Re: (Modular-)Application Framework / Rich-Client-Platform in Python
Stef Mientki [EMAIL PROTECTED] writes: I took a look at Eclipse page you mentioned but after reading the first page I still don't understand what you mean (and I never read beyond the first page ;-). With a plugin system, I can think of a complete operating system, or I can think of something like a DTP, or simply Word, or I can think of something like Signal WorkBench etc. The approach taken by Eclipse is exactly like that taken by emacs so many years ago of creating a minimalist framework that offers a bare bones user interface and services for running libraries. Everything else is a plug-in library that changes the behavior of that interface. So if you want an editor for language foo, you would customize a view interface to display foo objects, and an editor interface to display and modify foo text. You might customize other view objects to display documentation, compilation, and debugging information. (The fact that Eclipse and emacs are both rather lean programs is obsucred by the sheer quantity of plug-ins that have become a part of the standard installation.) cheers, Stef Mientki -- Kirk Job Sluder -- http://mail.python.org/mailman/listinfo/python-list
Re: Trying to choose between python and java
Anthony Irwin [EMAIL PROTECTED] writes: #1 Does python have something like javas .jar packages. A jar file contains all the program files and you can execute the program with java -jar program.jar Python does this with eggs and distutils that copy your files into the proper location. For os x you also have py2applet which creates an application bundle that can be put onto a disk image and dragged into the Applications folder. A similar utility exists for MSWin, but I've not used it. #2 What database do people recommend for using with python that is easy to distribute across linux, mac, windows. pysqlite3 for python is included in python 2.5 and can be added to python 2.4. For java you would probably use HyperSonic or Derby. At least one winner in the java camp for me is db4o, which is a bit like shelve on steroids with an object-oriented query language. #4 If I write a program a test it with python-wxgtk2.6 under linux are the program windows likely to look right under windows and mac? There are enough idiom differences between OS X, MSWin, Gnome and Qt that native look and feel is very, very difficult to achieve. Java comes close with SWT. WxPython applications seem to port badly to OS X, and are tricky to build into an application bundle. As a example of how these differences in idioms can become problems, Mozilla Thunderbird on OS X regularly has issue with unmodified keybindings. With Thunderbird 2.0 shift-J marks a message as junk, even when you are entering text into a dialog box. The tkinter application Leo uses the control key as a modifier on OS X rather than the command key. The basic point is that you need to test on all platforms you want to develop for. My very biased view of the domain is as follows: OS X/Cocoa: PyObjC KDE + Win + OS X/X11: PyQt Win + Gnome + OS X/Carbon: wxPython or Jython+SWT Simple, easy, and universal: tkinter Rich, complex, and universal: Jython+Swing Also does anyone else have any useful comments about python vs java without starting a flame war. I've found it useful to use a mix of pure java and jython, although I'm still working through some gotchas in regards to compiling jython code that's acessible from java. -- Kind Regards, Anthony Irwin http://www.irwinresources.com http://www.makehomebusiness.com email: anthony at above domains, - www. -- Kirk Job Sluder -- http://mail.python.org/mailman/listinfo/python-list
Re: Basic question
Cesar G. Miguel [EMAIL PROTECTED] writes: I've been studying python for 2 weeks now and got stucked in the following problem: for j in range(10): print j if(True): j=j+2 print 'interno',j What happens is that j=j+2 inside IF does not change the loop counter (j) as it would in C or Java, for example. Granted this question has already been answered in parts, but I just wanted to elaborate. Although the python for/in loop is superficially similar to C and Java for loops, they work in very different ways. Range creates a list object that can create an iterator, and the for/in construct under the hood sets j to the results of iterator.next(). The equivalent completely untested java would be something like: public ArrayListObject range(int n){ a = new ArrayListObject; //Java 1.5 addition I think. for(int x=0,xn,x++){ a.add(new Integer(x)); } return a; } Iterator i = range(10).iterator(); Integer j; while i.hasNext(){ j = i.next(); system.out.println(j.toString()); j = j + 2; system.out.println(interno + j.toString()); } This probably has a bunch of bugs. I'm learning just enough java these days to go with my jython. 1: Python range() returns a list object that can be expanded or modified to contain arbitrary objects. In java 1.5 this would be one of the List Collection objects with a checked type of java.lang.Object. So the following is legal for a python list, but would not be legal for a simple C++ or Java array. newlist = range(10) newlist[5] = foo newlist[8] = open(filename,'r') 2: The for/in loop takes advantage of the object-oriented nature of list objects to create an iterator for the list, and then calls iterator.next() until the iterator runs out of objects. You can do this in python as well: i = iter(range(10)) while True: try: j = i.next() print j j = j + 2 print j except StopIteration: break Python lists are not primitive arrays, so there is no need to explicitly step through the array index by index. You can also use an iterator on potentially infinite lists, streams, and generators. Another advantage to for/in construction is that loop counters are kept nicely separate from the temporary variable, making it more difficult to accidentally short-circuit the loop. If you want a loop with the potential for a short-circuit, you should probably use a while loop: j = 0 while j 10: if j == 5: j = j + 2 else: j = j + 1 print j Am I missing something? []'s Cesar -- Kirk Job Sluder -- http://mail.python.org/mailman/listinfo/python-list
