Re: Hello World in Python

[Terry Reedy]

On 1/24/2015 6:53 PM, Christopher J. Pisz wrote:

I am trying to help a buddy out. I am a C++ on Windows guy. This buddy
of mine is learning Python at work on a Mac. I figured I could
contribute with non language specific questions and such.

When learning any new language, I said, the first step would be a Hello
World program. Let's see if we can get that to work.

So my buddy creates opens the IDE they gave at the workplace, creates a
new project, adds a demo.py file, writes one line : print Hello World,
hits Run in the IDE and indeed the display is shown at the bottom when
it executes.

I say the next step would be to get that to run on the command line. So
(keep in mind I know nothing about macs) my buddy opens a zsh? window,
cd to the directory, and I say the command i most likely: python demo.py

It looks like it executes but there is no output to the command line
window.


It should.  In a Windows console, using 3.4:
C:\Programs\Python34type tem.py  # cat on Mac?
print('Hello World!')

C:\Programs\Python34python tem.py
Hello World!

 Can anyone explain why there is no output?

Without a copy of the file and command, as above, no.

 Can anyone recommend a good walkthrough of getting set up and doing 
basics?


Since you used 2.x  print syntax: https://docs.python.org/2.7/

Python Setup and Usage
how to use Python on different platforms

Tutorial
start here

 I'll probably end up learning python myself, just to help out.

You might possibly enjoy Python as a complement to C++.  Some people 
prototype in Python and rewrite time critical functions in C++.  One can 
access .dlls either directly (via the ctypes module) and write a wrapper 
file in C or C++.  I believe Python has also been used to write tests 
for C++ functions (I know this is true for Python and Java, via Jython).


--
Terry Jan Reedy

--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World in Python

[Rustom Mody]

On Sunday, January 25, 2015 at 5:36:02 AM UTC+5:30, Chris Angelico wrote:

 One thing that I really like doing with my Python students (full
 disclosure: I'm a mentor with www.thinkful.com and am thus at times
 paid to help people learn Python) is some form of screen-sharing, so I
 can watch him/her trying things. There are a number of zero-dollar
 ways to do this, and it helps enormously. Flip on screen-share, ask
 him to run the script, and see where that leads.

Would be interested in how you manage that!
Am teaching a class where everyone has a laptop.
Having them setup with a bare modicum of uniformity is turning out some 
challenge.
Some windows, some linux(es), even one blessed mac!
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World in Python

[Chris Angelico]

On Sun, Jan 25, 2015 at 6:14 PM, Rustom Mody rustompm...@gmail.com wrote:
 On Sunday, January 25, 2015 at 5:36:02 AM UTC+5:30, Chris Angelico wrote:

 One thing that I really like doing with my Python students (full
 disclosure: I'm a mentor with www.thinkful.com and am thus at times
 paid to help people learn Python) is some form of screen-sharing, so I
 can watch him/her trying things. There are a number of zero-dollar
 ways to do this, and it helps enormously. Flip on screen-share, ask
 him to run the script, and see where that leads.

 Would be interested in how you manage that!
 Am teaching a class where everyone has a laptop.
 Having them setup with a bare modicum of uniformity is turning out some 
 challenge.
 Some windows, some linux(es), even one blessed mac!

Generally we use Google Hangouts - video chat, with options for
screen-share (replacing the camera; let's face it, when you're
discussing code, staring at talking heads isn't all that useful) and a
few other neat features. But if uniformity is an issue, you might want
to look into some kind of virtual Linux box like http://nitrous.io/ -
that way, everyone's using the same system, and nobody has to worry
about the stupid hassles of trying to support three different OSes.
Though Nitrous mightn't be as important for you as it is for the
Thinkful course; as part of the course, we teach PostgreSQL + Python +
PsycoPG2 + SQLAlchemy, and if you're on a Mac and your student is on
Windows, you'll *really* appreciate not having to figure out how to
install that lot on a foreign platform! (In theory, the situation
should be getting better. Installing stuff from PyPI under Windows has
long been a massive nuisance, but it's starting to become a bit
easier. But it's still a massive pain for someone who doesn't know
Windows to try to walk a Windows person through the setup.)

And hey. If you want a pay-for Python programming course, do check 'em
out - www.thinkful.com. You get regular one-on-one mentorship, a
highly responsive team of staff, and all sorts of random fun. There,
I'm done advertising now. :)

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World in Python

[Christopher J. Pisz]

On 1/24/2015 7:12 PM, Terry Reedy wrote:

On 1/24/2015 6:53 PM, Christopher J. Pisz wrote:

I am trying to help a buddy out. I am a C++ on Windows guy. This buddy
of mine is learning Python at work on a Mac. I figured I could
contribute with non language specific questions and such.

When learning any new language, I said, the first step would be a Hello
World program. Let's see if we can get that to work.

So my buddy creates opens the IDE they gave at the workplace, creates a
new project, adds a demo.py file, writes one line : print Hello World,
hits Run in the IDE and indeed the display is shown at the bottom when
it executes.

I say the next step would be to get that to run on the command line. So
(keep in mind I know nothing about macs) my buddy opens a zsh? window,
cd to the directory, and I say the command i most likely: python demo.py

It looks like it executes but there is no output to the command line
window.


It should.  In a Windows console, using 3.4:
C:\Programs\Python34type tem.py  # cat on Mac?
print('Hello World!')

C:\Programs\Python34python tem.py
Hello World!

  Can anyone explain why there is no output?

Without a copy of the file and command, as above, no.

  Can anyone recommend a good walkthrough of getting set up and doing
basics?

Since you used 2.x  print syntax: https://docs.python.org/2.7/

Python Setup and Usage
how to use Python on different platforms

Tutorial
start here

  I'll probably end up learning python myself, just to help out.

You might possibly enjoy Python as a complement to C++.  Some people
prototype in Python and rewrite time critical functions in C++.  One can
access .dlls either directly (via the ctypes module) and write a wrapper
file in C or C++.  I believe Python has also been used to write tests
for C++ functions (I know this is true for Python and Java, via Jython).



Good docs. I got setup in Windows in 10 minutes.


--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World in Python

[Chris Angelico]

On Sun, Jan 25, 2015 at 10:53 AM, Christopher J. Pisz
cp...@austin.rr.com wrote:
 So my buddy creates opens the IDE they gave at the workplace, creates a new
 project, adds a demo.py file, writes one line : print Hello World, hits
 Run in the IDE and indeed the display is shown at the bottom when it
 executes.

 I say the next step would be to get that to run on the command line. So
 (keep in mind I know nothing about macs) my buddy opens a zsh? window, cd
 to the directory, and I say the command i most likely: python demo.py

 It looks like it executes but there is no output to the command line window.

 Can anyone explain why there is no output?
 Can anyone recommend a good walkthrough of getting set up and doing basics?

Your broad methodology is fine! I'd normally expect that to work
correctly. Was the file properly saved? Ask him to display the file
(cat demo.py) to make sure it's what he thinks. Or maybe he's in a
different directory to the one he thinks he's in; again, catting the
file will help. Otherwise, it might be a weird problem with his shell,
but that's hard to diagnose.

One thing that I really like doing with my Python students (full
disclosure: I'm a mentor with www.thinkful.com and am thus at times
paid to help people learn Python) is some form of screen-sharing, so I
can watch him/her trying things. There are a number of zero-dollar
ways to do this, and it helps enormously. Flip on screen-share, ask
him to run the script, and see where that leads.

Good luck!

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

Michael Torrie torr...@gmail.com:

 Most password policies are the wrong solution.

I believe passwords themselves are the wrong solution. I believe in a
physical, government-issue object capable of challenge-response. It can
then be beefed up with extra measures depending on the need.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Ströder]

Chris Angelico wrote:
 Want security?
 Push the encryption and authentication down to a lower layer, and save
 yourself the trouble.

Yes. And now for the next level: How to prevent unauthorized machines to
connect to your network…

Ciao, Michael.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Mon, Jan 19, 2015 at 12:35 AM, Michael Ströder mich...@stroeder.com wrote:
 Chris Angelico wrote:
 Want security?
 Push the encryption and authentication down to a lower layer, and save
 yourself the trouble.

 Yes. And now for the next level: How to prevent unauthorized machines to
 connect to your network…

Extremely difficult, and in many cases quite unnecessary. No, you let
them on the network, and then make sure that won't hurt you more than
you're prepared to accept. For instance, someone could join my wifi
network - all they need is the WPA2 PSK, which is well known around
the place - and use/abuse our internet connection; but they couldn't
access my PostgreSQL databases, because the firewall doesn't permit
access to port 5432.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Ströder]

Chris Angelico wrote:
 On Mon, Jan 19, 2015 at 12:35 AM, Michael Ströder mich...@stroeder.com 
 wrote:
 Chris Angelico wrote:
 Want security?
 Push the encryption and authentication down to a lower layer, and save
 yourself the trouble.

 Yes. And now for the next level: How to prevent unauthorized machines to
 connect to your network…
 
 Extremely difficult, and in many cases quite unnecessary. No, you let
 them on the network, and then make sure that won't hurt you more than
 you're prepared to accept.

Somewhat true…

 For instance, someone could join my wifi
 network - all they need is the WPA2 PSK, which is well known around
 the place - and use/abuse our internet connection; but they couldn't
 access my PostgreSQL databases, because the firewall doesn't permit
 access to port 5432.

…but your firewall relies on authenticity of IP addresses. Fail!

Ciao, Michael.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

Michael Ströder mich...@stroeder.com:

 Marko Rauhamaa wrote:
 I believe in a
 physical, government-issue object
 
 Did you forget the smiley? Or where were you during the last 1,5 years?

You can juggle the issues all you want. In the end, there's no escaping
the governments' underwriting role. The TLS chain of trust we have
today is a joke and can be spoofed easily not only by governments but
really by anybody.

Authentication is still separate from privacy, which could be secured
from the governments if there were a will.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Sun, Jan 18, 2015 at 9:03 PM, Marko Rauhamaa ma...@pacujo.net wrote:
 Michael Torrie torr...@gmail.com:

 Most password policies are the wrong solution.

 I believe passwords themselves are the wrong solution. I believe in a
 physical, government-issue object capable of challenge-response. It can
 then be beefed up with extra measures depending on the need.

I can't tell whether you're serious or not. Do you actually trust
government-issue more than anything else, or is your tongue firmly
in your cheek?

Also, which government?

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Sun, Jan 18, 2015 at 1:13 PM, Michael Torrie torr...@gmail.com wrote:
 Like many of you I use a password manager these days.  It's pretty
 slick.  But really it shows the absurdity of the situation.  Instead of
 passwords we should all just use private/public keypairs and store the
 private keys in a digital wallet.  Forget this password garbage with
 it's 50-70 bits of entropy.  Let's go for 2048-bit keys and be done with
 it, if we're going to require the use of password managers.

Easy way to do a lot of that is to layer most things on top of SSH. I
can pull/push git repositories using my SSH keypairs, I can access the
local network mounts that way, all sorts of things can be done with a
system that's already deployed. It's easy to put your own service on
top of SSH too. Want simplicity? Passwords are fine. Want security?
Push the encryption and authentication down to a lower layer, and save
yourself the trouble.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Torrie]

On 01/17/2015 05:04 PM, Chris Angelico wrote:
 Related to that is another reason I've heard: if your password is
 figured out by some means other than hash theft [1], there's a maximum
 of N days to make use of it. But let's face it, if someone gets hold
 of one of your accounts, it won't take long to do serious damage. Even
 if it's not a high-profile target like email or banking, a service
 with your password known by someone else is a problem *now*, not
 after a month of research or something.
 
