From ajs@ix.netcom.com Sat Apr 27 13:27:23 2002 From: ajs@ix.netcom.com (Arthur Siegel) Date: Sat, 27 Apr 2002 08:27:23 -0400 Subject: [Edu-sig] Getting acquainted with complex numbers. Message-ID: <001c01c1ede6$e3438ac0$0334fea9@carol> A good Python educational resource regarding complex numbers: http://www.lightandmatter.com/complex.pdf The complex built_in is not really used in this brief tutorial. Instead the student is guided toward building their own complex 'primitive' using a 2 element list [real,imag], and building their own complex arithmetic functions. More generally, I see the authors approach as a good example of how a little Python understanding can be leveraged to 'add value' to a curricula - over a wide range of subject matters. As it happens, I had decided to roll my own Complex class as a classic Python class for my purposes. Deriving from 'complex' as a new style class turns out to have some, well, complexities - and at the moment there doesn't seem to be a lot of sample code and tutorials out there on the subject. Concluded I am in no position to be a pioneer. More sample code of this kind will, I'm sure, eventually make its way into circulation. Art From jeff@elkner.net Tue Apr 2 02:28:41 2002 From: jeff@elkner.net (Jeffrey Elkner) Date: 01 Apr 2002 21:28:41 -0500 Subject: [Edu-sig] counting lexemes... Message-ID: <1017714522.1248.67.camel@robeson> hi all! i got such a great response to my last query that i'm trying another one ;-) is there anything out there already that i can use to parse python, c++, and java source files to get a listing and count of the lexemes that occur in each? i spent the better part of an afternoon writing python scripts to remove comments and docstrings so that i could compare line numbers, and i'm afraid parsing to get at the lexemes is beyond my ability within the time i have left to prepare my thesis. anyone suggestions? thanks again! jeff elkner yorktown high school arlington, va From pobrien@orbtech.com Tue Apr 2 03:21:49 2002 From: pobrien@orbtech.com (Patrick K. O'Brien) Date: Mon, 1 Apr 2002 21:21:49 -0600 Subject: [Edu-sig] counting lexemes... In-Reply-To: <1017714522.1248.67.camel@robeson> Message-ID: The tokenize module might do what you want. """Tokenization help for Python programs. generate_tokens(readline) is a generator that breaks a stream of text into Python tokens. It accepts a readline-like method which is called repeatedly to get the next line of input (or "" for EOF). It generates 5-tuples with these members: the token type (see token.py) the token (a string) the starting (row, column) indices of the token (a 2-tuple of ints) the ending (row, column) indices of the token (a 2-tuple of ints) the original line (string) It is designed to match the working of the Python tokenizer exactly, except that it produces COMMENT tokens for comments and gives type OP for all operators Older entry points tokenize_loop(readline, tokeneater) tokenize(readline, tokeneater=printtoken) are the same, except instead of generating tokens, tokeneater is a callback function to which the 5 fields described above are passed as 5 arguments, each time a new token is found.""" --- Patrick K. O'Brien Orbtech > -----Original Message----- > From: edu-sig-admin@python.org [mailto:edu-sig-admin@python.org]On > Behalf Of Jeffrey Elkner > Sent: Monday, April 01, 2002 8:29 PM > To: edu-sig@python.org > Subject: [Edu-sig] counting lexemes... > > > hi all! > > i got such a great response to my last query that i'm trying another one > ;-) is there anything out there already that i can use to parse python, > c++, and java source files to get a listing and count of the lexemes > that occur in each? > > i spent the better part of an afternoon writing python scripts to remove > comments and docstrings so that i could compare line numbers, and i'm > afraid parsing to get at the lexemes is beyond my ability within the > time i have left to prepare my thesis. > > anyone suggestions? > > thanks again! > > jeff elkner > yorktown high school > arlington, va > > > > > _______________________________________________ > Edu-sig mailing list > Edu-sig@python.org > http://mail.python.org/mailman/listinfo/edu-sig From dyoo@hkn.eecs.berkeley.edu Wed Apr 3 01:49:52 2002 From: dyoo@hkn.eecs.berkeley.edu (Danny Yoo) Date: Tue, 2 Apr 2002 17:49:52 -0800 (PST) Subject: [Edu-sig] counting lexemes... In-Reply-To: <1017714522.1248.67.camel@robeson> Message-ID: On 1 Apr 2002, Jeffrey Elkner wrote: > i got such a great response to my last query that i'm trying another one > ;-) is there anything out there already that i can use to parse python, > c++, and java source files to get a listing and count of the lexemes > that occur in each? > > i spent the better part of an afternoon writing python scripts to remove > comments and docstrings so that i could compare line numbers, and i'm > afraid