Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #103575 > unrolled thread

Everything good about Python except GUI IDE?

Back to article view | Back to comp.lang.python

Contents

  Everything good about Python except GUI IDE? wrong.address.1@gmail.com - 2016-02-27 03:18 -0800
    Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-02-27 22:36 +1100
    Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-27 04:02 -0800
    Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-27 23:07 +1100
      Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-02-28 17:34 +1100
        Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-27 23:39 -0800
          Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-28 19:49 +1100
        Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-28 19:44 +1100
          Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 02:25 -0800
            Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-28 21:34 +1100
              Re: Everything good about Python except GUI IDE? Gordon Levi <gordon@address.invalid> - 2016-02-29 00:08 +1100
                Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 05:13 -0800
                  Re: Everything good about Python except GUI IDE? Gordon Levi <gordon@address.invalid> - 2016-02-29 00:24 +1100
                    Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 05:49 -0800
                      Re: Everything good about Python except GUI IDE? Chris Warrick <kwpolska@gmail.com> - 2016-02-28 15:00 +0100
                        Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 06:11 -0800
                          Re: Everything good about Python except GUI IDE? Chris Warrick <kwpolska@gmail.com> - 2016-02-28 15:26 +0100
                            Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 08:50 -0800
                            Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-02-29 11:39 +1100
                              Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-29 11:54 +1100
                              Re: Everything good about Python except GUI IDE? Ben Finney <ben+python@benfinney.id.au> - 2016-02-29 12:05 +1100
                              Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-29 12:13 +1100
                              Lineendings (was Everything good about Python except GUI IDE?) Rustom Mody <rustompmody@gmail.com> - 2016-02-28 17:39 -0800
                                Re: Lineendings (was Everything good about Python except GUI IDE?) Chris Angelico <rosuav@gmail.com> - 2016-02-29 12:49 +1100
                                  Re: Lineendings (was Everything good about Python except GUI IDE?) Rustom Mody <rustompmody@gmail.com> - 2016-02-28 17:55 -0800
                                    Re: Lineendings (was Everything good about Python except GUI IDE?) Chris Angelico <rosuav@gmail.com> - 2016-02-29 13:02 +1100
                                      Re: Lineendings (was Everything good about Python except GUI IDE?) Rustom Mody <rustompmody@gmail.com> - 2016-02-28 18:08 -0800
                                        Re: Lineendings (was Everything good about Python except GUI IDE?) Ben Finney <ben+python@benfinney.id.au> - 2016-02-29 13:35 +1100
                                          Re: Lineendings (was Everything good about Python except GUI IDE?) Rustom Mody <rustompmody@gmail.com> - 2016-02-28 20:48 -0800
                      Re: Everything good about Python except GUI IDE? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2016-02-28 17:09 +0000
                  Re: Everything good about Python except GUI IDE? Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2016-02-28 11:56 -0500
                    Re: Everything good about Python except GUI IDE? Gordon Levi <gordon@address.invalid> - 2016-03-02 20:44 +1100
          Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-02-28 23:50 +1100
            Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-29 04:53 +1100
              Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-02-29 13:22 +1100
                Re: Everything good about Python except GUI IDE? Gregory Ewing <greg.ewing@canterbury.ac.nz> - 2016-02-29 17:40 +1300
        Re: Everything good about Python except GUI IDE? "Sven R. Kunze" <srkunze@mail.de> - 2016-02-28 13:23 +0100
        Re: Everything good about Python except GUI IDE? BartC <bc@freeuk.com> - 2016-02-28 12:38 +0000
          Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 04:54 -0800
            Re: Everything good about Python except GUI IDE? BartC <bc@freeuk.com> - 2016-02-28 13:07 +0000
              Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 05:20 -0800
                Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-02-28 15:51 +0200
                  Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 06:03 -0800
                    Re: Everything good about Python except GUI IDE? BartC <bc@freeuk.com> - 2016-02-28 14:29 +0000
                      Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-02-29 11:49 +1100
                        Re: Everything good about Python except GUI IDE? BartC <bc@freeuk.com> - 2016-02-29 11:56 +0000
                      Re: Everything good about Python except GUI IDE? Terry Reedy <tjreedy@udel.edu> - 2016-02-28 19:49 -0500
                    Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-02-28 17:08 +0200
                      Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 08:41 -0800
                        Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-02-28 23:38 +0200
                      Re: Everything good about Python except GUI IDE? Gordon Levi <gordon@address.invalid> - 2016-02-29 15:47 +1100
                        Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-02-29 08:18 +0200
                          Re: Everything good about Python except GUI IDE? Rustom Mody <rustompmody@gmail.com> - 2016-02-28 23:20 -0800
                            Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-29 19:20 +1100
                              Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-02-29 10:37 +0200
                              Re: Everything good about Python except GUI IDE? Grant Edwards <invalid@invalid.invalid> - 2016-02-29 15:43 +0000
                                Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-03-01 03:17 +1100
                                  Re: Everything good about Python except GUI IDE? Grant Edwards <invalid@invalid.invalid> - 2016-02-29 18:17 +0000
