Re: Seeking deeper understanding of python equality (==)

[Greg Ewing]

On 7/05/22 12:22 am, Jonathan Kaczynski wrote:

Stepping through the code with gdb, we see it jump from the compare
operator to the dunder-eq method on the UUID object. What I want to be able
to do is explain the in-between steps.


Generally what happens with infix operators is that the interpreter
first looks for a dunder method on the left operand. If that method
doesn't exist or returns NotImplemented, it then looks for a dunder
method on the right operand.

There is an exception if the right operand is a subclass of the
left operand -- in that case the right operand's dunder method
takes precedence.


Also, if you change `x == y` to `y
== x`, you still see the same behavior, which I assume has to do with
dunder-eq being defined on the UUID class and thus given priority.


No, in that case the conparison method of str will be getting
called first, but you won't see that in pdb because it doesn't
involve any Python code. Since strings don't know how to compare
themselves with uuids, it will return NotImplemented and the
interpreter will then call uuid's method.

--
Greg
--
https://mail.python.org/mailman/listinfo/python-list

Re: Python/New/Learn

[Greg Ewing]

On 7/05/22 12:27 pm, Stefan Ram wrote:

   But when you read descriptions in books about phonology about
   how the mouth and tongue is positioned to produce certain
   sounds and see pictures of this, your faulty ears are bypassed
   and you get a chance to produce the correct sounds of the
   foreign language even when you might not hear the difference.

   So, one might actually be able to learn the pronunciation
   of a foreign language from text in a book better than from
   an audio tape (or an audio file or a video with sound)!


Such books would certainly help, but I don't think there's any
substitute for actually hearing the sounds if you want to be
able to understand the spoken language. In my experience, you
have to listen to it for quite a while to retrain your ears
to the point where you can even begin to pick out words from
the audio stream.

I kind-of studied French for 5 years in school, with teachers
to learn the pronunication from, but I never got a lot of
practice at it or much chance to hear it spoken. As a result I
have about a 1% success rate at understanding spoken French,
even when I know all the words being used.

--
Greg


--
https://mail.python.org/mailman/listinfo/python-list

Re: tail

[Dennis Lee Bieber]

On Fri, 6 May 2022 21:19:48 +0100, MRAB 
declaimed the following:

>Is the file UTF-8? That's a variable-width encoding, so are any of the 
>characters > U+007F?
>
>Which OS? On Windows, it's common/normal for UTF-8 files to start with a 
>BOM/signature, which is 3 bytes/1 codepoint.

Windows also uses  for the EOL marker, but Python's I/O system
condenses that to just  internally (for TEXT mode) -- so using the
length of a string so read to compute a file position may be off-by-one for
each EOL in the string.

https://docs.python.org/3/tutorial/inputoutput.html#reading-and-writing-files
"""
In text mode, the default when reading is to convert platform-specific line
endings (\n on Unix, \r\n on Windows) to just \n. When writing in text
mode, the default is to convert occurrences of \n back to platform-specific
line endings. This behind-the-scenes modification to file data is fine for
text files, but will corrupt binary data like that in JPEG or EXE files. Be
very careful to use binary mode when reading and writing such files.
"""



-- 
Wulfraed Dennis Lee Bieber AF6VN
wlfr...@ix.netcom.comhttp://wlfraed.microdiversity.freeddns.org/
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python/New/Learn

[dn]

To the OP: there are many MOOCs available on the likes of the Coursera
and edX platform. (rationale, below)

Disclaimer: I work on courses on the edX platform (but not Python).


