Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!rt.uk.eu.org!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'python,': 0.02; 'shipped': 0.05; 'sufficient': 0.05; 'subject:Python': 0.06; 'apps,': 0.07; 'encouraging': 0.07; 'modify': 0.07; 'plenty': 0.07; 'referring': 0.07; 'expense': 0.09; 'rescue': 0.09; 'skip:/ 10': 0.09; 'cc:addr :python-list': 0.11; 'python': 0.11; 'missed': 0.12; 'windows': 0.15; '2.7.3': 0.16; 'bigger.': 0.16; 'binary,': 0.16; 'cheap,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'guessing': 0.16; 'imo.': 0.16; 'larger,': 0.16; "others'": 0.16; 'personally,': 0.16; 'some)': 0.16; 'strategy:': 0.16; 'thought.': 0.16; 'trivially': 0.16; 'upgrades.': 0.16; 'apps': 0.16; ':-)': 0.16; 'wrote:': 0.18; '(not': 0.18; 'library': 0.18; 'cheap': 0.19; 'solution.': 0.20; 'aug': 0.22; 'cc:addr:python.org': 0.22; 'install': 0.23; 'example.': 0.24; "shouldn't": 0.24; 'stick': 0.24; 'tend': 0.24; 'cc:2**0': 0.24; "i've": 0.25; 'script': 0.25; 'header:In-Reply-To:1': 0.27; 'installed': 0.27; 'rest': 0.29; 'respective': 0.29; 'newer': 0.30; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'that.': 0.31; 'breaking': 0.31; "d'aprano": 0.31; 'libraries': 0.31; 'steven': 0.31; 'though.': 0.31; 'yourself.': 0.31; 'file': 0.32; 'another': 0.32; 'linux': 0.33; 'fri,': 0.33; 'could': 0.34; 'problem': 0.35; 'basic': 0.35; "can't": 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'version': 0.36; 'really': 0.36; "he's": 0.36; 'done': 0.36; 'entry': 0.36; 'application': 0.37; 'turn': 0.37; 'two': 0.37; 'level': 0.37; 'sometimes': 0.38; 'system,': 0.38; 'whatever': 0.38; 'files': 0.38; 'pm,': 0.38; 'rather': 0.38; 'anything': 0.39; 'even': 0.60; 'entire': 0.61; 'times': 0.62; "you'll": 0.62; 'reach': 0.63; 'such': 0.63; 'soon': 0.63; 'central': 0.64; 'more': 0.64; 'total': 0.65; 'management': 0.65; 'effectively': 0.66; 'hour': 0.70; 'risk': 0.72; 'obvious': 0.74; 'communicate.': 0.84; 'depended': 0.84; 'drive.': 0.84; 'horrible': 0.84; 'ships': 0.84; 'technically': 0.84; 'afford': 0.91; 'to:none': 0.92; 'average': 0.93; 'dirty': 0.93 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=fihY8EfE/DXG+Nu7pvRwzxgB75GHRq0k98od+nxOQlY=; b=uPzdIxYBPDrinWHMpzq2Nk4IV27R/bnWzZBAzr6Tyan+fG5JzW4aNGQfF5k9sZKQgD 9oCkwtk8V71R5GGcEXC/hq/9QG34ju3wMsuajvlmCn5G3MQQ7YpTAANcKUtcoI/rseRn ckz297jLXULLdOku0WneOuI2JaBjOf12noCFATMCMBlQHRxb+0WMF3lWpyrBA9Hmeg2G blrkRbEDp4IIsmw8RpOzwJe0scGe8a/6mfhUtM2kZ23l6ccvYzDzxpk4E2++46a3WJH7 pianFgc40TDlAEbGR/nWs33kwB7KHurOI4TwqwnuvbOYtrrsJPMC/ZAplIoIM+bHGqyu ZoSA== MIME-Version: 1.0 X-Received: by 10.43.96.65 with SMTP id cf1mr7093638icc.26.1406899803485; Fri, 01 Aug 2014 06:30:03 -0700 (PDT) In-Reply-To: <53db91a8$0$30002$c3e8da3$5496439d@news.astraweb.com> References: <87zjga4j4v.fsf@elektro.pacujo.net> <53c57bae$0$9505$c3e8da3$5496439d@news.astraweb.com> <87iomy4ciy.fsf@elektro.pacujo.net> <53c5f6dc$0$9505$c3e8da3$5496439d@news.astraweb.com> <87egxl4zq8.fsf@elektro.pacujo.net> <53c73ff0$0$29897$c3e8da3$5496439d@news.astraweb.com> <9ef930a0-5a41-4a20-a13a-003c9e8246fe@googlegroups.com> <53c9655a$0$9505$c3e8da3$5496439d@news.astraweb.com> <368c1e4f-9328-445b-9876-9f26560a50c2@googlegroups.com> <53ca1e27$0$9505$c3e8da3$5496439d@news.astraweb.com> <20140801131035.f672ac56af3aa4eda5d36dcd@gmx.net> <87oaw4z9jr.fsf@elektro.pacujo.net> <53db91a8$0$30002$c3e8da3$5496439d@news.astraweb.com> Date: Fri, 1 Aug 2014 