vms14 has quit [Remote host closed the connection]
random-nick has quit [Ping timeout: 276 seconds]
asarch has joined #lisp
cosimone has quit [Ping timeout: 250 seconds]
efm has quit [Ping timeout: 246 seconds]
efm has joined #lisp
didi has quit [Ping timeout: 252 seconds]
kark has joined #lisp
rgherdt has quit [Ping timeout: 252 seconds]
bendersteed has joined #lisp
varjag has quit [Ping timeout: 268 seconds]
efm has quit [Read error: Connection reset by peer]
efm has joined #lisp
shifty has quit [Ping timeout: 245 seconds]
Bike has joined #lisp
ark has quit [Ping timeout: 252 seconds]
_jrjsmrtn has joined #lisp
__jrjsmrtn__ has quit [Ping timeout: 276 seconds]
doublex_ has joined #lisp
doublex__ has joined #lisp
doublex has quit [Ping timeout: 250 seconds]
cods has quit [Ping timeout: 240 seconds]
SaganMan has quit [Ping timeout: 265 seconds]
doublex_ has quit [Ping timeout: 250 seconds]
SaganMan has joined #lisp
krisfris has joined #lisp
port1024 has quit [Quit: Leaving]
elfmacs has joined #lisp
wxie has joined #lisp
Lord_of_Life has quit [Ping timeout: 276 seconds]
Lord_of_Life_ has joined #lisp
Lord_of_Life_ is now known as Lord_of_Life
bitmapper has quit [Ping timeout: 252 seconds]
dilated_dinosaur has quit [Ping timeout: 265 seconds]
Jeanne-Kamikaze has joined #lisp
krisfris has quit [Ping timeout: 265 seconds]
_whitelogger has joined #lisp
doublex_ has joined #lisp
SaganMan has quit [Ping timeout: 268 seconds]
doublex__ has quit [Ping timeout: 250 seconds]
SaganMan has joined #lisp
bendersteed has quit [Remote host closed the connection]
Bourne has quit [Remote host closed the connection]
efm has quit [Read error: Connection reset by peer]
wxie has quit [Ping timeout: 250 seconds]
ebzzry has joined #lisp
SaganMan has quit [Ping timeout: 265 seconds]
SaganMan has joined #lisp
rpkne has quit [Ping timeout: 240 seconds]
orivej has quit [Ping timeout: 250 seconds]
efm has joined #lisp
lab6789 has joined #lisp
wxie has joined #lisp
wxie has quit [Quit: wxie]
wxie has joined #lisp
vms14 has quit [Remote host closed the connection]
<beach>
Good morning everyone!
malfort has joined #lisp
wxie has quit [Ping timeout: 268 seconds]
clothespin has joined #lisp
ArthurStrong has quit [Quit: leaving]
clothespin has quit [Read error: Connection reset by peer]
clothespin has joined #lisp
elfmacs has quit [Ping timeout: 250 seconds]
clothespin has quit [Read error: Connection reset by peer]
clothespin has joined #lisp
SaganMan has quit [Ping timeout: 268 seconds]
SaganMan has joined #lisp
ebzzry has quit [Read error: Connection reset by peer]
torbo has joined #lisp
y01 has joined #lisp
y01 has left #lisp [#lisp]
rotucer has quit [Ping timeout: 268 seconds]
rotucer has joined #lisp
Kevslinger has quit [Quit: Connection closed for inactivity]
FreeBirdLjj has joined #lisp
FreeBirdLjj has quit [Remote host closed the connection]
pjb has quit [Remote host closed the connection]
pjb has joined #lisp
dtw has quit [Quit: issued !quit command]
ggole has joined #lisp
asarch has quit [Quit: Leaving]
FreeBirdLjj has joined #lisp
FreeBirdLjj has quit [Remote host closed the connection]
FreeBirdLjj has joined #lisp
clothespin_ has joined #lisp
wxie has joined #lisp
clothespin__ has joined #lisp
clothespin has quit [Ping timeout: 252 seconds]
vlatkoB has joined #lisp
vivit has joined #lisp
FreeBirdLjj has quit [Remote host closed the connection]
clothespin_ has quit [Ping timeout: 250 seconds]
malfort_ has joined #lisp
wxie has quit [Ping timeout: 250 seconds]
vivit has quit [Quit: WeeChat 1.9.1]
malfort has quit [Ping timeout: 265 seconds]
asarch has joined #lisp
gravicappa has joined #lisp
Jeanne-Kamikaze has quit [Quit: Leaving]
torbo` has joined #lisp
torbo has quit [Ping timeout: 276 seconds]
wxie has joined #lisp
torbo`` has joined #lisp
torbo` has quit [Ping timeout: 268 seconds]
Bike has quit [Quit: Lost terminal]
gravicappa has quit [Ping timeout: 276 seconds]
enrio has joined #lisp
torbo`` has quit [Remote host closed the connection]
elfmacs has joined #lisp
malfort_ has quit [Ping timeout: 240 seconds]
space_otter has joined #lisp
space_otter has quit [Client Quit]
space_otter_ has joined #lisp
space_otter_ has quit [Client Quit]
space_otter_ has joined #lisp
asarch has quit [Quit: Leaving]
space_otter_ has quit [Client Quit]
karlosz has joined #lisp
karlosz has quit [Client Quit]
<Xach>
Good morning! How wonderful to be in sync with my european lisp pals.