                                    Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-03-01 05:31 +1100
                            Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-02-29 10:25 +0200
                              Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-29 19:33 +1100
                                Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-02-29 10:46 +0200
                                Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-03-02 03:44 +1100
                                  Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-03-02 05:07 +1100
                                    Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-03-02 13:22 +1100
                                      Speaking of Javascript [was Re: Everything good about Python except GUI IDE?] Steven D'Aprano <steve@pearwood.info> - 2016-03-03 04:05 +1100
                                        Re: Speaking of Javascript [was Re: Everything good about Python except GUI IDE?] Chris Angelico <rosuav@gmail.com> - 2016-03-03 04:46 +1100
                                          Re: Speaking of Javascript [was Re: Everything good about Python except GUI IDE?] Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-03-02 18:29 +0000
                                            Re: Speaking of Javascript [was Re: Everything good about Python except GUI IDE?] Chris Angelico <rosuav@gmail.com> - 2016-03-03 07:55 +1100
                                              Re: Speaking of Javascript [was Re: Everything good about Python except GUI IDE?] Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-03-02 22:01 +0000
                            Re: Everything good about Python except GUI IDE? Terry Reedy <tjreedy@udel.edu> - 2016-02-29 21:33 -0500
                            Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-03-01 15:31 +1100
                          Re: Everything good about Python except GUI IDE? Gordon Levi <gordon@address.invalid> - 2016-03-02 20:44 +1100
                            Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-03-02 13:57 +0200
                  Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-02-29 11:14 +1100
              Re: Everything good about Python except GUI IDE? Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2016-02-28 12:08 -0500
          Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-03-02 03:35 +1100
            Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-03-01 20:06 +0200
              Re: Everything good about Python except GUI IDE? wxjmfauth@gmail.com - 2016-03-01 11:30 -0800
                Re: Everything good about Python except GUI IDE? wxjmfauth@gmail.com - 2016-03-01 11:39 -0800
              Re: Everything good about Python except GUI IDE? Steven D'Aprano <steve@pearwood.info> - 2016-03-02 12:51 +1100
                Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-03-02 13:15 +1100
                Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-03-02 07:41 +0200
                  Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-03-02 16:58 +1100
                    Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-03-02 10:20 +0200
                      Re: Everything good about Python except GUI IDE? Christian Gollwitzer <auriocus@gmx.de> - 2016-03-02 23:00 +0100
                        Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-03-03 00:36 +0200
        Re: Everything good about Python except GUI IDE? Dietmar Schwertberger <maillist@schwertberger.de> - 2016-02-28 13:38 +0100
          Re: Everything good about Python except GUI IDE? cl@isbd.net - 2016-02-28 12:52 +0000
            Re: Everything good about Python except GUI IDE? Dietmar Schwertberger <maillist@schwertberger.de> - 2016-02-28 14:19 +0100
        Re: Everything good about Python except GUI IDE? Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2016-02-28 12:03 -0500
        Re: Everything good about Python except GUI IDE? Dietmar Schwertberger <maillist@schwertberger.de> - 2016-02-28 18:41 +0100
    Re: Everything good about Python except GUI IDE? BartC <bc@freeuk.com> - 2016-02-27 13:35 +0000
    Re: Everything good about Python except GUI IDE? MWS <miragewebstudio12@gmail.com> - 2016-02-27 20:05 +0530
    Re: Everything good about Python except GUI IDE? Dietmar Schwertberger <maillist@schwertberger.de> - 2016-02-27 15:20 +0100
      Re: Everything good about Python except GUI IDE? wrong.address.1@gmail.com - 2016-02-27 10:13 -0800
        Re: Everything good about Python except GUI IDE? Chris Angelico <rosuav@gmail.com> - 2016-02-28 05:29 +1100
        Re: Everything good about Python except GUI IDE? Marko Rauhamaa <marko@pacujo.net> - 2016-02-27 20:35 +0200
        Re: Everything good about Python except GUI IDE? Dietmar Schwertberger <maillist@schwertberger.de> - 2016-02-27 19:51 +0100
        Re: Everything good about Python except GUI IDE? Dietmar Schwertberger <maillist@schwertberger.de> - 2016-02-28 00:20 +0100
        Re: Everything good about Python except GUI IDE? Gordon Levi <gordon@address.invalid> - 2016-02-28 16:49 +1100
        Re: Everything good about Python except GUI IDE? Sibylle Koczian <nulla.epistola@web.de> - 2016-02-28 11:46 +0100
        Re: Everything good about Python except GUI IDE? Virgil Stokes <vs@it.uu.se> - 2016-02-28 12:26 +0100
        Re: Everything good about Python except GUI IDE? Sibylle Koczian <nulla.epistola@web.de> - 2016-02-28 11:46 +0100
        Re: Everything good about Python except GUI IDE? mm0fmf <none@invalid.com> - 2016-02-28 18:47 +0000
          Re: Everything good about Python except GUI IDE? Dietmar Schwertberger <maillist@schwertberger.de> - 2016-02-28 20:09 +0100
        Re: Everything good about Python except GUI IDE? Michael Torrie <torriem@gmail.com> - 2016-02-28 18:24 -0700
        Re: Everything good about Python except GUI IDE? Mike S <mscir@yahoo.com> - 2016-03-02 23:27 -0800
    Re: Everything good about Python except GUI IDE? Marco Kaulea <marco.kaulea@gmail.com> - 2016-02-27 18:57 +0100
    Re: Everything good about Python except GUI IDE? Anthony Papillion <anthony@cajuntechie.org> - 2016-02-27 13:45 -0600
    Re: Everything good about Python except GUI IDE? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2016-02-27 20:52 +0000
    Re: Everything good about Python except GUI IDE? MRAB <python@mrabarnett.plus.com> - 2016-02-27 21:35 +0000
    Re: Everything good about Python except GUI IDE? Mike <termim@gmail.com> - 2016-03-01 19:46 -0800

