如何安全运行用户上传代码?
原文: PyCoder's Weekly - Issue #433
- 200812 Zoom.Quiet(大妈) 用时 42 分钟 完成快译
- 200812 Zoom.Quiet(大妈) 用时 37 分钟 完成格式转抄.
- 什么是 Python Wheels 以及为何应该关心?
- REAL PYTHON
In this tutorial, you’ll learn what Python wheels are and why you should care as both a developer and end user of Python packages. You’ll see how the wheel format has gained momentum over the last decade and how it has made the package installation process faster and more stable.
(是也乎:
从 egg 到 Wheel ...
)
- Name 中有什么: ShopRunner Python 数据科学库 2.0
- NICOLE CARLSON
- • Shared by Nicole Carlson
ShopRunner’s data science team decided to rename their open-source libraries after their namesake’s creator made comments that didn’t align with the group’s values. This article makes a great case study on how to rename projects while minimizing developer impact.
(是也乎:
硬分叉后的必须手尾.
)
- Django 幸存之道(如果关心数据的话)
- DANIELE VARRAZO
- opinion
Many developers view Django’s “database agnosticism” as one of the framework’s strengths. Daniele Varrazzo, on the other hand, believes this approach potentially handcuffs the developer from taking advantage of database-specific features. Read Daniele’s detailed opinion and follow the discussion on Hacker News.
- 在 Python 传参: 背景和最佳做法
- REAL PYTHON
In this tutorial, you’ll explore the concept of passing by reference and learn how it relates to Python’s own system for handling function arguments. You’ll look at several use cases for passing by reference and learn some best practices for implementing pass-by-reference constructs in Python.
(是也乎:
其实, 用最无聊的形式来最好.
)
- 从头构造隐性关注分析
- ANDREW HEALEY
There are a number of reasons websites want to collect data about how users use their website. But how this works is often a controversial topic. Learn how tracking works by building a privacy-focused tracking system from scratch.
(是也乎:
pixel.gif 技巧总是可用的...
)
- 虚拟活动资源
- PYTHON.ORG
Thinking about hosting a virtual Python conference or meetup? The PSF compiled a list of tools and resources to help you be successful! Oh, and they’ll be re-launching their grant program soon!
(是也乎:
关键在网络活动的免费平台, 国外有很多, 国内呵呵...
)
- Q3 PSF成员提名截止日期为8月20日
- TWITTER.COM/THEPSF
Do you know someone who deserves to be a PSF fellow? Why not nominate them?
讨论
Discussions
The short answer: it depends. The long answer? Reddit’s got you covered!
(是也乎:
不过, 有一点可以肯定, 高手和低手的 Python 2.* 代码看起来差不多, 但是, 到了 Py3 就能也感觉出来了.
)
- 在 Python 实践中如何跟上?
Consistency is hard sometimes. What do you do to get through the ruts?
文章,教程和嗯哼
Articles, Tutorials and Talks
- Django Views — 正道
- LUKE PLANT
Views are one of the core components of a Django application. Django offers two kinds of views: function-based views and class-based views. Which one should you use? Fortunately, there’s an opinionated guide to help you sort things out!
(是也乎:
反正当年各种 MV* 模型非常多, 总之, 嫑折腾框架设计好的模式就好.
)
- 如何用 Python 将语音记录转录为文本
- MATT MAKAI
Learn to transcribe speech in recordings like MP3s into text with Python and AssemblyAI’s API.
(是也乎:
当然的, English only, 中文这方面有天然壁垒...
)
- 打包Python代码的选项: Wheels,Conda,Docker等
- ITAMAR TURNER-TRAURING
There’s a lot of ways to package your Python code. Find out which one is right for you.
(是也乎:
打包不是发布,距离发行早. 但是, 在工程中, 却又是必须的...
没想到这篇是 Docker 的软文...
)
- 用 Python 和 Pytest 测试 Twilio 交互式语音响应/IVR 系统
- HAKI BENITA
Learn advanced testing techniques for Twilio IVR systems using Python and pytest
- The Real Python Podcast – 第21集: 探索K均值聚类并与熊猫一起创建成绩簿
- REAL PYTHON
- Podcast
Do you want to learn the how and when of implementing K-means clustering in Python? Would you like to practice your pandas skills with a real-world project? This week on the show, David Amos is back with another batch of PyCoder’s Weekly articles and projects.
(是也乎:
)
- TensorFlow 数据集: 问题部分
- KATIE PORTERFIELD
- AND YOAV ZIMMERMAN
TensorFlow’s data loader is built around sequential access. This introduces some potentially important pitfalls for data engineering projects. Learn what these issues are and when to avoid them.
- Pysa: Python 代码的开源静态分析
- GRAHAM BLEANEY
- AND SINAN CEPEL
Facebook has just open-sourced a static analysis tool for detecting security issues in Python code.
(是也乎:
Fb 出手了, 当年 珢神在 Google 作的就是类似工具, 没想到10年后, 这方面依然没彻底解决...
)
好物
Interesting Projects, Tools and Libraries, Projects & Code
- pyre-check: 用 Pysa 安全检查器对 Python 进行性能类型检查
- GITHUB.COM/FACEBOOK
(是也乎:
类似检查器就是自动优化的基础工具, 这方面 Fb 在 PHP 上积累了丰富的经验.
)
-
- GITHUB.COM/DETERMINED-AI
-
PyOxidizer: 现代 Python 应用程序打包和分发工具
- GITHUB.COM/INDYGREG
(是也乎:
基于 Rust 对 Python 运行时的智能包装. 不知道现在可用否.
今年线上 PyCon 爆出来的仙品.
)
- pyinstaller: 将Python程序 冻结/打包 成独立的可执行文件
- GITHUB.COM/PYINSTALLER
(是也乎:
最古早的 windows only 打包工具, 竟然还活着.
)
- shiv: 用于构建完全自包含 Python Zipapps 的命令行实用程序
- GITHUB.COM/LINKEDIN
(是也乎:
Zipapps 哗...叕一个隐藏大生态.
)
- subpar: 用于创建自包含 Python 可执行文件的实用程序
- GITHUB.COM/GOOGLE
(是也乎:
Google 出品, 基于 Bazel 叕一个上古神器的现代再造.
)
- pex: 用于生成.Pex/Python可执行文件 的库和工具
- GITHUB.COM/PANTSBUILD
(是也乎:
关注, 这可能是解决 Python 最后一个大问题的方向.
无依赖的快速发布一个 Python 应用到主要平台.
tox 则是隐藏在一切背后的基础工具.
)
- bcpandas: Pandas 和 SQL Server之间的超快速 I/O
- GITHUB.COM/YEHOSHUADIMARSKY
- • Shared by Josh Dimarsky
(是也乎:
等等 SQL Server ? 这货还活着? 有人用?
)
-
connaisseur: 用于 Python 图像验证的 Kubernetes 准入控制器
- GITHUB.COM/SSE-SECURE-SYSTEMS
- • Shared by Philipp Belitz
-
flake8-aaa: 用于检查 Python 测试是否遵循 Arrange-Act-Assert 模式的 Flake8 插件
- GITHUB.COM/JAMESCOOKE
- • Shared by James Cooke
-
podsearch: 通过 iTunes Search API 查找播客
- GITHUB.COM/NALGEON
- • Shared by Anton
(是也乎:
和 ggroups 类似, iTunes 也是默默成为最大 Podcast 总入口了?
)
📆🐍 活动/大会
Events, MeetUp 真的是全球线下活动组织中心
-
⋅ Python Atlanta (Online Meetup)
- August 13, 2020
-
⋅ PyBay2020 (Virtual Conference)
- August 15–16, 2020
-
⋅ Montréal-Python (Online Meetup)
- August 24, 2020
DAMA
❤️ Happy Pythonic ;-(
大妈私人无责任播报)
101camp11py 报名将结束
课程规划:
报名截止 2020.08.23
正式开课 2020.08.30
课程结束 2020.10.11
详情 => 蟒营™ Python 入门班第11
PS:
好文笔,感叹号年度配额: 1/3
投稿/反馈邮箱:
askdama@googlegroups.com
(邮件列表地址, 当成正常邮件发送邮件就好, 不用注册, 不用翻越...)
ZoomQuiet/大妈
就是四处 是也乎,( ̄▽ ̄) 的那个大妈:
私自嗯哼: ZoomQuiet (订阅号: ZoomQuiet42)
公开课程: 蟒营 (订阅号: Mainium)
历史吐糟: Chaos42 (订阅号 PythoniCamp)
as 创始组织者:
PyChina (订阅号: PyChinaOrg)
本地社区:
GDG珠海 (订阅号: GDG-ZhuHai)
TFUG珠海 (订阅号: ZH_TFUG)
NN 4103
Comments