[Chicago] built app to auto-generate UI for scripts.

Randy Baxley randy7771026 at gmail.com
Wed Jul 23 13:41:45 CEST 2014 

OK then, my thinking is sometimes we are like the Star Trek or maybe
Twilight or Weird episode were beings were moving so fast that the crew
just heard buzzing.  Then again maybe we are trying to heard cats or turn
the tide and momentum of a mighty river.  In the meanwhile a while is
longer for some than for others.  For me though I cut and pasted some
working code into the program, highlighted a variable and got nowhere.  The
little example did work though.  Is that what was supposed to happen?

I tend to think this sandbox idea of quickly getting code into a mockup UI
is a good one.

Also Cobra, Vagrant, Sculpt, CodeSkulptor and a Github IDE I think are good
ideas.

http://opengovhacknight.org/events/2014/06/03/englewood-codes-north-central-college-and-github.html

Having a Python committed team with time and money to build and maintain
all of these good ideas and have them work with each other I also think is
a good idea.  Not sure I have any good idea how to make that happen though.






On Tue, Jul 22, 2014 at 5:55 PM, Carl Karsten <carl at personnelware.com>
wrote:

> What makes Python great is that you can do really powerful stuff pretty
> easy.
>
> too bad cuz you don't want that here.
>
> Here is a smart person talking about it.
> http://pyvideo.org/video/2585/building-and-breaking-a-python-sandbox
>
>
>
>
> On Tue, Jul 15, 2014 at 3:17 PM, Paul Katsen <pkpp1233 at gmail.com> wrote:
>
>> Setting up rate limit today. Right now the container just times-out. And
>> you're right, container being taken down is no problem b/c I'm running one
>> for each script. There has to be a secure way to pull this off.
>>
>> Right now you have to sign up to publish, but you can run code
>> unrestricted. Just testing if quickly publishing scripts is valuable at all.
>>
>>
>> On Tue, Jul 15, 2014 at 2:14 PM, Japhy Bartlett <japhy at pearachute.com>
>> wrote:
>>
>>> The last I heard this was just a Bad Idea, from python-dev back in the
>>> day:
>>>
>>> http://lwn.net/Articles/321872/
>>>
>>>
>>> I guess since docker is pretty ephemeral you can live with a container
>>> being taken down.  Regularly nuke them and rebuild to keep malware out.
>>>  Rate limit new creations and CPU/memory usage somehow?
>>>
>>> Definitely check your firewalls to keep anyone from launching spam or
>>> DDOS attacks from your servers..
>>>
>>> This just seems like a massive liability, not sure how Coursera or
>>> anyone is getting away with it.  Is it restricted to verified users somehow?
>>>
>>>
>>> On Tue, Jul 15, 2014 at 1:39 PM, Joe Germuska <joe at germuska.com> wrote:
>>>
>>>> Hey, Paul:
>>>>
>>>> I don’t have direct experience, but see
>>>> https://wiki.python.org/moin/SandboxedPython
>>>> and
>>>>
>>>> https://wiki.python.org/moin/Asking%20for%20Help/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20%28i.e.%20Sandbox%29
>>>> <https://wiki.python.org/moin/Asking%20for%20Help/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20(i.e.%20Sandbox)>
>>>>
>>>> Joe
>>>>
>>>> On Jul 15, 2014, at 1:33 PM, Paul Katsen <pkpp1233 at gmail.com> wrote:
>>>>
>>>> any advice on how to sandbox even more? i know sites like Udacity and
>>>> Coursera are running arbitrary code too.
>>>>
>>>>
>>>> On Tue, Jul 15, 2014 at 1:21 PM, Japhy Bartlett <japhy at pearachute.com>
>>>> wrote:
>>>>
>>>>> you're kind of sandboxed at least because you're running in docker,
>>>>> but this is very vulnerable to malicious code!
>>>>>
>>>>> import subprocess
>>>>> subprocess.call('whoami')
>>>>>
>>>>>
>>>>> > root
>>>>>
>>>>>
>>>>> On Tue, Jul 15, 2014 at 1:06 PM, Paul Katsen <pkpp1233 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hey ya'll.
>>>>>>
>>>>>> I kept needing to teach non-engineers how to use the terminal to run
>>>>>> scripts. Decided to just hack up a site last week where you can copy/paste
>>>>>> your script in, select inputs for your script, and you get a shareable link
>>>>>> to run your code.
>>>>>>
>>>>>> Check it out - would love your feedback:
>>>>>> https://python.blockspring.com/.
>>>>>>
>>>>>>  -Paul
>>>>>>
>>>>>> _______________________________________________
>>>>>> Chicago mailing list
>>>>>> Chicago at python.org
>>>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Chicago mailing list
>>>>> Chicago at python.org
>>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Chicago mailing list
>>>> Chicago at python.org
>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>
>>>>
>>>> --
>>>> Joe Germuska
>>>> Joe at Germuska.com * http://blog.germuska.com *
>>>> http://twitter.com/JoeGermuska
>>>>
>>>> "Learn to fear any church that fears drums." --Regie Gibson
>>>>
>>>>
>>>> _______________________________________________
>>>> Chicago mailing list
>>>> Chicago at python.org
>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Chicago mailing list
>>> Chicago at python.org
>>> https://mail.python.org/mailman/listinfo/chicago
>>>
>>>
>>
>> _______________________________________________
>> Chicago mailing list
>> Chicago at python.org
>> https://mail.python.org/mailman/listinfo/chicago
>>
>>
>
>
> --
> Carl K
>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20140723/661cc0b8/attachment.html>

More information about the Chicago mailing list