[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] pygame web plugin

To: pygame-users@xxxxxxxx
Subject: Re: [pygame] pygame web plugin
From: Michael <zathras@xxxxxxxxxxxxx>
Date: Wed, 10 Sep 2008 10:23:29 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: pygame-users-outgoing@xxxxxxxx
Delivered-to: pygame-users@xxxxxxxx
Delivery-date: Wed, 10 Sep 2008 05:17:27 -0400
In-reply-to: <e1a84d570809092031y7dfc481djc6282d51a7dfecef@xxxxxxxxxxxxxx>
Organization: Just little old me
References: <20080909215528.37FF57BD45@xxxxxxxxxxxxxxxxxxxxxxx> <097201c912d7$7adafb90$7090f2b0$@net> <e1a84d570809092031y7dfc481djc6282d51a7dfecef@xxxxxxxxxxxxxx>
Reply-to: pygame-users@xxxxxxxx
Sender: owner-pygame-users@xxxxxxxx
User-agent: KMail/1.9.6 (enterprise 20070904.708012)

On Wednesday 10 September 2008 04:31:10 James Mills wrote:
> However having said that
> I tend to trust FOSS more than
> commercial software.

I once worked with an admin who REALLY should've known better. As in REALLY 
should've known better. Did exactly these sorts of steps:
> 
> 1. Install Python
> 2. Install setuptools
> 3. easy_install <your favourite game>
>

(Wasn't quite the same, it was a set of install instructions)

The system rebuilds he was doing for the next week reminded him about:

> step 4. "Audit code to be sure it isn't evil".

Easy install is a nice idea in theory, but it assumes that everyone is perfect 
and isn't going to do something that either accidentally (or maliciously) 
trashes your machine.

For example. CPAN has a mode of usage similar to easy_install/setuptools in 
that it'll figure out the dependencies for you and install them. Whilst they 
fixed it a *long* time ago now, one of the modules decided to say 
(innocently) that it was dependent on the latest version of Perl that most 
people weren't then using. The CPAN shell installer happily tried to upgrade 
a significant number of people's perl installations.

This was a bad idea on so many levels, and was an accident, and it's
been fixed now. However, it does demonstrate how stupid it can be to assume 
that such things are safe. It just takes one (stupid) file to trash things 
after all. (eg "chmod a+rwx /" can be remarkably fatal when run as root,
and if that was created from "chmod a+rwx %s/" % somevar, it's remarkably
easy to miss.)

> However having said that
> I tend to trust FOSS more than
> commercial software.

The reason for that though is because you'll get people turning round, looking 
at something like encouraging (eg non-developer) users to run arbitrary 
untrusted code on their systems turn round and say "you do realise that 
that's just asking for trouble, don't you?"

:)

Michael.

Follow-Ups:
- Re: [pygame] pygame web plugin
  - From: Greg Ewing
- Re: [pygame] pygame web plugin
  - From: James Mills

References:
- Re: [pygame] pygame web plugin
  - From: yanom @linuxmail.org
- RE: [pygame] pygame web plugin
  - From: Noah Kantrowitz
- Re: [pygame] pygame web plugin
  - From: James Mills

Prev by Author: Re: [pygame] surfarray.pixels3d() bug?
Next by Author: Re: [pygame] Good code for text wrapping?
Previous by thread: Re: [pygame] pygame web plugin
Next by thread: Re: [pygame] pygame web plugin
Index(es):
- Author
- Thread