Re: Ideal way to separate GUI and logic?
Hi, > But how then do I separate out the logic and the GUI? I usually write a library (C library, Python module, ...) which contains the logic. Then, I write a GUI (in a separate file), which imports and uses the library. If I need another UI (e.g. GUI with an other toolkit, or a text-based or HTML5-based interface), I simply write another UI (in a separate file), and import+use the library again. That's the cleanest way to separate user-interface and logic in my opinion. (But keep in mind that it's not always obvious which parts belong to the library and which belong to the GUI, and you sometimes have to carefully think about it.) Oh, and yes, you can do nice things then, e.g. remote-GUIs by transparently tunneling all calls from the GUI to the library through RPC over a network (like I have done with a GTK+-GUI for Raspberry Pi; the GUI runs on the PC, uses JSON-RPC over TCP-sockets and calls functions on the RPi). regards, Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: [Bulk] Re: Alternatives to XML?
Hi,
> It is *my* XML, and I know that I only use the offending characters inside
> attributes, and attributes are the only place where double-quote marks are
> allowed.
>
> So this is my conversion routine -
>
> lines = string.split('"') # split on attributes
> for pos, line in enumerate(lines):
>if pos%2: # every 2nd line is an attribute
>lines[pos] = line.replace('<', '<').replace('>', '>')
> return '"'.join(lines)
OMG!
So, you have a fileformat, which looks like XML, but actually isn't XML,
and will break if used with some "real" XML.
Although I don't like XML, if you want XML, you should follow Chris advice:
On Thu, Aug 25, 2016 at 09:40:03PM +1000, Chris Angelico wrote:
> just make sure it's always valid XML, rather
> than some "XML-like" file structure.
So, please:
- Don't try to write your own (not-quite-)XML-parser.
- Read how XML-files work.
- Read https://docs.python.org/3/library/xml.html
and https://pypi.python.org/pypi/defusedxml/
- Think what you have done.
- Use a sensible XML-parser/dumper. This should escape most special-
characters for you (at least: < > & " ').
Roland
--
https://mail.python.org/mailman/listinfo/python-list
Re: Alternatives to XML?
Hi,
after reading the mails of this thread, I would recommend one of the
following ways:
1. Use a computer-readable format and some small editor for humans.
The file-format could then be very simple -- I would recommend JSON.
Or some kind of database (e.g. SQLite).
For humans, you would have to write a (small/nice) graphical editor,
where they can build the logic e.g. by clicking on buttons.
This can also work for non-programmers, since the graphical editor
can be adapted to the indended users, give help, run wizards etc.
or:
2. Use a human-readable format and a parser for the computer.
Then, the fileformat should be optimized for human readability.
I would recommend a restricted subset of Python. This is much more
readable/writeable for humans than any XML/JSON/YAML.
And you could even add a graphical editor to further support
non-programming-users.
The computer would then need a special parser. But by using
Python-expressions (only eval, no exec) and a parser for flow
control (if/else/for/...) and assignments, this is not too much
work and is good for many applications.
I've written such a parser incl. some kind of (pseudo-)sandbox [2]
for my template-engine "pyratemp" [1], and I've also used it for
small user-created-procedures.
[1] http://www.simple-is-better.org/template/pyratemp.html
[2] It's not a real sandbox -- it's secured only by restricting
the available commands. If you add unsafe commands to the
pseudo-sandbox (e.g. Pythons "open"), the user can do bad
things.
But without manually adding unsafe commands, I don't know
any way to get out of this pseudo-sandbox.
And if you really need a sandbox which is more powerful
than my pseudo-sandbox, you may want to have a look at
the sandbox of PyPy.
Trying to use a format which is both directly computer-readable
(without a special parser) and well human readable never really
works well in my experience. Then, you usually have to manually
read/write/edit some kind of parse-tree, which is usually much
harder to read/write than code. But if you want to do this, I
recommend LISP ;).
(By the way: If I did understand your mails correctly, your
program would probably break if someone edits the XML-files
manually, since you're using some kind of XML-like-fileformat
with many non-intuitive assumptions.)