<ck_>
how come?
gigetoo has quit [Ping timeout: 240 seconds]
<Xach>
I am in Europe to visit SBCL20
gigetoo has joined #lisp
<Xach>
I can't disclose which country or city but it is Europe.
<ck_>
"[...] bonding and social activities taking place on Sunday 8th December"
<ck_>
sounds good, I hope you enjoy it
gravicappa has joined #lisp
wiselord has joined #lisp
_whitelogger has joined #lisp
brown121408 has quit [Ping timeout: 265 seconds]
rgherdt has joined #lisp
brown121407 has joined #lisp
wxie has quit [Ping timeout: 268 seconds]
elfmacs has quit [Ping timeout: 240 seconds]
gigetoo has quit [Ping timeout: 265 seconds]
gigetoo has joined #lisp
elfmacs has joined #lisp
rippa has joined #lisp
dale has quit [Quit: My computer has gone to sleep]
dddddd has quit [Remote host closed the connection]
lab6789 has quit [Remote host closed the connection]
<phoe>
morniiiiiiing
<no-defun-allowed>
Good morning phoe
<phoe>
Xach: enjoy it!
gravicappa has quit [Ping timeout: 265 seconds]
nirved has quit [Ping timeout: 252 seconds]
nirved has joined #lisp
space_otter has joined #lisp
space_otter has quit [Remote host closed the connection]
jonatack has quit [Quit: jonatack]
rgherdt has quit [Quit: Leaving]
iovec has joined #lisp
rgherdt has joined #lisp
lavaflow has quit [Ping timeout: 245 seconds]
<boeg>
What the difference between :to and :upto in the loop macro? As far as I can see they do the same thing
<Shinmera>
one is more specific about the direction of iteration.
<Shinmera>
or in other words, since there's a downto, why not an upto.
<boeg>
alright, thanks
davsebam1e has quit [Ping timeout: 268 seconds]
<ck_>
Shinmera: good morning. May I ask you something about chatlog?
lavaflow has joined #lisp
Bourne has joined #lisp
<Shinmera>
just ask
<ck_>
It's just about loading it -- quicklisp fails at 'Component "verbose" not found', but that's immediately after downloading the .tgz
<ck_>
Is there some other repository I need to add, other than the one for radiance?
<Shinmera>
you need to quickload radiance one time first
<ck_>
I did
<Shinmera>
then I have no idea
<ck_>
thank you
davsebamse has joined #lisp
<ck_>
for the record, I exited the debugger and did those two steps again -- (ql:quickload :radiance), chatlog -- and it went through without issue. Maybe you need to quickload radiance two times first.
<Shinmera>
I don't think so
<Shinmera>
try restarting your image.
<Shinmera>
there's cases where ASDF gets into a confused state and doesn't load things properly.
<ck_>
I don't understand what you mean, why should I restart? It worked the second time is what I'm saying.
