freenode/lisp - IRC Chatlog
Search
8:59:14
minion
andrzejku: have a look at PCL: pcl-book: "Practical Common Lisp", an introduction to Common Lisp by Peter Seibel, available at http://www.gigamonkeys.com/book/ and in dead-tree form from Apress (as of 11 April 2005).
8:59:44
beach
shrdlu68: I would love to use some version of the GPL for my projects. Unfortunately, many Common Lisp people are against it. I suppose some of them would just like to use the software and not distribute modifications. Others just really dislike anything that has to do with Stallman and the FSF. For that reason I am using a 2-clause BSD license these days.
9:00:10
beach
andrzejku: That doesn't concern us since Common Lisp is not a "functional language" in that sense.
9:00:27
flip214
beach: AFAIU the problem with GPL (as opposed to LLGPL) is that they can't get money for standalone binaries.
9:01:19
jackdaniel
andrzejku: then here's your answer: it's not ;) question whenever its better than other languages is debatable and prone to opinions
9:03:41
shrdlu68
I guess the FSF raises issues that are too profound for most people when all they want is to share some code.
9:03:46
jackdaniel
I can see merit in that, I'm listening about all the new law proposals pushing for putting "authorized backdoors" in software, not very much encouraging for using prop binaries. but its offtopic, sorry ;)
9:09:00
jackdaniel
flip214: what kind of argument is that? "there's not point on working for change, because things are getting worse anyway (because nobody works for change)"
9:09:43
jackdaniel
or, my vote won't change *anything* – claim of 50% of society in Poland. 50% – 20 million people, if they would vote on anything, it would make a difference
9:10:01
flip214
jackdaniel: no, my point is that requiring GPL (instead of LLGPL, for example) for everything hurts the economy more than the small benefit people would have w.r.t. backdoors
9:11:24
flip214
but if someone wants the source of the software I write, I might want some more $$$ for that. (_might_, remember.)
9:12:54
White__Flame
if there are mandatory back doors, I think more users/customers will start demanding source
9:13:15
White__Flame
or maybe some sort of trusted "Consumer Reports" style service will emerge, analyzing security
13:03:49
_death
the only difference between having source code and not having source code is the amount of effort it takes to analyse the software
13:21:40
ogamita
_death: assuming the binary code is not obfuscated, which is becoming the rule for software you don't have the sources anyways.
13:23:29
ogamita
_death: cf. https://www.intertrust.com/products/application-security/code-protection/
13:23:49
ogamita
yes, just widens it to cryptographic problems, for which you need more than the lifetime of the universe. Good luck.
13:24:22
_death
ogamita: come now.. this or that product doesn't mean anything.. if it runs on your machine, it can be reversed
13:24:56
_death
ogamita: nowadays they try to use hypervisors and such.. still, the cat wins every time
13:25:38
ogamita
_death: whitecryption implements whitebox cryptography: you can watch the RAM, you can trace the execution, and you still can't get the secret keys.
13:26:34
ogamita
cf. https://scholar.google.fr/scholar?q=whitebox+cryptography+thesis&hl=en&as_sdt=0&as_vis=1&oi=scholart&sa=X&ved=0ahUKEwirreOlm-rSAhWLfhoKHQ1fB20QgQMIGjAA
13:26:50
_death
at least their marketing is somewhat honest.. "To succeed, they must crack the entire protection regime at once, which is an extremely difficult and time consuming task."
13:27:32
White__Flame
plus, if it's a decryption step, you can just let it run and later look at the output
13:28:15
iago
_death: I guess it works when the effort to reverse it, is higher than the effort to implement it from scratch
13:29:04
White__Flame
if you're a black hat, you're not interested in reimplementing, but compromising and/or spying
13:32:03
jackdaniel
i thought we were talking about practial difference? in theory program is just data
13:33:22
jackdaniel
yes, but it's hard and resource-consuming task, so saying about "the only difference" is a bit inaccurate
13:35:01
_death
I think it became much more accessible and commercialized in the last decade.. I suppose that's why I lost interest :D
13:37:51
_death
White__Flame: reverse engineering.. although my old RE skills help me greatly when I need to understand other people's code of course :)
13:38:38
jackdaniel
also regarding RE – having disassembled code isn't the same as having source code. compiler may use tricks to simplify code, but source may contain ideas lost in translation (but working accurately)
13:39:06
ogamita
Indeed. One may prefer to have a good specification document rather than source code.
