freenode/#lisp - IRC Chatlog
Search
12:03:12
splittist
margaritamike: not really, no. This is one of the benefits of First-Class Global Environments that is (kinda) part of the SICL project.
12:07:24
splittist
The wikipedia definition seems to make clear that this is an OS concern (where the jvm and clr and os-a-likes).
12:13:50
splittist
margaritamike: I think it goes like this. A CL image contains an evaluator and a compiler (EVAL and COMPILE). The compiler is necessary for important parts of the system - like CLOS - to operate, so you can't just rip it out. If the untrusted user has access to the compiler, then they can (eventually) do anything, regardless of what you have taken out of the environment to begin with.
12:14:49
splittist
Having multiple First Class Global Environments would allow the system to have access to COMPILE (and co) - via one environment - while not allowing the untrusted user to have access - via another environment.
12:18:06
margaritamike
You can't do something like say this lisp program can't write to file or use sockets in a security file?
12:20:06
splittist
As I said - that's an OS thing. Perhaps ABCL would work with the the java stuff. Otherwise, use a vast network of containers like everyone does for everything these days (:
12:25:56
margaritamike
Say you've set your restrictions in Java and you add in a dependency that uses java.net.SocketPermission whereas that was previously restricted
12:27:25
margaritamike
It would be good to catch that with a security policy before it has a change to execute during runtime or whatever
12:32:38
margaritamike
You have a lisp library you bring in from ql:quickload. Unknowingly, it does something malicious
12:33:11
margaritamike
You don't have the time, and probably not the skill either, to read and understand every line of code from the library
12:34:29
margaritamike
Until you read every line of the library's code or notice something strange one day?
12:39:30
splittist
How could it be any other way? You are including source code. You are basically asking someone else to type your program.
12:39:48
dim
you need capabilities for this kind of security, and you give capabilities to programs, with a very restricted default set
12:40:13
dim
also read this famous “Trusting Trust” paper from Thompson from back in the days, still relevant today
12:44:03
splittist
Common Lisp the language obviously can't do this, since it is a systems issue. Secure Common Lisp, which keeps track of which code comes from which set of source files and provides fine-grained access control to OS and other program resources based on this tracking.
13:50:48
Jachy
I wish for everyone who read the "trusting trust" paer they'd also read the newer "fully countering trusting trust through diverse double-compiling" paper.
13:53:06
lieven
nowadays you also need to worry about the backdoors to the CPU and the motherboard chipset
14:08:23
lieven
ebrasca: it's hard to prove anything backdoor free without checking the cpu wafer with an electron microscope to see if it conforms to the chip design and then verify your way up :)
14:09:44
lieven
and I guess, pace trusting trust, you would have to verify the working of the electron miscroscope too
14:17:38
xsperry
how can I get natural sort order in cl? is there a built-in for this, or do I have to write it myself?
14:20:54
beach
xsperry: You probably need to write it yourself. It doesn't look very "natural" to me.
14:27:53
nirved
xsperry: maybe you should first search for it? https://stackoverflow.com/questions/27307660/how-to-implement-natural-sort-in-common-lisp
14:29:35
xsperry
sometimes it takes 10 seconds. other times, you can't find what you want in 10 hours
14:30:32
xsperry
10 second searches often don't lead to correct code, btw. for all I knew, maybe alexandria or similar library already has battle tested version
15:37:33
dlowe
Prototyping is when you create a test for an idea with the idea that you will throw it away once it answers your question.
15:41:19
pfdietz
And then management says "don't throw that away, turn it into a shipping product. How hard could that be?" And the pain starts.
15:45:00
flip214
so it's a good idea to prototype in Lisp, so that turning it into a products isn't as painful as in other Languages[sic] ;)
15:55:22
trafaret1
Are there peple who develop lisp programm which automatically write code on another languages?
15:57:23
pfdietz
Althoughthere's a larger market for reverse engineering. For foward engineering, there's barriers to adding unproven and immature tools to the build process.
16:35:33
beach
pfdietz: Am I understanding it correctly that you are referring to some hypothetical Lisp program as such an unproven and immature tool?
16:36:48
verisimilitude
To address what you wrote, margaritamike, I do audit libraries before I use them. I consider anything else foolhardy.
16:43:38
dlowe
ebrasca: lisp arrays are pretty bad for this. Have you tried using alien structure definitions over a mmaped block?
16:45:42
pfdietz
code generation is bad if the generated code has to be maintained by itself, and is at all obfuscated.
16:47:03
pfdietz
If the code generator is kept as part of a build process it has to be integrated with it, which is expensive.
17:11:37
Bike
If a class has a slot with an initform, there's no way to specify in the definition of a subclass that its version of that slot shouldn't have an initform (i.e. should be left unbound), is there?
17:13:02
easye
For Minecraft, I guess I can go with one of the History categories since it involves summarizing a fair amount of oral culture around decompiling the "open" server jar.
17:53:01
fiddlerwoaroof
Bike: wouldn't that violate the expectation that a subclass can be used anywhere a superclass can?
