Re: [racket-dev] sandbox and file-/directory-existence tests
On Mon, Aug 19, 2013 at 4:34 PM, Matthew Flatt mfl...@cs.utah.edu wrote: Is there a situation where allowing an arbitrary file- or directory-existence test would be bad? This all depends on how paranoid we want to be. There are certainly situations when this will be bad -- it lets you determine who else has an account on a computer, for example. But there are contexts where having GC be observable is a security hole as well, so we have to pick a spot on the continuum. Sam _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] sandbox and file-/directory-existence tests
A few minutes ago, Sam Tobin-Hochstadt wrote: On Mon, Aug 19, 2013 at 4:34 PM, Matthew Flatt mfl...@cs.utah.edu wrote: Is there a situation where allowing an arbitrary file- or directory-existence test would be bad? This all depends on how paranoid we want to be. There are certainly situations when this will be bad -- it lets you determine who else has an account on a computer, for example. But there are contexts where having GC be observable is a security hole as well, so we have to pick a spot on the continuum. Getting some hacker-useful information from an observable GC time is much harder than doing so from FS existence tests. Two quick examples: * On a unix machine, check if there's a /tmp/shadow file -- if there isn't then you have a machine that is a potential gold mine for hackers. * On a windows machine you can use some network drive or a drive of some random device for a kind of a local DOS attack. (There's probably a lot of similar things that are much more sophisticated; probe attacks in general are very common now.) -- ((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay: http://barzilay.org/ Maze is Life! _ Racket Developers list: http://lists.racket-lang.org/dev
[racket-dev] Revising Racket's home page
Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ Some things to try out out: clicking the right and left arrows, clicking the ? box, visiting the RacketCon page. The new page addresses a few problems that I see with our current page: 1. It works well on small devices, which our current page doesn't. Try it out on a phone or a tablet. 2. It reduces the size of the top header, which will lighten the burden on the documentation pages, for example, or the pkg index if we add the header there. 3. It puts more info on the first page. This means that people are more likely to see information about how to contribute to Racket or approaches to learning programming using our tools. 4. The font size is larger, which I think makes it much more readable. Perhaps more controversially, I adapted some prose about Racket from Matthias' Racket is ... post, and added a tag line at the top. Lots of work is still needed if we want to use this as the basis for Racket's web page (it's written in raw HTML, other pages would need work, etc), but I hope that people like it enough to continue pursuing this. Sam _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] Revising Racket's home page
Fantastic! The non-code font shows up rasterized on my phone (iPhone 4s running iOS 5.1.1), while the code font looks fine. Both fonts look right on my mini-tablet (Nexus 7). At Mon, 19 Aug 2013 17:39:54 -0400, Sam Tobin-Hochstadt wrote: Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ Some things to try out out: clicking the right and left arrows, clicking the ? box, visiting the RacketCon page. The new page addresses a few problems that I see with our current page: 1. It works well on small devices, which our current page doesn't. Try it out on a phone or a tablet. 2. It reduces the size of the top header, which will lighten the burden on the documentation pages, for example, or the pkg index if we add the header there. 3. It puts more info on the first page. This means that people are more likely to see information about how to contribute to Racket or approaches to learning programming using our tools. 4. The font size is larger, which I think makes it much more readable. Perhaps more controversially, I adapted some prose about Racket from Matthias' Racket is ... post, and added a tag line at the top. Lots of work is still needed if we want to use this as the basis for Racket's web page (it's written in raw HTML, other pages would need work, etc), but I hope that people like it enough to continue pursuing this. Sam _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] Revising Racket's home page
On Mon, Aug 19, 2013 at 6:13 PM, Matthew Flatt mfl...@cs.utah.edu wrote: Fantastic! The non-code font shows up rasterized on my phone (iPhone 4s running iOS 5.1.1), while the code font looks fine. Both fonts look right on my mini-tablet (Nexus 7). That's very odd. Both fonts are loaded from Google fonts, so they should either both work or not. What do you see here: http://www.google.com/fonts/#QuickUsePlace:quickUse/Family: At Mon, 19 Aug 2013 17:39:54 -0400, Sam Tobin-Hochstadt wrote: Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ Some things to try out out: clicking the right and left arrows, clicking the ? box, visiting the RacketCon page. The new page addresses a few problems that I see with our current page: 1. It works well on small devices, which our current page doesn't. Try it out on a phone or a tablet. 2. It reduces the size of the top header, which will lighten the burden on the documentation pages, for example, or the pkg index if we add the header there. 3. It puts more info on the first page. This means that people are more likely to see information about how to contribute to Racket or approaches to learning programming using our tools. 4. The font size is larger, which I think makes it much more readable. Perhaps more controversially, I adapted some prose about Racket from Matthias' Racket is ... post, and added a tag line at the top. Lots of work is still needed if we want to use this as the basis for Racket's web page (it's written in raw HTML, other pages would need work, etc), but I hope that people like it enough to continue pursuing this. Sam _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] Revising Racket's home page
