libera/#commonlisp - IRC Chatlog

Search
18:45:11 lotuseater cl-newbie: I've downloaded the html files. maybe one could convert them to .org for viewing directly in emacs?
18:47:00 _death emacs has browsers like eww and emacs-w3m
18:47:21 lotuseater ah yes ^^
18:49:02 cl-newbie-1 _death: but my guess is that is a bit inconvenient, as it won't be formatted as well as a native solution
18:49:17 nij Ah it's actually a nice tip _death .. I will from now on read CLHS using eww.
18:49:20 _death your guess is wrong, in my experience
18:49:33 cl-newbie-1 _death: :D okay let me try
18:49:46 nij It's great as CLHS is almost text?
18:50:27 _death yes.. furthermore, you can download the hyperspec and use it offline by setting common-lisp-hyperspec-root
18:54:49 _death what's true is that I've been using emacs-w3m for a long time, and for a year or so I switched to eww, but I ended up going back to emacs-w3m with clhs.. I've this code in my .emacs: https://plaster.tymoon.eu/view/2441#2441
19:15:08 MrtnDk[m] _death It doesn't mention w3m though, it does contain some out-commented code for eww, but how is that supposed to make it use w3m?
19:16:57 _death I use w3m-emacs by default
19:42:53 MrtnDk[m] _death How? I remember resorting to eww after giving up on getting w3m to work with it. Oh wait ... are you using the online version?
19:45:40 _death (setq browse-url-browser-function 'w3m-browse-url)
21:44:09 nij If I have two output streams, can I merge them together? Something like `tee` in bashism..
21:46:09 nij For example, this can be helpful when I want to see printed things in the repl, _AND_ have them logged into some files.
21:46:41 Nilby chls concatenated-stream
21:46:56 Nilby clhs concatenated-stream
21:55:25 nij Nilby: concat streams do well for input streams but not output. However, I found broadcast streams from your hint. Thanks Nilby.
21:56:16 Nilby Sorry, I guess I meant broadcast-stram.
21:58:21 nij No no it's helpful anyways!
23:42:15 harovali hi, I'm having a hard time trying to load and get along running cl-charms. Has anyone used it with ease?
23:42:22 harovali in sbcl
23:53:12 mntee ** NICK ghewighwei
23:53:20 ghewighwei ** NICK mntee
0:00:50 pjb harovali: what's your problem?
0:02:04 pjb nij: and don't forget that if CL doesn't provide you with the stream abstraction you need, you can always implement your own, using Gray Streams. See for example: https://github.com/informatimago/lisp/blob/master/clext/pipe-article-en.txt
0:38:50 nij pjb: cool tricks! Thanks :-)
1:29:38 harovali` pjb: hi Pascal. I tried twice to build and load cl-charms in two different linux machines. In both I had problems. But the second one is my attempt to have a clean start.
1:30:13 harovali` In my (second) attempt, I'm right now am having this problem loading cl-charms
1:32:42 pjb harovali`: the error seems to be muffled by quickload, Try (asdf:oos 'asdf:load-op :cl-charms)
1:40:21 Bike harovali`: grovel errors usually mean you're missing a dependency in my experience, like the curses library. running the command independently might give you a more informative error message
1:52:50 dieggsy if i'm live coding a web app with hunchentoot, what's the easiest way (is there a way?) to reload the page in browser from lisp?
1:53:09 dieggsy the workflow of make a change, switch to browser, manually reload, switch back to emacs is a bit jarring
1:53:13 dieggsy er, disruptive idk
1:57:17 waleee-cl dieggsy: if you're ok with an pre-release experience, nyxt can be controlled from emacs
1:57:18 pjb (uiop:run-program (format nil "firefox -remote 'openURL(~A)'" url)) ; in about:config set "browser.link.open_newwindow.override.external" to 1
1:57:29 pjb dieggsy: ^
1:58:44 pjb dieggsy: or (uiop:run-program (format nil "open -a Safari ~A" url)) on macOS.
1:58:54 pjb s/~A/~S/
1:59:49 dieggsy pjb: hmm, e.g. firefox -remote 'openURL(google.com)' seems to do nothing for me
2:00:03 pjb It's really a shame uiop:run-program doesn't take a separate :arguments list. ccl and clisp gave good hints about that!
