freenode/#lisp - IRC Chatlog
Search
21:24:18
dlowe
I think "language implementations provide a lower bound on performance that can only be roughly estimated" as about as specific as one can say
21:56:31
White_Flame
aeth: or a compiler could be taught that fixed-size integers larger than fixnum could be optimized
23:19:50
hjudt
Xach: have you considered for quicklisp using ql-http only for initial setup and once setup load some other system like drakma or dexador and use that for doing https?
23:25:10
jmercouris
hjudt: having http anywhere is an issue, it has to be https from the very beginning or nothing, ql could come WITH drakma
23:25:34
jmercouris
instead of loading drakma, bundle it into the QL codebase, however heavy and clunky that would be
23:28:19
hjudt
jmercouris: one could use some stripped down version perhaps, but that's probably still missing the cl-ssl stuff or whatever is needed.
23:35:38
zigpaw
I think lack of embedded https (so using http), at least for bootstrapping is not an issue if ql would come with checksums for those libraries needed for ssl that it would pull in while installing. On the other hand, embedding everything might be just easier.
23:42:03
zigpaw
I think I don't follow, what checksums the attacker? if he can alter the hardcoded checksum inside ql bootstrapping code he can already change anything.
23:43:06
Xach
I have a setup that is nearly ready to be deployed that works like this: download bootstrap via https, bootstrap code verifies fetched client code via openpgp, client code verifies indexes via openpgp, indexes include digests to verify further downloads.
23:48:20
zigpaw
As long as someone can curl/wget the bootstrap code via https, openpgp is even an overkill in my opinion. So congratulations :-)
23:57:29
zigpaw
they always should relay on pulling bootstrap code via https (or indirectly via https from linux/bsd distro package manager), or users should verify checksums manually - which they never do.
0:00:28
zigpaw
a separate problem of sorts, esp. with the history of computer vendors adding their own to the chain, etc. (not applicable to linux/bsd but still)
9:10:20
no-defun-allowed
might be a good time to remind people that despite the clhs being quite restrictively copyrighted you can download the CLHS for personal use, and it's only about 15MB including crappy GIF images and all 2300 HTML files
9:11:38
no-defun-allowed
it's 2mb in the targz you get from lispworks so you can do it any time you're bored or have a minute where you're thinking "what language documentation should i download today?"
9:13:43
jackdaniel
here is even better version which is not copyrighted: http://cvberry.com/tech_writings/notes/common_lisp_standard_draft.html
9:14:27
jackdaniel
you may build your own standard draft, change it, annotated it and put it on the website (also use as a pdf with bookmarks - much better to navigate than clhs directly if you ask me, I'm still sold to l1sp.org though)