freenode/#lisp - IRC Chatlog
Search
6:52:28
bhartrihari
heisig: I understand that you are trying to give solutions for individual programmers, but I think we need some support for this in quicklisp. I can put certain versions in local-projects, but I need a way to share that information with the users of my libraries, having to setup a dist for that (I don't want to push this too far but there's very less documentation on how to do that) is too burdensome.
6:58:44
fe[nl]ix
the model of npm, maven, etc... is that 1) each package has its own channel, and 2) the package author can push independently
7:00:18
fe[nl]ix
in this model, the client that fetches packages has to resolve dependencies, and it's inevitable to end up with a 3-SAT problem a.k.a. dependency hell
7:08:29
bhartrihari
I see. I should've been more precise about "pushing". I meant somebody pushing malicious code in their repo, and Xach pulling it in his dist, or ultralisp for that matter. So one is constrained to use the version of a library that was included in a certain distribution of Xach's dist? Can one choose which distribution to use?
7:10:28
bhartrihari
I would like it if there was some option to pin the version of a library. Then the continuous stream would make new versions available quickly.
7:10:46
fe[nl]ix
if you don't trust Xach, I suggest you simply fetch the sources, bundle them in your repository and review the code
7:14:49
bhartrihari
It's not my personal problem fe[nl]ix. Everybody who uses any quicklisp dist is affected by it. I was merely trying to start a discussion on evaluating what can be done on the quicklisp side of things.
7:25:44
fe[nl]ix
I first switched to pinning and flat dependencies, and just checked-in the pin file
7:26:57
fe[nl]ix
then people kept updating the pinned version every other day and causing more breakage, so I just checked-in the sources
7:34:26
bhartrihari
Maybe it works for bugs which break code in a more obvious manner. There's only so much one person can do.
7:34:54
Shinmera
bhartrihari: you can run your own dist that only publishes audited updates. That's the best anyone can do to secure against malicious injection.
7:39:24
bhartrihari
We can do that. I was wondering if being able to pin audited versions of libraries from the same dist could work better, in that it is less burdensome and doesn't fragment the efforts of the community.
7:41:14
Shinmera
the point of the dist is to provide a snapshot of the world that has some guarantees about stability. as soon as you pin only some libraries, that model breaks.
7:41:43
Shinmera
you can do that yourself, by cloning the library into local-projects at whatever you want, but you also bear the consequences of doing so.
7:43:35
phoe
bhartrihari: you can e.g. pin NAMED-READTABLES to the current, reviewed version and enjoy it working
7:44:23
bhartrihari
Okay, how about using a package from a previous publication of a world? Can one do that currently?
7:47:48
phoe
scymtym: anyway, has there been any issue created about this SBCL-related breakage you mentioned?
13:07:54
Harag
is it just me or is hash tables in sbcl 2.0.5 a lot faster than 2.0.0!!! My db test is loading 1mil records with hash-table indexes in 17 seconds where it was taking 100 seconds previously!!!
13:20:58
phoe
Harag: http://www.sbcl.org/all-news.html mentions a few hash table modifications, but mostly for EQUALP
13:46:44
Harag
if I run the tests over and over sbcl eventually gets its nickers in a not and performance goes out the window again. (event with restarts)...trying a reboot now to see if that helps
14:20:12
Harag
I tried a naive avl-tree instead of the hash-tables but it was horrible... at least the populating it was
14:36:13
Harag
pffft sbcl 2.0.5 went backward in gc ... running my test twice in a row now crashes sbcl... last night on sbcl 2.0.0 I ran the tests over and over for hours without one crash while I was trying to tweak the code
14:37:13
Harag
An mprotect call failed with ENOMEM. This probably means that the maximum amount of separate memory mappings was exceeded
14:41:11
Harag
To fix the problem, either increase the maximum with e.g. 'echo 262144 > /proc/sys/vm/max_map_count' or recompile SBCL with a larger value for GENCGC-CARD-BYTES in
14:49:10
Harag
cant find backend-parms.lisp ..grepped for GENCGC-CARD-BYTES and can only find notes about it nothing to set it
15:12:37
Harag
according to https://docs.actian.com/vector/5.0/index.html#page/User/Increase_max_map_count_Kernel_Parameter_(Linux).htm it should be 65536 if my math is right (/ 2097152 32)
16:24:53
jmercouris
there is some strange bug I can’t figure out that keeps causing our sever to crash, leading to downtime if i am not paying attention
16:25:15
jmercouris
wondering if I can just wrap everything in a condition handler and restart or something
16:33:05
phoe
jmercouris: run with --disable-debugger or an equivalent, use your BSD's init system to restart it on crash
16:36:35
phoe
it's not really a Lisp question at this point, it's a question about BSD services and their restart strategies
17:41:57
beach
Wow, that's the third person in a short time using closures instead of standard objects.
17:43:50
grayling_
Ah. Sorry. I load the project using quicklisp. But only after working on it and using slime is peek-db returning a value.
17:45:05
phoe
could you put up your code on GitHub so I can try loading the system and reproducing it?
17:45:38
Josh_2
don't worry about my previous question, I was making a mistake with my json encoding. Fixed it now
17:50:05
grayling_
If I just (asdf:load-system :aeai-pattern) I cannot use (peek-db). It returns nothing even after (get-db) being used.
18:01:05
phoe
https://github.com/hawkish/common-lisp/blob/c477637b16d91b255284289d4dad8a7cb5fc929e/pattern/src/mycin.lisp#L49
18:27:30
momozor
I checked the ASDF documentations, but I can't find anything that do something like that.
18:28:32
phoe
(defpackage #:my-package (:use :cl) (:local-nicknames (:p :cl-ppcre))) (in-package #:my-package)
18:29:43
momozor
https://lispcookbook.github.io/cl-cookbook/packages.html#give-a-package-a-local-nickname