2:00:12 pjb google.com is not an URL.
2:01:05 pjb the scheme is mandatory: URI = scheme:[//authority]path[?query][#fragment]
2:01:47 dieggsy pjb: hah, i appreciate pedantry as much as the next guy, but at least in the gui firefox doesn't require the scheme, but sure, let's rephrase e.g. firefox -remote 'openURL(http://google.com)' does nothing for me
2:02:25 pjb It has always worked for me when I used linux…
2:04:15 dieggsy when was this? do you know what firefox version it was?
2:13:52 waleee-cl dieggsy: what if you remove "-remote openURL(..." bit?
2:14:48 dieggsy waleee-cl: sure, you can open a new page from the command line
2:14:50 waleee-cl one of the annoying bits about firefox and chromium is that they usually re-use an already running instance
2:15:02 dieggsy but that's just spawning a new window as opposed to refreshing
2:15:29 waleee-cl wouldn't the -remote option also do that?
2:15:34 dieggsy waleee-cl: oh shit wait...
2:15:56 dieggsy waleee-cl: sweet, that actually runs in the active tab
2:16:13 dieggsy i had just assumed it would open a new window/tab. thanks, i'm an idiot
2:16:31 dieggsy i guess i've never run firefox [url] while already having an instance open before...
2:16:41 waleee-cl :)
2:17:15 dieggsy oof, that also steals focus though
2:17:19 dieggsy i'll get over it lol
2:18:00 waleee-cl tridactyl and other vim-based browser can open tabs in the background, so there must be a way to do it
2:18:55 waleee-cl s/broser/extensions/
2:19:05 dieggsy right, but the actual firefox application is already focused in that case
2:19:29 dieggsy what i meant was steals focus across programs, so i'm no longer typing in emacs lol
2:19:56 waleee-cl ah, right. That is annoying
2:21:20 waleee-cl but an issue with your window manager
2:22:53 dieggsy yeah that's fair
2:24:58 p_l dieggsy: you can try using one of the ways of embedding a web browser in emacs
2:26:13 dieggsy true
2:26:27 dieggsy been a while since i checked out the state of the xwidget browser
2:26:32 dieggsy wonder if it's been improved at all
2:30:22 p_l when I checked last year, the main issue was keybindings, and I didn't have time to resolve that
2:40:31 waleee-cl some people think it's a bug if an application doesn't do focus stealing
2:41:45 dieggsy hah
2:42:06 dieggsy i don't always use a full blown DE,. but when i do.. it's not usually gnome
3:05:34 beach Good morning everyone!
3:11:51 hineios3 ** NICK hineios
3:36:02 fiddlerwoaroof Good morning, beach!
3:41:38 fiddlerwoaroof beach: I thinking going all-capability is a good idea, especially for the filesystem/object-store
3:42:23 fiddlerwoaroof It removes a class of bugs where an unprivileged system tricks a priviliged system into using the wrong permissions
3:43:45 harovali` pjb: thanks (asdf:oos ... worked fine. Also after meeting the missing dependency
3:43:45 beach I don't see how that could happen.
3:45:32 fiddlerwoaroof The classic example is sending a request to a webserver like http://example.com/../secret.txt
3:46:12 beach fiddlerwoaroof: I'm lost.
3:49:59 fiddlerwoaroof If the permissions are not part of the pointers to objects, you can have an issue where the pointer's permissions are interepreted differently by different parts of the system
3:50:15 beach OK, I can't understand how this example applies. I think I need a lot more time to digest the information.
3:54:55 fiddlerwoaroof This means (assuming a system with privileged and unprivileged parts) that every time an unprivileged part A communicates with a privileged part B and then receives a response, B has to have logic to determine whether A has permission to receive the response.
3:55:47 beach You see, I don't even know what it means for a "system" to have privileges.
3:56:19 beach I haven't thought things through for CLOSOS, but in Multics, systems don't have privileges; people do.
3:56:27 beach ... contrary to Unix.
3:59:49 fiddlerwoaroof I think you can put this in terms of environments, no? A system has a "privilege" to access any object referenced in its global environment, and all the other objects that can be produced by calling some accessible function on htose objects
4:00:47 beach That is not how I have ever thought about privileges, which is why I am totally confused.