Page 4 of 6 — ← Prev page 1 2 3 [4] 5 6  Next page →

#103696

On Mon, Feb 29, 2016 at 7:25 PM, Marko Rauhamaa <marko@pacujo.net> wrote:
> As for why you should avoid JS/CSS, Web pages open very slowly, jump
> around wildly during rendering and have unexpected artifacts (not to
> mention the numerous data collection abuses) when they are encumbered
> with truckloads of state-of-the-art web dev gimmicks.

And when I pick up a paintbrush, canvas, and oil paints, the result is
appallingly hard on the eyes. Clearly oil paints should not be used,
and we should just place the brush tastefully on the canvas, because
that is guaranteed to look good.

Don't blame the tool for its poor users.

ChrisA

[toc] | [prev] | [next] | [standalone]

#103698

Chris Angelico <rosuav@gmail.com>:
> On Mon, Feb 29, 2016 at 7:25 PM, Marko Rauhamaa <marko@pacujo.net> wrote:
>> As for why you should avoid JS/CSS, Web pages open very slowly, jump
>> around wildly during rendering and have unexpected artifacts (not to
>> mention the numerous data collection abuses) when they are encumbered
>> with truckloads of state-of-the-art web dev gimmicks.
>
> And when I pick up a paintbrush, canvas, and oil paints, the result is
> appallingly hard on the eyes. Clearly oil paints should not be used,
> and we should just place the brush tastefully on the canvas, because
> that is guaranteed to look good.
>
> Don't blame the tool for its poor users.

In that vein...

   The men turned away and went toward Sodom, but Abraham remained
   standing before the Lord. Then Abraham approached him and said: “Will
   you sweep away the righteous with the wicked? What if there are fifty
   righteous people in the city? Will you really sweep it away and not
   spare the place for the sake of the fifty righteous people in it? Far
   be it from you to do such a thing—to kill the righteous with the
   wicked, treating the righteous and the wicked alike. Far be it from
   you! Will not the Judge of all the earth do right?”

   The Lord said, “If I find fifty righteous people in the city of
   Sodom, I will spare the whole place for their sake.”

   Then Abraham spoke up again: “Now that I have been so bold as to
   speak to the Lord, though I am nothing but dust and ashes, what if
   the number of the righteous is five less than fifty? Will you destroy
   the whole city for lack of five people?”

   “If I find forty-five there,” he said, “I will not destroy it.”

   Once again he spoke to him, “What if only forty are found there?”

   He said, “For the sake of forty, I will not do it.”

   Then he said, “May the Lord not be angry, but let me speak. What if
   only thirty can be found there?”

   He answered, “I will not do it if I find thirty there.”

   Abraham said, “Now that I have been so bold as to speak to the Lord,
   what if only twenty can be found there?”

   He said, “For the sake of twenty, I will not destroy it.”

   Then he said, “May the Lord not be angry, but let me speak just once
   more. What if only ten can be found there?”

   He answered, “For the sake of ten, I will not destroy it.”

   When the Lord had finished speaking with Abraham, he left, and
   Abraham returned home.

   <URL: https://www.biblegateway.com/passage/?search=Genesis%2018&versio
   n=NIV>

   Early the next morning Abraham got up and returned to the place where
   he had stood before the Lord. He looked down toward Sodom and
   Gomorrah, toward all the land of the plain, and he saw dense smoke
   rising from the land, like smoke from a furnace.

   <URL: https://www.biblegateway.com/passage/?search=Genesis%2019&versio
   n=NIV>


Marko

[toc] | [prev] | [next] | [standalone]

#103798

On Mon, 29 Feb 2016 07:33 pm, Chris Angelico wrote:

> On Mon, Feb 29, 2016 at 7:25 PM, Marko Rauhamaa <marko@pacujo.net> wrote:
>> As for why you should avoid JS/CSS, Web pages open very slowly, jump
>> around wildly during rendering and have unexpected artifacts (not to
>> mention the numerous data collection abuses) when they are encumbered
>> with truckloads of state-of-the-art web dev gimmicks.
> 
> And when I pick up a paintbrush, canvas, and oil paints, the result is
> appallingly hard on the eyes. Clearly oil paints should not be used,
> and we should just place the brush tastefully on the canvas, because
> that is guaranteed to look good.
> 
> Don't blame the tool for its poor users.

