This feels really useful to me to make some quick changes to a database -
perhaps a database layer could return an class of type Recordclass, and
then you just simply mutate it and shove it back into the database.
Pseudocode:
record = database.execute("SELECT * FROM mytable WHERE primary_key =
Rationale
=
- Separation of executable code and non-executable data is a good thing.
- Additional security in Python is a good idea.
- Python should support things like the NX bit to separate code and
non-executable data.
Discussion
==
How could Python implement support for the NX
On Mon, Sep 3, 2018 at 3:25 AM Jacco van Dorp wrote:
> This feels really useful to me to make some quick changes to a database -
> perhaps a database layer could return an class of type Recordclass, and
> then you just simply mutate it and shove it back into the database.
> Pseudocode:
>
>
On Mon, Sep 3, 2018 at 4:17 AM Chris Angelico wrote:
> On Mon, Sep 3, 2018 at 5:23 PM, Jacco van Dorp
> wrote:
> > This feels really useful to me to make some quick changes to a database -
> > perhaps a database layer could return an class of type Recordclass, and
> then
> > you just simply
On Mon, Sep 3, 2018 at 6:31 PM, Wes Turner wrote:
>
>
> On Mon, Sep 3, 2018 at 4:17 AM Chris Angelico wrote:
>>
>> On Mon, Sep 3, 2018 at 5:23 PM, Jacco van Dorp
>> wrote:
>> > This feels really useful to me to make some quick changes to a database
>> > -
>> > perhaps a database layer could
I prefer Python's syntax.
In the Keras example, Python pays off compared to the XML or YAML or
whatever as soon as you need to define something programmatically. For
example, if your model is generated based on some other input.
Anyway, most of your time is not spent typing punctuation.
On Mon, Sep 3, 2018 at 5:23 PM, Jacco van Dorp wrote:
> This feels really useful to me to make some quick changes to a database -
> perhaps a database layer could return an class of type Recordclass, and then
> you just simply mutate it and shove it back into the database. Pseudocode:
>
> record
On Mon, Sep 3, 2018 at 4:40 AM Chris Angelico wrote:
> On Mon, Sep 3, 2018 at 6:31 PM, Wes Turner wrote:
> >
> >
> > On Mon, Sep 3, 2018 at 4:17 AM Chris Angelico wrote:
> >>
> >> On Mon, Sep 3, 2018 at 5:23 PM, Jacco van Dorp
> >> wrote:
> >> > This feels really useful to me to make some
If we wanted to be mathematically correct, taking a 4th root should give
you 4 answers. You could return a tuple of (4, -4, 4j, -4j) for a 4th root
of 256. It actually makes power to a Fraction(2, 4) unequal with a
Fraction(1, 2) calculating this way. (which, from what I can tell, is
exactly your
On Mon, Sep 3, 2018 at 3:25 AM Jacco van Dorp wrote:
> Also, it's rather clear that namedList is a really bad name for a
> Recordclass. It's cleary not intended to be a list. It's a record you can
> take out from somewhere, mutate, and push back in.
>
So call it "namedrecord", perhaps?
I'm not a security expert, but I believe the NX bit is a hardware
protection against a specific class of attack: buffer overflow attacks.
These attacks are possible because of the lack of safety in the C
programming language: it is very easy for a programmer to forget to check
the bounds of a
I am pretty sure that on systems which support it, Python's stack and data
are already NX.
NX is basically the default on modern systems.
Stephan
Op ma 3 sep. 2018 09:00 schreef Wes Turner :
> Rationale
> =
> - Separation of executable code and non-executable data is a good thing.
> -
I've just read and article which makes a good case for providing
pre-conditions and post-conditions.
http://pgbovine.net/python-unreadable.htm
The main point is: "without proper comments and documentation, even the
cleanest Python code is incomprehensible 'in-the-large'." I find the
article to
Wes Turner wrote
> - Separation of executable code and non-executable data is a good thing.
> - Additional security in Python is a good idea.
> - Python should support things like the NX bit to separate code and
> non-executable data.
When I saw this, I thought at first it was about preventing
On Tue, Sep 04, 2018 at 12:08:31AM +0100, Ivan Levkivskyi wrote:
> On Mon, 3 Sep 2018 at 23:51, Greg Ewing wrote:
>
> > Jonathan Fine wrote:
> > > I've just read and article which makes a good case for providing
> > > pre-conditions and post-conditions.
> > >
> > >
So, if an application accepts user-supplied input (such as a JSON payload),
is that data marked as non-executable?
On Monday, September 3, 2018, Greg Ewing
wrote:
> Jonathan Fine wrote:
>
> # Evil code!
>
>> ask_delete.__code__, ask_save.__code__ = ask_save.__code__,
>>
On 03Sep2018 22:32, Wes Turner wrote:
On Monday, September 3, 2018, Cameron Simpson wrote:
On 03Sep2018 20:58, Wes Turner wrote:
So, if an application accepts user-supplied input (such as a JSON
payload),
is that data marked as non-executable?
Unless you've hacked the JSON decoder (I
On 04Sep2018 13:26, Cameron Simpson wrote:
On 03Sep2018 22:32, Wes Turner wrote:
Can another process or exploitable C extension JMP to that data or no?
See Stephan Houben's reply to your post: heap and stack on modern OSes
are normally NX mode already, and CPython objects live on the
On Tue, Sep 04, 2018 at 10:50:27AM +1200, Greg Ewing wrote:
> Jonathan Fine wrote:
> >I've just read and article which makes a good case for providing
> >pre-conditions and post-conditions.
> >
> >http://pgbovine.net/python-unreadable.htm
>
> There's nothing in there that talks about PBC-style
On 03Sep2018 20:58, Wes Turner wrote:
So, if an application accepts user-supplied input (such as a JSON payload),
is that data marked as non-executable?
Unless you've hacked the JSON decoder (I think you can supply a custom decoder
for some things) all you're doing to get back is ints, strs,
On Monday, September 3, 2018, Cameron Simpson wrote:
> On 03Sep2018 20:58, Wes Turner wrote:
>
>> So, if an application accepts user-supplied input (such as a JSON
>> payload),
>> is that data marked as non-executable?
>>
>
> Unless you've hacked the JSON decoder (I think you can supply a
понедельник, 3 сентября 2018 г., 2:11:06 UTC+3 пользователь Greg Ewing
написал:
>
> Zaur Shibzukhov wrote:
>
> > `Recordclass` is defined on top of` memoryslots` just like `namedtuple`
> > above` tuple`. Attributes are accessed via a descriptor (`itemgetset`),
> > which supports both`
On Mon, 3 Sep 2018 at 23:51, Greg Ewing wrote:
> Jonathan Fine wrote:
> > I've just read and article which makes a good case for providing
> > pre-conditions and post-conditions.
> >
> > http://pgbovine.net/python-unreadable.htm
>
> There's nothing in there that talks about PBC-style executable
Jonathan Fine wrote:
I've just read and article which makes a good case for providing
pre-conditions and post-conditions.
http://pgbovine.net/python-unreadable.htm
There's nothing in there that talks about PBC-style executable
preconditions and postconditions, it's all about documenting
the
Jonathan Fine wrote:
# Evil code!
ask_delete.__code__, ask_save.__code__ = ask_save.__code__,
ask_delete.__code__
If an attacker can trick you into executing that line of code,
he can probably just delete your data directly.
--
Greg
___
25 matches
Mail list logo