 Password maximum age is the wrong solution to a few problems, and is
 itself a problem. Don't do it.

Most password policies are the wrong solution.  They don't seem to
increase the time to guess the password given the hash, and they
certainly don't physically secure anything, as passwords that have to be
changed often and to bizarre notions of upper case, lower case, digits,
non-alphanumeric characters, are guaranteed to be written down and
pasted to the monitor.

Like many of you I use a password manager these days.  It's pretty
slick.  But really it shows the absurdity of the situation.  Instead of
passwords we should all just use private/public keypairs and store the
private keys in a digital wallet.  Forget this password garbage with
it's 50-70 bits of entropy.  Let's go for 2048-bit keys and be done with
it, if we're going to require the use of password managers.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Roy Smith]

In article 54bb2c5f$0$12977$c3e8da3$54964...@news.astraweb.com,
 Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:

 You know that two-factor authentication doesn't offer any real security
 against Man In The Middle attacks?

The fact that TFA doesn't solve all problems doesn't change the fact 
that it solves some of them.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Ströder]

Steven D'Aprano wrote:
 Mark Lawrence wrote:
 
 Bah humbug, this has reminded me of doing secure work whereby each
 individual had two passwords, both of which had to be changed every
 thirty days, and rules were enforced so you couldn't just increment the
 number at the end of a word or similar.
 
 I hate and despise systems that force you to arbitrarily change a good
 strong password after N days for no good reason.
 
 The utterly bad reason often given by people who don't understand
 probability is that if hackers try to guess your password by brute-force,
 changing the password regularly will make it harder for them. That's simply
 wrong, and is based on a misunderstanding of probability.

But there's a probability  0 that one of the systems where an admin has to
use his/her password was hacked and that passwords gets stolen there. It's
hard to find out in case of skilled hackers.

= have more than one account for different security areas and have password
aging in place.

Ciao, Michael.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Ströder]

Michael Torrie wrote:
 Like many of you I use a password manager these days.  It's pretty
 slick.  But really it shows the absurdity of the situation.  Instead of
 passwords we should all just use private/public keypairs and store the
 private keys in a digital wallet.  Forget this password garbage with
 it's 50-70 bits of entropy.  Let's go for 2048-bit keys and be done with
 it, if we're going to require the use of password managers.

Yes, and that's easy e.g. with SSH. And in theory it's easy with SSL/TLS. But
support for client certs in browsers really suck (try to change the login once
you've chosen a client cert without closing the browser).

Ciao, Michael.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Jason Friedman]

 Password maximum age is the wrong solution to a few problems, and is
 itself a problem. Don't do it.

 Bruce Schneier (mostly) agrees with you:
https://www.schneier.com/blog/archives/2010/11/changing_passwo.html.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Ströder]

Marko Rauhamaa wrote:
 I believe in a
 physical, government-issue object

Did you forget the smiley? Or where were you during the last 1,5 years?

Ciao, Michael.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Ströder]

Marko Rauhamaa wrote:
 Michael Ströder mich...@stroeder.com:
 
 Marko Rauhamaa wrote:
 I believe in a
 physical, government-issue object
 
 Did you forget the smiley? Or where were you during the last 1,5 years?
 
 You can juggle the issues all you want. In the end, there's no escaping
 the governments' underwriting role. The TLS chain of trust we have
 today is a joke and can be spoofed easily not only by governments but
 really by anybody.

That's why I'm internally using my own private CA and limit the trust stores
of various services to this CA.

 Authentication is still separate from privacy,

Not true because there's no authorization without authentication.

Ciao, Michael.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Mon, Jan 19, 2015 at 2:48 AM, Michael Ströder mich...@stroeder.com wrote:
 For instance, someone could join my wifi
 network - all they need is the WPA2 PSK, which is well known around
 the place - and use/abuse our internet connection; but they couldn't
 access my PostgreSQL databases, because the firewall doesn't permit
 access to port 5432.

 …but your firewall relies on authenticity of IP addresses. Fail!

No; I have two completely separate networks. If you're on the one that
anyone can easily get onto, it doesn't matter what your IP is, you do
not get access to certain ports on computers on the other side of the
firewall.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

Chris Angelico ros...@gmail.com:
 On Sun, Jan 18, 2015 at 9:03 PM, Marko Rauhamaa ma...@pacujo.net wrote:
 I believe passwords themselves are the wrong solution. I believe in a
 physical, government-issue object capable of challenge-response. It
 can then be beefed up with extra measures depending on the need.

 I can't tell whether you're serious or not. Do you actually trust
 government-issue more than anything else, or is your tongue firmly
 in your cheek?

I'm serious.

 Also, which government?

For example, the State of Finland (the place where I happen to reside).
Then, you would know you would be dealing with someone who is holding a
physical ID guaranteed by the Finnish government. After all, that's how
passports work; passports are trusted everywhere in the world.

That would be better than anything we have right now. As far as I know,
a system like that is in use in Estonia. In principle, an analogous
system is also there in Finland, but it is barely used yet (chicken and
egg). The practical online authentication in Finland is provided by
private banks. The private solution is effective but it costs businesses
money to use making it unavailable for individuals and nonprofits.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Albert van der Horst]

In article mailman.17471.1420721626.18130.python-l...@python.org,
Chris Angelico  ros...@gmail.com wrote:
SNIP

But sure. If you want to cut out complication, dispense with user
accounts altogether and run everything as root. That's WAY simpler!

I didn't except this strawman argument from you.
Of course you need a distinction between doing system things as
root, and working as a normal user. You just don't need sudo.


ChrisA
-- 
Albert van der Horst, UTRECHT,THE NETHERLANDS
Economic growth -- being exponential -- ultimately falters.
albert@spearc.xs4all.nl =n http://home.hccnet.nl/a.w.m.van.der.horst

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Sun, Jan 18, 2015 at 1:51 AM, Albert van der Horst
alb...@spenarnc.xs4all.nl wrote:
 In article mailman.17471.1420721626.18130.python-l...@python.org,
 Chris Angelico  ros...@gmail.com wrote:
 SNIP

But sure. If you want to cut out complication, dispense with user
accounts altogether and run everything as root. That's WAY simpler!

 I didn't except this strawman argument from you.
 Of course you need a distinction between doing system things as
 root, and working as a normal user. You just don't need sudo.

So you have to have a password on the root account. My systems are
more secure, as they do not have a password that someone could learn.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Albert van der Horst]

In article mailman.17481.1420737102.18130.python-l...@python.org,
Chris Angelico  ros...@gmail.com wrote:
On Fri, Jan 9, 2015 at 4:02 AM, Steve Hayes hayes...@telkomsa.net wrote:
 On 08 Jan 2015 12:43:33 GMT, alb...@spenarnc.xs4all.nl (Albert van der Horst)
 wrote:

I don't trust sudo because it is too complicated.
(To the point that I removed it from my machine.)
I do

 How do you do that?

 I avoided Ubuntu because it had sudo, and then discovered that Fedora had it
 as well.

Uhh, 'apt-get remove sudo'? That ought to work on any Debian-based

That works. That is exactly what I did.

system. With Debian itself, you get the option during installation of
setting a root password, in which case it won't install sudo by
default.

ChrisA
-- 
Albert van der Horst, UTRECHT,THE NETHERLANDS
Economic growth -- being exponential -- ultimately falters.
albert@spearc.xs4all.nl =n http://home.hccnet.nl/a.w.m.van.der.horst

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[cl]

Chris Angelico ros...@gmail.com wrote:
 On Sun, Jan 18, 2015 at 1:51 AM, Albert van der Horst
 alb...@spenarnc.xs4all.nl wrote:
  In article mailman.17471.1420721626.18130.python-l...@python.org,
  Chris Angelico  ros...@gmail.com wrote:
  SNIP
 
 But sure. If you want to cut out complication, dispense with user
 accounts altogether and run everything as root. That's WAY simpler!
 
  I didn't except this strawman argument from you.
  Of course you need a distinction between doing system things as
  root, and working as a normal user. You just don't need sudo.
 
 So you have to have a password on the root account. My systems are
 more secure, as they do not have a password that someone could learn.
 
Yes, they do (if you use sudo) it's *your* password and IMHO it's less
secure as you only need to know one password to get root access.

-- 
Chris Green
·
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Torrie]

On 01/17/2015 07:51 AM, Albert van der Horst wrote:
 In article mailman.17471.1420721626.18130.python-l...@python.org,
 Chris Angelico  ros...@gmail.com wrote:
 SNIP

 But sure. If you want to cut out complication, dispense with user
 accounts altogether and run everything as root. That's WAY simpler!
 
 I didn't except this strawman argument from you.
 Of course you need a distinction between doing system things as
 root, and working as a normal user. You just don't need sudo.

I just don't see the distinction.  What's the difference between having
to type in a root password and having to type in your own administrative
user password?  Guess we're all just struggling to understand your logic
here.

On my laptop sudo has a huge advantage over su, and that is I can use my
fingerprint reader to access root. Now I could set up root to accept a
fingerprint as well which would work with su, but the sudo solution is
much quicker to configure.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[cl]

Michael Torrie torr...@gmail.com wrote:
 On 01/17/2015 07:51 AM, Albert van der Horst wrote:
  In article mailman.17471.1420721626.18130.python-l...@python.org,
  Chris Angelico  ros...@gmail.com wrote:
  SNIP
 
  But sure. If you want to cut out complication, dispense with user
  accounts altogether and run everything as root. That's WAY simpler!
  
  I didn't except this strawman argument from you.
  Of course you need a distinction between doing system things as
  root, and working as a normal user. You just don't need sudo.
 
 I just don't see the distinction.  What's the difference between having
 to type in a root password and having to type in your own administrative
 user password?  Guess we're all just struggling to understand your logic
 here.
 
One big distinction is that you need to know two passwords to get root
access if there's a real root account as opposed to using sudo.  This
only applies of course if direct root login isn't allowed (via ssh or
whatever).

-- 
Chris Green
·
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Mark Lawrence]

On 17/01/2015 16:47, c...@isbd.net wrote:

Michael Torrie torr...@gmail.com wrote:

On 01/17/2015 07:51 AM, Albert van der Horst wrote:

In article mailman.17471.1420721626.18130.python-l...@python.org,
Chris Angelico  ros...@gmail.com wrote:
SNIP


But sure. If you want to cut out complication, dispense with user
accounts altogether and run everything as root. That's WAY simpler!


I didn't except this strawman argument from you.
Of course you need a distinction between doing system things as
root, and working as a normal user. You just don't need sudo.


I just don't see the distinction.  What's the difference between having
to type in a root password and having to type in your own administrative
user password?  Guess we're all just struggling to understand your logic
here.


One big distinction is that you need to know two passwords to get root
access if there's a real root account as opposed to using sudo.  This
only applies of course if direct root login isn't allowed (via ssh or
whatever).



Bah humbug, this has reminded me of doing secure work whereby each 
individual had two passwords, both of which had to be changed every 
thirty days, and rules were enforced so you couldn't just increment the 
number at the end of a word or similar.


