<ijp>paroneayea: gensym allows you to prevent from introducing new bindings which shadow existing bindings, it does not prevent you from someone else shadowing bindings you depend on <ijp>imagine (let-syntax ((if (syntax-blah (if cond then else) (list cond then else)))) (cond ((even? n) 3) (else 4))) => (list (even? n) 3 4) ; BAD! ***Korhoset is now known as Bobbejaantje
<ArneBab_>nalaginrut: I did not quite find a solution, but I did find a workaround <ArneBab_>nalaginrut: no, it’s accepting a non-fitting second argument and then reshaping the arguments following the structure <ArneBab_>nalaginrut: it’s not as safe as I’d like it to be, but it works pretty well <ArneBab_> When the hurlyburly's done, (we ,(+ 1 2)) ; inline-code is allowed! <ArneBab_> When the ,(color 'red) battle's ,(color #f) <ArneBab_> . lost and won. ; ,(read-char) ; and executed when the word is shown <ArneBab_>nalaginrut: the checking is done in a function call then (I record in a variable which second arguments are registered) <nalaginrut>but I do think it's possibly to implement (=> failed!) alike feature to rollback to skip the matching point and match the next pattern, you may take a look at (ice-9 match) <ArneBab_>nalaginrut: I don’t think that skipping to the next pattern would actually help me, since I need to define the patterns as I go along <ArneBab_>nalaginrut: it’s a syntax-case macro which writes syntax-case macros to introduce characters :) <ArneBab_>nalaginrut: the core trick is the macro-guard (not (eq? 'macro (syntax-local-binding (syntax name)))) <nalaginrut>but I think you could implement similar feature for syntax-case <ArneBab_>nalaginrut: it uses a continuation… I did not know that these are available for macros… <nalaginrut>maybe it's the time to invent macro-continuation ;-D <nalaginrut>but seriously, I think it's unnecessary to store environment as continuation does, if it's handled in a reader especially written in C, maybe simply GOTO is enough, just guessing <ArneBab_>for me it would have been useful to keep around previous versions of the macro. <ArneBab_>nalaginrut: but I now have an implementation which works pretty well <ArneBab_>finally a way to write a theater script exactly like a theater script and then execute it <nalaginrut>do you mean to generate some code first then execute it? <ArneBab_>nalaginrut: I mean, I want it to be actual code <ArneBab_>nalaginrut: if I say ,(read-char) in a line there, that is executed when the word is displayed <ArneBab_>so it can be used for timed events (like changing the color, or changing a picture) <ArneBab_>It’s much closer to the holy grail of writing text-RPGs then I ever was before :) <ArneBab_>a text-RPG is text-based role-playing-game - essentially a MUD without the multi-user part :) <ArneBab_>like the old computer-RPGs, but using only text <nalaginrut>oh, really sweet, I'd like to implement a better MUD with Artanis when the server core is stable. I once wrote one with inner server, but finally found the server is more for web, not a generic one <jmd>ArneBab_: There is no reason why a text based program cannot also be multi-user. <ArneBab_>jmd: that’s true, but it’s not what most text-RPGs did (they mostly presented a story you could take part in). If it’s multi-user, it quickly gets close to a MUD/MUSH <jmd>I never saw the point of computer based mult-user games. <nalaginrut>I've tried two patches for Nash to help it compiled successfully, I hope Atsuro see it ASAP <nalaginrut>hope I can understand his mind and code ASAP too <jmd>In general, what should one use to compare an opaque type? <wingo>what comparison do you want? <jmd>Well since the type is opaque, I thought that equal? would be the only safe one. <ecraven>do you want equivalence or identity? <jmd>I'm iterating through a list of lists, and mutating them using list-set! When I've finished, I find that all the lists have the value of the most recent one I set. Is that to be expected? <nalaginrut>if you don't paste the simplified code, I guess it's because something is wrong when you get index of the list <howarth>are there any instructions available on how to convert the guile test cases into stand-alone ones that can be run in a debugger? <howarth>On darwin, we have seen failures in... <howarth>FAIL: srfi-18.test: thread-terminate!: termination destroys non-started thread <howarth>FAIL: srfi-18.test: thread-terminate!: termination destroys started thread <howarth>since Apple defaulted clang to emit thread-local-storage support back in OS X 10.9 with Xcode 5 <howarth>I've opened a radar for Apple to look at this issue but the offending guile test case is buried in the test suite harness <howarth>and doesn't appear available to be run as a standalone test case preventing debugging in lldb or gdb <paroneayea>fix in guile, but tl;dr you should use sockets instead of localhost+port <void-pointer>Always wondered about the wisdom of assuming localhost was safe, but never knew of any actual attacks <void-pointer>Hmm, that same vulnerability would affect most common lisp implementations run the same way <paroneay`>void-pointer: I was just looking at hooking up slime to swank yesterday <paroneay`>and I was like "argh, I think it has this same problem" <void-pointer>Just confirmed, it looks like the default for slime is to do networking rather than sockets <void-pointer>Perhaps make an issue in their source repository on github <void-pointer>And really really rusty on what beginner CL I used to know <void-pointer>Figure the slime developers know the answer, hence the importance of letting them know right away <paroneayea>I wonder if I should email them privately, though i feel like if you and I both made the connection that this affects slime too <void-pointer>The exploit is public knowledge to anyone following guile <void-pointer>So anybody and their sibling who sees it would know that slime could be vulnerable as well <void-pointer>Emailing them privately does have the advantage that the developers might know a day or two before anyone else <void-pointer>You are the one who noticed it and fixed it in guile, right? If so, you definitely should be the one to contact them. Otherwise, I guess anybody here could do it really <void-pointer>Figured I would ask because pseudonyms on here and everything <void-pointer>Hopefully that will get it fixed soon, at least for people using some common lisp implementations <void-pointer>Looking at the first line of the output. That was last may. Probably not changed <void-pointer>paroneayea: would you like to file the issue with cider, or would you rather I file it (e.g. you are burned out, etc.)