From peter.inglesby at gmail.com Mon Jul 3 04:04:22 2017 From: peter.inglesby at gmail.com (Peter Inglesby) Date: Mon, 3 Jul 2017 09:04:22 +0100 Subject: [python-uk] Launching PyCon UK Message-ID: Hi everyone, I'm delighted to announce that tickets for PyCon UK 2017 are now on sale from our website . Our Call for Participation is also open, and we've started taking applications for financial assistance . The conference will be at Cardiff City Hall Thursday 26th to Monday 30th October, and we hope that we'll see many of you there. There'll be plenty more announcements over the coming weeks, so keep an eye out on the UK Python News mailing list . Please share this with your friends and colleagues, and if you have any questions, get in touch . Finally, I'd like to take this opportunity to thank the PyCon UK Committee for the work they've already done, and all those who will contribute to the conference. ~ Peter Inglesby PyCon UK 2017 Chair -------------- next part -------------- An HTML attachment was scrubbed... URL: From ntoll at ntoll.org Mon Jul 3 05:06:13 2017 From: ntoll at ntoll.org (Nicholas H.Tollervey) Date: Mon, 03 Jul 2017 10:06:13 +0100 Subject: [python-uk] [pyconuk] Launching PyCon UK In-Reply-To: References: Message-ID: <1499072773.12646.0.camel@ntoll.org> Thank you Peter and everyone else involved in PyCon UK. You're doing an amazing job and I'm really looking forward to it! Best wishes, N. On Mon, 2017-07-03 at 09:04 +0100, Peter Inglesby wrote: > Hi everyone, > > I'm delighted to announce that tickets for PyCon UK 2017 are now on > sale from our website.? Our Call for Participation is also open, and > we've started taking applications for financial assistance. > > The conference will be at Cardiff City Hall?Thursday 26th to Monday > 30th October, and we hope that we'll see many of you there. > > There'll be plenty more announcements over the coming weeks, so keep > an eye out on the UK Python News mailing list. > > Please share this with your friends and colleagues, and if you have > any questions, get in touch. > > Finally, I'd like to take this opportunity to thank the PyCon UK > Committee for the work they've already done, and all those who will > contribute to the conference. > > ~ Peter Inglesby > PyCon UK 2017 Chair > _______________________________________________ > pyconuk mailing list > pyconuk at python.org > https://mail.python.org/mailman/listinfo/pyconuk -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: This is a digitally signed message part URL: From John at understandingrecruitment.co.uk Sun Jul 9 14:52:40 2017 From: John at understandingrecruitment.co.uk (John Thistlethwaite) Date: Sun, 9 Jul 2017 18:52:40 +0000 Subject: [python-uk] =?windows-1252?q?Backend_Developer_=96_Oxford_=96_Ox?= =?windows-1252?q?ford_University_Spin_Out?= Message-ID: Hi all, I am looking to speak with Oxford based (and surrounding areas) Developers with a background in Backend Python and AWS. The company I am working with is based in Central Oxford and is a spin out from Oxford University. They are currently developing software to enhance efficiency in all markets through Geo-Positioning which requires no assistance from satellites. The company are really well financed, with 2 years? worth of funding remaining with another round coming up in December. Recently signed up to a number of global organisations and trialled with great success in hospitals. You will be working closely with researchers to commercialise the theoretical processes which have taken 3 years to develop and have a real impact in scaling the platform to allow the company to grow client base further and replace existing geo-positioning technology at a much lower cost to major sectors which provide significant infrastructure to the UK. If you have experience in Python, AWS and are keen to work in a fast paced business that are taking on board real world problems and reducing spend and improving efficiency for the NHS and many other important sectors for the UK then please get in touch on 01727 228 257 or john at understandingrecruitment.co.uk Best Regards John Thistlethwaite -------------- next part -------------- An HTML attachment was scrubbed... URL: From ntoll at ntoll.org Thu Jul 13 14:19:53 2017 From: ntoll at ntoll.org (Nicholas H.Tollervey) Date: Thu, 13 Jul 2017 19:19:53 +0100 Subject: [python-uk] One of our own as an inspiring woman in tech... Message-ID: <1499969993.2081.47.camel@ntoll.org> Hi Folks, You may not realise, but our very own Carrie Anne Philbin has been nominated for this year's award as an inspiring woman in tech. We all know she's an inspiring woman in tech *anyway* but if you believe her contributions to our community, education and diversity in technology deserve celebration and recognition you can vote for her here: http://www.computerweekly.com/news/450422519/Voting-open-vote-now-for-t he-most-influential-woman-in-UK-tech-2017 It's very easy to vote, they don't require you to sign up or anything and it'd be wonderful if Carrie Anne was recognised! Please spread the word and vote! :-) Best wishes, N. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: This is a digitally signed message part URL: From amfarrell at mit.edu Thu Jul 13 14:58:21 2017 From: amfarrell at mit.edu (Andrew Farrell) Date: Thu, 13 Jul 2017 18:58:21 +0000 Subject: [python-uk] One of our own as an inspiring woman in tech... In-Reply-To: <1499969993.2081.47.camel@ntoll.org> References: <1499969993.2081.47.camel@ntoll.org> Message-ID: If y'all haven't yet, you should also watch her Crash Course Computer Science series on YouTube: https://m.youtube.com/watch?v=O5nskjZ_GoI&list=LLyqT0WIM3oD_ksV1nZGIqRg&index=26 On Thu, Jul 13, 2017 at 7:21 PM Nicholas H.Tollervey wrote: > Hi Folks, > > You may not realise, but our very own Carrie Anne Philbin has been > nominated for this year's award as an inspiring woman in tech. We all > know she's an inspiring woman in tech *anyway* but if you believe her > contributions to our community, education and diversity in technology > deserve celebration and recognition you can vote for her here: > > http://www.computerweekly.com/news/450422519/Voting-open-vote-now-for-t > he-most-influential-woman-in-UK-tech-2017 > > > It's very easy to vote, they don't require you to sign up or anything > and it'd be wonderful if Carrie Anne was recognised! Please spread the > word and vote! :-) > > Best wishes, > > N._______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From r.taylor at bcs.org.uk Thu Jul 13 15:01:22 2017 From: r.taylor at bcs.org.uk (Richard Taylor) Date: Thu, 13 Jul 2017 20:01:22 +0100 Subject: [python-uk] One of our own as an inspiring woman in tech... In-Reply-To: <1499969993.2081.47.camel@ntoll.org> References: <1499969993.2081.47.camel@ntoll.org> Message-ID: She has got my vote! Richard On 13 July 2017 at 19:19, Nicholas H.Tollervey wrote: > Hi Folks, > > You may not realise, but our very own Carrie Anne Philbin has been > nominated for this year's award as an inspiring woman in tech. We all > know she's an inspiring woman in tech *anyway* but if you believe her > contributions to our community, education and diversity in technology > deserve celebration and recognition you can vote for her here: > > http://www.computerweekly.com/news/450422519/Voting-open-vote-now-for-t > he-most-influential-woman-in-UK-tech-2017 > > It's very easy to vote, they don't require you to sign up or anything > and it'd be wonderful if Carrie Anne was recognised! Please spread the > word and vote! :-) > > Best wishes, > > N. > _______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mail at timgolden.me.uk Wed Jul 19 10:17:12 2017 From: mail at timgolden.me.uk (Tim Golden) Date: Wed, 19 Jul 2017 15:17:12 +0100 Subject: [python-uk] London Python Dojo venues - planning ahead Message-ID: The London Python Dojo team is trying to put together a plan for the coming year, starting from September. We'd like to line up, in advance, hosting venues and, in certain months, specific themes. If you've never come across the London Python Dojo, you can read a little about it here: http://ldnpydojo.org.uk/ and see us on Twitter here: https://twitter.com/ldnpydojo https://twitter.com/search?q=%23ldnpydojo This, then, is a call for companies prepared to host the Dojo over the coming months. Usually the hosting company provides office space and food & drink. But maybe you can provide the space but have no budget for refreshments; or you're willing to pay for beer & pizza but have no space suitable for 30 people. Perhaps you're willing to pay for space elsewhere for an evening (eg in a shared working space). Over the years quite a few companies have generously provided space and food, and we hope they can again. For other companies, it's not only a chance to give back to the Python community, it's also gets you a bit of advertising and goodwill, and a chance to scout for talent! Aside from whatever space you're providing, you're looking at something like 12 pizzas and beer/soft drinks for 30 people. So, is your company willing, on one or more months, to: * Host the Dojo in your offices and provide food? * Sponsor a hosting venue (eg a shared space)? * Sponsor food & drink at someone else's venue? If you are -- or if you think you can get help in some other way -- please contact the London Python Dojo team: team at ldnpydojo.org.uk Thanks TJG From pythonconsultant01 at gmail.com Wed Jul 19 12:29:32 2017 From: pythonconsultant01 at gmail.com (Python Consultant) Date: Wed, 19 Jul 2017 21:59:32 +0530 Subject: [python-uk] [COMMERCIAL] Python/Django/Data Science online trainings Message-ID: Hi Guys, I am Ram, I have around 10 years of exp in python training's. I am conducting online training's on Python, Django and Data Science. Classes start from 24th July 2017. If some one is interested in these training's, Please send me an email on pythonconsultant01 at gmail.com Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From john at trivialbusiness.co.uk Fri Jul 21 03:46:53 2017 From: john at trivialbusiness.co.uk (John Crickett) Date: Fri, 21 Jul 2017 08:46:53 +0100 Subject: [python-uk] Looking for two Python contractors Message-ID: Hi All, The company I'm currently contracting for is looking for two Python contractors, to be based in Newbury. We're working on a small HPC system, being built using Python 3.5, Numpy and Pandas. If anyone is available and looking please get in touch privately for more details. Thanks, John -------------- next part -------------- An HTML attachment was scrubbed... URL: From muiruri.samuel at gmail.com Sun Jul 23 01:44:45 2017 From: muiruri.samuel at gmail.com (Samuel Muiruri) Date: Sun, 23 Jul 2017 08:44:45 +0300 Subject: [python-uk] How to leave only dominant colors in a colorfest image Message-ID: http://codelikeapythonista.blogspot.co.ke/2017/07/using-pil-to-leave-only-specific-colors.html -- Best Regards, Samuel Muiruri. Web Designer | +254 738 940064 -------------- next part -------------- An HTML attachment was scrubbed... URL: From muiruri.samuel at gmail.com Tue Jul 25 03:34:47 2017 From: muiruri.samuel at gmail.com (Samuel Muiruri) Date: Tue, 25 Jul 2017 10:34:47 +0300 Subject: [python-uk] Using python to remove colors you don't want from an image Message-ID: I created a feature to use PIL to pick which colors to keep in an image https://www.youtube.com/watch?v=b3N4q7MMPFc -- Best Regards, Samuel Muiruri. Web Designer | +254 738 940064 -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter.inglesby at gmail.com Wed Jul 26 08:32:19 2017 From: peter.inglesby at gmail.com (Peter Inglesby) Date: Wed, 26 Jul 2017 13:32:19 +0100 Subject: [python-uk] The UK Python Association Message-ID: Hi all, The PyCon UK committee have