A better analogy is:

When I add cocaine to my stew, the result is a appallingly bad for those who
eat it. Do you have any idea how rough cocaine is on the human body and
brain? My wife likes the analogy, being on cocaine is like pressing the
accelerator of your car all the way to the floor, ALL THE TIME, regardless
of whether you are moving forward or stopped at the lights. And yet, for
some reason, people seem to like the cocaine-riddled stew, and often ask me
to add more cocaine.

People cannot get enough of Javascript, no matter what it does to the
security and stability of their browser, no matter how many pop-ups it
launches or how much spyware and malware it installs, or how many times it
kills their browser.



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#103810

On Wed, Mar 2, 2016 at 3:44 AM, Steven D'Aprano <steve@pearwood.info> wrote:
> On Mon, 29 Feb 2016 07:33 pm, Chris Angelico wrote:
>
>> On Mon, Feb 29, 2016 at 7:25 PM, Marko Rauhamaa <marko@pacujo.net> wrote:
>>> As for why you should avoid JS/CSS, Web pages open very slowly, jump
>>> around wildly during rendering and have unexpected artifacts (not to
>>> mention the numerous data collection abuses) when they are encumbered
>>> with truckloads of state-of-the-art web dev gimmicks.
>>
>> And when I pick up a paintbrush, canvas, and oil paints, the result is
>> appallingly hard on the eyes. Clearly oil paints should not be used,
>> and we should just place the brush tastefully on the canvas, because
>> that is guaranteed to look good.
>>
>> Don't blame the tool for its poor users.
>
> A better analogy is:
>
> When I add cocaine to my stew, the result is a appallingly bad for those who
> eat it. Do you have any idea how rough cocaine is on the human body and
> brain? My wife likes the analogy, being on cocaine is like pressing the
> accelerator of your car all the way to the floor, ALL THE TIME, regardless
> of whether you are moving forward or stopped at the lights. And yet, for
> some reason, people seem to like the cocaine-riddled stew, and often ask me
> to add more cocaine.
>
> People cannot get enough of Javascript, no matter what it does to the
> security and stability of their browser, no matter how many pop-ups it
> launches or how much spyware and malware it installs, or how many times it
> kills their browser.

s/cocaine/sriracha/ and I would agree with you, because there are
places where JS can majorly enhance a web site, and it isn't going to
kill you if you use it correctly. But while we might disagree on the
precise boundary between "good JS" and "bad JS", it seems we're pretty
vehemently in agreement that there are a lot of sites out there that
serve up a stew that burns the paint off buildings in the next county.

ChrisA

[toc] | [prev] | [next] | [standalone]

#103833

On Wed, 2 Mar 2016 05:07 am, Chris Angelico wrote:

> On Wed, Mar 2, 2016 at 3:44 AM, Steven D'Aprano <steve@pearwood.info>
> wrote:

>> A better analogy is:
>>
>> When I add cocaine to my stew, the result is a appallingly bad for those
>> who eat it. Do you have any idea how rough cocaine is on the human body
>> and brain? My wife likes the analogy, being on cocaine is like pressing
>> the accelerator of your car all the way to the floor, ALL THE TIME,
>> regardless of whether you are moving forward or stopped at the lights.
>> And yet, for some reason, people seem to like the cocaine-riddled stew,
>> and often ask me to add more cocaine.
>>
>> People cannot get enough of Javascript, no matter what it does to the
>> security and stability of their browser, no matter how many pop-ups it
>> launches or how much spyware and malware it installs, or how many times
>> it kills their browser.
> 
> s/cocaine/sriracha/ and I would agree with you, because there are
> places where JS can majorly enhance a web site, and it isn't going to
> kill you if you use it correctly. 

If by "kill" you mean "compromise your system", then JS absolutely can kill.
Running somebody else's code on your machine could have *any* consequence,
such as installing spyware, a spam-bot, ransomware, a keylogger that
results in your bank account being emptied, or (if the spyware is being run
by people who consider you an enemy of the state) literal death via a
midnight visit from the secret police or a Hellfire missile fired through
your window.


https://community.rapid7.com/community/metasploit/blog/2014/01/23/firefox-privileged-payloads

http://er.educause.edu/blogs/2016/2/fast-forward-javascript-api-exploits

http://arstechnica.com/security/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-users/

https://www.vidder.com/resources/attacks/javascript-device-exploit.html

https://www.usenix.org/legacy/event/woot08/tech/full_papers/daniel/daniel_html/

http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=1487635#vtab-characteristics


(The last one typos the malware as "Java" code, but if you read on you'll
see they actually mean Javascript.)


As a web developer, if you host ads, your viewers at the mercy of malware:

https://en.wikipedia.org/wiki/Malvertising

Most malicious advertising is still written in Flash/ActionScript (a variant
of Javascript), but some use Javascript:

http://www.pcworld.com/article/3039816/security/malvertising-campaigns-are-becoming-harder-to-detect.html




-- 
Steven

[toc] | [prev] | [next] | [standalone]

#103883 — Speaking of Javascript [was Re: Everything good about Python except GUI IDE?]

