Re: A problem about position of function used by binding

[guid]

James, thank you very much 

Yes, I can fix it by using ^:dynamic or using #'test1 in test4, but I want 
to know what happened when I call test4.

>so it'll optimise out the var for performance.
if you mean it will not check bounding list when I call test1 within test4

Does any document or book can help me to understand it ?

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: A problem about position of function used by binding

[James Reeves]

When you define test4 in your first example, the compiler doesn't know that
test1 is dynamic, so it'll optimise out the var for performance.

To fix it, ensure that the var is declared as dynamic:

  (declare ^:dynamic test1)

- James

On 7 February 2017 at 03:26, guid  wrote:

> hello everyone
>
> I have a problem about binding function in clojure1.8.
> when I changed position of function which call a bound function I got
> different result.
>
> If I define test4 (call test1 within it) before test1, binding would not
> work
>
> (declare test1)
>
> (defn test2 [](prn "test2"))
>
>
> (defn test4 [] (test1))
>
>
> (defn ^:dynamic test1 [] (prn "dynamic test1"))
>
>
> (defn testB []
>   (binding [test1 test2]
> (test1)
> (test4)
> ))
>
>
> when I call (testB) result is
>
> "test2"
> "dynamic test1"
>
>
> But if I change postion of (defn test4 xxx) and (defn ^:dynamic test1 ), 
> binding will work well.
>
>
> (declare test1)
>
> (defn test2 [](prn "test2"))
>
>
> (defn ^:dynamic test1 [] (prn "dynamic test1"))
>
>
> (defn test4 [] (test1))
>
>
> (defn testB []
>
>   (binding [test1 test2]
> (test1)
> (test4)
> ))
>
>
> result is
>
> "test2"
> "test2"
>
>
> Any way, with-bindings is the same as binding, but why ?
>
>
> 
>
> any help would be appreciated
>
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clojure@googlegroups.com
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> clojure+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
> ---
> You received this message because you are subscribed to the Google Groups
> "Clojure" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to clojure+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

A problem about position of function used by binding

[guid]

hello everyone

I have a problem about binding function in clojure1.8. 
when I changed position of function which call a bound function I got 
different result.

If I define test4 (call test1 within it) before test1, binding would not 
work

(declare test1)

(defn test2 [](prn "test2"))


(defn test4 [] (test1))


(defn ^:dynamic test1 [] (prn "dynamic test1"))


(defn testB []
  (binding [test1 test2]
(test1)
(test4)
))


when I call (testB) result is 

"test2"
"dynamic test1"


But if I change postion of (defn test4 xxx) and (defn ^:dynamic test1 ), 
binding will work well.


(declare test1)

(defn test2 [](prn "test2"))


(defn ^:dynamic test1 [] (prn "dynamic test1"))


(defn test4 [] (test1))


(defn testB []

  (binding [test1 test2]
(test1)
(test4)
))


result is 

"test2"
"test2"


Any way, with-bindings is the same as binding, but why ?




any help would be appreciated

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Good Clojure Projects for the Classroom?

[John Jacobsen]

I run a Clojure study group at work and we generally work 4Clojure problems 
if nobody has a topic they want to present on.

Today, however, we had a great time looking at some "open data" that's out 
there, specifically about the City of Chicago[1]. I challenged everyone to 
come up with one or more "questions" to ask the based on the data available 
and to find the answers using Clojure. We had a great time, beginners 
paired with more experienced developers.

There are many similar data sets. One nice thing about this sort of project 
is you can size it very small or large depending on the skill level and the 
time available. You'd want to introduce them to a few libraries, like 
clj-http for REST API calls and Cheshire for JSON parsing. Maybe even 
Incanter or similar for data analysis (rabbit hole warning).

Best of luck,
John J.

[1] https://data.cityofchicago.org/

On Monday, February 6, 2017 at 5:03:46 PM UTC-6, Eddie wrote:
>
> Recently I began teaching a college level course that uses Clojure. We 
> have made it through the lectures on the lisp syntax, the data types, 
> collections, and immutability. Now I would like to ask the students to 
> apply their new Clojure knowledge to a small project. (Something that could 
> be completed in about week if worked on for an hour a day). 
>
> Does anyone know of any good resources for such projects? Any ideas are 
> much appreciated!
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Good Clojure Projects for the Classroom?

[Nikita Beloglazov]

I taught similar course at a college. I gave exercises from 4clojure so 
that students can get used to writing clojure. Also I prepared few 
"home-made" 
problems: https://github.com/nbeloglazov/clojure-interactive-tasks. Though 
these are not projects that students do completely by themselves as they 
already have "ui" for problems and students have to only implement 
solution. But it might help to come up with your own ideas. 

Nikita

On Monday, February 6, 2017 at 3:03:46 PM UTC-8, Eddie wrote:
>
> Recently I began teaching a college level course that uses Clojure. We 
> have made it through the lectures on the lisp syntax, the data types, 
> collections, and immutability. Now I would like to ask the students to 
> apply their new Clojure knowledge to a small project. (Something that could 
> be completed in about week if worked on for an hour a day). 
>
> Does anyone know of any good resources for such projects? Any ideas are 
> much appreciated!
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: What’s next for Clojars in 2017?

[Daniel Compton]

Hi Alex

> How is your signing proposal different than the signing process already
available in Maven and in use in (for example) Maven Central repository
(and in use for Clojure itself and contrib releases)?

The mechanical part of GPG signing is likely to be exactly the same, it’s
the surrounding verification and distribution of keys that would be
improved. I’ve never published anything to Maven Central, but when Clojars
was verifying GPG signing, anyone who had a user’s Clojars credentials to
upload a JAR could change the authorised GPG key to their own. Without a
set of trusted GPG keys, signing JARs on upload and verifying signatures on
download doesn’t buy you very much security.

One option I am looking at is using The Update Framework (TUF) to help
manage these trust relationships. TUF is used by Docker and Pip.

The high level overview of TUF applied to Clojars would be:

   - There is a root (offline) key of trust managed by Clojars used for
   signing other keys
   - A publisher (library developer) has an offline master key and online
   keys for signing releases. When they deploy a new release, they sign their
   new JAR with an online key.
   - When a user downloads a JAR or metadata from Clojars, the tooling
   (e.g. leiningen), verifies a freshness timestamp signed by Clojars. This
   ensures that the view of the world being presented is current, *and
   protects against replay attacks.*
   - The first time a user downloads a JAR, leiningen would keep a record
   of the association between the signing key identity, and that artifact. Any
   future downloads of the same artifact would need to be signed by the same
   key. This is Trust on first use
   . Also, nothing would
   stop very security conscious users from preloading keys obtained directly
   from the developer, e.g. served over GitHub.
   - Even if an attacker gained a privileged position on Clojars
   infrastructure, they would have no way to sign JARs, so clients would
   detect a signing problem. *This protects against infrastructure
   compromise.*
   - The publisher’s online tagging keys can be rotated without disruption
   to users, but not the offline master key. If that was lost then they would
   need to communicate out of band to people what happened and which key to
   trust. *This enables protection against key compromise.*

See https://blog.docker.com/2015/08/content-trust-docker-1-8/ and
https://docs.docker.com/engine/security/trust/content_trust/ for a better
explanation than mine.

Thanks, Daniel.

On Tue, Feb 7, 2017 at 8:32 AM Chad Stovern  wrote:

Daniel and Toby,

I do DevOps-y things for a living and would be more than willing to help
with ansible stuff or potentially anything else.  Feel free to contact me
directly.

- Chad


On Thursday, February 2, 2017 at 1:47:00 PM UTC-6, Daniel Compton wrote:

Hi folks

In 2016, thanks to the generous sponsors on our Bountysource program and
open source contributors, Clojars was able to:

* Move our hosting from Linode to servers sponsored by Rackspace
* Define the server on Rackspace with Ansible so it is easy to rebuild
* Validate deploys are correct and complete
* Store JARs in Rackspace Cloudfiles for greater reliability
* Serve JARs from a Fastly CDN (sponsored). This takes the Clojars servers
completely out of the critical path of serving files, and should result in
Clojars being very highly available
* Switch from Yeller to Sentry for exception tracking
* Make many smaller improvements as well

As we look towards 2017, there are a number of issues on the Clojars issue
tracker, but most of them are of low priority. We're interested in feedback
from you the community as to where you see problems or room for
improvements to Clojars.

There is one major issue which I think has the potential to greatly improve
security in the Clojure community: JAR signing. Previously Clojars required
JAR signing to promote releases into a special repository. This only served
to confuse most people, not many people promoted their artifacts, and there
were minimal security benefits from signing the JARs, as people didn't have
a web of trust to validate that the GPG signatures actually chained to
people that they trusted.

Clojars is in a very privileged position in your infrastructure, as many of
you use it to directly download JARs to run on your production machines and
developer infrastructure. It would be great if there was an option for
security conscious organisations to be able to validate that all of the
JARs they are using came from developers that they trusted. It would also
be a goal that even if Clojars was compromised, clients would reject
malicious code that didn't come from their expected sources.

I feel that this would be useful for the Clojure (and wider JVM) ecosystem.
However doing this will require a fair amount of time and effort, and it's
only worth doing if people are interested and want a higher 

Good Clojure Projects for the Classroom?

[Eddie]

Recently I began teaching a college level course that uses Clojure. We have 
made it through the lectures on the lisp syntax, the data types, 
collections, and immutability. Now I would like to ask the students to 
apply their new Clojure knowledge to a small project. (Something that could 
be completed in about week if worked on for an hour a day). 

Does anyone know of any good resources for such projects? Any ideas are 
much appreciated!

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ANN] RAML parser - raml-clj-parser 0.1.0

[YangYang]

Hi all,
I have released a small library named raml-clj-parser 
, a library for building on 
SnakeYaml and Schema to parser RAML spec v0.8 
 
into clojure data structure.

The reason for building this library was that I found there's no 
clojure parser available for RAML, and which blocks me from creating a tool 
to generate tests from RAML spec. 
Hope it helps for those have the same requirement. 


Cheers
Yang

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: It's time for Google Summer of Code 2017!

[Dan Burton]

Note that when Haskell.org didn't make it into gsoc last year, they
successfully organized a similar program through private donations. While
one hopes that Clojure will be accepted into gsoc, consider having a
similar course of action as Plan B.

-- Dan Burton

On Thu, Feb 2, 2017 at 10:31 PM, Daniel Solano Gómez 
wrote:

> Hello, all,
>
> We now have less than a week to prepare our application for Google Summer
> of Code 2017 , a program where
> Google pays students from around the world to work on open source
> projects.  Clojure has successfully participated 2012–2015, and we would
> love to return for a fifth time.  As a community, we have benefitted
> significantly over the years with amazing work on projects like Clojure in
> Clojure, ClojureScript, Clojure on Android, Incanter, and more.  And it's
> not just the projects that have benefitted, many of Clojure/GSoC alumns
> continue to contribute to the community and are often speakers at
> conferences.
>
> In order to participate again this year, we need your help; we need project
> ideas .  A great project
> ideas page is a key part in having a successful application, and having
> many members from within the community participate as potential mentors
> would really boost our application.  At this point, you are not committing
> to anything, we just need some great ideas.
>
> This year, we are trying something new: We are hosting our project ideas
> on GitHub
> 
> and you can submit your idea just using a few lines of Markdown in a pull
> request.  If you'd rather not do that, you can post to the mailing list
> with [GSoC Idea] in the subject and we'll add it for you.  Also, you can
> submit ideas in the #gsoc channel in the Clojurians slack.
>
>
> You can also help review our application
>  and profile
>  pages, and we would appreciate any
> input
>
> Finally, a big thanks to all of the administrators and volunteers who have
> helped Clojure's GSoC in years past.
>
> Thank you very much for your time and idea.
>
> Sincerely,
>
> Daniel
>
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clojure@googlegroups.com
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> clojure+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
> ---
> You received this message because you are subscribed to the Google Groups
> "Clojure" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to clojure+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: What’s next for Clojars in 2017?

[Chad Stovern]

Daniel and Toby,

I do DevOps-y things for a living and would be more than willing to help 
with ansible stuff or potentially anything else.  Feel free to contact me 
directly.

- Chad

On Thursday, February 2, 2017 at 1:47:00 PM UTC-6, Daniel Compton wrote:
>
> Hi folks
>
> In 2016, thanks to the generous sponsors on our Bountysource program and 
> open source contributors, Clojars was able to:
>
> * Move our hosting from Linode to servers sponsored by Rackspace
> * Define the server on Rackspace with Ansible so it is easy to rebuild
> * Validate deploys are correct and complete
> * Store JARs in Rackspace Cloudfiles for greater reliability
> * Serve JARs from a Fastly CDN (sponsored). This takes the Clojars servers 
> completely out of the critical path of serving files, and should result in 
> Clojars being very highly available
> * Switch from Yeller to Sentry for exception tracking
> * Make many smaller improvements as well
>
> As we look towards 2017, there are a number of issues on the Clojars issue 
> tracker, but most of them are of low priority. We're interested in feedback 
> from you the community as to where you see problems or room for 
> improvements to Clojars.
>
> There is one major issue which I think has the potential to greatly 
> improve security in the Clojure community: JAR signing. Previously Clojars 
> required JAR signing to promote releases into a special repository. This 
> only served to confuse most people, not many people promoted their 
> artifacts, and there were minimal security benefits from signing the JARs, 
> as people didn't have a web of trust to validate that the GPG signatures 
> actually chained to people that they trusted.
>
> Clojars is in a very privileged position in your infrastructure, as many 
> of you use it to directly download JARs to run on your production machines 
> and developer infrastructure. It would be great if there was an option for 
> security conscious organisations to be able to validate that all of the 
> JARs they are using came from developers that they trusted. It would also 
> be a goal that even if Clojars was compromised, clients would reject 
> malicious code that didn't come from their expected sources.
>
> I feel that this would be useful for the Clojure (and wider JVM) 
> ecosystem. However doing this will require a fair amount of time and 
> effort, and it's only worth doing if people are interested and want a 
> higher security option available to them. If you are interested, I 
> encourage you to contribute to 
> https://github.com/clojars/clojars-web/issues/562,  
> https://github.com/clojars/clojars-web/issues/560, or this thread to 
> share your perspective, requirements, and threat models that you think we 
> should be working with.
>
> We're also interested in hearing what else you think is valuable for 
> Clojars to focus on in 2017. Please reply on this thread with your thoughts.
>
> Thanks, Toby and Daniel.
> -- 
>
> Daniel
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.