recently registered the the UK Python Association as a Charitable Incorporated Organisation with the Charity Commission. The UKPA is a membership organisation, and in the first instance, anybody who attends PyCon UK 2017 is entitled to membership. For now, membership entitles you to vote to elect the organisation's trustees. You can indicate that you would like to join the UKPA when you buy a ticket for the conference , or if you already have a ticket, when you fill out your profile . We are looking to elect up to six trustees for the UKPA at the first AGM on the Saturday of the conference. The trustees will be responsible for the charity's management and administration, and will be responsible for appointing a chair for PyCon UK 2018. If you would like to put yourself forward for election as trustee, please complete the nomination form by Thursday 12th October. You can read more about the decision-making behind the formation of the UKPA here . If you have any questions, please get in touch with the trustees: trustees at uk.python.org. I'd like to thank Owen Campbell for the hard work to make this happen. All the best, Peter -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniele at vurt.org Wed Jul 26 08:36:25 2017 From: daniele at vurt.org (Daniele Procida) Date: Wed, 26 Jul 2017 14:36:25 +0200 Subject: [python-uk] The UK Python Association In-Reply-To: References: Message-ID: <20170726123625.1001810759@mail.gandi.net> On Wed, Jul 26, 2017, Peter Inglesby wrote: >I'd like to thank Owen Campbell for the hard work to make this happen. And Peter too. Owen and Peter have put in a vast amount of effort on all things Python-and-PyCon-UK-related recently, and I think we're all going to be benefiting from them for some time to come. Daniele From theology at gmail.com Wed Jul 26 08:48:06 2017 From: theology at gmail.com (Zeth) Date: Wed, 26 Jul 2017 13:48:06 +0100 Subject: [python-uk] The UK Python Association In-Reply-To: <20170726123625.1001810759@mail.gandi.net> References: <20170726123625.1001810759@mail.gandi.net> Message-ID: Indeed thanks to both. On 26 Jul 2017 13:36, "Daniele Procida" wrote: On Wed, Jul 26, 2017, Peter Inglesby wrote: >I'd like to thank Owen Campbell for the hard work to make this happen. And Peter too. Owen and Peter have put in a vast amount of effort on all things Python-and-PyCon-UK-related recently, and I think we're all going to be benefiting from them for some time to come. Daniele _______________________________________________ python-uk mailing list python-uk at python.org https://mail.python.org/mailman/listinfo/python-uk -------------- next part -------------- An HTML attachment was scrubbed... URL: From ntoll at ntoll.org Wed Jul 26 09:06:06 2017 From: ntoll at ntoll.org (Nicholas H.Tollervey) Date: Wed, 26 Jul 2017 14:06:06 +0100 Subject: [python-uk] The UK Python Association In-Reply-To: References: <20170726123625.1001810759@mail.gandi.net> Message-ID: Here here... N. On 26/07/17 13:48, Zeth wrote: > Indeed thanks to both. > > On 26 Jul 2017 13:36, "Daniele Procida" > wrote: > > On Wed, Jul 26, 2017, Peter Inglesby > wrote: > > >I'd like to thank Owen Campbell for the hard work to make this happen. > > And Peter too. > > Owen and Peter have put in a vast amount of effort on all things > Python-and-PyCon-UK-related recently, and I think we're all going to > be benefiting from them for some time to come. > > Daniele > > _______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk > > > > > > _______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From mail at timgolden.me.uk Wed Jul 26 09:13:09 2017 From: mail at timgolden.me.uk (Tim Golden) Date: Wed, 26 Jul 2017 14:13:09 +0100 Subject: [python-uk] The UK Python Association In-Reply-To: References: <20170726123625.1001810759@mail.gandi.net> Message-ID: <01202aa6-411c-19a0-b4ac-b0992a1db342@timgolden.me.uk> (*cough* https://english.stackexchange.com/questions/6690/hear-hear-or-here-here) But I definitely echo the sentiment! TJG On 26/07/2017 14:06, Nicholas H.Tollervey wrote: > Here here... > > N. > > On 26/07/17 13:48, Zeth wrote: >> Indeed thanks to both. >> >> On 26 Jul 2017 13:36, "Daniele Procida" > > wrote: >> >> On Wed, Jul 26, 2017, Peter Inglesby > > wrote: >> >> >I'd like to thank Owen Campbell for the hard work to make this happen. >> >> And Peter too. >> >> Owen and Peter have put in a vast amount of effort on all things >> Python-and-PyCon-UK-related recently, and I think we're all going to >> be benefiting from them for some time to come. >> >> Daniele >> >> _______________________________________________ >> python-uk mailing list >> python-uk at python.org >> https://mail.python.org/mailman/listinfo/python-uk >> >> >> >> >> >> _______________________________________________ >> python-uk mailing list >> python-uk at python.org >> https://mail.python.org/mailman/listinfo/python-uk >> > > > > _______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk > From ntoll at ntoll.org Wed Jul 26 09:14:14 2017 From: ntoll at ntoll.org (Nicholas H.Tollervey) Date: Wed, 26 Jul 2017 14:14:14 +0100 Subject: [python-uk] The UK Python Association In-Reply-To: <01202aa6-411c-19a0-b4ac-b0992a1db342@timgolden.me.uk> References: <20170726123625.1001810759@mail.gandi.net> <01202aa6-411c-19a0-b4ac-b0992a1db342@timgolden.me.uk> Message-ID: <7c53f205-7a7d-d764-7daa-5dc11c6f2ed1@ntoll.org> Hahahaha... hear-here :-) N. On 26/07/17 14:13, Tim Golden wrote: > (*cough* > https://english.stackexchange.com/questions/6690/hear-hear-or-here-here) > > But I definitely echo the sentiment! > > TJG > > On 26/07/2017 14:06, Nicholas H.Tollervey wrote: >> Here here... >> >> N. >> >> On 26/07/17 13:48, Zeth wrote: >>> Indeed thanks to both. >>> >>> On 26 Jul 2017 13:36, "Daniele Procida" >> > wrote: >>> >>> On Wed, Jul 26, 2017, Peter Inglesby >> > wrote: >>> >>> >I'd like to thank Owen Campbell for the hard