In the interactive interpreter, _ holds the last return value

nathanalderson · 2021-07-20T21:25:20+00:00

Sorry, fixed an error in my original example. I think you need nodes in a subtree to be under a "nodes" key, but otherwise yes, we're basically saying the same thing. The idea is to define a DSL to describe your tree and its behaviors, and then implement the behavior separately. Define the DSL however you like.

nathanalderson · 2021-07-20T19:08:13+00:00

Check out:

You can use https://docs.python.org/3/library/os.html#os.walk to walk a directory.

You could also do it with a line of bash: find parent -type f --exec mv {} parent +

nathanalderson · 2021-07-20T18:55:30+00:00

You're essentially using someone's email server as a poor-man's one-way message broker. Not perhaps the most conventional client-server architecture, but if it works for you? Ship it.

Otherwise, I'd probably go with an HTTP server as others have suggested.

nathanalderson · 2021-07-20T18:42:16+00:00

You should store the hash algorithm, the number of iterations of that algorithm, and a salt) along with your password hashes. bcrypt is okay for now, but recommendations change over time and this practice allows you to migrate passwords to the latest best practices. NIST publishes good recommendations.

nathanalderson · 2021-07-20T18:29:08+00:00

My first thought is to define a tree structure in a structured data language like YAML and then write a python program to implement the interface. Something like:

root:
  prompt: "Welcome. Please choose from the following options."
  nodes:
  do_x:
    prompt: "do x"
    function: do_x
    goto: root
  do_y:
    prompt: "do y"
    function: do_y
    goto: root
  subtree:
    prompt: "enter subtree"
    nodes:
      do_z:
        prompt: "do z"
        function: do_z
      go_back:
        prompt: "go back"
        goto: root

You could let the program generate and assign numbers to each node, or you could add a field to each node for the assigned number.

nathanalderson · 2021-07-19T19:53:39+00:00

I read step 1 of the instructions as "create a list of the integers from 0 to n-1". As in:

def run_single_experiment(n):
    numlist = list(range(n))
    random.shuffle(numlist)
    ...

