igemnace has quit [Remote host closed the connection]
rgherdt has quit [Remote host closed the connection]
seletz has quit [Ping timeout: 255 seconds]
dlowe has joined #commonlisp
dra has quit [Ping timeout: 265 seconds]
larix has quit [Ping timeout: 268 seconds]
lisp123 has quit [Ping timeout: 252 seconds]
gxt has quit [Remote host closed the connection]
_cymew_ has quit [Ping timeout: 268 seconds]
gxt has joined #commonlisp
mcparen has joined #commonlisp
son0p has joined #commonlisp
gxt has quit [Remote host closed the connection]
gxt has joined #commonlisp
gxt has quit [Remote host closed the connection]
gxt has joined #commonlisp
anticomputer has quit [Ping timeout: 255 seconds]
gxt has quit [Remote host closed the connection]
perrierjouet has quit [Quit: WeeChat 3.7.1]
anticomputer has joined #commonlisp
beach has quit [Ping timeout: 246 seconds]
anticomputer has quit [Remote host closed the connection]
seok has quit [Read error: Connection reset by peer]
perrierjouet has joined #commonlisp
ec has quit [Ping timeout: 255 seconds]
ec has joined #commonlisp
danisanti has joined #commonlisp
<danisanti>
Hi all!
<danisanti>
I am thinking about how Common Lisp can improve the security of software and software services. I have been told by a person that most of security attack vectors are a buffer overflow attack. Does Common Lisp suffers from buffer overflow insecurity too (as C does) ?
<danisanti>
I mean, stack overflow. I am not sure now, it is something about 'overflow'
<danisanti>
maybe someone more knowleadgeble can know this...
<gilberth>
Common Lisp does not suffer from buffer overflows or integer overflows. Why should it?
<danisanti>
great. Can someone point me to a website that talks about how Common Lisp is more secure than C?
<danisanti>
why sensite public facing software should be using Common Lisp
<danisanti>
pjb: on that link it says nothing about security
gxt has joined #commonlisp
<danisanti>
other link?
beach has joined #commonlisp
tyson2 has joined #commonlisp
<mzan>
danisanti: I'm the less knowleadgable here, so maybe they will correct me... CL con compile a package or also only a function with different settings like ``(declaim (optimize (speed 0) (space 0) (debug 3)))``
<mzan>
so you can favour speed or security
<mzan>
If you favour security, CL will check at run-time that the access to arrays is ok, that there is no buffer overflow and so on.
<mzan>
If you favour speed, the CL compiler can trust the type hints of the programmer, and it can stop to check something at run-time, and you can introduce bugs and security errors.
<mzan>
BTW, in case of plain CL code, it is more difficult to insert integer overflow, because the default integer type of CL become a bigint in case of overflow.
<danisanti>
great
<danisanti>
it gets upgraded
<mzan>
danisanti: yes. If for example in C you have int using 64 bits, in CL usually they are 63 bits with the last bit to 0. If the last bit is 1 then the CL runtime check if the "number" is a big-number, or a pointer to an object/struct/etc...
<mzan>
danisanti: in general CL is more secure/robust of C, because the run-time will check a lot of things at run-time, and it will stop to work if the types are not correct.
<mzan>
CL is a dynamically typed language, in the sense that every object/reference has a tag at run-time, specifying its type. So they are always checked, but more at run-time than compile-time. So the code is safer, in the sense that in case of errors, instead of doing undefined behaviour, an exception will be signaled.
morganw has joined #commonlisp
<mzan>
The ideal solution is a language that is safe but with types checked at compile-time (statically typed). So you are both sure that there will be no security errors at run-time, but also no exceptions. C is on paper statically typed, but it is too much easy to insert errors at run-time, that are not detected at compile-time. It favours run-time speed, towards security.
<gilberth>
C is weakly and statically typed, while CL is strongly and dynamically typed. The compiler doesn't help C with the "weak" part.
cage has joined #commonlisp
<gilberth>
weak/strong and static/dynamic are two orthogonal axes.
nij- has joined #commonlisp
<mzan>
yes, good observation
<gilberth>
Also having no proper integer data, as C hasn't, is another axis, if you wish to see it that way.
dlowe has quit [Ping timeout: 260 seconds]
<mzan>
BTW, CL is multiparadigm language also in these things, because if you add type annotations and change the ``(declaim (optimize (speed 0) (space 0) (debug 3)))`` params, it can bcome in some parts a strongly typed PL at compile time, and weakly typed PL at run-time.
