

In Windows 7+, the beep device's IOCTL_BEEP_SET function is just a relay.
It's implemented by searching for and completing a queued IOCTL request from
a task in the user's session (i.e. an inverted callback from kernel mode to
user mode). This task, which is scheduled to run at logon in every
interactive session, executes the "PlaySoundSrv.dll"
module in an instance of "taskhostw.exe". Upon completion of its queued
IOCTL, from which it gets the beep frequency and duration, the sound server
generates the requested beep waveform and plays it on the default audio
output device via WinAPI PlaySound().

Notably, the "beep.sys" driver doesn't support manually starting the
sound-server task in the user's session. So if one terminates the
"taskhostw.exe" process that's hosting "PlaySoundSrv.dll", WinAPI
Beep() will no longer work. To get it back, the
"\Microsoft\Windows\Multimedia\SystemSoundsService" task has to be restarted
manually.

---

[1]
https://github.com/reactos/reactos/blob/master/drivers/base/beep/beep.c#L295
--
https://mail.python.org/mailman/listinfo/python-list

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: basic auth request

[Jon Ribbens via Python-list]

On 2021-08-17, Barry  wrote:
>> That's usually irrelevant, since the alternative is most likely to be
>> form fill-out, which is exactly as secure. If you're serving over
>> HTTPS, the page is encrypted, and that includes the headers; if you're
>> not, then it's not encrypted, and that includes the form body.
>
> There is digest and Ntlm that do not reveal the password.

That's only true if you're not using HTTPS - and you should *never*
not be using HTTPS, and that goes double if forms are being filled
in and double again if passwords are being supplied.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Regarding inability of Python Module Winsound to produce beep in decimal frequency

[Eryk Sun]

On 8/17/21, Dennis Lee Bieber  wrote:
> On Tue, 17 Aug 2021 15:11:05 +1000, Chris Angelico 
> declaimed the following:
>
>>Huh. Okay. Then I withdraw the concern from this list, and instead lay
>>it at Microsoft's feet. That is, I maintain, a bizarre choice. Surely
>>there are better ways to trigger audio on the sound card?
>
>   Possibly there is a section of code that determines if a sound card is
> available, and if not, routes to the basic internal speaker. The rest of
> the wave form logic is probably still of use for that.

It may be that there's a fallback audio device that uses the PC
speaker on systems that lack even basic audio support in their
chipset. But in common practice, Beep() does not use the PC speaker.

The "beep.sys" driver in Windows 7+ has no code path that starts a PC
speaker beep via HalMakeBeep(frequency) and ends it after a timeout
via HalMakeBeep(0), which was the old implementation of "beep.sys"
that can still be seen in ReactOS [1].

The HAL (hardware abstraction layer) function HalMakeBeep() is still
implemented in Windows 10, but without the connection to an IOCTL in
"\Device\Beep", or some other installed device driver, there's no way
for user-mode code to make a beep with the classic PC speaker.

In Windows 7+, the beep device's IOCTL_BEEP_SET function is just a
relay. It's implemented by searching for and completing a queued IOCTL
request from a task in the user's session (i.e. an inverted callback
from kernel mode to user mode). This task, which is scheduled to run
at logon in every interactive session, executes the "PlaySoundSrv.dll"
module in an instance of "taskhostw.exe". Upon completion of its
queued IOCTL, from which it gets the beep frequency and duration, the
sound server generates the requested beep waveform and plays it on the
default audio output device via WinAPI PlaySound().

Notably, the "beep.sys" driver doesn't support manually starting the
sound-server task in the user's session. So if one terminates the
"taskhostw.exe" process that's hosting "PlaySoundSrv.dll", WinAPI
Beep() will no longer work. To get it back, the
"\Microsoft\Windows\Multimedia\SystemSoundsService" task has to be
restarted manually.

