Tcll | The Blog Pros

September 12, 2020

I need a special quaternion to euler function

Truthfully it isn't really that special, but it is a bit cancerous as I only have atan() and not atan2()...
What's special about it is every other function I see seems to be intrinsic with 1 axis needing a sqrt() to manage singularities,
where what I'm looking to achieve is an extrinsic function that shouldn't have to care about singularities.

If it helps with anything, converting to mtx33 before euler might help in singularity management, as mtx33 is extrinsic by default.
(I've just recently learned a mtx33 was just an over-glorified semi-scalar NBT vector)

I'm not a mathematician though, so I'm not sure how much help that'll actually be...
but I AM certain the output code can be done without the need of managing singularities:

atan2(x,y),
atan2(x,y),
atan2(x,y)

instead of:

atan2(x,y),      # X pitch
atan2(x,sqrt()), # Y yaw
atan2(x,y)       # Z roll

as this causes 1 axis (yaw in this case) to lock up and not move >90 degrees without intrinsic measures applied to X and Z.

Also yes, I'm just using atan2 as an example here as I actually can't use it in what I'm doing...

There actually isn't a tag for what I'm doing as while it involves XML, it's actually somewhat C-like,
so in this case I'm requesting python just because it's easier to follow. :P

I can translate that to this:

<eval expr="eulerX = atan(Y/X)" display_error="false" display_result="false" comment=""/>

+1 if you actually know what I'm working with (irrelevant)

Is there anything that would fit what I need??

January 7, 2020

Suggestion: collapsible hierarchical comments on posts.

This actually started (in a convo with Dani) as a simple idea of just upvoting comments made to posts, buuut I quickly got ideas for turning comments into a sort-of Reddit-style thread system, where comments could be collapsed so the original general idea of the forum thread could be viewed.

I'd also suggested a user display setting to collapse comment threads by default, but Dani brought up a conflicting idea that if someone made a comment saying some post was wrong or something, users who collapse comments by default wouldn't see it.

personally, while this is valid, the responsibility is on the user to expand the comments on the post
but to add, a following post explaining a mistake or such should be made regardless <_<
I'm sure people wouldn't do that, but I don't believe that should be a reason of detrament for such an idea
I mean heck, StackExchange has collapsed comments, and I haven't seen many complaints there

but anyways, I just wanted to suggest for some better functionality for this place :)

August 30, 2019

Need some help with secure attribute access

So I've successfully written a metaclass that gives python the functionality of private attributes in classes.

Q: But what about inst.__private?
A:

>>> class A(object):
    __slots__ = ['__private']

    def __new__(cls):
        inst = object.__new__(cls)
        inst.__private = 10
        return inst

    def showprivate(inst):
        return inst.__private

>>> inst = A()
>>> inst.showprivate()
10
>>> inst._A__private = 20 # security through obscurity never works
>>> inst.showprivate() # sorry not private
20

With my metaclass, private attributes are inaccessible outside native and super-native namespaces:

class A(object, metaclass=privatetype):
    __slots__ = ['A']
    __private__ = ['B'] # NOTE: __slots__ is enforced for security regardless of local definition

    def __new__(cls): # native
        inst = object.__new__(cls)
        inst.B = 10 # can only be accessed here
        return inst

class B(A):
    # NOTE: __slots__ = ['B'] is not allowed
    __private__ = A.__private__ # inheritance would add insecurity
    # ^ with this we can restrict specific private attributes to superclasses

    def method(inst):
        return inst.B # or here (including further subclasses)

# NOTE: you can not add methods after class creation and expect to access private attributes.

So how does it work?
The answer is frame validation, to make sure we're in a native namespace before looking up private attributes from an external dictionary.

Since the code for this is currently written in python,
it's currently exploitable by accessing __closure__[1].cell_contents of either B.__getattribute__ or B.__setattr__ (both are the same function).
This will give you access to a mappingproxy (read-only dict) of ['attr'](inst, *val) functions,
the functions return either static values, or the result of a member_descriptor (__get__/__set__) call.

What's __closure__[0].cell_contents?
It's a frozenset (read-only set) containing native code objects the function uses to validate frame f_code objects with.
This would only be useful to a hacker if they could modify it, allowing them to add "native" functions to classes to manipulate private attributes.

So there's 2 things I want to ask here before I show the code for the metaclass.

1: is it possible to restrict access to the mappingproxy to close the final backdoor and prevent external access to manipulating private attributes??

2: I'm having an issue with super-native functions where calling a super-native while supplying the class/instance operates on super-class private attributes...

To explain this a bit further:

class A(object, metaclass=privatetype):
    __private__ = ['B']

    B = {'A':10, 'B':20} # static

    def __new__(cls):
        inst = object.__new__(cls)

        for k,v in inst.B.items():
            print( '%s = %s'%(k,v) )

        return inst

class B(A):
    __private__ = A.__private__

    B = {'A':30, 'B':40, 'C':50} # static

    def __new__(cls):
        return A.__new__(cls)

When we call inst = B() the result prints this: (hash order ignored)

A = 10
B = 20

This is because we're calling A.__new__ which has the private context of class A instead of B as expected

How can I use the context of class B without compromising security??

For the metaclass code, keep in mind this isn't final, so it's still a bit messy:

from sys import _getframe, _functools import reduce
class _c(object): __slots__=['_a']; _m=lambda i: None
mappingproxy = _c.__dict__.__class__; method = _c()._m.__class__; del _c # yeeted

getstatic = lambda value: lambda inst, *val: None if val else value # getset for static items
newtype = type.__new__
class privatetype(type):
    def __new__( typ, name, bases, NS ):
        # won't be so hacky in C
        def __getsetattr__(inst,attr,*val):
            # return typical methods from super-class (extended security for preventing access here)
            if attr == '__setattr__': return None if val else super(cls,inst).__setattr__
            if attr == '__getattribute__': return None if val else super(cls,inst).__getattribute__
            try:
                f = _getframe(1)
                return privateattrs[attr](inst,*val) if f.f_code in nativecodes else( # getset private attribute
                    super(cls,inst).__setattr__(attr,*val) if val else super(cls,inst).__getattribute__(attr) ) # normal attribute
            finally: del f
        NS['__getattribute__'] = NS['__setattr__'] = __getsetattr__
        oldslots = NS.get('__slots__',frozenset()) # backup

        # check for subclass globalization of private attributes
        superprivateslots = reduce(frozenset.union, (frozenset(getattr(cls,'__private__', frozenset())) for cls in bases))
        for attr in oldslots:
            if attr in superprivateslots:
                raise AttributeError("can't make private attribute '%s' public."%attr)

        # remove private static attributes from NS
        nativecodes = { None, __getsetattr__.__code__ }; addnativecode = nativecodes.add
        privateattrs = {}
        privateslots = set(NS.get('__private__', set()))
        for privateattr in privateslots:
            if privateattr in NS: # make static
                item = NS.pop(privateattr)
                privateattrs[privateattr] = getsetstatic(item)
                addnativecode(getattr(item, '__code__', None)) # private methods are native too

        # create private members
        NS['__slots__'] = frozenset(oldslots).union(frozenset(privateslots.difference(privateattrs))) # exclude static
        cls = newtype(typ, name, bases, NS)

        # remove remaining private items and add super-natives
        for attr in dir(cls): # dir() to get ALL public items, not just cls.__dict__ local items
            item = getattr(cls,attr)
            if isinstance(item, staticmethod): item = item.__func__
            if isinstance(item, property):
                for a in ('fget','fset','fdel'): addnativecode(getattr(getattr(item,a), '__code__', None))
            else: addnativecode(getattr(item, '__code__', None))
            if attr in privateslots:
                delattr(cls, attr)
                privateattrs[attr] = method(lambda dsc, inst,*val: dsc.__set__(inst,*val) if val else dsc.__get__(inst), item) # getset method

        # freeze to prevent modification (won't be so easy to access once written in C)
        nativecodes = frozenset(nativecodes)
        privateattrs = mappingproxy(privateattrs) # not sure why this isn't builtin
        # note that private mutable objects can still be modified

        cls.__slots__ = oldslots
        return cls

No I will not follow PEP8, I'm sorry if you're offended.

July 24, 2019

Interesting behavior using ‘base’ as a slots string

class foo(object):
    __slots__ = ['__base__']

What's expected is for foo.__base__ to be a member_descriptor object
but instead what you get is:

>>> foo.__base__
<class 'object'>
>>> foo.__base__ is object
True

I guess something happens within the magic of class construction that makes use of __base__ as an object.

I stumbled across this because my particular class represented by foo makes use of __base__ for holding objects foo makes special instances of when called.

Just something interesting to note here, and possibly some useful knowledge so others can know to stay away from '__base__' as a class attr name.