<rain1>maybe this could be considered a bug though <rain1>a safe reader would be a very reasonable thing to have <manumanumanu>but is there any reason for that other than "it might not be correct and may allow for remote code execution" or is it inherently unsafe? <manumanumanu>there was a json parser on reddit that used read and it looked very simple :) <manumanumanu>even though it used lots and lots of substring and string-append <rain1>i guess the folklore is 'anything involving parsing in C is insecure' <rain1>Seems like 'read' is unsafe against arbitrary code execution <rain1>via srfi-10 and segfault or consume the whole memory on invalid <rain1>: <paroneayea> but #e10e10000, srfi-10, and #. are all worrying possible attacks <rain1>: against using vanilla read for much data heading over the wire <rain1>: that you don't control [17:15] <rain1>: <wingo> i think there is another attack, which is (((((((((((((((((((((((((( <rain1>to have an actually safe read it would need to have limits on various things <rain1>like size of integers read, (-depth <rain1>and no extensions that involve evaluating input <jlicht>I am getting some messages from guile about "failed to create path for auto-compiled file", both when running my scripts via `guile' awa in a geiser repl :/ <jlicht>is the only "solution" to disable auto-compilation? <amz3>jlicht: did you check the permissions on the directory that the error occur on? <amz3>maybe sudo has messed things up <spk121>I'm back, trying to make Guile MinGW work. I've passed from the "Yeah! guile.exe compiles" to the "Oh. Oh no." stage. <daviid>spk121: iirc, there has been effort on this, eli I think, ..., and iirc again, there is a guile.exec somewhere ... not sure ... but if, it does not work with threads <daviid>my dream is we would have guile and guile-gnome on replicant <daviid>but with librem coming, this won't be a problem anymore ... I can't wait to have a librem phoe, and strat to work on app for it ... <daviid>as davexunit said, after him and christopher met with sussmman, nothing that does no run on mobile will survive ... we need guile on mobile, a lot more then on win imo ... <daviid>and on android/replicant it would have threads no? <spk121>daviid: I am old. I will leave the problems of the future to those willing to fight for it. For now, I just want to show off my Guile-based game to my buddies by getting a windows exe on a usb stick. ;-) <daviid>spk121: and your game does not use multi threads? <daviid>someone did try to compile 2.0.14 on android, I think, is it janneke ? <daviid>i think it was on a reolicant phone, there were about to have a presentation in fosdem (2 or 3y ago i think, then the rpes was canceled, the person couldn ont make it to fosdem iirc <janneke>spk121: it's a long time ago i worked on it, seem to remember that worked <spk121>daviid: no. GTK3 has a main loop. In the main loop, in a GTK idle callback, I run Guile function callbacks. <janneke>but it needed some (tricky?) path/directory setups <spk121>Guile 2.0 is on MinGW, and 2.2 is on MSYS2 and compiles on Cygwin. <daviid>spk121: i see. on linux you might be interested to read guile-a-sync2, which has a multi-threaded loop in guile, intergrated with the gtk one ... very interresting <daviid>I've used it to inotify while doing things in clutter <daviid>janneke: did you loose interest in having gule on andrdoid/replicant? <janneke>daviid: that's putting a bit harsh, i changed my priorities <janneke>i have been working very hard to have have guile (and lilypond) available on non-free platforms <janneke>my attention shifted to making fully free platforms better <daviid>janneke: didn't meean to be harsh :) <daviid>janneke: yep! i thought you worked on replicant <janneke>it's all a balance, i'm sure bringing free software to nonfree platforms helps the free software cause <daviid>janneke: but i was very interested at the time, almost been to fosdem just to hear your talk :) ***Labmik is now known as Labu
***hydraz_ is now known as hydraz
<jlicht>amz3: It turned out to be that my `/home/jelle/.cache/guile' was owned by root, probably due to some ill-conceived attempt at running something as a different user at some point in the past. Thanks for the pointer :-)