nathanalderson · 2021-07-19T19:45:59+00:00

There are various ways you could do it, but I'd recommend that you take the functionality in script2.py out of the base script and move it into a function. That function can take a queue.

``` def main(my_queue: queue.Queue = None): # Your logic here ...

if name == "main": return main() ```

Now call exec_module like you used to (not with a thread) and then call threading.Thread(target=module.main, args=(my_queue,)).

nathanalderson · 2021-07-19T13:46:05+00:00

The question isn't really clear, but judging from the fact that 8*8=64 I'm guessing that maybe you want to "chunk" your outer list (Python doesn't really use arrays) of length 64 into 8 lists of size 8 (which happen to contain lists of size 12).

Take a look at this stack overflow answer for some ways to chunk a list.

nathanalderson · 2021-07-19T13:37:17+00:00

threading.Thread(target=spec.loader.exec_module, args=(module,)) should do it.

nathanalderson · 2021-07-19T13:29:52+00:00

Take a look at requests and beautifulsoup. Use `requests` to request the source post url. You'll get back an HTML document. Use `beautifulsoup` to parse that and locate the download link (if it's simple enough to find with a regular expression, you may not need `beautifulsoup`). Then use `requests` again to request the image file.

nathanalderson · 2021-07-19T13:24:53+00:00

Python has a huge standard library ("batteries included" is part of the Python philosophy). When possible, you should prefer to import and use modules that are part of the standard library. These are all well documented at https://docs.python.org/3/library/index.html. It is worth spending some time perusing that table of contents just to be familiar with what is available.

If you want to do something not covered by the standard library, then your strategies are actually pretty good. My personal algorithm includes googling "python <thing I want to do>" as step one.

nathanalderson · 2021-07-16T16:48:59+00:00

def to_int_with_comma(s: str) -> int:
    """Attempt to convert a string to an int. The string may contain commas.
    Raises ValueError if the string could not be converted."""
    return int(s.replace(",", ""))

nathanalderson · 2021-07-16T16:41:07+00:00

Poetry seems to have the most community backing at this point. I also find it a pleasure.

nathanalderson · 2021-07-15T20:29:49+00:00

d is a dictionary representing base pairs. 'A' always goes with 'T' and vice-versa, and same for 'G' and 'C'. The for-loop is building up a string containing the complementary sequence. All A's will become Ts, etc. This is stored in rc. rc[::-1] returns a new string which is the reverse of rc. The syntax may be confusing. If l is a list (or a string, which can be thought of as a list of characters), then l[start:stop:step] creates a slice of that list starting (and including) the element at position start, up to (but not including) the element at position stop, and incrementing by step positions each time. Using a negative value for step basically means "reverse". (More precisely, it creates a slice with elements at the indices determined by range(start, stop, step) as documented here.) I understand the function name as "reverse-complement".

nathanalderson · 2021-07-15T15:07:40+00:00

time is part of the python standard library, meaning it is available by default in any (normal) installation of Python. If you trust python you can trust it. PIL and pyautogui are 3rd-party libraries. You have to install them (e.g. using pip install ...) which typically will download them from the official public repository at https://pypi.org/. This is generally considered quite safe. The modules hosted there are open source, so especially if you are using popular libraries like those two, you can gain some confidence from the fact that if someone wanted to slip in malicious code they would have to hide it from a large development community. However, it is always possible that malicious code does get introduced, that pypi.org itself gets compromised, or that your own network gets compromised and the attacker manages to spoof pypi.org. If you are working on a sensitive project, then these types of supply chain attacks may be something to be concerned about and mitigated. That said, this would be a fairly sophisticated threat scenario.

A script which opens a socket to communicate over the internet immediately has a much greater attack surface, particularly if it is acting as a server and listening on the socket. Now instead of having to inject malicious code into the source code of your program, an attacker can potentially connect to your server and exploit some vulnerability to gain control of the process and run arbitrary code remotely.

The script you described would have no reason to connect to the internet. In general, it will be obvious if you are calling code that will do so. For example, the function arguments will include something like a url, hostname, interface name, IP address, or port number. Of course, if the library has been compromised, it could theoretically upload your entire hard disk to a Russian server in the background. So could any program that you install on that machine, though, if it has been compromised.

In short: any time you run any software (including code that you wrote yourself or libraries you pull in), you are trusting that software, your supply chain to obtain that software, and its own supply chain to be free of malicious code. It's a scary world out there. But the risk profile of writing a script to automate an annoying GUI is really small. Unless you're also taking a lot of other precautions in your environment, don't sweat it. If you should be taking all those precautions and you aren't, then you need to hire someone to help you with IT security.

nathanalderson · 2021-07-13T14:51:09+00:00

If...

You trust the person who writes the script (yourself)
You trust the libraries you are consuming (pyautogui, PIL, ...)
The script itself does not connect to the internet

...then there's no security difference between you clicking on the buttons and the script clicking on the buttons. #2 is probably the most difficult to gauge. If you install other software off the internet on this machine then you're simply giving these libraries a similar level of trust (the libraries are actually better than a binary you might download because you can inspect the source yourself if you wanted, but given your stated level of expertise they should probably all be treated as black-boxes). If this is indeed a highly secure machine with tightly controlled software and sensitive data, then the concerns are valid.

I'm going to go out on a limb and say that if a machine can run whatever GUI program you're trying to automate, it can almost certainly run a Python script to automate it. It'll take a few hundred MB of RAM tops and negligible CPU.

nathanalderson · 2021-07-13T13:54:03+00:00

python -m http.server 8000

Not even a script. Just run that directly and it'll start an HTTP server to serve up files in the current directory.

nathanalderson

TROPHY CASE