libera/#commonlisp - IRC Chatlog
Search
21:04:23
jeosol
etimmons I just got out of a rabit hold chasing bazel, bazelisp for parallel compilation of my project. Not sure you remember, we had a discussion over from reddit chat (that you said you weren't initiaally aware it had a chat option)
21:06:18
jeosol
I haven't looked at it personally, but now that I fully understand the requirements of bazel and bazelisp (for large orgs, 200+, need lots of machines, etc), and so many issues (from others that used it for non C++ or non Java projects),
21:07:09
jeosol
I plan to start taking a look again at the repo I cloned a while back, may be get it to work for current SBCL
21:08:20
etimmons
I'm pretty sure bazelisp is used internally by Google, so hopefully it wouldn't have tooooo many issues
21:09:20
etimmons
I haven't looked at it myself in a very long time, but I also imagine it may not be the most portable thing if that's important to you.
21:11:10
jeosol
ok, but I thought you have to use bazel and bazelisp together. I could not get the former to install. I admit I don't understand how these systems are integrated. I was trying to download bazel to test the C++ tutorial
21:11:51
jeosol
I have dome some research, and I am mistaken, to think it was something simple, I could just drop in to do my parallel builds. But that is not the case
21:12:12
jeosol
It also requires huge amount of memory to run and you often need many machines to really get the benefits
21:15:22
etimmons
I forget if it had happened yet when we last talked, but SBCL has gotten rid of the lock around compile-file.
21:15:59
etimmons
would be interesting to see if just using plain old threads to compile things would work
21:18:09
jeosol
I have been in touch with Fare, the author, on possibly resurrecting this in some fashion, but I'd have to spend time to study the internals
21:18:53
etimmons
Hmmm, I think it got released in 2.1.4, but I see no mention of it in the release notes
21:23:13
etimmons
It's super nifty since it creates a new process that's ~identical to the first. Some application servers use it to, for example, load all the code, do any other expensive startup things, and then be able to spawn workers with nearly zero cost
21:23:41
etimmons
but it takes great care to use correctly and can easily lead to dead locks or other unforeseen complications
21:25:17
etimmons
ECL had an issue on MacOS where spawning a new process (nominally fork() then exec()) caused streams to get corrupted in the parent process if the exec() failed (e.g., the executable didn't exist)
6:22:40
^[
leo_song: It depends on your threat model. Some might argue that it's not safe to run Quicklisp anywhere, because it doesn't use TLS or verify downloaded packages.
6:43:08
pjb
leo_song: what is not safe is to execute code that you haven't checked and validated. So ftp+asdf can be as unsafe as quicklisp, if you don't add an audit in the middle.
6:44:00
pjb
leo_song: now arguably, quicklisp doesn't have an audit hook between transfer and asdf (and asdf itself is already executing code from the asd file), so quicklisp is fundamentaly more unsafe than ftp+audit+asdf.
6:45:38
pjb
leo_song: the security model adopted here is the herd security. You just keep your ear open, and listen if somebody else has had a problem. And you'll react in that case. But it may be you… https://www.youtube.com/watch?v=Q2KwRPtEjco
6:50:01
moon-child
I guess the specific concern (given public wifi) is mitm. The question then is whether asdf uses a secure transport layer and/or does signature checking
7:44:55
kakuhen
but this time it's for a really reason: turns out the placement of your assets folder matters A LOT if you use cl-sdl2... the wrong placement of the binary will give you "unrecoverable stack overflow error" and drop you to the kernel debugger