Re: SQLite problems
[EMAIL PROTECTED] writes: Hi there, I run Python 2.5 on a Mac OS X system with SQLite 3.2.8 installed via fink. Today I stumbled over the problem, that the sqlite3 module and sqlite3 from fink do not seem to work well together. I brought it down to this: Any ideas? miss-match of versions between the fink and the Apple-supplied sqlite3? Regards, -Justin -- Kirk Job Sluder -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption with python
Steven D'Aprano [EMAIL PROTECTED] writes: On Wed, 07 Sep 2005 14:31:03 -0700, jlocc wrote: Basically I will like to combine a social security number (9 digits) and a birth date (8 digits, could be padded to be 9) and obtain a new 'student number'. It would be better if the original numbers can't be traced back, they will be kept in a database anyways. Hope this is a bit more specific, thanks!!! There are one-way encryption functions where the result can't easily be traced back to the input, but why do you need the input anyway? Well, there is a form of security design that involves one-way encryption of confidential information. You might want to be able to search on SSN, but not have the actual SSN stored in the database. So, you are prepared to deal with the inevetable, I lost my password/student ID, can you still look up my records? Don't think it applies in this case, but might in some other cases. -- Steven. -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption with python
Paul Rubin http://[EMAIL PROTECTED] writes: Kirk Job Sluder [EMAIL PROTECTED] writes: Well, there is a form of security design that involves one-way encryption of confidential information. You might want to be able to search on SSN, but not have the actual SSN stored in the database. So, you are prepared to deal with the inevetable, I lost my password/student ID, can you still look up my records? The minute you provide a way to do that without secret keys, you have a security hole. Providing any kind of access to data involves creating a security hole. This is the biggest flaw in most discussions of computer security. Too much of it depends on everyone remembering (and using) unique cryptographically strong keys. You have a client on the phone who needs access to information, but has forgotten or lost the 10-digit unique ID and the PIN you gave them two years ago. How do you provide that client with the information he or she needs? This is the kind of dilemma that one-way encryption is designed to make a tiny bit safer. SSNs + some other secret (such as mother's maiden name) is certainly crappy security. However, I don't think we are going to see widespread adoption of anything better in the near future. But even if we go with more secure authentication tokens, there is usually no reason to store the authentication token in plaintext. SSN's are 9 digits which means there are 1 billion of them. If there are 100,000 hashed SSN's in the database, the attacker (since this is clpy) can read them all into a Python dict. S/he then starts generating SSN's at random and hashing them and checking whether those hashes appear in the dict. Doing stuff like iterated hashes to slow the attacker down doesn't help that much: the attacker needs to hash only 10,000 or so SSN's to be likely to hit one that's in the dict. If the attacker can hash all 10**9 SSN's, which isn't all that terribly many, every SSN in the database spills. Of course, an additional step I didn't mention was that in actual practice the SSNs would be hashed with a strong random secret key. But from my point of view, the possibility for dictionary attacks is pretty much unavoidable as long as we are dealing just with memorized tokens. We've been bitching, whining and moaning about the small keyspace and poor quality of what users are willing to memorize for 20 years. We can complain about it for the next 10 which is about how long it will take for any kind of alternative to be adopted. I still think that one-way hashing of authentication secrets is better than plain-text storage. Bottom line: to keep confidential stuff secure, you need actual security. The only way to keep confidential stuff secure is to shred it, burn it, and grind the ashes. I think the fundamental problem is that that most customers don't want actual security. They want to be able to get their information by calling a phone number and saying a few words/phrases they memorized in childhood. Given the current market, it seems to be cheaper to deal with breaks after the fact than to expect more from customers. -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption with python