<Shinmera>
I'm saying it might not have worked properly
<ck_>
Ah, my mistake then. Thank you.
cods has joined #lisp
brown121407 has quit [Read error: Connection reset by peer]
brown121408 has joined #lisp
kritixilithos has joined #lisp
davepdotorg has joined #lisp
davepdotorg has quit [Ping timeout: 240 seconds]
orivej has joined #lisp
orivej has quit [Ping timeout: 265 seconds]
elfmacs has quit [Ping timeout: 268 seconds]
cods has quit [Changing host]
cods has joined #lisp
orivej has joined #lisp
easieste has joined #lisp
easye` has joined #lisp
easieste has quit [Ping timeout: 252 seconds]
cpape has quit [Ping timeout: 265 seconds]
elfmacs has joined #lisp
dilated_dinosaur has joined #lisp
akoana has left #lisp ["Leaving"]
Bourne has quit [Ping timeout: 265 seconds]
random-nick has joined #lisp
wxie has joined #lisp
entel has joined #lisp
DGASAU has quit [Read error: Connection reset by peer]
<phoe>
maybe #emacs will be able to tell you more about it since it is the home of elisp
<jmercouris>
thats an interesting discussion indeed, though a lot of the comments are parroty and 'talk to talk' type things as is common on YC
krisfris has quit [Ping timeout: 240 seconds]
<_death>
statements like "Emacs Lisp is fundamentally simple"
<jmercouris>
I also love the rest of that statement
<jmercouris>
"But the global scope is the power. The global namespace matters. A lot."
<jmercouris>
the global scope is the achilles heel of Elisp, and Emacs especially!
<jmercouris>
or rather the two edged sword, convenient, but very deadly, and you cut yourself a lot accidentally
<_death>
how would an elisp interpreter be helpful?.. elisp is a language for emacs, which has abstractions like buffers, windows, markers, fonts, and a ton of other things
<_death>
with that in mind, CL is a tiny language compared to elisp
<jmercouris>
as you might imagine, I am thinking of Next when asking this question :-)
<froggey>
the obvious solution is to compile emacs to CL
<jmercouris>
froggey: a very straightforward solution, but a very lengthy and long one :-D, I do admire your persistence and dedication!
<_death>
I wrote cl-tree-sitter yesterday that could help with parsing the C :)
jackdaniel has quit [Ping timeout: 240 seconds]
ebrasca has joined #lisp
gabiruh has quit [Quit: ZNC - 1.6.0 - http://znc.in]
whiteline has quit [Remote host closed the connection]
synaps3 has joined #lisp
synaps3 has quit [Changing host]
synaps3 has joined #lisp
whiteline has joined #lisp
duuqnd has joined #lisp
srji has quit [Quit: leaving]
brown121407 has joined #lisp
brown121408 has quit [Ping timeout: 268 seconds]
shifty has joined #lisp
wxie has quit [Ping timeout: 268 seconds]
ebrasca has quit [Remote host closed the connection]
mercourisj has joined #lisp
jmercouris has quit [Disconnected by services]
mercourisj is now known as jmercouris
Bike has joined #lisp
krisfris has joined #lisp
krisfris has quit [Client Quit]
krisfris has joined #lisp
synaps3 has quit [Ping timeout: 268 seconds]
shka_ has joined #lisp
khisanth__ has quit [Ping timeout: 245 seconds]
ralt has joined #lisp
ljavorsk has joined #lisp
ljavorsk_ has joined #lisp
<pjb>
jmercouris: there's one in hemlock.
khisanth__ has joined #lisp
<pjb>
jmercouris: my solution is to develop a C compiler targetting CL so that we may compile GNU emacs into a CL lisp image.
<pjb>
jmercouris: my solution is to develop a C compiler targetting CL so that we may compile GNU emacs into a CL lisp image.
<pjb>
oops.
port1024 has joined #lisp
<jmercouris>
pjb: ah, hemlock, I'd rather not look at that source :D
<pjb>
Why not?