--
My fellow Pythonistas, ask not what our language can do for you, ask
what you can do for our language.

Mark Lawrence

--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Albert van der Horst]

In article h9gqob-c3e@esprimo.zbmc.eu,  c...@isbd.net wrote:
Michael Torrie torr...@gmail.com wrote:
 On 01/17/2015 07:51 AM, Albert van der Horst wrote:
  In article mailman.17471.1420721626.18130.python-l...@python.org,
  Chris Angelico  ros...@gmail.com wrote:
  SNIP
 
  But sure. If you want to cut out complication, dispense with user
  accounts altogether and run everything as root. That's WAY simpler!
 
  I didn't except this strawman argument from you.
  Of course you need a distinction between doing system things as
  root, and working as a normal user. You just don't need sudo.

 I just don't see the distinction.  What's the difference between having
 to type in a root password and having to type in your own administrative
 user password?  Guess we're all just struggling to understand your logic
 here.

One big distinction is that you need to know two passwords to get root
access if there's a real root account as opposed to using sudo.  This
only applies of course if direct root login isn't allowed (via ssh or
whatever).

The other is that if a dozen users have sudo possibility, one compromised
password compromises the whole system. The same administrators that like
sudo will force the users into a safe password of at least 8 characters
a special sign a number and a capital, instead of educating them to
use a strong password like the_horse_eats_yellow_stones. 1]
Chances are that one of the users has a password like
! (first special sign) 1 (first number) Q (first capital)
followed by a weak 5 letter word (or even a guessable one).

Compare that to
Dear administrator, I've to do this. Can I have the root password.
Sure here it is Looks over users shoulder. Are you ready?
Make sure he's logged out. Uses random generator for a new password.

If there is something, anything, change the root password and check
the disk for suid-root files.

There is no such thing as automatic security.
Security requires one thing: attention. And effort. So two things:
attention and effort. And simplicity. So three things: attention,
effort and simplicity.

sudo makes administrators careless, lazy and it is not simple at all.

--
Chris Green

Groetjes Albert

1] I don't claim this is *very* strong, just strong.
-- 
Albert van der Horst, UTRECHT,THE NETHERLANDS
Economic growth -- being exponential -- ultimately falters.
albert@spearc.xs4all.nl =n http://home.hccnet.nl/a.w.m.van.der.horst

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Ströder]

alb...@spenarnc.xs4all.nl (Albert van der Horst) wrote:
 In article h9gqob-c3e@esprimo.zbmc.eu,  c...@isbd.net wrote:
 Michael Torrie torr...@gmail.com wrote:
 On 01/17/2015 07:51 AM, Albert van der Horst wrote:
 In article mailman.17471.1420721626.18130.python-l...@python.org,
 Chris Angelico  ros...@gmail.com wrote:
 SNIP

 But sure. If you want to cut out complication, dispense with user
 accounts altogether and run everything as root. That's WAY simpler!

 I didn't except this strawman argument from you.
 Of course you need a distinction between doing system things as
 root, and working as a normal user. You just don't need sudo.

 I just don't see the distinction.  What's the difference between having
 to type in a root password and having to type in your own administrative
 user password?  Guess we're all just struggling to understand your logic
 here.

 One big distinction is that you need to know two passwords to get root
 access if there's a real root account as opposed to using sudo.  This
 only applies of course if direct root login isn't allowed (via ssh or
 whatever).
 
 The other is that if a dozen users have sudo possibility, one compromised
 password compromises the whole system.

Hmm, but it's much worse if a dozen users have to know the root password. With
this they can circumvent sudo completely (e.g. going over IPMI console).

 Compare that to
 Dear administrator, I've to do this. Can I have the root password.
 Sure here it is Looks over users shoulder. Are you ready?
 Make sure he's logged out. Uses random generator for a new password.

This process does not work for dozens of admins maintaining thousands of
machines. Especially when something goes wrong in the night shift and has to
be fixed quickly.

 If there is something, anything, change the root password and check
 the disk for suid-root files.

Better require public key authc for SSH access and the user's own (one-time)
password for sudo. If your security requirements are really high mandate going
through a SSH gateway / jumphost.

 Security requires one thing: attention. And effort. So two things:
 attention and effort. And simplicity. So three things: attention,
 effort and simplicity.

Yes.

 sudo makes administrators careless, lazy and it is not simple at all.

Admins must have separate accounts with separate credentials for
administrative work and must be careful when using an administrative account.

Ciao, Michael.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Steven D'Aprano]

Mark Lawrence wrote:

 Bah humbug, this has reminded me of doing secure work whereby each
 individual had two passwords, both of which had to be changed every
 thirty days, and rules were enforced so you couldn't just increment the
 number at the end of a word or similar.

I hate and despise systems that force you to arbitrarily change a good
strong password after N days for no good reason.

The utterly bad reason often given by people who don't understand
probability is that if hackers try to guess your password by brute-force,
changing the password regularly will make it harder for them. That's simply
wrong, and is based on a misunderstanding of probability.

The merely poor reason given by the more thoughtful sys admins is, if the
password hashes get stolen, the hacker has a maximum of N days (and
possibly less) to crack the hashes and recover the passwords before they
get changed. That's okay as far as it goes, but it's the wrong solution for
the problem. The right solution is to salt the passwords, and to secure the
hashes from theft. Users should only be forced to change their password if
the hashes are stolen, not at arbitrary intervals.

The problem with regular password changes is that it makes it significantly
harder remember passwords, especially one that you might only use rarely.
It encourages users to pick weak, trivial passwords that can be trivially
incremented each time the computer insists they change it, blahblah-JAN
or blahblahblah1, or to simply write the password down or a Post-it note
on their computer. In isolation, regular password changes seems like a good
idea, but in practice they are not.

Password management is hard enough without having to throw away perfectly
good, strong, memorable passwords every N days just in case.



-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Devin Jeanpierre]

Sorry for necro.

On Sat, Dec 20, 2014 at 10:44 PM, Chris Angelico ros...@gmail.com wrote:
 On Sun, Dec 21, 2014 at 5:31 PM, Terry Reedy tjre...@udel.edu wrote:
 Just to be clear, writing to sys.stdout works fine in Idle.
 import sys; sys.stdout.write('hello ')
 hello  #2.7

 In 3.4, the number of chars? bytes? is returned and written also.

 Whether you mean something different by 'stdout' or not, I am not sure.  The
 error is from writing to a non-existent file descriptor.

 That's because sys.stdout is replaced. But stdout itself, file
 descriptor 1, is not available:

It surprises me that IDLE, and most other shells, don't dup2
stdout/err/in so that those FDs talk to IDLE.

-- Devin
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Torrie]

On 01/17/2015 11:47 AM, Michael Ströder wrote:
 sudo makes administrators careless, lazy and it is not simple at all.
 
 Admins must have separate accounts with separate credentials for
 administrative work and must be careful when using an administrative account.

Right.  This is not a bad idea in a large organization.

In any case, Sudo is more auditable than su in my opinion, but more
importantly, it's much easier to revoke.  With su, if I fire an admin, I
have to change root passwords on every machine, and redistribute the new
password to every admin that needs it.  With sudo, I might still change
the root password, but I'll lock the root password up in a safe box
somewhere, and life goes on for everyone else.  In fact with root
disabled entirely, the whole root password needing to be changed when a
person leaves the company is completely eliminated.  sudo allows us
(especially with the idea about separate admin credentials) to have
multiple, controllable, auditable, root passwords in effect.  Surely the
benefit of this can be seen.

Another good alternative to sudo is ksu, which is a kerberized su.  This
also provides an excellent audit trail, and is easy to revoke.  This may
be more to Mr. van der Horst's liking, as normally ksu is configured to
accept only principals with a /admin suffix (arbitrarily chosen). So
admins would have their normal principal, and their admin principal.
It's a pretty slick system if you have Kerberos up and running.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Steven D'Aprano]

Albert van der Horst wrote:

 In article h9gqob-c3e@esprimo.zbmc.eu,  c...@isbd.net wrote:
Michael Torrie torr...@gmail.com wrote:
 On 01/17/2015 07:51 AM, Albert van der Horst wrote:
  In article mailman.17471.1420721626.18130.python-l...@python.org,
  Chris Angelico  ros...@gmail.com wrote:
  SNIP
 
  But sure. If you want to cut out complication, dispense with user
  accounts altogether and run everything as root. That's WAY simpler!
 
  I didn't except this strawman argument from you.
  Of course you need a distinction between doing system things as
  root, and working as a normal user. You just don't need sudo.

 I just don't see the distinction.  What's the difference between having
 to type in a root password and having to type in your own administrative
 user password?  Guess we're all just struggling to understand your logic
 here.

One big distinction is that you need to know two passwords to get root
access if there's a real root account as opposed to using sudo.  This
only applies of course if direct root login isn't allowed (via ssh or
whatever).
 
 The other is that if a dozen users have sudo possibility, one compromised
 password compromises the whole system. The same administrators that like
 sudo will force the users into a safe password of at least 8 characters
 a special sign a number and a capital, instead of educating them to
 use a strong password like the_horse_eats_yellow_stones. 1]

Sigh. I like XKCD, I really do, but anyone who thinks that brute force
attacks cannot simply replace words for characters is deluding themselves.

Consider a password like mg93H$8s. Each character is taken from an
alphabet of lowercase and uppercase letters plus digits, plus 32
punctuation characters and other symbols available on a US keyboard. There
are 26+26+10+32 = 94 different letters in this alphabet. If your password
is ten characters long, there is a potential pool of 94**10 available
passwords. Let's say we strip out 90% of them for being too easy to guess
(say, eight As in a row, or it happens to contain your username). That
still leaves us with:

94**10//10 = 5386151140948997017

potential passwords.

Now consider the XKCD scheme. You pick four words from a dictionary and
concatenate them. On my system, /usr/share/dict/words has a little less
than 500,000 words. The problem is, most of them are not really memorable,
and many of them are very low entropy. Here's a selection from the first
few starting with A:

A  A.  a  a'  a-  a.  A-1  A1  a1  A4  A5  AA  aa
A.A.A.  AAA  aaa  

So in practice people are going to choose words from a much, much smaller
selection. I estimate that most people are going to choose words from a
pool of about 10,000 words or so, but let's imagine that you have four
times the vocabulary (or imagination) of the average person and pick from a
pool of 40,000 words, specially crafted to avoid low-entropy selections
such as AAA A4 aa a. That gives:

4**4 = 256

potential passwords, half that of the conventional scheme. And if people
have biases in the words they pick -- and you better believe they will --
that will be reduced even further. Password crackers will take advantage of
the fact that most XKCD-style passwords will include at least one of the
most common thousand or so words, reducing the search space significantly.

I believe that the state of the art of password cracking is such now that
people cannot realistically expect to remember sufficiently strong
passwords for all the things they need passwords for. I believe that the
only good solution is to have one strong passphrase that you use to protect
a password manager, which in turn uses long (12 character or more),
completely random passwords.

Even that doesn't protect you, because your security is controlled by
websites and banks etc. with stupid security policies. E.g. I am forced to
deal with one bank that uses a cryptographic key to sign in to their bank,
but your passphrase is limited to exactly eight characters. Another bank I
use limits you to SIX characters, taken from case-insensitive(!) letters,
digits, and a small set of punctuation.