Paul Rubin http://[EMAIL PROTECTED] writes: Kirk Job Sluder [EMAIL PROTECTED] writes: We're told there is already a secure database in the picture somewhere, or at least one that unescapeably contains cleartext SSN's, so that's the system that should assign the ID numbers and handle SSN-based queries. Well, IMO just having cleartext SSNs is questionable practice unless you need those SSNs to report to some other agency that takes SSNs. And even so, you might want to limit access to plaintext SSNs to a limited group, and give access to the hashed SSNs as a search key to a different group. I think the fundamental problem is that that most customers don't want actual security. They want to be able to get their information by calling a phone number and saying a few words/phrases they memorized in childhood. A voice exemplar stored at enrollment time plus a question or two like what classes did you take last term could easily give a pretty good clue that the person saying the words/phrases is the legitimate student. In my experience the typical student has trouble remembering what happened last week, much less last term. In addition, universities frequently need to field questions from people who were students years ago. Are voice exemplars at that stage yet? Customers legitimately want actual security without having to care how hash functions work, just like they want safe transportation without having to care about how jet engine turbopumps work. Air travel is pretty safe because if the airline fails to maintain the turbopumps and a plane goes down, there is hell to pay. There is huge legal and financial incentive for travel vendors (airlines) to not cut corners with airplane safety. But vendors who deploy incompetently designed IT systems full of confidential data resulting in massive privacy breaches face no liability at all. I'm more than happy to agree to disagree on this, but I see it differently. In aviation there certainly is a bit of risk-benefit analysis going on in thinking about whether the cost of a given safety is justified given the benefits in risk reduction. Likewise, credit companies are currently making money hand-over-fist. If an identity is compromised, it's cheaper for them to just close the account, refund the money, and do their own fraud investigation after the fact. Meanwhile, for every person who gets stung, there are a hundred wanting convenience. In addition, the losses due to bad cryptographic implementation appear to be trivial compared to the losses due to social engineering. -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption with python
Paul Rubin http://[EMAIL PROTECTED] writes: Kirk Job Sluder [EMAIL PROTECTED] writes: Likewise, credit companies are currently making money hand-over-fist. If an identity is compromised, it's cheaper for them to just close the account, refund the money, and do their own fraud investigation after the fact. You don't get it. Refunding the money improperly charged on a single card doesn't begin to compensate for the hassle of undoing an identity theft. If airlines worked the way you're suggesting the credit industry should work, and a plane went down, the airline would be off the hook by refunding your estate the price of your ticket. It's only because they face much further-reaching liability than that, that they pay so much attention to safety. Oh, I'm not suggesting the credit industry should work that way. I'm just saying that's the way they will work as long as they can push off the costs for dealing with problems onto interest rates and other fees. -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption with python
Ron Adam [EMAIL PROTECTED] writes: Kirk Job Sluder wrote: They want to be able to get their information by calling a phone number and saying a few words/phrases they memorized in childhood. Given the current market, it seems to be cheaper to deal with breaks after the fact than to expect more from customers. I would think that any n digit random number not already in the data base would work for an id along with a randomly generated password that the student can change if they want. The service provider has full access to the data with their own set of id's and passwords, so in the case of a lost id, they can just look it up using the customers name and/or ssn, or whatever they decide is appropriate. In the case of a lost password, they can reset it and get another randomly generated password. Or am I missing something? Not really. My suggestion is that in many cases, if the data is being used only as a backup password or authentication token, there is no need for that data to be stored in plaintext. For example, with the ubiquitous mother's maiden name * there is frequently no need to actually have Smith, Jones, or Gunderson in the database. bf65d781795bb91ee731d25f9a68a5aeb7172bc7 serves the same purpose. There are other cases where one-way anonymity is better than a table linking people to randomly generated userIDs. I'd rather use cryptographic hashes for research databases than keep a table matching people to random numbers hanging around. But I'm weird that way. * I think mother's maiden name is a really poor method for backup authentication because for a fair number of people in the U.S., it will be identical to their current surname, and for the rest, it's trivial to discover. Cheers, Ron -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Lisp development with macros faster than Python development?..