<jmercouris>
i probably will not understand it
ljavorsk has quit [Ping timeout: 250 seconds]
cpape has joined #lisp
jmercouris has quit [Remote host closed the connection]
iovec has quit [Quit: Connection closed for inactivity]
flazh has quit [Ping timeout: 265 seconds]
FreeBirdLjj has joined #lisp
bendersteed has joined #lisp
rudi has joined #lisp
Lord_of_Life_ has joined #lisp
Lord_of_Life has quit [Ping timeout: 240 seconds]
Lord_of_Life_ is now known as Lord_of_Life
hiroaki has joined #lisp
gxt has quit [Remote host closed the connection]
DGASAU has quit [Read error: Connection reset by peer]
gxt has joined #lisp
lucasb has joined #lisp
DGASAU has joined #lisp
ebzzry has joined #lisp
hiroaki has quit [Ping timeout: 268 seconds]
hiroaki has joined #lisp
FreeBirdLjj has quit [Remote host closed the connection]
FreeBirdLjj has joined #lisp
rudi has quit [Quit: rudi]
rudi has joined #lisp
flazh has joined #lisp
kmeow has joined #lisp
brown121407 has quit [Ping timeout: 265 seconds]
gravicappa has joined #lisp
ljavorsk_ has quit [Ping timeout: 265 seconds]
varjag has joined #lisp
shka_ has quit [Ping timeout: 246 seconds]
shka_ has joined #lisp
ljavorsk_ has joined #lisp
shka_ has quit [Ping timeout: 240 seconds]
ljavorsk_ has quit [Ping timeout: 240 seconds]
FreeBirdLjj has quit [Remote host closed the connection]
zaquest has quit [Remote host closed the connection]
ebrasca has joined #lisp
Boko_ecebd has joined #lisp
sauvin has quit [K-Lined]
Boko_ecebd has quit [Read error: Connection reset by peer]
FreeBirdLjj has joined #lisp
Boko_eacce has joined #lisp
Boko_eacce has quit [Write error: Connection reset by peer]
iovec has joined #lisp
Boko_aceac has joined #lisp
elfmacs has quit [Ping timeout: 250 seconds]
Boko_aceac has quit [Read error: Connection reset by peer]
Boko_abbed has joined #lisp
shka_ has joined #lisp
seok has joined #lisp
seok has quit [Remote host closed the connection]
seok has joined #lisp
<seok>
how would I securely validate user uploaded images ?
<seok>
I couldn't find a library
<seok>
At the moment my option is to use third party image storage/hosting just for image validation
Boko_abbed has quit [Read error: Connection reset by peer]
seok has quit [Remote host closed the connection]
<phoe>
sebboh1: what do you mean by "securely validate"
<phoe>
what does validation mean and what does security mean
<phoe>
I meant, uhhh, seok
<phoe>
but you aren't here anymore
jonatack has joined #lisp
FreeBirdLjj has quit [Remote host closed the connection]
FreeBirdLjj has joined #lisp
bendersteed has quit [Quit: bye]
Boko_badeb has joined #lisp
Boko_badeb has quit [Write error: Connection reset by peer]
ebrasca has quit [Read error: Connection reset by peer]
Boko_ebccd has joined #lisp
ebrasca has joined #lisp
Boko_ebccd has quit [Read error: Connection reset by peer]
port1024 has quit [Remote host closed the connection]
FreeBirdLjj has quit [Remote host closed the connection]
FreeBirdLjj has joined #lisp
dddddd has joined #lisp
Boko_eacea has joined #lisp
Boko_eacea has quit [Write error: Connection reset by peer]
elfmacs has joined #lisp
FreeBirdLjj has quit [Ping timeout: 268 seconds]
femi has quit [Ping timeout: 245 seconds]
FreeBirdLjj has joined #lisp
pjb has quit [Remote host closed the connection]
ssd532_ has joined #lisp
femi has joined #lisp
ssd532_ has left #lisp [#lisp]
shka_ has quit [Quit: Konversation terminated!]
