libera/#commonlisp - IRC Chatlog
Search
2:25:15
Catie
This is a pretty open-ended question, but sometimes I can load systems using Quicklisp, but I get COMPILE-FILE-ERRORs if I try loading them with ASDF:LOAD-SYSTEM or REQUIRE. Is this a known issue, and if so what causes it?
2:27:32
Catie
For me the most common one is CLX. If I don't have the FASLs cached, I can't REQUIRE it, but I can QL:QUICKLOAD it. Let me clear my cache to get the exact error
2:36:36
Catie
Well okay, now I just straight up can't REQUIRE Quicklisp systems. So never mind for now I guess?
2:38:25
Catie
I've been using it wherever I'm able because it's worked, basically. For the most part, at least
2:39:44
Catie
Can you do that without modifying asdf:*central-registry*? Because that's the onerous part that I've been trying to avoid
2:40:21
etimmons
If you're using QL then any system you've quickloaded in the past can be asdf:load-system'd after QL has been loaded
2:40:37
mfiano
I don't think it's recommended by asdf maintainers to go messing with the registry iirc
2:41:47
Catie
"modifying" in this case includes locally binding. Historically I've done a (let ((asdf:*central-registry* (cons #P"..." asdf:*central-registry*))) (asdf:load-system :whatever))
2:43:05
Catie
I've been using REQUIRE because it's part of the standard, but Quicklisp isn't. Basically I'm trying not to assume Quicklisp will be available. I suppose ASDF isn't either, but it's a de facto standard. Though again, Quicklisp kind of is as well. Hhhhh this made more sense in my head
2:44:09
etimmons
require is really only useful for implementation provided modules. because it's pretty underspecified
2:46:10
etimmons
ASDF is very configurable, so if you want to manually manage all your systems you can pretty easily configure it via environment variables (useful for build scripts) or configuration files in any number of places on your file system
2:47:06
etimmons
If you don't want to manually manage all your systems (i.e., you want to have your dependencies resolved and downloaded for you), QL or CLPM are great for that.
2:47:31
etimmons
And both of them have ways to then load your downloaded systems directly with asdf:load-system
2:48:35
Catie
See, and it sounds like I had some pretty cool magic being able to REQUIRE things willy-nilly, but then I went and observed it and it went away
2:49:09
etimmons
BTW, asdf:_central-registry_ still works (and I imagine will continue to work for quite a while), but I really recommend the "source registry" configuration methods. Much more flexible and can be done without modifying rc files for N implementations
5:15:52
sm2n
I would say reading library code is more of a cultural habit in the CL community than it might be in other language communities. Especially with M-.
5:16:36
sm2n
But I don't know if people go and read libraries from start to finish (I do sometimes).
5:17:00
ns12
With a MITM attack on a network used by Lisp zealots, it might be possible to mine Bitcoins using Alexandria.
5:20:18
aeth
as opposed to many package management systems where you can just point it at a github or whatever
5:24:01
sm2n
There are some efforts for distributed auditing/attestation, but they haven't really taken off.
5:25:36
sm2n
It's actually not bad in CL, since in my experience the set of dependencies that most projects have is relatively small
5:27:51
sm2n
the idea being that if you trust that the implementation is not malware, you should trust the libraries too
5:28:25
White_Flame
no system that I know which supports downloading libraries off the internet has a preventative vetting process for finding malicious things
5:28:45
sm2n
doesn't really work here either, but it seems plausible that people could pool money to pay people to audit code, through some foundation (the CL foundation?) or something
5:28:47
White_Flame
quicklisp as least (afaik) ensures that all dependencies in a single release all build & test with each other
5:29:15
sm2n
The issue is that most people don't care enough to actually make such a thing happen anyway
5:29:32
White_Flame
if you're concerned about security, you download a package and stop using quicklisp
5:29:49
White_Flame
include that source code in your own internal repository and don't allow updates from teh outside world
5:30:06
sm2n
This is a problem everywhere, even outside language ecosystems — how do you verify any software you have isn't malicious?
5:30:59
aeth
it's just a subset of the problem of internet communities scaling beyond manual moderation of everything being possible... in this case, of code
10:08:32
frodef
I'm looking at Hunchentoot sessions, and I'm curious to understand why sessions are internally stored/referenced by an integer ID (rather than, say, the SESSION-STRING/cookie), anyone happen to know?
10:56:08
rotateq
With what in the MOP does a class track which instances it made to know what to update? I also mean the ones that weren't bound to symbols, but are still existent till the next full garbage collection.
11:10:22
Krystof
every time you ask me a question, I delete my half-finished description to answer your question
11:10:57
Krystof
the class holds a description of its current layout (slots, inheritance, etc.). That might be called a "layout" or a "wrapper" depending on context in sbcl
11:11:46
Krystof
if a class is updated, it marks the current layout as obsolete, and gets a new layout. Now the class no longer refers to the old layout, but instances do
11:12:14
Krystof
when you access an instance, part of the access protocol is checking whether the instance's layout is up-to-date or obsolete. If it's obsolete, you go into the update-instance flow
11:12:41
Krystof
if you never access an instance, it is never updated; it stays in its obsolete state (but it doesn't matter, because nothing accesses it)
11:13:17
rotateq
yes right I got that by little experimenting, also with the :allocation :class similarly
11:15:09
rotateq
so to say how i came to my question: in another talk with someone it came to singleton classes and I thought "hah, i have an idea" so I did it but the only thing that now misses is to look if there's still a referenced instance of a class anywhere
11:15:31
Krystof
so, the point is that nothing in this protocol requires the class to keep track of instances. Instead, instances keep track of which version of the class they were defined with
11:16:41
Krystof
no problem. For singletons, you could make allocate-instance throw an error, and use the class-prototype as the singleton instance?
11:17:28
rotateq
ahh right, didn't thought of allocate instance :) but made it with some other and a SINGLETON-CLASS metaclass for SINGLETON-OBJECTs
11:18:56
rotateq
then we came to this "oh so your methods aren't owned by the class?" and I thought longer, but not aware enough now how to make metaclass stuff (eg with funcallable-standard-class or standard-generic-function) to mimic even that safely for certain generic functions
11:28:43
rotateq
and i realized again why it makes absolutely no sense (by logic!) to ask for the slot-values of an instance in the (allocate-instance :before)-method :D