---

[1] https://github.com/reactos/reactos/blob/master/drivers/base/beep/beep.c#L295
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: basic auth request

[Chris Angelico]

On Wed, Aug 18, 2021 at 7:15 AM Barry  wrote:
>
>
>
> > On 17 Aug 2021, at 19:25, Chris Angelico  wrote:
> >
> > On Wed, Aug 18, 2021 at 4:16 AM Barry Scott  wrote:
> >> Oh and if you have the freedom avoid Basic Auth as its not secure at all.
> >>
> >
> > That's usually irrelevant, since the alternative is most likely to be
> > form fill-out, which is exactly as secure. If you're serving over
> > HTTPS, the page is encrypted, and that includes the headers; if you're
> > not, then it's not encrypted, and that includes the form body.
>
> There is digest and Ntlm that do not reveal the password.
>

And they require that the password be stored decryptably on the
server, which is a different vulnerability. It's all a matter of which
threat is more serious to you. Fundamentally, basic auth is no better
or worse than any of the other forms - it's just different.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: basic auth request

[Barry]

> On 17 Aug 2021, at 19:25, Chris Angelico  wrote:
> 
> On Wed, Aug 18, 2021 at 4:16 AM Barry Scott  wrote:
>> Oh and if you have the freedom avoid Basic Auth as its not secure at all.
>> 
> 
> That's usually irrelevant, since the alternative is most likely to be
> form fill-out, which is exactly as secure. If you're serving over
> HTTPS, the page is encrypted, and that includes the headers; if you're
> not, then it's not encrypted, and that includes the form body.

There is digest and Ntlm that do not reveal the password.

If you are over TLS then form or base is as good as each other.

Barry
> 
> There are other issues with basic auth, but security really isn't one.
> 
> ChrisA
> -- 
> https://mail.python.org/mailman/listinfo/python-list
> 

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: basic auth request

[Chris Angelico]

On Wed, Aug 18, 2021 at 4:16 AM Barry Scott  wrote:
> Oh and if you have the freedom avoid Basic Auth as its not secure at all.
>

That's usually irrelevant, since the alternative is most likely to be
form fill-out, which is exactly as secure. If you're serving over
HTTPS, the page is encrypted, and that includes the headers; if you're
not, then it's not encrypted, and that includes the form body.

There are other issues with basic auth, but security really isn't one.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Cyclic imports

[Chris Angelico]

On Wed, Aug 18, 2021 at 4:10 AM Barry Scott  wrote:
>
> def allImports( self, module_name ):
> for line in f:
> words = line.strip().split()
> if words[0:1] == ['import']:
> all_imports.append( words[1] )
>

This will work for a lot of programs, but it depends too much on
coding style. If you feel like trying something a little more
adventurous, I'd recommend looking into the ast module:

>>> import ast
>>> ast.parse("""
... import foo
... import bar, baz
... from quux import spam
... try: import hello
... except ImportError: import goodbye
... """)

>>> m = _
>>> ast.dump(m)
"Module(body=[Import(names=[alias(name='foo')]),
Import(names=[alias(name='bar'), alias(name='baz')]),
ImportFrom(module='quux', names=[alias(name='spam')], level=0),
Try(body=[Import(names=[alias(name='hello')])],
handlers=[ExceptHandler(type=Name(id='ImportError', ctx=Load()),
body=[Import(names=[alias(name='goodbye')])])], orelse=[],
finalbody=[])], type_ignores=[])"

If you ast.parse() the text of a Python script, you'll get a Module
that has all the top-level code in a list. It's then up to you how
much you dig into that. For instance, a simple try/except like this is
fairly common, but if something's inside a FunctionDef, you might want
to ignore it. Or maybe just ignore everything that isn't an Import or
FromImport, which would be a lot easier, but would miss the try/except
example.

The main advantage of ast.parse() is that it no longer cares about
code layout, and it won't be fooled by an import statement inside a
docstring, or anything like that. It's also pretty easy to handle
multiple variants (note how "import bar, baz" just has two things in
the names list).

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: basic auth request

[Barry Scott]

On Tuesday, 17 August 2021 10:20:37 BST Robin Becker wrote:
> While porting an ap from python2.7 to python3 I see this
> 
>   base64string = base64.b64encode('%s:%s' % (wsemail, wspassword))
>   request.add_header("Authorization", "Basic %s" % base64string)
> 
> in python3.x I find this works
> 
>   base64string = base64.b64encode(('%s:%s' % (wsemail,
> wspassword)).encode('ascii')).decode('ascii')
> request.add_header("Authorization", "Basic %s" % base64string)
> 
> but I find the conversion to and from ascii irksome. Is there a more direct
> way to create the basic auth value?

base64 works on BYTES not UNICODE that is why you need to convert to BYTES.