17:53:25
fiddlerwoaroof
i.e. now code that would never throw a slot-unbound error with the base class now will throw one
17:59:18
fiddlerwoaroof
I don't know if anoyone else needs this, but I've been working on a protocol for interacting with event loops
17:59:38
fiddlerwoaroof
This meets my current needs: https://github.com/fiddlerwoaroof/fwoar-event-loop/blob/master/event-loop.lisp
18:00:21
fiddlerwoaroof
I had a slackbot I wrote with cl-async but I was having issues running it on my deployment target because it was too much trouble to get the C dependencies working
18:24:02
Bike
fiddlerwoaroof: that's violated anyway, e.g. if a subclass has a tighter type restriction for a slot.
18:27:49
fiddlerwoaroof
I feel that using things like slot-makunbound is one of those situations where, if something breaks, you get to keep both pieces.
18:28:54
Bike
well i just mean that having an initform doesn't mean that a slot is necessarily always bound.
19:38:39
imjacobclark
Could somebody point me in the right direction onto how I can send data back from sb-bsd-sockets:socket-make-stream (e.g a string of html)? I have this code but when I try to use socket-send I get a socket closed error - https://github.com/imjacobclark/cl-server/blob/master/server.lisp#L19-L20
19:48:51
imjacobclark
yes, id like to look at the http header, essentially - then eventually do a cond and return a different response for different requests
19:49:00
imjacobclark
for now though, i guess just printing the headers and returning a single response would beok
19:49:59
imjacobclark
So, the code in the gist right now allows me to accept a connection (via a browser) and it prints " ET / HTTP/1.1
19:51:05
imjacobclark
there is a very high chance im misunderstanding or missing something - ive strung what i have together by searching github - a lot for examples and some sbcl docs
19:53:26
imjacobclark
it does indeed return the http headers, thats fine - but i want to understand how to send a response back to the client
19:57:25
imjacobclark
(loop (with-open-stream (stream (stream-connection socket)) (print (read-line stream))))
19:58:37
imjacobclark
okay, so " (loop (with-open-stream (stream (stream-connection socket)) (write-string "test" stream) (finish-output stream)))"
19:59:38
aeth
The alternative style is to rebind *standard-output* to your destination stream. I prefer explicitly passing the stream, though.
20:01:05
imjacobclark
[clarkj84:~/Desktop/cl-server]$ curl localhost:8080 (master✱) curl: (52) Empty reply from server
20:01:27
imjacobclark
The new code I added being here: https://github.com/imjacobclark/cl-server/blob/master/server.lisp#L28-L37
20:04:53
imjacobclark
yeah, nc connects to the server and I get "Connection to localhost port 8080 [udp/http-alt] succeeded!" - but no response - im expecting it to return "test"
20:07:06
imjacobclark
i guess all i need to do next is format that response to something curl or chrome can understand
20:51:17
imjacobclark
i have another question, about streams - im reading a socket stream line by line, it works fine, but the while in my loop never seems to trigger, hanging the entire program - what could that be? https://github.com/imjacobclark/cl-server/blob/master/server.lisp#L31
20:56:54
no-defun-allowed
Implementations could only allow for a fairly small apply list. I forgot the number though, maybe it was around 50.
21:00:15
no-defun-allowed
That's true, the &rest list is passed as plain conses so it could optimise for that.
21:00:51
Duns_Scrotus
i mean if its just passing a literal list how would it even limit the number of arguments
21:04:26
no-defun-allowed
A very naive intepreter would take the argument list, eval every item in the list, then find the function, destructure the list and evaluate the lambda body with the xestructured values.
21:05:27
no-defun-allowed
*destructured. This is truly the worst case, and this could have been an issue in the 80s with very expensive memory.
21:53:24
no-defun-allowed
They are also moving to chez scheme, which is faster than their C backend iirc.
22:41:19
aeth
LdBeth: Ruby's the slowest here, and Racket is comparable to Julia, a bit slower. SBCL is, of course, faster, but its relative position seems to have been slipping. It might slip off of the bottom graph soon, like Haskell has. https://benchmarksgame-team.pages.debian.net/benchmarksgame/which-programs-are-fast.html
22:41:50
aeth
Oh, sorry, it has two Ruby's now and one of them isn't the slowest, but is still pretty slow.
22:42:17
aeth
Duns_Scrotus: The benchmarks game is awful for specific numbers, but it does imo help suggest "performance classes" of languages
22:43:10
aeth
Intuitively, Ruby's main implementation is going to be slower than SBCL (or even Racket) just based on how they're written.
22:51:26
Duns_Scrotus
his racket brainfuck interpreter grows the array by allocating a new array exactly one bigger
22:53:08
aeth
Brainfuck itself isn't particularly designed to be efficient. It's designed to be easy to implement. And in some languages the easy route is going to be slower than others.
22:53:47
Duns_Scrotus
but for mandel.b, which presumably grows the tape a lot, it is indeed very slow
22:54:18
aeth
I mean, clearly the solution is to implement it in the hardware with a Brainfuck Machine.
22:59:17
Duns_Scrotus
https://github.com/kostya/benchmarks/blob/master/brainfuck2/bf.rkt why did he write it like this