Kay Schluehr [EMAIL PROTECTED] writes: Kirk Job Sluder schrieb: In what way do lisp macros prevent the creation of modular libraries? Common Lisp does does have mechanisms for library namespaces, and in practice a macro contained within a library is not that much different from a function contained in a library or a class contained in a library. Macros just provide another mechanism for creating useful domain-specific abstractions. To be honest I don't understand what a domain-specific abstraction could be? What is the benefit of abstractions if they are not abstracting from particular domain specific stuff? The usual trend in higher level languages is to abstract away from the algorithmic details into domain-specific applications. So for example, rather than writing a block of code for handling the regular expression '[a-zA-Z]+, then a different block of code for the case, 'a|b|c', we have a regular expression library that packages up the algorithm and the implementation details into an interface. The python standard library is basically a collection of such abstractions. In python you usually work with strings as an object, rather than as an array of byte values interpreted to be linguistic characters located at a specific memory address as you would in c. Object oriented programming is all about creating domain-specific abstractions for data. This enables us to talk about GUIs as widgits and frames in addition to filling in pixels on a screen. Or to talk about an email Message as a collection of data that will be stored in a certain format, without having to do sed-like text processing. The primary advantage to macros is that you can create abstractions with functionality that is not easily described as either a function or a class definition. As long as macros are used to create new language features such as an object system like CLOS this technique may be perfectly justified for language developers ( ! ) but I still consider it as a bad idea to muddle the language development and the application development, that seems to be the favourite programming style of Paul Graham. On the other hand thinking about language development as a certain application domain I find nothing wrong with the idea that it once reaches somehow a state of a mature product that should not be altered in arbitrary manner for the sake of a large user community. Well, at this point, Common Lisp has been formally standardized, so changing the core standard would be very difficult. There is in fact, strong resistance to reopening the standards process at this time, based on the impression that most of what needs to be done, can be accomplished by developing libraries. So I think that CL as a mature product is not altered in an arbitrary manner. However, from my view, quite a bit of development in python involves adding new language constructs in the form of classes, functions, and instance methods, as well as interfaces to C and C++ libraries. I would argue this is one of the core strengths of python as a language, the fact that we are only limited to the builtin functions and standard library if we choose to be. As an example, whenever I work with a new data source, I usually end up creating a class to describe the kinds of records I get from that data source. And some functions for things that I find myself repeating multiple times within a program. Macros are just another way to write something once, and use it over and over again. Kay -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Lisp development with macros faster than Python development?..
Kay Schluehr [EMAIL PROTECTED] writes: This might be a great self experience for some great hackers but just annoying for others who used to work with modular standard librarys and think that the border of the language and an application should be somehow fixed to enable those. In what way do lisp macros prevent the creation of modular libraries? Common Lisp does does have mechanisms for library namespaces, and in practice a macro contained within a library is not that much different from a function contained in a library or a class contained in a library. Macros just provide another mechanism for creating useful domain-specific abstractions. The primary advantage to macros is that you can create abstractions with functionality that is not easily described as either a function or a class definition. Kay -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Lisp development with macros faster than Python development?..
[EMAIL PROTECTED] [EMAIL PROTECTED] writes: I've been reading the beloved Paul Graham's Hackers and Painters. He claims he developed a web app at light speed using Lisp and lots of macros. It got me curious if Lisp is inherently faster to develop complex apps in. It would seem if you could create your own language in Lisp using macros that that would be quite an advantage Well, for me, I was playing around with lisp and developing in python for my little scripts until I finally hit something that could leverage a lisp macro to create a new type of iterator. After that things moved foward at a rapid speed. Another point in lisp's favor is that I prefer nested s-expressions to the sometimes ugly mashup of functional and OO calls that I end up creating in python. On the other hand, python benefits from a much richer standard library, so some of the things you take for granted in python such as string.split(None,3) need to be found or created. thanks! Chris -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Is pyton for me?