<gilberth>
It's not guaranteed to be weak here.
<mzan>
yes, it depends from the compiler/implementation
<gilberth>
It may at the disgrace of the compiler. And as pjb said: Don't do it.
<mzan>
But the canonical way to use CL is weakly typed at compile-time, and strongly typed at run-time
<mzan>
yes, I learned here, that it is not good practice setting compilation speed to 3 and debug to 0.
<gilberth>
That doesn't make sense. No placing a type declaration doesn't make it weakly typed. T is still a type, isn't it?
<mzan>
I mean that if you put type declaration, and then set speed to 3 and debug to 0, then the compiler is instructed for trusting the type declaration, and maybe it can remove checks at run-time, and it become weakly typed at run-time.
<gilberth>
I mean, in absense of a type declaration, you say "Hey, this thing is of type T."
<gilberth>
mzan: It may indeed. And I don't like that at all.
jmdaemon has quit [Ping timeout: 268 seconds]
<Duuqnd>
mzan: Don't you mean safety and not debug? Type checking is still done when using (optimize (debug 0))
thuna` has joined #commonlisp
dlowe has joined #commonlisp
<danisanti>
Ok. I am pretty sure, that as a novice in CL, that I am not gonna change the declaim optimize
<Duuqnd>
It wouldn't be a bad idea to use (optimize (debug 3)) actually
<Duuqnd>
At least as long as what you're doing isn't super performance critical
<danisanti>
it should be more talk about, the security aspect of CL when compared to C and compared to Java (and maybe when compared with Rust), so that more people know about this. People that are developing in Rust is most probably because of a security reason, and CL may be able to offer this as well (and more?)
<nij->
McClim seems to only work for X.
<nij->
How hard is it to port it to web?
<beach>
nij-: The nice people in #clim will know more I think.
<Duuqnd>
danisanti: CL can offer a lot, and I guess security is one such thing, mostly because it's a high-level language that's typically implemented well.
<danisanti>
Rust is a hype and most I believe that people that develop in such a language, don't know about Common Lisp, or else they would develop in Common Lisp
<nij->
Hmmmmm
<nij->
It'd be great if you can justify that belief.
<nij->
Not questioning you. I do hope that belief gets justified.
<Duuqnd>
danisanti: I'm not entirely sure about that. I imagine Rust users have a very different taste in languages than Lispers.
<danisanti>
ok. I talk from my experience. I never done a poll or a study or something of that matter
<danisanti>
I happen to really like Common Lisp
ym has joined #commonlisp
<nij->
Making a poll wouldn't really work I guess. Those who will be hit by your poll may have a higher chance to know CL.
<nij->
What you can do is to go deep into rust, and argue why it doesn't offer much more than CL.
<nij->
Make a theoretical argument. That would do humanity lots of good :)
<danisanti>
I won't
<mfiano>
I think this argument is arguing the wrong thing.
<danisanti>
Maybe someone that *actually knows* Common Lisp would be a better candidate for that nij-
<mfiano>
What does CL or Rust have to offer over each other when given X constraints?
<danisanti>
I am gonna go
danisanti has left #commonlisp [ERC 5.4 (IRC client for GNU Emacs 28.2)]
<nij->
:|
<mfiano>
Languages are just tools. Though general purpose, they aren't well-crafted to a particular task, or may not even fit into the tightest of spaces (embedded, etc)
<nij->
Did I sound like a jerk.. I hope not.. and that's not my intention. Sorry :(
<nij->
mfiano But aren't there any language that really has nothing much to offer, besides the fact that they have somehow got populartiy so has a larger community and libraries to use?
<mfiano>
Of course. Every language your friends or colleagues use are the subject of big corporations backing them. Instead of looking at a language at face value; that is, how popular or the main "gimmick" it tries to hook you with, you should evaluate a language for your task at hand at a deeper level than that.
<mfiano>
I think CL fits nearly all purposes of mine. YMMV.
<Josh_2>
Same here
<gilberth>
When pondering safety of langanguges, don't forget about integer overflows. Often you don't have an integer data type proper and are stuck with modulo arithmetic.