work to make this >>> happen. >>> >>> And Peter too. >>> >>> Owen and Peter have put in a vast amount of effort on all things >>> Python-and-PyCon-UK-related recently, and I think we're all going to >>> be benefiting from them for some time to come. >>> >>> Daniele >>> >>> _______________________________________________ >>> python-uk mailing list >>> python-uk at python.org >>> https://mail.python.org/mailman/listinfo/python-uk >>> >>> >>> >>> >>> >>> _______________________________________________ >>> python-uk mailing list >>> python-uk at python.org >>> https://mail.python.org/mailman/listinfo/python-uk >>> >> >> >> >> _______________________________________________ >> python-uk mailing list >> python-uk at python.org >> https://mail.python.org/mailman/listinfo/python-uk >> > > _______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From peter.inglesby at gmail.com Wed Jul 26 17:58:11 2017 From: peter.inglesby at gmail.com (Peter Inglesby) Date: Wed, 26 Jul 2017 22:58:11 +0100 Subject: [python-uk] Discount code for PyCon PL to Python community in UK In-Reply-To: References: Message-ID: Hi all, Here's a message from our friends in the Polish Python community about a discount code for PyCon PL at the end of August. I've been to PyCon PL a couple of times and have had a very enjoyable experience. If you get the chance to go, you should! Cheers, Peter ~~~~ Hi I would be grateful if you could pass the below code to Python community in UK. The discount code is: UKPYC7 You enter it in "Discount code" field and then when you click PAYMENT button it will subtract 60 EUR (or 240 PLN) for each of the attendees you are registering (incorrect code won't allow you to pass to the next screen). If you encounter any problems just feel free to contact us - we'll do the best we can to help you. The registration system is our own Python webapp and under development, so there might still be some bugs ;-) Best regards, Filip PS. The above code applies only to people from United Kingdom, so you shouldn't pass it to people from other countries - they will have their own discount codes. -------------- next part -------------- An HTML attachment was scrubbed... URL: From PyUK at getaroundtoit.co.uk Wed Jul 26 19:17:33 2017 From: PyUK at getaroundtoit.co.uk (PyUK at getaroundtoit.co.uk) Date: Thu, 27 Jul 2017 11:17:33 +1200 Subject: [python-uk] Reviewing third-party packages Message-ID: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> Are you able to recommend materials which deal with the *management precautions* one should take in reviewing a third-party package before use/inclusion in a wider system, please? There are plenty of resources available which deal with the coding-technical side of things, eg dir(), help(), PSL's inspect.py, etc. This enquiry encompasses those, but am particularly interested in security: back-doors, phoning-home, and other 'nasties'; license management; any costs; citation; etc. Will welcome references to articles, tutorials, check-lists, etc... -- Regards, =dn From michael at grazebrook.com Wed Jul 26 20:16:35 2017 From: michael at grazebrook.com (Michael Grazebrook) Date: Thu, 27 Jul 2017 01:16:35 +0100 Subject: [python-uk] Reviewing third-party packages In-Reply-To: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> Message-ID: <1501114595352.126072.78556@webmail6> It's a question which interests me too. If you find some good resources, could you post them to this group? Do you know how much checking is done on the Active State and Anaconda distributions? On 27 July 2017 at 00:17:33 +01:00, PyUK at getaroundtoit.co.uk wrote: > Are you able to recommend materials which deal with the *management precautions* one should take in reviewing a third-party package before use/inclusion in a wider system, please? > > > There are plenty of resources available which deal with the coding-technical side of things, eg dir(), help(), PSL's inspect.py, etc. > > This enquiry encompasses those, but am particularly interested in security: back-doors, phoning-home, and other 'nasties'; license management; any costs; citation; etc. > > > Will welcome references to articles, tutorials, check-lists, etc... > > -- > Regards, > =dn > _______________________________________________ > python-uk mailing list > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ntoll at ntoll.org Thu Jul 27 03:52:32 2017 From: ntoll at ntoll.org (Nicholas H.Tollervey) Date: Thu, 27 Jul 2017 08:52:32 +0100 Subject: [python-uk] Discount code for PyCon PL to Python community in UK In-Reply-To: References: Message-ID: I'd also like to back up Peter here: PyCon PL is a fun conference in a *HUGE* spa hotel in the Polish countryside just south of Warsaw (I've been twice). The tracks are all in English and this year, our very own Lord Mauve (Dan Pope) will be giving a keynote. Best wishes, N. On 26/07/17 22:58, Peter Inglesby wrote: > Hi all, > > Here's a message from our friends in the Polish Python community about a > discount code for PyCon PL at > the end of August. I've been to PyCon PL a couple of times and have had > a very enjoyable experience. If you get the chance to go, you should! > > Cheers, > > Peter > > ~~~~ > > Hi > > I would be grateful if you could pass the below code to Python community > in UK. > > The discount code is: > UKPYC7 > > You enter it in "Discount code" field and then when you click PAYMENT > button it will subtract 60 EUR (or 240 PLN) for each of the attendees > you are registering (incorrect code won't allow you to pass to the > next screen). If you encounter any problems just feel free to contact > us - we'll do the best we can to help you. The registration system is > our own Python webapp and under development, so there might still be > some bugs ;-) > > Best regards, > Filip > > PS. The above code applies only to people from United Kingdom, so you > shouldn't pass it