Roland
PS:
On Wed, Aug 24, 2016 at 04:58:54PM +0200, Frank Millman wrote:
> Here is a JSON version -
>
> {
> "case": {
>"compare": {
> "-src": "_param.auto_party_id",
> "-op": "is_not",
> "-tgt": "$None",
> "case": {
>"on_insert": {
> "auto_gen": { "-args": "_param.auto_party_id" }
>},
>"not_exists": {
> "literal": { "-value": "" }
>}
> }
>}
> }
> }
I think this is not really good. In JSON, you also have lists, and in this
case, it would probably be better to use some lists instead of dicts, e.g.:
[
["if", ["_param.auto_party_id", "is not", "None"],
["if", ["on_insert"], ["set", "value", ["call", "auto_gen",
"_param.auto_party_id"]]],
["elif", ["not_exists"], ["set", "value", "''"]]
]
]
I think this is much more readable than your XML-code and the
auto-converted JSON.
And it's even less ambigious. (How do you distinguish between the
variable _param.auto_party_id and the string "_param.auto_party_id"
in your XML-example?)
--
https://mail.python.org/mailman/listinfo/python-list
Re: pyflakes best practices?
Hi, I would recommend to use Pylint (http://www.pylint.org/) in addition to pyflakes. Pylint is much more powerful than pyflakes, and largely configurable. Regards Roland -- https://mail.python.org/mailman/listinfo/python-list
Re: Is there a graphical GUI builder?
Hi, > I'm new to Python and only a hobbyist programmer. A long time ago I used > Microsoft's Visual Basic which had a nice (graphical) facility for creating > GUIs which was part of the development environment. I'm wondering if there's > a utility for Python to build GUIs. yes, there are several, depending on the GUI-toolkit (GTK+, Qt, ...) you want to use. But I would recommend Glade and the GTK+-Toolkit. Simply search for Glade, GTK and Python in your favourite search engine, and you will find several tutorials. regards, Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Is there a graphical GUI builder?
Hi, > That way of building a window tends to produce programs that port > badly to other systems. hmm, I don't think so. I've build several applications in C + GTK/Glade and Python + GTK/Glade, which easily run on Linux and Windows without any GUI changes. > playing with Java applets introduced > the novel and somewhat strange idea that your window should be built > using rules and layouts, to avoid problems with button sizes, fonts, > etc, etc. Do you know the container-concept of GTK+ and Glade? In many GUI-builders, you set your widgets to fixed positions (e.g. a text field at x16/y16 with 100*30 pixels, a button at x16/y50 with 100*50 pixels etc.). This is *bad*, and causes all kinds of problems with e.g. different window- or font-sizes, like widgets outside of the visible window, text running over the border of a widget or being cut at the edge of the widget etc. But: GTK+ has a wonderful concept of "containers" [*]. You normally don't set widgets to fixed positions -- instead, you add layout tables (or vertical boxes or horizontal boxes or ...), and essentially define that some widgets should be above each other, side by side or in a grid layout, so you more or less define the layout logically. The real size and position of the widgets is dynamically calculated by GTK+, so they always have the right size, and different font sizes, different window sizes, etc. are not a problem anymore [q]. And Glade (the GTK+ GUI builder) works exactly that way. [*] Besides, the container-concept also allows such nice things like putting anything inside a button (e.g. 2 images and a label), or inside a notebook tab etc. pp. [q] In Qt, it's also possible to generate such flexible layouts. But it's unfortunately not the default way in Qt, and the Qt designer only supports it rudimentarily, and in a much less obvious way. And Qt does not have such a "container"-concept, where many widgets (e.g. buttons, notebook registers etc.) contain other widgets. > You have to think about your window differently - think about what > you're putting where, rather than going visually "that looks about > right" - but the reward is that it'll look right no matter where you > run your app. Yes, that's also true for GTK+/Glade. But you have the choice to either build you GUI graphically with your mouse, or textually in your editor -- or mix both. regards Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Is there a graphical GUI builder?
