Closed burgerga closed 6 years ago
burgerga
commented
6 years ago By the way, you can see how it fails by checking my travis logs: https://travis-ci.org/burgerga/phaseR/builds/413722936
Edit: apparently some other examples (eg 11, 12) are also affected
mjg211
commented
6 years ago Hi Gerhard,
Thanks! Will add them and give the package a quick check over and get a new version on CRAN for you 😊
The drawManifolds thing is likely a consequence of some of the changes I made to help someone who contacted me about adding separatrices to figures. I made a quick fix for his system by switching to lsoda but it looks like this doesn’t work reliably in all cases – I will have to see if there’s something that can be done which will always work!
Best wishes,
Michael
From: Gerhard Burger notifications@github.com Reply-To: mjg211/phaseR reply@reply.github.com Date: Wednesday, 8 August 2018 at 20:23 To: mjg211/phaseR phaseR@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [mjg211/phaseR] Gerhard (#3)
Hi Michael,
I added some fixes and contributions in this pull request:
While checking the package I ran into some problems with the documentation examples for example5 and example9: lsoda seems to crash in drawManifolds. For example5 I could "solve" this by decreasing tend from 1000 to 100, but for example9 that didn't work. You have any idea what's going on?
Also, I didn't commit the updated Rd files yet, since you still might want to make some changes.
Would it be possible to get these changes to CRAN asap? I would like to use phaseR for our courses that take place early september :)
Kind regards, Gerhard
You can view, comment on, or merge this pull request online at:
https://github.com/mjg211/phaseR/pull/3
Commit Summary
File Changes
Patch Links:
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/mjg211/phaseR/pull/3, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AEVpA3E7nL-SGcvAEFhIPQ567SO60RvLks5uOzqjgaJpZM4V0hLM.
burgerga
commented
6 years ago Hi Michael,
Thanks!
Too bad there is no easy solution for the manifolds... Exposing the method parameter could work, but that is just shifting the responsibility to the end user, who might have no clue what to do (and harder to integrate into the phasePlaneAnalysis function).
But for the moment I'm fine with it, I'll just stick to examples that I know will work.
But you might have to remove the example code that fails or find a workaround, otherwise it will not be accepted by CRAN :(
Kind regards, Gerhard
burgerga
commented
6 years ago Ok, seems reducing the tend for example9 even further works, together with the updated documentation it passes the CRAN checks. Maybe you could change the default tend for drawManifolds (or make a note about it in the documentation)
burgerga
commented
6 years ago Travis CI (passed): https://travis-ci.org/burgerga/phaseR/builds/414809157 Code coverage: https://codecov.io/gh/burgerga/phaseR/tree/gerhard/R
:smiley:
burgerga
commented
6 years ago Hi Michael,
Did you have a chance to look at it yet? The reason I'm asking is because our IT department is pretty slow :( and I need to ask them to apply the changes to the student computers when the changes are on CRAN.
mjg211
commented
6 years ago Hi Gerhard,
Apologies it took me a while; just submitted a new version to CRAN. Thanks for your help! Let me know if you run in to any problems…
Have you got any major additional ideas for what else could be added? A shiny app is probably top of my to do list now.
Best wishes,
Michael
From: Gerhard Burger notifications@github.com Reply-To: mjg211/phaseR reply@reply.github.com Date: Monday, 20 August 2018 at 12:14 To: mjg211/phaseR phaseR@noreply.github.com Cc: Michael J Grayling mjg211@cam.ac.uk, Comment comment@noreply.github.com Subject: Re: [mjg211/phaseR] Add alternative ODE formulation to rest of the functions + small fixes (#3)
Hi Michael,
Did you have a chance to look at it yet? The reason I'm asking is because our IT department is pretty slow :( and I need to ask them to apply the changes to the student computers when the changes are on CRAN.
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/mjg211/phaseR/pull/3#issuecomment-414281228, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AEVpA1WUU085t4L4wore3vNUtgx0aiLCks5uSpoNgaJpZM4V0hLM.
burgerga
commented
6 years ago Hi Michael,
Thanks, will do! At the moment I can't think of anything, I really like the phasePlaneAnalysis function so I see the appeal of a Shiny app (it can be a lot of work though :wink: ).
Kind regards, Gerhard
DivadNojnarg
commented
6 years ago Hi Michael, Hi Burgerga,
long time ago, I initiated a shiny app for phaseR (as well as grindR and pplaneR, other phase plane engines) because I had a course to give: https://github.com/DivadNojnarg/Model_Reader_App and the working demo: http://130.60.24.205/Model_Reader/
But I didn't find time to finish its development. If you don't want to start from scratch... but some parts would need some refreshment.
Moreover, you might find useful to use: https://github.com/DivadNojnarg/shinydashboardPlus or https://github.com/DivadNojnarg/bs4Dash
to create a better dashboard than that I used here, in few time.
Cheers
David
mjg211
commented
6 years ago Hi Divad,
This is great! Once I find the time I will definitely start putting together a Shiny app.
Quick question, are you aware of a way around the potential for hazardous code to be entered in to the model specification window (e.g., code that would try to deliberately crash the app). The risk is obviously tiny, but I was told at one point this would be an issue for departmental hosting.
Best wishes,
Michael
From: Divad Nojnarg notifications@github.com Reply-To: mjg211/phaseR reply@reply.github.com Date: Friday, 24 August 2018 at 17:32 To: mjg211/phaseR phaseR@noreply.github.com Cc: Michael J Grayling mjg211@cam.ac.uk, State change state_change@noreply.github.com Subject: Re: [mjg211/phaseR] Add alternative ODE formulation to rest of the functions + small fixes (#3)
Hi Michael, Hi Burgerga,
long time ago, I initiated a shiny app for phaseR (as well as grindR and pplaneR, other phase plane engines) because I had a course to give: https://github.com/DivadNojnarg/Model_Reader_App and the working demo: http://130.60.24.205/Model_Reader/
But I didn't find time to finish its development. If you don't want to start from scratch... but some parts would need some refreshment.
