Coding with python software and using files - security re internet attacks? [closed] - python-2.7

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
can somebody explain to me please:
1) Can a py file just by its mere "existence" on your hard drive (if not opening it), cause any kind of malicious harm for your computer system? And if your goal is only to see the content (text of code) of the file, how could you open it to be 100% sure it could not harm your system (for example by the standard text editor tool?)? Or can you only get to the content with Python specific programs?
2) If someone asks you to look at her python code, and wants to send you for this reason several py files - could opening such file harm your computer system/perform "malicious" actions (how?)?
Please take into account for your answer, these three different ways of how you would open the files:
a) you open with the program from python.org
b) you open with a IDE
And a third question:
3) What about the official program from python.org itself - does this program somehow open up your system to additional internet attack types, just by having it installed?
Finally,
4) Is it more secure in terms of online security, to interact with python programs on a separate computer and not the one you do everyday business?
Thanks community!

Q1: No, it's just a text file. So you can view it with any text editor
Q2. If you mean by "opening", viewing in text edit, see answer to Q1. If by opening, you mean executing the script, then the answer depends on what the script does
web services don't run on your local computer, so they can't harm it.
Q3. The answer is no, because python installed on your computer is dormant.
Q4: There are lots of thing you can do on your computer which can do damage. For instance, you could delete all your files in your file explorer. Surely you already have backups?
Python scripts are human readable which makes them a very ineffective place to put secret code which does nasty things.
I've never heard anyone put python anywhere in a list of security risks, but if you are worried, use virtual box and run it in a virtual machine. I do a lot of my python development in a virtual machine, but not to minimise security risks ... there are other advantages to VMs (such as ease of backup, ease of moving to another computer). The other advantage, if you are using Windows, is that you can use a Linux VM, such as Ubuntu, which is a better experience for modern development. I think because of this, Microsoft has actually made it easy to install Ubuntu directly into Windows, if you have a recent version on Windows 10, so that's another option (e.g. https://tutorials.ubuntu.com/tutorial/tutorial-ubuntu-on-windows#0)
I haven't look at web IDEs for a while. As long as they have interactive python debugging, they could be a good option. I had the impression that cloud 9, now an amazon offer, was the best one, last time I checked them out.

Related

What is registry equivalent for Linux? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
Recently I have been involved in code porting from Windows to a Linux. I came across so many windows functions which retrieve registry keys and edit it. I am not sure what can be the equivalent approach for Linux. I know registry is just a windows database which stores data in "Key=value" format. I am thinking about INI file. Other than this is there anything that is more efficient?
I am not asking from a storage perspective. My question is related to registry equivalent in Linux. How can we achieve registry structure in Linux?
A typical way to store configuration in Linux per user is to store it in /home/username/.someapp, where someapp is the name of your program. I love this in Linux actually because when I move to another computer, all I have to do is save/move my home directory, and that will save all my configuration.
On Windows, the registry has a user part HKEY_CURRENT_USER, and others that represent any user, such as HKEY_LOCAL_MACHINE, being global for the whole system. For the user part, you should put the configuration in the user directory like I explained before, because it shouldn't require any super-user privileges. The local machine part you can choose either to also put in the user directory, where then every user will have separate configuration, or put it in something like /var/lib/someapp, but keep in mind that it'll be read-only then.
With all this, keep in mind that you should create your own configuration format, or use some library, such as libconfig, XML or JSON.
Linux has XDG Base Directory specification. If you want to use config file(s) for your app (doesn't matter which format you prefer - INI, JSON, YAML, SQLite database, etc), please store it in directory $XDG_CONFIG_HOME/your_app_name
Usually many software take the config files in the /etc, but it's a static configuration as I think. If you have something changed configuration from the software (by user or after something external) it's good idea to put it into /var/lib/(your_project_short_name)/(your_project_config_files) I suppose, as it do Mysql, Postgresql for the database files and the Postgresql's config files etc.

Can anybody recommend an app in google drive for editing c++ files? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I store my school programming work on google drive. From home I just access the google drive file on my computer, but I can't do that from school.
Can anybody recommend an app for editing cpp files in google drive? Preferably free, poor college student and all that.
I found drivecode, but it doesn't seem to work with cpp files and on header files it's not doing any markup.
Neutron Drive seems like exactly what I need, but it's not free.
Alternatively, any suggestions on another cloud-based development platform that I could use would work too.
screw Google driver, for single files use
https://gist.github.com/
http://collabedit.com/
for large project as said above, start learning mercurial. later you will need it professionally.
In light of the comments under the question, I think the best option is actually to use a service like gitHub, mercurial, bazaar, or svn, because of the availability of version control in those platforms.
You might also want to try out Google Code, it's not quite as advanced as GIT and hopefully it's not blocked either. Also, you already have a Google account, so you won't have to make a new account for anything.
Google Code allows full editing capabilities online, but you can also create a repository using it and download your code when you're ready to compile. You may need to learn a little bit about it before you can start, but once you upload your code you can edit it all right there, and it also formats automatically, making it better than Drive.
If Google Code is in fact blocked, I would also suggest trying GIT or some other service, but they're a little more advanced. Google Code has served me well for simple projects in the past.
Go to http://code.google.com

