Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Deren Dohoda
> I think Racket would benefit by a suite of applications which are small but > not trivial and with a source code which is commented in more detail than a > regular application I would kill to understand the intended use of the framework library. I don't understand what I'm supposed to do

Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Laurent
My understanding is that Framework is born out of DrRacket, expecting that some of its tools may be useful in other contexts (like, say, keymaps). On Thu, Aug 20, 2020 at 3:11 PM Deren Dohoda wrote: > > I think Racket would benefit by a suite of applications which are small > but > > not

Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Stephen De Gabrielle
Hi Deren, > > The framework provides a number of mixins, classes and functions designed > to help you build a complete application program on top of the racket/gui > library. - https://docs.racket-lang.org/framework/index.html Check out the overview and the table of contents - it has lots of

Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Stephen De Gabrielle
Alex is right, most developers don't need this. The point of templates is a jumping off point for new developers, or developers trying a domain they are not familiar with. Where possible I will be linking back to any supporting materials ( https://alex-hhh.github.io/2020/03/a-game-of-tetris.html

[racket-users] Deserializing snips from untrusted input

2020-08-20 Thread Daniel Melcer
There are some well-known vulnerabilities that are a result of deserializing untrusted inputs. Are editor snips restrictive enough that their deserialization is safe? After all, they are already loaded when a file is opened in DrRacket, and a file on the disk may originate from an untrusted

Re: [racket-users] Can OpenSSL be upgraded for the next Racket release?

2020-08-20 Thread Matthew Flatt
Hi Andre, For information and build scripts, see https://github.com/racket/racket/tree/master/racket/src/native-libs As an intermediate step, I direct the libraries to a checkout of https://github.com/racket/libs/ which has the built libraries in package form and some upload scripts for

Re: [racket-users] GUI zoom and normal-control-font

2020-08-20 Thread James Platt
On Aug 19, 2020, at 8:53 PM, George Neuner wrote: > Sorry, it was not clear to me that you wanted to resize widgets (child > windows). Typically when one speaks about a window's "content" they are > referring to text or imagery drawn onto the window's backing bitmap. I was going by

Re: [racket-users] Application Templates!

2020-08-20 Thread James Geddes
> On 20 Aug 2020, at 18:22, Sorawee Porncharoenwase > wrote: > > Is this intended to be something like https://docs.racket-lang.org/scaffold/? That also looks extremely useful! James -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To

Re: [racket-users] Application Templates!

2020-08-20 Thread Stephen De Gabrielle
On Thu, Aug 20, 2020 at 6:43 PM James Geddes wrote: > > > > On 20 Aug 2020, at 18:22, Sorawee Porncharoenwase < > sorawee.pw...@gmail.com> wrote: > > > > Is this intended to be something like > https://docs.racket-lang.org/scaffold/? > > That also looks extremely useful! > > James > > Agreed!

Re: [racket-users] Deserializing snips from untrusted input

2020-08-20 Thread Daniel Melcer
To make sure I'm understanding correctly, as long as the code verifies that the given snipclass is in (get-the-snip-class-list), it should be relatively safe? So the only way that the user would run malicious code in this case is if they installed a malicious package first, in which case there

Re: [racket-users] Deserializing snips from untrusted input

2020-08-20 Thread Robby Findler
I believe that the "other ways to cause harm" that mention applies here, but this is the docs that explain the thing I'm talking about: https://docs.racket-lang.org/gui/editor-overview.html?q=snip-class#%28part._editorsnipclasses%29 It would require the attacker put the file on the disk in a

Re: [racket-users] Deserializing snips from untrusted input

2020-08-20 Thread Robby Findler
The issue I mention in 157 is different than this one. In this situation, the snipclass needs to be installed somehow before its code will be loaded, but that installation can happen by a require (triggered by the opening of that snip). So it may be that you have code installed in a collection

Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Sorawee Porncharoenwase
Is this intended to be something like https://docs.racket-lang.org/scaffold/ ? On Thu, Aug 20, 2020 at 10:12 AM Stephen De Gabrielle < spdegabrie...@gmail.com> wrote: > Alex is right, most developers don't need this. > > The point of templates is

Re: [racket-users] Application Templates!

2020-08-20 Thread James Geddes
Just to note that I would find this sort of thing very useful. I have struggled to package my command-line app in a way that makes it easily accessible to my colleagues (a mixture of Python developers on Macs using homebrew and non-developers on corporate Windows systems using who knows what).

Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Robby Findler
On Thu, Aug 20, 2020 at 9:11 AM Deren Dohoda wrote: > I would kill to understand the intended use of the framework library. I > don't understand what I'm supposed to do with it at all. Does anyone have > an application written with framework that I can look at? Or could we make > a small

Re: [racket-users] Deserializing snips from untrusted input

2020-08-20 Thread Sorawee Porncharoenwase
I don't know much about this specific case, but see Robby's comment about how "DrRacket can run user (untrusted) code in certain situations" at https://github.com/racket/gui/issues/157. A concrete problem I found is that you can have a snip running `struct->vector` and it will successfully extract

Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Alex Harsanyi
On Thursday, August 20, 2020 at 9:11:45 PM UTC+8 hen...@topoi.pooq.com wrote: > On Wed, Aug 19, 2020 at 09:33:01PM -0700, Alex Harsanyi wrote: > ... > ... > > I think Racket would benefit by a suite of applications which are small > but > > not trivial and with a source code which is

Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Laurent
Stephen's work may still be quite useful, as it provides a set of really minimal (almost?) working examples that explain the specifics of various tools. I say keep it up, Stephen! On Thu, Aug 20, 2020 at 5:33 AM Alex Harsanyi wrote: > I am not sure that a template in the style of "dotnet new"

Re: [racket-users] Re: Application Templates!

2020-08-20 Thread Hendrik Boom
On Wed, Aug 19, 2020 at 09:33:01PM -0700, Alex Harsanyi wrote: ... ... > I think Racket would benefit by a suite of applications which are small but > not trivial and with a source code which is commented in more detail than a > regular application. Every regular application would also benefit

Re: [racket-users] Can OpenSSL be upgraded for the next Racket release?

2020-08-20 Thread Andre Garzia
Thanks a lot for the quick turnaround, Matthew. I want to get more involved with Racket maintaining, specially for Windows platform, and before you replied here, I was trying to do this update myself. I saw the packages: https://pkgs.racket-lang.org/package/racket-win32-i386