[Tutor] xls file

[Kirk Bailey]

Ii want to read a xls file and use the data in part  of it. What module 
would help make sense of one?



-- 
Salute!
-Kirk Bailey
   Think
  +-+
  | BOX |
  +-+
   knihT

Fnord.
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Python Book Recommendations [Was:[Re: Security]]

[Kent Johnson]

Terry Carroll wrote:
> What I recommend is:
> 
>  1) Get one book that's about Python, to learn from.  An example, if you 
> already know how to program, would be Wes's Core Python book.  Try to pick 
> one that's not too simple, because you'll want something that you can 
> still use once you know the language; alternatively, go the library route 
> to learn.
> 
>  2) when you can do some simple stuff, you'll eventually want a reference 
> book: probably either Martelli's Python in a Nutshell or Beazley's Python 
> Essential reference.

I think I am in the minority, but I almost never use any Python 
reference book. It's not that I don't ever have to look anything up! I 
have a local copy of the Python HTML docs and shortcuts in the browser 
that let me find anything I need far faster than I could look it up in a 
book.

If I can't find what I need in the standard docs, my next stop is 
probably Google or comp.lang.python or the Python Cookbook.

I do own copies of of Python in a Nutshell, Python Essential Reference 
and Python Pocket Reference, I just find the online docs have much the 
same information in a much more accessible form.

FWIW here are my Python bookmarks:
module index - I don't actually use this one any more, see below
file://localhost/Users/kent/Library/Documentation/Python-Docs-2.5/modindex.html

built-in functions
file://localhost/Users/kent/Library/Documentation/Python-Docs-2.5/lib/built-in-funcs.html

built-in types - list, dict, string, etc
file://localhost/Users/kent/Library/Documentation/Python-Docs-2.5/lib/types.html

string methods
file://localhost/Users/kent/Library/Documentation/Python-Docs-2.5/lib/string-methods.html

overall doc index
file://localhost/Users/kent/Library/Documentation/Python-Docs-2.5/index.html

built-in exceptions
file://localhost/Users/kent/Library/Documentation/Python-Docs-2.5/lib/module-exceptions.html

comp.lang.python
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&group=comp.lang.python

I also have a shortcut set up so if I type
   py modulename
in the Firefox address bar it takes me directly to the docs for that 
module. To do this, create a bookmark with this URL:
file://localhost/Users/kent/Library/Documentation/Python-Docs-2.5/lib/module-%s.html

and give it the keyword 'py'.

Another shortcut looks up the module in the online docs, useful if I 
want to give a link to someone else:
http://docs.python.org/lib/module-%s.html

Kent
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Python Book Recommendations

[Fiyawerx]

My company has a subscription with the books24x7.com site, and I'm sure they
offer individual accounts, but so far I'm ashamed that I've paid close to
200$ worth of computer books that I could have been accessing online for
free. Including 'dummies' books, Teach yourself whatever, and just a
multitude of other books. Just did a quick search for titles with 'python'
and returned about 20.



On 8/14/07, Terry Carroll <[EMAIL PROTECTED]> wrote:
>
> On Tue, 14 Aug 2007, Brian Wisti wrote:
>
> > Check with your local library, too.
>
> Or even your not-so-local library.
>
> > The Seattle Public Library provides access to a limited selection of the
> > Safari books (stuff published in the last 2 years from a handful of
> > publishers). Maybe your region has similar access.
>
> I just did a quick search of the San Jose catalog, and see a bunch of
> online Python-related books:
>
>   Core Python Programming (2006, 2 copies)
>   Game Programming with Python (2004)
>   Programming Python (2006, 2 copies)
>   Python Cookbook (2005, 2 copies)
>   Python Essential reference (2006, 2 copies)
>   Python in a Nutshell (2006, 2 copies)
>   Python Phrasebook (2006, 2 copies)
>   Python programming for the absolute beginner (2003)
>   Python programming on Win32 (2000)
>   Rapid web appplications with TurboGears (2006, 2 copies)
>   Sams teach yourself Python in 24 hours (2000)
>   Twisted network programming essentials (2005)
>   Twisted network programming essentials (2006, 2 copies)
>
> And here's the kicker:
>
>The City of San Jose offers free library cards to all California
>residents or property owners.
>
>http://www.sjlibrary.org/legal/policies.htm?pID=313
>
> So a lot of not-so-local readers can get access to this material.  It's
> not nationwide or worldwide, but it's better than just being limited to
> San Jose.  (Of course I don't know the practical aspects of getting a
> library card; can you do it by mail?)
>
> But leaving this particular library aside: see if there's a large library
> system that you're not personally a part of that you can use.  For years,
> I lived in Santa Clara, not too far from San Jose.  I used Santa Clara's
> own city library; the much larger San Jose library; the Santa Clara
> County library system (which provides a library to a number of cities in
> the county that prefer to be part of a larger system to operating their
> own); and even, for a while, the Santa Cruz County library system (when I
> used to work down that way).
>
> Libraries rock.  Use them well, and you can rock, too.
>
> ___
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Python Book Recommendations

[Terry Carroll]

On Tue, 14 Aug 2007, Brian Wisti wrote:

> Check with your local library, too. 

Or even your not-so-local library.

> The Seattle Public Library provides access to a limited selection of the
> Safari books (stuff published in the last 2 years from a handful of
> publishers). Maybe your region has similar access.

I just did a quick search of the San Jose catalog, and see a bunch of 
online Python-related books:

  Core Python Programming (2006, 2 copies)
  Game Programming with Python (2004)
  Programming Python (2006, 2 copies)
  Python Cookbook (2005, 2 copies)
  Python Essential reference (2006, 2 copies)
  Python in a Nutshell (2006, 2 copies)
  Python Phrasebook (2006, 2 copies)
  Python programming for the absolute beginner (2003)
  Python programming on Win32 (2000)
  Rapid web appplications with TurboGears (2006, 2 copies)
  Sams teach yourself Python in 24 hours (2000)
  Twisted network programming essentials (2005)
  Twisted network programming essentials (2006, 2 copies)

And here's the kicker: 

   The City of San Jose offers free library cards to all California 
   residents or property owners. 

   http://www.sjlibrary.org/legal/policies.htm?pID=313

So a lot of not-so-local readers can get access to this material.  It's 
not nationwide or worldwide, but it's better than just being limited to 
San Jose.  (Of course I don't know the practical aspects of getting a 
library card; can you do it by mail?)

But leaving this particular library aside: see if there's a large library 
system that you're not personally a part of that you can use.  For years, 
I lived in Santa Clara, not too far from San Jose.  I used Santa Clara's 
own city library; the much larger San Jose library; the Santa Clara 
County library system (which provides a library to a number of cities in 
the county that prefer to be part of a larger system to operating their 
own); and even, for a while, the Santa Cruz County library system (when I 
used to work down that way).

Libraries rock.  Use them well, and you can rock, too.

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Python Book Recommendations [Was:[Re: Security]]

[Terry Carroll]

On Mon, 13 Aug 2007, bhaaluu wrote:

> Programming isn't for everyone! Until you find out whether or not
> it's for you, don't spend hundreds and thousands of dollars on
> computer programming books! =)

Programming isn't unique in that respect.  I tried to learn Chinese a few 
years back.  I'm not sure exactly how much I spent on dictionaries and 
books, but I think my Chinese vocabulary cost about $3 or $4 per word.

I try not to buy too many Python books, but in the 4 years or so that I've 
been using it, I can count at least 4 I've bought new, and another 5 I've 
bought used.

What I recommend is:

 1) Get one book that's about Python, to learn from.  An example, if you 
already know how to program, would be Wes's Core Python book.  Try to pick 
one that's not too simple, because you'll want something that you can 
still use once you know the language; alternatively, go the library route 
to learn.

 2) when you can do some simple stuff, you'll eventually want a reference 
book: probably either Martelli's Python in a Nutshell or Beazley's Python 
Essential reference.

 3) for domain-specific work, get a book or books as needed.  For example, 
you might want to pick up wxPython in Action if you're going to start 
writing wxPython GUIs; or Python & XML if you're doing XML work; etc.  

Actually, I've either relied on libraries for these, or opportunistically 
gotten a dirt-cheap used copy.  I was idly curious about Jython, for 
example, and when I saw a used copy on sale for just a few bucks, I picked 
that up.

