It is only insecure if you run extractall() with an untrusted tar file.
It is like running eval() on a string supplied to you by a random user.
Python is powerful and lets you shoot yourself in the foot like any other language.
Just don't do it.
https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall"Warning: Never extract archives from untrusted sources without prior inspection. It is possible that files are created outside of path, e.g. members that have absolute filenames starting with "/" or filenames with two dots "..". "
Popular != best
It's good enough for toy projects, until you need some realtime firmware writing for a Mars lander probe
It is funny that you should mention that. My first Python project was the firmware for a deep sea lander probe. The group I introduced Python to have since become big fans and its use is now widespread in their field.
And it is still not given in our highschools.
Instead they give 3 hrs a week Dutch , English and even French and German, which the last two could better be replaced with Mandarin, Hindi or Spanish if you want to learn a global language
The group I introduced Python to have since become big fans and its use is now widespread in their field.
Are they your competitors?
[Just in case: I'm kidding
]
The group I introduced Python to have since become big fans and its use is now widespread in their field.
Are they your competitors?
Well, on the next project, my colleagues used to tease me about my enthusiasm for Python.
It has been a few years, so that has faded to a gentle glow.
It is funny that you should mention that. My first Python project was the firmware for a deep sea lander probe. The group I introduced Python to have since become big fans and its use is now widespread in their field.
You mean: the firmware was a Python interpreter than ran Python scripts that you wrote. Python is indeed popular among people who find low-level language too difficult.
Use your own words; don't change mine.
Python is indeed popular among people who find low-level language too difficult.
It's also popular among low-level language experts, who realise that micropython can be excellent tool for quickly creating devices with high-level functionality, either for test purposes or even deployment in some scenarios.
This thread is full of such good reasoning:
Popular does not equal best
Python is popular
So Python is not the best
Could someone tell me what is wrong with this 'supposed' syllogism?
One more
Baby Shark Dance is the most popular song on Youtube.
This song is pretty bad (?)
Then popular things are bad
Then Python is bad.
And so on ad nauseam. Doesn't anyone know how to get a syllogism right?
This thread isn't even about Python.
It's just a bunch of engineers (in a virtual pub) arguing over which tools are worth the effort to carry around in their (virtual) toolbox (aka brain).
Like most pub arguments there is lots of finger wagging/bad words/bullshit and in the end no conclusion. But we passed the time and had fun.
1. Most popular is bad.
2. According to
RedMonk Python is not the most popular language.
Then Python is the best language ever.
Another very good syllogism:
Popularity is independent of quality.
Python is very popular.
Then Python has bad quality.
Of course, my implicit reasoning doesn't work either.
Python is popular.
Popular means good quality. (?)
Then Python has good quality.
This thread is full of such good reasoning:
Popular does not equal best
Python is popular
So Python is not the best
Could someone tell me what is wrong with this 'supposed' syllogism?
I can tell you what's wrong. Your logic is flawed. Your conclusion is not supported by the premises. This thread is, I guess, about Python being popular. Nobody denies that. Some have pointed out that popular does not mean the best. The conclusion is something that you reached. Along with your two other flawed syllogisms.
Many people do indeed use Python. Myself included. You can't draw any further conclusions.
The fact that McDonald's is so popular can be studied and many conclusions can be drawn from it.
It was the beginning of a lot of fast food chains that eventually changed even the 'artisanal' form of meat production into industrial production.
It also introduced the concept of standard quality in a food establishment (not only in canned foods).
I don't claim that Python is the best language (that doesn't exist by any means) or a high quality language. But it does seem to me (and this is just my opinion) that behind this popularity there are certain points where Python is doing things right. And is managing to provide solutions to certain problems that other languages do not.
I don't know what the solution to this is. When I raised the issue I was struck by the sharp rise in popularity and I guess it is due to something (I do not think it's just a random question).
I do not assume that it is a question of quality or capacity or speed.
Sure Python has weaknesses, but I fail to see what highlighting such weaknesses over and over again adds to the debate.
One thing I am sure of: Python has not risen in popularity because of its weaknesses.
Quality is not in the language, it is in the programmer who uses it.
Even when the language is somewhat flawed a good programmer can make it work, by knowing the flaws and work around them.
When to use a certain language depends on your needs for certain aspects of a language or the environment you are working in. When developing interactive websites the logical choices are php or asp combined with html, css and javascript.
For an embedded real time system C/C++ is the logical choice for most.
Python has its use in all sorts of fields, just like all the other languages out there, but as with everything else it is as good as the weakest link. A bad programmer, will create bad code, no matter which language is used.
The fact that McDonald's is so popular can be studied and many conclusions can be drawn from it.
No conclusions can be drawn from McDonald's being popular. You have to introduce more information to draw any conclusions. That is the "study" part. I think you need to work on your syllogisms.
Another interesting issue is how interpreted languages have risen enormously over compiled languages in the last decades.
I also think this has some logic underneath it. And Python gets swept up in this general trend favoring interpreted languages.
Quality is not in the language, it is in the programmer who uses it.
Even when the language is somewhat flawed a good programmer can make it work, by knowing the flaws and work around them.
When to use a certain language depends on your needs for certain aspects of a language or the environment you are working in. When developing interactive websites the logical choices are php or asp combined with html, css and javascript.
For an embedded real time system C/C++ is the logical choice for most.
Python has its use in all sorts of fields, just like all the other languages out there, but as with everything else it is as good as the weakest link. A bad programmer, will create bad code, no matter which language is used.
But there are languages that favor good programming. Linus Torvalds has commented on occasions that he does not want C++ programmers in the Linux kernel at all because of the problems this could create in bad programming.
https://medium.com/nerd-for-tech/linus-torvalds-c-is-really-a-terrible-language-2248b839bee3And now a step is being taken to make Rust one of the kernel languages precisely because it encourages safer programming.
https://www.theregister.com/2022/06/23/linus_torvalds_rust_linux_kernel/
Python has its use in all sorts of fields, just like all the other languages out there, but as with everything else it is as good as the weakest link. A bad programmer, will create bad code, no matter which language is used.
But still, with Python it is the interpreter that halts in case of a problem. A poorly written C program will happily continue with a bad pointer. The latter is why I favour C++; you can largely avoid using pointers.
Another interesting issue is how interpreted languages have risen enormously over compiled languages in the last decades.
I also think this has some logic underneath it. And Python gets swept up in this general trend favoring interpreted languages.
There is a certain trend toward JIT ( just in time ) and now AOT ( ahead of time ) runtimes. The demands of cross platform and cross OS development means the code behind is often just built to an intermediate language ( IL ) with some bloated API to connect the ten lines of 'hello world' text to the target OS. Python is no exception to this trend. C# and Java are now cross platform framework heaven, and hell. The only issue for the developer is keeping up with the latest framework - are you and expert in QPython, PyCharm or Jetbrains yet? Once a new framework is announced, all bets are off just how long the existing codebase can remain supported. Everyone
else wants to race at full speed into the future, which is probably why Github is such a code graveyard.
But still, with Python it is the interpreter that halts in case of a problem.
Isn't there some way for the interpreter to raise a fault instead? Last thing you want on embedded kit is a console prompt waiting for input.
And.. does the interpreter pre-interpret your code to make sure it's all actual code? At least with a compiler, you might program a hyperspace jump but it will be an actual valid jump when the code runs