shka_ has joined #lisp
kmeow has quit [Remote host closed the connection]
X-Scale has quit [Ping timeout: 276 seconds]
pjb has joined #lisp
EvW has joined #lisp
X-Scale has joined #lisp
pjb has quit [Ping timeout: 276 seconds]
sunset_NOVA has joined #lisp
pjb has joined #lisp
FreeBirdLjj has quit [Remote host closed the connection]
FreeBirdLjj has joined #lisp
izh_ has joined #lisp
FreeBirdLjj has quit [Ping timeout: 240 seconds]
Boko_aeeac has joined #lisp
X-Scale has quit [Ping timeout: 265 seconds]
Lycurgus has joined #lisp
Boko_aeeac has quit [Write error: Connection reset by peer]
X-Scale` has joined #lisp
Boko_ebbdd has joined #lisp
Boko_ebbdd has quit [Read error: Connection reset by peer]
X-Scale` is now known as X-Scale
EvW has quit [Ping timeout: 250 seconds]
FreeBirdLjj has joined #lisp
Boko_dbcdb has joined #lisp
Boko_dbcdb has quit [Read error: Connection reset by peer]
FreeBirdLjj has quit [Ping timeout: 245 seconds]
xuxuru has joined #lisp
Boko_cdbcd has joined #lisp
Boko_cdbcd has quit [Read error: Connection reset by peer]
ralt has quit [Quit: Connection closed for inactivity]
elfmacs has quit [Ping timeout: 252 seconds]
cosimone has joined #lisp
slyrus__ has joined #lisp
slyrus_ has quit [Read error: Connection reset by peer]
efm has quit [Read error: Connection reset by peer]
sunset_NOVA has quit [Quit: leaving]
krisfris has quit [Quit: WeeChat 1.9.1]
efm has joined #lisp
antoszka has joined #lisp
antoszka has quit [Client Quit]
ggole has quit [Quit: Leaving]
ljavorsk_ has joined #lisp
adam0001 has joined #lisp
oni-on-ion has quit [Ping timeout: 245 seconds]
gravicappa has quit [Ping timeout: 265 seconds]
zaquest has joined #lisp
<adam0001>
New Ubuntu system, I notice ~/quicklisp/setup.lisp is in the hidden directory ~/.quicklisp/setup.lisp Should I uninstall and reinstall using Quicklisp method?
ljavorsk_ has quit [Ping timeout: 268 seconds]
<Bike>
i think quicklisp is pretty insensitive to what directory it's in?
oni-on-ion has joined #lisp
<MichaelRaskin>
I have multiple QuickLisp installations in various very non-default locations, and I never have any problems with that
<adam0001>
OK. Thank you. It seems that the Lisp of others often expects it in the non-hidden directory.
<adam0001>
So, no real convention I guess. Will take another look at the Quicklisp install notes.
<MichaelRaskin>
Well, I load mine manually. (Of course that could go into .sbclrc if you have exactly one installation)
<Bike>
adam0001: implementations don't really expect it to be anywhere. they just need to load setup.lisp
<Bike>
probably in an rc file
slyrus_ has joined #lisp
<adam0001>
a quick fix, might be to link or copy the hidden directory and file, alias it to a non-hidden ~/quicklisp/setup.lisp
mrSpec has joined #lisp
mrSpec has quit [Changing host]
mrSpec has joined #lisp
<Bike>
i mean you can just tell the implementation to load from the right spot.
<Bike>
on my system .sbclrc is set for quicklisp/setup.lisp. if i threw a period in there it would do the hidden location instead.
cosimone has quit [Quit: Terminated!]
slyrus__ has quit [Ping timeout: 240 seconds]
torbo has joined #lisp
shka_ has quit [Ping timeout: 246 seconds]
shka_ has joined #lisp
<adam0001>
@Bike OK. Yes, my .sbclrc has it pointing to the hidden. So, its simply programmed hard-wired in the software I'm trying to run. I can change that, or copy setup.lisp to where it expects to find it.
seok has joined #lisp
<seok>
Dang, I was disconnected
<Bike>
that seems like an unfortunate choice by that software.
shka_ has quit [Ping timeout: 252 seconds]
<seok>
How would one verify user-uploaded image in common lisp? Did anyone answer me just then
shka_ has joined #lisp
<Bike>
phoe asked what you meant by validation.
<adam0001>
@Bike taking another look at it now ..
<seok>
So, if someone uploads a jpg on my web, how would I ensure that it is actually a jpg file?
<pjb>
seok: you would use a jpg parser and check that it can run without detecting any error.
<pjb>
seok: it's just like for a lisp file or a C file. You use the compiler to check for errors.