On 06/05/2022 23.37, o1bigtenor wrote:
> As we're now discussing tutorial methods - - - -
> 
> On Thu, May 5, 2022 at 8:57 PM Chris Angelico  wrote:
>>
>> On Fri, 6 May 2022 at 09:53, Grant Edwards  wrote:
>>>
>>> On 2022-05-05, Mats Wichmann  wrote:
>>>
 Without having any data at all on it, just my impressions, more
 people these days learn from in-person or video experiences.
>>>
>>> I've always been utterly baffled by video tutorials for
>>> programming. There must be people who prefer that format, but it seems
>>> like absolutely the worst possible option for me. You can't cut/paste
>>> snippets from the examples. You have to constantly pause them so you
>>> can try out examples. Sometimes it's not even easy to read the
>>> examples. Perhaps if there was an accompanying web page or PDF...
>>>
>>
>> Video tutorials make GREAT sense for learning complicated programs
>> like Adobe PhotoShop or some 3D game design engines, because (a) most
>> of what you need is in the menus somewhere, but it's hard to find; (b)
>> you can aim the tutorial at a specific version, and it'll be the same
>> for all users; and (c) you can talk about it at the same speed that
>> people can follow along.
> 
> Respectfully - - - I would disagree. FreeCAD is a mind bogglingly
> complex architecture (a lumping together of a lot of things without a real
> central vision imo in fact) and a video tutorial would seem to make sense
> - - - except - - - trying to see what is being done is at best tricky - - - at
> worse - - - impossible. If the instructions were text - - - well you could do
> things one step at a time and you wouldn't have to scroll back and forth 10
> times trying to see exactly which part of what was the mouse applied
> to and then which toolbar . . .   .  One would think that something that
> you manipulate visually would be best served by video instruction.
> 
> Personally I find video instruction the most difficult to follow and the most
> awkward. And then if the speaker is not easily understandable or is using
> translated terms (not necessarily the same as those in the program
> itself) well - - - the frustration level is most definitely NOT small and
> the amount of learning - - - not that large - - - especially given the
> effort needed to create video tutorials.  IMO video is too often used
> because its there - - - not because this enhances the experience.
> 
> (Or the instructor is an academic who is reading their video screens
> - - - you know - - - like the 85 or 90% of the profs at the uni - - - - )
>>
>> Video tutorials do NOT make sense for anything where you'll be using
>> your own editor, typing in code, and having it behave the same way.
>> There's nothing to point-and-click, and everything to type.
>>
>> But some people start making tutorials of the first kind, and then go
>> on to make some of the second kind, thinking they'll also be useful.
>>
> I think you, that is Chris, are a very generous person. My experience
> has been that many consider video tutorials to be cool or sexy or of the
> highest art - - - and never even consider the uncool, mundane, boring,
> old, text option.
> 
> I'm wondering if the difference is that in general education itself less
> and less emphasis is placed on reading (and comprehension) skills.
> This fits alongside a return to pictographic language supposedly to
> assist in multi-lingual barrier reduction.


To all:

The problem with some of the advice given in this thread, eg using
StackOverflow or YouTube videos, is that a beginner (particularly) has
no measure of the material's quality. Both platforms are riddled with
utter-junk - even 'dangerous' advice.

Some of such posted-content has been encouraged by 'teachers' who think
the old adage "to understand something properly one must be able to
explain it to someone else" can be translated into an (effective)
learning practice. Which is fine, until the results are posted on a
public forum without any qualitative assessment - I've even come-across
'teachers' (the quote-marks could be taken to indicate serious question
or in some cases, disdain) who think that allowing/encouraging students
to post such is "encouraging the student". Sadly, (IMHO) its effect is
'intellectual pollution' for those who come-after, and the generation of
an unrealistic ego/self-assessment on the part of the post-er.

Then there are others which have been posted by well-meaning
individuals. These may be motivated, similarly, by ego or altruism. Few
know what they're doing (from a training PoV) and the fact that some
such contributors stand-out so far about 'the crowd' speaks to this. How
many have you seen which fail to account for the differences between
your system and the one the author uses? How many seem determined to
show that by clicking 'here' and se

Re: tail

[MRAB]

On 2022-05-06 20:21, Marco Sulla wrote:

I have a little problem.

I tried to extend the tail function, so it can read lines from the bottom
of a file object opened in text mode.

