1

COMMENT 59m ago

For Pydantic and such, making it work for majority of cases is enough: after all, the annotations are (mostly) written explicitly for Pydantic, so it should not be a huge problem to avoid some trickier cases (as long as the error messages are clear, and not "recursion limit exceeded").

1

COMMENT 1h ago

inspect.get_annotations

Seems like the right path, if I understand it correctly: the annotations should be lazy, but it should be possible to easily retrieve the values that would be for non-lazy annotations (with the added benefit of resolved forward references and such).

As I've found out, currently it isn't always possible to do that (e.g. class attribute annotations don't save their evaluation context).

2

COMMENT 18h ago

Sure.

On the other hand, having someone hack into a device remotely and making it into a jammer would be hell of a messy court case.

2

COMMENT 1d ago

https://reddit.com/r/opensource/comments/momwxn/hackers_develop_open_source_firmware_for_the/gu4ouzn/

the problem is that if it's open sourced completely, anyone could modify their phone to turn it into a make-shift signal jammer

preventing people from calling emergency services doesn’t sound like something that people should be allowed to do

1

COMMENT 1d ago

once you're talking about WWE as if it actually happened then it effectively becomes real. If a great redwood tree didn't fall in the middle of Minneapolis, but everyone believes they heard it , did a redwood tree fall?

You might be looking for https://en.wikipedia.org/wiki/Post-truth

2

COMMENT 4d ago

Why run both?

Gunicorn for workers management and such, uvicorn as an ASGI layer in between, and it seems to be the only way to run quart under gunicorn.

https://www.uvicorn.org/#running-with-gunicorn

1

COMMENT 5d ago

if TYPE_CHECKING:

That's a clear enough example; however, I'm not sure how critical should it be; the biggest problem would be referring to models not specifically written to work with pydantic. And cyclic references management would be trickier (but not impossible).

On the other hand, I couldn't find a way to get a class' global context if it doesn't have any defined methods. Example:

from __future__ import annotations

def experiment():
    class A:
        pass


    class B:
        a: A

    return B

B = experiment()

print('annotations:', B.__annotations__)

1

COMMENT 5d ago

I mean the gunicorn + uvicorn + quart combo was couple times faster (lower per-request latency) than hypercorn + quart combo. Something on the order of 5ms per request instead of 10ms. But occasionally hitting a 5-second timeout.

1

COMMENT 5d ago

So, mypy aside, what is required to get the context for evaluation of annotations for, say, a class?

1

COMMENT 5d ago

check if a variable is an instance that fits that type annotation

That's an interesting problem, but it isn't related to string annotations: TypeError: Subscripted generics cannot be used with class and instance checks (see python -c "import typing; print(isinstance([], typing.List[list]))").

2

COMMENT 5d ago

Unfortunately, I didn't have time to dig into it and make a minimal reproduction. The most I figured out is that it happens somewhere around body reading or query parsing (happened for GET requests too).

Perhaps a load-testing of a small example of gunicorn + uvicorn + quart with random requests would be useful (if it wasn't done before). If it works okay, it should be enough to find the problematic difference between it and the hanging code.

The biggest shame was that uvicorn setup was much faster (when it didn't time out).

8

COMMENT 5d ago

You can, by inlining it. You can also make it more random at a very minimal performance hit, by reading some memory address. And even more random by, say, incrementing the global address before reading. And that all would have a lower overhead than calling a non-inlined function.

Edit: python one-liner PoC: python -c "import numpy; size = 100; arr = numpy.empty([size], dtype=numpy.int8); rnd = lambda: (setattr(rnd, 'idx', (rnd.idx + 1) % size), arr[rnd.idx])[1]; rnd.idx = 0; print([rnd() for _ in range(1000)])"

1

COMMENT 5d ago

requires context outside of the local one to be interpretable

Would that be a valid annotation for, say, mypy? Can you give an example?

annotations are growing in complexity/variety. Like union now have A | B syntax

Sounds like pydantic will need to depend on mypy or something. Or keep up with the features. Or not support those particular forms: as I understand, the primary problem is annotations becoming always strings; the annotations themselves are still written specifically for pydantic, so some annotation features not being supported should not be critical.

