IRC channel logs

2015-08-21.log

back to list of logs

<please_help>In my symbolic computation framework, I generate a large computation tree that includes multiple bindings at various points in the computation. I currently use symbols to denote variables, but with the dynamic-programming-like approach I have to use due to resource limitations, I need some way to obtain a variable's "reference-list", otherwise I get a <- b <- c; da/db = 0 where I want da/db = 1 (but db/da = 0).
<please_help>what's the best way to do that? I think analyzing the tree itself is not tractable.
***karswell` is now known as karswell
<nalaginrut>morning guilers~
***michel_mno_afk is now known as michel_mno
<davexunit>wingo shared this section of the guile manual on twitter today, and I just re-read it and I highly recommend that everyone read it: https://www.gnu.org/software/guile/manual/html_node/Types-and-the-Web.html
<davexunit>sums up in a couple of pages of text why using appropriate data types avoids many common sources of bugs
<davexunit>in the case of the web, XSS vulnerabilities, SQL injection, etc.
<davexunit>for kicks I submitted it to HN https://news.ycombinator.com/item?id=10097198
<taylanub>you would think what's explained on that page is programming 101 :( I did a little bit of MySQL/PHP/JS programming (the standard tools) a few times, and the abuse of strings for data communication is just utterly awful. I remember at least one time it lead to a hard to find bug too.
<davexunit>strings are abused pretty much everywhere
<davexunit>I see it *a lot* in the JS at work that does stuff with jquery.
<davexunit>concatenating strings together to form an html snippet and passing it to jquery to render.
<taylanub>>_<
<davexunit>yeah
<davexunit>terrible
<davexunit>I'm pushing for things like MithrilJS that provide a nice api to building "virtual DOM" nodes
<davexunit>and when rendered all the escaping is handled for you
<davexunit>and things compose just like sxml
<davexunit>but without the pretty syntax
<davexunit>since JS has no quasiquote
<dsmith-work>Happy Friday, Guilers!!
<taylanub>happy friday :)
<taylanub>davexunit: have you looked into ClojureScript? I might start working at a Clojure shop soon, possibly with ClojureScript for web dev included, dunno what to expect.
<davexunit>taylanub: I haven't used it.
<davexunit>I'm honestly not all that interested in compile-to-js languages.
<davexunit>I just use regular javascript with its warts.
<davexunit>that said, clojurescript is surely an improvement.
<taylanub>ok :)
***michel_mno is now known as michel_mno_afk
***michel_mno_afk is now known as michel_mno
<davexunit>HN front page: https://news.ycombinator.com/item?id=10097198
<davexunit>that was weird. I posted that this morning
***michel_mno is now known as michel_mno_afk
<paroneayea>ACTION upboats
<davexunit>hoping there will be some discussion
<paroneayea>davexunit: totally understand both flying anxiety and the expense of going overseas reluctance, but if you have the opportunity to do it and esp if a Guile track happens, FOSDEM is totally worth it
<davexunit>sucks when something gets to the front page but no one comments.
<davexunit>paroneayea: I would really like to go.
<davexunit>I'll see what happens.
<daviid> davexunit: about HN, it's kind of holiday time worldwilde, and the title could be more provocative :) "Don't let evils hide nasties in your html strings, use sxml instead!"
<davexunit>hehe
<davexunit>well, it *is* just a page in the manual
<davexunit>not a tech blog article
<daviid>sure
<daviid>which is why nobody is getting involved in my opinion
<davexunit>but people like it enough to upvote a lot
<daviid>maybe a nasty upvoted haha
<mario-goulart>This one is related: http://www.more-magic.net/posts/structurally-fixing-injection-bugs.html
<davexunit>mario-goulart: I love that blog
<mario-goulart>yeah, it's very good
<davexunit>and I've read this post before
<davexunit>also very good
<davexunit>maybe paroneayea and I can get a sexp SQL thing going
<davexunit>so no more SQL injection :)
<mario-goulart>davexunit: maybe http://wiki.call-cc.org/egg/ssql can be used as base
<davexunit>yeah, something like that
<davexunit>we'd like target postgresql specifically
<davexunit>since each database uses its own language, even if things look similar
<mario-goulart>There's this one http://wiki.call-cc.org/eggref/4/ssql-postgresql which is postgresql-specific
<daviid>why not sql first, then specific module(s) for postgresql, so I could use it with sqlite3
<daviid>?
<davexunit>every sql implementation is quite different
<davexunit>I'm unsure if simple sexps are the best data structure to use
<davexunit>might be better off using record types
<davexunit>so you can more easily create composable procedures.
<daviid>davexunit: sql is very well defined, implementation may differ, but not the core of sql itself. you prob wantd to refer to extension(s), but that precisly should handled in modules, imo. chicken does that by the way, 'core sql' and postgresql extension
<daviid>i'd use sexp
<davexunit>well, for example, mysql and postgresql don't even agree on string literals.
<davexunit>so yes, perhaps there can be some generic base interface, but you'd still have to define pretty much everything for each languge.
<davexunit>for experimentation, I think focusing on a single database will prove easiest, and then the design can be evaluated and generalized.
<daviid> really don't think so. you mean the way to pass the string to the db will vary, sure but in moist cases, not the query itself, at least not for 90 maybe 95% of the cases
<davexunit>the syntax of string literals is different, postgresql is single quotes only, for example.
<daviid>ssql should not even have connectors imh, 'just' an ssql-sql engine
<daviid>no dsependency to any db in particyular
<davexunit>anyway, we're arguing about details of an implementation of something that doesn't even exist yet.
<daviid>davexunit: iirc, this is an option, pgsql will alsi properly handle double quotes