<seok>
Is there a library?
<Bike>
oh, something like jpeginfo. i don't know that there's a library to do that. cl-jpeg is more about the data in the jpeg
vlatkoB has quit [Remote host closed the connection]
<pjb>
seok: unfortunately, jpeg libraries are in general written without this aspect of validation. Instead, they often prefer to crash or to allow security problems.
<seok>
I'm sure there are established libraries in other established languages like PHP node or python, I'm considering outsourcing just the validation to another language
<seok>
Hm
<pjb>
seok: use google with validating jpeg parser
<seok>
so it won't be just jpeg
<seok>
but all major image files
<pjb>
and cry.
<pjb>
seok: same problem with all file formats!
<seok>
yeah
<pjb>
seok: you have lisp, you have a problem, develop a product!
<seok>
Haha, it is too much of a big job for me!
<pjb>
seok: you could be the startup that sells to all web sites validating file parsers!
<seok>
But there are already websites doing that
<pjb>
Insteant trillionaire!
<pjb>
Yes, but they do it badly, and introducing hideous security bugs!
<seok>
I'm not sure if you are being sarcastic haha
<pjb>
Totally serious.
<pjb>
If I had the resources, this is what I'd do.
<seok>
I see no commercial benefit of writing an image validator in lisp
<seok>
if there is not one already
<pjb>
seok: your lisp program can be sold and use by any web server, not only by web browser written in lisp!
<pjb>
And the commercial benefit is that you CAN do it!
<seok>
but I'm sure there are libraries already verifying user uploaded images in PHP or node
<pjb>
Writing any validing software in other programming language fails, because then you introduce more bugs than you detect!
<seok>
Is that so?
<pjb>
seok: no, they are security hole libraries.
<adam0001>
@Bike simply copying ~/.quicklisp/ directory tree to ~/quicklisp/ runs the software. Now I'm getting this which is progress. "unhandled condition in --disable-debugger mode, quitting "
<MichaelRaskin>
Mozilla might have something secure in Rust, though
<seok>
I'm actually looking for one in node, I'm surprised it is harder than I had thought to find one
<pjb>
seok: as I said, not surprising, because any non-lisp code introduces more bugs than it can detect.
<seok>
Are you telling me a simple feature such as image verification has not been implemented properly in any popular libraries?
<adam0001>
@Bike So, thank you. Its into the too hard basket again for a while.
<pjb>
seok: yes, the purpose of libraries is not to verify or validate, but to read the image.
<pjb>
seok: google for fuzzing jpeg and cry.
hvxgr has quit [Quit: leaving]
<seok>
And lisp is not vulnerable to these?
<pjb>
Less. If not compiled with (safety 0), we're a tad better.
<seok>
Then how are all these other websites coping? surely none of them are using a lisp web server
<MichaelRaskin>
I guess a _pure_ JavaScript solution would be also okay-ish safety-wise, but I am not sure one exists
<pjb>
seok: how do you think we get all those databases of personal data and credit card number available?
<MichaelRaskin>
They are using imagemagick, which supports a huge number of formats and is really unsuitable for untrusted input
<seok>
MichaelRaskin: i thought this verification would have to be handled backend?
<pjb>
seok: google for personal data million and cry.
<MichaelRaskin>
Indeed, but you mentioned Node
<seok>
So you are telling me most websites with image upload functionality are vulnerable?
<pjb>
seok: looks like you don't use google enough…
<pjb>
seok: most websteis are NOT implemented in lisp, therefore ARE vulnerable.
<seok>
Yeah, I'd imagined that node would have a library verification since node servers are pretty common and so is image upload function
<pjb>
including those who allow image upload.
<MichaelRaskin>
Many sites with image upload functionality don't even do anything with images
<MichaelRaskin>
And therefore not vlunerable themselves, just opening their users to attacks
<seok>
So I can insert malicious code through those upload uris?
<pjb>
seok: this would be an interesting experiment. Locate malicious jpegs, and test uploading them everywhere…
<seok>
I'm really surprised by what you guys are saying
<pjb>
seok: 90% won't detect anything bad. 9% will break somehow without telling you why (you could probably hack them). And I'm very optimisitic here: 1% will tell you they reject the malformed file.