At least they do enforce rate limiting on account logins: three wrong login
attempts and they lock your account and force you to go to a branch in
person to recover it. (Can you say Denial Of Service Attack? I can.)



 Compare that to
 Dear administrator, I've to do this. Can I have the root password.
 Sure here it is Looks over users shoulder. Are you ready?
 Make sure he's logged out. Uses random generator for a new password.

That is a ridiculously impractical system for anything other than a home
system.

Problems include:

- You have a single point of failure, the one administrator who controls
access to the root password. The day he stays home with his phone switched
off to play WOW is the day the mail server dies and you need root to fix
it. The Bus Factor (what do you do when the administrator gets hit by a
bus?) is critical.

- 

Re: Hello World

[Steven D'Aprano]

Roy Smith wrote:

 In article 54bb1c83$0$12979$c3e8da3$54964...@news.astraweb.com,
  Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:
 
 Even that doesn't protect you, because your security is controlled by
 websites and banks etc. with stupid security policies. E.g. I am forced
 to deal with one bank that uses a cryptographic key to sign in to their
 bank, but your passphrase is limited to exactly eight characters. Another
 bank I use limits you to SIX characters, taken from case-insensitive(!)
 letters, digits, and a small set of punctuation.
 
 Tell me about it.  I have an E-Trade ATM card.  When I first got it, I
 set it up with a 6 digit PIN.  I was shocked to discover some time later
 that it actually only looks at the first 4 digits.  And, no, I'm not
 talking *characters*, I'm talking *digits*.  There are 10**4 possible
 PINs.  The mind boggles.
 
 On the other hand, E-Trade gave me an RSA key fob so I use two-factor
 authentication on their web site.

You know that two-factor authentication doesn't offer any real security
against Man In The Middle attacks? Scenario:

* You log in to the bank, and transfer $1 to me.
* Evil haxor intercepts the transfer between your PC and the Internet,
  changing it to a request to transfer ONE MILLION DOLLARS to evil 
  haxor's account.
* Bank receives the request and sends you a token.
* You receive the token and approve the transfer.
* Evil haxor makes the money disappear.
* When you complain to the bank that your account is ONE MILLION DOLLARS
  overdrawn, they insist that you authorized the transfer so their 
  liability is limited to exactly Sweet FA.

(I am very cynical about most of the security features the banks are
pushing for, since in my opinion they are more about giving the banks
plausible deniablity so they can push responsibility for security breaches
onto the customer.)


As soon as I heard that banks were turning to two-factor authentication I
predicted that attackers would trivially move to man-in-the-middle and
man-in-the-browser attacks to get around them. And sure enough, as long ago
as 2006 that's exactly what happened:

http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html

More here:

https://www.schneier.com/blog/archives/2012/09/man-in-the-midd_5.html

(read the comments for more examples)

All of the MITM attacks I know of involve social engineering attacks, but if
and when customers get too sophisticated to fall for phishing attacks[1],
the bad guys will move to scenarios like the one I described, where they
hijack your own legitimate transactions.




[1] Try not to laugh. It could happen.

-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Sun, Jan 18, 2015 at 2:50 PM, Tim Chase
python.l...@tim.thechases.com wrote:
 You think that's bad, one million Google Authenticator 2-factor
 verification codes were leaked:

 https://twitter.com/paulmutton/status/509991378647277568

 Those hackers are a wily bunch.  ;-)

http://torrent-city.net/download/Li/List-of-ALL-ip-addresses-[hacking-tool]-[source-code-included].5185923.html

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Sun, Jan 18, 2015 at 10:46 AM, Steven D'Aprano
steve+comp.lang.pyt...@pearwood.info wrote:
 The merely poor reason given by the more thoughtful sys admins is, if the
 password hashes get stolen, the hacker has a maximum of N days (and
 possibly less) to crack the hashes and recover the passwords before they
 get changed. That's okay as far as it goes, but it's the wrong solution for
 the problem.

Related to that is another reason I've heard: if your password is
figured out by some means other than hash theft [1], there's a maximum
of N days to make use of it. But let's face it, if someone gets hold
of one of your accounts, it won't take long to do serious damage. Even
if it's not a high-profile target like email or banking, a service
with your password known by someone else is a problem *now*, not
after a month of research or something.

Password maximum age is the wrong solution to a few problems, and is
itself a problem. Don't do it.

ChrisA

[1] eg http://xkcd.com/792/
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Tim Chase]

On 2015-01-17 22:18, Roy Smith wrote:
 Tell me about it.  I have an E-Trade ATM card.  When I first got
 it, I set it up with a 6 digit PIN.  I was shocked to discover some
 time later that it actually only looks at the first 4 digits.  And,
 no, I'm not talking *characters*, I'm talking *digits*.  There are
 10**4 possible PINs.  The mind boggles.

You think that's bad, one million Google Authenticator 2-factor
verification codes were leaked:

https://twitter.com/paulmutton/status/509991378647277568

Those hackers are a wily bunch.  ;-)


-tkc




-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Roy Smith]

In article 54bb1c83$0$12979$c3e8da3$54964...@news.astraweb.com,
 Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:

 Even that doesn't protect you, because your security is controlled by
 websites and banks etc. with stupid security policies. E.g. I am forced to
 deal with one bank that uses a cryptographic key to sign in to their bank,
 but your passphrase is limited to exactly eight characters. Another bank I
 use limits you to SIX characters, taken from case-insensitive(!) letters,
 digits, and a small set of punctuation.

Tell me about it.  I have an E-Trade ATM card.  When I first got it, I 
set it up with a 6 digit PIN.  I was shocked to discover some time later 
that it actually only looks at the first 4 digits.  And, no, I'm not 
talking *characters*, I'm talking *digits*.  There are 10**4 possible 
PINs.  The mind boggles.

On the other hand, E-Trade gave me an RSA key fob so I use two-factor 
authentication on their web site.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Sun, Jan 18, 2015 at 2:45 PM, Steven D'Aprano
steve+comp.lang.pyt...@pearwood.info wrote:
 (I am very cynical about most of the security features the banks are
 pushing for, since in my opinion they are more about giving the banks
 plausible deniablity so they can push responsibility for security breaches
 onto the customer.)

Definitely they are. Banks don't care about customers, they care about profits.

James Hacker: I see, it's just profits, isn't it, Sir Desmond?
Sir Desmond: It's not just profits - it's profits!
-- Yes Minister


ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Albert van der Horst]

In article mailman.17077.1419144290.18130.python-l...@python.org,
Chris Angelico  ros...@gmail.com wrote:
On Sun, Dec 21, 2014 at 5:31 PM, Terry Reedy tjre...@udel.edu wrote:
 Just to be clear, writing to sys.stdout works fine in Idle.
 import sys; sys.stdout.write('hello ')
 hello  #2.7

 In 3.4, the number of chars? bytes? is returned and written also.

 Whether you mean something different by 'stdout' or not, I am not sure.  The
 error is from writing to a non-existent file descriptor.

That's because sys.stdout is replaced. But stdout itself, file
descriptor 1, is not available:

 os.fdopen(1,w).write(Hello, world\n)
Traceback (most recent call last):
  File pyshell#4, line 1, in module
os.fdopen(1,w).write(Hello, world\n)
OSError: [Errno 9] Bad file descriptor

I don't trust sudo because it is too complicated.
(To the point that I removed it from my machine.)
I do
su
..
#
su nobody

Who needs sudo?

It's like instead of telling a 4-year old to stay on the
side walk, learning him to read and then give him a 8-page
brochure about safety in traffic.



This works fine in command-line Python, just not in IDLE. It's not
Windows vs Unix, it's Idle vs terminal.

ChrisA

Groetjes Albert
-- 
Albert van der Horst, UTRECHT,THE NETHERLANDS
Economic growth -- being exponential -- ultimately falters.
albert@spearc.xs4all.nl =n http://home.hccnet.nl/a.w.m.van.der.horst

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Thu, Jan 8, 2015 at 11:43 PM, Albert van der Horst
alb...@spenarnc.xs4all.nl wrote:
 I don't trust sudo because it is too complicated.
 (To the point that I removed it from my machine.)
 I do
 su
 ..
 #
 su nobody

 Who needs sudo?

With sudo, you get MUCH finer control. I can grant some user the power
to run sudo eject sr0, but no other commands. I can permit someone
to execute any of a large number of commands, all individually logged.
I can allow sudo to other users than root, without having to reveal
those accounts' passwords (chances are they don't even have
passwords).

But sure. If you want to cut out complication, dispense with user
accounts altogether and run everything as root. That's WAY simpler!

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Albert van der Horst]

In article mailman.17471.1420721626.18130.python-l...@python.org,
Chris Angelico  ros...@gmail.com wrote:
On Thu, Jan 8, 2015 at 11:43 PM, Albert van der Horst
alb...@spenarnc.xs4all.nl wrote:
 I don't trust sudo because it is too complicated.
 (To the point that I removed it from my machine.)
 I do
 su
 ..
 #
 su nobody

 Who needs sudo?

With sudo, you get MUCH finer control. I can grant some user the power
to run sudo eject sr0, but no other commands. I can permit someone
to execute any of a large number of commands, all individually logged.
I can allow sudo to other users than root, without having to reveal
those accounts' passwords (chances are they don't even have
passwords).

You've answered   it. sudo works for a system with a very
knowledgeable system administrator and at least one other user.
Not for an electronic engineer who uses Python on his Raspberry Pi.


But sure. If you want to cut out complication, dispense with user
accounts altogether and run everything as root. That's WAY simpler!

I've no problem explaining to an electronic engineer not to do this,
while not offering him to do the system administration for him.
Having a separate account for system things is a useful distinction
that he can grasp and handle easily. Beyond that he is indeed inclined
to do everything as root, because what he wants is to make a turnkey to
feed his gold fish.

So a separate root account is the best protection for a single user
system. For quite a considerable part of the systems around,
sudo is over the top and stimulates no protection at all, i.e.
what I'd call counter productive.

I can save a 4-years olds life by imprinting on him to
stay on the side walk.


ChrisA

Groetjes Albert
-- 
Albert van der Horst, UTRECHT,THE NETHERLANDS
Economic growth -- being exponential -- ultimately falters.
albert@spearc.xs4all.nl =n http://home.hccnet.nl/a.w.m.van.der.horst

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

Chris Angelico ros...@gmail.com:

 With sudo, you get MUCH finer control. I can grant some user the power
 to run sudo eject sr0, but no other commands. I can permit someone
 to execute any of a large number of commands, all individually logged.

I can't remember ever having a need for that. I sometimes use sudo but
most times su is the way.

 I can allow sudo to other users than root, without having to reveal
 those accounts' passwords (chances are they don't even have
 passwords).

An administrator doesn't need the users' passwords for anything but
should be assumed to know them.

 But sure. If you want to cut out complication, dispense with user
 accounts altogether and run everything as root. That's WAY simpler!

In the era of personal computers, the main advantage of the root account
is that you can breathe more easily as an ordinary user, as the
potential for accidental damage is lower.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Torrie]

On 01/08/2015 10:02 AM, Steve Hayes wrote:
 On 08 Jan 2015 12:43:33 GMT, alb...@spenarnc.xs4all.nl (Albert van der Horst)
 wrote:
 
 I don't trust sudo because it is too complicated.
 (To the point that I removed it from my machine.)
 I do
 
 How do you do that?
 
 I avoided Ubuntu because it had sudo, and then discovered that Fedora had it
 as well. 