4:27:02 pjb beach: how does the multics system know what person give it a command? What if it's a secretary tha gives a command dictated by the boss?
4:28:50 pjb (both in the case of multics and unix, there's a computer system object that represents the user to manage its priviledges; unfortunately, computers are not smart enough to validate or check that a real alive human being and who he is, is giving it the commands).
4:43:45 Nilby Multics is very cool in many ways, with rings, gates and all, but it's security model might be a bit dated, even if it's certainly better than unix. I'm pretty sure multics had a system call between you opening a file, that told the "operator" to take a tape off the rack on put it on a tape drive. And the open internet was decades away.
4:45:10 contrapunctus beach: good morning. Please have a look ^^ http://ix.io/3mUw
4:54:59 beach Give me a few minutes...
5:00:44 beach contrapunctus: Thanks. It is going to take me a long time, because I don't have a tools that can diff the markdown and the html. So I think I need to read it word by word and compare.
5:03:06 beach pjb: Programs in Multics refer to objects in the object store (i.e., segments in the segment hierarchy on Multics) symbolically. When a reference to such an object is hit, the dynamic linker is invoked to "snap the link". What the linker does it so check the ACLs in the "object store" and compare them to the user and group executing the code. This comparison results in a capability that has restricted access according to the ACL.
5:03:51 beach The operation is then re-tried on the capability.
5:05:33 beach So all the objects that a program can refer to are capabilities that have been created by the dynamic linker, so the access privilege is based on the user and the group executing the operation. Not on some concept of a system having the privilege.
5:06:11 beach pjb: Does that make sense.
5:13:45 fiddlerwoaroof can programs refer to objects they can't access? and pass those references to other programs?
5:14:49 beach I believe so, yes. But the programs that those objects are passed on to, also execute as the same user and group as the caller.
5:15:27 fiddlerwoaroof So, there's no way to pass an object to a program running as a different user or group?
5:15:42 beach I think that's true.
5:16:07 beach Multics still had a very limited address space.
5:16:17 fiddlerwoaroof I guess that wouldn't have the problem I'm thinking of
5:16:19 beach So pointers were per-process just as with Unix.
5:16:59 fiddlerwoaroof The issue I'm thinking of occurs when two programs communicate and they're executing as different users or groups
5:17:31 beach I am thinking that this is a fundamental difference between Multics and Unix. In Multics, users+groups have privileges. In Unix, programs do too.
5:17:42 beach Yes, I understand.
5:17:57 fiddlerwoaroof program A constructs a reference it can't access (/home/otheruser/secret) and asks B to do something with it. B does something with the path and passes information back to A
5:18:53 beach Well, in Unix, the capability is the file descriptor and it is not valid across processes.
5:19:22 fiddlerwoaroof That's only sort of true: using unix sockets, one program can push a file descriptor to another
5:19:55 beach Oh wow! And the kernel translates it so that it refers to the same object in the new process?
5:20:28 fiddlerwoaroof Yeah
5:20:38 beach That sounds dangerous.
5:20:44 fiddlerwoaroof It's actually safer
5:20:58 beach It is certainly a very different model from what I have been thinking about so far.
5:21:11 fiddlerwoaroof If I push a file descriptor, my permissions are attached to the file descriptor already
5:21:35 fiddlerwoaroof So, if the other program tries to use that file descriptor to read information I don't have access to, it'll get an error
5:21:43 beach I see.
5:22:43 beach Well, that would be similar in CLOSOS, I *think*, because a capability would be a pointer with some access bits, and pointers would be valid everywhere.
5:23:47 beach So one program would "snap the link" and get a capability that it can then hand over to some other program. The caller's privilege on the object will be reflected in the capability.
5:24:10 pjb beach: it make sense. But it's similar to unix. the access rights of unix objects are some crude a simple capabilities associated to the user ID and group ID (and others).
5:24:45 beach pjb: Yes, I know. Unix was meant to be an "implementable subset of Multics".
5:25:25 fiddlerwoaroof beach: yeah, my thought is that you don't need ACLs at all
5:25:44 fiddlerwoaroof At least, not in the way I usually think of them
5:26:11 beach fiddlerwoaroof: That's the part I don't understand. If I want to put an object in the object store, and I don't have ACLs, what kind of capability do I give it?
5:27:31 beach It seems to me that I would then be forced to give the same access rights to everybody on the system.
5:27:40 fiddlerwoaroof Couldn't you give it a "directory" object and the capability to add directory entries?
5:27:57 fiddlerwoaroof Or whatever makes sense for the store layout in question?
5:28:18 fiddlerwoaroof I guess the capability in sense would just be a pointer to some root object
5:28:28 beach I don't know what a "directory" is, nor a "store layout".
5:28:31 fiddlerwoaroof + permissions to associate new objects to that root
5:29:43 beach Nor a "root".
5:31:45 pjb You can also play the directory game in unix. Instead of letting everybody access /{bin,usr/bin,…} you can setup /home/$USER/bin/… and prevent users to access anying outside of their /home/$USER.
5:31:46 fiddlerwoaroof The idea is just that the first program that runs has full access to the object store. When it runs another program, it lets that program access the object store by passing an object to it and the capability of executing certain functions that associate other objects to it in the object store
5:32:15 fiddlerwoaroof Any object not associated with that object is transient and GCed when the program exits
5:33:06 pjb fiddlerwoaroof: capability based systems work too, indeed. It's only that this may require more work to build those directories. But I guess once it's done automatically, it can be as easy to use as unix.
5:33:53 beach fiddlerwoaroof: So if I create an object, how do I tell this "first program" that I want bill and joe to be able to read and write it, but everyone else just read?
5:33:53 pjb It's clear that this would avoid the PATH=.:… problems.
5:34:33 beach I guess I need to go study how capability-only systems work in more detail.
5:34:38 fiddlerwoaroof beach: that's why I said "not in the way I usually think of them"
5:34:57 beach I see.
5:35:11 pjb system.addCapabilityTo(system.findUser("joe"),newObject.{read}); system.addCapabilityTo(system.findUser("bill"),{newObject.{read,increment});
5:35:29 moon-child findUser sure looks a lot like an 'open' call
5:35:42 fiddlerwoaroof There needs to be a similar concept when a program is first executed, but the whole idea is to prevent programs from creating pointers the user cannot access.
5:35:52 beach pjb: So every object in the system would be stored in some place associated with each user in the system? That sounds pretty bad.
5:35:53 pjb it's a capability that you must have on the system.
5:35:56 fiddlerwoaroof that is, pointers to objects that the user cannot acess
5:36:32 pjb beach: capability management is finer grained than unix access right, that's for sure.
5:36:44 moon-child pjb: and how do 'you' get that capability? You still need to bootstrap access to something, somehow
5:36:47 beach pjb: And what if I want to give access to every user in the ADMIN group, even though not all users in that group have been created yet?
5:36:58 pjb beach: finer, and more explicit. But that's the point, and this is what help security.
5:37:08 pjb moon-child: somebody needs to give it to you.
5:37:18 beach Do I have to go through every object I ever created whenever a new user is created?
5:37:36 loli don't capability style systems just boil down to lattice structures?
5:37:49 pjb moon-child: there's a system generation phase (kind of compilation-time for the system) where those root capabilities are assigned to some root object that can then distribute them.
5:38:14 pjb beach: basically yes. But there are objects whose job is to automatize that.
5:38:31 fiddlerwoaroof You only have to go through the roots of trust
5:39:00 beach I think I won't be able to understand the ideas here until I read up on capability-only systems.
5:39:16 pjb perhaps it would be worth running a capability based system to see how that works.
5:39:17 Nilby I like capability systems. My ideal capability system is: "Can anyone run a program on my computer? No, They can't."
5:39:42 fiddlerwoaroof If a program has access to a particular set of objects and a particular set of functions, it can also access any objects producible by calling some sequence of functions with some combination of the objects
5:39:57 fiddlerwoaroof It's a bit like GC roots and the reachable set
5:40:47 pjb beach: but if you remember multics, on unix when you compile a program, with default UMASK 022, it gets access rights 755 so it's executable by any user that has access to a path to the new program. On multics, cics and other systems of that time, once you had a program compiled, you didn't have anything. You would have to write JCL or use command installation commands to make this program accessible to users as a command.
