Re: [PyMOL] Fetching scripts
Hi Peter, On Wed, May 4, 2011 at 6:56 PM, Pete Meyer pame...@mcw.edu wrote: - Sandboxing would be ideal, but I don't know if there's infrastructure in python to support it. It might be easier to filter fetched scripts to only allow a restricted subset of python functions (the ast library looks like it might make this a bit easier). If a script can't access the network or hard disk, then it doesn't need to be trusted as much. There are a couple of issues with this - The last time I checked (which, admittedly, was a couple of years ago), many people had tried and failed to set up such an environment within Python. It turned out that there were very clever ways to get around any sort of reasonable restrictions that people tried to impose (i.e. a guaranteed-to-be-safe script couldn't actually do anything useful). I know there has been a lot of desire for this, so maybe the problem has been solved. - There are some plugins that need access to the hard disk. I'm not sure about scripts. If there exists a reasonable sandboxing (or AST-based) solution, we'll have to run those scripts in untrusted mode, which is probably fine. - The wiki doesn't appear to support SSL. So that means trusting the network to get to the wiki correctly, in addition to the wiki itself. I don't have any good ideas for how to work around this one. My guess is that there's just never been a real need for SSL. Jason would be the real authority here, but I'd guess that SSL would be possible if it there's a strong push for it. -Michael Pete Michael Lerner wrote: Hi all, I'm considering building in a mechanism for automatically fetching scripts from the PyMOL Wiki. The goal is to allow users to say fetch findSurfaceResidues, type=script findSurfaceResidues doShow=True, cutoff=0.5 The convenience benefits are obvious, especially for new users, and I think that lowering the barrier to script usage will greatly increase both the number of people who use various scripts and the incentive to place scripts on the wiki (especially if the fetch mechanism makes it easy for script authors to provide a citation/DOI/etc.). I've put up a tentative page about this on the wiki ( http://pymolwiki.org/index.php/Fetching_scripts), and I'd love comments either via the list, private email or on the wiki, especially about - whether you think it's a good idea - security and validation - options you'd like - implementation issues The plan is to write this as a userland script first. If issues relating to security and validation can be resolved, we'll see if the official builds want to include it. Cheers, -Michael -- Michael Lerner, Ph.D. IRTA Postdoctoral Fellow Laboratory of Computational Biology NIH/NHLBI 5635 Fishers Lane, Room T909, MSC 9314 Rockville, MD 20852 (UPS/FedEx/Reality) Bethesda MD 20892-9314 (USPS) -- Michael Lerner, Ph.D. IRTA Postdoctoral Fellow Laboratory of Computational Biology NIH/NHLBI 5635 Fishers Lane, Room T909, MSC 9314 Rockville, MD 20852 (UPS/FedEx/Reality) Bethesda MD 20892-9314 (USPS) -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd___ PyMOL-users mailing list (PyMOL-users@lists.sourceforge.net) Info Page: https://lists.sourceforge.net/lists/listinfo/pymol-users Archives: http://www.mail-archive.com/pymol-users@lists.sourceforge.net
Re: [PyMOL] Fetching scripts
Hi, With regard to sandboxing, there is PyPy: http://pypy.readthedocs.org/en/latest/sandbox.html although this would be a little complicated, as it's not just a cPython package or extension or whatever, but an alternative to cPython... Oh, and in general, there does exist some precedent for this kind of downloading user-scripts. In bioclipse (http://www.bioclipse.net/) there is a gist plugin that gets scripts (or anything) from github's gist site. See : https://github.com/blog/317-scripting-bioclipse. I guess there is also myExperiment.org, and workflow editors like Taverna. I'm not sure that you can download workflows from the program itself, though. gilleain -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd ___ PyMOL-users mailing list (PyMOL-users@lists.sourceforge.net) Info Page: https://lists.sourceforge.net/lists/listinfo/pymol-users Archives: http://www.mail-archive.com/pymol-users@lists.sourceforge.net
[PyMOL] Fetching scripts
Hi all, I'm considering building in a mechanism for automatically fetching scripts from the PyMOL Wiki. The goal is to allow users to say fetch findSurfaceResidues, type=script findSurfaceResidues doShow=True, cutoff=0.5 The convenience benefits are obvious, especially for new users, and I think that lowering the barrier to script usage will greatly increase both the number of people who use various scripts and the incentive to place scripts on the wiki (especially if the fetch mechanism makes it easy for script authors to provide a citation/DOI/etc.). I've put up a tentative page about this on the wiki ( http://pymolwiki.org/index.php/Fetching_scripts), and I'd love comments either via the list, private email or on the wiki, especially about - whether you think it's a good idea - security and validation - options you'd like - implementation issues The plan is to write this as a userland script first. If issues relating to security and validation can be resolved, we'll see if the official builds want to include it. Cheers, -Michael -- Michael Lerner, Ph.D. IRTA Postdoctoral Fellow Laboratory of Computational Biology NIH/NHLBI 5635 Fishers Lane, Room T909, MSC 9314 Rockville, MD 20852 (UPS/FedEx/Reality) Bethesda MD 20892-9314 (USPS) -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd___ PyMOL-users mailing list (PyMOL-users@lists.sourceforge.net) Info Page: https://lists.sourceforge.net/lists/listinfo/pymol-users Archives: http://www.mail-archive.com/pymol-users@lists.sourceforge.net
Re: [PyMOL] Fetching scripts
Sounds awesome! Adding an option to chose whether to load the script every time PyMol launches, or just fetch and use it once, would be even more convenient. It would resemble installation of packages from Linux repositories ;) On 4 May 2011 18:59, Michael Lerner mgler...@gmail.com wrote: Hi all, I'm considering building in a mechanism for automatically fetching scripts from the PyMOL Wiki. The goal is to allow users to say fetch findSurfaceResidues, type=script findSurfaceResidues doShow=True, cutoff=0.5 The convenience benefits are obvious, especially for new users, and I think that lowering the barrier to script usage will greatly increase both the number of people who use various scripts and the incentive to place scripts on the wiki (especially if the fetch mechanism makes it easy for script authors to provide a citation/DOI/etc.). I've put up a tentative page about this on the wiki ( http://pymolwiki.org/index.php/Fetching_scripts), and I'd love comments either via the list, private email or on the wiki, especially about - whether you think it's a good idea - security and validation - options you'd like - implementation issues The plan is to write this as a userland script first. If issues relating to security and validation can be resolved, we'll see if the official builds want to include it. Cheers, -Michael -- Michael Lerner, Ph.D. IRTA Postdoctoral Fellow Laboratory of Computational Biology NIH/NHLBI 5635 Fishers Lane, Room T909, MSC 9314 Rockville, MD 20852 (UPS/FedEx/Reality) Bethesda MD 20892-9314 (USPS) -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd ___ PyMOL-users mailing list (PyMOL-users@lists.sourceforge.net) Info Page: https://lists.sourceforge.net/lists/listinfo/pymol-users Archives: http://www.mail-archive.com/pymol-users@lists.sourceforge.net -- == Thomas Evangelidis PhD student Biomedical Research Foundation, Academy of Athens 4 Soranou Ephessiou , 115 27 Athens, Greece email: tev...@bioacademy.gr teva...@gmail.com website: https://sites.google.com/site/thomasevangelidishomepage/ -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd___ PyMOL-users mailing list (PyMOL-users@lists.sourceforge.net) Info Page: https://lists.sourceforge.net/lists/listinfo/pymol-users Archives: http://www.mail-archive.com/pymol-users@lists.sourceforge.net
Re: [PyMOL] Fetching scripts
Hi, From a security perspective, it seems like the ideas on the wiki page are all related to securing the remote source. It might be worth considering what could be done to minimize how much pymol has to trust the remote source or the network. A few ideas: - Sandboxing would be ideal, but I don't know if there's infrastructure in python to support it. It might be easier to filter fetched scripts to only allow a restricted subset of python functions (the ast library looks like it might make this a bit easier). If a script can't access the network or hard disk, then it doesn't need to be trusted as much. - The wiki doesn't appear to support SSL. So that means trusting the network to get to the wiki correctly, in addition to the wiki itself. I don't have any good ideas for how to work around this one. Pete Michael Lerner wrote: Hi all, I'm considering building in a mechanism for automatically fetching scripts from the PyMOL Wiki. The goal is to allow users to say fetch findSurfaceResidues, type=script findSurfaceResidues doShow=True, cutoff=0.5 The convenience benefits are obvious, especially for new users, and I think that lowering the barrier to script usage will greatly increase both the number of people who use various scripts and the incentive to place scripts on the wiki (especially if the fetch mechanism makes it easy for script authors to provide a citation/DOI/etc.). I've put up a tentative page about this on the wiki (http://pymolwiki.org/index.php/Fetching_scripts), and I'd love comments either via the list, private email or on the wiki, especially about - whether you think it's a good idea - security and validation - options you'd like - implementation issues The plan is to write this as a userland script first. If issues relating to security and validation can be resolved, we'll see if the official builds want to include it. Cheers, -Michael -- Michael Lerner, Ph.D. IRTA Postdoctoral Fellow Laboratory of Computational Biology NIH/NHLBI 5635 Fishers Lane, Room T909, MSC 9314 Rockville, MD 20852 (UPS/FedEx/Reality) Bethesda MD 20892-9314 (USPS) -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd ___ PyMOL-users mailing list (PyMOL-users@lists.sourceforge.net) Info Page: https://lists.sourceforge.net/lists/listinfo/pymol-users Archives: http://www.mail-archive.com/pymol-users@lists.sourceforge.net