Moreover, you might find useful to use: https://github.com/DivadNojnarg/shinydashboardPlus or https://github.com/DivadNojnarg/bs4Dash
to create a better dashboard than that I used here, in few time.
Cheers
David
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHubhttps://github.com/mjg211/phaseR/pull/3#issuecomment-415812477, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AEVpA_1E9Eocn3fvuAfDvZTp8RlIwBapks5uUCqEgaJpZM4V0hLM.
burgerga
commented
6 years ago Quick question, are you aware of a way around the potential for hazardous code to be entered in to the model specification window (e.g., code that would try to deliberately crash the app).
Good point, that would be really hard I guess... One solution would be to allow users to construct ODE's using predefined building blocks, but that is a nightmare to code :(
@DivadNojnarg This is by the way the sessionInfo() for the server your shiny app is running on, just to show that you can execute arbitrary code (https://en.wikipedia.org/wiki/Arbitrary_code_execution) which is quite a big security vulnaribility
R version 3.4.4 (2018-03-15)
Platform: x86_64-pc-linux-gnu (64-bit)
Running under: Ubuntu 14.04.5 LTS
Matrix products: default
BLAS: /usr/lib/libblas/libblas.so.3.0
LAPACK: /usr/lib/lapack/liblapack.so.3.0
locale:
[1] LC_CTYPE=en_US.UTF-8 LC_NUMERIC=C
[3] LC_TIME=en_US.UTF-8 LC_COLLATE=en_US.UTF-8
[5] LC_MONETARY=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8
[7] LC_PAPER=en_US.UTF-8 LC_NAME=C
[9] LC_ADDRESS=C LC_TELEPHONE=C
[11] LC_MEASUREMENT=en_US.UTF-8 LC_IDENTIFICATION=C
attached base packages:
[1] stats graphics grDevices utils datasets methods base
other attached packages:
[1] httr_1.3.1 shinyFeedback_0.0.4 purrr_0.2.5
[4] DT_0.4 bsplus_0.1.1 ygdashboard_0.5.1.9000
[7] shinyWidgets_0.4.3.900 shinycssloaders_0.2.0 shinyAce_0.3.1
[10] shinyjs_1.0 shinyBS_0.61 shinythemes_1.1.1
[13] stringr_1.3.1 phaseR_2.0 rootSolve_1.7
[16] deSolve_1.21 plotly_4.7.1 ggplot2_2.2.1.9000
[19] shiny_1.1.0
loaded via a namespace (and not attached):
[1] Rcpp_0.12.17 pillar_1.2.3 compiler_3.4.4 later_0.7.3
[5] plyr_1.8.4 bindr_0.1.1 tools_3.4.4 digest_0.6.15
[9] lubridate_1.7.4 jsonlite_1.5 tibble_1.4.2 gtable_0.2.0
[13] viridisLite_0.3.0 pkgconfig_2.0.1 rlang_0.2.1 crosstalk_1.0.0
[17] curl_3.2 yaml_2.1.19 bindrcpp_0.2.2 dplyr_0.7.5
[21] htmlwidgets_1.2 grid_3.4.4 tidyselect_0.2.4 glue_1.2.0
[25] data.table_1.11.4 R6_2.2.2 tidyr_0.8.1 magrittr_1.5
[29] scales_0.5.0.9000 promises_1.0.1 htmltools_0.3.6 assertthat_0.2.0
[33] mime_0.5 xtable_1.8-2 colorspace_1.3-2 httpuv_1.4.4.1
[37] stringi_1.2.3 lazyeval_0.2.1 munsell_0.5.0@DivadNojnarg Slightly less innocent example, there should now be a file ~/test_github_mjg211_phaseR_rce.txt (could be in /home/ubuntu, I don't know the username that runs the shiny app), to show you really almost anything is possible, so actually I would advise to take it offline (sorry)
DivadNojnarg
commented
6 years ago @burgerga: Yes I know that the shinyAce editor should be used carefully.
"Security Note As with any online application, it is a genuinely bad idea to allow arbitrary users to execute code on your server. The above examples show such an environment in which arbitrary R code is being executed on a remote machine. In a trusted environment (such as after authenticating a user or on a network protected by a firewall), this may not be a terrible idea; on a public server without authentication, it most certainly is. So please use the above examples with caution, realizing that without proper security checks in place, allowing unknown users to execute arbitrary R code would make it trivial for an attacker to compromise your server or steal your private data."
I have a second app where you have predefined blocks of equations that you can multiply, add, divide, ... which is less straightforward to code, as you mentioned, but widely more secure since you cannot enter any code. I am not satisfied by this approach since it is too limited. What I did during the course was to provide the code so that students run it locally.
I am not an expert about that kind of stuff but you can find a lot of online code editors (on datacamp for instance or here https://www.onlinegdb.com/online_c_compiler).
Hi Michael,
I added some fixes and contributions in this pull request:
addparam in phasePlaneAnalysis functionWhile checking the package I ran into some problems with the documentation examples for
example5andexample9: lsoda seems to crash indrawManifolds. For example5 I could "solve" this by decreasingtendfrom 1000 to 100, but for example9 that didn't work. You have any idea what's going on?Also, I didn't commit the updated Rd files yet, since you still might want to make some changes.
Would it be possible to get these changes to CRAN asap? I would like to use phaseR for our courses that take place early september :)
Kind regards, Gerhard