to people from other countries - they will have > their own discount codes. > > > > _______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: From walker_s at hotmail.co.uk Thu Jul 27 09:33:59 2017 From: walker_s at hotmail.co.uk (S Walker) Date: Thu, 27 Jul 2017 13:33:59 +0000 Subject: [python-uk] Reviewing third-party packages In-Reply-To: <1501114595352.126072.78556@webmail6> References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> Message-ID: I suspect malicious phone-home (and other deliberately malicious security) stuff would be very difficult to automatically test for, as you're then in a Volkswagen situation and you'll be entering into an arms race with anyone who is taking such malicious actions. For other aspects, I'm afraid I don't know of anything beyond manual checking. This could be something interesting to suggest for a PyconUK sprint though, unless anyone finds anything useful before then? I'm not sure how easy automated tool checks would be for it, but at least a list of things to analyse for python packages would be nice. Thanks, S On 27/07/17 01:16, Michael Grazebrook wrote: It's a question which interests me too. If you find some good resources, could you post them to this group? Do you know how much checking is done on the Active State and Anaconda distributions? On 27 July 2017 at 00:17:33 +01:00, PyUK at getaroundtoit.co.uk wrote: Are you able to recommend materials which deal with the *management precautions* one should take in reviewing a third-party package before use/inclusion in a wider system, please? There are plenty of resources available which deal with the coding-technical side of things, eg dir(), help(), PSL's inspect.py, etc. This enquiry encompasses those, but am particularly interested in security: back-doors, phoning-home, and other 'nasties'; license management; any costs; citation; etc. Will welcome references to articles, tutorials, check-lists, etc... -- Regards, =dn _______________________________________________ python-uk mailing list python-uk at python.org https://mail.python.org/mailman/listinfo/python-uk _______________________________________________ python-uk mailing list python-uk at python.org https://mail.python.org/mailman/listinfo/python-uk -------------- next part -------------- An HTML attachment was scrubbed... URL: From andy at reportlab.com Thu Jul 27 09:39:08 2017 From: andy at reportlab.com (Andy Robinson) Date: Thu, 27 Jul 2017 15:39:08 +0200 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> Message-ID: On 27 July 2017 at 15:33, S Walker wrote: > I suspect malicious phone-home (and other deliberately malicious security) > stuff would be very difficult to automatically test for Presumably you want to spy on outbound network activity from your test machine, rather than analysing code? - Andy From mike at swedishmike.org Thu Jul 27 09:41:49 2017 From: mike at swedishmike.org (Mike Eriksson) Date: Thu, 27 Jul 2017 13:41:49 +0000 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> Message-ID: On Thu, Jul 27, 2017 at 2:39 PM Andy Robinson wrote: > On 27 July 2017 at 15:33, S Walker wrote: > > I suspect malicious phone-home (and other deliberately malicious > security) > > stuff would be very difficult to automatically test for > > Presumably you want to spy on outbound network activity from your test > machine, rather than analysing code? > > That is if they haven't written their code so it is aware of the characteristics of 'malware analytics environments'. Basically it's dormant if it thinks it is being observed. Something which is very common these days. At least at the cutting edge of such things. Cheers, Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From walker_s at hotmail.co.uk Thu Jul 27 10:25:07 2017 From: walker_s at hotmail.co.uk (S Walker) Date: Thu, 27 Jul 2017 14:25:07 +0000 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> Message-ID: Exactly my point, yes- especially if one were to make a framework designed to easily analyse such things (when it becomes much easier for the malware because it for instance could just check whether the framework is in the current env (as a super-trivial example- but any framework that is easy to run is likely to be easy to adapt to for this sort of code). It'd certainly be feasible to check for outgoing calls though, at least for relatively simple cases (on-import, when calling with particular args), but I think the licensing, etc issues are probably easier to solve-ish and maintain, so probably a better starting point. This is just a gut feeling though- I've done this stuff manually in the past when I've needed to. Thanks, S On 27/07/17 14:41, Mike Eriksson wrote: On Thu, Jul 27, 2017 at 2:39 PM Andy Robinson > wrote: On 27 July 2017 at 15:33, S Walker > wrote: > I suspect malicious phone-home (and other deliberately malicious security) > stuff would be very difficult to automatically test for Presumably you want to spy on outbound network activity from your test machine, rather than analysing code? That is if they haven't written their code so it is aware of the characteristics of 'malware analytics environments'. Basically it's dormant if it thinks it is being observed. Something which is very common these days. At least at the cutting edge of such things. Cheers, Mike _______________________________________________ python-uk mailing list python-uk at python.org https://mail.python.org/mailman/listinfo/python-uk -------------- next part -------------- An HTML attachment was scrubbed... URL: From PyUK at getaroundtoit.co.uk Thu Jul 27 19:27:04 2017 From: PyUK at getaroundtoit.co.uk (PyUK at getaroundtoit.co.uk) Date: Fri, 28 Jul 2017 11:27:04 +1200 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> Message-ID: <48290daf-9adb-d4db-f45b-77b5a0ccad50@getaroundtoit.co.uk> S, (Andy and Mike) Yes, you've hit a couple of pertinent