freenode/lisp - IRC Chatlog
Search
14:08:51
thijso
Jeeshh. I've just about kicked my minecraft addiction, guys. Stop talking about that in here.
14:14:43
dlowe
as part of the forge installation process, they decompile your installed minecraft back into java code and then patch annotations into it. You're intended to read the code to find out what to tweak/override.
14:21:34
tourjin
is there any preassigned style in emacs like dark mode? white screen hurts my eyes.
14:55:47
drmeister
no-defun-allowed: Please keep me up to date on your minecraft/common lisp exploration.
16:07:41
thijso
If I do a (make-instance inside of a package, I shouldn't need to fully qualify the classname, right? I'm trying to indirectly instantiate a class, by doing (let ((class (intern (format nil "~a~a" classname suffix))) and then using that to (make-instance class ..
16:08:28
thijso
But it's not working. If I print out some stuff it looks like the difference is that it works with <package>::<class> and not with just <class>
16:08:38
Bike
depends on what you mean by "inside a package". that code will create the symbol with intern, so it'll be interned in whatever *package* is in place when intern is called.
16:09:22
thijso
yeah, but it's all inside the same file which has an (in-package :bla) at the top...
16:14:46
Shinmera
you can also do `(let ((*package* #.*package*)) ...)` to bind the runtime package to the one used during compilation.
16:23:32
flip214
minion: memo for vydd: thanks, but I'd hoped to _not_ touch the individual bytes - just push the address on
18:07:18
Bike
Yes, you can take the method-function and then call it with a list of arguments and list of next methods.
20:34:21
sameerynho
hey folks, I'm using slime and swank with Emacs. When i use slime-connect to connect to swank server it just output connecting to .... and do nothing
21:09:50
jgkamat
Hey, does anyone know a library or easy method to get a super simple hackable calculator in common lisp. Eg: "1 + 3 + 4" = 8. I'm trying to eventually make a dice roller, ie: 5 + 2d4 = 5 + roll(4) + roll(4).
21:10:55
jgkamat
I would like to avoid doing any work like building a parser or whatever if possible, but ideally it would be nice to support parenthasis and subtraction and other stuff like that
21:15:48
thijso
How does CL manage class cleanup? If I have a class that contains a slot for a usocket socket, and I connect and use it, do I need to explicitly close the connection before the class instance goes away? Seems like the proper thing to do, but how? I'm looking in CLHS, but can't find anything on class instance destruction...
21:18:01
Bike
thijso: try looking at the finalizers in the trivial-garbage library, but I think you're supposed to use more reliable means
21:18:22
jgkamat
Bike: yes that would work, but ideally I would like it to be pre-packaged (ie: I wouldn't have to come up with grammars and all). If you know a good parser that's easy to use I'll take that as well
21:21:38
Bike
thijso: yes, as in, you should close the socket more explicitly than leaving it for whenever the object holding the reference to it happens to be garbage collected
21:22:31
makomo_
ralt: agreed, i miss that idiom as well -- it gets rid of the trivial cases early and prevents indentation of the general case
21:23:36
thijso
So now I have a number of 'exit' points in my class where basically processing stops and the class instance can die, having filled it's purpose. Seems like I need to sprinkle usocket:close-socket calls around those then?
21:24:19
makomo_
jgkamat: do you really need that particular syntax? you could make a sexp-based calculator, so your original expression would look something like (+ 5 (d 2 4))
21:27:56
jgkamat
I did find http://www.github.com/jech/cl-yacc/blob/master/calculator.lisp though, which will probably be my starting point unless I find something more convienent
21:45:47
no-defun-allowed
hmm, dunno, but arecord is like that, you just read samples from its stdout
21:47:44
semz
skidd0: I don't have enough experience to meaningfully recommend a SQL library, but I've used clsql in the past. If I remember correctly it follows the common Lisp (hah) theme of working with ASTs rather than strings, which means most input sanitation issues are avoided and only occur when you finally move from AST to string in a library function.