Its an important detail that you must handle. The py2 code meant that you
only see errors if you have a value in your string that is outside the ASCII
range.

> As an additional issue I find I have no clear idea what encoding is allowed
> for the components of a basic auth input. --

You will want to read this: 
https://datatracker.ietf.org/doc/html/rfc7617#section-2.1
It talks about a "charset" auth-param, then seems to say that only allowed 
value is
utf-8 and you most have the unicode Normalization Form C ("NFC").

Oh and if you have the freedom avoid Basic Auth as its not secure at all.

> Robin Becker

Barry



-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Cyclic imports

[Barry Scott]

On Monday, 16 August 2021 16:13:47 BST Dan Stromberg wrote:
> Hi folks.
> 
> I'm working on a large codebase that has at least one cyclic import.
> 
> In case I end up needing to eliminate the cyclic imports, is there any sort
> of tool that will generate an import graph and output Just the cycles?
> 
> I tried pyreverse, but it produced too big a graph to be very useful; it
> showed all internal imports, not just the cycles.

I wrote this code to track down a cycling import.
Note  it handles import module, but not from module import.
You would need to make a (simple) edit to add that.

 py_import_time.py ---
#!/usr/bin/python3
import sys
import pathlib

class PyImportTree:
def __init__( self, main_module, python_path ):
self.main_module = main_module
self.python_path = python_path

self.all_modules = {}
self.loadTree( self.main_module )

self.all_being_imported = set()
self.problem_imports = 0

def loadTree( self, module_name ):
all_imports = self.allImports( module_name )
if all_imports is None:
return

self.all_modules[ module_name ] = all_imports

for module in all_imports:
if module not in self.all_modules:
self.loadTree( module )

def findModule( self, module_name ):
for folder in self.python_path:
abs_path = pathlib.Path( folder ) / ('%s.py' % (module_name,))
if abs_path.exists():
return abs_path

return None

def allImports( self, module_name ):
all_imports = []
filename = self.findModule( module_name )
if filename is None:
print( 'Error: Cannot find module %s' % (module_name,), 
file=sys.stderr )
return None

with open( str(filename), 'r' ) as f:
for line in f:
words = line.strip().split()
if words[0:1] == ['import']:
all_imports.append( words[1] )

return all_imports

def printTree( self ):
self.__printTree( self.main_module, 0 )
if self.problem_imports > 0:
print( '%d problem imports' % (self.problem_imports,), 
file=sys.stderr )

def __printTree( self, module_name, indent ):
if module_name not in self.all_modules:
return

if module_name in self.all_being_imported:
print( '%s%s' % ('>   '*indent, module_name) )
self.problem_imports += 1
return

print( '%s%s' % ('-   '*indent, module_name) )

self.all_being_imported.add( module_name )

for module in self.all_modules[ module_name ]:
self.__printTree( module, indent+1 )

self.all_being_imported.remove( module_name )

if __name__ == '__main__':
sys.setrecursionlimit( 30 )
sys.exit( PyImportTree( sys.argv[1], sys.argv[2:] ).printTree() )



-- 
https://mail.python.org/mailman/listinfo/python-list

Re: question on trax

[MRAB]

On 2021-08-17 16:50, joseph pareti wrote:

In the following code, where does tl.Fn come from? i see it nowhere in the
documents, i.e I was looking for trax.layers.Fn :

import numpy as np
*from trax import layers as tl*
from trax import shapes
from trax import fastmath
#
def Addition():
 layer_name = "Addition"  # don't forget to give your custom layer a
name to identify

 # Custom function for the custom layer
 def func(x, y):
 return x + y

 return *tl.Fn*(layer_name, func)


[snip]
It comes from using the line:

from trax import layers as tl

so it's equivalent to 'trax.layers.Fn'.
--
https://mail.python.org/mailman/listinfo/python-list

Re: basic auth request

[Chris Angelico]

On Wed, Aug 18, 2021 at 3:04 AM Robin Becker  wrote:
>
> While porting an ap from python2.7 to python3 I see this
>
> base64string = base64.b64encode('%s:%s' % (wsemail, wspassword))
> request.add_header("Authorization", "Basic %s" % base64string)
>
> in python3.x I find this works
>
> base64string = base64.b64encode(('%s:%s' % (wsemail, 
> wspassword)).encode('ascii')).decode('ascii')
> request.add_header("Authorization", "Basic %s" % base64string)
>
> but I find the conversion to and from ascii irksome. Is there a more direct 
> way to create the basic auth value?
>
> As an additional issue I find I have no clear idea what encoding is allowed 
> for the components of a basic auth input.