parsing to get at the lexemes is beyond my ability within the > time i have left to prepare my thesis. The Antlr parser generator by Terrence Parr, http://www.antlr.org/ has an example lexer/parser for Java 1.3, so you might be able to generate a Java lexer and parser using Antlr, and then drive it with Jython. I also saw a link to a production-quality C lexer and parser as well. This project looks interesting; if I have time, I'll see if I can cook up something. *grin* Good luck to you! From josh_mckenzie@hotmail.com Sun Apr 7 18:04:19 2002 From: josh_mckenzie@hotmail.com (Josh McKenzie) Date: Sun, 07 Apr 2002 17:04:19 +0000 Subject: [Edu-sig] Equality and Assignment Notation Message-ID: Hi Why does Python use the equal sign (=) to mean assignment, and use two equal signs (==) to mean equality? Equality and assignment are not the same, yet the meaning of the equal sign is universally understood, so why redefine its meaning? I know other languages like Java and C++ employ this convention too, but how does one explain the logic behind this approach? I'll readily admit to a bias: when I see the notation ':=' in languages like Pascal, Smalltalk or Eiffel etc, I can at least understand the distinction these languages attempt to impart to the user that equality and assignment are similar, but distinct concepts. It may seem a trivial point to bring up, but while I can explain the difference between equality and assignment, I cannot explain the logic of using the '=' and '==' notation. Thanks :-) Regards - Josh M. _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx From dustin@ywlcs.org Sun Apr 7 18:14:29 2002 From: dustin@ywlcs.org (Dustin Mitchell) Date: Sun, 7 Apr 2002 12:14:29 -0500 Subject: [Edu-sig] Equality and Assignment Notation In-Reply-To: References: Message-ID: <20020407171429.GN1358@eleanor.internal.ywlcs.org> On Sun, Apr 07, 2002 at 05:04:19PM +0000, Josh McKenzie wrote: > It may seem a trivial point to bring up, but while I can explain the > difference between equality and assignment, I cannot explain the > logic of using the '=' and '==' notation. I assume that Python inherited this behavior from C/C++ or some other languages, as you indicated. The only language I can think of where there was an independent justification for the syntax was BASIC, where one could write: 10 LET X = 20 which takes its cue from mathematical prose. The LET was optional, so this was universally shortened to 10 X = 20 and the confusion began. That's my theory. Dustin -- Dustin Mitchell dustin@ywlcs.org http://people.cs.uchicago.edu/~dustin/ From schoen@loyalty.org Sun Apr 7 19:40:29 2002 From: schoen@loyalty.org (Seth David Schoen) Date: Sun, 7 Apr 2002 11:40:29 -0700 Subject: [Edu-sig] Equality and Assignment Notation In-Reply-To: References: Message-ID: <20020407184029.GM26729@zork.net> Josh McKenzie writes: > Hi > > Why does Python use the equal sign (=) to mean assignment, and use > two equal signs (==) to mean equality? Equality and assignment are > not the same, yet the meaning of the equal sign is universally > understood, so why redefine its meaning? > > I know other languages like Java and C++ employ this convention too, > but how does one explain the logic behind this approach? > > I'll readily admit to a bias: when I see the notation ':=' in > languages like Pascal, Smalltalk or Eiffel etc, I can at least > understand the distinction these languages attempt to impart to the > user that equality and assignment are similar, but distinct concepts. > > It may seem a trivial point to bring up, but while I can explain the > difference between equality and assignment, I cannot explain the > logic of using the '=' and '==' notation. > > Thanks :-) In some languages, these have to be distinguished because the assignment operator can be used in an expression. E.g. in C you can say if (myflag = result()) or if (myflag == result()) and each of these is a potentially useful statement with a distinct meaning. The first is equivalent to myflag = result(); if (myflag) and the second is more obvious (checking whether the value returned from result() is equal to the existing value of myflag). The first idiom is often used in cases where something can return NULL or 0 to indicate failure: if ((f = fopen("foo")) != NULL) { ... } if ((m = malloc(n*sizeof(blah)) != NULL) { ... } (NULL is like Python's None.) Even in languages where assignment has to be a statement of its own, and can't be part of a larger expression, you could have confusion in the opposite direction. Many languages permit values (like integers or strings) and expressions which return them to stand on their own as statements. For example, "4" is a valid statement in Python (as well as in C). print "Hello, world!" 4 print "That had no effect on the execution of this program!" Because of this rule, a complex expression can also be a legal statement: print "Get ready for two irrelevant tests!" 