Mike Meyer [EMAIL PROTECTED] writes: Mark de+la+Fuente [EMAIL PROTECTED] writes: I need to write simple scripts for executing command line functions. Up till now I've used C-Shell scripts for this, but I'm looking for a better alternative. And I keep reading about how easy it is to program with python. As others pointed out, Python isn't a shell, or even a shell scripting language, so it doesn't handle what you're doing in a natural way. Because of that, it may not be the language for you. Python has features that work well for building large systems, but those tend to cause extra work when you want to do things that other languages make simple. I agree with this approach. For me, there has to be a certain level of complexity before I reach for python as a tool. This usually involves one or more of the following: 1: text processing involving multiple files. For example, running statistics on file A, looking up values stored in file B. 2: cases where the overhead of repeatedly opening processes and pipes becomes unacceptable. For example: for f in file/*; do cp $f $f.bak sed -e 'something' $f.bak $f done This works well with small numbers of files. But even though sed is quicker than python, starting a new sed process with every iteration quickly stacks up. Rewriting the entire thing to run as a single process can dramatically improve performance. Although this might be a case of premature optimization. 3: cases where figuring out how to do something using one of the POSIX shell utilities makes my head hurt. Personally, I hate popen and avoid using it when possible. There is nothing wrong with sh as a glue language when all you need is something like: grep text file | filter | filter output_file. mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Changing a line in a text file
Steve Holden [EMAIL PROTECTED] writes: kah wrote: However, you asked about replacing one line with another of a different length: since this will mean changing the offsets of all subsequent bytes you have no way to do this other than writing out the whole content of the file following the modification. You would also have to ensure that you truncated the file to the correct length. In general, although they don't make it obvious that they are doing so most programs that change files (text editors and the like) are really writing new copies. In addition, I would argue that editing a file in place using a non-interactive program is dangerous and bad practice in general. By the time you find a bug in your edit script, the original is lost. This is something I learned from bitter experience when I tried to be smart and make script-based edits over entire directories of html files. In unix shell scripting idiom, I would do something like: mv file file.bak sed -e 'g/oldline/c newline' file.bak file And yes, I know that some versions of sed have the --in-place option. Then, I would check for side effects: diff file file.bak All of this can be done in python, however I'm not overly familiar with difflib and it seems to require both versions of the file in memory. So an external diff might be better. import os os.rename(foo,foo.bak) infile = open(foo.bak,'r') outfile = open(foo,'w') for line infile: #test and substitution code block outfile.write(line) Using separate input and output files also has the advantage of being memory efficient. regards Steve -- Steve Holden+1 703 861 4237 +1 800 494 3119 Holden Web LLC http://www.holdenweb.com/ Python Web Programming http://pydish.holdenweb.com/ -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Variables
Richard Blackwood [EMAIL PROTECTED] writes: Fantastic, wikipedia deals precisely with the difference between variables in mathematics versus programming. However, he would never trust a definition from such an unreputable source. If you have any other sources I might direct him to...he maintains that the notion of foo being a variable where it's value is known (versus unknown) is illogical. The ways in which language is used between domains is rarely logical. -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Variables
Richard Blackwood [EMAIL PROTECTED] writes: Unfortunately that's not much of an option for me. We are working on a project together so I am forced to either prove his notion incorrect or I give in to his conception. *throws hands in air* Well, one option is to give in to his conception and point out that if you are working in python, foo=5 is neither a true constant or a variable. foo is an object reference pointing to an anonymous object with the value 5. Another way around it is to point out that while the use of the term variable in this sense may not be technically correct in terms of maths, it is the accepted jargon in the python community. Other programming communities may use different terms to describe values that change and values that don't change. A third way around this is to use this to your advantage and point out that python does not have a mechanism for distinguishing varibles from constants, so settle on some syntactic sugar to make the differences clear in your code. -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Variables
Richard Blackwood [EMAIL PROTECTED] writes: Bengt Richter wrote: Tell him in Python foo is a member of one set and 5 is a member of another, and foo = 5 expresses the step of putting them into correspondence to define a mapping, not declaring them equal. Could I honestly argue this to him? From what basis do I argue that it is not an equation? In any event, he would likely (passionately) disagree considering his notion that programming is an off-shoot of math and thus at the fundamental level has identical concepts and rules. Believe it or not, he used to be a programmer. Back in the day (while I was getting my PhD in philosophy), he was a employed programmer using Cobol, Fortran, and other languages like that. Did his seemingly peculiar definition of variable exist at that time? Because, this is shorthand that operates at quite a bit of a higher level than the mathematical roots of a programming language. Here is a peek of what is going in when foo = 5 is evaluated. create an anonymous int object set the value of that object to 5 create a symbol foo bind the location the anonymous object to symbol foo Even in math notation, ISTM important to distinguish between a finger and what it may for the moment be pointing at. Regards, Bengt Richter -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list
Re: Python or PHP?
Lad [EMAIL PROTECTED] writes: Is anyone capable of providing Python advantages over PHP if there are any? Cheers, L. PHP is strongly wedded to providing web-based content, while Python can be used to build a large number of different types of applications. -- Kirk Job-Sluder The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust. --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list