Remote Automated Build System [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I am an Electrical Engineer about to start grad school for Com Sci. Currently I work in the defense industry and as a result most services and websites are blocked here. I'm trying to come up with a solution that will allow me to do my homework/projects while at work since they give us 2 hours a day on the clock to do school work if attending grad school. I don't have the necessary software tools on my work computer nor will I be able to get it. I would like to setup my build system on a ubuntu box and the best solution I could think of would be to use email and possibly FTPmail to automate the build process and email me back any errors that the compiler may return.
Has anyone ever done this before or does someone know of a software package that already implements this solution.
I'd suggest you look on some web-based virtual machine/desktop tools. Some I've seen in the wild are icloud and eyeOS.
Also, since installing any software is basically a no-no, you might want to check for Linux live-CDs. You can just pre-configure the disc with the necessary tools (SCM, IDE, etc.) and boot the computer from the Live disk during your 2 hours. Of course, that won't give you a hard drive to save your stuff, but you can just commit whatever you have before that 2 hours expires.
Edit: whatever you do, get this solution approved by your superior(s) before you attempt it.
It sounds like you will be able to access stuff outside of your network, even if you cannot install any software on your work system. One thing you can do:
Install a version control system (CVS, SVN, etc) on your Ubuntu box. You can store your projects/homework there.
Use Hudson (http://hudson-ci.org/) on your Ubunto box as your build system. You can create a job for it to checkout from your version control system and build. Anytime you want to build a project (lets say you made a change to some class), all you have to do is press the "build-now" button.
Hudson itself is almost entirely web-gui so it is easy to configure, and if you open up a port for Hudson, you should be able to access it directly from work (unless they block external websites).
Could you use a virtual machine at work? Even if you don't have administrator access to your work machine, you may be able to use Qemu and something like Puppy Linux. See, for example, http://www.erikveen.dds.nl/qemupuppy/
Along the lines of your original question, if you can host a machine that receives e-mail at home, you could certainly configure procmail (e.g., see http://www.perlcode.org/tutorials/procmail/proctut/) to match for e-mails from you with a certain subject and run a command (say, make). But you'd also need to set up an filters to fetch and submit files, etc.
Can you use something like VNC to remotely control your desktop or do you have restrictions for this kind of Sw too?
http://www.realvnc.com/
If I recall correctly, the client does not need to be installed, it could run from a pendrive...
http://www.pendriveapps.com/portable-vnc-viewer-realvnc/
This is not a remote system, but it might work if you can select a boot medium on the computers you work on. Your employer might not like this.
It is possible to install a linux box on a usb hard disk and then boot from that. In this you can install all sorts of development tools and projects. You would just borrow their hardware a bit...
I wouldn't advise this if you have not worked on linux before though. Linux can be a royal pain in the ass and you might not get your development environment up and running in a year if you only have 2 hours per day to spend...
good luck
Set your project up on github. You can do editing directly there through a web browser.
Then setup continual integration on Jenkins on your home system, or use Travis CI, and/or Appveyor to monitor your github repo and build your project when there are changes. If there are errors, you can set them up to send notifications.
The advantage of Travis or Appveyor is they are web based so you'd be able to look at the console output of broken builds where jenkins running at home probably wouldn't (I don't recall if you can get the whole output by email or not).

