What versions of Python does PicklingTools support?
Historically, versions 2.1.x to 2.6.x have been tested extensively. More recently, 2.7 has been tested and should work, but it has not been tested as much as the other versions.
3.x has not been tested: We are waiting for our main paying customer to adopt the 3.x series.
In the last 12 years of writing python, I have only hit had issues with .pyc files a handful of times, and always with python < 2.7. Anaecdotally this experience is shared with everyone I have worked with.
If you’re seeing this regularly, it suggests there may be something unique or uncommon in your set-up. You may wish to isolate and change whatever that is.
Now that you mentioned it, I just realized I never have problems related to .pyc files anymore ever since I switched to python 3 a few years ago. I remember I used to have problem with deleting database migration files because python would load the .pyc files of deleted migration scripts unless I also delete the .pyc files (which I often forgot).
Not quite. First, a map from a WeakRef to a value wouldn't do anything useful, since a WeakRef's target dying does not magically blow away the WeakRef itself. Second, you would have no way of getting from an object to its WeakRef(s), so you couldn't do a lookup anyway. But those criticisms are unfair; you're just using loose language to mean a map whose entries hold their keys weakly and values strongly.
But it's not that either. If it were that, and your key died but your map didn't, then the value would still be kept alive. And it doesn't hold both key and value weakly; in that case, you could have both map and key alive and yet the value could die; WeakMaps won't allow that.
It's something subtly different. It's a collection where both the key and map have to be live for the WeakMap entry to keep the value alive. "Weak" in the name is something of a misnomer, in my opinion. Weak normally means "something that can refer to an object without keeping it alive". WeakMap entries are not weak, they are normal strong references that very much keep their values alive -- but only if both the map and key are both alive.
Thanks. That does feel a bit backwards, for the purpose of GF tracking as you can’t store id->obj.
I assume if/when a WeakRef is exposed in the language then a normal map can be used to store id->WeakRef(obj), so no real need them for also having a “mapWithWeakRefValues”?
A WeakMap works with objects as keys. You can do it with objects you don't control, without adding some sort of id field. It can't be fully simulated with a WeakRef.
One common use is to associate extra data with objects, without attaching it to those objects directly. In your map, you add an obj->extradata mapping. Having the target be a WeakRef would just mean you'd lose your extradata while the source obj is still around.
I /have/ put other secrets into frontend code before, strictly for small temporary projects where the cost of implementing secret management outweighs the size of the project. And obviously not in code that was anywhere close to being deployed outside my own box.
Unfortunately the method outlined in the article allows access to environments that would otherwise be considered trusted and not-accessible over the internet, hence the problem
You do realize that your evil server could in fact send something back to your exploit to ask it to send something back to the server it connected to right?
evil-server
(looks at data from client)
(recognizes well known server app)
(launches exploit!)
The first one that comes to mind is built in "package updaters" where the front end server has a well defined way of updating its packages. Have your evil server send it "get a new version of fetch_user_passwords from here..."
I threw the code together last night. It's running on cloudflare backed by an S3 static file, so shouldn't be capacity issues
It was only tested on Firefox, as a basic proof-of-concept. AIUI, chrome et al offer similar functionality but maybe the API is different
It may also take a few minutes to find and connect to the websocket, I think CRA webserver maybe only binds to one client at a time, so maybe it would pick up the connection after a webpack-dev-server reload or two.
> Like how the file explorer has a built in terminal that follows the folder you're in.
That’s a nice feature. But it has little to do with Windows/OSX equivalence.
It also highlights something I felt last time I tried KDE (admittedly a while ago).
There were lots of nice UX innovations and polish. But they didn’t feel familiar to me (as a user of many desktop environments). This makes switching much less of an appealing prospect to me.
I'm shocked by this, especially when the alternative here is GNOME. You can put a lifelong windows user in front of a plasma machine and they will be able to figure it out easy. There is a start menu, a bottom taskbar, all the window buttons are where they belong, etc.
Contrast with gnome, where you can't get anything done unless you already know the magical keyboard shortcuts.
Plasma gets criticized often for having too many configuration options and too many features, which I think is just insane. It works perfectly well out of the box, but it allows you to tinker to your heart's content.
I don't use gnome desktops, for similar reasons (although I'm also not the target audience for adopters, as I currently use Linux as my primary desktop environment!)
I use cinnamon, as, for my personal preferences, it strikes the best balance between familiarity, 'prettiness' and functionality of the options I've tried.
I think Cinnamon is really underrated. It has sane defaults, is reasonably performant, and will be familiar to anyone coming from Windows.
In general I feel that Gnome has terrible defaults, and are hostile to the user making changes away from these defaults. It's also less performant than Cinnamon -- animations can lag on my machine for example, and my machine isn't exactly bad.
I think Plasma is nice, and it's certainly more customizable than Cinnamon, but I think this comes at the cost of reliability and an overall feeling of cohesiveness. I also think there's a point where you don't want every right click menu to contain an option which allows you to fundamentally change the functionality of your desktop.
I'd probably be using XFCE or Mate if Cinnamon didn't exist.
You literally said you have only a limited amount of experience with KDE (from 'undefined' time ago), and yet you felt qualified to opine on its suitability for X... now?
This is the plan. Once google have verified the advertisers, they can ‘help users understand the source of the advert’ by replacing the mini Ad icon with the advertisers’ favicon, to increase transparency..
Increased transparency would be having "Advertisement" (no abbreviation) and the advertiser's icon.
Replacing "Ad" with advertiser's icon is simply a method how not to display "Ad". I expect that many icons will not be company logos, but rather something that seems like it would normally appear in a web page: a small arrow, a tiny dot, a thumb-up, etc.
Then the Google will have credible deniability: hey, we didn't make the icon, the advertiser did, blame him. But of course they are the ones who refuses to display "Advertising" clearly.
From the picklingtools FAQ:
What versions of Python does PicklingTools support? Historically, versions 2.1.x to 2.6.x have been tested extensively. More recently, 2.7 has been tested and should work, but it has not been tested as much as the other versions.
[edit] formatting