points; and it might make for an interesting project. However, I was looking for a check-list or similar which I can give to the pertinent dev.teams to ensure that they are 'covering all the bases' - whereas the question: "have you checked 'everything'?" produces a rather predictable response. I'm thinking someone wiser than I will have written these things down - just can't find such... On 28/07/17 02:25, S Walker wrote: > Exactly my point, yes- especially if one were to make a framework > designed to easily analyse such things (when it becomes much easier for > the malware because it for instance could just check whether the > framework is in the current env (as a super-trivial example- but any > framework that is easy to run is likely to be easy to adapt to for this > sort of code). > > It'd certainly be feasible to check for outgoing calls though, at least > for relatively simple cases (on-import, when calling with particular > args), but I think the licensing, etc issues are probably easier to > solve-ish and maintain, so probably a better starting point. This is > just a gut feeling though- I've done this stuff manually in the past > when I've needed to. > > Thanks, > S > > On 27/07/17 14:41, Mike Eriksson wrote: >> >> >> On Thu, Jul 27, 2017 at 2:39 PM Andy Robinson > > wrote: >> >> On 27 July 2017 at 15:33, S Walker > > wrote: >> > I suspect malicious phone-home (and other deliberately malicious >> security) >> > stuff would be very difficult to automatically test for >> >> Presumably you want to spy on outbound network activity from your test >> machine, rather than analysing code? >> >> >> That is if they haven't written their code so it is aware of the >> characteristics of 'malware analytics environments'. Basically it's >> dormant if it thinks it is being observed. Something which is very >> common these days. At least at the cutting edge of such things. >> >> Cheers, Mike >> >> >> _______________________________________________ >> python-uk mailing list >> python-uk at python.org >> https://mail.python.org/mailman/listinfo/python-uk > > > > _______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk > -- Regards, =dn From gadgetsteve at hotmail.com Fri Jul 28 00:54:52 2017 From: gadgetsteve at hotmail.com (Steve - Gadget Barnes) Date: Fri, 28 Jul 2017 04:54:52 +0000 Subject: [python-uk] Reviewing third-party packages In-Reply-To: <48290daf-9adb-d4db-f45b-77b5a0ccad50@getaroundtoit.co.uk> References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> <48290daf-9adb-d4db-f45b-77b5a0ccad50@getaroundtoit.co.uk> Message-ID: On 28/07/2017 00:27, PyUK at getaroundtoit.co.uk wrote: > S, (Andy and Mike) > > Yes, you've hit a couple of pertinent points; and it might make for an > interesting project. > > However, I was looking for a check-list or similar which I can give to > the pertinent dev.teams to ensure that they are 'covering all the bases' > - whereas the question: "have you checked 'everything'?" produces a > rather predictable response. > > I'm thinking someone wiser than I will have written these things down - > just can't find such... > > As a starting point, my personal mini-checklist, for considering including packages: 1. Licensing: Is the project only ever going to be internal? If there is any chance of it's being included in a commercial deliverable then the licence and all of it's dependencies must be "Apache or better" and have a chart of the acceptable permissive licences vs. usage. Basically the licences that we generally have green flags for are MIT, BSD, CC-BY, MMS-PL & PSF. With some yellow flags on Artistic/Perl & Apache. 2. A quick look at the project repository for indications of activity such as recent check-ins, outstanding tickets, age of pull requests, discussion levels & tone on tickets. (Call this an abandonware check). 3. The reputation, on-line & off, of the authors & maintainers. 4. Is it hosted on a host that hasn't announced its own demise. 5. Test coverage &/or Coverity 6. Do the requirements look reasonable for the nature of the package, e.g. I wouldn't expect network or server type dependencies in a screen shot package. 7. Ditto the imports 8. If there are none-Python elements are they about what I would expect, i.e. things that you would expect performance issues with? 9. Support for Python 3 & 2 or at least a clear statement. -- Steve (Gadget) Barnes Any opinions in this message are my personal opinions and do not reflect those of my employer. --- This email has been checked for viruses by AVG. http://www.avg.com From patrick at shimi.co.uk Fri Jul 28 05:08:26 2017 From: patrick at shimi.co.uk (Patrick Morris) Date: Fri, 28 Jul 2017 10:08:26 +0100 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> <48290daf-9adb-d4db-f45b-77b5a0ccad50@getaroundtoit.co.uk> Message-ID: On 28/07/2017 05:54, Steve - Gadget Barnes wrote: > > > On 28/07/2017 00:27, PyUK at getaroundtoit.co.uk wrote: >> S, (Andy and Mike) >> >> Yes, you've hit a couple of pertinent points; and it might make for an >> interesting project. >> >> However, I was looking for a check-list or similar which I can give to >> the pertinent dev.teams to ensure that they are 'covering all the bases' >> - whereas the question: "have you checked 'everything'?" produces a >> rather predictable response. >> >> I'm thinking someone wiser than I will have written these things down - >> just can't find such... >> >> > > As a starting point, my personal mini-checklist, for considering > including packages: > > 1. Licensing: Is the project only ever going to be internal? If there is > any chance of it's being included in a commercial deliverable then the > licence and all of it's dependencies must be "Apache or better" and have > a chart of the acceptable permissive licences vs. usage. Basically the > licences that we generally have green flags for are MIT, BSD, CC-BY, > MMS-PL & PSF. With some yellow flags on Artistic/Perl & Apache. > 2. A quick look at the project repository for indications of activity > such as recent check-ins, outstanding tickets, age of pull requests, > discussion levels & tone on tickets. (Call this an abandonware check). > 3. The reputation, on-line & off, of the authors & maintainers. > 4. Is it hosted on a host that hasn't announced its own demise. > 5. Test coverage &/or Coverity > 6. Do the requirements look reasonable for the nature of the package, > e.g. I wouldn't expect network or server type dependencies in a screen > shot package. > 7. Ditto the imports > 8. If there are none-Python elements are they about what I would expect, > i.e. things that you would expect performance issues with? > 9. Support for Python 3 & 2 or at least a clear statement. > All of the above are good You could also use the following to check for known vulnerabilities https://www.openhub.net/explore/projects Patrick From trust at tr00st.co.uk Fri Jul 28 06:17:45 2017 From: trust at tr00st.co.uk (James Cheese) Date: Fri, 28 Jul 2017 10:17:45 +0000 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> <48290daf-9adb-d4db-f45b-77b5a0ccad50@getaroundtoit.co.uk> Message-ID: We do similar with a checklist for the practicalities (though I for one still have no good solution for guaranteeing the security of code beyond reviewing it line-by-line...) - we've gone slightly more general so as to apply to "technologies" as well as just libraries, but our process is roughly: Costs - ongoing/one-off License - usually a check against http://copyfree.org/ - though it gets a lot more complicated with certain licenses and architectures, eg: GPL'ed standalone services can be used without worry in much wider context than GPL'ed libraries Check for project activity - evidenced by number of contributors, recent commit activity and release schedules Maturity/age of project Number of "users" - trying to get a rough idea of how many people/companies use a library Details on paid support options if applicable Check if the team expertise and scale lines up with taking maintaining the project should the worst happen Checking team expertise for actually using the technology - and any training/etc required Checking scalability of the technology ...and a few things that are only really relevant for SaaS-type integrations, such as identifying points of failure in the provider's infrastructure. The other thing I try and push is to ensure that alternatives are considered where appropriate - which is a bit more contextual, but it's very easy to jump to "I want to use this" long before checking if there are better alternatives around. Thanks James On Fri, 28 Jul 2017 at 10:08 Patrick Morris wrote: > On 28/07/2017 05:54, Steve - Gadget Barnes wrote: > > > > > > On 28/07/2017 00:27, PyUK at getaroundtoit.co.uk wrote: > >> S, (Andy and Mike) > >> > >> Yes, you've hit a couple of pertinent points; and it might make for an > >> interesting project. > >> > >> However, I was looking for a check-list or similar which I can give to > >> the pertinent dev.teams to ensure that they are 'covering all the bases' > >> - whereas the question: "have you checked 'everything'?" produces a > >> rather predictable response. > >> > >> I'm thinking someone wiser than I will have written these things down - > >> just can't find such... > >> > >> > > > > As a starting point, my personal mini-checklist, for considering > > including packages: > > > > 1. Licensing: Is the project only ever going to be internal? If there is > > any chance of it's being included in a commercial deliverable then the > > licence and all of it's dependencies must be "Apache or better" and have > > a chart of the acceptable permissive licences vs. usage. Basically the > > licences that we generally have green flags for are MIT, BSD, CC-BY, > > MMS-PL & PSF. With some yellow flags on Artistic/Perl & Apache. > > 2. A quick look at the project repository for indications of activity > > such as recent check-ins, outstanding tickets, age of pull requests, > > discussion levels & tone on tickets. (Call this an abandonware check). > > 3. The reputation, on-line & off, of the authors & maintainers. > > 4. Is it hosted on a host that hasn't announced its own demise. > > 5. Test coverage &/or Coverity > > 6. Do the requirements look reasonable for the nature of the package, > > e.g. I wouldn't expect network or server type dependencies in a screen > > shot package. > > 7. Ditto the imports > > 8. If there are none-Python elements are they about what I would expect, > > i.e. things that you would expect performance issues with? > > 9. Support for Python 3 & 2 or at least a clear statement. > > > > All of the above are good > > You could also use the following to check for known vulnerabilities > > https://www.openhub.net/explore/projects > > Patrick > _______________________________________________ > python-uk mailing list > python-uk at python.org > https://mail.python.org/mailman/listinfo/python-uk > -------------- next part -------------- An HTML attachment was scrubbed... URL: From PyUK at getaroundtoit.co.uk Fri Jul 28 18:24:42 2017 From: PyUK at getaroundtoit.co.uk (PyUK at getaroundtoit.co.uk) Date: Sat, 29 Jul 2017 10:24:42 +1200 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> <48290daf-9adb-d4db-f45b-77b5a0ccad50@getaroundtoit.co.uk> Message-ID: <05fc6912-483e-464e-e652-7e495684a5a7@getaroundtoit.co.uk> Thank you James, this starts to summarise specific concerns: > The other thing I try and push is to ensure that alternatives are considered where appropriate - which is a bit more contextual, but it's very easy to jump to "I want to use this" long before checking if there are better alternatives around. This tendency is particularly noticeable, and post-fact questioning frequently yields much foot-shuffling. Though there is the counter-argument of "paralysis by analysis". The key word, I am finding, is "considered" (hence the search for a 'check-list'). Not having sufficient time myself (these days) to perform a line-by-line code inspection, etc, the objective is to ensure that others have an appropriate guide or list, to ensure that what they have "considered" includes a reasonably complete list of factors. Much appreciated! -- Regards, =dn From PyUK at getaroundtoit.co.uk Fri Jul 28 18:42:31 2017 From: PyUK at getaroundtoit.co.uk (PyUK at getaroundtoit.co.uk) Date: Sat, 29 Jul 2017 10:42:31 +1200 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> <48290daf-9adb-d4db-f45b-77b5a0ccad50@getaroundtoit.co.uk> Message-ID: Patrick, > All of the above are good =indeed - am still digesting... > You could also use the following to check for known vulnerabilities > https://www.openhub.net/explore/projects Thank you for this - I had forgotten about BlackDuck (have apparently fallen off their mailing list). Will have to spend some time settling on some 'acceptable' metrics: just for fun and because it was the latest import I've typed* I tried PyYAML. It is reported as "Very Low Activity" and "6 months since last commit". Perhaps these are basically the same thing? Yet it is a widely used facility, and one (amongst many on PyPI) I wouldn't even question using... However, putting such into a check-list would inform discussion at a code/system review, and enable anyone to interpret and perhaps express concern, the code-author to defend (with facts cf opinion or emotion), the team to consciously evaluate, etc. Excellent! * code review showed that 'new guy' habitually litters his code with 'constants' and parameters, and for whom I've been developing a quick alternative 'suggestion' in preparation for our next discussion! -- Regards, =dn From gadgetsteve at hotmail.com Sat Jul 29 00:40:53 2017 From: gadgetsteve at hotmail.com (Steve - Gadget Barnes) Date: Sat, 29 Jul 2017 04:40:53 +0000 Subject: [python-uk] Reviewing third-party packages In-Reply-To: References: <1ba26394-bb4a-586c-3b5f-465b35a02b93@getaroundtoit.co.uk> <1501114595352.126072.78556@webmail6> <48290daf-9adb-d4db-f45b-77b5a0ccad50@getaroundtoit.co.uk> Message-ID: On 28/07/2017 10:08, Patrick Morris wrote: > On 28/07/2017 05:54, Steve - Gadget Barnes wrote: >> >> >> On 28/07/2017 00:27, PyUK at getaroundtoit.co.uk wrote: >>> S, (Andy and Mike) >>> >>> Yes, you've hit a couple of pertinent points; and it might make for an >>> interesting project. >>> >>> However, I was looking for a check-list or similar which I can give to >>> the pertinent dev.teams to ensure that they are 'covering all the bases' >>> - whereas the question: "have you checked 'everything'?" produces a >>> rather predictable response. >>> >>> I'm thinking someone wiser than I will have written these things down - >>> just can't find such... >>> >>> >> >> As a starting point, my personal mini-checklist, for considering >> including packages: >> >> 1. Licensing: Is the project only ever going to be internal? If there is >> any chance of it's being included in a commercial deliverable then the >> licence and all of it's dependencies must be "Apache or better" and have >> a chart of the acceptable permissive licences vs. usage. Basically the >> licences that we generally have green flags for are MIT, BSD, CC-BY, >> MMS-PL & PSF. With some yellow flags on Artistic/Perl & Apache. >> 2. A quick look at the project repository for indications of activity >> such as recent check-ins, outstanding tickets, age of pull requests, >> discussion levels & tone on tickets. (Call this an abandonware check). >> 3. The reputation, on-line & off, of the authors & maintainers. >> 4. Is it hosted on a host that hasn't announced its own demise. >> 5. Test coverage &/or Coverity >> 6. Do the requirements look reasonable for the nature of the package, >> e.g. I wouldn't expect network or server type dependencies in a screen >> shot package. >> 7. Ditto the imports >> 8. If there are none-Python elements are they about what I would expect, >> i.e. things that you would expect performance issues with? >> 9. Support for Python 3 & 2 or at least a clear statement. >> > > All of the above are good > > You could also use the following to check for known vulnerabilities > > https://www.openhub.net/explore/projects > > Patrick Excellent point to add to the above along with: What does a pylint run look like? Not so much the naming constraints but the general code quality metrics - of course if the source of a library gives a completely clean pylint result it starts off with a lot of brownie points in my book. -- Steve (Gadget) Barnes Any opinions in this message are my personal opinions and do not reflect those of my employer. --- This email has been checked for viruses by AVG. http://www.avg.com From info at sleektechnique.com Mon Jul 31 15:49:31 2017 From: info at sleektechnique.com (victoria marr) Date: Mon, 31 Jul 2017 20:49:31 +0100 Subject: [python-uk] searching for a python Django developer Message-ID: Hello I am Victoria Marr co founder of sleektechnique.com Ballet fitness and we are searching for a python Django developer to do improvements and additions to our site. We have designs but need a front and back end developer to implement the addition of a new Bundle Workouts page, changes to our existing Streaming workouts page http://www.sleektechnique.com/on-demand-workouts/ also the integration of a referral marketing link, a new banner call to action on homepage etc. If you are able to help with this and perhaps future work to our site ingoing please do email us on this address. Sincerely Victoria Marr Director and co founder of Sleek Technique www.sleektechnique.com Victoria Marr - Director www.sleektechnique.com -------------- next part -------------- An HTML attachment was scrubbed... URL: