Paul Ganssle @pganssle@qoto.org
Programmer working at Google. Python core developer and general FOSS contributor. I also post some parenting content.
Joined Nov 2019
Paul Ganssle
boosted
@pganssle https://en.m.wikipedia.org/wiki/Juice_jacking
“As of April 2023 there have been no credible reported cases of juice jacking outside of research efforts.”
@acdha @glyph I suppose the difference is that the monetization strategy for credit card skimmers is straightforward, and in the pre-chip days it was pretty valuable to skim ~1000 cards or whatever.
Compromising random phones is probably not especially valuable even if juice jacking worked 100% of the time, and your hit rate is probably lower than what you'd get by tricking people into installing something via some other mechanism. The fact that it's mostly been mitigated on the software side probably makes it not cost-effective.
Paul Ganssle
boosted
🇵🇸
https://strftime.org/ is always a very useful site #python #datetime #time #help
@glyph Wait is juice jacking really a toothbrush botnet? I bought USB condoms for nothing?
I guess I always thought of it like plugging a random USB device into my computer. Actually a dangerous thing to do, but also if you spent all day plugging random USB drives you found or got at conferences into your device, the modal outcome is that nothing bad would happen to you.
My workflow is such that I like to keep manual profiles to isolate different use cases for the browser, but firefox profiles are too cumbersome to switch between, and Multi-Account containers just don't work well for me, so I end up with Firefox as my "open any link" browser, and Chrome as my "different profile for each different service" browser (e.g. twitter has one profile, github has another, and LinkedIn is always in incognito windows on a dedicated "clear everything" profile — and even then I think to myself I should probably only be accessing that website via Qubes OS or something).
I can't tell if this is a good time for this to happen or a bad time for it to happen, because I just found this: https://github.com/null-dev/firefox-profile-switcher
Which, if I can get FF working again, could make it possible for me to give up Chrome entirely.
Man, #firefox crashes on launch every time, and #thunderbird doesn’t launch at all (thunderbird & just hangs on “Using nsImapService.cpp”, then...
@penguingeek No such luck, just crashes immediately, with new profile, after update, after reboot, after re-install, after removing `~/.cache/mozilla` and `~/.mozilla`. Doesn't work with `firefox -safe-mode`. Anything I do gives:
```
$ firefox -safe-mode
ExceptionHandler::GenerateDump cloned child 5885
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal...
```
I also tried running `VAAPI_MPEG4_ENABLED=0 firefox`. Crash on startup. Super weird.
@penguingeek Arch Linux
Man, #firefox crashes on launch every time, and #thunderbird doesn't launch at all (`thunderbird &` just hangs on "Using `nsImapService.cpp`", then segfaults when I Ctrl+C after 24 hours...).
I have no idea what happened here and I don't feel like I have time to mess around with it too much right now. Very disappointing.
@kevin @mkennedy FWIW I have often found that my talks are more likely to get accepted to PyCon US after I've given them at a smaller regional conference. Seems likely that they get a boost for being "pre-vetted" in that way (plus presumably the organizers know that I've got some practice giving the talk already).
Of course that could be just down to the timing of things, where I have last year's best talk at PyCon X, so I need a new talk for PyCon X, but that talk is still fresh for PyCon US. 🤷
@mkennedy Do you ever make your proposals publicly available? I have never been on the PyCon committee, but I would be willing to take a look and give an opinion.
I usually get a talk in, though I don't know how much of that is from being good at writing proposals and how much of it is other factors (choice of topic, track record as a speaker, position in the community, etc).
This is the proposal that I got accepted this year: https://gitlab.com/pganssle/proposals/-/blob/master/pytest-unittest/2023-pycon-us-pytest-unittest.md?ref_type=heads
It was rejected last year on favor of this one: https://gitlab.com/pganssle/proposals/-/blob/master/datetime/2023-pycon-us-working-with-timezones-redux.md?ref_type=heads
The year before that I gave this talk: https://gitlab.com/pganssle/proposals/-/blob/master/upstream_bugs/2020-pycon-upstream-bugs.md?ref_type=heads
(Originally scheduled for 2020)
Paul Ganssle
boosted
This year will be the 20th anniversary of @leonardr's #Python screen-scraping tool Beautiful Soup.
https://www.harihareswara.net/posts/2024/celebrate-beautiful-soups-20th-anniversary/
Please contact me if you'd like to contribute to the celebration by:
* contributing to a "how Beautiful Soup was important to my life or career" anthology
* helping edit and publish that anthology
* funding printing the book
* throwing or speaking at a party on or around May 19th, 2024
or
* helping upgrade Leonard's PyCon travel so it's not just economy/coach
Paul Ganssle
boosted
@coveragepy can now use Python 3.12's new sys.monitoring module with much lower overhead.
On 3.12, it's about the same as if you were running tests *without* coverage enabled!
https://nedbatchelder.com/blog/202312/coveragepy_with_sysmonitoring.html
With 7.4.2, you can set COVERAGE_CORE=sysmon globally on your CI, and it'll only use it where available (Python 3.12 and 3.13 alpha), and use the default for 3.11 and older.
For example, @pillow is 9% - 27% faster!
@pradyunsg @henryiii Ah, maybe not so surprising, then. I feel like sometimes these, "We wrote it in <x> and now it's super fast!" projects are often "We approached this in a way that prioritizes performance and now it's super fast!"
In the best cases of this, you can import a lot of the performance gains into the original project. In the worst examples, the way they got the performance was by cutting corners, and the speed comparison is basically a lie.
Any chance `pip` can get some of the same performance benefits upstream (even if only on the "happy path" of hitting pypi.org?)
@henryiii This is honestly pretty shocking to me. I would have been confident that the bottleneck for `pip` was disk I/O and network latency, in which case rewriting in Rust would not really matter.
Is `pip` just slow now because of the resolver? Or is `pip` leaving a lot of performance on the table?
Also if someone has a better version of this please let me know I am not interested in maintaining any kind of shell code.
Any #bash experts out there have an idea why this function isn't working well with `ps`? If I pipe `df -h` into it, it works fine. If I redirect the out put from `ps -aux` to a file, then `cat` that file into it, it works. When I pipe `ps -aux` directly into it, I only get the header.
@freemo That is actually a myth. I have played a lot of Minecraft recently and the actual rule is that if you fall into *water* you won't be hurt at all, no matter how shallow the water.
If you are working at high heights, it is best to keep a bucket of water on you in case you fall.
The Japanese version of Jeopardy! is basically exactly as I expected (though I didn't think they would have more than 3 contestants)
(Note: I am watching a different episode than the one I linked)
Programmer working at Google. Python core developer and general FOSS contributor. I also post some parenting content.
Joined Nov 2019