The problem is it does not work. It gets a starting position that is lower
than the expected by 3 characters. So the first line is read only for 2
chars, and the last line is missing.

import os

_lf = "\n"
_cr = "\r"
_lf_ord = ord(_lf)

def tail(f, n=10, chunk_size=100):
 n_chunk_size = n * chunk_size
 pos = os.stat(f.fileno()).st_size
 chunk_line_pos = -1
 lines_not_found = n
 binary_mode = "b" in f.mode
 lf = _lf_ord if binary_mode else _lf

 while pos != 0:
 pos -= n_chunk_size

 if pos < 0:
 pos = 0

 f.seek(pos)
 chars = f.read(n_chunk_size)

 for i, char in enumerate(reversed(chars)):
 if char == lf:
 lines_not_found -= 1

 if lines_not_found == 0:
 chunk_line_pos = len(chars) - i - 1
 print(chunk_line_pos, i)
 break

 if lines_not_found == 0:
 break

 line_pos = pos + chunk_line_pos + 1

 f.seek(line_pos)

 res = b"" if binary_mode else ""

 for i in range(n):
 res += f.readline()

 return res

Maybe the problem is 1 char != 1 byte?


Is the file UTF-8? That's a variable-width encoding, so are any of the 
characters > U+007F?


Which OS? On Windows, it's common/normal for UTF-8 files to start with a 
BOM/signature, which is 3 bytes/1 codepoint.

--
https://mail.python.org/mailman/listinfo/python-list

Re: tail

[Marco Sulla]

I have a little problem.

I tried to extend the tail function, so it can read lines from the bottom
of a file object opened in text mode.

The problem is it does not work. It gets a starting position that is lower
than the expected by 3 characters. So the first line is read only for 2
chars, and the last line is missing.

import os

_lf = "\n"
_cr = "\r"
_lf_ord = ord(_lf)

def tail(f, n=10, chunk_size=100):
n_chunk_size = n * chunk_size
pos = os.stat(f.fileno()).st_size
chunk_line_pos = -1
lines_not_found = n
binary_mode = "b" in f.mode
lf = _lf_ord if binary_mode else _lf

while pos != 0:
pos -= n_chunk_size

if pos < 0:
pos = 0

f.seek(pos)
chars = f.read(n_chunk_size)

for i, char in enumerate(reversed(chars)):
if char == lf:
lines_not_found -= 1

if lines_not_found == 0:
chunk_line_pos = len(chars) - i - 1
print(chunk_line_pos, i)
break

if lines_not_found == 0:
break

line_pos = pos + chunk_line_pos + 1

f.seek(line_pos)

res = b"" if binary_mode else ""

for i in range(n):
res += f.readline()

return res

Maybe the problem is 1 char != 1 byte?
-- 
https://mail.python.org/mailman/listinfo/python-list

pandas (in jupyter?) problem

[Paulo da Silva]

Hi all!

I'm having the following problem. Consider the code (the commented or 
the not commented which I think do the same things):


#for col in missing_cols:
#df[col] = np.nan

df=df.copy()
df[missing_cols]=np.nan

df has about 2 cols and len(missing_cols) is about 18000.

I'm getting lots (1 by missing_col?) of the following message from 
ipykernel:


"PerformanceWarning: DataFrame is highly fragmented.  This is usually 
the result of calling `frame.insert` many times, which has poor 
performance.  Consider joining all columns at once using 
pd.concat(axis=1) instead. To get a de-fragmented frame, use `newframe = 
frame.copy()`

  df[missing_cols]=np.nan"


At first I didn't have df=df.copy(). I added it later, but the same problem.

This slows down the code a lot, perhaps because jupyter is taking too 
much time issuing these messages!


Thanks for any comments.
--
https://mail.python.org/mailman/listinfo/python-list

Re: Fwd: Do projects exist to audit PyPI-hosted packages?

[Mats Wichmann]

On 5/6/22 09:24, Sam Ezeh wrote:
> -- Forwarded message -
> From: Sam Ezeh 
> Date: Fri, 6 May 2022, 15:29
> Subject: Re: Do projects exist to audit PyPI-hosted packages?
> To: Skip Montanaro 
> 
> 
> I've had similar thoughts in the past. I don't know of anything but I
> wonder if repositiories for other languages might have something to deal
> with it.
> 
> A related problem is that even if a package is maintained by somebody with
> good intentions, the account might be hijacked by a malicious actor and
> since PyPi is separate from source control, people might not be able to
> find out easily and malware could spread through PyPi.

