Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This repository provides the Blis linear algebra routines as a self-contained Python C-extension.
Currently, we only supports single-threaded execution, as this is actually best for our workloads (ML inference).
You can install the package via pip, first making sure that pip
, setuptools
,
and wheel
are up-to-date:
pip install -U pip setuptools wheel
pip install blis
Wheels should be available, so installation should be fast. If you want to install from source and you're on Windows, you'll need to install LLVM.
The provided wheels should work on x86_64 and osx/arm64 architectures.
Unfortunately we do not currently know a way to provide different wheels for
alternative architectures, and we cannot provide a single binary that works
everywhere. So if the wheel doesn't work for your CPU, you'll need to specify
source distribution, and tell Blis your CPU architecture using the BLIS_ARCH
environment variable.
pip install spacy --no-binary blis
Provide an architecture from the supported configurations.
BLIS_ARCH="power9" pip install spacy --no-binary blis
⚠️
generic
is not optimized for any particular CPU and is extremely slow. Only recommended for testing!
BLIS_ARCH="generic" pip install spacy --no-binary blis
In order to compile Blis, cython-blis
bundles makefile scripts for specific
architectures, that are compiled by running the Blis build system and logging
the commands. We do not yet have logs for every architecture, as there are some
architectures we have not had access to.
See here for list of
architectures. For example, here's how to build support for the Intel
architecture knl
:
git clone https://github.com/explosion/cython-blis && cd cython-blis
git pull && git submodule init && git submodule update && git submodule status
python3 -m venv venv
source venv/bin/activate
pip install -U pip setuptools wheel
pip install -r requirements.txt
./bin/generate-make-jsonl linux knl
BLIS_ARCH="knl" python setup.py build_ext --inplace
BLIS_ARCH="knl" python setup.py bdist_wheel
Fingers crossed, this will build you a wheel that supports your platform. You
could then submit a PR with
the blis/_src/make/linux-knl.jsonl
and blis/_src/include/linux-knl/blis.h
files so that you can run:
BLIS_ARCH="knl" pip install --no-binary=blis
Two APIs are provided: a high-level Python API, and direct Cython access, which provides fused-type, nogil Cython bindings to the underlying Blis linear algebra library. Fused types are a simple template mechanism, allowing just a touch of compile-time generic programming:
cimport blis.cy
A = <float*>calloc(nN * nI, sizeof(float))
B = <float*>calloc(nO * nI, sizeof(float))
C = <float*>calloc(nr_b0 * nr_b1, sizeof(float))
blis.cy.gemm(blis.cy.NO_TRANSPOSE, blis.cy.NO_TRANSPOSE,
nO, nI, nN,
1.0, A, nI, 1, B, nO, 1,
1.0, C, nO, 1)
Bindings have been added as we've needed them. Please submit pull requests if the library is missing some functions you require.
To build the source package, you should run the following command:
./bin/update-vendored-source
This populates the blis/_src
folder for the various architectures, using the
flame-blis
submodule.
In order to compile the Blis sources, we use jsonl files that provide the explicit compiler flags. We build these jsonl files by running Blis's build system, and then converting the log. This avoids us having to replicate the build system within Python: we just use the jsonl to make a bunch of subprocess calls. To support a new OS/architecture combination, we have to provide the jsonl file and the header.
The Linux build files need to be produced from within the manylinux2014 Docker container, so that they will be compatible with the wheel building process.
First, install docker. Then do the following to start the container:
sudo docker run -it quay.io/pypa/manylinux2014_x86_64:latest
Once within the container, the following commands should check out the repo and build the jsonl files for the generic arch:
mkdir /usr/local/repos
cd /usr/local/repos
git clone https://github.com/explosion/cython-blis && cd cython-blis
git pull && git submodule init && git submodule update && git submodule
status
/opt/python/cp36-cp36m/bin/python -m venv env3.6
source env3.6/bin/activate
pip install -r requirements.txt
./bin/generate-make-jsonl linux generic --export
BLIS_ARCH=generic python setup.py build_ext --inplace
# N.B.: don't copy to /tmp, docker cp doesn't work from there.
cp blis/_src/include/linux-generic/blis.h /linux-generic-blis.h
cp blis/_src/make/linux-generic.jsonl /
Then from a new terminal, retrieve the two files we need out of the container:
sudo docker ps -l # Get the container ID
# When I'm in Vagrant, I need to go via cat -- but then I end up with dummy
# lines at the top and bottom. Sigh. If you don't have that problem and
# sudo docker cp just works, just copy the file.
sudo docker cp aa9d42588791:/linux-generic-blis.h - | cat > linux-generic-blis.h
sudo docker cp aa9d42588791:/linux-generic.jsonl - | cat > linux-generic.jsonl
FAQs
The Blis BLAS-like linear algebra library, as a self-contained C-extension.
We found that blis demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.