Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
There is a docker image for running a pod (ghcr.io/bitfount/pod:stable
).
The image requires a config.yaml
file to be provided to them,
by default it will try to load it from /mount/config/config.yaml
inside the docker container.
You can provide this file easily by mounting/binding a volume to the container,
how you do this may vary depending on your platform/environment (Docker/docker-compose/ECS),
if you have any problems doing this then feel free to reach out to us.
Alternative you could copy a config file into a stopped container using docker cp.
If you're using a CSV data source then you'll also need to mount your data to the container, this will need to be mounted at the path specified in your config, for simplicity it's easiest put your config and your CSV in the same directory and then mount it to the container.
Once your container is running you will need to check the logs and complete the login step, allowing your container to authenticate with Bitfount. The process is the same as when running locally (e.g. the tutorials), except that we can't open the login page automatically for you.
Binary installers for the latest released version are available at the Python Package Index (PyPI).
pip install bitfount
If you are planning on using the bitfount
package with Jupyter Notebooks, we recommend you install the splinter package bitfount[tutorials]
which will make sure you are running compatible jupyter dependencies.
pip install 'bitfount[tutorials]'
To install bitfount
from source you need to create a python virtual environment.
In the bitfount
directory (same one where you found this file after cloning the git repo), execute:
pip install -r requirements/requirements.in
These requirements are set to permissive ranges but are not guaranteed to work for all releases, especially the latest versions. For a pinned version of these requirements which are guaranteed to work, run the following command instead:
#!/bin/bash
PYTHON_VERSION=$(python -c "import platform; print(''.join(platform.python_version_tuple()[:2]))")
pip install -r requirements/${PYTHON_VERSION}/requirements.txt
For MacOS you may also need to install libomp
:
brew install libomp
In order to run the tutorials, you also need to install the tutorial requirements:
#!/bin/bash
PYTHON_VERSION=$(python -c "import platform; print(''.join(platform.python_version_tuple()[:2]))")
pip install -r requirements/${PYTHON_VERSION}/requirements-tutorial.txt
To get started using the Bitfount package in a federated setting, we recommend
that you start with our tutorials. Run jupyter notebook
and open up the first
tutorial in the "Connecting Data & Creating Pods folder: running_a_pod.ipynb
Some simple scripts have been provided to run a Pod or Modelling job from a config file.
⚠️ If you are running from a source install (such as from
git clone
) you will need to usepython -m scripts.<script_name>
rather than usebitfount <script_name>
directly.
To run a pod:
bitfount run_pod --path_to_config_yaml=<CONFIG_FILE>
To run a modelling job:
bitfount run_modeller --path_to_config_yaml=<CONFIG_FILE>
The license for this software is available in the LICENSE
file.
This can be found in the Github Repository, as well as inside the Docker image.
FAQs
Machine Learning and Federated Learning Library.
We found that bitfount demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.