FWIW, there's talk of mandating MFA or appropriately scoped tokens to
upload from a PyPi account to cut down on hijacking chances.  As I
understand it, a concern that has slowed this is that sometimes a
"release" involves a ton of actual package uploads and that could
involve considerable manual overhead if a 2FA sequence were required for
each one.  Meanwhile, individual projects can now require 2FA in order
for owners to do anything "administrative".

Probably others understand the current state of play better here

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Do projects exist to audit PyPI-hosted packages?

[Skip Montanaro]

>
> A related problem is that even if a package is maintained by somebody with
> good intentions, the account might be hijacked by a malicious actor and
> since PyPi is separate from source control, people might not be able to
> find out easily and malware could spread through PyPi.
>

I hadn't considered that. Some sort of authenticated connection between the
source code hosting service and the PyPI user posting the package would be
nice.



Some other (only tangentially related) stuff occurs to me as I search for
useful bits...

I'd kinda be curious what hosting services other than GitHub or GitLab are
in common use. GNU Savannah? SourceForge? PyPI relevance isn't a terrific
indicator (I assume it uses Libraries.io's SourceRank to get a relevance
score), but it's still some kind of indicator how useful a package is.
Perhaps the PyPI BigQuery stuff has hosting info. I've not dug into it.
(Thinking that obscure hosting service might be a small knock against a
package, but that's just a thought. I realize not everyone is happy with
corporate hosting services.)

Having a decent idea what functional alternatives are out there to a
particular package would be nice as well. Again, considering pynput, I hit
Google up for "python packages similar to pynput" which led me here:

https://www.libhunt.com/r/pynput

I was unaware of its existence before. I have no idea how useful it might
be for narrowly focused packages like pynput. Something with application to
a much wider community, like numpy, returns a bunch more:

https://www.libhunt.com/r/numpy



Skip
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Seeking deeper understanding of python equality (==)

[Sam Ezeh]

Perhaps these source references are useful:

Python/ceval.c (_PyEval_EvalFrameDefault)
https://github.com/python/cpython/blob/main/Python/ceval.c#L3754-L3768
Objects/object.c (do_richcompare)
https://github.com/python/cpython/blob/42fee931d055a3ef8ed31abe44603b9b2856e04d/Objects/object.c#L661-L713

Kind regards,
Sam Ezeh


On Fri, 6 May 2022 at 18:12, Jonathan Kaczynski
 wrote:
>
> Hi,
>
> I was recently trying to explain how python equality works and ran into a
> gap in my knowledge. I haven't found any good pages going beneath a surface
> level explanation of python equality comparison.
>
> I'll post my investigations below. What I think I'm looking for is where in
> the source code (https://github.com/python/cpython) does the equality
> comparison occur. I have an idea but wanted to ask first.
>
>
> Using the dis module, we see the comparison operator is a single bytecode,
> which is expected.
>
> ❯ docker run -it --rm ubuntu:jammy
> root@919d94c98191:/# apt-get update
> root@919d94c98191:/# apt-get --yes install python3
> root@919d94c98191:/# cat >play.py < import dis
> import uuid
>
> def test():
> x = uuid.uuid4()
> y = str(x)
> x == y
> return
>
> dis.dis(test)
> EOF
> root@f33b02fef026:/# python3 play.py
> ... snip ...
>   7  16 LOAD_FAST0 (x)
>  18 LOAD_FAST1 (y)
>  20 COMPARE_OP   2 (==)
>  22 POP_TOP
> ... snip ...
>
>
> Stepping through the code with gdb, we see it jump from the compare
> operator to the dunder-eq method on the UUID object. What I want to be able
> to do is explain the in-between steps. Also, if you change `x == y` to `y
> == x`, you still see the same behavior, which I assume has to do with
> dunder-eq being defined on the UUID class and thus given priority.
>
> ❯ docker run -it --rm ubuntu:jammy
> root@919d94c98191:/# apt-get update
> root@919d94c98191:/# apt-get --yes install dpkg-source-gitarchive
> root@919d94c98191:/# sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list
> root@919d94c98191:/# apt-get update
> root@919d94c98191:/# apt-get --yes install gdb python3.10-dbg
> root@919d94c98191:/# apt-get source python3.10-dbg
> root@919d94c98191:/# cat >play.py < import uuid
> x = uuid.uuid4()
> y = str(x)
> breakpoint()
> x == y
> EOF
> root@919d94c98191:/# gdb python3.10-dbg
> (gdb) dir python3.10-3.10.4/Python
> (gdb) run play.py
> Starting program: /usr/bin/python3.10-dbg play.py
>
> warning: Error disabling address space randomization: Operation not
> permitted
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> > //play.py(5)()
> -> x == y
> (Pdb) s
> --Call--
> > /usr/lib/python3.10/uuid.py(239)__eq__()
> -> def __eq__(self, other):
>
>
> Thank you,
> Jonathan
> --
> https://mail.python.org/mailman/listinfo/python-list
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Instatiating module / Reusing module of command-line tool