21:49:22
skidd0
i'm not sure how that avoids the SQLi issue. if you convert some input string from AST to string, can't the malicious string content make it through those transformations?
21:50:12
aeth
skidd0: I haven't generated SQL before, but I have recently generated HTML. No, the malicious string content cannot make it through the transformations as long as you use our own write-escaped-string instead of write-string or whatever
21:50:56
aeth
skidd0: The hypothetical write-escaped-string doesn't do write-string or write-line, it iterates through every character and does write-char if it's safe, and otherwise writes a string representing an escape instead of the char.
21:52:51
semz
skidd0: "if you convert some input string from AST to string" << The AST is not a string, that's the point. The input string occurs as some part of the AST
21:54:10
aeth
And if the AST contains strings, then those strings are the only danger points (unless you e.g. convert symbols to strings automatically) so you just write your own write-string
21:55:02
skidd0
semz: the 'input string' was, at some point, a string. then it got put into the AST, then somehow back out to string for the DB to hold
21:55:30
skidd0
i was confused how turning the string into data for the AST, by its nature, removed the worry of malicious input
21:55:36
jmercouris
that's the thing, what if you write (theoretical) (select "drop table;" from xyz)?
21:56:40
jmercouris
I would suggest pick up SXQL and see if you can generate some malicious statements
21:57:03
semz
whereas otherwise you have people munging strings everywhere and haphazardly escaping this and that
22:00:26
semz
Let's take the example from above: If you represent the query as, say, `(select ,user-input from xyz) , then no matter what user-input is, as long as the conversion to a query string happens through the (escaping) library function, there is no injection issue.
22:01:00
semz
And since the conversion to a string must happen somewhere (ideally inside the lib), you only get injection issues if you go really out of your way to introduce them
22:01:47
skidd0
and yet, i'm no closer to a simple escaping/sanitization library unless i want to write my own
22:16:38
ralt
https://sites.google.com/site/sabraonthehill/postmodern-examples/postmodern-parametized-statements
22:19:22
skidd0
i like it as well. but sadly my current task requires interacting with an MS SQL Server DB
22:20:18
thijso
ralt: with-connected-socket is probably smarter, but my calls to usocket are spread over multiple methods. Maybe I should rethink and not bother about reusing sockets for replies. It is UDP after all.
22:20:54
ralt
thijso: it sounds like you want to have a (defmethod close ()) on your class, and then have a (with-my-object ()) that handles opening/closing of the socket
22:22:12
ralt
thijso: or you just pass a connected socket to your class, and handle its lifecycle out of your class
22:24:47
thijso
Ah, thanks ralt, that's helpful. I'll have to rethink some stuff I see. But that's for tomorrow.
22:25:47
thijso
And, regarding the escaping discussion: I concur: let the db do it. mysql has a function (`quote` I think?) that does it for you correctly.
22:48:56
ralt
skidd0: looks like plain-odbc supports parametized statements just fine (exec-query *con* "select * from test1 where x = ?" 1)
22:51:09
ralt
if an attacker wants to store <script>alert('I eat your cookies!')</script> in the db, let him
22:54:41
ralt
you will typically want a couple of functions like (escape-plain) (to escape all html), (escape-html) (to allow some html tags), etc
23:11:12
mrcode_
what's the right way to ensure macroexpansion inside of a macro? i'm having a problem with (defmacro macro1 (&body body) (foofn (quote ,body)) and the invocation (macro1 (other-macro args))
23:13:14
mrcode_
I was just using macroexpand on the top level macro to see what it expands to.. never thought of using it for more than debugging
23:36:23
White_Flame
mrcode: typically, you'd just do (defmacro outer (&body) `(inner ,@body)) and let the system recurse through the generated macroexpansion
23:37:04
White_Flame
if there are macros in the body, then they need to simply be in an evaluated place in the generated code