DEV Community

darkmage
darkmage

Posted on

level up yo py/js adhd af research blaggin

blog-2019-may-19.md

Warning: this blog is adhd af, all over the place, literally just goin' with my own brain flow here. All. over. the. place. Beware, like the broodwich. If you heard his delicious voice (minus sundried tomatos - those are mine!) in your head, read on.


"How to write a memory leak in Javascript?" was the first thought I had.

https://auth0.com/blog/four-types-of-leaks-in-your-javascript-code-and-how-to-get-rid-of-them/

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Memory_Management#Release_when_the_memory_is_not_needed_anymore

High-level languages embed a piece of software called "garbage collector" whose job is to track memory allocation and use in order to find when a piece of allocated memory is not needed any longer in which case, it will automatically free it. This process is an approximation since the general problem of knowing whether some piece of memory is needed is undecidable (can't be solved by an algorithm).

https://en.wikipedia.org/wiki/Decidability_%28logic%29

https://en.wikipedia.org/wiki/Undecidable_problem

to identify a leak, use chrome memory usage tools

is this useful to ppl who wanna break a site?


https://blog.cystack.net/arbitrary-file-read-vulnerability-in-hackerrank/

Accept ../../../../../../../../../../etc/passwd{{
Enter fullscreen mode Exit fullscreen mode

Recent hackerrank.com exploit. Dude didn't even get paid for it :(


From Amber Brown's amazing "Batteries included but theyre leaking"

https://pyfound.blogspot.com/2019/05/amber-brown-batteries-included-but.html

  • typing works best with mypy
  • the ssl module requires a monkeypatch to connect to non-ASCII domain names
  • datetime needs pytz
  • six is non-optional for writing code for Python 2 and 3
  • http.client documentation advises readers to use Requests
  • datetime module is confusing compared to its competitors such as arrow, dateutil, and moment
  • asyncio
  • attrs
  • twisted

"what is mypy?"

http://www.mypy-lang.org/

mypy is a type-checker. If you write your code in static-type style, this will be very helpful. I will be working this into my flow.


"what is the ssl module in relation to connecting to non-ascii domain names?"

ssl module is obvious but seems cannot handle non-ascii. hmmm...

https://github.com/python-trio/trio/issues/11


"what is pytz and why does datetime need it?"

http://pytz.sourceforge.net/

This led me down a crazy rabbit-hole on how time works in general. Why are there so many different ways to deal with time? This is crazy.

Here's something useful: https://stackoverflow.com/questions/35057968/get-system-local-timezone-in-python/35058476

from dateutil.tz import tzlocal
datetime.now(tzlocal())
Enter fullscreen mode Exit fullscreen mode

"what is six and why is it non-optional for writing py2/3 code?"

https://pypi.org/project/six/

I'm really not interested in python2 tbh...I got started so late into python that I'm just mainly sticking with 3 for now. Forward rather than backward and all that. If I get a real strong reason to dig back, I might, but for now...


never heard of arrow, never heard of moment, what can they do?

https://arrow.readthedocs.io/en/latest/

https://github.com/zachwill/moment

yet more ways to deal with time, great! -_-


barely heard of asyncio, what can it do?

https://docs.python.org/3/library/asyncio.html

If this is anything like GCD in objective-c on macOS/iOS, this is like, a cool way to write code in a multithreaded-kinda way.

https://docs.python.org/3/library/asyncio-task.html

import asyncio
import time

async def say_after(delay, what):
    await asyncio.sleep(delay)
    print(what)

async def main():
    print(f"started at {time.strftime('%X')}")

    await say_after(1, 'hello')
    await say_after(2, 'world')

    print(f"finished at {time.strftime('%X')}")

asyncio.run(main())
Enter fullscreen mode Exit fullscreen mode

Expected output:

started at 17:13:52
hello
world
finished at 17:13:55
Enter fullscreen mode Exit fullscreen mode

One thing unrelated that I notice is that you can write arbitrary code inside f-strings. This seems extremely vulnerable/bad in general. I need to write code to play with this.


not sure if heard of attrs, what can it do?

https://github.com/python-attrs/attrs

I'm a little bit triggered reading Amber Brown's name in the testimonials list. What's so hard about writing classes in python that requires an entire package to make it easier?

https://nedbatchelder.com/blog/200605/dunder.html

They're referencing those special methods like __init__, __repr__, etc. Normally you'd have to write those if you want them in there, but I guess attrs helps take care of that leg-work or something.

Might be worth checking out.


i used twisted long ago, where is it in python3 support?

https://twistedmatrix.com/trac/

They say "a subset of" and growing, but we will see next time I check it out...


The last episode of Game of Thrones is about to come on, I need to get ready with a walk to the corner store for snackage (which also counts as exercise), and post this thing, so I will call that a blog post. Take it easy!


If you need a Computer Science tutor, code reviewer, or just someone to pair program with, hit me up

Top comments (0)