notpygame (u/notpygame)

notpygame commented on Mitigating Memory Safety Issues in Open Source Software security.googleblog.com/2... · Posted by u/littlestymaar

duckerude · 5 years ago

Rust does not solve the memory safety issue. It does mitigate it, and the post is about mitigation. That study finds that Rust "successfully limits memory-safety risks to the realm of unsafe code".

It also finds that Rust has novel patterns of unsafety in unsafe code. That's important! But it's fully compatible with the claim that Rust is much safer than C overall.

I don't think it ever says that the sum of safety in safe code and novel unsafety in unsafe code adds up to as much unsafety as C. The paper's overarching claims aren't quantitative.

I think you're overstating the claims of both the blog post and the study.

notpygame · 5 years ago

The recent track record of curl shows it has zero reported memory safety issues recently. Reading the article and the old linked research you'd be mislead.

It also states that Rust completely prevents them - it does not. The article talks about mitigation, but also says: "would have been completely prevented by using a memory-safe language". The "completely prevented" claim in the article is the one not supported by current research. If you only read this article, you'd be mislead about memory safety in Rust.

notpygame commented on Mitigating Memory Safety Issues in Open Source Software security.googleblog.com/2... · Posted by u/littlestymaar

notpygame · 5 years ago

The security information about C and curl is a bit outdated in the post, and recent research shows Rust does not solve the memory safety issue.

The "recent study" quoted in the article was published at the beginning of 2019, using older data.

Current vulnerability data shows that curl has very much limited the risk of memory safety issues. How many reported security vulnerabilities in the last two releases of curl? Zero so far. You have to go back 9 months before you find one expired-pointer derefence issue resulting in potential data being sent to the wrong connection in rare circumstances and configurations. Which is a logic error that could happen in Rust too.

To quote from a Oct 2020 study on Rust safety - "Our study results reveal that while Rust successfully limits the risks of memory-safety issues in the realm of unsafe code, it also introduces some side effects. In particular, most of the use-after-free and double-free bugs in our data set are related to the automatic drop scheme associated with the ownership-based memory management model." -- "Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs"

They study 60 Rust memory safety vulnerabilities.

As you can see not only does Rust not solve the memory safety problem, it has other issues. Additionally the old research quoted misleads people about the current status of reported memory safety issues in curl.

notpygame commented on AWS Lambda pricing now per ms aws.amazon.com/lambda/pri... · Posted by u/astuyvenberg

notpygame · 5 years ago

Anyone know what the co2_price is? It's missing from the page.

notpygame commented on Raspberry Pi 4 V3DV graphics driver achieves Vulkan 1.0 conformance cnx-software.com/2020/11/... · Posted by u/pfrog

m463 · 5 years ago

I've played around with the pi and pygame.

Is there a way this will help with accelerated pygame graphics?

(last I tried, all blits were in software)

notpygame · 5 years ago

Yes, pygame can use the Pi graphics hardware. It supports vulkan, OpenGL, OpenGL ES, and some other modes through SDL2.

Note, the CPUs on the Pi are faster than the gfx hardware, and gfx is usually memory bandwidth limited.

notpygame commented on I've now played with a Raspberry Pi 400 for a week and here are my conclusions · Posted by u/MarkusWandel

abraxas · 5 years ago

I wish there was a bare metal option that boots RPI 400 into a BASIC or Python interpreter the way the 8 bit machines used to

notpygame · 5 years ago

There's a python/pygame/pygame_gui OS that does exactly this called snakeware. https://github.com/joshiemoore/snakeware Grab the rpi4 image and go.

notpygame commented on Pygame 2.0 github.com/pygame/pygame/... · Posted by u/Ivoah

colordrops · 5 years ago

I put together a halloween display using a Kinect and pygame for my front yard (very quickly hacked together by the way):

https://github.com/erahhal/kinect-halloween-skeleton

Pygame is nice and easy to use, though I think I'd go with something else next time, as it doesn't support multiple monitors or OpenGL very well. I see OpenGL stuff at the top of the Pygame 2.0 change list so maybe worth checking out.

notpygame · 5 years ago

It supports multiple monitors and has better OpenGL support now.

notpygame commented on Pygame 2.0 github.com/pygame/pygame/... · Posted by u/Ivoah

csande17 · 5 years ago

I've done a fair amount with Pygame. It's great for learning the fundamentals of 2D graphics and little toy games, it works well for writing simple programs to do things with image data, and I imagine you could use it to pretty easily get an OpenGL window to draw into.

I would not recommend using Pygame to develop a serious game project. All of Pygame's provided functions use software rendering, so you won't be able to take advantage of the graphics card. More seriously, Pygame includes essentially none of the features that come out of the box in a modern game engine, so you have to do things like write the event loop yourself and find your own solutions to physics and animation and figuring out which UI element is currently under the mouse cursor. Great for learning how that stuff works, not great for getting a high-quality game shippable.

notpygame · 5 years ago

Hello. pygame volunteer here.

Here's some awesome libraries and frameworks that work with or are built on top of pygame.

pygame_gui - gui elements for pygame.

pymunk - 2d physics library. Lots of examples, very well maintained.

Thorpy - a GUI library for pygame.

pyscroll - Scrolling maps. Fast scrolling images easy.

pyTMX - Reads Tiled Map Editors TMX maps. Can use a Map editor easily.

spritesheetlib - loading sprite sheets.

animation - Tasks and tweening using pygame groups. No framework needed to smoothly move sprites or execute things over time.

pyknic - collection of useful tools (tweening, animation, context, timing, fonts, spritesystem, skeleton, ...) for games.

pytmxloader - Map loader for tmx files

pygame-text - Greatly simplifies drawing text with the pygame.font module.

Wasabi2d - cutting edge python game framework.

pgzero - game framework built on top of pygame. Intended for education.

moderngl - Modern OpenGL bindings for python. pygame-menu - A menu for pygame, simple, lightweight and easy to use.

notpygame commented on Pygame 2.0 github.com/pygame/pygame/... · Posted by u/Ivoah

wegs · 5 years ago

My wishlist:

* Integration with numpy/scipy/matplotlib/etc.

* Integration with Python Mode for Processing

* Integration with either the Arduino or the Micro:bit ecosystem

* Integration with Pygame Zero (so there are smooth, documented ways to transition -- low floor/high ceiling, rather than two modes of working)

* Eventually, integration and wrapping of OpenCV

In other words, Pygame would benefit from integrating with the broader ecosystem one might wish to use to teach kids to code. Writing games involves a lot of math, image processing, and similar, and 2020 computers are fast enough kids can do that without writing optimized assembly. It's nice if games can be physically embedded (Arduino/Micro:bit).

Right now, there's a collection of projects, but they don't play well together. The level of contortions one must go through to move a sprite from being a numpy array to an image in whatever library, to an image in another library, is well beyond what most kids (or even teachers) can handle.

notpygame · 5 years ago

A pygame volunteer here.

Wish lists are fun. True, integration is important. We should do more. Luckily some of yours already came true!

:)

For image sharing, there's a surfarray, and sndarray modules for integration with numpy. pygame.image.frombuffer/tobuffer to going to and from buffers. PIL(low), opencv, and other python image and audio libraries can be used pretty easily this way. There's articles, books and videos on how to integrate with most other libraries. Since python 3.3 or so there's been a much better buffer interface at the C and python API levels which many python libraries are using for integration. There's currently a gap in typing around this, but there's some progress.

If you don't like the 11MB download for numpy, we have a builtin pixel array module that can do a lot of the same stuff for images. There's also some built in Vector math objects (modeled closely on the GLSL ones).

The pixel array stuff is usually a hit in class settings because doing visual affects is very easy to write. As you say, computers are fast enough. Better (although more advanced) is probably the shadertoy website :)

Mu Editor, has built in support for pygame/pygame zero. It even comes with a pygame+arduino example. There's tutorials about for teaching it with microbits (and other little devices).

CircuitPython comes with some built in game libraries. This is probably better to use than pygame. It's best place to look probably for python on micros if you're into crafting games on very small devices. pygame comes preinstalled with raspberry pi, so that's also an option considering some of them can be found for $5 (or for free if you go hunting around dusty drawers).

We have some Python Mode for Processing users. There's a big community of video artists using pygame, and pygame comes built into some of the most popular video synths in recent years.

Python Mode for Processing does a lot of cool things right, and is definitely better than pygame for what it does. It would be great if some of the integration work done in this direction would continue. It's one of the most compact and readable ways to go. pygame zero follows this style a little bit, but being able to reuse code and concepts from both communities is even better.