Re: Python Linear Programming on Ubuntu

[Fett]

On Sep 16, 9:44 pm, "Aaron \"Castironpi\" Brady"
<[EMAIL PROTECTED]> wrote:
> On Sep 16, 9:25 pm, Fett <[EMAIL PROTECTED]> wrote:
>
>
>
> > On Sep 16, 9:00 pm, "Aaron \"Castironpi\" Brady"
>
> > <[EMAIL PROTECTED]> wrote:
> > > On Sep 16, 8:50 pm, Fett <[EMAIL PROTECTED]> wrote:
>
> > > > I am trying to find a wrapper to do linear programming within python.
> > > > I am using an ubuntu machine and I have apt-get'd lp_solve, which
> > > > works just fine. If someone knows of a wrapper that will work with
> > > > that that'd be great.
>
> > > > I also heard that scipy has a wrapper, however, I can't find any
> > > > documentation on it, nor can I seem to find it with dir(). If anyone
> > > > knows where there is good documentation on this I would love to use
> > > > that (the more native to python the better imo).
>
> > > > I have tried many things, 
> > > > includinghttp://lpsolve.sourceforge.net/5.5/Python.htm,
> > > > openopt, and cvxopt. I can't seem to find any with enough
> > > > documentation to get me off the ground. Some I can't compile, some I
> > > > can't even find out how to compile.
>
> > > > If anyone knows of an LP package (preferably with IP as well, like
> > > > lp_solve has), that interfaces well with python and has enough
> > > > documentation to get a dependency newb like myself off the ground that
> > > > would be great.
>
> > > Google says:
>
> > > about 254,000 for linear programming python.
>
> > > Link 3 is:
>
> > >http://wiki.python.org/moin/NumericAndScientific/Libraries
>
> > > Scroll down.
>
> > Yes, many of those seem to be deprecated, without destinations to
> > links, most are poorly or not documented at all. The few that are, I
> > still can't get running. Of those 254, I think I have tried at least
> > 10 pages worth. Still no luck.
>
> > # lpsolvpy - Can't get it to compile - dependency problems.
> > # Lp_solve5 - NO python binding yet. Volunteers needed for python
> > bindings.
> > # pycplex - You need to compile the CPX.so module. Change the required
> > paths to CPLEX, Python and numpy in the Makefile, and type "make". Not
> > sure what to do here.
> > # GLPK (GNU Linear Programming Kit) - Hrm... might be something here,
> > I missed the second link to the python bindings, looked all over the
> > glpk site for anything about python.
> > # SciPy --http://www.scipy.org-supposedly has this, but as I said,
> > I can't find any mention of it anywhere but on the site you linked.
> > # pySimplex - (broken link)(broken link)
> > # Simplex - link is broken, but nothing is mentioned
>
> > I'll take a closer look at glpk's python bindings and if there is any
> > documentation on them, maybe I'll have some luck. btw, I have been
> > looking for something that works, I have over 5 packages on my desktop
> > that I have tried to get up and running, but none of them seem to
> > work. glpk makes 6.
>
> If you can find one working in C, use ctypes to link into Python.  We
> can help you with that part.  It lets you pass primitive types,
> structs, arrays, pointers, to C modules and return values.  You need
> to know the C signatures to set up the Pythonized signatures.

Ok, it seems that I have found one (although without an integer
programming component): upon searching for glpk in the package manager
in ubuntu I found a package called cvxopt, it is a bit clunky
(compared to the niceness of lp_solve), but I think I can figure this
one out. Thanks all who answered.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Python Linear Programming on Ubuntu

[Fett]

On Sep 16, 9:00 pm, "Aaron \"Castironpi\" Brady"
<[EMAIL PROTECTED]> wrote:
> On Sep 16, 8:50 pm, Fett <[EMAIL PROTECTED]> wrote:
>
>
>
> > I am trying to find a wrapper to do linear programming within python.
> > I am using an ubuntu machine and I have apt-get'd lp_solve, which
> > works just fine. If someone knows of a wrapper that will work with
> > that that'd be great.
>
> > I also heard that scipy has a wrapper, however, I can't find any
> > documentation on it, nor can I seem to find it with dir(). If anyone
> > knows where there is good documentation on this I would love to use
> > that (the more native to python the better imo).
>
> > I have tried many things, 
> > includinghttp://lpsolve.sourceforge.net/5.5/Python.htm,
> > openopt, and cvxopt. I can't seem to find any with enough
> > documentation to get me off the ground. Some I can't compile, some I
> > can't even find out how to compile.
>
> > If anyone knows of an LP package (preferably with IP as well, like
> > lp_solve has), that interfaces well with python and has enough
> > documentation to get a dependency newb like myself off the ground that
> > would be great.
>
> Google says:
>
> about 254,000 for linear programming python.
>
> Link 3 is:
>
> http://wiki.python.org/moin/NumericAndScientific/Libraries
>
> Scroll down.

Yes, many of those seem to be deprecated, without destinations to
links, most are poorly or not documented at all. The few that are, I
still can't get running. Of those 254, I think I have tried at least
10 pages worth. Still no luck.

# lpsolvpy - Can't get it to compile - dependency problems.
# Lp_solve5 - NO python binding yet. Volunteers needed for python
bindings.
# pycplex - You need to compile the CPX.so module. Change the required
paths to CPLEX, Python and numpy in the Makefile, and type "make". Not
sure what to do here.
# GLPK (GNU Linear Programming Kit) - Hrm... might be something here,
I missed the second link to the python bindings, looked all over the
glpk site for anything about python.
# SciPy -- http://www.scipy.org - supposedly has this, but as I said,
I can't find any mention of it anywhere but on the site you linked.
# pySimplex - (broken link)(broken link)
# Simplex - link is broken, but nothing is mentioned

I'll take a closer look at glpk's python bindings and if there is any
documentation on them, maybe I'll have some luck. btw, I have been
looking for something that works, I have over 5 packages on my desktop
that I have tried to get up and running, but none of them seem to
work. glpk makes 6.
--
http://mail.python.org/mailman/listinfo/python-list

Python Linear Programming on Ubuntu

[Fett]

I am trying to find a wrapper to do linear programming within python.
I am using an ubuntu machine and I have apt-get'd lp_solve, which
works just fine. If someone knows of a wrapper that will work with
that that'd be great.

I also heard that scipy has a wrapper, however, I can't find any
documentation on it, nor can I seem to find it with dir(). If anyone
knows where there is good documentation on this I would love to use
that (the more native to python the better imo).

I have tried many things, including 
http://lpsolve.sourceforge.net/5.5/Python.htm,
openopt, and cvxopt. I can't seem to find any with enough
documentation to get me off the ground. Some I can't compile, some I
can't even find out how to compile.

If anyone knows of an LP package (preferably with IP as well, like
lp_solve has), that interfaces well with python and has enough
documentation to get a dependency newb like myself off the ground that
would be great.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Can anyone suggest a good crypto package?

[Fett]

On Sep 4, 8:04 pm, Paul Rubin  wrote:
> If you just want to authenticate the strings without confidentiality,
> use the built-in HMAC module.  But beware of replay attacks.

I looked into this and it looks like I might be able to get by with
this. I didn't find this function before, I am asking my primary
customer if the signature would be sufficient.

I am having trouble seeing how I would post the encrypted data to a
website and get it back without it changing some. So this option might
work better for me (at least quicker), if he's ok with that option.

By replay attack I assume you mean posting old data with the signature
that is valid for that data? Thanks for the warning, I suppose I could
include a date/timestamp in the data.

Thanks again, this has been very helpful.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Can anyone suggest a good crypto package?

[Fett]

On Sep 4, 3:09 pm, Paul Rubin <http://[EMAIL PROTECTED]> wrote:
> Fett <[EMAIL PROTECTED]> writes:
> > Is there any crypto package that is actually written in python? I
> > seriously don't care how slow it is.
>
> I wrote a simple symmetric encryption function in python:
>
>  http://nightsong.com/phr/crypto/p3.py
>
> I wrote a somewhat fancier package that did public key a while back,
> that is unreleased because of insufficient testing and some features
> I'd like to have done differently, but I ought to get around to
> cleaning it up sometime.
>
> There is also tlslite, which you might be able to extract
> some public key functions from:  http://trevp.net/tlslite

Wow, I have no idea how that works, but I think it will do nicely. The
main goal is simply to ensure that data coming in (from a website), is
valid (ie. posted by me). The site is supposedly secure, and the code
only accepts data of the type I expect, so the only security risk was
someone posting bad data. This simple method should stop anyone from
bothering to do even that.

Kudos for writing the code in a way that I can see how it is used,
even without documentation this is small enough to dissect.

Thank you, I think we have a winner. (BTW, I have no idea how this
whole encrypting gives many strings, decrypting all gives the correct
one works, but it sure seems to work just fine, more fully featured
than I even felt I needed.)
--
http://mail.python.org/mailman/listinfo/python-list

Re: Can anyone suggest a good crypto package?

[Fett]

On Sep 4, 2:23 pm, Mike Driscoll <[EMAIL PROTECTED]> wrote:
> On Sep 4, 1:39 pm, Fett <[EMAIL PROTECTED]> wrote:
>
>
>
> > I need a crypto package that works on windows with python 2.5. Can
> > anyone suggest one for me?
>
> > I have been searching for a couple days for a good cryptography
> > package to use for public/private key encryption, at this point I
> > would settle for symmetric even.
>
> > Every encryption package I have found for python was either operating
> > system specific (read *nix 
> > only):http://www.freenet.org.nz/ezPyCrypto/http://www.keyczar.org/
>
> > There was one exception, this version was specifically built to run on
> > any platform (yay), but the compiler for windows complained that I
> > wasn't using python2.2 (though the package was said to only need 2.2
> > or newer).
>
> > Is there any crypto package that is actually written in python? I
> > seriously don't care how slow it is.
>
> How about M2Crypto:http://chandlerproject.org/Projects/MeTooCrypto#Downloads
>
> Mike

Seems that this is intended more for webapps or something, I intend to
use this for a client application. This means that I can't require
outside dependencies, or I risk annoying the clients (if you have
installed many open-source projects with dependencies that aren't
handled by portage/apt-get, you know what I would be doing to them).