> I think your local library is a great idea for checking out programming
> books! Also, look into the Inter-library loan system for books that might
> not be in your library branch. Most libraries can borrow books for you
> from another branch within the system, or even from out-of-state.

I'm currently reading the Definitive Guide to SQLite, to write my first 
database app.  I second this approach.  My copy is from the Sunnyvale 
Public Library, obtained from my local San Jose Public Library via 
interlibrary loan.  I read the wxPython book from a library copy, too, 
before putting the money up to buy my own copy.


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Tiger12506]

The point is that even though eval(raw_input()) is not a security threat,
Alan's suggestion of myscript.py < some.txt might be. And even though the
script written will not be a security issue, the *coding practice* that it
teaches will lead to times when he does encounter that "tiny set of
scenarios" in which the input for the script is potentially untrustworthy.

Even though the risk is perhaps minimal to you, it still needs to be made
known. An analogy is the threat of mercury, in which breathing the vapors
can cumulatively lead to brain damage. However, in most quantities that
people are freaking out over are far too small to be a threat. Don't go
overboard, and yet *know* what is out there. I'll give an example.

The boss gives two employees the simple jobs:
You~ write a function grapher
And You~ write an input file that graphs the common mathematical functions 
so that it can be run in his~ function grapher.

The first guy uses eval to parse the text file because of its power. All he 
has to do is graph, eval takes care of turning the lines from the text file 
into function objects.

The second notices the first guy's approach and sees a chance to move up in 
the world. He writes his file to his advantage.

The two put the final result together and show the boss. The computer 
destroys important data that the company has worked on (not protected by the 
OS) and the first guy is fired because *his* program deleted stuff. Ouch.

Be aware of security risks, not infatuated by them. eval() is not a risk by 
itself, but getting used to using it could lead to problems. Subtle things 
will always bite you more than things of which you are completely aware.

JS 

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Python Book Recommendations

[Brian Wisti]

On 8/14/07, Brian Wisti <[EMAIL PROTECTED]> wrote:
>
>
> On 8/14/07, David Handel <[EMAIL PROTECTED]> wrote:
> >
> > If you can afford it, Safari Books online is a wonderful resource.
> > http://www.safaribooksonline.com/
> > I am using the $39.95 month to month "all you can eat" deal.  You have
> > unlimited access online to  100's of books from many IT publishers.  It is
> > great to cross read about the same subjects from many sources and to be able
> > to cut and paste code right into your IDE and run it.  Even a few months of
> > immersion reading is worth it to get up and running.
> > David Handel
>
>
> Check with your local library, too. The Seattle Public Library provides
> access to a limited selection of the Safari books (stuff published in the
> last 2 years from a handful of publishers). Maybe your region has similar
> access.
>
> Kind Regards,
>
> Brian Wisti
> http://coolnamehere.com/
>
>
... and this was supposed to go to the list. I knew I shouldn't have ignored
that thread.

-- Brian Wisti
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Livewires - stuck on a class

[Tonu Mikk]

[EMAIL PROTECTED] wrote:
> >Then I was hoping to repeat the sequence for moving the robots placed
> >in 
> >the robots list by using this code:
> >for x in robots:
> ># code for moving the robots
>
> Glancing at your code to move the robots.  I don't see you using you x 
> from for x in robots.  Since in your placement code robot is assigned 
> to a new robot each time through the loop, the placement works.  In 
> your movement you don't change what robot is representing.
>
> I think you want to change you line:
> for x in robots:
> to become...
> for robot in robots:
>
>
Thank you!  This did the trick. 

Tonu

-- 
Tonu Mikk
Educational Technology Consultant
Digital Media Center - dmc.umn.edu
[EMAIL PROTECTED] 612 625-9221

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

[Tutor] Python Book Recommendations

[David Handel]

If you can afford it, Safari Books online is a wonderful resource.
http://www.safaribooksonline.com/
I am using the $39.95 month to month "all you can eat" deal.  You have
unlimited access online to  100's of books from many IT publishers.  It is
great to cross read about the same subjects from many sources and to be able
to cut and paste code right into your IDE and run it.  Even a few months of
immersion reading is worth it to get up and running.
David Handel
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Livewires - stuck on a class

[christopher . henk]

[EMAIL PROTECTED] wrote: ->To: tutor@python.org>From: Tonu Mikk <[EMAIL PROTECTED]>>Sent by: [EMAIL PROTECTED]>Date: 08/14/2007 03:23PM>Subject: [Tutor] Livewires - stuck on a class>>I made some progress on the Livewires robots game - I got as far as>page >10 on the attached 5-robots.pdf file.  I am stuck on creating more>than >one robot and having all the robots follow the player.>>I create more robots in this way which seems to work:>class Robot:>pass>def place_robots():>global robot>global robots>robots = []>for x in 1,2,3:>robot = Robot()>robot.y = random_between(0,47)-0.5>robot.x = random_between(0,63)-0.5>robot.shape = box(10*robot.x, >10*robot.y,10*robot.x+10,10*robot.y+10)>robot.junk = 0>robots.append(robot)>>Then I was hoping to repeat the sequence for moving the robots placed>in >the robots list by using this code:>for x in robots:># code for moving the robotsGlancing at your code to move the robots.  I don't see you using you x from for x in robots.  Since in your placement code robot is assigned to a new robot each time through the loop, the placement works.  In your movement you don't change what robot is representing.I think you want to change you line:for x in robots:to become...for robot in robots:Chris HenkAllison Transmissionphone:  317.242.2569fax:  317.242.3469e-mail:  [EMAIL PROTECTED]___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Alan Gauld]

"Michael Sparks" <[EMAIL PROTECTED]> wrote

> Yes, there are a tiny set of scenarios where doing 
> eval(raw_input(...)) could
> be a problem. The idea that its always a gaping security hole is 
> completely
> bogus.

The number of scenarios is not tiny but the likelihood of attack by 
that
route is small. However we live in a world where ever increasing 
numbers
of people are deliberately trying to find such opportunities and 
exploit
them. For example in my own organisation we have over 100,000 users
and have basic spyware logging their PC activity and we have over
1,000 attempted attacks per month - and that's just the employees!
Not all of that is malicious, some of it is just accidental 
mis-typing/clicking
etc. But some is deliberate attempts to access things they shouldn't 
or just
to see if they can break it - it can be boring working the night shift 
in a
call centre! :-).

The problem is real even if not enormous and all programmers have
a duty to learn how to avoid it. And that includes not using such
open doors to vandalism as eval() etc. While very few would trash
their own computer there are plenty employees happy to trash the
company computer, especially since it often leads to an easy
few hours until the tech guys fix it!

> The scenario's raised I've never once seen happen.

As I say we see it on a monthly basis many times.

>   * Scenario A (and only that scenario) is hardly a risk considering
> in >99% of cases where the user can type something in response 
> to
> eval(raw_input(...)) they have FAR more ways of causing 
> problems.

This is true, and eval() is not the main risk in this scenario it's 
true,
but it does still constitute a risk if its input can be read from 
stdin.

> Denouncing a piece of code as a gaping security hole without
> discussing the context is irresponsible.

No, neglecting to mention that it is a gaping security hole would
be irresponsible. It would however be good to add a context about
exactly when and how it is dangerous. In the case of eval() that
is *anywhere* that untrusted or indeterminate input can be supplied.

> After all piece of code is never a security risk by itself. It's how 
> that
> code is deployed and used that _can_ be.

Hmmm, I'm not sure I buy that. It's a bit like saying a gun is not
a safety risk, it's only how it's used. But the very presence of the
gun itself poses a risk that it will be abused. Same with risky code,
if it makes a breach possible then it is itself a risk. If the risk
matures then it's an issue, but one which may be too late to deal
with!

-- 
Alan Gauld
Author of the Learn to Program web site
http://www.freenetpages.co.uk/hp/alan.gauld 


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Livewires - stuck on a class

[Alan Gauld]

"Tonu Mikk" <[EMAIL PROTECTED]> wrote

> I create more robots in this way which seems to work:
> class Robot:
>pass

By using an empty class you are losing m,uch of the power of classes.