[Loris Bennett]

r...@zedat.fu-berlin.de (Stefan Ram) writes:

> "Loris Bennett"  writes:
>>My question: What is the analogue to initialising an object via the
>>constructor for a module?
>
>   If you need a class, you can write a class.
>
>   When one imports a module, the module actually gets executed.
>   That's why people write "if __name__ == '__main__':" often.
>   So, everything one wants to be done at import time can be 
>   written directly into the body of one's module.

So if I have a module which relies on having internal data being set
from outside, then, even though the program only ever has one instance
of the module, different runs, say test and production, would require
different internal data and thus different instances.  Therefore a class
seems more appropriate and it is more obvious to me how to initialise
the objects (e.g. by having the some main function which can read
command-line arguments and then just pass the arguments to the
constructor.

I suppose that the decisive aspect is that my module needs
initialisation and thus should to be a class.  Your examples in the
other posting of the modules 'math' and 'string' are different, because
they just contain functions and no data.

Cheers,

Loris

-- 
This signature is currently under construction.
-- 
https://mail.python.org/mailman/listinfo/python-list

Seeking deeper understanding of python equality (==)

[Jonathan Kaczynski]

Hi,

I was recently trying to explain how python equality works and ran into a
gap in my knowledge. I haven't found any good pages going beneath a surface
level explanation of python equality comparison.

I'll post my investigations below. What I think I'm looking for is where in
the source code (https://github.com/python/cpython) does the equality
comparison occur. I have an idea but wanted to ask first.


Using the dis module, we see the comparison operator is a single bytecode,
which is expected.

❯ docker run -it --rm ubuntu:jammy
root@919d94c98191:/# apt-get update
root@919d94c98191:/# apt-get --yes install python3
root@919d94c98191:/# cat >play.py  x == y
(Pdb) s
--Call--
> /usr/lib/python3.10/uuid.py(239)__eq__()
-> def __eq__(self, other):


Thank you,
Jonathan
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python/New/Learn

[Avi Gross via Python-list]

This topic has rapidly shifted over way beyond Python even as the original 
person has not returned to participate.

There are many ways to teach anything and since the classical method was to 
learn in person from someone using mainly sound or pantomime, it has hung on. 
Even with the existence of writing, books were made one at a time and were rare.

In more recent times, the norm shifted gradually from lectures to individuals 
and groups to include textbooks and illustrations and eventually recordings or 
PowerPoint Slides with animation.

Realistically, learning some things on your own is easy enough but for many 
people and many subjects, you need interaction, reinforcement and more. 

We have college professors who repeat almost the same identical lectures for 
years to various audiences and also take few or no questions. they might as 
well be recorded  and find something better to do. But how do you learn French 
just from a book when it is completely not obvious how to pronounce anything 
given the weird spelling and grammar rules? How do you know if the dialect you 
use swallows some sounds or stretches them out a bit? For this you need to hear 
and perhaps see native speakers and correlate those sounds to the written words 
and learn to recognize and make them a habit. Even better, you often want 
someone to listen to what you try to say and respond and help guide you.