Hmm, I'm not sure what type your wsemail and wspassword are, but one
option would be to use bytes everywhere (assuming your text is all
ASCII).

wsemail = b"robin@becker.example"
wspassword = b"correct-battery-horse-staple"

base64string = base64.b64encode(b'%s:%s' % (wsemail, wspassword))

But otherwise, it's probably safest to keep using the encode and
decode. As to the appropriate encoding, that's unclear according to
the standard, but UTF-8 is probably acceptable. ASCII is also safe, as
it'll safely error out if it would be ambiguous.

https://stackoverflow.com/questions/7242316/what-encoding-should-i-use-for-http-basic-authentication

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

connection aborted error please help to fix it

[hi]

   Sent from [1]Mail for Windows



References

   Visible links
   1. https://go.microsoft.com/fwlink/?LinkId=550986
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Regarding inability of Python Module Winsound to produce beep in decimal frequency

[Dennis Lee Bieber]

On Tue, 17 Aug 2021 15:11:05 +1000, Chris Angelico 
declaimed the following:


>
>Huh. Okay. Then I withdraw the concern from this list, and instead lay
>it at Microsoft's feet. That is, I maintain, a bizarre choice. Surely
>there are better ways to trigger audio on the sound card?
>

Possibly there is a section of code that determines if a sound card is
available, and if not, routes to the basic internal speaker. The rest of
the wave form logic is probably still of use for that.


-- 
Wulfraed Dennis Lee Bieber AF6VN
wlfr...@ix.netcom.comhttp://wlfraed.microdiversity.freeddns.org/

-- 
https://mail.python.org/mailman/listinfo/python-list

basic auth request

[Robin Becker]

While porting an ap from python2.7 to python3 I see this

base64string = base64.b64encode('%s:%s' % (wsemail, wspassword))
request.add_header("Authorization", "Basic %s" % base64string)

in python3.x I find this works

base64string = base64.b64encode(('%s:%s' % (wsemail, 
wspassword)).encode('ascii')).decode('ascii')
request.add_header("Authorization", "Basic %s" % base64string)

but I find the conversion to and from ascii irksome. Is there a more direct way 
to create the basic auth value?

As an additional issue I find I have no clear idea what encoding is allowed for 
the components of a basic auth input.
--
Robin Becker

--
https://mail.python.org/mailman/listinfo/python-list

question on trax

[joseph pareti]

In the following code, where does tl.Fn come from? i see it nowhere in the
documents, i.e I was looking for trax.layers.Fn :

import numpy as np
*from trax import layers as tl*
from trax import shapes
from trax import fastmath
#
def Addition():
layer_name = "Addition"  # don't forget to give your custom layer a
name to identify

# Custom function for the custom layer
def func(x, y):
return x + y

return *tl.Fn*(layer_name, func)


# Test it
add = Addition()
# Inspect properties
print("-- Properties --")
print("name :", add.name)
print("expected inputs :", add.n_in)
print("promised outputs :", add.n_out, "\n")

# Inputs
x = np.array([3])
y = np.array([4])
print("-- Inputs --")
print("x :", x, "\n")
print("y :", y, "\n")

# Outputs
z = add((x, y))
print("-- Outputs --")
print("z :", z)

-- 
Regards,
Joseph Pareti - Artificial Intelligence consultant
Joseph Pareti's AI Consulting Services
https://www.joepareti54-ai.com/
cell +49 1520 1600 209
cell +39 339 797 0644
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: on perhaps unloading modules?

[Martin Di Paola]

This may not answer your question but it may provide an alternative 
solution.


I had the same challenge that you an year ago so may be my solution will 
work for you too.


Imagine that you have a Markdown file that *documents* the expected 
results.


--8<---cut here---start->8---
This is the final exam, good luck!