I seriously can't believe that there isn't a single python native
crypto package. Why do they all need to have outside dependencies?
--
http://mail.python.org/mailman/listinfo/python-list

Can anyone suggest a good crypto package?

[Fett]

I need a crypto package that works on windows with python 2.5. Can
anyone suggest one for me?

I have been searching for a couple days for a good cryptography
package to use for public/private key encryption, at this point I
would settle for symmetric even.

Every encryption package I have found for python was either operating
system specific (read *nix only):
http://www.freenet.org.nz/ezPyCrypto/
http://www.keyczar.org/

There was one exception, this version was specifically built to run on
any platform (yay), but the compiler for windows complained that I
wasn't using python2.2 (though the package was said to only need 2.2
or newer).

Is there any crypto package that is actually written in python? I
seriously don't care how slow it is.
--
http://mail.python.org/mailman/listinfo/python-list

Re: eval() == evil? --- How to use it safely?

[Fett]

> Your way of thinking is similar to Microsoft's. Encrypting and Signing
> is a kludge, a real fix should fix the underlying cause. Anyway using
> data parsers isn't that much harder than using eval/exec.

While I agree that in this situation I should do both, what would you
propose for cases where the data being sent is supposed to be
executable code:

I happen to know that for enterprise disk drives (like what Google
uses to store everything) the firmware is protected by exactly what I
describe. Since the firmware has to be able to run, the kind of fix
you propose is not possible. I would assume that if this kind of data
transfer was deemed poor, that Google and others would be demanding
something better (can you imagine if Google's database stopped working
because someone overwrote the firmware on their hard-drive?).

Again, I suppose that in this case writing a parser is a better option
(parsing a dict with strings by hand is faster than reading
documentation on someone else's parser anyway), but both is the best
option by far.

Again, thank you all for your help.
--
http://mail.python.org/mailman/listinfo/python-list

Re: eval() == evil? --- How to use it safely?

[Fett]

On Aug 29, 7:42 am, Fett <[EMAIL PROTECTED]> wrote:
> On Aug 28, 7:57 pm, Paul Rubin <http://[EMAIL PROTECTED]> wrote:
>
> So long story short: if I am expecting a dictionary of strings, I
> should make a parser that only accepts a dictionary of strings then.
> There is no safe way to use an existing construct.
>
> That is what I was afraid of. I know I will have to deal with the
> possibility of bad data, but considering my use (an acronym legend for
> a database), and the fact that the site I plan to use should be
> secure, these issues should be minimal. The users should be able to
> spot any obvious false data, and restoring it should be simple.
>
> Many thanks to all of you for your alarmist remarks. I certainly don't
> want to, in any way, put my clients computers at risk by providing
> unsafe code.

On a related note, what if I encrypted and signed the data, then only
ran eval() on the string after it was decrypted and the signature
verified?

It has occurred to me that posting this data on a site might not be
the best idea unless I can be sure that it is not read by anyone that
it shouldn't be. So I figure an encrypting is needed, and as long as I
can sign it as well, then only people with my private signing key
could pass bad data, much less harmful strings.
--
http://mail.python.org/mailman/listinfo/python-list

Re: eval() == evil? --- How to use it safely?

[Fett]

On Aug 28, 7:57 pm, Paul Rubin  wrote:

So long story short: if I am expecting a dictionary of strings, I
should make a parser that only accepts a dictionary of strings then.
There is no safe way to use an existing construct.

That is what I was afraid of. I know I will have to deal with the
possibility of bad data, but considering my use (an acronym legend for
a database), and the fact that the site I plan to use should be
secure, these issues should be minimal. The users should be able to
spot any obvious false data, and restoring it should be simple.

Many thanks to all of you for your alarmist remarks. I certainly don't
want to, in any way, put my clients computers at risk by providing
unsafe code.

--
http://mail.python.org/mailman/listinfo/python-list

eval() == evil? --- How to use it safely?

[Fett]

I am creating a program that requires some data that must be kept up
to date. What I plan is to put this data up on a web-site then have
the program periodically pull the data off the web-site.

My problem is that when I pull the data (currently stored as a
dictionary on the site) off the site, it is a string, I can use eval()
to make that string into a dictionary, and everything is great.
However, this means that I am using eval() on some string on a web-
site, which seems pretty un-safe.

I read that by using eval(code,{"__builtins__":None},{}) I can prevent
them from using pretty much anything, and my nested dictionary of
strings is still allowable. What I want to know is:

What are the dangers of eval?
- I originally was using exec() but switched to eval() because I
didn't want some hacker to be able to delete/steal files off my
clients computers. I assume this is not an issue with eval(), since
eval wont execute commands.
- What exactly can someone do by modifying my code string in a command
like: thing = eval(code{"__builtins__":None},{}), anything other than
assign their own values to the object thing?
--
http://mail.python.org/mailman/listinfo/python-list