5:41:01 pjb beach: capability based system require the same administration steps.
5:42:12 pjb Or I guess we could write a (virtual) capability system in lisp, to explore those questions and the user interfaces that are required.
5:42:37 beach I will definitely take the time to read up on capability-only systems. If the security model is simpler or safer, I should understand it better.
5:45:29 Nilby Capability systems seem simpler to understand for users, and simpler to administer, but you still have the problem you have now on phones, where programs can be coercive and demand "give me all these capabilities or I won't even run".
5:46:41 beach Nilby: You seem to be using the word "capability" in a way I don't recognize.
5:47:25 beach I only know the use as "a reference to some object that includes an indication of the kind of access to it that is permitted".
5:48:15 beach So in "give me *this* capability", I don't know what nature *this* would be.
5:48:28 beach It seems it would already have to be a capability.
5:49:32 fiddlerwoaroof Fuchsia too
5:50:11 fiddlerwoaroof (The Fuchsia OS is another new OS based on object capability principles)
5:51:05 lukego splittist, fiddlerwoaroof: I optimized ACCEPT quite a lot in CLIME. It was getting really slow when I had 50K acceptable presentations in Emacs at the same time. Turned out to just be a dumb data structure i.e. the set of acceptable presentations needed to be converted from a list to a hashtable. Emacs profiler is good!
5:51:17 fiddlerwoaroof lukego: cool
5:51:24 Nilby I think of it more like the name of thing that can be done with an object, e.g. "take a picture on the camer"", so in language terms, more like a method combination.
5:51:47 Nilby *camera
5:51:54 fiddlerwoaroof Nilby: I think there's just two different meanings for the word going on here
5:51:59 beach Nilby: But that's not how it is used in the literature.
5:52:17 fiddlerwoaroof capability-based security uses a very specific definition of the term
5:52:58 splittist lukego: yay! Next up - creating an emacs-pane
5:53:14 lukego what's an emacs-pane exactly?
5:53:16 fiddlerwoaroof I'm waiting for Climacs to be embedded in emacs
5:53:18 fiddlerwoaroof :)
5:53:19 Nilby Sorry. Just ignore me.
5:53:48 fiddlerwoaroof Is Nilby a lisp program?
5:54:29 nij Bad joke. Sorry..
5:54:47 lukego splittist: btw I think that I gave you commit bits but just do whatever you like e.g. PRs etc. I just don't have my github notifications working very well atm so often miss things for a couple of days before polling
5:55:59 splittist lukego: I haven't done anything recently. I need my other projects to catch up to where I'm really using clime, to see what needs adding. Panes are the substrate for gadgets, I think.
5:56:12 lukego I think maybe next up for me will be trying to do really nice client-side zooming. for CAD stuff I think that I need to be able to easily make presentations scale to fit the available space & be able to zoom in up to about 20x mag
5:57:12 lukego one other random feature I'd like is a (with-output-to-emacs (s :pane :foo :if-exists :overwrite) ...) so that Lisp could assign names to the images and have the option to update them in place
5:57:43 lukego splittist: yeah same here
5:59:07 lukego though the zooming is a pain point now because I'm constantly tweaking (with-scaling ...) to try and see what I need. I think that Emacs image support will make it easy e.g. already supports a fit-width/fit-height/fit-window kind of scaling option and we could hack the "viewBox=..." attribute to crop the region of interest
5:59:38 lukego but it helps a lot to be able to copy&paste presentations now e.g. because I can do a really big one, put it into a buffer on the side, and not worry about it scrolling off screen in the repl
6:02:00 splittist If you had the raw svg in the emacs-side object, you could just add a scaling transform and re-render.
6:02:19 splittist (Or have a 'Open in Inkscape' option ... )
6:13:36 lukego Good ideas :)
6:14:04 lukego Have to think about that Inkscape one in particular. Then I guess I'd want to embed metadata into the SVG about the presentations
6:17:14 lukego and that's probably easy to do actually straight on the lisp side
6:18:16 lukego I need to understand if the Emacs image scaling attributes are usable - or maybe better to just always hack the SVG and rerender. Experimentation suggests that Emacs "zoom in" commands on images are raster based i.e. they render the SVG into a bitmap and then scale that into a pixelated blarg
6:22:16 beach fiddlerwoaroof: In a capability-based system, how does a user refer to an object in order to obtain a capability? Do objects have names? If so, who determines tha name? Does every user refer to some object using the same name?