Many Computer topics have an interesting side in that access to a computer 
running whatever you are learning can give you much experience and guidance as 
you can try various things and see how they work. Written text alone may be 
enough to learn what is special about a language and a set of problems to work 
on (or your own exploration) may be able to replace much of human interaction.

You can look at learning systems such as COURSERA where they often break a 
"class" into parts that can include often shorter video clips often with 
subtitles or transcripts alongside it, as well as various kinds of printed 
material including tests and assignments and even ways (in some programming 
courses) to write small programs that are evaluated immediately by running them 
through the language program, or by having others (sometimes fellow students) 
grade them and return the results to you.

There are many ideas out there how to learn. One of the worst is huge lecture 
halls with no rewind ...

But text-only learning tools vary quite a bit and some of the better ones do 
not just throw facts at you but stop periodically and give you an overview of 
the goals and maybe add a touch of history that provides context on why some 
innovation was such a big improvement over what had been done and help you 
pronounce things when it is not obvious by saying that many people say a 
function name to rhyme with this or ...

I used to hate Math textbooks that used every imaginable symbol and assumed you 
knew how to say every Greek letter and script L and integral symbol and an 
assortment of braces and brackets in various sizes and much more.  It is hard 
to memorize formulas where you call lots of items by the name of "squiggle"!

Python currently sticks largely to using standard ASCII characters so it has 
fewer issues to deal with. For people who are not native English speakers, 
though, some things may not be intuitively obvious, let alone pronounceable. I 
suspect for some purposes, a few lectures to listen to might help if 
well-designed. 
But I noticed how in Julia, they allow all kinds of symbols but also provide a 
way to make them fairly easily. Still their use of an actual lower-case epsilon 
as a synonym for "in" is an example of how teaching Julia may need more 
thantext for some people. It uses lots of unusual symbols for operators too 
thatare often familiar to mathematicians and hardly anyone else.
for i ∈ 1:10
-Original Message-
From: 2qdxy4rzwzuui...@potatochowder.com
To: python-list@python.org
Sent: Fri, May 6, 2022 8:56 am
Subject: Re: Python/New/Learn

On 2022-05-05 at 16:51:49 -0700,
Grant Edwards  wrote:

> On 2022-05-05, Mats Wichmann  wrote:
> 
> > Without having any data at all on it, just my impressions, more
> > people these days learn from in-person or video experiences.
> 
> I've always been utterly baffled by video tutorials for
> programming. There must be people who prefer that format, but it seems
> like absolutely the worst possible option for me. You can't cut/paste
> snippets from the examples. You have to constantly pause them so you
> can try out examples. Sometimes it's not even easy to read the
> examples. Perhaps if there was an accompanying web page or PDF...

+1 (maybe more), except that an accompanying web page or PDF only solves
the problem of copying/pasting examples badly, at the expense of the
cognitive load to keep track of one more thing (because it's highly
unlikely that the web page or PDF tracks the video "automatically").

As far as easy-to-read examples go, writing them down doesn't a

Fwd: Do projects exist to audit PyPI-hosted packages?

[Sam Ezeh]

-- Forwarded message -
From: Sam Ezeh 
Date: Fri, 6 May 2022, 15:29
Subject: Re: Do projects exist to audit PyPI-hosted packages?
To: Skip Montanaro 


I've had similar thoughts in the past. I don't know of anything but I
wonder if repositiories for other languages might have something to deal
with it.

A related problem is that even if a package is maintained by somebody with
good intentions, the account might be hijacked by a malicious actor and
since PyPi is separate from source control, people might not be able to
find out easily and malware could spread through PyPi.