Hi, > I agree that on Linux GTK is pretty darn slick. I use it for all my > little GUIs. But on Windows, GTK, particularly under python, isn't > quite as easy to get running. installing GTK+ 2.x should be easy, since there are all-in-one-installers for windows on http://www.gtk.org (for GTK+) and http://www.pygtk.org (for Python+GTK+). Installing GTK+ 3.x on windows is currently a bit more complicated, but this situation should improve soon. > I think if the OP is on windows (which it seems like he is) then Qt with > PySide (using either QML or QtDesigner to manipulate ui files) is an > excellent choice. I never was happy with QtDesigner -- I always struggled *a lot* (in contrast to Glade, where most things worked like a charm). I not even achieved to rename the tab of a notebook (?!) or to create a button with an icon above the text, or a grid layout without a fixed layout. It even seems that the QtDesigner doesn't even provide standard- icons (e.g. for open, close, exit etc.) or a file dialog. Am I doing something fundamentally wrong in QtDesigner, or is QtDesigner really that bad? regards Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: working with csv module in python
Hi, On Wed, Feb 20, 2013 at 10:50:54AM +0100, inshu chauhan wrote: > I have 10 simple text files with 3 columns x,y,z delimited by "space". I am > trying to combine these 10 files to get a single text file. > > Eg. of data in 10 files is > 299 446 2 Do you only want to concat the files, or do you want to parse/mangle them? If you only want to concat the files, I would use some shell-tools, like "cat" on Linux or "copy" on Windows, so copy C:\Users\inshu.chauhan\Desktop\ForModel_600\*.arff C:\Users\inshu.chauhan\Desktop\test2.arff should do it. > Can in some some way I set delimiter to NULL as the prog gives me error if > I do so. Of course -- a CSV without a delimiter doesn't make any sense. > I dont why there is space between the attribute of first column in > reading and there is space between every row too.. Because there's a "split()" missing in your code. You currently tell the CSV-writer to write the columns 2,9,9, , , ,4,4,6, , , ,2 as space-separated CSV. So, try something like rows = [r.split() for r in open(f, "r").readlines()] > Or can I merge these text files without using csv module , directly in > python ? If you don't need to parse/mangle the contents, you don't need the csv module. Simple open the resulting file for writing, and then read out the source files and write their contents into the resulting file. regards Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Is there a graphical GUI builder?
Hi, > > [q] In Qt, it's also possible to generate such flexible layouts. But > > it's unfortunately not the default way in Qt, and the Qt designer only > > supports it rudimentarily, and in a much less obvious way. And Qt does > > not have such a "container"-concept, where many widgets (e.g. buttons, > > notebook registers etc.) contain other widgets. > > ... > > I'm sorry but all of that is completely wrong. Using layouts that > automatically adapt to fonts, the size of widgets being laid out etc. is > the default way. You could use explicit sizes and positions if you wanted > to, but that would be bad for the reasons you gave. hmm, interesting, but then Qt Designer is a total mess. In Qt Designer (at least in 4.x), the default is a fixed layout, where I have to position the widgets at precise pixel-positions and have to define the size in pixels. And I cannot remove the default fixed layout without modifying the .ui-file in a text editor! > Qt does have a > container concept - that's what a QWidget is (the base class of all > widgets). A container concept like in GTK+ is *much* more than having a base widget where all widgets are derived from, or having layout boxes. It means that most widgets are containers, like buttons, notebook labels, checkboxes, radio buttons, scrollbar-windows etc. And I haven't seen anything like this in Qt (or: in Qt Designer). regards Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Is there a graphical GUI builder?
Hi Phil, > > In Qt Designer (at least in 4.x), the default is a fixed layout, where > > I have to position the widgets at precise pixel-positions and have to > > define the size in pixels. And I cannot remove the default fixed layout > > without modifying the .ui-file in a text editor! > > I'm sorry but that is just wrong. I now found out, that I can indeed change the default fixed layout by clicking onto the empty main window or by selecting the main window in the Object Inspector and then clicking on a layout-icon on the toolbar. Thanks. I hope that most developers who use Qt use this feature, since the fixed layout is the default in Qt designer and it's not really obvious how to change this for beginners... regards Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Is there a graphical GUI builder?
Hi, > How so? It's LGPL. You can't get much freer than that. you can -- MIT/BSD/public domain etc. provide much more freedom to the developer. (And I prefer freedom for the developer over the guarantee (freedom or restriction -- call it as you wish) that nobody may lock down a copy of the sourcecode.) In addition, using the LGPL-version of Qt for proprietary/commercial software may be risky, because if you violate the LGPL by accident (e.g. because of some formal issue), the Qt-owner may demand compensation, e.g. the license-fee for the commercial Qt version for the last couple of years... regards Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Is there a graphical GUI builder?
Hi, > The situation has not substantively changed, but your description of > it is not really accurate. There was and still is a "commercial > license" which allows for completely proprietary development without > needing to allow end users to relink the application against > user-supplied versions of Qt. The free license is the LGPL, that's not quite correct; things have changed 2009 and Qt now has three different licenses: - commercial licence - GPL (+GPL exceptions) - LGPL + Qt LGPL Exception (because of inline-functions/templates) since Qt 4.5 best regards Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Can't catch CTRL-C when SimpleXMLRPCServer running ?
Hi, > I would like to stop the script running in response to a CTRL-C. how about "KeyboardInterrupt"? try: ... except KeyboardInterrupt: print "You pressed Ctrl+C" Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Embedding a for inside an html template for substitution
Hi,
On Mon, Mar 04, 2013 at 09:22:38AM -0800, Ferrous Cranus wrote:
> can i just put the liens you provided me inside "files.html" and thwy
> will work?
>
> Thats pure pythjon code!
There are several template-engines where you more or less include
python-code into the template, e.g.: empy, mako, pyratemp
On Mon, Mar 04, 2013 at 08:56:14PM -0700, Michael Torrie wrote:
> Check out that link in my previous e-mail to a list of python templating
> engines. Choose one and try it. No I cannot provide any example code.
Here's an example for pyratemp (where I'm the author ;)):
files.html:
@!title!@
@!e!@
files.py:
import pyratemp
t = pyratemp.Template(filename="files.html")
result = t(title="title ...", mylist=["entry 1", "entry 2", "entry 3"])
print result.encode("ascii", 'xmlcharrefreplace')
On Mon, Mar 04, 2013 at 08:56:14PM -0700, Michael Torrie wrote:
> I do recommend you at least take a look at Django. It may be overkill
> for your needs. It does contain a templating engine,
Last time I tried, the template-engine of Django did not work on its
own. If you need Django-like templates without Django, you can use Jinja.
And if you need a real sandbox (so that you can use untrusted templates),
I would recommend Jinja.
Roland
--
http://mail.python.org/mailman/listinfo/python-list
Re: Inserting-embedding some html data at the end of a .py file
Hi,
On Tue, Mar 05, 2013 at 09:39:19AM -0800, Νίκος Γκρ33κ wrote:
> But i did, I just tried this:
>
> # open html template
> if htmlpage.endswith('.html'):
> f = open( "/home/nikos/public_html/" + htmlpage )
>
> htmldata = f.read()
> counter = ''' href="mailto:supp...@superhost.gr";>
>cellpadding=2 bgcolor=black>
>color=lime>Αριθμός Επισκεπτών
>href="http://superhost.gr/?show=stats";> %d
> ''' % data[0]
> else:
> f = open( "/home/nikos/public_html/cgi-bin/" + htmlpage )
>
> htmldata = f.read()
> counter = '''
> print ''' href="mailto:supp...@superhost.gr";>
>cellpadding=2 bgcolor=black>
>color=lime>Αριθμός Επισκεπτών
>href="http://superhost.gr/?show=stats";> %d
> '''
> ''' % data[0]
>
> template = htmldata + counter
> print ( template )
> =
>
> But still doens't embed correctly the additional html data at the end of the
> .py files.
>
> Do you have an idea?
as someone said: You're doing it the wrong way.
I would recommend to use a template-engine; then you can put the
complete html-design (and some design-control-structures) into
the template (and *not* into the cgi) and fill data into the
template with a python-script.