<seok>
I have been having a headache for a week trying to figure this out, how everyone else is doing it
<pjb>
seok: people avoid headaches.
<seok>
But you are telling me pretty much no one is doing anything at all
<pjb>
seok: the play austrich.
<MichaelRaskin>
Well, it's not them who are bearing the risks
<MichaelRaskin>
Who cares if users get attacke
<seok>
Well it is
<pjb>
seok: but as I said, if you do something solid in lisp, you have a market, and given the number of web site, you could very well end up not billionaire, but trillionaire.
<seok>
You can attack the server
<seok>
and shut it down if someone wanted to
<seok>
or much worse
<MichaelRaskin>
Not if the server never processes the image, just relays
<pjb>
MichaelRaskin: there are legal risks, so they may want to run an antivirus software on those files.
<MichaelRaskin>
If there were real legal risks for redistributing the viruses, Google ad network would be already shut down
<seok>
I don't have enough low level level programming knowledge to do this
EvW has joined #lisp
<seok>
pjb why don't you make this
<seok>
you could be trillionaire
<MichaelRaskin>
Actually there is no market for that
<pjb>
Yep. You need time to do it. Some investment.
<MichaelRaskin>
because no one cares
seok has left #lisp [#lisp]
seok has joined #lisp
<MichaelRaskin>
And there is an easy and cheap solution for sanitising jpegs. Which is not perfectly safe but safeish
<seok>
Such as?
<seok>
That's what I'm looking for
<pjb>
Open the file in a sand box, and see if it does anything bad.
<seok>
What kind of sand box
<MichaelRaskin>
Or better: convert he file to a completely different format in a sandbox
<seok>
I'm still not buying what you guys are saying that most websites if not all are vulnerable
<pjb>
seok: even plain text files can be dangerous. Recently, iOS had a problem processing some unicode encoding, so you could break its Messenger application, just by sending a SMS with some chinese or so characters…
<MichaelRaskin>
Well, given that it is enough to have a remote code execution at the level of OS network stack…
<pjb>
You don't even need "execution" as such. Any file processing is a kind of evaluation. Basically, data = code.
<MichaelRaskin>
That's pretty far from a useful truth
<seok>
Dang, file upload is hard
<pjb>
And the worse part is that it's not because you've validated some data with some bug-free library that are good: your same data could be evaluated by a buggy program on the same system, and hose you.
<MichaelRaskin>
File upload is easy
<pjb>
seok: it's the general security problem in IT>..
<MichaelRaskin>
File processing is hard…
<seok>
How is google photos, photobucket, etc managing?
<seok>
they're not?
Jeanne-Kamikaze has joined #lisp
<pjb>
They have people to correct things when they happen. Like the time iCloud would show you picture of other customers :-)
<MichaelRaskin>
And also Google can afford the overhead of a few levels of isolation so that an exploit doesn't let you do anything interesting
Jeanne-Kamikaze has quit [Client Quit]
<seok>
This is much bigger problem than I had imagined
Smokitch has joined #lisp
<pjb>
Yep, it's a trillion dollar problem.
<seok>
I should probably stick with one of these third party image hosting and link images from there until I am ready
<pjb>
A big opportunity.
<MichaelRaskin>
You can search for «Eternal Blue» to see how security problems are actually handled in the real world. In that case, there was a lot of coverage
<MichaelRaskin>
Nope, no opportunity
<seok>
Haha. Why no opportunity Michael?