Speaking of Javascript exploits:

http://thedailywtf.com/articles/bidding-on-security


This is a real exploit, and Ebay have refused to fix it. Yay them!

More here:

http://blog.checkpoint.com/2016/02/02/ebay-platform-exposed-to-severe-vulnerability/


-- 
Steven

[toc] | [prev] | [next] | [standalone]

#103888 — Re: Speaking of Javascript [was Re: Everything good about Python except GUI IDE?]

On Thu, Mar 3, 2016 at 4:05 AM, Steven D'Aprano <steve@pearwood.info> wrote:
> Speaking of Javascript exploits:
>
> http://thedailywtf.com/articles/bidding-on-security
>
>
> This is a real exploit, and Ebay have refused to fix it. Yay them!
>
> More here:
>
> http://blog.checkpoint.com/2016/02/02/ebay-platform-exposed-to-severe-vulnerability/

To be fair, this isn't a JS exploit; it's a trusting-of-trust issue -
eBay has declared that you can trust them to sanitize their sellers'
listings, and so you trust eBay, but this exploit gets past the
filter. You're no more vulnerable looking at one of those listings
than you would be going to a web site entirely controlled by the
attacker, save that (particularly on mobile devices) there are a lot
of people out there who'll say "Oh, it'e eBay, I'm safe".

ChrisA

[toc] | [prev] | [next] | [standalone]

#103893 — Re: Speaking of Javascript [was Re: Everything good about Python except GUI IDE?]

On 2016-03-02, Chris Angelico <rosuav@gmail.com> wrote:
> To be fair, this isn't a JS exploit; it's a trusting-of-trust issue -
> eBay has declared that you can trust them to sanitize their sellers'
> listings, and so you trust eBay, but this exploit gets past the
> filter.

This is true. It sounds like their filter is frankly bizarre,
I can't imagine why it works the way that has been described.

> You're no more vulnerable looking at one of those listings
> than you would be going to a web site entirely controlled by the
> attacker, save that (particularly on mobile devices) there are a lot
> of people out there who'll say "Oh, it'e eBay, I'm safe".

This however I don't think is true at all. eBay already has a great
deal of data about its customers, if an attacker can hijack sessions
and steal this data just from a user visiting a listings page then
that isn't anything like visiting a random malicious site.

[toc] | [prev] | [next] | [standalone]

#103896 — Re: Speaking of Javascript [was Re: Everything good about Python except GUI IDE?]

On Thu, Mar 3, 2016 at 5:29 AM, Jon Ribbens
<jon+usenet@unequivocal.co.uk> wrote:
> On 2016-03-02, Chris Angelico <rosuav@gmail.com> wrote:
>> To be fair, this isn't a JS exploit; it's a trusting-of-trust issue -
>> eBay has declared that you can trust them to sanitize their sellers'
>> listings, and so you trust eBay, but this exploit gets past the
>> filter.
>
> This is true. It sounds like their filter is frankly bizarre,
> I can't imagine why it works the way that has been described.

Agreed. I also don't understand why they can't simply say "no <script>
tags permitted". By the look of the error message, they've been
playing whack-a-mole with exploits as they're found, rather than
actually designing for security.

>> You're no more vulnerable looking at one of those listings
>> than you would be going to a web site entirely controlled by the
>> attacker, save that (particularly on mobile devices) there are a lot
>> of people out there who'll say "Oh, it'e eBay, I'm safe".
>
> This however I don't think is true at all. eBay already has a great
> deal of data about its customers, if an attacker can hijack sessions
> and steal this data just from a user visiting a listings page then
> that isn't anything like visiting a random malicious site.

Hmm, maybe. But the description of the exploit talks of getting people
to click a button to install an app, which is something anyone could
do with full control of a web site; the value (to the attacker) of
exploiting the eBay filter limitation is that it slips it into an
otherwise-trusted web site (both from the human's point of view -
"this is eBay, it's fine" - and from a machine filter's - "yes, this
is the same site you thought you were on").

ChrisA

[toc] | [prev] | [next] | [standalone]

#103905 — Re: Speaking of Javascript [was Re: Everything good about Python except GUI IDE?]

On 2016-03-02, Chris Angelico <rosuav@gmail.com> wrote:
> On Thu, Mar 3, 2016 at 5:29 AM, Jon Ribbens
><jon+usenet@unequivocal.co.uk> wrote:
>> On 2016-03-02, Chris Angelico <rosuav@gmail.com> wrote:
>>> You're no more vulnerable looking at one of those listings
>>> than you would be going to a web site entirely controlled by the
>>> attacker, save that (particularly on mobile devices) there are a lot
>>> of people out there who'll say "Oh, it'e eBay, I'm safe".
>>
>> This however I don't think is true at all. eBay already has a great
>> deal of data about its customers, if an attacker can hijack sessions
>> and steal this data just from a user visiting a listings page then
>> that isn't anything like visiting a random malicious site.
>
> Hmm, maybe. But the description of the exploit talks of getting people
> to click a button to install an app, which is something anyone could
> do with full control of a web site;

I think that's just a proof-of-concept sort of thing. There's much
more interesting things you can do than put up "download this exe
and run it" pop-ups if you can run arbitrary javascript in someone
else's domain.

