"A big component to that has been our use of Twisted Python. We're pretty reliant on the Twisted framework, and we use it for our base-line management software that we use to run the great majority of production services that we have, our monitoring infrastructure and the next-generation thing that we have coming, which is a suite of programs that will automate the upgrade process for us," Kelley said.
Python Slithers into Systems, eWeek.com
"Twisted is one of our favorite pieces of technology. We’ve used it in Sleevenotez, and we had a major project last year, that was unfortunately canned for budget reasons after we’d done about 2 months modelling and spec work, that we designed in Twisted. I’ve been using it for years and I really think it’s one of the finest software systems I’ve ever come across."
Twisted "ready for the big time", isotoma blog
This week, some people are saying some nice things
about Twisted.
class A(object):
def m(self, alpha):
print 'A.m', alpha
class B(A):
def m(self, alpha, beta):
print 'B.m', alpha, beta
super(B, self).m(alpha)
class C(B):
def m(self, alpha, beta, gamma):
print 'C.m', alpha, beta,
gamma
super(C, self).m(alpha, beta)
class D(B):
def m(self, alpha, beta, gamma, delta):
print 'D.m', alpha, beta, gamma,
delta
super(D, self).m(alpha, beta)
class E(C, D):
def m(self, alpha, beta, gamma, delta, epsilon):
print 'E.m', alpha, beta, gamma,
delta, epsilon
x = ???
super(E, self).m(alpha, *x)
E().m(1, 2, 3, 4, 5)
The UNIX security model sucks.
Unfortunately, we are likely to be stuck with it for the next hundred quintillion years, it will outlive the sun and possibly humanity as we flee to other stars and trade our technology to species across the galaxy. I understand this fact. I can live with it.
Still, we must be able to do better than the current tools, like sudo. I have had a variety of Twisted-based ideas for this kicking around in the back of my head for a while.
Imagine a Twisted daemon that ran at boot,
Such a daemon could be used for more than just 'sudo'. Most of the tasks currently reserved for 'init', such as run-parts, could be run as "nobody" instead, with
Since security rules could be implemented in Python, it would be easy to have flexible policy declarations, like, "/usr/bin/foobar can always run /usr/sbin/bazqux processes as the 'foobar' user when run by people in the 'xyz' group". This avoids giving unrestricted system access to either members of the 'xyz' group, or anyone who can exploit the 'foobar' executable. Ideally programs could be distributed with their own security rules rather than, as sudo does, making separating privileges the administrator's responsibility.
Of course I have no time to implement this, nor to advocate it to the dozens of very high-profile projects which would need to adopt it in order for it to be useful. I wish that I could, though, every time sudo lets me run two commands as root in a row because it would be too inconvenient to type my password a second time.
Unfortunately, we are likely to be stuck with it for the next hundred quintillion years, it will outlive the sun and possibly humanity as we flee to other stars and trade our technology to species across the galaxy. I understand this fact. I can live with it.
Still, we must be able to do better than the current tools, like sudo. I have had a variety of Twisted-based ideas for this kicking around in the back of my head for a while.
Imagine a Twisted daemon that ran at boot,
seteuid and
setegid to "nobody", but retaining root privileges.
spawnProcess already supports switching UIDs for your
subprocess. Instead of running subprocesses directly, you could run a
Twisted client program which would connect to the root daemon and ask it to
do something for you.Such a daemon could be used for more than just 'sudo'. Most of the tasks currently reserved for 'init', such as run-parts, could be run as "nobody" instead, with
start-stop-daemon asking to run specific
commands as root. You could eliminate just about every "suid" binary
by having all the binaries themselves be non-SUID, but distributed with
security rules that allow their execution in specific restricted
contexts.Since security rules could be implemented in Python, it would be easy to have flexible policy declarations, like, "/usr/bin/foobar can always run /usr/sbin/bazqux processes as the 'foobar' user when run by people in the 'xyz' group". This avoids giving unrestricted system access to either members of the 'xyz' group, or anyone who can exploit the 'foobar' executable. Ideally programs could be distributed with their own security rules rather than, as sudo does, making separating privileges the administrator's responsibility.
Of course I have no time to implement this, nor to advocate it to the dozens of very high-profile projects which would need to adopt it in order for it to be useful. I wish that I could, though, every time sudo lets me run two commands as root in a row because it would be too inconvenient to type my password a second time.
From the PyCon feedback survey:
How do you troubleshoot completely random problems?
My home desktop machine has been suffering from a Linux kernel "Oops"
approximately once every two days for the last few weeks. I would really
like it to stop doing that. When I get a stack trace in my logs, it's
consistently in the "kswapd" process, even though I disabled all
swap weeks ago.
I'm running Edgy on this machine, just like I was running it on my laptop
and am running it on my work desktop. Those machines were both completely
stable (modulo occasional ndiswrapper issues) running the exact same
kernel.
It doesn't seem like it's a hardware issue. At least, the same machine has
never exhibited any problems under Windows.
It isn't deterministically reproducible. It always seems to be in response
to a click or some kind of user-input event during heavy disk I/O, but
flogging the disks and mashing the keyboard, even for hours at a time,
doesn't cause it to happen.
I am considering a fresh re-install to attempt a fix for this, but besides
the inelegance of that solution, it seems likely that it will leave me in
the same place.
Does anyone have a suggestion for tracking this down so that I'll actually
know that it's fixed?