23:30:03 +1000 Subject: Re: Python and IDEs From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 72 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1406899806 news.xs4all.nl 2895 [2001:888:2000:d::a6]:50330 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:75473 On Fri, Aug 1, 2014 at 11:10 PM, Steven D'Aprano wrote: > Marko Rauhamaa wrote: > >> I'm guessing he's referring to the modern fad of application sandboxing. >> Each application is installed with everything it needs on top of the >> basic OS. >> >> If you have ten Python apps, you'll have ten Python installations. > > A horrible thought. Hard drives are cheap, but not that cheap that one can > trivially afford to turn every 1K Python script into a 25,000K install > (based on the size of the Windows binary-only installer). On my system, the > obvious application directories (I may have missed some) total 460MB: > > [steve@ando ~]$ du -hc /bin/ /sbin/ /usr/bin/ /usr/local/bin/ > 7.9M /bin/ > 38M /sbin/ > 76K /usr/bin/mergetools > 380M /usr/bin/ > 35M /usr/local/bin/ > 460M total > > If those apps were an average of 10,000 times larger, that makes 4.6TB, > significantly larger than an entry level 1TB hard drive. It also makes > rescue DVDs and boot USB sticks impractical, to say nothing of the expense > of downloading upgrades. I can download (say) an entire Linux Mint system > in an hour or three, which is significantly better than the two years it > would take to download if everything was 10,000 times bigger. There is a solution. If all those binaries are marked as read-only, you could have a file system that stores things based on their hashes, effectively hardlinking (automatically) all the duplicates. Of course, that only works if they really are duplicates. If one ships Python 2.7.3 and another ships 2.7.4, there'll be a lot of almost-duplicated files that technically identical. > But even more problematic... if there's a security vulnerability in Python, > would you rather wait for the vulnerability to patched once in a central > Python binary, or individually in each and every single Python script that > comes with a bundled Python binary? This is exactly the problem that sandboxing "fixes", though. As soon as you upgrade the central Python binary, you risk breaking that application that depended on the exact version that it shipped with. Encouraging laziness and sloppy versioning, IMO. >> Also >> the applications have no way to communicate outside their respective >> sandboxes. They can't access each others' files, for example. > > If two applications can both write to the file system, they can communicate. > If they have sufficient file system privileges, they can even reach into > each other's bundle and modify anything they want. If you chroot to the sandbox, they shouldn't be able to. (Not to say there's no such thing as chroot leakage, of course, but they shouldn't.) >> Personally, I tend to stick to this package management strategy: install >> whatever is available with yum and write the rest yourself. > > +0.8 on that. Sometimes I install software outside of the package management > system, but I always feel a tad dirty when I do so :-) I don't. There's plenty that I've done that way - but only ever applications, or libraries that completely don't exist in the repos. I've never installed a newer version of a library than I can get from repo. ChrisA