2 + 2 == 4 9 < 12 print "Did you notice anything? I didn't, either." And that means that a test for equality can be a statement. Again: x = 1 print "This is amusing!" x**2 + 7*x + 53 == 1/3 print "That had no effect either!" So if Python didn't distinguish between assignment and equality, this program would be unambiguous x = 5 print "Hello" x < 6 print "Goodbye" Yet this program would be ambiguous: x = 5 print "Hello" x = 6 # does this mean "x == 6"? or "x = 6"? print "Goodbye" Distinguishing them allows more consistent application of the principle that _any expression_ can be a statement of its own. The choice of "==" and "=" rather than "=" and ":=" is just a matter of typography. The use of ":=" has older academic roots, and the use of "==" is traditional in C (and perhaps Kernighan and Ritchie found it in an earlier language like BPCL). There's an analogy to mathematicians' attempt to distinguish between defined equality and assumed, deduced, or hypothesized equality. If a mathematician says that _as a matter of notation_ I will define this symbol to mean this expression, it's in some sense a different kind of activity from talking about the proposition that two expressions are equal. So some mathematicians use a different symbol for defined equality and numeric equality. To put it one more way, a mathematician might say that "x = 2" is an _assertion_, which could be true or false, where "x := 2" is more like a performative, which causes a result and which is not itself true or false. I'm sure there's some interesting academic discussion of this going back to the 1950s and 1960s, but I haven't encountered much of it. -- Seth David Schoen | Reading is a right, not a feature! http://www.loyalty.org/~schoen/ | -- Kathryn Myronuk http://vitanuova.loyalty.org/ | From urnerk@qwest.net Sun Apr 7 17:00:10 2002 From: urnerk@qwest.net (Kirby Urner) Date: Sun, 7 Apr 2002 12:00:10 -0400 Subject: [Edu-sig] Equality and Assignment Notation In-Reply-To: References: Message-ID: On Sunday 07 April 2002 01:04 pm, Josh McKenzie wrote: > Hi > > Why does Python use the equal sign (=) to mean assignment, and use > two equal signs (==) to mean equality? Equality and assignment are > not the same, yet the meaning of the equal sign is universally > understood, so why redefine its meaning? Python likes to be spare with punctuation, so not surprising it doesn't go for the standard PL/1 style alternative a := 3 (with colon) for assignment, just as it drops enclosing block braces (uses indentation) and semi-colon line terminators (optional if you want more than one statement per line). APL had its own character set and so used <- (arrow) for assignment. > I know other languages like Java and C++ employ this convention too, > but how does one explain the logic behind this approach? > Very simply: notations come and go; it's the ideas that are important. If you have a difference, and a way of notating this difference, then you're done. Note that math books sometimes use the equal sign for assignment, and sometimes to assert equivalence. We're supposed to know the different from context. Parsers don't like 'context' so much -- better to be explicit. The use of a double equal makes sense in the light of other combos e.g. <= >= and !=. Kirby > I'll readily admit to a bias: when I see the notation ':=' in > languages like Pascal, Smalltalk or Eiffel etc, I can at least > understand the distinction these languages attempt to impart to the > user that equality and assignment are similar, but distinct concepts. > > It may seem a trivial point to bring up, but while I can explain the > difference between equality and assignment, I cannot explain the > logic of using the '=' and '==' notation. > > Thanks :-) > > Regards - Josh M. > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx > > > > _______________________________________________ > Edu-sig mailing list > Edu-sig@python.org > http://mail.python.org/mailman/listinfo/edu-sig From dennis.hamilton@acm.org Sun Apr 7 20:47:22 2002 From: dennis.hamilton@acm.org (Dennis E. Hamilton) Date: Sun, 7 Apr 2002 12:47:22 -0700 Subject: [Edu-sig] Equality and Assignment Notation In-Reply-To: Message-ID: There is no logic to it. When we started coding programming languages, "=" was in the character set and it was used for assignment. It started with Fortran and earlier efforts at programming languages. Since Fortran didn't have relational operators in the first version, there was no problem. In later versions, .EQ. was used for the relational operator, allowing Fortran to remain expressible in the original 48-character set. When there were relational operators and they needed to be different, the conventions of ":=" and "=" (Algol family) and "=" and "==" (the Ratfor family) arose. The use of := (and =:) to indicate a composed arrow just didn't