Of all the distro choosing criteria, this has to be one of the more
bizarre ones I've heard.  You could at least choose something
fashionable to avoid, like systemd.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

alister alister.nospam.w...@ntlworld.com:

 On Thu, 08 Jan 2015 16:06:16 +0200, Marko Rauhamaa wrote:
 An administrator doesn't need the users' passwords for anything but
 should be assumed to know them.

 The administrator may be able to change them but he should NEVER know 
 them (or need to)!

When you are under an administrator's dominion, *you* must assume the
they know your password.

(Somewhat in the same vein, if you are running a virtual machine, *you*
must assume the owner of the host computer has root access to your
virtual machine. By extension, *you* must assume the government
officials of the physical jurisdiction of the host computer have root
access to your virtual machine.)


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[alister]

On Thu, 08 Jan 2015 16:31:22 +0200, Marko Rauhamaa wrote:

 alister alister.nospam.w...@ntlworld.com:
 
 On Thu, 08 Jan 2015 16:06:16 +0200, Marko Rauhamaa wrote:
 An administrator doesn't need the users' passwords for anything but
 should be assumed to know them.

 The administrator may be able to change them but he should NEVER know
 them (or need to)!
 
 When you are under an administrator's dominion, *you* must assume the
 they know your password.
 
 (Somewhat in the same vein, if you are running a virtual machine, *you*
 must assume the owner of the host computer has root access to your
 virtual machine. By extension, *you* must assume the government
 officials of the physical jurisdiction of the host computer have root
 access to your virtual machine.)
 
 
 Marko
I will agree with you there. The administrator 'should' never know your 
password but as a user you should never believe that password security 
has been correctly implemented (just ask Sony :-) )



-- 
The subspace _W inherits the other 8 properties of _V. And there 
aren't
even any property taxes.
-- J. MacKay, Mathematics 134b
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Michael Ströder]

Chris Angelico wrote:
 With sudo, you get MUCH finer control.

But it's very hard, almost impossible, to really implement fine-grained
control with sudo. Too many programs provide shell exits.

Well, it's off-topic here.
How about taking this to news:comp.security.unix ?

Ciao, Michael.

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[alister]

On Thu, 08 Jan 2015 16:06:16 +0200, Marko Rauhamaa wrote:

 Chris Angelico ros...@gmail.com:
 
 With sudo, you get MUCH finer control. I can grant some user the power
 to run sudo eject sr0, but no other commands. I can permit someone to
 execute any of a large number of commands, all individually logged.
 
 I can't remember ever having a need for that. I sometimes use sudo but
 most times su is the way.
 
 I can allow sudo to other users than root, without having to reveal
 those accounts' passwords (chances are they don't even have passwords).
 
 An administrator doesn't need the users' passwords for anything but
 should be assumed to know them.

The administrator may be able to change them but he should NEVER know 
them (or need to)!
 
 But sure. If you want to cut out complication, dispense with user
 accounts altogether and run everything as root. That's WAY simpler!
 
 In the era of personal computers, the main advantage of the root account
 is that you can breathe more easily as an ordinary user, as the
 potential for accidental damage is lower.
 
 
 Marko





-- 
Davis' Law of Traffic Density:
The density of rush-hour traffic is directly proportional to
1.5 times the amount of extra time you allow to arrive on time.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Steve Hayes]

On 08 Jan 2015 12:43:33 GMT, alb...@spenarnc.xs4all.nl (Albert van der Horst)
wrote:

I don't trust sudo because it is too complicated.
(To the point that I removed it from my machine.)
I do

How do you do that?

I avoided Ubuntu because it had sudo, and then discovered that Fedora had it
as well. 


-- 
Steve Hayes from Tshwane, South Africa
Web:  http://www.khanya.org.za/stevesig.htm
Blog: http://khanya.wordpress.com
E-mail - see web page, or parse: shayes at dunelm full stop org full stop uk
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Fri, Jan 9, 2015 at 4:02 AM, Steve Hayes hayes...@telkomsa.net wrote:
 On 08 Jan 2015 12:43:33 GMT, alb...@spenarnc.xs4all.nl (Albert van der Horst)
 wrote:

I don't trust sudo because it is too complicated.
(To the point that I removed it from my machine.)
I do

 How do you do that?

 I avoided Ubuntu because it had sudo, and then discovered that Fedora had it
 as well.

Uhh, 'apt-get remove sudo'? That ought to work on any Debian-based
system. With Debian itself, you get the option during installation of
setting a root password, in which case it won't install sudo by
default.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Grant Edwards]

On 2015-01-08, Michael Torrie torr...@gmail.com wrote:
 On 01/08/2015 10:02 AM, Steve Hayes wrote:
 On 08 Jan 2015 12:43:33 GMT, alb...@spenarnc.xs4all.nl (Albert van der Horst)
 wrote:
 
 I don't trust sudo because it is too complicated. (To the point that
 I removed it from my machine.) I do
 
 How do you do that?
 
 I avoided Ubuntu because it had sudo, and then discovered that Fedora
 had it as well. 

 Of all the distro choosing criteria, this has to be one of the more
 bizarre ones I've heard.

That's what I thought.  Especially since it's trivial to remove sudo.

Some system admin stuff on *buntu may require some extra thought since
the standard pointy-clicky recipes might not work exactly as described
in various fora, but anybody worried about security to the extent that
they refuse to use sudo probably shouldn't be using pointy-clicky
admin tools to start with.

 You could at least choose something fashionable to avoid, like
 systemd.

Or whatever the desktop du jour is for distro-to-be-avoided.

-- 
Grant Edwards   grant.b.edwardsYow! Didn't I buy a 1951
  at   Packard from you last March
  gmail.comin Cairo?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[alister]

On Fri, 26 Dec 2014 15:13:25 +1100, Steven D'Aprano wrote:

 
 Deep in the brain, well underneath the level of modern languages and
 consciousness, there is a deeper machine language of the brain. If you
 can write instructions in this machine language, you can control
 people's brains. Back in the distant past, the Sumerians learned how to
 do this via spoken language, but few people speak Sumerian any more,
 hence there are two versions of Snow Crash: one is a drug plus virus.
 The drug is to encourage people to inject themselves, which then allows
 the virus to get into their brain. The other is an animated bitmap,
 which contains machine code for the human brain, and is injected via
 the optic nerve (i.e. when a hacker sees it).

is this why web designers are now embeding QR codes in web pages?



-- 
Playing an unamplified electric guitar is like strumming on a picnic 
table.
-- Dave Barry, The Snake
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[alex23]

On 24/12/2014 2:20 AM, Grant Edwards wrote:

And even _with_ all the technical jibber-jabber, none of it explained
or justified the whole writing a virus to infect the brain through
the optic nerve thing which might just have well been magick and
witches.


While I love SNOW CRASH, I do think it'd fundamentally flawed. The worst 
for me is that in a fictional universe with a VR system capable of 
displaying anything, the crux of the book revolves around a couple of 
characters having a long, long discussion about Sumerian history.


A: blah blah blah blah blah Sumeria
B: And then what?
A: blah blah blah blah
B: etc

It's been at least a decade since I read it, but wasn't that also the 
explanation for how the virus worked?



--
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[alex23]

On 24/12/2014 9:50 PM, alister wrote:

what feels like 3 or 4 chapters in  it is still trying to set the scene,
an exercise in stylish writing with very little content so far.
even early scifi written for magazines on a per word basis were not this
excessive (because if they were they would probably have been rejected or
seriously edited).


My personal theory is that Stephenson polishes and polishes the first 
few chapters until the whole creative process really engages - the first 
chapter is especially overwritten - and then tears through the novel in 
an increasingly unrefined way, until it arrives at its anticlimactic 
conclusion. He was notorious for a while for not providing satisfying 
endings to his books.



Hopefully it will finally settle down  amend my current impression.


SNOW CRASH doesn't, I'm afraid, but Stephenson himself does as a writer. 
CRYPTONOMICON is a great geek read. ANATHEM is a fantastic piece of SF 
(possibly my favourite of his) THE SYSTEM OF THE WORLD is an amazing 
accomplishment and really shows that modern infotech didn't spring out 
of nothing like Venus from the foam.


--
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[Steven D'Aprano]

alex23 wrote:

 On 24/12/2014 2:20 AM, Grant Edwards wrote:
 And even _with_ all the technical jibber-jabber, none of it explained
 or justified the whole writing a virus to infect the brain through
 the optic nerve thing which might just have well been magick and
 witches.
 
 While I love SNOW CRASH, I do think it'd fundamentally flawed. The worst
 for me is that in a fictional universe with a VR system capable of
 displaying anything, the crux of the book revolves around a couple of
 characters having a long, long discussion about Sumerian history.
 
 A: blah blah blah blah blah Sumeria
 B: And then what?
 A: blah blah blah blah
 B: etc


Keep in mind the limitations of the media. The novel is written word, so
there are only a limited number of ways of getting background information
to the reader. In this case, having one character (an AI) tell another
character (the protagonist) what he needs to know is arguably the
least-worst way.

The many pages of info-dumping is one of the lesser parts of the book. I
wonder what Stephenson's motive for writing it as dialog was, because in
other parts of the book he demonstrated great skill in imparting background
information to the reader without dry info-dumps (e.g. the Rat Things).

At least it is information that is *not* common knowledge in-universe. Old
pulp SF used to be filled with cheesy dialog like this:

   Attractive but stupid female: Professor, I know you've told me 
   before, but how does the microwave oven work again?
   Avuncular male authority figure: Well my dear, as you know all
   foods contain water molecules. The oven uses radio-frequency
   subatomic radiation, know as 'microwaves', specially tuned to
   excite the oxygen-to-hydrogen molecular bonds in water 
   molecules. As you know, heat is just the action of excited 
   molecular bonds, so this has the effect of beaming heat 
   energy deep into the food so that it cooks from the inside
   out without burning.

and then the microwave oven is not used for anything more exciting than
making a cup of tea for the rest of the book.

In the case of Snow Crash, I think we need to keep in mind when it was
written. In 1990, the idea that you might *carry on a conversation* with
your computer still seemed (1) plausible to SF readers, who expected strong
AI and robots with Asimov's Three Laws to be just around the corner, and
(2) the widespread public Internet, or even use of computers, was still
pretty rare. The idea that you could only get information out of a computer
by typing, or pointing, would have struck readers in 1994 as terribly
unrealistic. The other interface, the holographic interface so beloved of
recent SF television and movies where you push screens around in space,
hadn't been invented yet, and isn't terribly good for getting information
to the reader since they can't actually see what is on the screen.


 It's been at least a decade since I read it, but wasn't that also the
 explanation for how the virus worked?

Deep in the brain, well underneath the level of modern languages and
consciousness, there is a deeper machine language of the brain. If you
can write instructions in this machine language, you can control people's
brains. Back in the distant past, the Sumerians learned how to do this via
spoken language, but few people speak Sumerian any more, hence there are
two versions of Snow Crash: one is a drug plus virus. The drug is to
encourage people to inject themselves, which then allows the virus to get
into their brain. The other is an animated bitmap, which contains machine
code for the human brain, and is injected via the optic nerve (i.e. when a
hacker sees it).