> the value (to the attacker) of exploiting the eBay filter limitation
> is that it slips it into an otherwise-trusted web site (both from
> the human's point of view -"this is eBay, it's fine" - and from a
> machine filter's - "yes, this is the same site you thought you were
> on").

You can of course just register egay.com (or whatever) and hope for
the best (including putting an SSL cert on it).

[toc] | [prev] | [next] | [standalone]

#103774

On 2/29/2016 3:20 AM, Chris Angelico wrote:

> Incidentally, HTML+CSS is another excellent example of code being used
> to create a visual effect. While there *are* WYSIWYG HTML editors, I'm
> not familiar with any WYISWYG HTML+CSS editors, and I much more often
> see a fast-turnaround code editing system such as codepen.io - you
> change the HTML in one box, or the CSS in another, and the result down
> below changes in real-time.

Does it change with each key stroke (if the keystroke leaves the text in 
a coherent, non-error state) or only on some special input?

> It wouldn't be too hard to create
> something like this for a GUI, and it'd remove some of that feeling of
> non-interactivity while still retaining all the benefits of code above
> drag-and-drop.

Keystroke auto-updates hardly make sense.  On-demand updates for tkinter 
are already possible.  By default, tk root windows, Python interpreter, 
Idle Shell, and IDLE Editors windows appear in the upper left of a 
screen.  Move either the tk or the python window(s) to the right.


1. REPL (python or IDLE): Possible updates are signaled by \n.  Tkinter 
visibly responds, when appropriate, on a statement by statement basis.

 >>> import tkinter as tk
 >>> root = tk.Tk()  # root window appears
 >>> b = tk.Button(root)  # text='', bg='white' are defaults
 >>> b.grid()  # button appears in root window
 >>> b['text'] = 'Hello World!'  # text appears in button
 >>> b['bg'] = 'red'  # background color changes

(Non-default options can also be set when a widget is created.)
One can even, I just discovered, setup timer events interactively.

 >>> root.after(500, lambda: b.config(bg='blue', text='done'))
# after 1/2 second (500 milliseconds), bg and text change

The disadvantage of this method is that the REPL record must be saved 
and processed to reuse it.


2. Editor (IDLE): Run with F5 to see the result of any changes.  The 
root window appears in a fraction of a second and population by widgets 
hardly takes much longer.  I think that this is close enough to 
interactive for most purposes.


3. Editor + REPL (IDLE): Since F5 simulates running the file with 
'python -i', this is automatic if the file in the editor does not run 
'root.mainloop()'.  If it does, the following in the file will allow one 
to end the blocking mainloop() call without also calling root.destroy 
and destroying the gui.

tk.Button(root, text='quit mainloop', command=root.quit).grid()


4. Integrated Editor and Display: your idea.  I think "It wouldn't be 
too hard" is wildly over-optimistic, as I will now explain>

The turtle demo (python -m turtledemo) has read-only text on the left, a 
turtle screen on the right, and a 'Start' button.  The text is read-only 
to avoid overwriting the supplied demo files.  People who want to edit 
them are supposed to copy and paste into an editor, such as IDLE's.)

The demo files must be and are (after failures) written in a special 
style to run properly within the demo framework, ... and to not disturb 
the buildbots when imported as part of test/test_all.  Top level code 
should only have definitions, including a 'def main' entry point, 
non-gui statements, and a '__main__'-guarded conditional statement for 
initiating gui actions.  They must also not bypass the turtle wrapping 
of tkinter to make direct tkinter calls that would disable the demo 
runner itself.  So even if turtledemo were turned into turtle-designer, 
by replacing the text pane with an editor, it could not be used for all 
legal turtle programs.

A GUI designer would replace the turtle screen also, with a gui frame. 
The special style would be something like the following template.

import tkinter as tk  # or "from tkinter import x, y, z, ..."
# define classes and functions

def main(parent):
     # call classes, passing parent
     # set up timers with parent.after
     # anything else requiring that root exist

if __name__ == '__main__':
     root = tk.Tk()
     main(root)
     root.mainloop()

The important point is that it must be possible to import the script 
without it creating a new root window or creating events. The app would 
run the user code with

user_gui = importlib.import_module(file_path)
user_gui.main(gui_frame)

Importing the code after saving, rather than using exec on the editor 
contents, isolates it somewhat from the app, but not enough.  Passing 
app's gui_frame into main and making that the parent of everything in 
the user gui ties the user gui into the app.  However, it also allows 
the app to inadvertently affect the app.  Non-interference between IDLE 
and user code, especially tkinter code, was the reason that IDLE was 
re-written, around a decade ago, to run user code in a separate process.

Another issue is handling user code errors.  Syntax errors can be marked 
in the editor, but tracebacks need a separate pane.  And it is also 
useful to be able to interact with the gui without altering the code in 
the editor.

Summary: if one starts with the idea of an interactive, unrestricted, 
code based, gui designer, especially one for tkinter using tkinter, and 
thinks carefully through the possible problems, one can easily end up 
with something similar to what we already have.

On the other hand, I think an interactive, restricted, gui-based, 
tkinter Frame or Canvas designer could be written and would be quite 
useful.  The generated code could easily be code that a human might 
write.  There may be something already available on pypi.

-- 
Terry Jan Reedy

[toc] | [prev] | [next] | [standalone]

#103776

On Tue, Mar 1, 2016 at 1:33 PM, Terry Reedy <tjreedy@udel.edu> wrote:
> On 2/29/2016 3:20 AM, Chris Angelico wrote:
>
>> Incidentally, HTML+CSS is another excellent example of code being used
>> to create a visual effect. While there *are* WYSIWYG HTML editors, I'm
>> not familiar with any WYISWYG HTML+CSS editors, and I much more often
>> see a fast-turnaround code editing system such as codepen.io - you
>> change the HTML in one box, or the CSS in another, and the result down
>> below changes in real-time.
>
>
> Does it change with each key stroke (if the keystroke leaves the text in a
> coherent, non-error state) or only on some special input?

In the case of codepen, it's not quite either; when you finish typing
and leave it for half a second, it updates. Not quite instant, but
automiatic.

ChrisA

[toc] | [prev] | [next] | [standalone]

#103853

Marko Rauhamaa <marko@pacujo.net> wrote:

>Gordon Levi <gordon@address.invalid>:
>
>> Nobody likes filling in forms but how do you suggest converting a form
>> based app into something loveable.
>
>Straight HTML does forms just fine without CSS or JavaScript, yet few
>can resist.
>
>> What interface would make you love adding a new contact to your
>> address book?
>
>In my case, the address book is a ~/.mailrc file, which I edit using
>emacs.

I find it difficult to believe that you _love_ updating your contacts
using Emacs even if it gives you an excuse to get some therapy from
Eliza. It seems equally unlikely that you can do without phone numbers
and addresses for your contacts.

[toc] | [prev] | [next] | [standalone]

#103863

Gordon Levi <gordon@address.invalid>:

> I find it difficult to believe that you _love_ updating your contacts
> using Emacs even if it gives you an excuse to get some therapy from
> Eliza. It seems equally unlikely that you can do without phone numbers
> and addresses for your contacts.

WP8 doesn't allow me to modify the contacts using emacs. And to my
knowledge, emacs still doesn't have a phone-call-mode.

I *love* using emacs for everything I can because the whole gamut of
emacs' typing machinery is at my disposal.

I readily admit that reading Wikipedia articles still works better with
Firefox than emacs.


Marko

[toc] | [prev] | [next] | [standalone]

#103664

On Mon, 29 Feb 2016 12:51 am, Marko Rauhamaa wrote:

> Rustom Mody <rustompmody@gmail.com>:
> 
>> whereas in fact every significant GUI embeds text (possibly recursively)
>>
>> eg TI inside GUI -- think of text inside gimp
>> GUI inside TI -- think of Word embedding other doc types including
>> pictures Which can be recursive -- WOrd embeds a picture embeds text
> 
> Sigh, still nobody has mentioned an exemplary GUI application.

Possibly because of the poor state of GUI application development, I don't
think there are many. There are many which are *acceptable*, to some lesser
or greater degree, but none that come to mind which make me go "wow, that's
amazing!".

Or perhaps I'm just jaded after 30+ years of using GUI apps and can only see
the bugs and not the features any more.


> An anecdote: Some weeks back my son and I were struggling to get the
> right kind of graph out of Excel. After four hours of Google, Youtube,
> trial and error, we gave up, took out a pad of millimeter paper and some
> colored pencils. The whole job took my son an hour and the end result
> looked great. He snapped a picture and sent it to the teacher by email.

I feel that the state of the art of graphing tools is horrid. It's
acceptable for business-style graphs (e.g. barcharts and pie charts) with
just a handful of items but rapidly goes downhill from there. There is too
much emphasis on making the graph look "fancy" at the expense of
communicating information (3D pie charts, really?). But for graphing
mathematical functions, it's just horrible. A good graphing application
should:

- by default show the zero point on the Y-axis;
- by default scale the Y-axis so as to fit the entire graph;
- label the axes in such a way that they are readable;
- be as easy as saying "graph f(x) for x between a and b" 
  and have the graphing application pick sensible defaults;
- allow easy discovery of features (which usually means a graphical
  interface -- e.g. click on the axis and be presented with options
  to modify that axis).


> A 2nd anecdote. I occasionally need to make technical presentations to
> an audience. Do I use PowerPoint or Impress? No, I use emacs, M-x
> picture-mode and raw HTML (without styles). I get to concentrate on
> producing effective communication, and nobody has complained about the
> lack of imagery or funny animation.

You don't know if they haven't complained because they don't miss them, or
haven't complained because they fell asleep and are too embarrassed to
complain "your presentation put me to sleep due to the lack of dancing
cows".

:-)



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#103652

On Sun, 28 Feb 2016 13:07:21 +0000, BartC <bc@freeuk.com> declaimed the
following:
>
>To extend it further, imagine having to write a document using a mouse 
>rather than a keyboard. And doing so by having to bring up the right 
>word each time and drag it into place. It would take forever.
>
	Which is almost what a lot of people enamored of "tablets" are doing.

	I really miss my old PDA's "letter recognizer" input system (not to be
confused with a cursive word recognizer, which it also had), but it just
wouldn't work with the imprecise capacitive input systems of tablets --
leaving me with 1-finger (well, fat/rubbery stylus) tapping at a
representation of a keyboard.

-- 
	Wulfraed                 Dennis Lee Bieber         AF6VN
    wlfraed@ix.netcom.com    HTTP://wlfraed.home.netcom.com/

[toc] | [prev] | [next] | [standalone]

#103796

On Sun, 28 Feb 2016 11:38 pm, BartC wrote:

> On 28/02/2016 06:34, Steven D'Aprano wrote:
> 
>> GUI elements are by definition graphical in nature, and like other
>> graphical elements, manipulation by hand is superior to command-based
>> manipulation. Graphical interfaces for manipulating graphics have won the
>> UI war so effectively that some people have forgotten there ever was a
>> war. Can you imagine using Photoshop without drag and drop?
>>
>> And yet programming those graphical interfaces is an exception. There,
>> with very few exceptions, we still *require* a command interface. Not
>> just a command interface, but an *off-line* command interface, where you
>> batch up all your commands then run them at once, as if we were
>> Neanderthals living in a cave.
> 
> You've got that back to front.
> 
> It's the GUI users who are the Neanderthals, having to effectively point
> at things with sticks. Or have to physically move that rock themselves
> (ie. drag a file to a wastebasket).

I haven't physically moved an icon to the wastebasket for years. I point at
the icon, right-click, and tell it "move yourself to the trash".


> More advanced uses have the power of language, with all its
> sophistications (ie. commands lines and scripting). 

Language is pretty important. But when you need to drive a nail into a piece
of wood, would you rather hit the nail with a hammer, or explain to the
hammer the precise direction and magnitude of force you would like it to
apply when it impacts the nails?



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#103809

Steven D'Aprano <steve@pearwood.info>:

> On Sun, 28 Feb 2016 11:38 pm, BartC wrote:
>> It's the GUI users who are the Neanderthals, having to effectively
>> point at things with sticks. Or have to physically move that rock
>> themselves (ie. drag a file to a wastebasket).
>
> I haven't physically moved an icon to the wastebasket for years. I
> point at the icon, right-click, and tell it "move yourself to the
> trash".

Do you find that interface convenient? Do you often find yourself
clickety-clicking around to perform bulk file operations?

> Language is pretty important. But when you need to drive a nail into a
> piece of wood, would you rather hit the nail with a hammer, or explain
> to the hammer the precise direction and magnitude of force you would
> like it to apply when it impacts the nails?

I don't know. My everyday file manipulation needs are so diverse that I
couldn't imagine how a GUI would make my life easier.

What I'm thinking is, could Python turn into a serious competitor to
bash? The standard shell suffers greatly from sloppy quoting, and many
of the age-old list-processing idioms are more awkward than cute.

A python shell would need a well-thought-out default import plus a way
to string together external commands. Maybe JSON or similar could be the
standard I/O framing format (instead of SPC-separated fields and
LF-separated records).

Someone must have tried that before. (Tclsh did that years back but
suffered from analogous problems as bash.)


Marko

[toc] | [prev] | [next] | [standalone]

#103815

Le mardi 1 mars 2016 19:07:13 UTC+1, Marko Rauhamaa a écrit :
> 
> I don't know. My everyday file manipulation needs are so diverse that I
> couldn't imagine how a GUI would make my life easier.
> 

D:\jm\Москва\Zürich\Αθήνα\Tiếng-Việt.txt
D:\jm\Москва\Zürich\Αθήνα\Žemaitėška.txt
D:\jm\Москва\Zürich\Αθήνα\नेपाल भाषा.txt

These are real files on my hd, win box.

jmf  (With the hope, you see these names correctly)

[toc] | [prev] | [next] | [standalone]

#103817

Le mardi 1 mars 2016 20:30:51 UTC+1, wxjm...@gmail.com a écrit :
> Le mardi 1 mars 2016 19:07:13 UTC+1, Marko Rauhamaa a écrit :
> > 
> > I don't know. My everyday file manipulation needs are so diverse that I
> > couldn't imagine how a GUI would make my life easier.
> > 
> 
> D:\jm\Москва\Zürich\Αθήνα\Tiếng-Việt.txt
> D:\jm\Москва\Zürich\Αθήνα\Žemaitėška.txt
> D:\jm\Москва\Zürich\Αθήνα\नेपाल भाषा.txt
> 
> These are real files on my hd, win box.
> 
> jmf  (With the hope, you see these names correctly)

As I do in FireFox.

[toc] | [prev] | [next] | [standalone]

Page 4 of 6 — ← Prev page 1 2 3 [4] 5 6  Next page →

Back to top | Article view | comp.lang.python

csiph-web