6:24:23 lukego splittist: I'm not ready to think about this yet but besides Inkscape another interesting option could be to open the SVG in a browser and accept callbacks from Javascript. Maybe this could even be driven by Emacs with the browser doing the job of (insert-image (create-image ...)) only.
6:25:21 beach fiddlerwoaroof: Actually, forget about it. I think I will just go think about how it might be done. I suspect the literature excludes the mechanics of of assigning privileges to people and groups of people.
6:25:48 phoe hello
6:26:02 beach Hey phoe.
6:27:24 phoe beach: AFAIK a capability is just an object that contains 1) an indirection to some other object, 2) some state - simplest state is "on/off", a boolean
6:27:49 phoe and the trick is that you are not allowed to operateon the object directly, you must use the capability object instead
6:27:51 beach That's the third definition of capability today.
6:28:11 phoe and the capability object must be in its "on" state in order for the action to be performable and performed
6:28:12 beach And the second one that does not correspond to the use in the literature.
6:28:41 contrapunctus beach: ^ generated HTML with indentation and whitespace resembling yours, hopefully easier to diff.
6:28:41 beach Plus, that's not what I am asking. I am asking about the mechanics of assigning privileges.
6:28:47 beach contrapunctus: Thanks!
6:29:01 phoe if something in the system turned the object "off", then the action that the capability was created for doesn't happen
6:29:10 beach *sigh*
6:29:17 phoe okay, I'll shut up
6:32:14 fiddlerwoaroof beach: wouldn't one way just be to have a "user" object?
6:32:52 beach What I am asking is this: Suppose I created an object, and I want every system administrator to be able to modify it, but everyone else can just read it. What do I do for that to happen, and what do I write in the email to everyone? "Hi, I just wanted to let you know that you can now do ... to a access my new object."
6:33:29 beach What is "...", and what did I do in order for "..." to be the way to access the object?
6:33:49 fiddlerwoaroof One way would be to have an object representing the "admin" group with write-enabled pointers to the resources
6:34:11 beach OK, and how do I "name" it?
6:34:13 fiddlerwoaroof And then you just iterate across the objects representing administrators and associate them with the admin group
6:34:26 beach Hold on...
6:34:38 beach There might be administrators that aren't in the system yet.
6:34:48 beach So there must be a representation for the group as such.
6:35:18 fiddlerwoaroof Yeah, #<user object> -> #<admin group object> -> #<resource>
6:35:26 beach And I still don't know what "..." is. Maybe "Object number 234 in your list of objects you can access"?
6:35:35 fiddlerwoaroof Then #<new user object> -> #<admin group object>
6:36:28 beach Or "object named <some-name>"? How do I prevent myself from removing an existing object with <some-name>"
6:36:32 fiddlerwoaroof Whoever can create new user objects can create the link between the new user and the existing group objects
6:36:53 beach That part is fine.
6:36:59 beach But I don't know what "..." is.
6:37:22 beach What instructions do I write in my email for users to access my object?
6:37:38 beach And how did I make those instructions work?
6:37:41 fiddlerwoaroof Oh, I see, that would depend on the protocols for the object in question, right?
6:38:25 beach The object has to be named in some way. Either, "Bill, it's your object number 234. Joe, yours is object number 34534534...."
6:38:37 beach Or it must have some name that is the same for everyone.
6:38:41 fiddlerwoaroof Why?
6:39:09 beach Should I just put the capability in my email?
6:39:51 fiddlerwoaroof I see, let me think about it :)
6:40:05 beach Or, "Hey everyone. I just created an object that you can use if you like, but this system doesn't allow me to give you instructions how to find it, so you just have to scan the entire object database".
6:40:30 fiddlerwoaroof It seems to me that the protocol for accessing a new resource depends on the type of resource, though
6:41:43 beach Sure. "And you can access the new object using a protocol consisting of functions that are somewhere in the system, but since I can't name them, you need to scan the entire object database"