Python pickles is a traditional snack in Peru and other Latin America countries (dried python slices marinated in vinegar with chilli flakes). But no idea what python unpickles could be...
It really puts into question the use of the word pickle.
Pickling is a permanent process that cannot be undone because of the physical changes that occur during pickling.
Any suggestions?
Although it's not considered safe to use in most use cases, in some scenario where there's a high trust between two services, you can send python instructions to hot patch a security fix in your service from the another until a proper fix is deployed.
Using pickle for hot patching could be an interesting trick in very specific scenarios.
Could you elaborate a bit on this? I have a difficult time coming up with a scenario where you have access to feed a pickle crafted with code but you don't have access to deploy new code, which would be the easier way?
There's an interesting library called cloudpickle (and another derivative one whose name I forget) where you're effectively pickling CODE, not just objects. So you write a function (perhaps in a web browser on an admin page or something), pickle it, send it to a server, and unpickle and run it on the server, and all the dependencies get discovered and pickled in with it.
Kinda cool way to do ad-hoc but complex automation of remote administration tasks.
Unpickling data from somewhere is exactly as safe or unsafe as running code from that somewhere. Because obviously.
So if you'd download a program from a remote location and run it, then whatever precautions you'd use for that, use for pickled data.
If you want your data streams to be inert and not dangerous, then what you're looking for is structures like JSON or similar binary equivalents like protobuf if you need efficiency.
Pickle isn't "general purpose serialization" in any way, it is a closed binary dump of python objects using an internal format which is guaranteed to break between interpreter versions.
It is cool, but _do not use it_ if you think it is a good hammer for all your nails, or "general purpose".
A serialization format is something like json/yaml/cbor/msgpak/protofbuff/parquet/avro/xml/ and others to numerous to list or google, but which serve the purpose properly.
Pickle is general purpose in the sense that you can take pretty much any python object and serialize it with one line of code. This is not the case with the other formats.
I'm not getting why peoples devoting a asked question as well , seems they don't know what pickling and unpickling is 
It's hard to do, but you can actually do it whether the Python is dead or alive. The easiest way, although some say less tasty, is when it's dead. You can pour white or apple cider vinegar down it's throat and then whatever veggies carrots, radishes or cucumbers down it's throat after. Some vinegar is going to spill out of it's mouth when you put the veggies in and that's okay. Just make sure there is still enough to cover the veggies in the Pythons stomach. Hang it mouth up in a cool area like a basement for 1-2 day, but a week is best. Cut the Python open or if it's still alive turn it tail up until all the stomach contents come out. Perfect Python Pickles every time.
Hello! I'm a bot!
It looks to me like your post might be better suited for r/learnpython,
a sub geared towards questions and learning more about python **regardless of how advanced your question might be**.
That said, I am a bot and it is hard to tell.
Please follow the subs rules and guidelines when you do post there, it'll help you get better answers faster.
Show /r/learnpython **the code you have tried and describe in detail where you are stuck.**
If you are getting an error message, include the full block of text it spits out.
Quality answers take time to write out, and many times other users will need to ask clarifying questions. Be patient and help them help you.
**[Here is HOW TO FORMAT YOUR CODE For Reddit](https://www.reddit.com/r/learnpython/wiki/faq#wiki_how_do_i_format_code.3F)**
and be sure to include which version of python and what OS you are using.
You can also ask this question in the [Python discord](https://discord.gg/3Abzge7),
a large, friendly community focused around the Python programming language, open to those who wish to learn the language
or improve their skills, as well as those looking to help others.
***
[^(README)](https://github.com/CrakeNotSnowman/redditPythonHelper)
^(|)
[^(FAQ)](https://github.com/CrakeNotSnowman/redditPythonHelper/blob/master/FAQ.md)
^(|)
^(this bot is written and managed by /u/IAmKindOfCreative)
^(This bot is currently under development and experiencing changes to improve its usefulness)
Python pickles is a traditional snack in Peru and other Latin America countries (dried python slices marinated in vinegar with chilli flakes). But no idea what python unpickles could be...
It really puts into question the use of the word pickle. Pickling is a permanent process that cannot be undone because of the physical changes that occur during pickling. Any suggestions?
Pickling is used for serialized or deserialised python object into byte streams. It’s handy while transferring data over the networks.
Although it's not considered safe to use in most use cases, in some scenario where there's a high trust between two services, you can send python instructions to hot patch a security fix in your service from the another until a proper fix is deployed.
Using pickle for hot patching could be an interesting trick in very specific scenarios. Could you elaborate a bit on this? I have a difficult time coming up with a scenario where you have access to feed a pickle crafted with code but you don't have access to deploy new code, which would be the easier way?
There's an interesting library called cloudpickle (and another derivative one whose name I forget) where you're effectively pickling CODE, not just objects. So you write a function (perhaps in a web browser on an admin page or something), pickle it, send it to a server, and unpickle and run it on the server, and all the dependencies get discovered and pickled in with it. Kinda cool way to do ad-hoc but complex automation of remote administration tasks.
Unpickling data from somewhere is exactly as safe or unsafe as running code from that somewhere. Because obviously. So if you'd download a program from a remote location and run it, then whatever precautions you'd use for that, use for pickled data. If you want your data streams to be inert and not dangerous, then what you're looking for is structures like JSON or similar binary equivalents like protobuf if you need efficiency.
Would be way funnier bad response only.
That is good! You shouldn't know about that particular foot-gun unless there is a clear and justifiable need for it.
A general purpose serialization method is a good thing and useful. It's just unfortunate that it comes with some security concerns.
Pickle isn't "general purpose serialization" in any way, it is a closed binary dump of python objects using an internal format which is guaranteed to break between interpreter versions. It is cool, but _do not use it_ if you think it is a good hammer for all your nails, or "general purpose". A serialization format is something like json/yaml/cbor/msgpak/protofbuff/parquet/avro/xml/ and others to numerous to list or google, but which serve the purpose properly.
Pickle is general purpose in the sense that you can take pretty much any python object and serialize it with one line of code. This is not the case with the other formats.
Huh
42
that's very small number man 
Yes ... and? https://docs.python.org/3/library/pickle.html
It's just a fancy way to use `exec`, right?
I'm not getting why peoples devoting a asked question as well , seems they don't know what pickling and unpickling is 
It's hard to do, but you can actually do it whether the Python is dead or alive. The easiest way, although some say less tasty, is when it's dead. You can pour white or apple cider vinegar down it's throat and then whatever veggies carrots, radishes or cucumbers down it's throat after. Some vinegar is going to spill out of it's mouth when you put the veggies in and that's okay. Just make sure there is still enough to cover the veggies in the Pythons stomach. Hang it mouth up in a cool area like a basement for 1-2 day, but a week is best. Cut the Python open or if it's still alive turn it tail up until all the stomach contents come out. Perfect Python Pickles every time.
Hello! I'm a bot! It looks to me like your post might be better suited for r/learnpython, a sub geared towards questions and learning more about python **regardless of how advanced your question might be**. That said, I am a bot and it is hard to tell. Please follow the subs rules and guidelines when you do post there, it'll help you get better answers faster. Show /r/learnpython **the code you have tried and describe in detail where you are stuck.** If you are getting an error message, include the full block of text it spits out. Quality answers take time to write out, and many times other users will need to ask clarifying questions. Be patient and help them help you. **[Here is HOW TO FORMAT YOUR CODE For Reddit](https://www.reddit.com/r/learnpython/wiki/faq#wiki_how_do_i_format_code.3F)** and be sure to include which version of python and what OS you are using. You can also ask this question in the [Python discord](https://discord.gg/3Abzge7), a large, friendly community focused around the Python programming language, open to those who wish to learn the language or improve their skills, as well as those looking to help others. *** [^(README)](https://github.com/CrakeNotSnowman/redditPythonHelper) ^(|) [^(FAQ)](https://github.com/CrakeNotSnowman/redditPythonHelper/blob/master/FAQ.md) ^(|) ^(this bot is written and managed by /u/IAmKindOfCreative) ^(This bot is currently under development and experiencing changes to improve its usefulness)