Roland
--
http://mail.python.org/mailman/listinfo/python-list
Re: Inserting-embedding some html data at the end of a .py file
Hi, > but now iam receiving this error concering except: > > ni...@superhost.gr [~/www/cgi-bin]# /usr/bin/python3 metrites.py > File "metrites.py", line 88 > except MySQLdb.Error, e: > ^ > SyntaxError: invalid syntax > ni...@superhost.gr [~/www/cgi-bin]# > > which used to work ok in v2.6.6 > > can you help? Python 3 introduced some Python 2-incompatible changes. So, please read: http://docs.python.org/release/3.0.1/whatsnew/3.0.html Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: I hate you all
Hi, > Well all previous (python 2) code is meant to work for a tab size of > 8. yes, but even in Python 2, mixing spaces and tabs is considered bad style and should be avoided. And code-checkers like pylint (which I can recommend to everyone) create a warning. > You may call this "categorically wrong", but it has been there a > long while, is is still in use, and it sticks to the default. As I said, mixing tabs and spaces for indentation was *always* a bad idea, and is discouraged also in Python 2. > Spaces-only can achieve compatibility between different people > settings for formatted text like source code. But so does a common > default for the tab size, But there's no such thing as "default tab size". Configuring the tab-size is quite common among programmers. But why do you insist on using tabs at all? The best way -- in my opinion -- is to use the tab- and backspace-key for indentation, and let the editor convert it to spaces. (And use some tool to convert all tabs in the old code.) I don't see *any* advantage of mixed spaces and tabs, but quite some disadvantages/problems. > What I would expect is some option in python to make tabs work the > way they used to. I want a choice for me to preserve my settings, > the same way you want to preserve yours. > > What I want should not be much to ask, since this is how python 2 > used to do things. > > I admit such a '--fixed-tabs' option, that will make tab stops be 8 > columns apart, and allow any number of spaces like in python 2, > makes the code I write dependent on that option. There's no need to add this to Python 3, since you already have what you want. Simply use: expand yourscript.py | python3 regards Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Encoding NaN in JSON
Hi, > > Easiest way is probably to transform your object before you try to write > Yeah, that's what I ended up doing. Wondered if there's a better way ... yes, there is: subclass+extend the JSON-encoder, see pydoc json. e.g.: class JsonNanEncoder(json.JSONEncoder): def default(self, obj): if some-check-if-obj-is-NaN: return 'NaN' return json.JSONEncoder.default(self, obj) Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Encoding NaN in JSON
Hi,
> > yes, there is: subclass+extend the JSON-encoder, see pydoc json.
> Please read the original post before answering. What you suggested does not
> work since NaN is of float type.
ok, right, default does not work this way.
But I would still suggest to extend the JSON-encoder, since that is
quite simple (see sourcecode of JSON module); as a quickhack, you
could even monkey patch json.encoder.floatstr with a wrapper which
returns "N/A" for NaN. (I've tested it: It works.)
But: If you only need NaN and inf, and are ok with 'NaN' instead of 'N/A',
you can simply use the json module. See pydoc json:
If allow_nan is True, then NaN, Infinity, and -Infinity will be
encoded as such. This behavior is not JSON specification compliant,
but is consistent with most JavaScript based encoders and decoders.
Otherwise, it will be a ValueError to encode such floats.
>>> import json
>>> json.dumps(float('NaN'))
'NaN'
>>> json.dumps(float('inf'))
'Infinity'
Roland
--
http://mail.python.org/mailman/listinfo/python-list
Re: Encoding NaN in JSON
On Thu, Apr 18, 2013 at 11:46:37AM +1000, Chris Angelico wrote: > Wait... you can do that? It's internal to iterencode, at least in > Python 3.3 and 2.7 that I'm looking at here. In Python 2.6 it wasn't internal to iterencode; in Python 2.7 and 3.x you probably would have to monkey-patch iterencode. (In addition, patching floatstr alone wouldn't be enough in 3.x and probably 2.7, since you also have to make sure that the C-extension is not used here.) BUT: Keep in mind that monkey-patches are problematic, and should be avoided (or used very carefully) in production code. So, better replace the complete encoder.py or use your own patched version of the complete json-module. Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: How to set my gui?
Hi, > These days, GUI programming is to me just > programming and calling on certain libraries/modules. +1 > One thing you may want to consider is using your main thread for the > UI, and spinning off another thread to do your search. But do that > ONLY if you know you understand threads, and threading in Python. > Otherwise you'll make your life unnecessarily hard. :) For simple tasks, you don't need threads, but can use the glib-functions timeout_add(), idle_add() etc. Roland -- http://mail.python.org/mailman/listinfo/python-list
ANN: template-engine pyratemp 0.3.0/0.2.3
Hi, since there were some questions about template-engines some time ago, I would like to announce: - I updated my comparison and benchmarks of several template-engines on http://www.simple-is-better.org/template/ - I have released a new version of my small and simple but powerful and pythonic template-engine "pyratemp": = pyratemp 0.3.0 / 0.2.3 released -- 2013-04-03 = A new version of pyratemp is released, which officially adds Python 3 support; and a backport of this version to Python <=2.5: - 0.3.0 for Python >=2.6 / 3.x - 0.2.3 for Python <=2.5 No changes in your templates and your Python-code should be necessary, except if you use cmp() / xrange() in your templates, which are gone in Python 3 and pyratemp 0.3.0/0.2.3. About pyratemp -- pyratemp is a small, simple and powerful template-engine for Python. Changes --- see http://www.simple-is-better.org/template/pyratemp-latest/NEWS The main changes are: - Python 3 support - added setup.py for installation via distutils - renamed yaml2pyratemp.py to pyratemp_tool.py - added LaTeX- and mail-header-escaping - removed cmp(), xrange() from the template-functions Resources - Homepage, documentation, download and mailinglists: http://www.simple-is-better.org/template/pyratemp.html Download: - http://www.simple-is-better.org/template/pyratemp-0.3.0.tgz - http://www.simple-is-better.org/template/pyratemp-0.2.3.tgz on PyPI: - https://pypi.python.org/pypi/pyratemp/0.3.0 - https://pypi.python.org/pypi/pyratemp/0.2.3 --- Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Simple Python Sandbox
Hi, > I know all this -- but its not relevant really, I think. I'm not trying > to create a safe yet relatively complete or functional Python. All those > efforts to sandbox Python fail because of the incredible dynamic nature > of the language has lots of enticing little holes in it. But I'm not > interested in a full or even vaguely full subset of Python, and I'm not > requiring that this security be done on the code-level. I had the same problem, and so I created a "pseudo-sandbox" for embedding Python in templates. This "pseudo-sandbox" creates a restricted Python environment, where only whitelisted functions/classes are allowed. Additionally, it prevents things like '0 .__class__'. You can find some documentation at http://simple-is-better.org/template/pyratemp.html#evaluation, and the pseudo-sandbox itself in my template-engine, class "EvalPseudoSandbox" on the website above. (Please write me if you have any comments.) But note that this is not a real sandbox! As soon as you allow *any* unsafe function (e.g. open, import, eval, getattr etc.), you can easily break out. Also, don't directly pass complete modules to the pseudo-sandbox, since they may contain unsafe functions/classes/etc. And be warned: There *may* also be ways to break out of the pseudo-sandbox even without passing unsafe functions to it -- although I don't know any. If you know or find such a way: Please tell me! You could also take a look at Jinja (which is also a template-engine), and which claims to include a sandbox. But the Jinja-sandbox seems to be much more complicated than my pseudo-sandbox, and I haven't analyzed it and don't know how it works. > For example, when you go to save your bit of code, it will go in and if > it finds __ anywhere in the text it just replaces it with xx. And, since > getattr is not available, '_' + '_' won't get you anywhere. I don't think that searching the text is the right way; in my pseudo-sandbox, I compile the code and search co_names for such names instead. > I just need a certain limited context where someone can be handed > certain Python objects and manipulate them. I'd like people to be able > to use some fundamental Python power -- the rich, beautiful data types > for example (notably in this case, strings), list comprehensions and > stuff, to do what they need to do. Python's very easy, I'd like them to > be able to use that easy. I was in the exact same position ;). (Although I don't have fully untrusted/bad users, and so my pseudo-sandbox is sufficient for my cases, even though I haven't proved that it really is secure...) regards, Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Simple Python Sandbox
On Sun, Aug 15, 2010 at 12:06:35AM +, Steven D'Aprano wrote: > Hmmm... is that meant just as an illustration of a general technique, or > do you actually have something against the class of 0? It's a short illustration; 0 .__class__ itself is harmless, but e.g. 0 .__class__.__base__.__subclasses__() isn't. > > But note that this is not a real sandbox! As soon as you allow *any* > > unsafe function (e.g. open, import, eval, getattr etc.), you can easily > > break out. > > Isn't that true of any sandbox though? Surely by definition, if you allow > an unsafe function in any sandbox, it's no longer an effective sandbox. In my opinion, a "real" sandbox should allow to use "unsafe" functions (e.g. open(), import modules etc.) -- so you could run your normal code in it. But it should prevent the "bad" effects of the code, e.g. by redirecting I/O, limiting resources etc. regards, Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Simple Python Sandbox
On Sat, Aug 14, 2010 at 07:54:11PM -0700, Stephen Hansen wrote:
> How are you implementing refusing-names-beginning-with-underscore, out
> of curiosity?
I compile the expressions and look into co_names, e.g.:
>>> expr = "0 .__class__"
>>> c=compile(expr,"","eval")
>>> c.co_names
('__class__',)
regards,
Roland
--
http://mail.python.org/mailman/listinfo/python-list
Re: Simple Python Sandbox
On Sat, Aug 14, 2010 at 08:01:00PM -0700, Stephen Hansen wrote: > > As you can see, black listing isn't the best approach here. > > But I have a two pronged strategy: the black list is only half of the > equation. One, I'm blacklisting all the meta functions out of builtins. But blacklists are *never* secure. Sorry, but you should fully understand this before even thinking about more detailed security. Why are you blacklisting the "known-bad" functions instead of whitelising the allowed ones?? regards, Roland -- http://mail.python.org/mailman/listinfo/python-list
module metadata variables
Hi, many Python-modules contain metadata-variables, like __author__ etc. But most documentation-tools only support some of these variables, and some tools even define their own metadata-variables. So far, I found: - pydoc (-> pydoc.py): __author__ __credits__ __date__ __version__ (additionally converting '$Revision: ...$' to '...') - epydoc (-> http://epydoc.sourceforge.net/manual-fields.html): __author__ __authors__ __contact__ __copyright__ __date__ __deprecated__ __license__ __version__ - some modules also use: __revision__ So, my question is: Is there any "generic" definition of these variables? Otherwise it may be good to define a "standard" set of such metadata variables. And I think pydoc should be extended to at least support __copyright__ and __license__. I'll send a patch for this, except there is any reason against it. regards, Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Speed-up for loops
Hi, > Are there any ways to speed up the for/xrange loop? You can use psyco. The following example should be about 4-times as fast as your example: import psyco psyco.full() def f(): imax = 10 a = 0 for i in xrange(imax): a += 10 print a f() regards, Roland -- http://mail.python.org/mailman/listinfo/python-list
Re: Recommendation for GUI lib?
Hi, the two "big" GUI toolkits on Linux are GTK+ and Qt. Both are free, have Python bindings and a graphical GUI designer, and both have ports for Windows and Mac OS X. Qt does have a better cross-platform- support and supports more platforms, but GTK+3 also works for Linux, Mac OS X and Windows. I myself prefer and recommend GTK+ (http://www.gtk.org), with Glade (https://glade.gnome.org/) as GUI-builder. I'm using it with Python for many years now. The major downside is, that the GTK+-documentation is mainly written for C, but there are many tutorials about Python + GTK+ out there, e.g. https://python-gtk-3-tutorial.readthedocs.io/. But be sure to use GTK+3 and the PyGObject/PyGI-binding and not the old PyGTK-binding (and ideally Python 3). You may also have a look at https://wiki.gnome.org/Projects/GTK+/OSX/Python You can also try Qt (http://qt.io), and one of its Python-bindings. But I was never happy with Qt and think some GUI-concepts of GTK+ are much better than the ones of Qt, and I like Glade much more than the Qt designer. best regards Roland -- https://mail.python.org/mailman/listinfo/python-list
