fsebugoutzone.org:9999

       Post AYVQS33RsFXcrSCSaO by craigacp@sigmoid.social
 (DIR) More posts by craigacp@sigmoid.social
 (DIR) Post #AYVLUGz4YXqms3OWWG by simon@fedi.simonwillison.net
       2023-08-08T00:49:13Z
       
       0 likes, 0 repeats
       
       Anyone got any experience with GraalPy? https://www.graalvm.org/latest/reference-manual/python/&quot;Python 3.10 compliant runtime&quot; claiming a 3-4x performance boost over cPython once the JIT has warmed upIt&#39;s under Oracle&#39;s Universal Permissive License which looks GPL-like, and apparently has OSI approval https://opensource.org/license/upl/
       
 (DIR) Post #AYVLeZIdJYaMZTS9aK by simon@fedi.simonwillison.net
       2023-08-08T00:51:03Z
       
       0 likes, 0 repeats
       
       I&#39;m interested in it primarily because it might provide a robust option for running untrusted Python code in a sandbox (still a perennial research question for me) https://www.graalvm.org/latest/security-guide/polyglot-sandbox/
       
 (DIR) Post #AYVQS33RsFXcrSCSaO by craigacp@sigmoid.social
       2023-08-08T01:44:47Z
       
       0 likes, 0 repeats
       
       @simon Depends what you want it for. It&#39;s pretty good with pure Python, but anything that requires a native library might not work unless it&#39;s had some help from the GraalPy team as it doesn&#39;t expose the same native interfaces as CPython. Some things in the ecosystem (e.g. numpy) have been fixed, and they are working on improving coverage.
       
 (DIR) Post #AYVb4z6XUekHRfqnMO by lewiscowles1986@phpc.social
       2023-08-08T03:43:49Z
       
       0 likes, 0 repeats
       
       @simon I&#39;ve used GraalVM, but not with Python (JS via now defunct https://github.com/getsandbox)I found it thoroughly weird, but then I found it can make native binaries for any Java app (so you are not requiring users to stack runtimes)- https://www.graalvm.org/latest/reference-manual/python/native-image/ - https://www.graalvm.org/latest/reference-manual/python/standalone-binaries/might be of interest if you want that.One of the trade-offs is build-time. Another might be trust, depending on who you are working with / for.Honestly, I think language embedding tends to lose most benefit
       
 (DIR) Post #AYVzEmxXtviPZdqs64 by michitux@fosstodon.org
       2023-08-08T08:14:22Z
       
       0 likes, 0 repeats
       
       @simon Reading https://www.graalvm.org/latest/security-guide/polyglot-sandbox/#compatibility-and-limitations, I&#39;m not sure sandboxing is available for Python and unless I missed something, sandboxing isn&#39;t available in the open source community edition.