I get a Go to the Choose page to select fonts page. But reloading the draft Racket page (should have tried that in the first place) seems to have fixed the problem. At Mon, 19 Aug 2013 18:26:23 -0400, Sam Tobin-Hochstadt wrote: On Mon, Aug 19, 2013 at 6:13 PM, Matthew Flatt mfl...@cs.utah.edu wrote: Fantastic! The non-code font shows up rasterized on my phone (iPhone 4s running iOS 5.1.1), while the code font looks fine. Both fonts look right on my mini-tablet (Nexus 7). That's very odd. Both fonts are loaded from Google fonts, so they should either both work or not. What do you see here: http://www.google.com/fonts/#QuickUsePlace:quickUse/Family: At Mon, 19 Aug 2013 17:39:54 -0400, Sam Tobin-Hochstadt wrote: Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ Some things to try out out: clicking the right and left arrows, clicking the ? box, visiting the RacketCon page. The new page addresses a few problems that I see with our current page: 1. It works well on small devices, which our current page doesn't. Try it out on a phone or a tablet. 2. It reduces the size of the top header, which will lighten the burden on the documentation pages, for example, or the pkg index if we add the header there. 3. It puts more info on the first page. This means that people are more likely to see information about how to contribute to Racket or approaches to learning programming using our tools. 4. The font size is larger, which I think makes it much more readable. Perhaps more controversially, I adapted some prose about Racket from Matthias' Racket is ... post, and added a tag line at the top. Lots of work is still needed if we want to use this as the basis for Racket's web page (it's written in raw HTML, other pages would need work, etc), but I hope that people like it enough to continue pursuing this. Sam _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] Revising Racket's home page
On Mon, Aug 19, 2013 at 6:33 PM, Matthew Flatt mfl...@cs.utah.edu wrote: I get a Go to the Choose page to select fonts page. But reloading the draft Racket page (should have tried that in the first place) seems to have fixed the problem. Ok, great. I think there are more sophisticated things I can do to make that less likely, but I won't worry for now. Sam At Mon, 19 Aug 2013 18:26:23 -0400, Sam Tobin-Hochstadt wrote: On Mon, Aug 19, 2013 at 6:13 PM, Matthew Flatt mfl...@cs.utah.edu wrote: Fantastic! The non-code font shows up rasterized on my phone (iPhone 4s running iOS 5.1.1), while the code font looks fine. Both fonts look right on my mini-tablet (Nexus 7). That's very odd. Both fonts are loaded from Google fonts, so they should either both work or not. What do you see here: http://www.google.com/fonts/#QuickUsePlace:quickUse/Family: At Mon, 19 Aug 2013 17:39:54 -0400, Sam Tobin-Hochstadt wrote: Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ Some things to try out out: clicking the right and left arrows, clicking the ? box, visiting the RacketCon page. The new page addresses a few problems that I see with our current page: 1. It works well on small devices, which our current page doesn't. Try it out on a phone or a tablet. 2. It reduces the size of the top header, which will lighten the burden on the documentation pages, for example, or the pkg index if we add the header there. 3. It puts more info on the first page. This means that people are more likely to see information about how to contribute to Racket or approaches to learning programming using our tools. 4. The font size is larger, which I think makes it much more readable. Perhaps more controversially, I adapted some prose about Racket from Matthias' Racket is ... post, and added a tag line at the top. Lots of work is still needed if we want to use this as the basis for Racket's web page (it's written in raw HTML, other pages would need work, etc), but I hope that people like it enough to continue pursuing this. Sam _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] Revising Racket's home page
Some quick observations. on Chromium Version 23.0.1271.97 Ubuntu 12.04 (23.0.1271.97-0ubuntu0.12.04.1): - broken links: download, research - only 2 examples? :) how come some got cut? - web scraper example is cut off when clicking ? Maybe make the overlay window variable width? on mobile (android 4.1.2, default browser): - topright menu has very dark background when opened, so links are not very visible On Mon, Aug 19, 2013 at 5:39 PM, Sam Tobin-Hochstadt sa...@cs.indiana.edu wrote: Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ Some things to try out out: clicking the right and left arrows, clicking the ? box, visiting the RacketCon page. The new page addresses a few problems that I see with our current page: 1. It works well on small devices, which our current page doesn't. Try it out on a phone or a tablet. 2. It reduces the size of the top header, which will lighten the burden on the documentation pages, for example, or the pkg index if we add the header there. 3. It puts more info on the first page. This means that people are more likely to see information about how to contribute to Racket or approaches to learning programming using our tools. 4. The font size is larger, which I think makes it much more readable. Perhaps more controversially, I adapted some prose about Racket from Matthias' Racket is ... post, and added a tag line at the top. Lots of work is still needed if we want to use this as the basis for Racket's web page (it's written in raw HTML, other pages would need work, etc), but I hope that people like it enough to continue pursuing this. Sam _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] Revising Racket's home page
On Mon, Aug 19, 2013 at 5:39 PM, Sam Tobin-Hochstadt sa...@cs.indiana.edu wrote: Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ The source for the page is now here: https://github.com/samth/new-racket-web if you're interested. Sam _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] sandbox and file-/directory-existence tests
Thanks! Instead of changing 'exists permissions, I think I found the right approach to moving the computation so that it doesn't interact with the sandboxes. At Mon, 19 Aug 2013 16:49:28 -0400, Eli Barzilay wrote: A few minutes ago, Sam Tobin-Hochstadt wrote: On Mon, Aug 19, 2013 at 4:34 PM, Matthew Flatt mfl...@cs.utah.edu wrote: Is there a situation where allowing an arbitrary file- or directory-existence test would be bad? This all depends on how paranoid we want to be. There are certainly situations when this will be bad -- it lets you determine who else has an account on a computer, for example. But there are contexts where having GC be observable is a security hole as well, so we have to pick a spot on the continuum. Getting some hacker-useful information from an observable GC time is much harder than doing so from FS existence tests. Two quick examples: * On a unix machine, check if there's a /tmp/shadow file -- if there isn't then you have a machine that is a potential gold mine for hackers. * On a windows machine you can use some network drive or a drive of some random device for a kind of a local DOS attack. (There's probably a lot of similar things that are much more sophisticated; probe attacks in general are very common now.) -- ((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay: http://barzilay.org/ Maze is Life! _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] Revising Racket's home page
This looks fantastic! Thanks! Robby On Mon, Aug 19, 2013 at 4:39 PM, Sam Tobin-Hochstadt sa...@cs.indiana.eduwrote: Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ Some things to try out out: clicking the right and left arrows, clicking the ? box, visiting the RacketCon page. The new page addresses a few problems that I see with our current page: 1. It works well on small devices, which our current page doesn't. Try it out on a phone or a tablet. 2. It reduces the size of the top header, which will lighten the burden on the documentation pages, for example, or the pkg index if we add the header there. 3. It puts more info on the first page. This means that people are more likely to see information about how to contribute to Racket or approaches to learning programming using our tools. 4. The font size is larger, which I think makes it much more readable. Perhaps more controversially, I adapted some prose about Racket from Matthias' Racket is ... post, and added a tag line at the top. Lots of work is still needed if we want to use this as the basis for Racket's web page (it's written in raw HTML, other pages would need work, etc), but I hope that people like it enough to continue pursuing this. Sam _ Racket Developers list: http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] Revising Racket's home page
On Mon, Aug 19, 2013 at 05:39:54PM -0400, Sam Tobin-Hochstadt wrote: Recently I (with assistance from Asumu) have spent some time drafting a revised home page for Racket. A revised web page will nicely complement the big upcoming release, I hope. You can see the draft here, which is ready for people to try out: http://homes.soic.indiana.edu/samth/new-web/ I think the header should include Racket, probably to the right of the logo. 1. It works well on small devices, which our current page doesn't. Try it out on a phone or a tablet. I tried it on an iPhone running an oldish iOS (5.1.1 it seems). The text size is more readable, but the organization/layout needs work. For example, after the top header I see headings and sections in the following order (note the News heading): Racket: A programmable programming language Racket is a wide-spectrum ... Start Quickly News (sample program) Racket version 5.3.5 has been released. Racket videos are now available. ... The subsequent headings/sections seem ordered ok, but the sections themselves could be more clearly set apart from each other. Also, the book cover images take up a lot of screen space (full width of the page) on the phone. David _ Racket Developers list: http://lists.racket-lang.org/dev