First I'm going to load your code (the student's code):

```python

import student

```

Let's see if you programmed correctly a sort algorithm

```python

data = [3, 2, 1, 3, 1, 9]
student.sort_numbers(data)

[1, 1, 2, 3, 3, 9]
```

Let's now if you can choose the correct answer:

```python

t = ["foo", "bar", "baz"]
student.question1(t)

"baz"
```
--8<---cut here---end--->8---

Now you can run the snippets of code with:

  byexample -l python the_markdown_file.md

What byexample does is to run the Python code, capture the output and 
compare it with the expected result.


In the above example "student.sort_numbers" must return the list sorted.  
That output is compared by byexample with the list written below.


Advantages? Each byexample run is independent of the other and the 
snippet of codes are executed in a separated Python process. byexample 
takes care of the IPC.


I don't know the details of your questions so I'm not sure if byexample 
will be the tool for you. In my case I evaluate my students giving them 
the Markdown and asking them to code the functions so they return the 
expected values.


Depending of how many students you have you may considere to complement 
this with INGInious. It is designed to run students' assignments 
assuming nothing on the untrusted code.


Links:

https://byexamples.github.io/byexample/
https://docs.inginious.org/en/v0.7/


On Sun, Aug 15, 2021 at 12:09:58PM -0300, Hope Rouselle wrote:

Hope Rouselle  writes:

[...]


Of course, you want to see the code.  I need to work on producing a
small example.  Perhaps I will even answer my own question when I do.


[...]

Here's a small-enough case.  We have two students here.  One is called
student.py and the other is called other.py.  They both get question 1
wrong, but they --- by definition --- get question 2 right.  Each
question is worth 10 points, so they both should get losses = 10.

(*) Student student.py

--8<---cut here---start->8---
def question1(t): # right answer is t[2]
 return t[1] # lack of attention, wrong answer
--8<---cut here---end--->8---

(*) Student other.py

--8<---cut here---start->8---
def question1(t): # right answer is t[2]
 return t[0] # also lack of attention, wrong answer
--8<---cut here---end--->8---

(*) Grading

All is good on first run.

Python 3.5.2 [...] on win32
[...]

reproducible_problem()

student.py, total losses 10
other.py, total losses 10

The the problem:


reproducible_problem()

student.py, total losses 0
other.py, total losses 0

They lose nothing because both modules are now permanently modified.

(*) The code of grading.py

--8<---cut here---start->8---
# -*- mode: python; python-indent-offset: 2 -*-
def key_question1(t):
 # Pretty simple.  Student must just return index 2 of a tuple.
 return t[2]

def reproducible_problem(): # grade all students
 okay, m = get_student_module("student.py")
 r = grade_student(m)
 print("student.py, total losses", r) # should be 10
 okay, m = get_student_module("other.py")
 r = grade_student(m)
 print("other.py, total losses", r) # should be 10

def grade_student(m): # grades a single student
 losses  = question1_verifier(m)
 losses += question2_verifier(m)
 return losses

def question1_verifier(m):
 losses = 0
 if m.question1( (0, 1, 2, 3) ) != 2: # wrong answer
   losses = 10
 return losses

def question2_verifier(m):
 m.question1 = key_question1
 # To grade question 2, we overwrite the student's module by giving
 # it the key_question1 procedure.  This way we are able to let the
 # student get question 2 even if s/he got question 1 incorrect.
 losses = 0
 return losses

def get_student_module(fname):
 from importlib import import_module
 mod_name = basename(fname)
 try:
   student = import_module(mod_name)
 except Exception as e:
   return False, str(e)
 return True, student

def basename(fname): # drop the the .py extension
 return "".join(fname.split(".")[ : -1])
--8<---cut here---end--->8---
--
https://mail.python.org/mailman/listinfo/python-list

--
https://mail.python.org/mailman/listinfo/python-list

FlaskCon's Call For Volunteers Is On

[Abdur-Rahmaan Janhangeer]

Greetings list,

As preparations for FlaskCon intensifies, the call for
volunteers goes live:
https://twitter.com/FlaskCon/status/1427542892642410502?s=20

You can also chip in directly here:
https://docs.google.com/forms/d/e/1FAIpQLSfsHNBcclWSmVkk4LDD_EnlhrlKdWlGOakdwbt5PbaFklpHAA/viewform

According to previsions, it might be the last Python conf of the year!

Kind Regards,

Abdur-Rahmaan Janhangeer
about  | blog

github 
Mauritius
-- 
https://mail.python.org/mailman/listinfo/python-list