set well with some people. I've always liked it myself. There may be some odd connection with ":" not being available in all character sets at the time these practices were being worked out. In some languages where there is no possible confusion of assignment and the equality relational operator, "=" is used both ways. It is arbitrary. Simply arbitrary. Both operations are needed, and their symbols usually need to be distinct. That's the whole deal. Basically, "==" is now the prevailing custom for the equality relational operator in programming languages. Since mathematics doesn't have an assignment operator, and mathematicians are willing to use other symbols (e.g., arrows) when needed, we are stuck with this odd cross-over dissonance. Math teachers here can tell us whether "==" is creeping into their discipline, and how students adjust to the different senses of "=" in school. -- Dennis -----Original Message----- From: edu-sig-admin@python.org [mailto:edu-sig-admin@python.org]On Behalf Of Josh McKenzie Sent: Sunday, April 07, 2002 10:04 To: edu-sig@python.org Subject: [Edu-sig] Equality and Assignment Notation Hi Why does Python use the equal sign (=) to mean assignment, and use two equal signs (==) to mean equality? Equality and assignment are not the same, yet the meaning of the equal sign is universally understood, so why redefine its meaning? I know other languages like Java and C++ employ this convention too, but how does one explain the logic behind this approach? I'll readily admit to a bias: when I see the notation ':=' in languages like Pascal, Smalltalk or Eiffel etc, I can at least understand the distinction these languages attempt to impart to the user that equality and assignment are similar, but distinct concepts. It may seem a trivial point to bring up, but while I can explain the difference between equality and assignment, I cannot explain the logic of using the '=' and '==' notation. Thanks :-) Regards - Josh M. _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx _______________________________________________ Edu-sig mailing list Edu-sig@python.org http://mail.python.org/mailman/listinfo/edu-sig From louis.bertrand@durhamc.on.ca Tue Apr 9 14:20:46 2002 From: louis.bertrand@durhamc.on.ca (Louis Bertrand) Date: Tue, 9 Apr 2002 09:20:46 -0400 Subject: [Edu-sig] Equality and Assignment Notation In-Reply-To: References: Message-ID: <200204091320.g39DKkgW030861@rebellion.durhamc.on.ca> On April 8, 2002 12:00 pm, edu-sig-request@python.org mused=20 out loud: > Why does Python use the equal sign (=3D) to mean > assignment, and use two equal signs (=3D=3D) to mean > equality? Equality and assignment are not the same, yet > the meaning of the equal sign is universally understood, > so why redefine its meaning? If you think you have trouble teaching a language with =3D=20 for assignment and =3D=3D for equality test, try SQL: SELECT * FROM mytable WHERE name=3D'Guido' gets all records in which the field name equals the string=20 'Guido'; Even better: UPDATE mytable SET language=3D'Python' WHERE name=3D'Guido' An assignment and an equality test in one statement. I don't care what distinction is made (:=3D or =3D=3D), just make=20 one! Ciao --Louis PS: Forbidding assignments in if and while statements is a=20 good idea, even if it's annoying. Try debugging code where: if( x =3D 0) { /* stuff */ } was written for: if( x =3D=3D 0) { /* stuff */ }=20 A good practice is to swap the terms: if( 0 =3D=3D x) { } that way if you typo the =3D=3D to =3D, the compiler squawks. Ciao --Louis --=20 Louis Bertrand School of Technology, Durham College Oshawa, ON, Canada +1.905.721.3111 x2468 From louis.bertrand@durhamc.on.ca Wed Apr 24 23:52:14 2002 From: louis.bertrand@durhamc.on.ca (Louis Bertrand) Date: Wed, 24 Apr 2002 18:52:14 -0400 Subject: [Edu-sig] chroot jail or sandbox? Message-ID: <200204242252.g3OMqEE7016893@rebellion.durhamc.on.ca> Hello, I'm exploring the idea of having my students=20 submit their programming assignments through=20 a Web dropboxand having those assignments=20 automatically marked by a script that runs=20 the submitted program with pre-arranged=20 test data, catching any boo-boos with exceptions. Here's the problem: this plan violates the secure=20 programming principle that you should never treat=20 data as code and I might be leaving myself=20 open for some serious malware. Does anyone have any experience with restricting the=20 privileges of a running Python program? As a first pass, I would: * run Python in a chroot(2) jail * load the jail with only the bare minimum to run Python and remove networking and os modules (at least). * scan the submitted programs for usage of sys.path. Any other suggestions? Thanks --Louis --=20 Louis Bertrand School of Technology, Durham College Oshawa, ON, Canada +1.905.721.3111 x2468 From dustin@ywlcs.org Thu Apr 25 02:56:53 2002 From: dustin@ywlcs.org (Dustin Mitchell) Date: Wed, 24 Apr 2002 20:56:53 -0500 Subject: [Edu-sig] chroot jail or sandbox? In-Reply-To: <200204242252.g3OMqEE7016893@rebellion.durhamc.on.ca> References: <200204242252.g3OMqEE7016893@rebellion.durhamc.on.ca> Message-ID: <20020425015652.GC7821@eleanor.internal.ywlcs.org> On Wed, Apr 24, 2002 at 06:52:14PM -0400, Louis Bertrand wrote: > Hello, > > I'm exploring the idea of having my students > submit their programming assignments through > a Web dropboxand having those assignments > automatically marked by a script that runs > the submitted program with pre-arranged > test data, catching any boo-boos with exceptions. > > Here's the problem: this plan violates the secure > programming principle that you should never treat > data as code and I might be leaving myself > open for some serious malware. > > Does anyone have any experience with restricting the > privileges of a running Python program? Yes, but don't trust any of them. Any such restriction is like trying to stop a river .. it's going to get through eventually. I would suggest that you look into, e.g., rexec[1], but construct your web dropbox such that *you* review the code before executing it. That is, students drop it in and it's timestamped. Then you come along whenever, enter some password, and are presented with a list of ungraded submissions. You call one up, look over the code, and decide to press or not press the "run" button. Rexec will catch anything straightforward, and likely anything tricky enough to get around rexec will stick out like a sore thumb in your reading of the code. Dustin [1] http://www.python.org/doc/current/lib/module-rexec.html -- Dustin Mitchell dustin@ywlcs.org http://people.cs.uchicago.edu/~dustin/ From djrassoc01@mindspring.com Thu Apr 25 03:17:50 2002 From: djrassoc01@mindspring.com (Dr. David J. Ritchie) Date: Wed, 24 Apr 2002 21:17:50 -0500 Subject: [Edu-sig] chroot jail or sandbox? References: <200204242252.g3OMqEE7016893@rebellion.durhamc.on.ca> Message-ID: <3CC76749.92789557@mindspring.com> Instead of... > having my students > submit their programming assignments through > a Web dropboxand having those assignments > automatically marked by a script that runs > the submitted program with pre-arranged > test data, catching any boo-boos with exceptions. > what if you were to turn it around and have them run the program on their machine with data they obtained from you and from which they sent you program output... I suppose they could fake the results or take them from someone else but a certain amount of random variation in the data might make that a lot more work to fake correctly. If you really needed to control it, you could give them an environment in which they were to run their homework which would poll you for data for input and send back results. --D. -- Dr. David J. Ritchie, Sr. djrassoc01@mindspring.com http://home.mindspring.com/~djrassoc01/ From todd@thewhittakers.org Thu Apr 25 11:57:46 2002 From: todd@thewhittakers.org (Todd Whittaker) Date: Thu, 25 Apr 2002 06:57:46 -0400 (EDT) Subject: [Edu-sig] chroot jail or sandbox? In-Reply-To: <200204242252.g3OMqEE7016893@rebellion.durhamc.on.ca> Message-ID: Louis, I have implemented such a system, and the insecurity of it still gives me the shivers. But, I can assert that it surely makes grading laboratory exercises **much** easier. Permit me to make a few suggestions: 1. Have students authenticate to your system. This will prevent the general cracker audience from dropping in just any old program. They'd at least need to compromise a username/password pair first. 2. Don't trust any input that the user actually gives, such as a username or lab number. Look up their input in a database of permitted labs, and then you can use your own data to construct paths for where to place the uploaded files. 3. It's good to run it chrooted. However, even this isn't enough unless you're clever enough to put each individual submission into its own jail, otherwise students can still write scripts to read each other's files. A better suggestion would be to set up a jail that can run a Java virtual machine with a security policy file. Then, use Jython to compile the Python scripts into Java .class files, and execute those. It's been my long term goal to rewrite what I have working, and provide it as GPL'd software, but that's a large number of weekend hacking sessions away. Good luck! -- Todd ------------------------------------------------------------- Todd A. Whittaker mailto:todd@thewhittakers.org http://www.thewhittakers.org/~todd/ ------------------------------------------------------------- On Wed, 24 Apr 2002, Louis Bertrand wrote: > Hello, > > I'm exploring the idea of having my students > submit their programming assignments through > a Web dropboxand having those assignments > automatically marked by a script that runs > the submitted program with pre-arranged > test data, catching any boo-boos with exceptions. > > Here's the problem: this plan violates the secure > programming principle that you should never treat > data as code and I might be leaving myself > open for some serious malware. > > Does anyone have any experience with restricting the > privileges of a running Python program? > > As a first pass, I would: > * run Python in a chroot(2) jail > * load the jail with only the bare minimum to run Python > and remove networking and os modules (at least). > * scan the submitted programs for usage of sys.path. > > Any other suggestions? > > Thanks > --Louis From glingl@aon.at Fri Apr 26 18:02:10 2002 From: glingl@aon.at (Gregor Lingl) Date: Fri, 26 Apr 2002 19:02:10 +0200 Subject: [Edu-sig] How to deal with strange errors? Message-ID: <3CC98812.38670CBB@rg16.asn-wien.ac.at> Hi Pythonistas! Im using Python in an educational setting for about a year now and from time to time i'm stumbling (?) over same strange behaviour of IDLE which I consider serious drawbacks in a classroom. One of these is that IDLE cannot react properly to infinite loops. So nothing else but using the Windows taskmanager helps and then reloading everything. Today this occured, when a (quite good) student renamed a loop-variable in the body of a loop during his program development efforts and forgot to do this also in the condition of the while-loop. Ooops. Unfortunately this occured during some sort of exam. Not good! It seems to me that every mistake you can think of also does occur eventually especially when teaching programming. Here I'll report a very special one which occured also during the exam-assignment this afternoon and which the student could not resolve on his own. For me it was interesting, because it did not occur because of a flaw of IDLE but because of a special powerful feature of the language itself. My student wrote this lines: print "Gib jeweils eine Note ein." note = ziffer = durchschnitt = input = ("Wenn du fertig bist, gib 0 ein") eingaben = 0 ziffernsumme = 0 while note > 0: ziffer = note % 10 note = note / 10 Don't think about the meanig of this but look at the syntax error. He got the error message: Gib jeweils eine Note ein. Traceback (most recent call last): File "Z:\6b-20020426\spaula\notendurchschnitt.py", line 10, in ? ziffer = note % 10 TypeError: not all arguments converted Naturally it took him a considerable amount of time to find the cause of this error (which was the = 4 lines above) O.k. he corrected his mistake and tried to rerun his program, this time getting the following error-message: Traceback (most recent call last): File "Z:\6b-20020426\spaula\notendurchschnitt.py", line 6, in ? note = ziffer = durchschnitt = input("Wenn du fertig bist, gib 0 ein") TypeError: 'str' object is not callable k.o.! He could not find out what was - or has been - going on, and even me didn't realize immediately what was the cause of this strange behaviour. Now there occur several questions to me (not in order of importance): 1. What do you do, when errors of this type occur? How do you explain it to students, just beginning to learn programming? 2. How could one develop means, which makes restarting the IDE or the interpreter obsolete? As far as I remember there is a good example in the TeachScheme-Project, where language-features can be turned on/off according to the level of knowledge of the students. One could imagine - in the case obove - to turn off the possibility of overwriting built-in functions in Python ( does there exist a switch concerning this?). 3. Is it possible to rebind input() to it's original built-in function without restarting the whole machinery. 4. Is there a list somewhere of features to implement / provide for educational use of IDLE or some special eduactional-IDE? Or should we start to collect ideas in this direction? My experience tells me (and my opinion is) that it is of crucial importance to have a (nearly) foolprove programming environment when working in school and trying to promote the use of Python. Interestingly it's not so important for the students but much more for the acceptance of the new tool by the majority of the teachers, who already have to learn so many new things concerning all the aspects of computer-science and who because of this show a rather sound(?) amount of inertia when asked to decide for new ways of teaching. (From time to time I do Python courses for teachers here in Vienna). I'm interested in your opinion about these problems and also to contribute to this development, but how? Regards Gregor Lingl From dyoo@hkn.eecs.berkeley.edu Fri Apr 26 18:35:15 2002 From: dyoo@hkn.eecs.berkeley.edu (Danny Yoo) Date: Fri, 26 Apr 2002 10:35:15 -0700 (PDT) Subject: [Edu-sig] Re: [Tutor] How to deal with strange errors? In-Reply-To: <3CC98812.38670CBB@rg16.asn-wien.ac.at> Message-ID: > note = ziffer = durchschnitt = input = ("Wenn du fertig bist, gib 0 ^^^^^^^^^ Yes. This doesn't call the input() function at all, but rebinds all those variables to a string. But one question is to ask: is there a reason why all those variables are directed to the same value? > He got the error message: > > Gib jeweils eine Note ein. > Traceback (most recent call last): > File "Z:\6b-20020426\spaula\notendurchschnitt.py", line 10, in ? > ziffer = note % 10 > TypeError: not all arguments converted This is an error message that occurs during string formatting. However, I think you're right: this error message doesn't seem descriptive enough for a newcomer to understand what's happening. Even for an intermediate user, this error message doesn't really mention the cause of the error, but only the side effect of it. It might be good to modify the error message to explicitely say something like: "TypeError: not all arguments converted during string formatting" to give a better hint that 'note' here is a string. I've entered a feature request into Sourceforge for this. http://sourceforge.net/tracker/index.php?func=detail&aid=549187&group_id=5470&atid=355470 and perhaps the error message itself can be improved to make the error more clear. > 2. How could one develop means, which makes restarting the IDE or > the interpreter obsolete? > As far as I remember there is a good example in the > TeachScheme-Project, > where language-features can be turned on/off according to the level > of knowledge of the students. > One could imagine - in the case obove - to turn off the possibility > of overwriting built-in functions in Python ( does there exist a > switch > concerning this?). DrScheme will, in fact, warn the user to clear off the previous session if a program has changed. It even has a large RESET button with red letters to make clearing the environment easy to do. > 3. Is it possible to rebind input() to it's original built-in function > without restarting the whole machinery. Although 'input' in the global environment is bound to that string now, it's still possible to fix this by going through the __builtin__ module and refix things: ### >>> input = 'argh' >>> input 'argh' >>> from __builtin__ import * >>> input ### That's probably one way of doing it. > 4. Is there a list somewhere of features to implement / provide for > educational use of IDLE or some special eduactional-IDE? Or should we > start to collect ideas in this direction? The IDLEFork-dev mailing list might be a good place to place to discuss educational issues with IDLE. Good luck to you! From pobrien@orbtech.com Fri Apr 26 18:50:15 2002 From: pobrien@orbtech.com (Patrick K. O'Brien) Date: Fri, 26 Apr 2002 12:50:15 -0500 Subject: [Edu-sig] Re: [Tutor] How to deal with strange errors? In-Reply-To: Message-ID: [Danny Yoo] > > 3. Is it possible to rebind input() to it's original built-in function > > without restarting the whole machinery. > > Although 'input' in the global environment is bound to that string now, > it's still possible to fix this by going through the __builtin__ module > and refix things: > > ### > >>> input = 'argh' > >>> input > 'argh' > >>> from __builtin__ import * > >>> input > > ### > > That's probably one way of doing it. Here is another: >>> input = 'blah' >>> input 'blah' >>> input = __builtins__['input'] # Note the trailing 's' >>> input >>> --- Patrick K. O'Brien Orbtech From pobrien@orbtech.com Fri Apr 26 19:03:45 2002 From: pobrien@orbtech.com (Patrick K. O'Brien) Date: Fri, 26 Apr 2002 13:03:45 -0500 Subject: [Edu-sig] How to deal with strange errors? In-Reply-To: <3CC98812.38670CBB@rg16.asn-wien.ac.at> Message-ID: > I'm interested in your opinion about these problems > and also to contribute to this development, but how? > > Regards > Gregor Lingl I'll repeat an offer I've made on more than one occassion. As the creator of PyCrust, I would be more than happy to work with anyone that wanted to extend its use as a teaching tool. PyCrust is an interactive Python shell and namespace viewer written in Python with the wxPython gui toolkit. PyCrust now ships with wxPython (http://www.wxpython.org). The latest development version is available from CVS at SourceForge (http://sourceforge.net/projects/pycrust). All the foundation work is done. The PyCrust environment can be manipulated like any other Python object and was designed to be modular and extendable. PyCrust has many features that lend themselves to a teaching environment, like autocompletion, calltips, a namespace tree, command recall and full multi-line editing. But it still has most (if not all) of the flaws that were pointed out in this email. I think they are all fixable, but I have a limited amount of time and energy that I can devote to this. What's missing is someone with a little imagination that wanted to take the lead and run with