Try this:

class Robot:
def __init__(self, x, y, shape=None):
self.x = x
self.y = y
robot.junk = 0
if shape == None:
   self.shape = box(10*x, 10*y, 10*x+10, 10*y+10)

def place_robots(numRobots):
return = [Robot(random_between(0,47)-0.5, 
random_between(0,63)-0.5) for x in range(numRobots)]

And instead of your random fiunction you could use the standard 
library
function random.randrange()


> Then I was hoping to repeat the sequence for moving the robots 
> placed in
> the robots list by using this code:
> for x in robots:
># code for moving the robots
>
> When I run the code, only one of the robots moves on the screen. I 
> am
> not quite sure what I am doing wrong.

Without seeing the robot moving code neither are we.

But as a hiunt try putting the code for moving a robot into the Robot 
class
Then you should be abe to do

for robot in robots:
robot.move(x,y)

> Incidentally,  I am finding the Livewires course to be quite 
> challenging
> for a beginning programmer.  It seems to introduce many advanced 
> topics
> with little preparation.  I am using other Internet based tutorials 
> on
> the side, but still having trouble.  I wonder if it is me being 
> hmm -
> dumb, or is the Livewires just tricky.

>From what I've seen of posts about Livewires I think its quite a
challenging course for a complete beginner. But OTOH it seems
to be the one with the most fun problems! :-)

BTW I just spotted this If this is the move code you
were talking about then...

> def move_robot():
>for x in robots:
>while 1:
>if robot.x + 0.5< player.x and robot.y +0.5< player.y:

You are doing *for x in robots* but then moving *robot* not x.

>From your robot placement code robot is set to the last robot
you created so it will only ever mover that robot.

To make this a method of the class you wuill need to pass
the player object that you are comparing with.
So the method will look like:

class Robot:
   def __init__(...): as above
   def move(self, player):
 code as per the function but using self.x instead of robot.x 
etc

Also it would be better IMHO to use if/elif rather than all those 
if/breaks.

-- 
Alan Gauld
Author of the Learn to Program web site
http://www.freenetpages.co.uk/hp/alan.gauld 


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Question re Tutor List Etiquette

[William O'Higgins Witteman]

On Tue, Aug 14, 2007 at 08:11:33PM +0100, Tom Fitzhenry wrote:
>On Tue, Aug 14, 2007 at 11:06:05AM -0700, Dick Moores wrote:
>> Replying only to the list takes a bit of trouble. The default 
>> behavior seems to be that the "Reply" button addresses the author 
>> only and not the list; "Reply to all" addresses both the list, the 
>> author, and any others included in the To: or Cc: headers of the post 
>> being replied to. Or at least that's how Eudora and Gmail work.

What I have done is to inject a Reply-To header into each email with
procmail, so that hitting reply does what I expect.  Here's the rule I
use:

:0
* ^(From|To|Cc)[EMAIL PROTECTED]
  {
:0hf
  | /usr/bin/formail -A "Reply-To: tutor@python.org"
:0
  python/
  }

I like this approach because it does not require that the list change
behaviour to what I consider to be the "right" thing (who cares what I
think), but if the list decided to change their policy then nothing
changes (the header would be changed to itself).
-- 

yours,

William
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Eric Brunson]

Whatever.  I make it a point to discontinue any debate that degenerates 
into someone quoting their work experience to me.  At that point you've 
basically told me that you are convinced you know better than I do and 
nothing I say will convince you otherwise, because you've been doing 
this for so long you couldn't possibly be wrong.

No matter how many perfectly valid scenarios have been put forth, you've 
shot them down as being outlying border cases that can't compete with 
your assertion that if you have access to type at a keyboard, then your 
security is already compromised such that any damage done by 
eval(raw_input()) is trivial in comparison.

I think the basic point that everyone has been making is:  Using eval() 
on any uncontrolled input is a security risk, now matter what the source.


Michael Sparks wrote:
> On Tuesday 14 August 2007 16:48, Eric Brunson wrote:
> ...
>   
>> The only thing I can imagine is 
>> that you're stuck in some DOS mindset that if you're able to type into
>> "the console" then you have ultimate access to the machine, which is not
>> the case when using a true multi-user operating system like *nix or VMS.
>>
>> But, most strange to me is why you're this fired up over such a simple
>> issue.  It seems to me like just a misunderstanding.
>> 
>
> I'm not particularly fired up, text comes across much harsher than it looks. 
> (Also people being particularly patronising, like you have above, is 
> particularly irritating. Last time I used VMS was 12 years ago. I'm not 
> missing your point or anyone else's, and I've not used DOS for 10 years so 
> I'm hardly stuck in a DOS mindset (been developing under linux for over 10 
> years).
>
> Yes, there are a tiny set of scenarios where doing eval(raw_input(...)) could 
> be a problem. The idea that its always a gaping security hole is completely 
> bogus.
>
> The scenario's raised I've never once seen happen. Despite having seen
> a number of systems where you either ssh in or telnet into a specialise
> console (routers and other network appliances).
>
> What was irritating was I was saying:
>* Scenario A (and only that scenario) is hardly a risk considering 
>  in >99% of cases where the user can type something in response to
>  eval(raw_input(...)) they have FAR more ways of causing problems.
>
>* The response I was getting a told was that this was wrong because
>  *other scenarios* were dangerous. 
>
> Yes, other scenarios are wrong. Denouncing a piece of code as a gaping 
> security hole without discussing the context is irresponsible.
>
> That and being taught to suck eggs is irritating. I've been evaluating 
> security of network systems for 10 years and coding for 25 years. 
>
> After all piece of code is never a security risk by itself. It's how that
> code is deployed and used that _can_ be.
>
>
> Michael.
>
>   

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Question re Tutor List Etiquette

[Carroll, Barry]

> Date: Tue, 14 Aug 2007 12:33:16 -0700
> From: Dick Moores <[EMAIL PROTECTED]>
> Subject: Re: [Tutor] Question re Tutor List Etiquette
> To: tutor@python.org
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="us-ascii"; format=flowed
> 
> At 11:56 AM 8/14/2007, Kent Johnson wrote:
> >Dick Moores wrote:
> > > When sending a reply to a post, to the list, should we also
address
> > > the reply to the author of the post to which we are replying?
> > > (There's gotta be an easier way to say that..) If we do so, then
the
> > > author gets a duplicate of our reply.
> >
> >This is configurable for each subscriber. Go to the tutor web page at
> >http://mail.python.org/mailman/listinfo/tutor
> >
> >Enter your subscription email at the bottom where it says, "To
> >unsubscribe from Tutor, get a password reminder, or change your
> >subscription options enter your subscription email address:"
> >
> >Set "Avoid duplicate copies of messages?" to Yes.
> 
> Great!
> 
> > > Ten years ago or so I managed a Majordomo list, and I recall that
it
> > > was possible for the list manager to configure the list to include
a
> > > "Reply-To" header. If this would be possible for the admins to do
> > > with Tutor -- to include a "Reply-To: tutor@python.org" header in
the
> > > posts sent out by the list, it would enable us to address a reply
> > > only to the list by hitting the "Reply" button.
> >
> >Surely you have been reading the list long enough to know that this
> >comes up every three months as a topic!
> 
> No, you can't assume that because I'm a long-term subscriber that I
> have always faithfully read the list. If I had, I'd be much better at
> Python than I am!
> 
> >  It's not going to change. I'm
> >not going to discuss it (and I hope no one else will either). Search
the
> >archives if you want to see previous discussions.
> 
> Well, I don't see that it's all that bad that I brought it up again.
> The newcomers undoubtedly will benefit from your advice, as I did. Or
> does the new welcome message mention how to avoid duplicate copies of
> messages? If not, it should.
> 
> Dick
> 
> 
> 
> --
> 
> ___
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
> 
> 
> End of Tutor Digest, Vol 42, Issue 50
> *

Greetings:

I receive these messages as a digest, not individual e-mails.  So for me
the list is the sender.  To reply to an author, I have to Fwd: and and
copy the address manually.  Since I almost never need to do that,  it
isn't a problem.  Also, it keeps my my inbox uncluttered: half a dozen
e-mails a day instead of scores.  On the other hand, the compilation
delay means that by the time I see a new question, it's nearly always
been answered three times already.  So y'all seldom get the benefit of
my superior Pythonic advice.  =8^)

FWIW,  it's nice to see this topic addressed for once without the usual
accompanying flamage.  I agree with Dick that this info should be added
to the FAQ.  Keep the frustration level down by providing the options up
front.  

Regards,
 
Barry
[EMAIL PROTECTED]
541-302-1107

We who cut mere stones must always be envisioning cathedrals.

-Quarry worker's creed




___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Michael Sparks]

On Tuesday 14 August 2007 16:48, Eric Brunson wrote:
...
> The only thing I can imagine is 
> that you're stuck in some DOS mindset that if you're able to type into
> "the console" then you have ultimate access to the machine, which is not
> the case when using a true multi-user operating system like *nix or VMS.
>
> But, most strange to me is why you're this fired up over such a simple
> issue.  It seems to me like just a misunderstanding.

I'm not particularly fired up, text comes across much harsher than it looks. 
(Also people being particularly patronising, like you have above, is 
particularly irritating. Last time I used VMS was 12 years ago. I'm not 
missing your point or anyone else's, and I've not used DOS for 10 years so 
I'm hardly stuck in a DOS mindset (been developing under linux for over 10 
years).

Yes, there are a tiny set of scenarios where doing eval(raw_input(...)) could 
be a problem. The idea that its always a gaping security hole is completely 
bogus.

The scenario's raised I've never once seen happen. Despite having seen
a number of systems where you either ssh in or telnet into a specialise
console (routers and other network appliances).

What was irritating was I was saying:
   * Scenario A (and only that scenario) is hardly a risk considering 
 in >99% of cases where the user can type something in response to
 eval(raw_input(...)) they have FAR more ways of causing problems.

   * The response I was getting a told was that this was wrong because
 *other scenarios* were dangerous. 

Yes, other scenarios are wrong. Denouncing a piece of code as a gaping 
security hole without discussing the context is irresponsible.

That and being taught to suck eggs is irritating. I've been evaluating 
security of network systems for 10 years and coding for 25 years. 

After all piece of code is never a security risk by itself. It's how that
code is deployed and used that _can_ be.


Michael.

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Question re Tutor List Etiquette

[Dick Moores]

At 11:56 AM 8/14/2007, Kent Johnson wrote:
>Dick Moores wrote:
> > When sending a reply to a post, to the list, should we also address
> > the reply to the author of the post to which we are replying?
> > (There's gotta be an easier way to say that..) If we do so, then the
> > author gets a duplicate of our reply.
>
>This is configurable for each subscriber. Go to the tutor web page at
>http://mail.python.org/mailman/listinfo/tutor
>
>Enter your subscription email at the bottom where it says, "To
>unsubscribe from Tutor, get a password reminder, or change your
>subscription options enter your subscription email address:"
>
>Set "Avoid duplicate copies of messages?" to Yes.

Great!

> > Ten years ago or so I managed a Majordomo list, and I recall that it
> > was possible for the list manager to configure the list to include a
> > "Reply-To" header. If this would be possible for the admins to do
> > with Tutor -- to include a "Reply-To: tutor@python.org" header in the
> > posts sent out by the list, it would enable us to address a reply
> > only to the list by hitting the "Reply" button.
>
>Surely you have been reading the list long enough to know that this
>comes up every three months as a topic!

No, you can't assume that because I'm a long-term subscriber that I 
have always faithfully read the list. If I had, I'd be much better at 
Python than I am!

>  It's not going to change. I'm
>not going to discuss it (and I hope no one else will either). Search the
>archives if you want to see previous discussions.

Well, I don't see that it's all that bad that I brought it up again. 
The newcomers undoubtedly will benefit from your advice, as I did. Or 
does the new welcome message mention how to avoid duplicate copies of 
messages? If not, it should.

Dick

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Graphing the random.gauss distribution

[Dick Moores]

At 10:28 AM 8/14/2007, you wrote:
>Dick Moores wrote:
> > At 06:47 AM 8/14/2007, Kent Johnson wrote:
> >> This could be a list comprehension:
> >> d = [ [k, 0] for k in range(200) ]
> >
> > So you recommend using list comprehensions wherever possible? (I sure
> > wouldn't have thought of that one..)
>
>Not "whenever possible", no, but I find simple list comps (I count this
>one as simple) to be far more readable than the equivalent loop. Not
>only are they shorter but they read the way I think.
>
>If the list comp can't be easily written on one line, or has a complex
>condition, or has two for clauses, I find it less appealing and may
>write it as a for loop. I never use a list comp just for the
>side-effects; only when I actually want the list.

Got it.

> > I prefer the index (or integer) to come after the bar ends, and before
> > the count. One reason is that if the index is at the base of the bar, at
> > 100 and above, the bars get pushed out one character longer than they
> > should be relative to the 99 or less bars. I suppose there's a way to
> > handle this, but I couldn't think of it then (but see below).
>
>Use string formatting or str.rjust():
>In [1]: '%3d' % 10
>Out[1]: ' 10'
>In [2]: '%3d' % 100
>Out[2]: '100'
>In [4]: str(10).rjust(3)
>Out[4]: ' 10'

So:

for i, count in enumerate(d):
 barLength = count//barLengthAdjuster
 print "%3d %s %d" % (i, '*' * barLength, count)

Or:

for i, count in enumerate(d):
 barLength = count//barLengthAdjuster
 print str(i).rjust(3), '*' * barLength, count

Right? (Anyway, they work!)
Terrific! Two ways!


> > This would solve the problem I mentioned above caused by putting the
> > indices at the bases of the bars:
> >
> > for i, count in enumerate(d):
> > barLength = count//barLengthAdjuster
> > if i < 100:
> > print "%d  %s %d" % (i, '*' * barLength, count) # there are 2
> > spaces between %d and %s
> > else:
> > print "%d %s %d" % (i, '*' * barLength, count)
>
>Ouch. See above.

Ouch? No like? (I know, your 2 ways are both easier.)

Thanks much again, Kent.

Dick


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Question re Tutor List Etiquette

[Tom Fitzhenry]

On Tue, Aug 14, 2007 at 11:06:05AM -0700, Dick Moores wrote:
> Replying only to the list takes a bit of trouble. The default 
> behavior seems to be that the "Reply" button addresses the author 
> only and not the list; "Reply to all" addresses both the list, the 
> author, and any others included in the To: or Cc: headers of the post 
> being replied to. Or at least that's how Eudora and Gmail work.
> 
> Ten years ago or so I managed a Majordomo list, and I recall that it 
> was possible for the list manager to configure the list to include a 
> "Reply-To" header. If this would be possible for the admins to do 
> with Tutor -- to include a "Reply-To: tutor@python.org" header in the 
> posts sent out by the list, it would enable us to address a reply 
> only to the list by hitting the "Reply" button.

Mutt can be configured to recognize which emails are from a mailing list and
provides a list-reply command which only replies to the list.
http://www.mutt.org/doc/manual/manual-3.html#ss3.9

I've read Thunderbird have been planning a list-reply button, but could only
find information on a plugin (and patch) which does this at the moment:
http://alumnit.ca/wiki/index.php?page=ReplyToListThunderbirdExtension#toc3

About other mail clients, I don't know.

Procmail can be configured to detect these duplicates and
filter/delete/forward/etc. them:
http://linuxbrit.co.uk/procmail/ (7th paragraph, "Now, here's a really useful
rule, ...")

I don't post that often so I don't get this that often, so it doesn't bother me
that much, but I could see how it'd be annoying to those who post frequently.

-- 
Tom Fitzhenry

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Question re Tutor List Etiquette

[Kent Johnson]

Dick Moores wrote:
> When sending a reply to a post, to the list, should we also address 
> the reply to the author of the post to which we are replying? 
> (There's gotta be an easier way to say that..) If we do so, then the 
> author gets a duplicate of our reply.

This is configurable for each subscriber. Go to the tutor web page at
http://mail.python.org/mailman/listinfo/tutor

Enter your subscription email at the bottom where it says, "To 
unsubscribe from Tutor, get a password reminder, or change your 
subscription options enter your subscription email address:"

Set "Avoid duplicate copies of messages?" to Yes.

> Ten years ago or so I managed a Majordomo list, and I recall that it 
> was possible for the list manager to configure the list to include a 
> "Reply-To" header. If this would be possible for the admins to do 
> with Tutor -- to include a "Reply-To: tutor@python.org" header in the 
> posts sent out by the list, it would enable us to address a reply 
> only to the list by hitting the "Reply" button.