Funding for MathML rendering library [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have an unfinished MathML rendering library written in C++. I ceased development a few months ago due to lack of time. The library [still] uses the TrueType version (unsupported) of the STIX fonts beta [version 1.0 of the STIX fonts (OpenType Postscript format) has since been released].
Development of this kind of library is a HUGE undertaking and, in fact, requires a number of programmers/developers. In my case, I am doing it alone, and here's my question:
Does anyone of you know of any foundations/philanthropists who may be interested to fund my project in return for open sourcing the code?
The funding will serve as an incentive for me to finish the library - perhaps by taking a sabbatical :p - and, of course, as 'payment' for the intellectual property involved.
I've searched the web, contacted some [e.g., foundations, VCs, angels, etc.], but I either did not get a response (from VCs and angels) or was rejected (one reason is geography since these foundations support only US-based projects).
As an aside, when I search the web for MathML, the results are often outdated. I guess there's not much activity concerning MathML. Yet, I believe this library will be very useful not only to developers but also to anyone who uses math, especially students and teachers. It is useful for e-learning, can be used with desktop apps and web servers (Windows), makes it easy to insert images of formulas in PowerPoint documents, etc.
Any suggestions are most welcome. Thank you.
EDITS: I have finished this library finally without funding, although I don't rule out seeking one.
You can find my new site below with lots of sample formulas; click on the download link to download the SDK.
http://reformath.webnode.com/ (preferred for statistical reason)
http://reformath.weebly.com/ (please use the above link instead)
DON'T forget to provide some feedback - or donations. Thanks!!!!!
Since we've already got open source MathML (Firefox has had it for years) that mean you'd have to do something better than the existing OSS solutions. And at that point, why not work on an existing open source project?
So that leaves commercial apps that may want a closed library for MathML rendering. I would go after companies like the makers of MathCad, Matlab, or any other engineering software that may want to display equations neatly. You should have something that already works for some subset of the things you/they will want it to do. You should also turn yourself into a company before going to those places so they take you seriously and you can license it to multiple customers. Otherwise the most you're likely to get is a job offer where they'd like you to hand over what you've got (for free if they can get you to) and then work on it as an employee - which may be all you want if you love it and hate your day job ;-)
You should probably ask on www-math list, also if you ask there, we can list your application in the software implementations page
http://www.w3.org/Math/Software/

Guide to New Vista Features [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm an MFC programmer. I just had my first taste of Vista (on a VPC... Yup, I'm late). I should be evaluating things in depth in the coming days. On taking a casual look, I noticed two major changes:
The shell is new
User Access Control
Event Viewer has changed (would like more info on this)
What other new features should I look out for from a programmer's point of view?
There's a significant set of changes depending on what sort of software you write.
It's never a bad idea to check out the Windows Logo Certification (for Vista). There's a link to the Software technical requirements here. It always gives you a bit of an idea what to avoid doing (and what to design for).
In my opinion, Vista mostly started to enforce [existing] Logo certification requirements, in particular:
Don't write to HKLM
Don't save application data under the Program Files directory
Don't assume administrative permissions
Do save data to the user's application data directory
Regarding User Access Control (new to Vista), It's also a good idea to get across Manifest files. The best thing I could find on them is this blog entry here.
Windows Drivers are under higher scrutiny under Windows Vista and pretty much require certification IMHO.
The TCP/IP stack was rewritten and so too the audio subsystem (and multimedia streaming etc). Obviously advances in graphics, plus the inclusion of DirectX 10 and usual rollout of an updated Media Player, etc.
Sorry, I also forgot to mention that Microsoft replaced ActiveSync (for Windows Mobile) with a completely new framework in Vista.
Vista is much more strict about enforcing rules that you were supposed to follow for XP anyway.
For example, you're not supposed to do anything that requires write access to your program's install folder. In XP a lot of programmers got away with breaking that because so many users run as adminstrator, but Vista will actually enforce it. A bunch of folders did move around ("Users" instead of "Documents and Settings", my Documents is different, etc), but if you're using the correct methods to retrieve those paths rather than assuming they're always in the same place you'll be fine.
Perhaps wikipedia's Features new to Windows Vista and possibly Features removed from Windows Vista will be of use to you.
Processes and resources have "integrity levels". A process is only able to access resources at or under its own integrity level.
If you ever do any work with IE extensions this will become a PITA when you want to access something and discover that everything has a higher integrity level than IE in protected mode (default).
Well, from a programmer's point of view, WPF is "built in" to the system. That means that if you target an app to the 3.0 version of the .NET Framework, it should be able to install on Vista without a .NET Framework Install.
DirectX 10 is also new in Vista, but I assume if you didn't know that, you probably won't be programming against it.
Search is pervasive. Numerous kernel improvements. SuperFetch (friggin' awesome if you have enough RAM). IMO Vista goes to sleep and wakes up a LOT easier and more reliably than XP ever did. I/O priority -- now apps like AntiVirus and search indexers can request lower priority for disk access than they did in XP or before. That makes the user experience much more enjoyable when something's indexing the drive or a scan is running. All in all, Vista is good stuff IF you have gobs and gobs of memory to throw at it. I run Vista x64 with 4GB of RAM, and I actually like it.
The audio subsystem has been redeveloped, so if you do anything audio related it is worth checking very carefully if everything still works.
Although many of the older API calls still work, some may not work as expected.
As a simple example, sound devices have much longer and more descriptive names than in XP, but if you continue to use the older APIs then you may find these longer names are truncated.
Oh, yeah. There's a completely different driver model where much of the code is kicked out of kernel space and back into userland, to prevent poor drivers from trampling over the system. So if you do any driver work it's almost like starting over from scratch.
1- Machine with Vista have usually more Ram, this is a good news for you :)
2- Path to "Program files" are splitted in 2 : \Program Files (x86)\ and \Program Files\
3- My Document has changed
VIRTUALIZATION is also an interesting and necessary feature of vista.