-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[alister]

On Tue, 23 Dec 2014 16:20:10 +, Grant Edwards wrote:

 On 2014-12-23, Steven D'Aprano steve+comp.lang.pyt...@pearwood.info
 wrote:
 Chris Angelico wrote:

 On Tue, Dec 23, 2014 at 12:15 AM, Roy Smith r...@panix.com wrote:
 If I really didn't trust something, I'd go to AWS and spin up one of
 their free-tier micro instances and run it there :-)
 
 How do you know it won't create console output that stroboscopically
 infects you with a virus through your eyes? Because that's *totally*
 what would be done in the town of Eureka.

 Anybody in IT who hasn't read Neal Stephenson's Snow Crash needs to
 hand in their Geek Card immediately.
 
 I tried, but I got so tired of the author doing stuff like pointing out
 that there were 65536 of something or other (and that it's a power of
 TWO, kids!) that I gave up.  The annoying thing was that there was no
 real technical reason why the quantity _needed_ to be a power of two. 
 Too many of the technical details that you got constantly beat over the
 head with were
 
   1) not even remotely relevent to the story
 
   2) mostly an effort by the author to demonstrate that he had a
  junior-high level understanding of a 68K based Macintosh and knew
  lots of cool grown up tech-sounding words -- and even if had only a
  vague idea of what they meant, he could still impress the other
  13-year olds.
 
   3) just plain wrong
 
 And even _with_ all the technical jibber-jabber, none of it explained or
 justified the whole writing a virus to infect the brain through the
 optic nerve thing which might just have well been magick and witches.

I am reading it now thanks to this list  I currently agree that it is 
quite annoying

what feels like 3 or 4 chapters in  it is still trying to set the scene, 
an exercise in stylish writing with very little content so far.
even early scifi written for magazines on a per word basis were not this 
excessive (because if they were they would probably have been rejected or 
seriously edited).

Hopefully it will finally settle down  amend my current impression.



-- 
Guns don't kill people.  It's those damn bullets.  Guns just make them go
really really fast.
-- Jake Johanson
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[Grant Edwards]

On 2014-12-23, Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:
 Chris Angelico wrote:

 On Tue, Dec 23, 2014 at 12:15 AM, Roy Smith r...@panix.com wrote:
 If I really didn't trust something, I'd go to AWS and spin up one of
 their free-tier micro instances and run it there :-)
 
 How do you know it won't create console output that stroboscopically
 infects you with a virus through your eyes? Because that's *totally*
 what would be done in the town of Eureka.

 Anybody in IT who hasn't read Neal Stephenson's Snow Crash needs to hand
 in their Geek Card immediately.

I tried, but I got so tired of the author doing stuff like pointing
out that there were 65536 of something or other (and that it's a power
of TWO, kids!) that I gave up.  The annoying thing was that there was
no real technical reason why the quantity _needed_ to be a power of
two.  Too many of the technical details that you got constantly beat
over the head with were 

  1) not even remotely relevent to the story

  2) mostly an effort by the author to demonstrate that he had a
 junior-high level understanding of a 68K based Macintosh and knew
 lots of cool grown up tech-sounding words -- and even if had only
 a vague idea of what they meant, he could still impress the other
 13-year olds.

  3) just plain wrong

And even _with_ all the technical jibber-jabber, none of it explained
or justified the whole writing a virus to infect the brain through
the optic nerve thing which might just have well been magick and
witches.
  
-- 
Grant

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[Rustom Mody]

On Tuesday, December 23, 2014 9:50:22 PM UTC+5:30, Grant Edwards wrote:
 
 And even _with_ all the technical jibber-jabber, none of it explained
 or justified the whole writing a virus to infect the brain through
 the optic nerve thing which might just have well been magick and
 witches.

You find that far-fetched?
I would have thought it commoner than common-cold -- basis for the trillion 
dollar
industry called advertising
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[Steven D'Aprano]

Rustom Mody wrote:

 On Tuesday, December 23, 2014 9:50:22 PM UTC+5:30, Grant Edwards wrote:
 
 And even _with_ all the technical jibber-jabber, none of it explained
 or justified the whole writing a virus to infect the brain through
 the optic nerve thing which might just have well been magick and
 witches.
 
 You find that far-fetched?
 I would have thought it commoner than common-cold -- basis for the
 trillion dollar industry called advertising


[controversial and perhaps annoying]

To say nothing of religion, both the supernatural/mystical kind and the my
editor/programming language/brand of car/gaming console/etc is better than
yours kind... 



-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: OFF TOPIC Snow Crash [was Re: Hello World]

[Steven D'Aprano]

Grant Edwards wrote:

 On 2014-12-23, Steven D'Aprano steve+comp.lang.pyt...@pearwood.info
 wrote:
 Chris Angelico wrote:

 On Tue, Dec 23, 2014 at 12:15 AM, Roy Smith r...@panix.com wrote:
 If I really didn't trust something, I'd go to AWS and spin up one of
 their free-tier micro instances and run it there :-)
 
 How do you know it won't create console output that stroboscopically
 infects you with a virus through your eyes? Because that's *totally*
 what would be done in the town of Eureka.

 Anybody in IT who hasn't read Neal Stephenson's Snow Crash needs to
 hand in their Geek Card immediately.
 
 I tried, but I got so tired of the author doing stuff like pointing
 out that there were 65536 of something or other (and that it's a power
 of TWO, kids!) that I gave up.  The annoying thing was that there was
 no real technical reason why the quantity _needed_ to be a power of
 two.


Neal Stephenson's technical chops, and his limits, are well established. He
is a writer first and foremost and it is quite obvious that he's often
showing off his technical knowledge even when it's not strictly relevant.

Remember to that Snow Crash became a cult classic among hackers, but it was
written for a science fiction and cyberpunk audience. To them, 2^16 is a
strange and exotic concept: 1, or 5, or 10 would be a round
number, not 65536.


 And even _with_ all the technical jibber-jabber, none of it explained
 or justified the whole writing a virus to infect the brain through
 the optic nerve thing which might just have well been magick and
 witches.  

Any sufficiently advanced technology.

I disagree. I think he did a good job of making such a thing seem plausible
without getting bogged down with inventing a detailed mechanism which could
only ever be wrong.

But then I was easily convinced, because I already knew of various related
facts and concepts which probably primed me to accept the concept of the
Snow Crash virus:

- Zombie ant fungus and various other parasites which manipulate the 
  brains of organisms, including human beings (Toxoplasmosis, syphillis
  and others).

- The optic nerve is technically not a nerve, but part of the brain, 
  and there are deep and subtle connections between it and the rest 
  of the brain, e.g. blind-sight.

- The theory of memes, or perhaps I should say the meme of memes, 
  since memetics has never been quite vigorous enough to count 
  as an actual theory.

- Super-stimuli.

- The human brain considered as an information processor.

- Julian Jaynes' book The Origin Of Consciousness In The Breakdown
  Of The Bicameral Mind, a hypothesis so wonderful that it needs to
  be true (alas, it's probably rubbish).


Personally, I don't believe that in this day and age of Java programming,
anyone could be programmed by looking at a black and white animated bitmap,
but back in the 1990s it was probably a bit more plausible that hackers
would spend their time learning to read machine code. But there's always
the chance that somebody will find a way a stimulus that crashes the human
brain and lets them run the arbitrary code of their choice...



-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

Chris Angelico ros...@gmail.com:

 Level 0: Why implement your own crypto?!?

Licensing concerns come to mind.

For example, the reference implementations of MD5 [RFC1321] and SHA1
[RFC3174] are not in the public domain.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Mon, Dec 22, 2014 at 7:52 PM, Marko Rauhamaa ma...@pacujo.net wrote:
 Chris Angelico ros...@gmail.com:

 Level 0: Why implement your own crypto?!?

 Licensing concerns come to mind.

 For example, the reference implementations of MD5 [RFC1321] and SHA1
 [RFC3174] are not in the public domain.

Which would you prefer? Something with licensing restrictions, or
something that's either outright buggy, completely insecure due to
something you didn't notice, or maybe has an unnoticed side-channel
attack that leaks your keys? While these can happen with well-known
libraries like libssl, they also get patched; when Heartbleed went
public, updates to the affected versions were available pretty
quickly, but if you had your own implementation, someone might be
leaking your keys without your knowledge and you have to fix it
yourself... if you ever notice.

But we're somewhat off topic now...

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Steven D'Aprano]

Steve Hayes wrote:

 Yes, my initial reaction was that's awesome.
 
 And my second thought was that it was scary.
 
 I ran it. It worked, and printed Hello world. I was awed.
 
 But what if I had run it and it reformatted my hard disk?
 
 How would I have known that it would or wouldn't do that?

That's why I didn't run it myself :-)

Seriously. I read the blog post, it seemed legitimate, I could follow the
explanation for how it worked well enough to be convinced it would work,
but I didn't try running it myself.

If I had, I would have made sure I was running as an unprivileged user, not
the superuser/Administrator account. Actually, since I care more about my
personal files than the operating system, I'd prefer to *not* use my normal
account. This being Linux, I can run suspicious code as the nobody user:

[steve@ando ~]$ sudo -u nobody python -c print 'Hello World'
Hello World


Running as nobody limits the harm a rogue script might do:

[steve@ando ~]$ sudo -u nobody python -c import os;
os.listdir('/home/steve')
Traceback (most recent call last):
  File string, line 1, in ?
OSError: [Errno 13] Permission denied: '/home/steve'


Ultimately, I'm trusting the security of my operating system.





-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

Steven D'Aprano steve+comp.lang.pyt...@pearwood.info:

 Steve Hayes wrote:
 But what if I had run it and it reformatted my hard disk?
 
 How would I have known that it would or wouldn't do that?

 That's why I didn't run it myself :-)

Well, I admit having run

   yum install python3

as root.

 Ultimately, I'm trusting the security of my operating system.

Ultimately, I'm trusting my luck.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Roy Smith]

In article 0udf9a1m3n02rt06a5ib58mvifm7sde...@4ax.com,
 Steve Hayes hayes...@telkomsa.net wrote:

 On Mon, 22 Dec 2014 09:51:02 +1100, Steven D'Aprano
 steve+comp.lang.pyt...@pearwood.info wrote:
 
 Tony the Tiger wrote:
 
  On Sat, 20 Dec 2014 23:57:08 +1100, Steven D'Aprano wrote:
  
  I am in total awe.
  
  I'm not. It has no real value. Write your code like that and you'll soon
  be looking for a new job.
 
 Awww, did da widdle puddy tat get up on the wrong side of the bed this
 morning? :-)
 
 
 Obviously you don't write obfuscated code like this for production use,
 except in such cases where you deliberately want to write obfuscated code
 for production use.
 
 Yes, my initial reaction was that's awesome.
 
 And my second thought was that it was scary.
 
 I ran it. It worked, and printed Hello world. I was awed.
 
 But what if I had run it and it reformatted my hard disk?
 
 How would I have known that it would or wouldn't do that?

How would you know any code you download from the net won't reformat 
your disk?  If I wanted to write something evil, I wouldn't write it to 
look obfuscated.  I'd write it to look like it did something useful.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Roy Smith]

In article 5497e1d5$0$12978$c3e8da3$54964...@news.astraweb.com,
 Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:

 Steve Hayes wrote:
 
  Yes, my initial reaction was that's awesome.
  
  And my second thought was that it was scary.
  
  I ran it. It worked, and printed Hello world. I was awed.
  
  But what if I had run it and it reformatted my hard disk?
  
  How would I have known that it would or wouldn't do that?
 
 That's why I didn't run it myself :-)
 
 Seriously. I read the blog post, it seemed legitimate, I could follow the
 explanation for how it worked well enough to be convinced it would work,
 but I didn't try running it myself.
 
 If I had, I would have made sure I was running as an unprivileged user, not
 the superuser/Administrator account. Actually, since I care more about my
 personal files than the operating system, I'd prefer to *not* use my normal
 account. This being Linux, I can run suspicious code as the nobody user:

If I really didn't trust something, I'd go to AWS and spin up one of 
their free-tier micro instances and run it there :-)
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Tue, Dec 23, 2014 at 12:15 AM, Roy Smith r...@panix.com wrote:
 If I really didn't trust something, I'd go to AWS and spin up one of
 their free-tier micro instances and run it there :-)

How do you know it won't create console output that stroboscopically
infects you with a virus through your eyes? Because that's *totally*
what would be done in the town of Eureka.

(I miss that show. Their technobabble was so mindbogglingly bad it
became rather funny.)

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

Roy Smith r...@panix.com:

 If I really didn't trust something, I'd go to AWS and spin up one of
 their free-tier micro instances and run it there :-)

Speaking of trust and AWS, Amazon admins—and by extension, the NSA—have
full access to the virtual machines. That needs to be taken into account
when running serious services on their facilities.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Roy Smith]

In article 87egrrrf2i@elektro.pacujo.net,
 Marko Rauhamaa ma...@pacujo.net wrote:

 Roy Smith r...@panix.com:
 
  If I really didn't trust something, I'd go to AWS and spin up one of
  their free-tier micro instances and run it there :-)
 
 Speaking of trust and AWS, Amazon admins—and by extension, the NSA—have
 full access to the virtual machines. That needs to be taken into account
 when running serious services on their facilities.
 
 
 Marko

Nobody who is really serious about security runs their stuff in any kind 
of shared infrastructure.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Steven D'Aprano]

Roy Smith wrote:

 If I wanted to write something evil, I wouldn't write it to
 look obfuscated.  I'd write it to look like it did something useful.

That's an order of magnitude harder than merely obfuscating code.

If you wanted to write something evil, better to just rely on the fact that
most people won't read the source code at all.

Don't try this at home!


# download_naked_pictures_of_jennifer_lawrence.py
import os
os.system(rm ――rf /)





-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Jussi Piitulainen]

Steven D'Aprano writes:

 Don't try this at home!
 
 # download_naked_pictures_of_jennifer_lawrence.py
 import os
 os.system(rm ――rf /)

Not sure what that character is (those characters are) but it's not
(they aren't) the hyphen that rm expects in its options, so:

   os.system(rm ――rf /)
  rm: cannot remove `――rf': No such file or directory
  rm: cannot remove `/': Is a directory
  256

:)
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Skip Montanaro]

On Mon, Dec 22, 2014 at 9:22 AM, Steven D'Aprano 
steve+comp.lang.pyt...@pearwood.info wrote:
 Don't try this at home!


 # download_naked_pictures_of_jennifer_lawrence.py
 import os
 os.system(rm ――rf /)

And because Steven *knows* some fool will try this at home, he cripples
the rm command. Now where's the fun in that? :-)

Skip
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Warrick]

On Mon, Dec 22, 2014 at 4:36 PM, Jussi Piitulainen
jpiit...@ling.helsinki.fi wrote:
 Steven D'Aprano writes:

 Don't try this at home!

 # download_naked_pictures_of_jennifer_lawrence.py
 import os
 os.system(rm ――rf /)

 Not sure what that character is (those characters are) but it's not
 (they aren't) the hyphen that rm expects in its options, so:

os.system(rm ――rf /)
   rm: cannot remove `――rf': No such file or directory
   rm: cannot remove `/': Is a directory
   256

Let‘s ask Python: (polyglot 2.6+/3.3+ code!)

from __future__ import print_function
import unicodedata
command = urm ――rf /
for i in command:
print(hex(ord(i)), unicodedata.name(i))

0x72 LATIN SMALL LETTER R
0x6d LATIN SMALL LETTER M
0x20 SPACE
0x2015 HORIZONTAL BAR
0x2015 HORIZONTAL BAR
0x72 LATIN SMALL LETTER R
0x66 LATIN SMALL LETTER F
0x20 SPACE
0x2f SOLIDUS

There’s your answer: it’s U+2015 HORIZONTAL BAR, twice.  And `rm`
wants U+002D HYPHEN-MINUS instead.

Moreover, it wants only one HYPHEN-MINUS and not two:

Linux:
$ rm --rf /
rm: unrecognized option '--rf'
Try 'rm --help' for more information.

BSD:
$ rm --rf /
rm: illegal option -- -
usage: rm [-f | -i] [-dIPRrvWx] file ...
   unlink file

That’s two-step “protection”.

(This e-mail brought to you by Unicode.)

-- 
Chris Warrick https://chriswarrick.com/
PGP: 5EAAEA16
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Grant Edwards]

On 2014-12-21, Tony the Tiger tony@tiger.invalid wrote:
 On Sat, 20 Dec 2014 23:57:08 +1100, Steven D'Aprano wrote:

 I am in total awe.

 I'm not. It has no real value. Write your code like that and you'll soon 
 be looking for a new job.

I think you'll find that people who know enough to write code like
that only do it for entertainment purposes.

-- 
Grant


-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Grant Edwards]

On 2014-12-21, Roy Smith r...@panix.com wrote:
 In article 54974ed7$0$12986$c3e8da3$54964...@news.astraweb.com,
  Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:

 Obviously you don't write obfuscated code like this for production use,
 except in such cases where you deliberately want to write obfuscated code
 for production use.

 Heh.  I once worked on a C++ project that included its own crypo code 
 (i.e. custom implementations of things like AES and SHA-1).

Damn.  Should I ever start to do something like that (for a real
product), I hereby officially request that somebody please try to slap
some sense into me.

-- 
Grant


-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Grant Edwards]

On 2014-12-22, Steve Hayes hayes...@telkomsa.net wrote:
 On Mon, 22 Dec 2014 09:51:02 +1100, Steven 
 D'Apranosteve+comp.lang.pyt...@pearwood.info wrote:

Obviously you don't write obfuscated code like this for production
use, except in such cases where you deliberately want to write
obfuscated code for production use.

 Yes, my initial reaction was that's awesome.

 And my second thought was that it was scary.

 I ran it. It worked, and printed Hello world. I was awed.

 But what if I had run it and it reformatted my hard disk?

 How would I have known that it would or wouldn't do that?

Well not running it as root would be start

-- 
Grant

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Steven D'Aprano]

Skip Montanaro wrote:

 On Mon, Dec 22, 2014 at 9:22 AM, Steven D'Aprano 
 steve+comp.lang.pyt...@pearwood.info wrote:
 Don't try this at home!


 # download_naked_pictures_of_jennifer_lawrence.py
 import os
 os.system(rm ――rf /)
 
 And because Steven *knows* some fool will try this at home, he cripples
 the rm command. Now where's the fun in that? :-)

Ah, I'm just a big softie :-)



-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Tue, Dec 23, 2014 at 3:23 AM, Grant Edwards invalid@invalid.invalid wrote:
 Heh.  I once worked on a C++ project that included its own crypo code
 (i.e. custom implementations of things like AES and SHA-1).

 Damn.  Should I ever start to do something like that (for a real
 product), I hereby officially request that somebody please try to slap
 some sense into me.

Likewise. And I'll happily do the slapping.

There's one exception. Writing your own crypto is a bad idea if that
means reimplementing AES... but if you want something that's effective
on completely different levels, sometimes it's best to write your own.
I had a project a while ago that needed some encryption work done, and
I implemented something that I described as scarily effective. My
boss demanded that the debug code-execution feature be protected by a
password that would be strong even if someone could read the source
code, so I put together something that would hash the incoming
password, then check to see if the first two and last two bytes of the
hash were all the same byte value as the current hour-of-week (ranging
from 0 to 167). This is clearly more secure than simply embedding a
SHA256 hash in the source code, because you can't possibly
reverse-engineer it (since you don't even have the full hash). And
yes, this was 100% effective in convincing my boss that the code
executor was safely guarded. Since that was the goal, having several
lines of complex and opaque code was far better than a single line
that says if 
hash(password)=='5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8':
do stuff, which is way too easy for someone to decode.

And it was, indeed, scarily effective. That lasted for a long time,
and any time there was a question about security, I could just point
to that and say See? Safe

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Mark Lawrence]

On 22/12/2014 15:39, Skip Montanaro wrote:


On Mon, Dec 22, 2014 at 9:22 AM, Steven D'Aprano
steve+comp.lang.pyt...@pearwood.info
mailto:steve%2bcomp.lang.pyt...@pearwood.info wrote:
  Don't try this at home!
 
 
  # download_naked_pictures_of_jennifer_lawrence.py
  import os
  os.system(rm ――rf /)

And because Steven *knows* some fool will try this at home, he
cripples the rm command. Now where's the fun in that? :-)

Skip



I don't see any fun anywhere in this at all.  How can one import and one 
os.system() call do any damage to anything?  I'm guessing that rm is Bob 
Martin but who is rf?  Shouldn't that be a backslash '\' on Windows?


--
My fellow Pythonistas, ask not what our language can do for you, ask
what you can do for our language.

Mark Lawrence

--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Mark Lawrence]

On 22/12/2014 16:23, Grant Edwards wrote:

On 2014-12-21, Roy Smith r...@panix.com wrote:

In article 54974ed7$0$12986$c3e8da3$54964...@news.astraweb.com,
  Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:


Obviously you don't write obfuscated code like this for production use,
except in such cases where you deliberately want to write obfuscated code
for production use.


Heh.  I once worked on a C++ project that included its own crypo code
(i.e. custom implementations of things like AES and SHA-1).


Damn.  Should I ever start to do something like that (for a real
product), I hereby officially request that somebody please try to slap
some sense into me.



I'm having wonderful thoughts of Michael Palin's favourite Python sketch 
which involved fish slapping.


--
My fellow Pythonistas, ask not what our language can do for you, ask
what you can do for our language.

Mark Lawrence

--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[MRAB]

On 2014-12-22 18:51, Mark Lawrence wrote:

On 22/12/2014 16:23, Grant Edwards wrote:

On 2014-12-21, Roy Smith r...@panix.com wrote:

In article 54974ed7$0$12986$c3e8da3$54964...@news.astraweb.com,
  Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:


Obviously you don't write obfuscated code like this for production use,
except in such cases where you deliberately want to write obfuscated code
for production use.


Heh.  I once worked on a C++ project that included its own crypo code
(i.e. custom implementations of things like AES and SHA-1).


Damn.  Should I ever start to do something like that (for a real
product), I hereby officially request that somebody please try to slap
some sense into me.



I'm having wonderful thoughts of Michael Palin's favourite Python sketch
which involved fish slapping.


Well, ChrisA _has_ mentioned Pike in this thread. :-)
--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[alister]

On Mon, 22 Dec 2014 16:18:33 +, Grant Edwards wrote:

 On 2014-12-21, Tony the Tiger tony@tiger.invalid wrote:
 On Sat, 20 Dec 2014 23:57:08 +1100, Steven D'Aprano wrote:

 I am in total awe.

 I'm not. It has no real value. Write your code like that and you'll
 soon be looking for a new job.
 
 I think you'll find that people who know enough to write code like that
 only do it for entertainment purposes.

Some of the articles on the daily wtf suggest otherwise



-- 
I'd rather have a free bottle in front of me than a prefrontal lobotomy.
-- Fred Allen

[Also attributed to S. Clay Wilson.  Ed.]
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Tim Chase]

On 2014-12-22 19:05, MRAB wrote:
 On 2014-12-22 18:51, Mark Lawrence wrote:
  I'm having wonderful thoughts of Michael Palin's favourite Python
  sketch which involved fish slapping.
 
 Well, ChrisA _has_ mentioned Pike in this thread. :-)

But you know he does it just for the halibut...

-tkc



-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Roy Smith]

In article mailman.17133.1419276169.18130.python-l...@python.org,
 Tim Chase python.l...@tim.thechases.com wrote:

 On 2014-12-22 19:05, MRAB wrote:
  On 2014-12-22 18:51, Mark Lawrence wrote:
   I'm having wonderful thoughts of Michael Palin's favourite Python
   sketch which involved fish slapping.
  
  Well, ChrisA _has_ mentioned Pike in this thread. :-)
 
 But you know he does it just for the halibut...
 
Are you guys fishing for complements?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Tue, Dec 23, 2014 at 11:55 AM, Roy Smith r...@panix.com wrote:
 In article mailman.17133.1419276169.18130.python-l...@python.org,
  Tim Chase python.l...@tim.thechases.com wrote:

 On 2014-12-22 19:05, MRAB wrote:
  On 2014-12-22 18:51, Mark Lawrence wrote:
   I'm having wonderful thoughts of Michael Palin's favourite Python
   sketch which involved fish slapping.
  
  Well, ChrisA _has_ mentioned Pike in this thread. :-)

 But you know he does it just for the halibut...

 Are you guys fishing for complements?

That has nothing to do with it, it's just a red herring!

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[sohcahtoa82]

On Monday, December 22, 2014 4:56:13 PM UTC-8, Roy Smith wrote:
 In article mailman.17133.1419276169.18130.python-l...@python.org,
  Tim Chase python.l...@tim.thechases.com wrote:
 
  On 2014-12-22 19:05, MRAB wrote:
   On 2014-12-22 18:51, Mark Lawrence wrote:
I'm having wonderful thoughts of Michael Palin's favourite Python
sketch which involved fish slapping.
   
   Well, ChrisA _has_ mentioned Pike in this thread. :-)
  
  But you know he does it just for the halibut...
  
 Are you guys fishing for complements?

I never thought I'd get cod in a pun thread outside of reddit.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[MRAB]

On 2014-12-23 01:03, sohcahto...@gmail.com wrote:

On Monday, December 22, 2014 4:56:13 PM UTC-8, Roy Smith wrote:

In article mailman.17133.1419276169.18130.python-l...@python.org,
 Tim Chase python.l...@tim.thechases.com wrote:

 On 2014-12-22 19:05, MRAB wrote:
  On 2014-12-22 18:51, Mark Lawrence wrote:
   I'm having wonderful thoughts of Michael Palin's favourite Python
   sketch which involved fish slapping.
  
  Well, ChrisA _has_ mentioned Pike in this thread. :-)

 But you know he does it just for the halibut...

Are you guys fishing for complements?


I never thought I'd get cod in a pun thread outside of reddit.


And a programming newsgroup isn't really the plaice for it anyway!
--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Tue, Dec 23, 2014 at 12:37 PM, MRAB pyt...@mrabarnett.plus.com wrote:
 And a programming newsgroup isn't really the plaice for it anyway!

And yet we do carp on a bit, don't we...

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

OFF TOPIC Snow Crash [was Re: Hello World]

[Steven D'Aprano]

Chris Angelico wrote:

 On Tue, Dec 23, 2014 at 12:15 AM, Roy Smith r...@panix.com wrote:
 If I really didn't trust something, I'd go to AWS and spin up one of
 their free-tier micro instances and run it there :-)
 
 How do you know it won't create console output that stroboscopically
 infects you with a virus through your eyes? Because that's *totally*
 what would be done in the town of Eureka.

Anybody in IT who hasn't read Neal Stephenson's Snow Crash needs to hand
in their Geek Card immediately.

Snow Crash is nearly 20 years old now but still as much of a ripping yarn
today as it was the year it was written. Under-achiever, freelance hacker
and part-time pizza delivery boy for the Mafia, Hiro Protagonist, discovers
that somebody has written a virus that hacks into computer programmers'
brains via their optic nerve.

This book has drama, adventure, humour, vast amounts of exposition that
might even be almost true, a murderous Inuit who is his own sovereign state
(a *nuclear armed* sovereign state at that), Rat Things, Sumerian myths,
Reverend Wayne's Pearly Gates franchise, one of the most spunky teenage
protagonists I've ever read, and pirates listening to Reason.



-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Mark Lawrence]

On 23/12/2014 01:39, Chris Angelico wrote:

On Tue, Dec 23, 2014 at 12:37 PM, MRAB pyt...@mrabarnett.plus.com wrote:

And a programming newsgroup isn't really the plaice for it anyway!


And yet we do carp on a bit, don't we...

ChrisA



Gordon Bennett what have I started?  You dangle a bit of bait and...

--
My fellow Pythonistas, ask not what our language can do for you, ask
what you can do for our language.

Mark Lawrence

--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Rustom Mody]

On Monday, December 22, 2014 3:04:52 PM UTC+5:30, Marko Rauhamaa wrote:
 Steven D'Aprano :
 
  Steve Hayes wrote:
  But what if I had run it and it reformatted my hard disk?
  
  How would I have known that it would or wouldn't do that?
 
  That's why I didn't run it myself :-)
 
 Well, I admit having run
 
yum install python3
 
 as root.
 
  Ultimately, I'm trusting the security of my operating system.
 
 Ultimately, I'm trusting my luck.
 

O thats nothing.

Ive eaten cookies. Given by strangers can contain narcotics you know!

Ive even walked on the road.  Mines? Youve heard of them right?!? People get
their legs blown off [shivers]

Only computers I dont use -- Just too dangerous.
If cars and bikes can have bombs -- why not a compueer?

Speaking of which you guys have been had by Steven.
That was not an innocent Hello World program.
All those who tried it Beware!
On the next Friday the 13th when you hear the wings of werewolves waffling 
inside your
disk drive... you know who is responsible
[Sound of eerie music]

==

Merry Christmas everyone!
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

CM cmpyt...@gmail.com:

 On Sunday, December 21, 2014 2:44:50 AM UTC-5, CM wrote:
 Hello, world!
 13

 Actually, there is no comma after Hello. 

Do you have a patch?


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Marko Rauhamaa]

Tony the Tiger tony@tiger.invalid:

 On Sat, 20 Dec 2014 23:57:08 +1100, Steven D'Aprano wrote:

 I am in total awe.

 I'm not. It has no real value.

It is, of course, a joke, and there are whole tongue-in-cheek languages
like Brainfuck. However, some similar exercises carry deep meaning.
Take, for example, iota and jot (URL:
http://semarch.linguistics.fas.nyu.edu/barker/Iota/).

 Write your code like that and you'll soon be looking for a new job.

Navigare necesse est, vivere non est necesse.


Marko
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Steven D'Aprano]

Tony the Tiger wrote:

 On Sat, 20 Dec 2014 23:57:08 +1100, Steven D'Aprano wrote:
 
 I am in total awe.
 
 I'm not. It has no real value. Write your code like that and you'll soon
 be looking for a new job.

Awww, did da widdle puddy tat get up on the wrong side of the bed this
morning? :-)


Obviously you don't write obfuscated code like this for production use,
except in such cases where you deliberately want to write obfuscated code
for production use.

Any beginner with 3 seconds experience with Python can write:

print Hello World


But being able to write obfuscated code to that degree displays real skill
and understanding of the language, and a great deal of patience and stick
with it-ness, all of which are valuable work skills.



-- 
Steven

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Roy Smith]

In article 54974ed7$0$12986$c3e8da3$54964...@news.astraweb.com,
 Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote:

 Obviously you don't write obfuscated code like this for production use,
 except in such cases where you deliberately want to write obfuscated code
 for production use.

Heh.  I once worked on a C++ project that included its own crypo code 
(i.e. custom implementations of things like AES and SHA-1).  The person 
who wrote some particular bit of the code had decided that deliberately 
obfuscating the function and variable names would somehow make it more 
secure, so that's what he did.

The mind boggles.  At so many levels.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Mon, Dec 22, 2014 at 10:50 AM, Roy Smith r...@panix.com wrote:
 Heh.  I once worked on a C++ project that included its own crypo code
 (i.e. custom implementations of things like AES and SHA-1).  The person
 who wrote some particular bit of the code had decided that deliberately
 obfuscating the function and variable names would somehow make it more
 secure, so that's what he did.

 The mind boggles.  At so many levels.

Level 0: Why implement your own crypto?!?

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Roy Smith]

In article mailman.17098.1419207020.18130.python-l...@python.org,
 Chris Angelico ros...@gmail.com wrote:

 On Mon, Dec 22, 2014 at 10:50 AM, Roy Smith r...@panix.com wrote:
  Heh.  I once worked on a C++ project that included its own crypo code
  (i.e. custom implementations of things like AES and SHA-1).  The person
  who wrote some particular bit of the code had decided that deliberately
  obfuscating the function and variable names would somehow make it more
  secure, so that's what he did.
 
  The mind boggles.  At so many levels.
 
 Level 0: Why implement your own crypto?!?
 
 ChrisA

That would be one of the levels.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[mm0fmf]

On 22/12/2014 00:10, Chris Angelico wrote:

Level 0: Why implement your own crypto?!?


Because people who don't understand the concepts behind cryptography 
don't understand that the crypto algorithm can be open whilst the 
results of applying the algorithm are secure.


There again I always use ROT-13 to encrypt my stuff. For the stuff that 
really has to be NSA-proof I use ROT-13 twice.


--
https://mail.python.org/mailman/listinfo/python-list

Re: Hello World

[Chris Angelico]

On Mon, Dec 22, 2014 at 11:12 AM, Roy Smith r...@panix.com wrote:
 In article mailman.17098.1419207020.18130.python-l...@python.org,
  Chris Angelico ros...@gmail.com wrote:

 On Mon, Dec 22, 2014 at 10:50 AM, Roy Smith r...@panix.com wrote:
  Heh.  I once worked on a C++ project that included its own crypo code
  (i.e. custom implementations of things like AES and SHA-1).  The person
  who wrote some particular bit of the code had decided that deliberately
  obfuscating the function and variable names would somehow make it more
  secure, so that's what he did.
 
  The mind boggles.  At so many levels.

 Level 0: Why implement your own crypto?!?

 ChrisA

 That would be one of the levels.

Good, I'm glad you agree on that one. I don't mind reimplementing some
other protocols (couple years ago now I built my own OAuth library
because the provided one was being terrible - no, this wasn't in
Python), especially the simple ones (SMTP or FTP - use a
library/module if available, but otherwise just establish a socket
connection and do whatever you need), and even complex protocols can
occasionally be worth reworking (Pike has its own PostgreSQL client,
rather than using libpq, and it gets some handy improvements in
concurrency), but crypto's one thing that it's *never* worth
rewriting.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list