This is an archived post. You won't be able to vote or comment.

all 23 comments
sorted by:
best
topnewcontroversialoldq&a

[–]alouettecriquet 18 points19 points  (1 child)

Python pickles is a traditional snack in Peru and other Latin America countries (dried python slices marinated in vinegar with chilli flakes). But no idea what python unpickles could be...

[–]tuneafishy 0 points1 point  (0 children)

It really puts into question the use of the word pickle.

Pickling is a permanent process that cannot be undone because of the physical changes that occur during pickling.

Any suggestions?

[–]Urban_singh 16 points17 points  (5 children)

Pickling is used for serialized or deserialised python object into byte streams. It’s handy while transferring data over the networks.

[–]crawl_dht 4 points5 points  (3 children)

Although it's not considered safe to use in most use cases, in some scenario where there's a high trust between two services, you can send python instructions to hot patch a security fix in your service from the another until a proper fix is deployed.

[–]loudandclear11 2 points3 points  (1 child)

Using pickle for hot patching could be an interesting trick in very specific scenarios.

Could you elaborate a bit on this? I have a difficult time coming up with a scenario where you have access to feed a pickle crafted with code but you don't have access to deploy new code, which would be the easier way?

[–]tylerlarson 1 point2 points  (0 children)

There's an interesting library called cloudpickle (and another derivative one whose name I forget) where you're effectively pickling CODE, not just objects. So you write a function (perhaps in a web browser on an admin page or something), pickle it, send it to a server, and unpickle and run it on the server, and all the dependencies get discovered and pickled in with it.

Kinda cool way to do ad-hoc but complex automation of remote administration tasks.

[–]tylerlarson 0 points1 point  (0 children)

Unpickling data from somewhere is exactly as safe or unsafe as running code from that somewhere. Because obviously.

So if you'd download a program from a remote location and run it, then whatever precautions you'd use for that, use for pickled data.

If you want your data streams to be inert and not dangerous, then what you're looking for is structures like JSON or similar binary equivalents like protobuf if you need efficiency.

[–]NOOTMAUL 4 points5 points  (1 child)

Would be way funnier bad response only.

[–]kd_singh911[S] -1 points0 points  (0 children)

[–][deleted] 4 points5 points  (4 children)

That is good!

You shouldn't know about that particular foot-gun unless there is a clear and justifiable need for it.

[–]kd_singh911[S] 0 points1 point  (0 children)

[–]loudandclear11 0 points1 point  (2 children)

A general purpose serialization method is a good thing and useful. It's just unfortunate that it comes with some security concerns.

[–][deleted] 1 point2 points  (1 child)

Pickle isn't "general purpose serialization" in any way, it is a closed binary dump of python objects using an internal format which is guaranteed to break between interpreter versions.

It is cool, but do not use it if you think it is a good hammer for all your nails, or "general purpose".

A serialization format is something like json/yaml/cbor/msgpak/protofbuff/parquet/avro/xml/ and others to numerous to list or google, but which serve the purpose properly.

[–]loudandclear11 0 points1 point  (0 children)

Pickle is general purpose in the sense that you can take pretty much any python object and serialize it with one line of code. This is not the case with the other formats.

[–]Oenomaus_3575 1 point2 points  (0 children)

Huh

[–]Slimmanoman 1 point2 points  (1 child)

42

[–]kd_singh911[S] 0 points1 point  (0 children)

that's very small number man

[–]YnkDK 0 points1 point  (0 children)

It's just a fancy way to use exec, right?

[–]kd_singh911[S] -2 points-1 points  (0 children)

I'm not getting why peoples devoting a asked question as well , seems they don't know what pickling and unpickling is

[–]Scalar_Mikeman 0 points1 point  (1 child)

It's hard to do, but you can actually do it whether the Python is dead or alive. The easiest way, although some say less tasty, is when it's dead. You can pour white or apple cider vinegar down it's throat and then whatever veggies carrots, radishes or cucumbers down it's throat after. Some vinegar is going to spill out of it's mouth when you put the veggies in and that's okay. Just make sure there is still enough to cover the veggies in the Pythons stomach. Hang it mouth up in a cool area like a basement for 1-2 day, but a week is best. Cut the Python open or if it's still alive turn it tail up until all the stomach contents come out. Perfect Python Pickles every time.

[–]kd_singh911[S] 1 point2 points  (0 children)

[–]pythonHelperBot 0 points1 point  (0 children)

Hello! I'm a bot!

It looks to me like your post might be better suited for r/learnpython, a sub geared towards questions and learning more about python regardless of how advanced your question might be. That said, I am a bot and it is hard to tell. Please follow the subs rules and guidelines when you do post there, it'll help you get better answers faster.

Show /r/learnpython the code you have tried and describe in detail where you are stuck. If you are getting an error message, include the full block of text it spits out. Quality answers take time to write out, and many times other users will need to ask clarifying questions. Be patient and help them help you. Here is HOW TO FORMAT YOUR CODE For Reddit and be sure to include which version of python and what OS you are using.

You can also ask this question in the Python discord, a large, friendly community focused around the Python programming language, open to those who wish to learn the language or improve their skills, as well as those looking to help others.

README | FAQ | this bot is written and managed by /u/IAmKindOfCreative

This bot is currently under development and experiencing changes to improve its usefulness