<nij->
same here, I can't think of any case for me where CL won't fit.
pranavats has left #commonlisp [Error from remote client]
gxt has quit [Remote host closed the connection]
<Josh_2>
I mostly write backends for websites and expose the functionality with Rest API's
<Josh_2>
CL is great for this, its also great for interacting with other rest apis
<Josh_2>
Its very easy to write API wrappers etc because of macros and MOP :P
gxt has joined #commonlisp
<nij->
How does MOP help here :O?
<AadVersteden[m]>
I would prefer not to use Common Lisp from o community's perspective. But we still end up using Common Lisp for challenging pieces of software. Part of that is because I somewhat know the language better, but a bigger part is that it's just way more flexible to experiment in.
<mfiano>
THe MOP extends CLOS like macros extend the compiler
<Josh_2>
Macros for reducing the boilerplate when writing an api endpoint and MOP for making endpoints class definitions
<nij->
Cool. To me, CLOS is enough.. I can't imagine how MOP is useful. It'd be nice to see some examples.
<AadVersteden[m]>
The downsides from my perspective are: few people know it, most people can't read it, limited availability of libraries. The upside is that it allows you to express yourself in a very high-level way and you can have both high-level abstractions as well as write performant code, and there are a crazy amount of escape hatches when you learn more about the problem domain.
<Josh_2>
Well with MOP you can hide functionality in a class definition
<mfiano>
MOP lets you define how CLOS works in any way. You can write your own CLOS using the MOP, as is done in AMOP.
<mfiano>
and since CLOS is so heavily integrated into the standard, with everything being an object, this becomes pretty flexible.
dra has joined #commonlisp
<nij->
"this" in "this becomes pretty flexible" means that you can define how CLOS works in any way?
<mfiano>
Yes
<mfiano>
If you need new syntax, macro. if you need new OOP functionality or introspection, MOP.
azimut has joined #commonlisp
<nij->
I see. So the thing that confuses me is what sort of new OOP functionality would possibly make life easier.
<nij->
What I needed to do was pretty limited, so I didn't see the need.
<mfiano>
Perhaps being able to change the parents of an instance at runtime, by inserting mixins into the superclasses of the class of the instance, giving your instance new behavior (applicable methods) and data (parent slots)
<Josh_2>
I found the MOP very confusing at first
<Josh_2>
I am pretty sure I am only really playing with a small subset of it, I didn't find much of AMOP very helpful either.
<Josh_2>
Only the practical examples were of use to me
<mzan>
Duuqnd: ah ok, sorry. I confused debug with safety. You are right. In this example I used debug for the right reason BTW. There were code I want to study, and so I want to trace it without the danger of advanced compile-time optimizations.
<AadVersteden[m]>
I used the MOP to write an object layer on top of Postgres at some point. You build a meta-class and that can alter behavior. It's cool that you can write such a thing in a very natural way in the object system.
<mfiano>
With the MOP, you could define a new subtype of a generic function that is able to dispatch using an arbitrary function (like Clojure), rather than by class-name or EQL.
prokhor has joined #commonlisp
<mfiano>
and this has been done in a few different libraries available in Quicklisp, if you wanted to play around with that.
<AadVersteden[m]>
None of these features are things that would be a total blocker if you wouldn't have it. It would still be possible to write something that works. It's just that it becomes harder to write such things and at some point it's not worth the investment anymore.
anticomputer has quit [Quit: quit]
<Josh_2>
In my experience playing with the MOP is often quite a time consuming task but it yields highly flexible results.
<AadVersteden[m]>
mfiano: ContextL is also a nice example imho.
<Josh_2>
So often I would mess with MOP as a refactor where I am trying to increase the flexibility of my code
<mfiano>
I have heard. I have not played with it, probably because it slipped out of my mind with the years it has been inactive :)
Helmholtz has quit [Changing host]
Helmholtz has joined #commonlisp
<mfiano>
I am not sure, but phoe might still be writing CLR2 in his free time, and he requested to use one of my uses of the MOP for one of the new recipes. When that gets released, I think we'll have some actual concrete MOP examples all in one place.
<mfiano>
phoe: Update on the book, if you can please :)
<mzan>
Smalltalk. BTW, Smalltalk tends to be a lot slower than CL.