Surely you have been reading the list long enough to know that this 
comes up every three months as a topic! It's not going to change. I'm 
not going to discuss it (and I hope no one else will either). Search the 
archives if you want to see previous discussions.

Kent
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Question re Tutor List Etiquette

[Luke Paireepinart]

Dick Moores wrote:
> When sending a reply to a post, to the list, should we also address 
> the reply to the author of the post to which we are replying? 
> (There's gotta be an easier way to say that..) If we do so, then the 
> author gets a duplicate of our reply.
>
> I've run some statistics (but no more bar graphs ;-) ). My Eudora 
> mailbox for Tutor contains 12,114 emails (I've deleted the duplicates 
> I've received). Of these, 9,424 are replies. Of these replies, 4,338 
> (46%) were addressed ONLY to the list. So 54% WERE also sent to the 
> author being replied to.
>
> Is there a rule about this? Or should one be made? Or does it matter?
>
> Replying only to the list takes a bit of trouble. The default 
> behavior seems to be that the "Reply" button addresses the author 
> only and not the list; "Reply to all" addresses both the list, the 
> author, and any others included in the To: or Cc: headers of the post 
> being replied to. Or at least that's how Eudora and Gmail work.
>
> Ten years ago or so I managed a Majordomo list, and I recall that it 
> was possible for the list manager to configure the list to include a 
> "Reply-To" header. If this would be possible for the admins to do 
> with Tutor -- to include a "Reply-To: tutor@python.org" header in the 
> posts sent out by the list, it would enable us to address a reply 
> only to the list by hitting the "Reply" button.
>   
I don't get duplicates _ever_.
-Luke
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Question re Tutor List Etiquette

[Eric Brunson]

Dick Moores wrote:
> When sending a reply to a post, to the list, should we also address 
> the reply to the author of the post to which we are replying? 
> (There's gotta be an easier way to say that..) If we do so, then the 
> author gets a duplicate of our reply.
>
> I've run some statistics (but no more bar graphs ;-) ). My Eudora 
> mailbox for Tutor contains 12,114 emails (I've deleted the duplicates 
> I've received). Of these, 9,424 are replies. Of these replies, 4,338 
> (46%) were addressed ONLY to the list. So 54% WERE also sent to the 
> author being replied to.
>
> Is there a rule about this? Or should one be made? Or does it matter?
>
> Replying only to the list takes a bit of trouble. The default 
> behavior seems to be that the "Reply" button addresses the author 
> only and not the list; "Reply to all" addresses both the list, the 
> author, and any others included in the To: or Cc: headers of the post 
> being replied to. Or at least that's how Eudora and Gmail work.
>
> Ten years ago or so I managed a Majordomo list, and I recall that it 
> was possible for the list manager to configure the list to include a 
> "Reply-To" header. If this would be possible for the admins to do 
> with Tutor -- to include a "Reply-To: tutor@python.org" header in the 
> posts sent out by the list, it would enable us to address a reply 
> only to the list by hitting the "Reply" button.
>   

If you search those 12,114 emails you'll find a discussion of this from 
about 6 weeks ago.  Consensus was split, so the list manager chose to 
leave the policy unchanged.

> Dick Moores
>
> ___
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>   

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

[Tutor] Question re Tutor List Etiquette

[Dick Moores]

When sending a reply to a post, to the list, should we also address 
the reply to the author of the post to which we are replying? 
(There's gotta be an easier way to say that..) If we do so, then the 
author gets a duplicate of our reply.

I've run some statistics (but no more bar graphs ;-) ). My Eudora 
mailbox for Tutor contains 12,114 emails (I've deleted the duplicates 
I've received). Of these, 9,424 are replies. Of these replies, 4,338 
(46%) were addressed ONLY to the list. So 54% WERE also sent to the 
author being replied to.

Is there a rule about this? Or should one be made? Or does it matter?

Replying only to the list takes a bit of trouble. The default 
behavior seems to be that the "Reply" button addresses the author 
only and not the list; "Reply to all" addresses both the list, the 
author, and any others included in the To: or Cc: headers of the post 
being replied to. Or at least that's how Eudora and Gmail work.

Ten years ago or so I managed a Majordomo list, and I recall that it 
was possible for the list manager to configure the list to include a 
"Reply-To" header. If this would be possible for the admins to do 
with Tutor -- to include a "Reply-To: tutor@python.org" header in the 
posts sent out by the list, it would enable us to address a reply 
only to the list by hitting the "Reply" button.

Dick Moores

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Python Book Recommendations [Was:[Re: Security]]

[wesley chun]

On 8/14/07, Robert H. Haener IV <[EMAIL PROTECTED]> wrote:
> When I was putting together my "To Buy" list of Python books, I came across 
> an online store with some great prices on new books. [...]; their address is: 
>  http://www.bookpool.com
>
> [...] their 6 Month Rating on Reseller Ratings is 10/10 and their Lifetime 
> Rating is 9.02/10.  I feel I should also note that the discounts I mentioned 
> were for the latest edition of each book on my list.


robert,

yes, this is a well-known bookstore, as seen lately by the post (and
ensuing thread) from the past few days:
http://mail.python.org/pipermail/tutor/2007-August/056230.html

many technical people i know shop for their books there, including
myself... they are usually less than Amazon. i'm not surprised by
their high ratings.

cheers,
-- wesley
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"Core Python Programming", Prentice Hall, (c)2007,2001
http://corepython.com

wesley.j.chun :: wescpy-at-gmail.com
python training and technical consulting
cyberweb.consulting : silicon valley, ca
http://cyberwebconsulting.com
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Graphing the random.gauss distribution

[Kent Johnson]

Dick Moores wrote:
> At 06:47 AM 8/14/2007, Kent Johnson wrote:
>> This could be a list comprehension:
>> d = [ [k, 0] for k in range(200) ]
> 
> So you recommend using list comprehensions wherever possible? (I sure 
> wouldn't have thought of that one..)

Not "whenever possible", no, but I find simple list comps (I count this 
one as simple) to be far more readable than the equivalent loop. Not 
only are they shorter but they read the way I think.

If the list comp can't be easily written on one line, or has a complex 
condition, or has two for clauses, I find it less appealing and may 
write it as a for loop. I never use a list comp just for the 
side-effects; only when I actually want the list.

> I prefer the index (or integer) to come after the bar ends, and before 
> the count. One reason is that if the index is at the base of the bar, at 
> 100 and above, the bars get pushed out one character longer than they 
> should be relative to the 99 or less bars. I suppose there's a way to 
> handle this, but I couldn't think of it then (but see below).

Use string formatting or str.rjust():
In [1]: '%3d' % 10
Out[1]: ' 10'
In [2]: '%3d' % 100
Out[2]: '100'
In [4]: str(10).rjust(3)
Out[4]: ' 10'

> This would solve the problem I mentioned above caused by putting the 
> indices at the bases of the bars:
> 
> for i, count in enumerate(d):
> barLength = count//barLengthAdjuster
> if i < 100:
> print "%d  %s %d" % (i, '*' * barLength, count) # there are 2 
> spaces between %d and %s
> else:
> print "%d %s %d" % (i, '*' * barLength, count)

Ouch. See above.

Kent
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Graphing the random.gauss distribution

[Luke Paireepinart]

>> This could be a list comprehension:
>> d = [ [k, 0] for k in range(200) ]
>> 
>
> So you recommend using list comprehensions wherever possible? (I sure 
> wouldn't have thought of that one..)
>   
No, of course not!
"wherever possible" would include
[foo(25) for x in range(300)]
in order to call foo 300 times.  This is obviously a bad idea.
Basically you use a list comprehension when you're building a list in a 
simple way.
If it's more clear as a for loop, write it as a for loop.
It's up to your consideration if the situation would benefit in 
readability from a list comp.
>> but there is no need to keep the array index in the array so this is
>> simpler:
>>
>> d = [0] * 200
>>
>> 
>>> for k in xrange(gaussCalls):
>>>  n = int(gauss(mean, std))
>>>  d[n][1] += 1
>>>   
>> This becomes just
>>   d[n] += 1
>>
>> 
>>> for c in d:
>>>  barLength = c[1]//barLengthAdjuster
>>>  print barLength, "=", c[0], c[1]
>>>   
>
> By the time my code got into my post, I had changed "print barLength 
> * "=", c[0], c[1]"  to  "print barLength, "=", c[0], c[1]", thinking 
> upon reading it over that the "*" was a mistake. :-(   The code I 
> didn't send DID make bars out of "="s.
>   
Sure it did ;)
>> Use enumerate() to get the indices as well as the list contents. This
>> version prints an actual bar as well:
>> for i, count in enumerate(d):
>>   barLength = count//barLengthAdjuster
>>   print i, '*' * barLength, count
>> 
>
> Ah, enumerate() is nice! I'd forgotten about it. And "*" IS better 
> for bars than "=".
>
> I prefer the index (or integer) to come after the bar ends, and 
> before the count. One reason is that if the index is at the base of 
> the bar, at 100 and above, the bars get pushed out one character 
> longer than they should be relative to the 99 or less bars. I suppose 
> there's a way to handle this, but I couldn't think of it then (but see below).
>   
well, you already answered this yourself.
> So this is my code now:
>
> 
> from random import gauss
> mean = 100
> std = 10
> gaussCalls =100
> barLengthAdjuster = gaussCalls//2600
>
> d = [0] * 200
>
> for k in xrange(gaussCalls):
>  n = int(gauss(mean, std))
>  d[n] += 1
>
> for i, count in enumerate(d):
>  barLength = count//barLengthAdjuster
>  print '*' * barLength, i, count
> =
>
> This would solve the problem I mentioned above caused by putting the 
> indices at the bases of the bars:
>
> for i, count in enumerate(d):
>  barLength = count//barLengthAdjuster
>  if i < 100:
>  print "%d  %s %d" % (i, '*' * barLength, count) # there are 
> 2 spaces between %d and %s
>  else:
>  print "%d %s %d" % (i, '*' * barLength, count)
>
> Thanks very much, Kent, for taking the time to advise me on my code.
>
> Dick 
>
> ___
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>
>   

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Eric Brunson]

Luke Paireepinart wrote:
> Eric Brunson wrote:
>> Michael Sparks wrote:
>>  
>>> On Monday 13 August 2007 21:53, Kent Johnson wrote:
>>>  
 Hmm...could be a remote connection such as ssh, which precludes the
 sledgehammer though probably not the sort of mischief you can get into
 with eval()...perhaps there are untrusted remote connections where
 eval() would still be a significant risk, I don't know...
   
>>> If they can ssh into a box, the likelihood of that ssh connection 
>>> *only* allowing them access to run that single python program 
>>> strikes me as vanishingly small :-)
>>>
>>>   
>>
>> Unless you set it up that way specifically, i.e. making the 
>> interactive python program their login shell or specifying it to be 
>> run in their .ssh/config.
>>
>>
>> P.S.
>> Michael, sorry for the double post to you, I missed the "reply all" 
>> button the first time.
>>   
> I don't think you  missed on account of me receiving two e-mails as 
> well. :)
> -Luke

Python:  easy
Email: hard

;-)



___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Luke Paireepinart]

Eric Brunson wrote:
> Michael Sparks wrote:
>   
>> On Monday 13 August 2007 21:53, Kent Johnson wrote:
>>   
>> 
>>> Hmm...could be a remote connection such as ssh, which precludes the
>>> sledgehammer though probably not the sort of mischief you can get into
>>> with eval()...perhaps there are untrusted remote connections where
>>> eval() would still be a significant risk, I don't know...
>>> 
>>>   
>> If they can ssh into a box, the likelihood of that ssh connection *only* 
>> allowing them access to run that single python program strikes me as 
>> vanishingly small :-)
>>
>>   
>> 
>
> Unless you set it up that way specifically, i.e. making the interactive 
> python program their login shell or specifying it to be run in their 
> .ssh/config.
>
>
> P.S.
> Michael, sorry for the double post to you, I missed the "reply all" 
> button the first time.
>   
I don't think you  missed on account of me receiving two e-mails as well. :)
-Luke
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Graphing the random.gauss distribution

[Dick Moores]

At 06:47 AM 8/14/2007, Kent Johnson wrote:
>Dick Moores wrote:
> > Kent Johnson posted this to Tutor list Aug 8, 2007
> > ():
> >
> > 
> >  > Python provides you with a pseudo random number generator whose output
> >  > values are uniformly distributed between the input parameters.  What you
> >  > are dealing with in fish weights or test scores or other natural
> >  > phenomena is most likely a normal distribution. Check out Wikipedia's
> >  > normal distribution entry.  The math is really juicy. You may end up
> >  > with a recipe for the Python Cookbook.
> >
> > No need for all that, use random.gauss()
> >
> > Kent
> > 
> >
> > I hadn't noticed gauss was there in the Random module. I got to
> > wondering if I could graph the distribution. This code produces a
> > nice bell-curve-seeming curve (on its side). Takes about 80 secs to
> > run on my computer. To fit your situation, the length of the bars can
> > be shortened or lengthened by decreasing or increasing, respectively,
> > the divisor of gaussCalls in line 5, "barLengthAdjuster = 
> gaussCalls//2600".
> >
> > Dick Moores
> >
> > ==
> > from random import gauss
> > mean = 100
> > std = 10
> > gaussCalls = 1000
> > barLengthAdjuster = gaussCalls//2600
> >
> > d = []
> > for k in range(200):
> >  d.append([k, 0])
>
>This could be a list comprehension:
>d = [ [k, 0] for k in range(200) ]

So you recommend using list comprehensions wherever possible? (I sure 
wouldn't have thought of that one..)

>but there is no need to keep the array index in the array so this is
>simpler:
>
>d = [0] * 200
>
> > for k in xrange(gaussCalls):
> >  n = int(gauss(mean, std))
> >  d[n][1] += 1
>
>This becomes just
>   d[n] += 1
>
> >
> > for c in d:
> >  barLength = c[1]//barLengthAdjuster
> >  print barLength, "=", c[0], c[1]

By the time my code got into my post, I had changed "print barLength 
* "=", c[0], c[1]"  to  "print barLength, "=", c[0], c[1]", thinking 
upon reading it over that the "*" was a mistake. :-(   The code I 
didn't send DID make bars out of "="s.

>Use enumerate() to get the indices as well as the list contents. This
>version prints an actual bar as well:
>for i, count in enumerate(d):
>   barLength = count//barLengthAdjuster
>   print i, '*' * barLength, count

Ah, enumerate() is nice! I'd forgotten about it. And "*" IS better 
for bars than "=".

I prefer the index (or integer) to come after the bar ends, and 
before the count. One reason is that if the index is at the base of 
the bar, at 100 and above, the bars get pushed out one character 
longer than they should be relative to the 99 or less bars. I suppose 
there's a way to handle this, but I couldn't think of it then (but see below).

So this is my code now:


from random import gauss
mean = 100
std = 10
gaussCalls =100
barLengthAdjuster = gaussCalls//2600

d = [0] * 200

for k in xrange(gaussCalls):
 n = int(gauss(mean, std))
 d[n] += 1

for i, count in enumerate(d):
 barLength = count//barLengthAdjuster
 print '*' * barLength, i, count
=

This would solve the problem I mentioned above caused by putting the 
indices at the bases of the bars:

for i, count in enumerate(d):
 barLength = count//barLengthAdjuster
 if i < 100:
 print "%d  %s %d" % (i, '*' * barLength, count) # there are 
2 spaces between %d and %s
 else:
 print "%d %s %d" % (i, '*' * barLength, count)

Thanks very much, Kent, for taking the time to advise me on my code.

Dick 

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] FAQ [Was Re: Python Book Recommendations [Was:....]]

[Alan Gauld]

"Tim Michelsen" <[EMAIL PROTECTED]> wrote

> is there a FAQ for this list where we could put all these 
> recommendations?

Someone (Mike Hansen?) started one a while back, but like most such
ventures the trick is in maintaining it! I'm not sure where it is or 
what the
status is.

Alan G 


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] converting a source package into a dll/shared library?

[Alan Gauld]

"Duncan Gibson" <[EMAIL PROTECTED]> wrote

> Is it possible to convert a Python package, with __init__.py and
> related python modules, into a single DLL or shared library that can
> be imported in the same way?

Since you refer to DLLs I'll assume a Windoze platform.
If so the answer is yes you can create an ActiveX/COM object.

So if its accessibility to non Python code you are interested
in grab a copy of Mark Hammonds Win32 book for details
and examples. You can even go DCOM if thats significant.

OTOH If its code obfuscation that worries you then Kent's
suggestion of distributing the .pyc files is probably the best
you can do.

(Gordon MacMillan's installer may be able to build DLLs
I'm not sure...)

HTH,

-- 
Alan Gauld
Author of the Learn to Program web site
http://www.freenetpages.co.uk/hp/alan.gauld




___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Alan Gauld]

"Michael Sparks" <[EMAIL PROTECTED]> wrote 

> You are COMPLETELY missing the point. The __following__ code
> 
>> >> > foo = raw_input(...)
>> >> > x = eval(foo)
> 
> ONLY works if the user has console access to the machine.

Actually no. It applies to stdin which could be a console or a file.

I agree that raw_input is *usually* applicable to a console but

$ python myscript.py < mydirtydata.txt

will leave me open to all sorts of vulnerabilities. And if 
the python script is embedded within a shell script then 
this scenario becomes quite common and a valid security threat.

Regards,

-- 
Alan Gauld
Author of the Learn to Program web site
http://www.freenetpages.co.uk/hp/alan.gauld

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Eric Brunson]

Michael Sparks wrote:
> On Monday 13 August 2007 21:53, Kent Johnson wrote:
>   
>> Hmm...could be a remote connection such as ssh, which precludes the
>> sledgehammer though probably not the sort of mischief you can get into
>> with eval()...perhaps there are untrusted remote connections where
>> eval() would still be a significant risk, I don't know...
>> 
>
> If they can ssh into a box, the likelihood of that ssh connection *only* 
> allowing them access to run that single python program strikes me as 
> vanishingly small :-)
>
>   

Unless you set it up that way specifically, i.e. making the interactive 
python program their login shell or specifying it to be run in their 
.ssh/config.


P.S.
Michael, sorry for the double post to you, I missed the "reply all" 
button the first time.

> Generally speaking I agree that eval is a good opportunity for problems, but 
> if its in response to raw_input, I think the likelihood of it being the 
> biggest potential security problem is low :)
>
> (After all, if they're ssh'ing in, they're more likely to ssh in, *then* run 
> the code. They could happily delete and trash all sorts of things either 
> inside or outside python. They could even write their own scripts to assist 
> them in their devilish plans too, far exceeding the minor demon of eval ;-)
>
> Eval can however be an amazingly useful function, especially when combined 
> with exec.
>
>
> Michael.
> ___
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>   

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Eric Brunson]

Michael Sparks wrote:
> On Monday 13 August 2007 21:53, Kent Johnson wrote:
>   
>> Hmm...could be a remote connection such as ssh, which precludes the
>> sledgehammer though probably not the sort of mischief you can get into
>> with eval()...perhaps there are untrusted remote connections where
>> eval() would still be a significant risk, I don't know...
>> 
>
> If they can ssh into a box, the likelihood of that ssh connection *only* 
> allowing them access to run that single python program strikes me as 
> vanishingly small :-)
>   

Unless you set it up that way specifically, i.e. making the interactive 
python program their login shell or specifying it to be run in their 
.ssh/config.

> Generally speaking I agree that eval is a good opportunity for problems, but 
> if its in response to raw_input, I think the likelihood of it being the 
> biggest potential security problem is low :)
>
> (After all, if they're ssh'ing in, they're more likely to ssh in, *then* run 
> the code. They could happily delete and trash all sorts of things either 
> inside or outside python. They could even write their own scripts to assist 
> them in their devilish plans too, far exceeding the minor demon of eval ;-)
>
> Eval can however be an amazingly useful function, especially when combined 
> with exec.
>
>
> Michael.
> ___
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>   


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Python Book Recommendations [Was:[Re: Security]]

[Robert H. Haener IV]

wesley chun wrote: 
>> Another resource is the local used-book stores. $40-$50 programming
>> books for $4-$5. They may have some highlighting or underlining,
>> but that doesn't usually make the content suffer. Often they'll
>> have the CD or floppy disk in the back cover.
> 
> you can also check out http://half.com as well as eBay for popular books.
 
When I was putting together my "To Buy" list of Python books, I came across an 
online store with some great prices on new books.  On my list, the discounts 
were $15 to $20 off of the direct price from the publisher (not counting $3 off 
Python Pocket Reference); their address is:  http://www.bookpool.com

I have yet to do business with them, but their 6 Month Rating on Reseller 
Ratings is 10/10 and their Lifetime Rating is 9.02/10.  I feel I should also 
note that the discounts I mentioned were for the latest edition of each book on 
my list.


-Robert
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Eric Brunson]

Michael Sparks wrote:
> Tiger12506,
>
>
> You are COMPLETELY missing the point. The __following__ code
>
>   
> foo = raw_input(...)
> x = eval(foo)
>   
>
> ONLY works if the user has console access to the machine.
>
> If they have console access to the machine 
> AND you're worried about them damaging it
> THEN an eval(raw_input( ...)) construct is the least of your worries.
>
> I'm not referring to text taken from
>* a network connection
>* a file
>* a web form
>* a P2P network
>
> I was JUST referring to the ONE context of immediately eval'ing user input. 
> (an unlikely one at that)
>   

No, I think you're missing the point.  If the program was not 
interacting with the user through the console, then why would you be 
using raw_input()?  raw_input() is used to get user input from the 
controlling terminal.  Am I missing some other use for raw_input()?

Using eval() on untrusted input of any kind is a security risk.

Reading the rest of your email, I get the feeling that what you're 
saying is:  if a user has access to "the console", then using eval( 
raw_input() ) is the least of your worries because the person can do 
anything they want.  Is that your assertion?

If it is, then it's an invalid argument.  raw_input() is not only useful 
on "the console", it can be used to interact with any terminal and can 
be done securely so that exiting the program is either impossible, or 
restarts the program or else simply disconnects from the terminal and 
leaves the user with no access at all.  The only thing I can imagine is 
that you're stuck in some DOS mindset that if you're able to type into 
"the console" then you have ultimate access to the machine, which is not 
the case when using a true multi-user operating system like *nix or VMS.

But, most strange to me is why you're this fired up over such a simple 
issue.  It seems to me like just a misunderstanding.


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] converting a source package into a dll/shared library?

[Kent Johnson]

Duncan Gibson wrote:
> Is it possible to convert a Python package, with __init__.py and
> related python modules, into a single DLL or shared library that can
> be imported in the same way?

> We have used py2exe and cx_freeze to create a complete executable,
> but we are curious whether there is a middle way between this single
> executable and distributing all of the source files.

You can get a modest degree of obscurity by distributing the .pyc 
bytecode files instead of the .py source. These can still be decompiled 
and reverse engineered but it is more effort.

I suppose you could rewrite some or all of the code into the Python 
dialect supported by Pyrex and compile it that way.

Pyrex is "a language specially designed for writing Python extension 
modules." The docs say "Almost any piece of Python code is also valid 
Pyrex code." So it might not be too hard to compile your Python source 
into an extension module using Pyrex.
http://www.cosc.canterbury.ac.nz/greg.ewing/python/Pyrex/

Kent
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Graphing the random.gauss distribution

[Kent Johnson]

Dick Moores wrote:
> Kent Johnson posted this to Tutor list Aug 8, 2007 
> ():
> 
> 
>  > Python provides you with a pseudo random number generator whose output
>  > values are uniformly distributed between the input parameters.  What you
>  > are dealing with in fish weights or test scores or other natural
>  > phenomena is most likely a normal distribution. Check out Wikipedia's
>  > normal distribution entry.  The math is really juicy. You may end up
>  > with a recipe for the Python Cookbook.
> 
> No need for all that, use random.gauss()
> 
> Kent
> 
> 
> I hadn't noticed gauss was there in the Random module. I got to 
> wondering if I could graph the distribution. This code produces a 
> nice bell-curve-seeming curve (on its side). Takes about 80 secs to 
> run on my computer. To fit your situation, the length of the bars can 
> be shortened or lengthened by decreasing or increasing, respectively, 
> the divisor of gaussCalls in line 5, "barLengthAdjuster = gaussCalls//2600".
> 
> Dick Moores
> 
> ==
> from random import gauss
> mean = 100
> std = 10
> gaussCalls = 1000
> barLengthAdjuster = gaussCalls//2600
> 
> d = []
> for k in range(200):
>  d.append([k, 0])

This could be a list comprehension:
d = [ [k, 0] for k in range(200) ]
but there is no need to keep the array index in the array so this is 
simpler:

d = [0] * 200

> for k in xrange(gaussCalls):
>  n = int(gauss(mean, std))
>  d[n][1] += 1

This becomes just
  d[n] += 1

> 
> for c in d:
>  barLength = c[1]//barLengthAdjuster
>  print barLength, "=", c[0], c[1]

Use enumerate() to get the indices as well as the list contents. This 
version prints an actual bar as well:
for i, count in enumerate(d):
  barLength = count//barLengthAdjuster
  print i, '*' * barLength, count

Kent
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

[Tutor] converting a source package into a dll/shared library?

[Duncan Gibson]

Is it possible to convert a Python package, with __init__.py and
related python modules, into a single DLL or shared library that can
be imported in the same way?

We have used py2exe and cx_freeze to create a complete executable,
but we are curious whether there is a middle way between this single
executable and distributing all of the source files.

I've been searching the documentation and web but haven't yet found
the magic combination of keywords that throws up what we want. Does
such a possibility exist? If yes, can someone provide me a pointer?

The Background:
We have developed a demonstration tool in Python that parses input
data for ToolA written by CompanyA, converts to our own internal
neutral format, and can write in CompanyB's ToolB format. Now that
the proof of concept has been shown, the companies want to integrate
the conversion directly in their tools, but providing the code for
ToolA to CompanyB raises some issues, and similarly the other way.
Providing a DLL of the ToolA reader to CompanyB, and a DLL of the
ToolB writer to CompanyA might be one way around these issues, but
it's not clear whether this is easy to achieve.

Cheers
Duncan
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] FAQ [Was Re: Python Book Recommendations [Was:....]]

[Kent Johnson]

Tim Michelsen wrote:
> Hello,
> is there a FAQ for this list

Sort of: http://effbot.org/pyfaq/tutor-index.htm

> where we could put all these recommendations?

A better place is perhaps the Python wiki which is editable:
http://wiki.python.org/moin/PythonBooks
http://wiki.python.org/moin/BeginnersGuide/NonProgrammers
http://wiki.python.org/moin/BeginnersGuide/Programmers

Kent
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

[Tutor] Graphing the random.gauss distribution

[Dick Moores]

Kent Johnson posted this to Tutor list Aug 8, 2007 
():


 > Python provides you with a pseudo random number generator whose output
 > values are uniformly distributed between the input parameters.  What you
 > are dealing with in fish weights or test scores or other natural
 > phenomena is most likely a normal distribution. Check out Wikipedia's
 > normal distribution entry.  The math is really juicy. You may end up
 > with a recipe for the Python Cookbook.

No need for all that, use random.gauss()

Kent


I hadn't noticed gauss was there in the Random module. I got to 
wondering if I could graph the distribution. This code produces a 
nice bell-curve-seeming curve (on its side). Takes about 80 secs to 
run on my computer. To fit your situation, the length of the bars can 
be shortened or lengthened by decreasing or increasing, respectively, 
the divisor of gaussCalls in line 5, "barLengthAdjuster = gaussCalls//2600".

Dick Moores

==
from random import gauss
mean = 100
std = 10
gaussCalls = 1000
barLengthAdjuster = gaussCalls//2600

d = []
for k in range(200):
 d.append([k, 0])

for k in xrange(gaussCalls):
 n = int(gauss(mean, std))
 d[n][1] += 1

for c in d:
 barLength = c[1]//barLengthAdjuster
 print barLength, "=", c[0], c[1]


___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Security [Was: Re: Decoding]

[Michael Sparks]

Tiger12506,


You are COMPLETELY missing the point. The __following__ code

> >> > foo = raw_input(...)
> >> > x = eval(foo)

ONLY works if the user has console access to the machine.

If they have console access to the machine 
AND you're worried about them damaging it
THEN an eval(raw_input( ...)) construct is the least of your worries.

I'm not referring to text taken from
   * a network connection
   * a file
   * a web form
   * a P2P network

I was JUST referring to the ONE context of immediately eval'ing user input. 
(an unlikely one at that)

Where you say this:
> But if you parse a text file that you haven't reviewed... that's possible.

You're talking about a completely different context. Taking data from a 
network socket and using eval there is again a different context from above. 
Using it as a generic data conversion tool is again a different context.

In those 3 contexts, yes, anyone would agree that using eval is extremely
unwise at best. In the context of evaluating something which someone types at 
a console though?

On Tuesday 14 August 2007 02:28, Tiger12506 wrote:
> > On Monday 13 August 2007 22:39, Tiger12506 wrote:
> >> > foo = raw_input(...)
> >> > x = eval(foo)
> >
> > ...
> >
> >> Let your program run on your machine and I'll walk by, type in this
> >> string,
> >> and hit enter. We'll see how much of an exception it is when you can't
> >> boot
> >> your XP machine anymore.
> >> ;-)
> >
> > Who cares? I don't run XP :-D
>
> I'm sure the equivalent can be done on different operating systems.

Actually, decent operating systems prevent that sort of problem. A way to 
trash a linux machine would be to wipe /lib/libc.* on Mac OS X , 
wipe /usr/lib/libc.dylib .

Let's see if it works on a linux machine:

>>> file("/lib/libc.so.6","w").close()
Traceback (most recent call last):
  File "", line 1, in 
IOError: [Errno 13] Permission denied: '/lib/libc.so.6'

How about on a Mac OS X machine:

>>> file("/usr/lib/libc.dylib", "w").close()
Traceback (most recent call last):
  File "", line 1, in ?
IOError: [Errno 13] Permission denied: '/usr/lib/libc.dylib'

Yes, of course if I was logged in as root on either it'd work. I could do far 
more damage far more easily though if I was.

> > Seriously though, if typing:
> >> "file('boot.ini','w').close()"
> >
> > Into an "eval prompt" worked then equally leaving a python interpreter
> > open
> > would be dumb, let alone a console.
>
> It does work. Try it with a simple file "temp.txt" for example. You can run
> any function call if the string is parsed with eval. Notice I did not say
> "type into an eval prompt type loop" I mean entirely if the string is
> parsed with eval.

I know just how powerful eval is. It's damn usefully powerful. 

You have changed the context here from the context I was talking about.

I was stating that *IF* the following can cause damage:
> >> > foo = raw_input(...)
> >> > x = eval(foo)

*AND* you are worried about that damage *BECAUSE* you believe the user is 
malicious, THEN the above code is the least of your worries.

> > Quite frankly anyone getting worried about this:
> >> > foo = raw_input(...)
> >> > x = eval(foo)
> >
> > Is pretty over anxious IMO. "Gosh, the person at the console might be
> > able to
> > get python do something which they can do anyway".
>
> Again. Anytime the function is parsed with eval, you can run *any* python
> function that is in the scope that the eval function is being executed
> from. Security risks are never simple. Of course they can do it with a  
> python console window open. But if you are worried about security you don't
> allow them access to the python console. You ecapsulate it.

Yes, I know. I was talking solely about a context where they clearly DO have 
access to the console, and that worrying about this was the least of your 
worries.

It's like saying "you left the door unlocked, you're going to get robbed", 
when you're missing that the people you're not trusting are inside the house 
watching the TV & drinking your coffee and you're leaving them there alone.

Leaving the doors on a house unlocked is generally unwise when you go out (not 
least due to invalidating insurance). It's totally irrelevant if you leave it 
with people in the house you expect to rob you.

> But what if you 
> use eval in a library function you write, which is used to parse some
> input? Peer to peer networks, http servers, even text files that you try to
> parse could be corrupted to cause your computer damage.

These are ALL different contexts from the one I was talking about. None
of these example are this context:

> >> > foo = raw_input(...)
> >> > x = eval(foo)

I maintain that this: eval(raw_input(...)) in the vast majority of cases is as 
safe as letting the user have access to the machine in the first place.

Your examples here:
> use eval in a library function you write, which is used to parse some
> input? Peer to peer networks, http servers, even text files that you try to
> parse coul

[Tutor] FAQ [Was Re: Python Book Recommendations [Was:....]]

[Tim Michelsen]

Hello,
is there a FAQ for this list where we could put all these recommendations?

Thanks,
Timmie

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor