Re: [Haskell-cafe] [Security] Put haskell.org on https
+1 Pedro On Sun, Oct 28, 2012 at 12:20 AM, Niklas Hambüchen m...@nh2.me wrote: (I have mentioned this several times on #haskell, but nothing has happened so far.) Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc trac) allow unencrypted http connections only? This means that everyone in the same Wifi can potentially - read you passwords for all of these services - abuse your hackage account and override arbitrary packages (especially since hackage allows everybody to override everything) I propose we get an SSL certificate for haskell.org. I also offer to donate that SSL certificate (or directly create it using my Startcom account). Niklas ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Auto-termination and leftovers in Conduits
Cool! Thanks so much! --Myles On Sat, Oct 27, 2012 at 8:35 PM, Michael Snoyman mich...@snoyman.com wrote: The important issue here is that, when using =$, $=, and =$=, leftovers will discarded. To see this more clearly, realize that the first line of sink is equivalent to: out1 - C.injectLeftovers CT.lines C.+ CL.head So any leftovers from lines are lost once you move past that line. In order to get this to work, stick the consume inside the same composition: sink = C.injectLeftovers CT.lines C.+ do out1 - CL.head out2 - CL.consume return (out1, T.unlines out2) Or: sink = CT.lines C.=$ do out1 - CL.head out2 - CL.consume return (out1, T.unlines out2) Michael On Sat, Oct 27, 2012 at 9:20 PM, Myles C. Maxfield myles.maxfi...@gmail.com wrote: Hey, Say I have a stream of Data.Text.Text objects flowing through a conduit, where the divisions between successive Data.Text.Text items occur at arbitrary boundaries (maybe the source is sourceFile $= decode utf8). I'd like to create a Sink that returns a tuple of (the first line, the rest of the input). My first attempt at this looks like this: sink = do out1 - CT.lines C.=$ CL.head out2 - CL.consume return (out1, T.concat out2) However, the following input provides: runIdentity $ CL.sourceList [abc\nde, f\nghi] C.$$ sink (Just abc,f\nghi) But what I really want is (Just abc, \ndef\nghi) I think this is due to the auto-termination you mention in [1]. My guess is that when CT.lines yields the first value, (CL.head then also yields it,) and execution is auto-terminated before CT.lines gets a chance to specify any leftovers. How can I write this sink? (I know I can just use CL.consume and T.break (== '\n'), but I'm not interested in that. I'm trying to figure out how to get the behavior I'm looking for with conduits.) Thanks, Myles [1] http://hackage.haskell.org/packages/archive/conduit/0.5.2.7/doc/html/Data-Conduit.html ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
At Sun, 28 Oct 2012 00:20:16 +0100, Niklas Hambüchen wrote: (I have mentioned this several times on #haskell, but nothing has happened so far.) Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc trac) allow unencrypted http connections only? This means that everyone in the same Wifi can potentially - read you passwords for all of these services - abuse your hackage account and override arbitrary packages (especially since hackage allows everybody to override everything) I propose we get an SSL certificate for haskell.org. I also offer to donate that SSL certificate (or directly create it using my Startcom account). Agreed, I can chip in - but I think a certificate is pretty cheap nowadays :). -- Francesco ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
2012/10/28 Francesco Mazzoli f...@mazzo.li: At Sun, 28 Oct 2012 00:20:16 +0100, Niklas Hambüchen wrote: (I have mentioned this several times on #haskell, but nothing has happened so far.) Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc trac) allow unencrypted http connections only? This means that everyone in the same Wifi can potentially - read you passwords for all of these services - abuse your hackage account and override arbitrary packages (especially since hackage allows everybody to override everything) I propose we get an SSL certificate for haskell.org. I also offer to donate that SSL certificate (or directly create it using my Startcom account). Agreed, I can chip in - but I think a certificate is pretty cheap nowadays :). Good idea, I completely support it. Major sites like Google, Github, BitBucket, etc. are https only nowadays. Petr Pudlak ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
I support this proposal too. More reasons to use HTTPS can be found at https://www.eff.org/https-everywhere/deploying-https On Sun, Oct 28, 2012 at 8:51 AM, Petr P petr@gmail.com wrote: 2012/10/28 Francesco Mazzoli f...@mazzo.li: At Sun, 28 Oct 2012 00:20:16 +0100, Niklas Hambüchen wrote: (I have mentioned this several times on #haskell, but nothing has happened so far.) Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc trac) allow unencrypted http connections only? This means that everyone in the same Wifi can potentially - read you passwords for all of these services - abuse your hackage account and override arbitrary packages (especially since hackage allows everybody to override everything) I propose we get an SSL certificate for haskell.org. I also offer to donate that SSL certificate (or directly create it using my Startcom account). Agreed, I can chip in - but I think a certificate is pretty cheap nowadays :). Good idea, I completely support it. Major sites like Google, Github, BitBucket, etc. are https only nowadays. Petr Pudlak ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On 10/28/2012 03:20 AM, Niklas Hambüchen wrote: - abuse your hackage account and override arbitrary packages (especially since hackage allows everybody to override everything) Does hackage at least store the logs of packages uploads? What's the reason or such a security model? I guess it was appropriate in the past when hackage was an experimental service, but now it's a standard way of distributing Haskell code. If anyone can update any package, we are waiting for the disaster. I have some haskell code I wrote myself running as root and these thoughts make me shiver. Https is a must-have in current situation, but it's only part of a solution. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
At Sun, 28 Oct 2012 14:59:00 +0400, Dmitry Vyal wrote: Does hackage at least store the logs of packages uploads? What's the reason or such a security model? I guess it was appropriate in the past when hackage was an experimental service, but now it's a standard way of distributing Haskell code. If anyone can update any package, we are waiting for the disaster. I have some haskell code I wrote myself running as root and these thoughts make me shiver. There is no good reason for it to be like that, it is truly bad. Hackage2 has been in the works for a while and will fix this problem. More information here: http://hackage.haskell.org/trac/hackage/wiki/HackageDB/2.0. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
While I would love to have hackage available (or even forced) over https, I think the biggest reason it currently isn't, is that cabal would then also need https support. This means the HTTP library would need https support, which I've heard will be hard to implement cross-platform (read: on Windows). However, I guess providing https as an option is still a huge step forwards compared to the current situation. Erik On Sun, Oct 28, 2012 at 1:20 AM, Niklas Hambüchen m...@nh2.me wrote: (I have mentioned this several times on #haskell, but nothing has happened so far.) Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc trac) allow unencrypted http connections only? This means that everyone in the same Wifi can potentially - read you passwords for all of these services - abuse your hackage account and override arbitrary packages (especially since hackage allows everybody to override everything) I propose we get an SSL certificate for haskell.org. I also offer to donate that SSL certificate (or directly create it using my Startcom account). Niklas ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
Erik, does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else. Best regards, Petr Pudlak 2012/10/28 Erik Hesselink hessel...@gmail.com: While I would love to have hackage available (or even forced) over https, I think the biggest reason it currently isn't, is that cabal would then also need https support. This means the HTTP library would need https support, which I've heard will be hard to implement cross-platform (read: on Windows). However, I guess providing https as an option is still a huge step forwards compared to the current situation. Erik On Sun, Oct 28, 2012 at 1:20 AM, Niklas Hambüchen m...@nh2.me wrote: (I have mentioned this several times on #haskell, but nothing has happened so far.) Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc trac) allow unencrypted http connections only? This means that everyone in the same Wifi can potentially - read you passwords for all of these services - abuse your hackage account and override arbitrary packages (especially since hackage allows everybody to override everything) I propose we get an SSL certificate for haskell.org. I also offer to donate that SSL certificate (or directly create it using my Startcom account). Niklas ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
I think it is only needed for 'cabal upload'. So if you upload via the web only, you'd never send your password over plain HTTP. Erik On Sun, Oct 28, 2012 at 1:38 PM, Petr P petr@gmail.com wrote: Erik, does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else. Best regards, Petr Pudlak 2012/10/28 Erik Hesselink hessel...@gmail.com: While I would love to have hackage available (or even forced) over https, I think the biggest reason it currently isn't, is that cabal would then also need https support. This means the HTTP library would need https support, which I've heard will be hard to implement cross-platform (read: on Windows). However, I guess providing https as an option is still a huge step forwards compared to the current situation. Erik On Sun, Oct 28, 2012 at 1:20 AM, Niklas Hambüchen m...@nh2.me wrote: (I have mentioned this several times on #haskell, but nothing has happened so far.) Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc trac) allow unencrypted http connections only? This means that everyone in the same Wifi can potentially - read you passwords for all of these services - abuse your hackage account and override arbitrary packages (especially since hackage allows everybody to override everything) I propose we get an SSL certificate for haskell.org. I also offer to donate that SSL certificate (or directly create it using my Startcom account). Niklas ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, Oct 28, 2012 at 01:38:46PM +0100, Petr P wrote: Erik, does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else. Kindly disagree here. Ensuring that packages are downloaded safely/correctly without MITM attacks is also important. Even if as an option. regards, iustin ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
2012/10/28 Iustin Pop iu...@k1024.org: On Sun, Oct 28, 2012 at 01:38:46PM +0100, Petr P wrote: does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else. Kindly disagree here. Ensuring that packages are downloaded safely/correctly without MITM attacks is also important. Even if as an option. Good point. But if cabal+https is a problem, this could be solved by other means too, for example by signing the packages. Best regards, Petr Pudlak ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, Oct 28, 2012 at 03:53:04PM +0100, Petr P wrote: 2012/10/28 Iustin Pop iu...@k1024.org: On Sun, Oct 28, 2012 at 01:38:46PM +0100, Petr P wrote: does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else. Kindly disagree here. Ensuring that packages are downloaded safely/correctly without MITM attacks is also important. Even if as an option. Good point. But if cabal+https is a problem, this could be solved by other means too, for example by signing the packages. Well, I agree, but then the same could be applied on upload too, like Debian does - instead of user+pw, register a GPG key. iustin ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, 28 Oct 2012 14:45:02 +0100 Iustin Pop wrote: Kindly disagree here. Ensuring that packages are downloaded safely/correctly without MITM attacks is also important. Even if as an option. HTTPS doesn't fully protect against a MITM since there is no shared secret between client and server prior to the connection. The MITM can use a self-signed certificate, or possibly a certificate signed by a compromised CA. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, Oct 28, 2012 at 04:26:07PM +0100, Changaco wrote: On Sun, 28 Oct 2012 14:45:02 +0100 Iustin Pop wrote: Kindly disagree here. Ensuring that packages are downloaded safely/correctly without MITM attacks is also important. Even if as an option. HTTPS doesn't fully protect against a MITM since there is no shared secret between client and server prior to the connection. The MITM can use a self-signed certificate, or possibly a certificate signed by a compromised CA. Sure, but I was talking about a proper certificate signed by a well-known registrar, at which point the https client would default to verify the signature against the system certificate store. Yes, I'm fully aware that this is not fully safe, but I hope you agree that https with a proper certificate is much better than plain http. regards, iustin ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
[Haskell-cafe] Gaussian Distribution
Hi, at work, I often need the values the cumulative distribution function of the Gaussian distribution. The code for this function in haskell, erlang and perl and the corresponding mathematical paper can be found at git://github.com/frecker/gaussian-distribution.git . Regards, Frank ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, 28 Oct 2012 16:39:10 +0100 Iustin Pop wrote: Sure, but I was talking about a proper certificate signed by a well-known registrar, at which point the https client would default to verify the signature against the system certificate store. It doesn't matter what kind of certificate the server uses since the client generally doesn't know about it, especially on first connection. Some programs remember the certificate between uses and inform you when it changes, but that's not perfect either. Yes, I'm fully aware that this is not fully safe, but I hope you agree that https with a proper certificate is much better than plain http. I agree that X.509 provides some protection, but PGP is better. My point was: when possible don't rely on X.509 for security, build a Web of Trust instead. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
2012/10/28 Changaco chang...@changaco.net: It doesn't matter what kind of certificate the server uses since the client generally doesn't know about it, especially on first connection. Some programs remember the certificate between uses and inform you when it changes, but that's not perfect either. In this particular case, cabal can have the public part of the certificate built-in (as it has the web address built in). So once one has a verified installation of cabal, it can verify the server packages without being susceptible to MitM attack (no matter if they're PGP signed or X.509 signed). Best regards, Petr Pudlak ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, Oct 28, 2012 at 05:10:39PM +0100, Changaco wrote: On Sun, 28 Oct 2012 16:39:10 +0100 Iustin Pop wrote: Sure, but I was talking about a proper certificate signed by a well-known registrar, at which point the https client would default to verify the signature against the system certificate store. It doesn't matter what kind of certificate the server uses since the client generally doesn't know about it, especially on first connection. Some programs remember the certificate between uses and inform you when it changes, but that's not perfect either. The client doesn't have to know about it, if it can verify a chain of trust via the system cert store, as I said above. regards, iustin ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Oct 28, 2012, at 12:10 PM, Changaco chang...@changaco.net wrote: On Sun, 28 Oct 2012 16:39:10 +0100 Iustin Pop wrote: Sure, but I was talking about a proper certificate signed by a well-known registrar, at which point the https client would default to verify the signature against the system certificate store. It doesn't matter what kind of certificate the server uses since the client generally doesn't know about it, especially on first connection. Some programs remember the certificate between uses and inform you when it changes, but that's not perfect either. Yes, I'm fully aware that this is not fully safe, but I hope you agree that https with a proper certificate is much better than plain http. I agree that X.509 provides some protection, but PGP is better. My point was: when possible don't rely on X.509 for security, build a Web of Trust instead. The reason HTTPS works is that most operating systems will have a list of some number of root CAs (or a way to get them via some other channel that the OS trusts, such as through GPG-signed packages) that it implicitly trusts. The user gets the security without any extra effort on their end. On the other hand, with PGP, any user who wants to be secure but doesn't use GPG would have to verify the identity of whoever signed the Cabal GPG key, and most non-Linux operating systems don't come with a list of trusted GPG keys. So how do they get them without using HTTPS (since if you use HTTPS to figure out what keys you trust, your scheme is no more secure than HTTPS)? ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, 28 Oct 2012 13:38:46 +0100, Petr P petr@gmail.com wrote: Erik, does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else. Best regards, Petr Pudlak Without checking a certificate, it could be that you are connected to a false server; without encryption, the package could be replaced by another package (a man-in-the-middle attack). Regards, Henk-Jan van Tuyl -- http://Van.Tuyl.eu/ http://members.chello.nl/hjgtuyl/tourdemonad.html Haskell programming -- ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Building all possible element combinations from N lists.
On Fri, Oct 26, 2012 at 2:34 AM, Jake McArthur jake.mcart...@gmail.comwrote: I golfed a bit. :) sequence = filterM (const [False ..]) What is golfed and = ? Please, explain. Thanks, Dmitri ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, 28 Oct 2012 17:46:10 +0100 Petr P wrote: In this particular case, cabal can have the public part of the certificate built-in (as it has the web address built in). So once one has a verified installation of cabal, it can verify the server packages without being susceptible to MitM attack (no matter if they're PGP signed or X.509 signed). This is PGP's security model, so it's probably better to use PGP keys. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, Oct 28, 2012 at 1:45 PM, Patrick Hurst phu...@amateurtopologist.com wrote: On the other hand, with PGP, any user who wants to be secure but doesn't use GPG would have to verify the identity of whoever signed the Cabal GPG key, and most non-Linux operating systems don't come with a list of trusted GPG keys. So how do they get them without using HTTPS (since if you use HTTPS to figure out what keys you trust, your scheme is no more secure than HTTPS)? Well.. my dumb idea is that you include some trusted GPG keys with the cabal client itself? Obviously you must be getting cabal-install from a trusted source, or all the HTTPS in the world can't help you? I'm sure this idea is wrong somehow, but someone had to mention it ;) - jeremy ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
[Haskell-cafe] GHC maintenance on Arch
Hello, Who is in charge of the ghc and haskell packages on Arch linux? The current system isn't working. Arch linux tends to update packages very quickly. For ghc, always having the latest ghc isn't a good thing. At least if you actually want to get some work done. A majority of the time the latest GHC is unusable. This is because the packages in hackage simply don't keep up. With the current ghc version(7.6.1) even some basic packages in hackage are not upgraded yet. Right now, a large number of other haskell related packages are in the arch repos. Other than gtk2hs, I think these packages are pointless duplications. In the other cases, it has been my experience that it is simpler to maintain these packages through cabal rather than through pacman. Support for these packages in Arch should probably be dropped. If you want to get work done in Arch with haskell, you should only install ghc and cabal-install(right now, you'll have to search the Internet for the old binaries, because the arch repos usually don't keep the old versions around). Then you should add these packages to IgnorePkg = in pacman.conf this way things won't break every couple of months. You can then choose to upgrade when you wish. I hope that someone who is involved with the haskell Arch stuff reads this. The current model needs to be rethought. Linux should be sane by default, but I've lost many many hours learning that arch's relationship with haskell is not so :( Probably the best solution would be to make Arch automatically keep two versions of ghc around at any given time. Thank you for your time, Timothy Hobbs ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Oct 28, 2012, at 4:38 PM, Changaco chang...@changaco.net wrote: On Sun, 28 Oct 2012 17:46:10 +0100 Petr P wrote: In this particular case, cabal can have the public part of the certificate built-in (as it has the web address built in). So once one has a verified installation of cabal, it can verify the server packages without being susceptible to MitM attack (no matter if they're PGP signed or X.509 signed). This is PGP's security model, so it's probably better to use PGP keys. How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key? ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Building all possible element combinations from N lists.
Golfed: http://en.wikipedia.org/wiki/Code_golf = : Also known as Kleisli composition. More info: http://www.haskell.org/hoogle/?hoogle=%3C%3D%3C On Sun, Oct 28, 2012 at 4:36 PM, dokondr doko...@gmail.com wrote: On Fri, Oct 26, 2012 at 2:34 AM, Jake McArthur jake.mcart...@gmail.comwrote: I golfed a bit. :) sequence = filterM (const [False ..]) What is golfed and = ? Please, explain. Thanks, Dmitri ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] GHC maintenance on Arch
Personally, I like the latest version of GHC being in the repository, as that's the version I normally use. What packages aren't working for you on 7.6? I find that they get updated pretty quickly, and if you run into any that aren't, feel free to send the authors a pull request. Almost everything is on github. - Clark On Sun, Oct 28, 2012 at 4:49 PM, timothyho...@seznam.cz wrote: Hello, Who is in charge of the ghc and haskell packages on Arch linux? The current system isn't working. Arch linux tends to update packages very quickly. For ghc, always having the latest ghc isn't a good thing. At least if you actually want to get some work done. A majority of the time the latest GHC is unusable. This is because the packages in hackage simply don't keep up. With the current ghc version(7.6.1) even some basic packages in hackage are not upgraded yet. Right now, a large number of other haskell related packages are in the arch repos. Other than gtk2hs, I think these packages are pointless duplications. In the other cases, it has been my experience that it is simpler to maintain these packages through cabal rather than through pacman. Support for these packages in Arch should probably be dropped. If you want to get work done in Arch with haskell, you should only install ghc and cabal-install(right now, you'll have to search the Internet for the old binaries, because the arch repos usually don't keep the old versions around). Then you should add these packages to IgnorePkg = in pacman.conf this way things won't break every couple of months. You can then choose to upgrade when you wish. I hope that someone who is involved with the haskell Arch stuff reads this. The current model needs to be rethought. Linux should be sane by default, but I've lost many many hours learning that arch's relationship with haskell is not so :( Probably the best solution would be to make Arch automatically keep two versions of ghc around at any given time. Thank you for your time, Timothy Hobbs ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
Do it at home. If you're at an internet cafe, though, it'd be nice if you could trust cabal packages. - Clark On Sun, Oct 28, 2012 at 5:07 PM, Patrick Hurst phu...@amateurtopologist.com wrote: On Oct 28, 2012, at 4:38 PM, Changaco chang...@changaco.net wrote: On Sun, 28 Oct 2012 17:46:10 +0100 Petr P wrote: In this particular case, cabal can have the public part of the certificate built-in (as it has the web address built in). So once one has a verified installation of cabal, it can verify the server packages without being susceptible to MitM attack (no matter if they're PGP signed or X.509 signed). This is PGP's security model, so it's probably better to use PGP keys. How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key? ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] GHC maintenance on Arch
Fyi, the is a specific arch-haskell mailing list which will probably get you a better answer to your question. I cc'd them for you. ~Rickey On Sun, Oct 28, 2012 at 5:24 PM, Clark Gaebel cgae...@uwaterloo.ca wrote: Personally, I like the latest version of GHC being in the repository, as that's the version I normally use. What packages aren't working for you on 7.6? I find that they get updated pretty quickly, and if you run into any that aren't, feel free to send the authors a pull request. Almost everything is on github. - Clark On Sun, Oct 28, 2012 at 4:49 PM, timothyho...@seznam.cz wrote: Hello, Who is in charge of the ghc and haskell packages on Arch linux? The current system isn't working. Arch linux tends to update packages very quickly. For ghc, always having the latest ghc isn't a good thing. At least if you actually want to get some work done. A majority of the time the latest GHC is unusable. This is because the packages in hackage simply don't keep up. With the current ghc version(7.6.1) even some basic packages in hackage are not upgraded yet. Right now, a large number of other haskell related packages are in the arch repos. Other than gtk2hs, I think these packages are pointless duplications. In the other cases, it has been my experience that it is simpler to maintain these packages through cabal rather than through pacman. Support for these packages in Arch should probably be dropped. If you want to get work done in Arch with haskell, you should only install ghc and cabal-install(right now, you'll have to search the Internet for the old binaries, because the arch repos usually don't keep the old versions around). Then you should add these packages to IgnorePkg = in pacman.conf this way things won't break every couple of months. You can then choose to upgrade when you wish. I hope that someone who is involved with the haskell Arch stuff reads this. The current model needs to be rethought. Linux should be sane by default, but I've lost many many hours learning that arch's relationship with haskell is not so :( Probably the best solution would be to make Arch automatically keep two versions of ghc around at any given time. Thank you for your time, Timothy Hobbs ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key? You don't. Somewhere, you just have to trust that nothing went awry. The best thing to do is just to make it as difficult as possible for an attacker to be successful - make the PGP keys widely known and have a lot of people sign them. -- Michael Walker (http://www.barrucadu.co.uk) signature.asc Description: PGP signature ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
So why not use HTTPS? Michael Walker October 28, 2012 5:43 PM You don't. Somewhere, you just have to trust that nothing went awry.The best thing to do is just to make it as difficult as possible for anattacker to be successful - make the PGP keys widely known and have alot of people sign them.___Haskell-Cafe mailing listHaskell-Cafe@haskell.orghttp://www.haskell.org/mailman/listinfo/haskell-cafe Changaco October 28, 2012 4:38 PM This is PGP's security model, so it's probably better to use PGP keys.___Haskell-Cafe mailing listHaskell-Cafe@haskell.orghttp://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] GHC maintenance on Arch
I didn't wish to suggest that the latest version shouldn't be available. If you read my entire message, the suggestion I made, is that arch should install the latest with the next to latest in parallel and do so by default rather than as some weird and hacky work-around. Sending pull requests is great. But one shouldn't have to put their system back together after an upgrade. You ask me what package has broken, but that's not important. A package always breaks. Right now, the situation, is that a haskell user on a completely standard setup, will type pacman -Syu and end up with a non functioning build toolchain. You can of course work to fix this toolchain, and send pull requests. But say it takes a week to update all the packages you use. That's a week of delay to a project. Furthermore, it is not very efficient for me to go and upgrade other people' s packages. Often times on this list there have been discussions regarding the upper bounds on cabal packages. Some people believe that the upper bounds should be removed entirely, while others believe that they should be an educated guess made by the developer. Tweaking upper bounds when I'm not the developer then makes my guessing all the less educated. Me tweaking packages which I do not know and sending pull requests is not only going to cost me more time than it would cost the package author, it is likely to end up with me making the wrong changes and lead to a reduction in the quality of the code. There seems to be a bit of a clash between ghc being a tool, and ghc being a toy. There need not be. Your works-for-me is great but it is meaningless to those of us who use ghc as a tool for larger projects. Timothy -- Původní zpráva -- Od: Clark Gaebel cgae...@uwaterloo.ca Datum: 28. 10. 2012 Předmět: Re: [Haskell-cafe] GHC maintenance on Arch Personally, I like the latest version of GHC being in the repository, as that's the version I normally use. What packages aren't working for you on 7.6? I find that they get updated pretty quickly, and if you run into any that aren't, feel free to send the authors a pull request. Almost everything is on github. - Clark On Sun, Oct 28, 2012 at 4:49 PM, timothyho...@seznam.cz (mailto:timothyho...@seznam.cz) wrote: Hello, Who is in charge of the ghc and haskell packages on Arch linux? The current system isn't working. Arch linux tends to update packages very quickly. For ghc, always having the latest ghc isn't a good thing. At least if you actually want to get some work done. A majority of the time the latest GHC is unusable. This is because the packages in hackage simply don't keep up. With the current ghc version(7.6.1) even some basic packages in hackage are not upgraded yet. Right now, a large number of other haskell related packages are in the arch repos. Other than gtk2hs, I think these packages are pointless duplications. In the other cases, it has been my experience that it is simpler to maintain these packages through cabal rather than through pacman. Support for these packages in Arch should probably be dropped. If you want to get work done in Arch with haskell, you should only install ghc and cabal-install(right now, you'll have to search the Internet for the old binaries, because the arch repos usually don't keep the old versions around). Then you should add these packages to IgnorePkg = in pacman.conf this way things won't break every couple of months. You can then choose to upgrade when you wish. I hope that someone who is involved with the haskell Arch stuff reads this. The current model needs to be rethought. Linux should be sane by default, but I've lost many many hours learning that arch's relationship with haskell is not so :( Probably the best solution would be to make Arch automatically keep two versions of ghc around at any given time. Thank you for your time, Timothy Hobbs ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org(mailto:Haskell-Cafe@haskell.org) http://www.haskell.org/mailman/listinfo/haskell-cafe (http://www.haskell.org/mailman/listinfo/haskell-cafe) ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] GHC maintenance on Arch
On Sun, Oct 28, 2012 at 5:54 PM, timothyho...@seznam.cz wrote: There seems to be a bit of a clash between ghc being a tool, and ghc being a toy. There need not be. Your works-for-me is great but it is meaningless to those of us who use ghc as a tool for larger projects. This is not specific to GHC. Arch Linux, being a bleeding-edge Linux distribution, tends to prefer newer versions of software over more stable versions of software. I doubt that facet of Arch Linux will ever change, so perhaps you should reevaluate your choice of Linux distribution or avoid pacman/package updates for software whose stability and predictability is critical to you. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] GHC maintenance on Arch
Actually Arch has been accommodating in other cases when there was a stable library and a new/developing. It certainly keeps around two versions of python, autoconf, GTK, qt, gambas... The solution I'm proposing would be a little different than those cases, but on the same principle. Timothy -- Původní zpráva -- Od: Patrick Palka patr...@parcs.ath.cx Datum: 28. 10. 2012 Předmět: Re: [Haskell-cafe] GHC maintenance on Arch On Sun, Oct 28, 2012 at 5:54 PM, timothyho...@seznam.cz (mailto:timothyho...@seznam.cz) wrote: There seems to be a bit of a clash between ghc being a tool, and ghc being a toy. There need not be. Your works-for-me is great but it is meaningless to those of us who use ghc as a tool for larger projects. This is not specific to GHC. Arch Linux, being a bleeding-edge Linux distribution, tends to prefer newer versions of software over more stable versions of software. I doubt that facet of Arch Linux will ever change, so perhaps you should reevaluate your choice of Linux distribution or avoid pacman/package updates for software whose stability and predictability is critical to you. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote: How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key? Ultimately it is a DNS problem. To establish a secure connection with haskell.org you'd have to get the certificate from the DNS, but that technology is not ready yet, so all you can do is check the key against as many sources as possible like Michael Walker said. On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote: So why not use HTTPS? Because it doesn't solve the problem. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
PGP tends to present many usability issues, and in this case it would make more sense/provide a clearer win if there were many different, semi-untrusted hackage mirrors. Just enable HTTPS and have Cabal validate the server certificate against a CA pool of one. PKI/trusting obscure certificate authorities in Egypt and Syria is the biggest concern here, not somebody MITMing your initial Cabal installation (which in a lot of cases happens through apt-get or yum, anyway.) On Mon, Oct 29, 2012 at 12:34 AM, Changaco chang...@changaco.net wrote: On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote: How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key? Ultimately it is a DNS problem. To establish a secure connection with haskell.org you'd have to get the certificate from the DNS, but that technology is not ready yet, so all you can do is check the key against as many sources as possible like Michael Walker said. On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote: So why not use HTTPS? Because it doesn't solve the problem. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
Of course, as long as Cabal itself is distributed through this same https-enabled site, you have the same PKI-backed security as just about any major website. This model has problems, yes, but it's good enough, and it's easy to use. If you really want to improve it (without impacting usability), have Google/the browser vendors pin the public cert for haskell.org. On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen hask...@patrickmylund.com wrote: PGP tends to present many usability issues, and in this case it would make more sense/provide a clearer win if there were many different, semi-untrusted hackage mirrors. Just enable HTTPS and have Cabal validate the server certificate against a CA pool of one. PKI/trusting obscure certificate authorities in Egypt and Syria is the biggest concern here, not somebody MITMing your initial Cabal installation (which in a lot of cases happens through apt-get or yum, anyway.) On Mon, Oct 29, 2012 at 12:34 AM, Changaco chang...@changaco.net wrote: On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote: How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key? Ultimately it is a DNS problem. To establish a secure connection with haskell.org you'd have to get the certificate from the DNS, but that technology is not ready yet, so all you can do is check the key against as many sources as possible like Michael Walker said. On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote: So why not use HTTPS? Because it doesn't solve the problem. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
No matter what we do with cabal, it would be great if I could soon point my browser at https://haskell.org *anyway*. On 28/10/12 23:55, Patrick Mylund Nielsen wrote: Of course, as long as Cabal itself is distributed through this same https-enabled site, you have the same PKI-backed security as just about any major website. This model has problems, yes, but it's good enough, and it's easy to use. If you really want to improve it (without impacting usability), have Google/the browser vendors pin the public cert for haskell.org http://haskell.org. On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen hask...@patrickmylund.com mailto:hask...@patrickmylund.com wrote: PGP tends to present many usability issues, and in this case it would make more sense/provide a clearer win if there were many different, semi-untrusted hackage mirrors. Just enable HTTPS and have Cabal validate the server certificate against a CA pool of one. PKI/trusting obscure certificate authorities in Egypt and Syria is the biggest concern here, not somebody MITMing your initial Cabal installation (which in a lot of cases happens through apt-get or yum, anyway.) On Mon, Oct 29, 2012 at 12:34 AM, Changaco chang...@changaco.net mailto:chang...@changaco.net wrote: On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote: How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key? Ultimately it is a DNS problem. To establish a secure connection with haskell.org http://haskell.org you'd have to get the certificate from the DNS, but that technology is not ready yet, so all you can do is check the key against as many sources as possible like Michael Walker said. On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote: So why not use HTTPS? Because it doesn't solve the problem. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org mailto:Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] [Security] Put haskell.org on https
Sure. No matter what's done in Cabal, the clients for everything else will still be mainly browsers. On Mon, Oct 29, 2012 at 12:59 AM, Niklas Hambüchen m...@nh2.me wrote: No matter what we do with cabal, it would be great if I could soon point my browser at https://haskell.org *anyway*. On 28/10/12 23:55, Patrick Mylund Nielsen wrote: Of course, as long as Cabal itself is distributed through this same https-enabled site, you have the same PKI-backed security as just about any major website. This model has problems, yes, but it's good enough, and it's easy to use. If you really want to improve it (without impacting usability), have Google/the browser vendors pin the public cert for haskell.org http://haskell.org. On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen hask...@patrickmylund.com mailto:hask...@patrickmylund.com wrote: PGP tends to present many usability issues, and in this case it would make more sense/provide a clearer win if there were many different, semi-untrusted hackage mirrors. Just enable HTTPS and have Cabal validate the server certificate against a CA pool of one. PKI/trusting obscure certificate authorities in Egypt and Syria is the biggest concern here, not somebody MITMing your initial Cabal installation (which in a lot of cases happens through apt-get or yum, anyway.) On Mon, Oct 29, 2012 at 12:34 AM, Changaco chang...@changaco.net mailto:chang...@changaco.net wrote: On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote: How do you get a copy of cabal while making sure that somebody hasn't MITMed you and replaced the PGP key? Ultimately it is a DNS problem. To establish a secure connection with haskell.org http://haskell.org you'd have to get the certificate from the DNS, but that technology is not ready yet, so all you can do is check the key against as many sources as possible like Michael Walker said. On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote: So why not use HTTPS? Because it doesn't solve the problem. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org mailto:Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] GHC maintenance on Arch
Arch does not keep 2 python packages. There are simply 2 pythons (different programs). And this is true not only for Arch but for practically any other distro. Obvious solution for arch is IgnorePkg in the pacman.conf. That's what i did (until Yesod officially supports newest ghc). On Sunday, October 28, 2012 3:24:16 PM UTC-7, timoth...@seznam.cz wrote: Actually Arch has been accommodating in other cases when there was a stable library and a new/developing. It certainly keeps around two versions of python, autoconf, GTK, qt, gambas... The solution I'm proposing would be a little different than those cases, but on the same principle. Timothy -- Původní zpráva -- Od: Patrick Palka pat...@parcs.ath.cx javascript: Datum: 28. 10. 2012 Předmět: Re: [Haskell-cafe] GHC maintenance on Arch On Sun, Oct 28, 2012 at 5:54 PM, timoth...@seznam.cz javascript:wrote: There seems to be a bit of a clash between ghc being a tool, and ghc being a toy. There need not be. Your works-for-me is great but it is meaningless to those of us who use ghc as a tool for larger projects. This is not specific to GHC. Arch Linux, being a bleeding-edge Linux distribution, tends to prefer newer versions of software over more stable versions of software. I doubt that facet of Arch Linux will ever change, so perhaps you should reevaluate your choice of Linux distribution or avoid pacman/package updates for software whose stability and predictability is critical to you. ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
[Haskell-cafe] Segment Tree based Set
Hi, I was wondering if anyone knows of a package implementing a fast lookup for an element in ranges. For example, this operation: Ord a = a - [(a, a)] - Bool ...can be implemented: \a rs - let s = Set.fromList rs in a `member` s This is not particularly efficient. A segment tree seems like a more appropriate data structure to store the ranges. Does such a library exist? -- Tony Morris http://tmorris.net/ ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Segment Tree based Set
Er, oops. ...can be implemented as: \a rs - let s = Set.fromList (rs = \(a, b) - [a..b]) in a `member` s Something like that! On Mon, Oct 29, 2012 at 2:48 PM, Tony Morris tonymor...@gmail.com wrote: Hi, I was wondering if anyone knows of a package implementing a fast lookup for an element in ranges. For example, this operation: Ord a = a - [(a, a)] - Bool ...can be implemented: \a rs - let s = Set.fromList rs in a `member` s This is not particularly efficient. A segment tree seems like a more appropriate data structure to store the ranges. Does such a library exist? -- Tony Morris http://tmorris.net/ -- Tony Morris http://tmorris.net/ ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe