[Numpy-discussion] numpy and the Google App Engine
David Goldsmith
d.l.goldsmith at gmail.com
Wed May 26 13:57:58 EDT 2010
On Wed, May 26, 2010 at 10:37 AM, Christopher Hanley <chanley at stsci.edu>wrote:
> On Wed, May 26, 2010 at 12:49 PM, Dag Sverre Seljebotn
> <dagss at student.matnat.uio.no> wrote:
> > Christopher Hanley wrote:
> >> Greetings,
> >>
> >> Google provides a product called App Engine. The description from
> >> their site follows,
> >>
> >> "Google App Engine enables you to build and host web apps on the same
> >> systems that power Google applications.
> >> App Engine offers fast development and deployment; simple
> >> administration, with no need to worry about hardware,
> >> patches or backups; and effortless scalability. "
> >>
> >> You can deploy applications written in either Python or JAVA. There
> >> are free and paid versions of the service.
> >>
> >> The Google App Engine would appear to be a powerful source of CPU
> >> cycles for scientific computing. Unfortunately this is currently not
> >> the case because numpy is not one of the supported libraries. The
> >> Python App Engine allows only the installation of user supplied pure
> >> Python code.
> >>
> >> I have recently returned from attending the Google I/O conference in
> >> San Francisco. While there I inquired into the possibility of getting
> >> numpy added. The basic response was that there doesn't appear to be
> >> much interest from the community given the amount of work it would
> >> take to vet and add numpy.
> >
> > Something to keep in mind: It's rather trivial to write code to
> > intentionally crash the Python interpreter using pure Python code and
> > NumPy (or overwrite data in it, run custom assembly code...in short,
> > NumPy is a big gaping security hole in this context). This obviously
> > can't go on in the AppEngine. So this probably involves a considerable
> > amount of work in the NumPy source code base as well, it's not simply
> > about verifying.
> >
>
> Agreed. Perhaps the recently discussed rework of the C internals will
> better allow a security audit of numpy.
My guess is that when "the fur begins to fly," submitted tickets will
receive more attention, i.e., if you really want to see this done...file a
ticket. (IMO, it's *never* wasted effort to do this: the worst that can
happen is that some - recorded - person will close it as "will not do," and
if for some unforeseeable reason they're unwilling to include an explanation
as to why, well, you'll "know where they live," so to speak.)
DG
> At that point perhaps the
> numpy community could more easily work with Google to fix security
> problems.
>
>
> > --
> > Dag Sverre
> > _______________________________________________
> > NumPy-Discussion mailing list
> > NumPy-Discussion at scipy.org
> > http://mail.scipy.org/mailman/listinfo/numpy-discussion
> >
>
>
>
> --
> Christopher Hanley
> Senior Systems Software Engineer
> Space Telescope Science Institute
> 3700 San Martin Drive
> Baltimore MD, 21218
> (410) 338-4338
> _______________________________________________
> NumPy-Discussion mailing list
> NumPy-Discussion at scipy.org
> http://mail.scipy.org/mailman/listinfo/numpy-discussion
>
--
Mathematician: noun, someone who disavows certainty when their uncertainty
set is non-empty, even if that set has measure zero.
Hope: noun, that delusive spirit which escaped Pandora's jar and, with her
lies, prevents mankind from committing a general suicide. (As interpreted
by Robert Graves)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/numpy-discussion/attachments/20100526/21c2eec4/attachment.html>
More information about the NumPy-Discussion
mailing list