Re: Reducers

I would be indebted to you if you could point me in the direction of the reading material necessary to follow this discussion. I'm afraid I'm currently out of my depth, but very eager to understand. Sincerely, Christian Romney -- You received this message because you are subscribed to the Goo

Re: code as data vs. code injection vulnerability

> > On May 9, 2012, at 12:15 PM, Michael Gardner wrote: > > > I've never understood why anyone would use prn/read for data transfer, > > other than extreme laziness. > When I encounter the ancestor of XML in the mid 80s, SGML, it was used as a typesetting tool for laser printers, just before

Re: code as data vs. code injection vulnerability

On May 9, 2012, at 12:15 PM, Michael Gardner wrote: > I've never understood why anyone would use prn/read for data transfer, other > than extreme laziness. But extreme laziness is an excellent reason! Larry Wall called laziness "the first great virtue of a programmer." -Lee -- You received

Re: code as data vs. code injection vulnerability

>> This is the point! On one hand I need to evaluate data from a client >> on the other hand I'd like to filter out things like "rm -rf /", "drop >> table users" etc. To me it looks like a contradiction impossible to >> circumvent. So I ask if there's anything like "best practices" or even >> bette

Re: ...regarding Clojure's STM performance and scalability

Thanks all of you for your input... i was suspecting that i would get replies like these...they all basically come down to the same conclusion, that the functional style favours the STM abstraction and avoids some of its inherent bottlenecks... just one more thing though... what i omitted to

Re: The Kiln, an Evaulation Strategy for Insanely Complex Functions

Well, I’m not sure what you mean. It does nothing specific with the “data types” as such, so I would say, no, that isn’t it. On Monday, May 7, 2012 10:59:22 AM UTC-4, cperkins wrote: > > I like it. Kiln looks like it is automatically composing the request > handler based mostly on a descripti

Re: The Kiln, an Evaulation Strategy for Insanely Complex Functions

On Tuesday, May 8, 2012 11:18:42 AM UTC-4, Andrew wrote: > > Cool... Do you use kilns at Akamai, and to what extent? > > Another question: you set up coals and clays and eventually kilns are > fired. When you're setting up the coals and clays in code, you're telling > the system about dependenc

Re: ...regarding Clojure's STM performance and scalability

The important thing to remember is that most researchers/programmers are looking for a silver bullet for concurrency that will allow programmers to get semantically correct programs *without having to change the way they think or do things*. The idea is to take a typical imperative program and wit

Re: ...regarding Clojure's STM performance and scalability

One thing to consider here is, that when trying to implement general purpose STM for an imperative language, basically every assignment is a candidate for a write conflict, akin to a ref-set in clojure's STM. OTOH in idiomatic clojure there are no assignments, only lexical bindings, new versions of

Re: ...regarding Clojure's STM performance and scalability

> So clojure's STM does not fall under the "general purpose" category with > terrible preformance he was referring to? This is correct. Clojure has very few ways of modifying global state. 99% of your clojure code should be immutable. Immutable data does not need to be protected by a STM. In that

Re: ...regarding Clojure's STM performance and scalability

The exact paper is this (called "STM In the small"): http://www.google.co.uk/url?sa=t&rct=j&q=stm%20spectm&source=web&cd=3&sqi=2&ved=0CGEQFjAC&url=http%3A%2F%2Finfoscience.epfl.ch%2Frecord%2F174888%2Ffiles%2Feuro170-dragojevic.pdf&ei=BcGqT8vSJsHf8AOfwYjjBA&usg=AFQjCNEITMgowGA_QZHUrJTAqSnphild0w

Re: ...regarding Clojure's STM performance and scalability

Hi, if he was talking about the things, Joe Duffy describes on [1], those were way more general purpose. Clojure carefully combines several features, (i.e. immutable data, persistent datastructures, reference types) to allow the current implementation of STM. For example Clojure does not con

...regarding Clojure's STM performance and scalability

Hello all, I'm going to keep this as short as possible...basically this guy came today in Machester uni to talk to all postgrads about work he's done on STM implementations for Microsoft research. In a nutshell, and very general he highlighted the following: 1. general purpose STM systems th

Re: git dependencies in leiningen

On Wed, May 9, 2012 at 4:27 AM, Murtaza Husain wrote: > Does lein2 have a way to pull in dependencies from git ? > > Just checking any alternatives to https://github.com/tobyhede/lein-git-deps > in leiningen itself. I highly recommend using Leiningen's built-in Checkouts feature instead of this p

Re: code as data vs. code injection vulnerability

On May 9, 2012, at 11:01 AM, Rostislav Svoboda wrote: > This is the point! On one hand I need to evaluate data from a client > on the other hand I'd like to filter out things like "rm -rf /", "drop > table users" etc. To me it looks like a contradiction impossible to > circumvent. So I ask if ther

Re: code as data vs. code injection vulnerability

On Wed, May 9, 2012 at 5:01 PM, Rostislav Svoboda wrote: > On 9 May 2012 17:31, Tassilo Horn wrote: >> you should bind *read-eval* to false when reading data from unknown sources. > > This is the point! On one hand I need to evaluate data from a client > on the other hand I'd like to filter out t

Re: code as data vs. code injection vulnerability

On 9 May 2012 17:31, Tassilo Horn wrote: > you should bind *read-eval* to false when reading data from unknown sources. This is the point! On one hand I need to evaluate data from a client on the other hand I'd like to filter out things like "rm -rf /", "drop table users" etc. To me it looks like

Re: Accessing collections from Datomic datalog queries

> I've seen hinted (and I'm pretty sure I've seen examples, but I can't > remember where) that Datomic can incorporate data from regular Clojure > collections. Is there some doc for this or an example? > > Thanks in advance Hi Mark, I have moved this to the Datomic group and answered it the

Re: code as data vs. code injection vulnerability

Rostislav Svoboda writes: > Many people just copy-paste code snippets to their source files/repl > withouth really knowing if they are safe or not safe. > > IMO it might help to rename the *read-eval* to something like > *read-eval-ACHTUNG-danger*. For me - as a newbie - it's a better > proplem i

Re: code as data vs. code injection vulnerability

Rostislav Svoboda writes: >> Simply don't `eval` code/data from sources you don't trust. > > In a client-server architecture the thing I (i.e. the server) don't > trust is the client... and I'm not sure if I can ignore him just like > that :) Not evaluating everything a client sends you doesn't

Re: code as data vs. code injection vulnerability

On 9 May 2012 15:57, Walter Tetzner wrote: > I feel like *read-eval* should default to false, and you should have to > explicitly bind it to true. Either that, or there should be 'safe' versions > of Many people just copy-paste code snippets to their source files/repl withouth really knowing if t

Re: code as data vs. code injection vulnerability

On 9 May 2012 15:35, Tassilo Horn wrote: > Simply don't `eval` code/data from sources you don't trust. In a client-server architecture the thing I (i.e. the server) don't trust is the client... and I'm not sure if I can ignore him just like that :) Bost -- You received this message because you

Re: code as data vs. code injection vulnerability

On May 9, 2012 10:02 AM, "Walter Tetzner" wrote: > I feel like `*read-eval*' should default to false, and you should have > to explicitly bind it to true. Yes, but with 'load' binding it to true. You are evalling anyway, and else it would be quite difficult to use just when you need it. -- Step

Re: code as data vs. code injection vulnerability

Walter Tetzner writes: > On Wednesday, May 9, 2012 9:35:57 AM UTC-4, Tassilo Horn wrote: > >> I don't think code-as-data contributes to code injection >> vulnerability, neither positively nor negatively. Simply don't >> `eval` code/data from sources you don't trust. > > I think it does contribut

Re: code as data vs. code injection vulnerability

On Wednesday, May 9, 2012 9:35:57 AM UTC-4, Tassilo Horn wrote: I don't think code-as-data contributes to code injection vulnerability, neither positively nor negatively. Simply don't `eval` code/data from sources you don't trust. I think it does contribute through the reader. If y

Re: code as data vs. code injection vulnerability

On Wednesday, May 9, 2012 9:35:57 AM UTC-4, Tassilo Horn wrote: > I don't think code-as-data contributes to code injection vulnerability, > neither positively nor negatively. Simply don't `eval` code/data from > sources you don't trust. > I think it does contribute through the reader. If you

Re: Reducers

On Wed, May 9, 2012 at 1:00 PM, Rich Hickey wrote: > This analogy is not quite right. > >> (fn [n] (vector n (+ n 1)) > > is not a reducing fn. Tt is a cons cell builder, and the Church encoding > builds lists. > It is because I did not write it in the right way. Sorry about that. It can be made

Clojurescript One getting started problem

I'm trying to work through the Clojurescript One "Getting Started" wiki page example found here: https://github.com/brentonashworth/one/wiki/Getting-started, but after running "lein repl" and entering (go), I get the Clojurescript One pages fine, including the development page, but then I lose th

Clojure smugmug.com api 1.2.2

Hola, Like clojure, smugmug, and uploading your photos using clojure? Try a new wrapper for smugmug.com: https://github.com/halfaleague/trickyhappyface Thanks, Luke -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to

Re: how to get good at clojure?

This is the ticket. You can read all the books you want (and they do help), but working through 4clojure (and observing the solutions by others) will teach you more and better than anything else you can do. On Tue, May 8, 2012 at 4:08 PM, Bill Caputo wrote: > On May 7, 2012, at 7:48 PM, toan wro

Re: code as data vs. code injection vulnerability

Rostislav Svoboda writes: > I think the topic 'code injection vulnerability' is never out of date > especially if you treat data as a code. Unfortunately googling for - > clojure code injection vulnerability - returns 'nil'. > > Any ideas? Comments? Opinions? I don't think code-as-data contribu

Re: code as data vs. code injection vulnerability

On Wed, May 9, 2012 at 6:01 PM, Rostislav Svoboda wrote: > I think the topic 'code injection vulnerability' is never out of date > especially if you treat data as a code. > Unfortunately googling for - clojure code injection vulnerability - > returns 'nil'. > > Any ideas? Comments? Opinions? The

code as data vs. code injection vulnerability

I think the topic 'code injection vulnerability' is never out of date especially if you treat data as a code. Unfortunately googling for - clojure code injection vulnerability - returns 'nil'. Any ideas? Comments? Opinions? Bost -- You received this message because you are subscribed to the Goo

Re: Reducers

This analogy is not quite right. > (fn [n] (vector n (+ n 1)) is not a reducing fn. Tt is a cons cell builder, and the Church encoding builds lists. The point of this library is to define map/filter etc *without* using lists/streams - not as input, not as output, not producing links/thunks etc

Re: clojure-hadoop

Hi, A little digging led me to clojure-hadoop.filesystem which had most of the context info I was interested in. Sunil. On Wed, May 9, 2012 at 2:02 PM, Sunil S Nandihalli < sunil.nandiha...@gmail.com> wrote: > Hi Everybody, > I have been using clojure-hadoop with out knowing all the nitty-gritti

Re: A few questions about clojurescript & lein-cljsbuild

Thanks guys, I opened an issueand I found a pretty good explanation about putting scripts inside the body . Good work with Clojurescript as well, it's really cool.

git dependencies in leiningen

Hi, Does lein2 have a way to pull in dependencies from git ? Just checking any alternatives to https://github.com/tobyhede/lein-git-depsin leiningen itself. Thanks, Murtaza -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group,

Re: Odd termination behaviour of a program that uses pmap

Does this mean we need to call (shutdown-agents) whenever we use futures (internally or explicitly)? I've never had any problems with clojure.java.shell/sh or pmap, albeit i've not used them extensively... Jim On 09/05/12 12:16, Muharem Hrnjadovic wrote: Thank you very much indeed! On 05/08

Re: Odd termination behaviour of a program that uses pmap

Thank you very much indeed! On 05/08/2012 11:14 PM, Andy Fingerhut wrote: > I've added some discussion about this behavior in an example for > clojure.core/future on ClojureDocs.org here: > > http://clojuredocs.org/clojure_core/clojure.core/future > > Since people often come across this behavio

Re: Reducers

It looks very good. Just a few side-notes: - this representation is quite well known, as it is the Church encoding of list, often used in System F, for example. It corresponds to stating the definition of sequences as the initial algebra of F A = 1 + Any x A. - you can play a dual trick for S

Re: Reducers

On Wed, May 9, 2012 at 4:26 PM, Christian Romney wrote: > Am I mistaken or is fork/join Java 7? Anyone have this running on OS X yet? > If so with the Oracle preview or Open JDK? Yes, it's a part of Java 7, but there is also a reference implementation of the spec (jsr166y) available as a standal

Reducers

All I can say is, wow! I do have some questions, though. Am I mistaken or is fork/join Java 7? Anyone have this running on OS X yet? If so with the Oracle preview or Open JDK? Also, core map and friends are lazy, reducer map and friends inherently parallel. We also have pmap/preduce. Can someo