<mzan>
nij-: I will do an unjustified claim, but maybe it is true. I studied also a little of Smalltalk. Advanced frameworks in Smalltalk uses a lot the meta object protocol. Every class has a metaclass, so you can customize every detail of class and instances behaviour. In practice it is a sort of MOP. Smalltalk can do a lot of complex things at run-time, that in CL you do at compile-time, using macro. So MOP can be used like meta class are used in
anticomputer has joined #commonlisp
<Josh_2>
CL has metaclasses
genpaku has quit [Read error: Connection reset by peer]
<Josh_2>
Everything you said about Smalltalk is applicable to CL, except that it is normally performed at compile time, although you can define classes at runtime if you wish
<mzan>
yes, I tried to write this exactly
<mfiano>
you can define compile time at runtime, or something
<mzan>
Powerfull OOP intrespection, reflection and metaclass tecniques are used in Smalltalk a lot, and they can be used in CLOS and MOP too.
genpaku has joined #commonlisp
dlowe has quit [Ping timeout: 246 seconds]
_cymew_ has joined #commonlisp
<nij->
"""mfiano > With the MOP, you could define a new subtype of a generic [..] dispatch using an arbitrary function (like Clojure), rather than by class-name or EQL.""""
<nij->
Wow this is cool. Does it also allow defining generic functions that take arbitrary many parameters?
<mfiano>
Check out Pascal Constanza's paper on filtered-functions (easily google-able), and the associated repository for one implementation.
<nij->
This sounds very nice. Now I did remember playing with a pet project, and wished that I could extend CLOS.
<nij->
Is it fair to say that MOP is 'just' a framework that allows you to treat any class as an object, and therefore you can hack every detail of that class?
<Bike>
i think that would be pretty reductive. for one thing it's not just classes that are objects
<nij->
How would you describe what MOP is then? I find it interesting, and think it is something that one should be comfortable with first in order to summon its full power.
<Bike>
it's probably put more artfully in the book, but something like: a protocol that makes the parts of the object system itself implemented as extensible objects
<mfiano>
It's a protocol that specifies how objects are to be defined, constructed, and otherwise manipulated.
dlowe has joined #commonlisp
<mfiano>
Therefor, since generic functions, part of CLOS are available in CL, you can extend the MOP's protocol by intercepting with different hooks into the various object data flow pipelines
<mfiano>
THe MOP is what defines these new protocol functions, not part of CL.
prokhor_ has joined #commonlisp
trocado has joined #commonlisp
prokhor has quit [Ping timeout: 264 seconds]
<nij->
Sounds like time for me to try that book again..
<nij->
Put in the book: a mop for clos -- [..] is a description of CLOS itself as an extensible CLOS program.
azimut has quit [Remote host closed the connection]
azimut has joined #commonlisp
azimut has quit [Remote host closed the connection]
gxt has quit [Remote host closed the connection]
azimut has joined #commonlisp
gxt has joined #commonlisp
_cymew_ has quit [Quit: Konversation terminated!]
_cymew_ has joined #commonlisp
azimut has quit [Remote host closed the connection]
azimut has joined #commonlisp
seletz has joined #commonlisp
gxt has quit [Remote host closed the connection]
gxt has joined #commonlisp
acma has quit [Quit: You have been kicked for being idle]
seletz has quit [Ping timeout: 248 seconds]
akoana has quit [Quit: leaving]
gxt has quit [Remote host closed the connection]
aartaka has joined #commonlisp
<phoe>
mfiano: I am not
<phoe>
been unable to focus on CLR2 with my health overall
azimut has quit [Remote host closed the connection]
azimut has joined #commonlisp
azimut has quit [Remote host closed the connection]
<mfiano>
I'm sorry to hear that. I hope things get better quickly.
<Bike>
yeah, hope you feel better soon
cosimone has quit [Remote host closed the connection]
azimut has joined #commonlisp
tyson2 has quit [Remote host closed the connection]
<nij->
Best wishes to you... phoe
<nij->
What is CLR2 btw?
pranavats has joined #commonlisp
gxt has joined #commonlisp
Oddity has joined #commonlisp
varjag has joined #commonlisp
tyson2 has joined #commonlisp
nij- has quit [Ping timeout: 256 seconds]
gateway2000 has quit [Quit: Leaving]
<mcparen>
i guess a successor to "Common Lisp Recipes"
msk has joined #commonlisp
causal has joined #commonlisp
aartaka has quit [Ping timeout: 265 seconds]
aartaka has joined #commonlisp
thuna` has quit [Ping timeout: 256 seconds]
seletz has joined #commonlisp
<utis>
is there a way to get cl-charms to support ``wide characters'' (an equivalent of cc -lncursesw)?