this. Let me know if anyone is interested. --- Patrick K. O'Brien Orbtech From rwolff@noao.edu Fri Apr 26 23:31:00 2002 From: rwolff@noao.edu (Richard Wolff) Date: Fri, 26 Apr 2002 15:31:00 -0700 Subject: [Edu-sig] Re: [Tutor] How to deal with strange errors? In-Reply-To: References: Message-ID: On Friday 26 April 2002 10:50 am, you wrote: > [Danny Yoo] > > > > 3. Is it possible to rebind input() to it's original built-in function > > > without restarting the whole machinery. > > 'del' is the easiest. >>> input = 'argh' >>> input 'argh' >>> del input >>> input From Jason Cunliffe" Hoping people here on EDU-SIG will submit articles to Py, a new Python zine http://www.pyzine.com/ ./Jason From schoen@loyalty.org Mon Apr 29 05:30:02 2002 From: schoen@loyalty.org (Seth David Schoen) Date: Sun, 28 Apr 2002 21:30:02 -0700 Subject: [Edu-sig] chroot jail or sandbox? In-Reply-To: <200204242252.g3OMqEE7016893@rebellion.durhamc.on.ca> References: <200204242252.g3OMqEE7016893@rebellion.durhamc.on.ca> Message-ID: <20020429043002.GL25152@zork.net> Louis Bertrand writes: > Hello, > > I'm exploring the idea of having my students > submit their programming assignments through > a Web dropboxand having those assignments > automatically marked by a script that runs > the submitted program with pre-arranged > test data, catching any boo-boos with exceptions. > > Here's the problem: this plan violates the secure > programming principle that you should never treat > data as code and I might be leaving myself > open for some serious malware. > > Does anyone have any experience with restricting the > privileges of a running Python program? > > As a first pass, I would: > * run Python in a chroot(2) jail > * load the jail with only the bare minimum to run Python > and remove networking and os modules (at least). > * scan the submitted programs for usage of sys.path. "Scanning the submitted programs" for anything is always tougher than it sounds. Just looking at that one example, it's easy to disguise a reference to sys.path: import sys as fun forbidden = fun.path or alternatively, a much more complicated approach, import sys, md5 forbidden = eval("sys."+filter(lambda x:md5.md5(x).hexdigest()=='d6fe1d0be6347b8ef2427fa629c04485',dir(sys))[0]) or a way to avoid mentioning the "sys" part: import sys i = "" for i in globals().values(): try: i.getrecursionlimit fooled_you = i.path break except: pass -- Seth David Schoen | Reading is a right, not a feature! http://www.loyalty.org/~schoen/ | -- Kathryn Myronuk http://vitanuova.loyalty.org/ | From urnerk@qwest.net Mon Apr 29 04:45:23 2002 From: urnerk@qwest.net (Kirby Urner) Date: Sun, 28 Apr 2002 23:45:23 -0400 Subject: [Edu-sig] chroot jail or sandbox? In-Reply-To: <20020429043002.GL25152@zork.net> References: <200204242252.g3OMqEE7016893@rebellion.durhamc.on.ca> <20020429043002.GL25152@zork.net> Message-ID: <200204282345.23165.urnerk@qwest.net> If you can authenticate the submitter, via password, then isn't this a deterrent against purposely malicious code? After all, you'll have a copy of the source with a link to the author (could archive source to a secure place before running, if you think the program might erase itself). If it's a programming class, just running code against test data is probably insufficient feedback anyway. You could at least eyeball the code and offer feedback on such things as the presence of coherent comments etc., at which point you could look for weird,=20 obfuscatory syntax. But maybe that's not a realistic in your context. Another approach would be to set up plain vanilla quarantined box=20 with its own web server and have student code run there, with=20 a way to restore state completely from backup media in case of=20 melt down i.e. keep potentially toxic code confined to a computer designated for running such stuff. Kirby From matthias@ccs.neu.edu Tue Apr 30 00:37:31 2002 From: matthias@ccs.neu.edu (matthias@ccs.neu.edu) Date: Mon, 29 Apr 2002 19:37:31 -0400 Subject: [Edu-sig] chroot jail or sandbox? In-Reply-To: <20020429160003.10046.3576.Mailman@mail.python.org> Message-ID: <000101c1efd6$d5081100$6401a8c0@jam3.none> If Python had followed the TeachScheme! strategy, you could sandbox the student programs by running the module in the language that they are supposed to use. The languages are well-specified so that students can't write malicious code. Period. All code that could be malicious comes from a TeachPack, written by you. The technology to make that work is to support modules that are written in different languages and link them together (also dynamically) as if they had been written in one language. The rest is a mixture of threads, resource containers, and externally controlled event spaces, but I suspect that Python has these kinds of things. Works like a charm for 1000's of students, assuming you have a big enough machine. -- Matthias