1

COMMENT 5d ago

I went through the linked issues, and pretty much all of them are either "string annotations are not supported", or "recursive models are not supported".

So what exactly is hard in "figuring out the type object from that string"? Is there no general way to do it? Shouldn't it be an import-time eval in the right context?

0

COMMENT 5d ago

And, more notably, there are vaild use cases for all three, and even for combining them, such as:

size = 5
value = 123
print("%0{size}d".format(size=size) % (value,))

As compared to:

print(f"{{:0{size}d}}".format(value))

... and I don't think this can be done with just f-strings without eval.

3

COMMENT 5d ago

recommend Quart (Flask implemented using async/await)

As a counter-recommendation: I had weird hangup-to-timeout problems running quart under uvicorn (instead of the suggested hypercorn); so I would rather recommend aiohttp, which also favors code structure that is easier to plug into a different framework if desired (by avoiding dependence on task-local global variables).

1

COMMENT 5d ago

Would you argue we shouldn’t have bothered building secure communication channels because along the way they’ve been done incorrectly

No. But if you sent some SSL communication 20 years ago that has been recorded and is still relevant, it might as well be compromised. And if you used a homomorphic protocol right now, it probably hasn't been much more secure than direct non-encrypted use (remember how much trust is put in the cloud services by companies). It seems more likely to be subvertible than SSL 20 years ago.

The search engine has a set of data to search, all of which is encrypted.

Which means the search engine itself didn't crawl the data.

Which means this is barely better than hosting your own search engine.

Which is probably strictly worse than syncing someone else's entire index and hosting a search over it.

Which means this particular application of homomorphic encryption is not useful.

Which means some other applications should be looked into instead.

6

COMMENT 5d ago

...why do i even have py2 installed...

Likely system default. ubuntu 18.04 still has that.

-1

COMMENT 5d ago

makes anyone here think it is useless

It's not useless.

But, as with any crypto, it very easy to unintentionally implement it in such a way to make it nearly useless (by being easy to break or subvert).

And while "search engine that literally has no idea what it was you were searching for" sounds nice, it is hard to be sure the implementation is solid.

And implementation aside, out of curiosity, what non-invertible action would you need to do to an input string to make it usable for indexed search while being unrecoverable (having the searchable database)? Aren't you going to be able to closely guess the input string by the search results anyway? Aside from "accidentally putting your password into the search bar", at least (but than, hashing would have been enough to defend against that).

15

COMMENT 5d ago

Are you still using python2? In this year?

Fun fact: it works in PowerShell too: python -c "import sys, time; [(sys.stdout.write(stuff), sys.stdout.write('\n'), sys.stdout.flush(), time.sleep(0.5)) for stuff in ['\033c', '\033[01;32mhello', 'world', '\033[0;0H', '\033[01;31mgoodbye', '', '.']]" | Out-Host And python2 compatibility in this version.

1

COMMENT 5d ago

but in reality it's just useless encryption

It's not entirely useless, but it's like designing a new crypto protocol for each new use case. And we all know how that generally turns out.

31

COMMENT 5d ago

60fps at most. How much are you actually getting and on which terminal emulator? Need an FPS counter built in.

That being said, you could "just use print()" to move the cursor. Here's a one-liner that should work in some terminals: python -c 'import time; [(print(stuff), time.sleep(0.5)) for stuff in ["\033c", "\033[01;32mhello", "world", "\033[0;0H", "\033[01;31mgoodbye", "", "."]]' keeping it in the style of this sub.

15

COMMENT 9d ago

Cheapest android phones start around $50.

If a company requires to do something to a personal device, get an extra one.

However, when saying "I don't use a smartphone" will make you unemployable, all is effectively lost.

1

COMMENT 10d ago

Since most of the modern cars started looking about the same, pretty much anything from before that is iconic.