seletz has quit [Ping timeout: 248 seconds]
msk has quit [Quit: Leaving]
msk_ has joined #commonlisp
tasty has quit [Quit: rebooting for kernel updates]
tyson2 has quit [Remote host closed the connection]
seok has joined #commonlisp
tasty has joined #commonlisp
tasty has quit [Changing host]
tasty has joined #commonlisp
aartaka has quit [Ping timeout: 264 seconds]
aartaka has joined #commonlisp
<mcparen>
utis, try the "other" ncurses library, croatoan, I have support for wide chars there.
varjag has quit [Ping timeout: 268 seconds]
jeffrey has joined #commonlisp
thuna` has joined #commonlisp
<phantomics>
Hi McParen, croatoan was a lot of fun to use for my April demo
Mitpatral has joined #commonlisp
<mcparen>
Hi phantomics, glad it helped, APL utilizes wide chars quite extensively. ;)
varjag has joined #commonlisp
<phantomics>
Indeed, though my current demo app doesn't display many APL chars
igemnace has joined #commonlisp
<phantomics>
At a later time I may work on an ASCII interface-building toolset using APL; people tend to say that writing ncurses interfaces is a horrible chore but APL could make the tasks much easier
<phantomics>
Since you can draw boxes around things, set sizes, truncate strings etc. with a few characters rather than dozens of loops
<utis>
McParen: i'll have a look
<mcparen>
phantomics: true, I somehow "remembered" that the demo shows parts of the APL code including all the greek chars, but that was obviously wrong: https://imgur.com/BCMpnPK
<utis>
what would one use to print characters in a terminal without a newline? (not using ncurses)
<mcparen>
princ
<Josh_2>
format
<utis>
does one need to tell the terminal somehow not to wait for a newline?
<utis>
i mean i want the characters to show before the newline
<Josh_2>
you might have to force-output
<utis>
ah
<phantomics>
Yeah, the demo uses box-drawing characters (to enclose the life cells) and background colors to show the presence of cells over time
dlowe has quit [Ping timeout: 260 seconds]
jeffrey has quit [Ping timeout: 260 seconds]
<utis>
how about reading characters without a newline?
<phantomics>
phoe hope you're feeling better soon
<mcparen>
utis, that part is where you need something like ncurses..
tyson2 has joined #commonlisp
anticomputer has quit [Remote host closed the connection]
<mcparen>
utis: you need to make a system call to set the terminal to "raw mode", which can be done without ncurses, but ncurses makes it easier.
occ has quit [Ping timeout: 256 seconds]
dlowe has joined #commonlisp
varjag has quit [Ping timeout: 246 seconds]
azimut has quit [Ping timeout: 255 seconds]
varjag has joined #commonlisp
jeffrey has joined #commonlisp
occ has joined #commonlisp
anticomputer has joined #commonlisp
dlowe has quit [Remote host closed the connection]
<utis>
thanks, McParen
azimut has joined #commonlisp
Mitpatral has quit []
n1to has joined #commonlisp
<utis>
think i'll use trivial-raw-io to avoid having to make a window
aartaka has quit [Ping timeout: 246 seconds]
aartaka has joined #commonlisp
<phoe>
mfiano: Bike: phantomics: nij-: thanks, I'm just burnt out and recovering plus dealing with private life stuff; it'll take some time and I'll see if I'm in shape to do more lisp book work
n1to has quit [Quit: Leaving]
jeffrey has quit [Ping timeout: 265 seconds]
epony has quit [Quit: QUIT]
Inline has quit [Quit: Leaving]
dra has quit [Quit: Leaving]
perrierjouet has quit [Quit: WeeChat 3.7.1]
perrierjouet has joined #commonlisp
cage has quit [Quit: rcirc on GNU Emacs 27.1]
waleee has joined #commonlisp
rgherdt has joined #commonlisp
nij- has joined #commonlisp
waleee has quit [Ping timeout: 252 seconds]
_cymew_ has quit [Ping timeout: 248 seconds]
waleee has joined #commonlisp
Bocaneri has joined #commonlisp
Bocaneri is now known as Guest3282
Sauvin has quit [Killed (NickServ (GHOST command used by Guest3282))]