Kind regards,
Sam Ezeh


On Fri, 6 May 2022, 14:08 Skip Montanaro,  wrote:

> I woke with a start in what amounted to the middle of the night (I really
> need to get about three more hours of sleep, but you'll understand why I
> was awake to write this).
>
> Many years ago, so as to preserve my wrists, I wrote a tool
>  to
> monitor mouse and keyboard activity. It tells me when to rest. I use it
> when I have problems, then put it away until it's needed again. I have
> resurrected it a few times over the years, most recently a month or two
> ago. Having never been all that fond of how I tracked keyboard and mouse
> activity, I was happy when I stumbled upon pynput
> . "Yay!", I thought. My worries are
> over.
>
> Then extremely early this morning I woke thinking, "Damn, this runs on my
> computer and it can see my mouse and keyboard activity. How do I know it's
> not stealing my keystrokes?" Not going back to sleep after that. So, I'm
> going through the code (and the Xlib package on which it relies) to make
> myself more comfortable that there are no issues. Note: I am *most
> certainly not* accusing the pynput author of any mischief. In fact, I
> suspect there's no problem with the package. It's got a bunch of stars and
> plenty of forks on GitHub (for what that's worth). I suspect the code has
> had plenty of eyeballs looking at it. Still, I don't really know how well
> vetted it might be, so I have no assurances of that. I saw it mentioned
> somewhere (discuss I think?), checked it out, and thought it would solve my
> activity tracking in a cross-platform way. (I currently only use an Xorg
> environment, so while I am looking at the code, I'm not paying attention to
> the Windows or MacOS bits either.)
>
> This got me thinking. If I'm curious about pynput, might other people be as
> well? What about other packages? I'm actually not worried about Python
> proper or vulnerabilities which have already been found
> . PyPI currently advertises
> that
> it hosts over 373k packages. With that many hosted packages, it is almost
> certainly a haven for some undetected vulnerabilities. Knowing which
> packages have been audited — at least in a cursory fashion — could be used
> as a further criterion to use when deciding which packages to consider
> using on a project.
>
> So, does something already exist (pointers appreciated)? Thx...
>
> Skip
> --
> https://mail.python.org/mailman/listinfo/python-list
>
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python/New/Learn

[2QdxY4RzWzUUiLuE]

On 2022-05-05 at 16:51:49 -0700,
Grant Edwards  wrote:

> On 2022-05-05, Mats Wichmann  wrote:
> 
> > Without having any data at all on it, just my impressions, more
> > people these days learn from in-person or video experiences.
> 
> I've always been utterly baffled by video tutorials for
> programming. There must be people who prefer that format, but it seems
> like absolutely the worst possible option for me. You can't cut/paste
> snippets from the examples. You have to constantly pause them so you
> can try out examples. Sometimes it's not even easy to read the
> examples. Perhaps if there was an accompanying web page or PDF...

+1 (maybe more), except that an accompanying web page or PDF only solves
the problem of copying/pasting examples badly, at the expense of the
cognitive load to keep track of one more thing (because it's highly
unlikely that the web page or PDF tracks the video "automatically").

As far as easy-to-read examples go, writing them down doesn't always
help.  One of my physics textbooks used upsilon and nu to describe some
phenomenon related to lasers.  IIRC, the text, the math, and the physics
were pretty straightforward, until you looked at the fraction υ/ν in
something resembling Times Roman Italic (although, to be fair, once you
got that far, it was pretty obvious that it was upsilon over nu rather
than nu over upsilon).
-- 
https://mail.python.org/mailman/listinfo/python-list

Do projects exist to audit PyPI-hosted packages?

[Skip Montanaro]

I woke with a start in what amounted to the middle of the night (I really
need to get about three more hours of sleep, but you'll understand why I
was awake to write this).

Many years ago, so as to preserve my wrists, I wrote a tool
 to
monitor mouse and keyboard activity. It tells me when to rest. I use it
when I have problems, then put it away until it's needed again. I have
resurrected it a few times over the years, most recently a month or two
ago. Having never been all that fond of how I tracked keyboard and mouse
activity, I was happy when I stumbled upon pynput
. "Yay!", I thought. My worries are over.

Then extremely early this morning I woke thinking, "Damn, this runs on my
computer and it can see my mouse and keyboard activity. How do I know it's
not stealing my keystrokes?" Not going back to sleep after that. So, I'm
going through the code (and the Xlib package on which it relies) to make
myself more comfortable that there are no issues. Note: I am *most
certainly not* accusing the pynput author of any mischief. In fact, I
suspect there's no problem with the package. It's got a bunch of stars and
plenty of forks on GitHub (for what that's worth). I suspect the code has
had plenty of eyeballs looking at it. Still, I don't really know how well
vetted it might be, so I have no assurances of that. I saw it mentioned
somewhere (discuss I think?), checked it out, and thought it would solve my
activity tracking in a cross-platform way. (I currently only use an Xorg
environment, so while I am looking at the code, I'm not paying attention to
the Windows or MacOS bits either.)

This got me thinking. If I'm curious about pynput, might other people be as
well? What about other packages? I'm actually not worried about Python
proper or vulnerabilities which have already been found
. PyPI currently advertises that
it hosts over 373k packages. With that many hosted packages, it is almost
certainly a haven for some undetected vulnerabilities. Knowing which
packages have been audited — at least in a cursory fashion — could be used
as a further criterion to use when deciding which packages to consider
using on a project.

So, does something already exist (pointers appreciated)? Thx...

Skip
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python/New/Learn

[o1bigtenor]

As we're now discussing tutorial methods - - - -

On Thu, May 5, 2022 at 8:57 PM Chris Angelico  wrote:
>
> On Fri, 6 May 2022 at 09:53, Grant Edwards  wrote:
> >
> > On 2022-05-05, Mats Wichmann  wrote:
> >
> > > Without having any data at all on it, just my impressions, more
> > > people these days learn from in-person or video experiences.
> >
> > I've always been utterly baffled by video tutorials for
> > programming. There must be people who prefer that format, but it seems
> > like absolutely the worst possible option for me. You can't cut/paste
> > snippets from the examples. You have to constantly pause them so you
> > can try out examples. Sometimes it's not even easy to read the
> > examples. Perhaps if there was an accompanying web page or PDF...
> >
>
> Video tutorials make GREAT sense for learning complicated programs
> like Adobe PhotoShop or some 3D game design engines, because (a) most
> of what you need is in the menus somewhere, but it's hard to find; (b)
> you can aim the tutorial at a specific version, and it'll be the same
> for all users; and (c) you can talk about it at the same speed that
> people can follow along.

Respectfully - - - I would disagree. FreeCAD is a mind bogglingly
complex architecture (a lumping together of a lot of things without a real
central vision imo in fact) and a video tutorial would seem to make sense
- - - except - - - trying to see what is being done is at best tricky - - - at
worse - - - impossible. If the instructions were text - - - well you could do
things one step at a time and you wouldn't have to scroll back and forth 10
times trying to see exactly which part of what was the mouse applied
to and then which toolbar . . .   .  One would think that something that
you manipulate visually would be best served by video instruction.

Personally I find video instruction the most difficult to follow and the most
awkward. And then if the speaker is not easily understandable or is using
translated terms (not necessarily the same as those in the program
itself) well - - - the frustration level is most definitely NOT small and
the amount of learning - - - not that large - - - especially given the
effort needed to create video tutorials.  IMO video is too often used
because its there - - - not because this enhances the experience.

(Or the instructor is an academic who is reading their video screens
- - - you know - - - like the 85 or 90% of the profs at the uni - - - - )
>
> Video tutorials do NOT make sense for anything where you'll be using
> your own editor, typing in code, and having it behave the same way.
> There's nothing to point-and-click, and everything to type.
>
> But some people start making tutorials of the first kind, and then go
> on to make some of the second kind, thinking they'll also be useful.
>
I think you, that is Chris, are a very generous person. My experience
has been that many consider video tutorials to be cool or sexy or of the
highest art - - - and never even consider the uncool, mundane, boring,
old, text option.

I'm wondering if the difference is that in general education itself less
and less emphasis is placed on reading (and comprehension) skills.
This fits alongside a return to pictographic language supposedly to
assist in multi-lingual barrier reduction.

I will cease and desist - - - (thanks for even 'listening')

Pace
-- 
https://mail.python.org/mailman/listinfo/python-list