13:39:08
White__Flame
I'm still building RE tech, but I'm severly disinterested in the whole cybersecurity industry, after working on some major projects and taking some contracts. Of course, I'll take a paying gig in the industry, but not pursuing it
13:39:35
ogamita
With good specs, you can usually re-implement easily on new systems or hardware. With just the code, it's often more work or economically impossible.
13:40:01
White__Flame
almost nobody understands cybersecurity, and want non-invasive turnkey products (which beltway bandits are happy to provide). it makes no sense and is too self-defeating to have any interest there
13:40:43
_death
jackdaniel: it's the reverser's job to recover that information.. and yes, some things (rationale etc.) are lost, but even with source code they're sometimes lost in the translation from thought to code
13:42:21
_death
White__Flame: to me it looks like the "cyber" buzzword was invented by governments.. and I prefer to not deal with such entities :)
13:43:56
ogamita
_death: http://paste.lisp.org/display/342086 Here you have even the "source" (obfuscated). Let's see if you can restore the original source.
13:46:19
_death
ogamita: it's just a state machine.. simple VMs like this are very old tricks and well understood
13:47:53
White__Flame
I've broken a lot of that style from .swf files; noramlly it's just a single static propagation that brings you to the "real" code, after making a bunch of pointless obfuscated jumps
13:48:30
White__Flame
obviously that pasted code involves decryption keys and traps and such, but it's generally a simple linear path
13:49:02
_death
ogamita: also in this case, much of this "obfuscation" disappears, or is lessed by just compiling it
13:49:43
_death
White__Flame: I think that code just returns which mode to use based on info.algorithm
14:00:48
_death
I remember when the army interviewed me... they asked me what I liked better, reverse engineering or programming.. I answered the latter, they were surprised (dismayed, maybe).. and programming it has been for the last decade
14:20:49
_death
ogamita: I think the first instance of source-based obfuscation I encountered was with PCBoard Programming Language (PPL) sources.. there was a simple decompiler called PPLD, but because some tool was written to obfuscate the source someone wrote another decompiler, PPLX, that also performs analysis to remove the obfuscation.. I also wrote an obfuscator then called PPLE :)
14:21:39
ogamita
Well, it's related: you would definitely use lisp to write reverse engineering tools.
14:23:58
_death
ogamita: at my previous job, some people wrote games in lua and they dumped high scores and such as lua objects (actually lua code) instead of using json or whatever.. when they moved to using unity and C# they didn't know how to read those objects... so I some minimal interpreters in lisp for the two lua implementations they used
14:24:37
_death
ogamita: later I had to write it in C# but for experimentation Lisp was great of course :).. the whole thing took a day
17:30:29
beach
You should start respecting the accepted Common Lisp style if you want to submit code for others to read.
17:35:56
nyef
Also looks like it might still behave as a program if it were compiled as C++ rather than as C?
17:48:50
nyef
Yeah, I don't know why "holy" has a long o and "holly" a short o, but that seems to be the primary difference in pronunciation.
18:05:03
nyef
Yeah, the code in the paste that you gave above, even (or especially) uncommenting the LOOP form, isn't exactly optimal in terms of declared types, and plausibly doesn't even do what you think it does.
18:36:22
didi
I don't understand the results of https://paste.debian.net/hidden/1f7b83dd . When I run the program with `'negate' I get an undefined function error, but when I run it with `#'negate', I get the result I expected, i.e. (-1 -2 -3).
18:37:29
Bike
(mapcar 'negate ...) is short for (mapcar (symbol-function 'negate) ...), and symbol-function looks up global functions only
19:20:32
borei
http://pastebin.com/uktkvHvz - can somebody take a look, am i getting maximum that i can i get, of there is more room to optimize ?
19:22:59
jackdaniel
sufficiently smart compiler™ doesn't need declaration inside lep about step and I
19:23:35
jackdaniel
if you are sure about data correctness etc, you may skip safety checks with (safety 0) – for benchmark purposes, not for production code
19:25:12
borei
without declaration for I and step i have not so good result - 12 seconds agains 4 seconds
19:58:38
circ-user-cEMst
I'm curious: Has there been any prior work for making a Lisp (say SBCL) run as a unikernel on the Xen hypervisor? (like MirageOS) Would it be a difficult task?
20:01:52
rpg_
fourier: I forget -- do you need to use "of-type" (or am I confusing that with iterate?)