? <void-pointer>Oh, dear, just realized. The problems never end. Jupyter/IPython have the same issue, especially with notebooks <void-pointer>And it doesn't use any authentication whatsoever by default <void-pointer>Jupyter/IPython can use TLS/SSL encryption, but it doesn't look like authentication at all <void-pointer>Affecting all development environments for several popular lisps, a development environment popular with the Python crowd, etc. <void-pointer>CUPS forces authentication in order to access it, regardless of what port or interface it is on <paroneayea>void-pointer: if you can forward it, that would be great <paroneayea>yeah I'm very swamped right now, so I appreciate it <void-pointer>There, hopefully that sinks in and if cider is vulnerable, it gets fixed <davexunit>we're talking about development servers, which are usually run on localhost with no authentication needed to ease local development <davexunit>I have many dev servers that run on localhost, and some cannot be replaced with ones that run on unix domain sockets <void-pointer>Right now, I am trying to figure out how to broach the topic with Jupyter/IPython. I mean, it is absurdedly more vulnerable since you interface it in your browser. It doesn't take DNS anything to pull that attack off. Just got to attack across tabs in the browser <davexunit>void-pointer: the browser won't allow that to happen, AFAIK. <davexunit>a server running on foo.com couldn't make an AJAX requent to localhost <davexunit>but I haven't tested these things, so there is certainly potential for me getting something wrong. <davexunit>here's an easy confirmation of what I was describing, though: <davexunit>open a js console in any browser tab for a non-localhost server <davexunit>screwed up the example code I was going to post ;) <davexunit>no longer have a simple one-line example, sorry! <jmd>(set-current-output-port port) (system "echo hello") doesn't send the text to port. <paroneayea><davexunit> a server running on foo.com couldn't make an AJAX requent to localhost <paroneayea>davexunit: that's exactly the attack done in the guile vulnerability we're describing, and the way it's done is via a dns rebinding attack <davexunit>paroneayea: yes, sorry, I meant in the context of the web browser under normal circumstances <void-pointer>Hmm, oh dear, I just found code of mine that has the same vulnerability <davexunit>void-pointer was describing a situation where he thought this could happen *without* dns rebinding <davexunit>but CORS policy stuff should take care of that hole :) <paroneayea>though, I think there are other things where an attack can happen <paroneayea>eg, we had to put in a warning to ActivityPub to not do requests to localhost on production instances <paroneayea>anything where the server (or sometimes even clients) does http requests in response to the contents of other http requests <void-pointer>Hmm, I need to contact my successors at my last job since they are running some of my code with the same issue, though at least that is done on a computer that is connected to only by remote shell and shouldn't run a web browser normally and the protocol doesn't really allow much to be done or gotten (change the read settings on a DAQ and possibly intercept its analog voltage data, but not execute any code) <paroneayea>void-pointer: it doesn't sound like that's very vulnerable then <paroneayea>void-pointer: but good that you're thinking it through :) <void-pointer>Just so glad the other server I developped for my current job is not vulnerable. That one, while it can't execute arbitrary code, could run the motors in an arbitrary fashion and do some real damage <paroneayea>void-pointer: working on cars? or machines of some kind? <void-pointer>Scientific research. Small motors being remotely controlled inside an experiment. <void-pointer>It is in a sense, small scale robotics, what is being done. But it is a means to an end, instead of being the primary goal <void-pointer>It requires pipes to communicate, and to bridge the remote gap, just use SSH to run it via a terminal <paroneayea>void-pointer: you might also enjoy that guile has a really cool ssh library with guile-ssh <void-pointer>I got more skilled in python, sockets, programming in general, etc. between the two programs/packages so went to something a bit better on the newer one <void-pointer>Standard languages are Fortran, C, C++, Python, Matlab, and IDL <void-pointer>And well, I am still new enough to scheme I would not be able to get it working so well <void-pointer>I do hope that scheme gets more used for scientific and mathematical work <void-pointer>Well, that, and as far as I can tell so far, it is kind of unwieldy to work with raw intXX, uintXX, singles, etc. <void-pointer>Though the latter doesnt have as good of a mitigation if one has to stay strictly within the scheme standard <void-pointer>And guile's built in support for large integers and rationals are useful <void-pointer>I am working on a guile package to implement some of the same major features that numpy provides python, though not going to outright emulate the API <void-pointer>Also, don't need to stick to the same design flaws that numpy has to keep around for backwards compatibility <void-pointer>Really glad that R6RS added a lot of useful things for this endeavor and guile has a lot of useful extensions that help <paroneayea>void-pointer: it's hard to do anything in strict r5rs ;) <void-pointer>R6RS fixes most of the issues in trying to make this package <void-pointer>Though, guile gives a few additional things which might help a lot <void-pointer>Could of course implement them the hard way with macros, but using builtin features is preferred <void-pointer>Hoping to get a fully functional equivalent to the numpy ndarray working along with slicing, nested indexing (got to support compound types), and doing some operations <davexunit>for a numpy-like thing, you'd want macros that can generate code that the compiler can optimize well <davexunit>like when working with 64-bit ints and floats it would be nice if the code generated was something that the compiler could apply unboxing optimizations to <void-pointer>Have a lot of underlying parts to get done before the surface level access can be worked on <void-pointer>But that is very important to being able to do any sort of math with them <davexunit>guile 2.1 is pretty damn fast at float math if you can get it to unbox things <wingo>ACTION found a miscompilation :/ <davexunit>at one point in time I switched from a pure scheme implementation of 4x4 matrix multiplication to using a C library that had the equivalent BLAS routine for it. <void-pointer>that is one of the reasons I primarily work in 2.1 instead of 2.0 <davexunit>with guile 2.1 I was able to reimplement it in scheme <davexunit>and it was *faster* because it also removed the FFI overhead. <void-pointer>My hope is to implement the whole thing in scheme first, except for possibly one tiny bit of C to expose two internal functions of Guile that are not accessible from scheme yet that would make object arrays a lot lot lot easier <davexunit>you should be able to do everything you need with typed bytevectors <void-pointer>Only tricky thing will be doing object arrays, or object fields in a compound type. Those are going to be hard. Luckily, guile provides a procedure to get the pointer for data. Just got to keep the GC happy then. Got two ways to do it. Both ugly. <void-pointer>Basically, in addition to the standard uint, int, float, complex types <void-pointer>Having a type that is essentially a pointer to another object <void-pointer>Especially when trying to work with HDF5 files which have such a concept <void-pointer>will not be protected from garbage collection unless something additional is done <void-pointer>Since the environment doesn't know that those bytes are a pointer to a variable <void-pointer>So, one way to do it is to keep a global table around of all things that are pointed to by such pointers and when the last one referring to it is set to something else, remove the item from the table so the GC can do its job <void-pointer>Doing it all in scheme for thousands of such objects, though it would work <void-pointer>Easier way is to, whenever those elements are changed or created, to just access scm_gc_protect_object or scm_gc_unprotect_object to adjust the reference counts directly <void-pointer>At present, those two functions are not exposed to scheme directly, so either some C would be needed to be able to call them or an FFI trick to call the running libguile (not sure if that would work OK, but if nothing went wrong with the loading, it would work) <void-pointer>Means any array having such types in them would require special care when operating on them <void-pointer>Numpy has the same problem. It is not hard to get it to segfault with such arrays if you do certain things they are not designed to detect <void-pointer>I'm considering trying to dig into Guile and make a patch that will expose them and see if I can get it incorporated. But, realistically, this is a very small use case and any non-careful use of it would lead to segfaults that would be non-trivial to debug (well, it is the same from C, but in scheme, such a bug is not expected at all) <void-pointer>That and it is in beta, so might not be good to add a feature in this release cycle for 2.2 <void-pointer>Beta isn't exactly the place to add a bunch of new features <void-pointer>But even if it was there, I would still have to rely on something else for guile 2.0 <amz3`>thx paroneayea for the bug report it's useful :) <paroneayea>amz3`: yup! thanks to mark_weaver for fixing it and civodul for getting it out there :) <void-pointer>Time to call it a night. It is 1 AM and I have to get up at 6 AM. Enough scheme and poor thinking for one night (by poor thinking, let's just say I was chewed out a bit for good reason over how I raised the security issue with Jupyter that is also somewhat affected (they have been pushing strongly to move users over a feature which mitigates it, and will now push even harder)) <wingo>i narrowed down my miscompilation <guile-guest3>hello all. I've recently learned about guile, and I love it. I've been using gnu/Linux since 2002, so I am very surprised I have never learned of it before now. I would very much like to learn more about it (and scheme). Are there any other resources other than what is listed on the "learn" page of the website? <OrangeShark>guile-guest3: I think they list many of the major ones for scheme. There is some links to websites with further information like schemers.org which link books and other things. <wingo>y ppl applying patches to stable-2.0 and not master ***cmatei_ is now known as cmatei