<MichaelRaskin>
Opportunity assumes anyone is going to pay for cleaning up the mess
<seok>
If one comes up with a solution then all the web hosts are going to implement it
<MichaelRaskin>
No, why would they
<MichaelRaskin>
Being insecure doesn't cost much
<seok>
Because the one who comes up the solution is going to release the hacks together so the websites who don't use the patch are going to suffer
<MichaelRaskin>
Meh. If hacks are used widely, there are patches in a couple of days
<seok>
That's the thing, it's not that profitable to promote the hack if there is no patch
<seok>
Once there is one, it becomes profitable
<MichaelRaskin>
No, I mean, exploit-specific patches
<MichaelRaskin>
It's all buffer overflow here, buffer overflow there
<MichaelRaskin>
You can always whack a mole
<seok>
Marketing is not passive
<seok>
It's easy to sell once you come up with the program
antoszka has joined #lisp
<seok>
You just show them hacking their website infront of them
<seok>
Then your solution is bought
brown121408 has joined #lisp
<MichaelRaskin>
Except you actually need a high-value exploit to demonstrate stuff
<MichaelRaskin>
And once you use it in the open, this specific problem gets patched
<seok>
Image upload vulnerability is high value though
<MichaelRaskin>
And you need a new one
<MichaelRaskin>
It is not specific enough
<seok>
you can possibly control the whole server
<MichaelRaskin>
You need an actual exploit
<MichaelRaskin>
A real file that causes some buffer overflow
<seok>
Is it not possible?
<MichaelRaskin>
And a week later this specific buffer overflow is patched everywhere
<seok>
So if there are no practical vulnerability why have you scared me off with our previous conversation
<MichaelRaskin>
There are, and a lot, but finding them is not free
<seok>
Am I fine with just checking the file MIME and extension?
akoana has joined #lisp
<MichaelRaskin>
If you are not trying to process the file, just serve it further, checking the first few bytes for a valid JPEG header is enjough to make it not-your-problem (but your users' one)
adam0001 has quit [Remote host closed the connection]
tsrt^ has joined #lisp
duuqnd has quit []
<pjb>
So you just use file(1).
slyrus__ has joined #lisp
<MichaelRaskin>
«I cannot print on Tuesdays»
cosimone has joined #lisp
slyrus_ has quit [Ping timeout: 240 seconds]
arichiardi has joined #lisp
Codaraxis has joined #lisp
rippa has quit [Quit: {#`%${%&`+'${`%&NO CARRIER]
space_otter has joined #lisp
Bourne has joined #lisp
dale has joined #lisp
ym has joined #lisp
arichiardi has quit [Remote host closed the connection]
cosimone has quit [Remote host closed the connection]
cosimone has joined #lisp
abhixec has joined #lisp
bitmapper has joined #lisp
ralt has joined #lisp
jfb4_ has joined #lisp
cosimone_ has joined #lisp
thecoffemaker has quit [Ping timeout: 265 seconds]
cosimone has quit [Read error: Connection reset by peer]
thecoffemaker has joined #lisp
jfb4 has quit [Ping timeout: 250 seconds]
troydm has quit [Quit: What is Hope? That all of your wishes and all of your dreams come true? To turn back time because things were not supposed to happen like that (C) Rau Le Creuset]
enrio has quit [Ping timeout: 240 seconds]
cosimone has joined #lisp
cosimone_ has quit [Ping timeout: 250 seconds]
sahara3 has joined #lisp
shka_ has quit [Ping timeout: 246 seconds]
cosimone_ has joined #lisp
cosimone has quit [Ping timeout: 250 seconds]
slyrus_ has joined #lisp
slyrus__ has quit [Ping timeout: 265 seconds]
troydm has joined #lisp
ljavorsk_ has joined #lisp
cosimone_ has quit [Quit: Quit.]
cosimone_ has joined #lisp
cosimone_ is now known as cosimone
cosimone has quit [Client Quit]
cosimone has joined #lisp
v88m has quit [Ping timeout: 245 seconds]
abhixec has quit [Quit: leaving]
<akoana>
hmm,after (ql:update-dist "quicklisp") i got debugger invoked on a QL-DIST:BADLY-SIZED-LOCAL-ARCHIVE ... The archive file "bodge-glfw-stable-7519a922-git.tgz" for "bodge-glfw" is the
<akoana>
wrong size: expected 511,390, got 39,493 but ./quicklisp/dists/quicklisp/archives/bodge-glfw-stable-7519a922-git.tgz has 511390 bytes and the tar.gz is ok, should I ignore this error?
<akoana>
(SBCL 1.5.4, x86_64 GNU/Linux, quicklisp client up to date)
torbo has quit [Remote host closed the connection]
<akoana>
as a lisp newbie I'm rather confused and have no clue how to fix this, so anyone bringing light into this is greatly appreciated - thanks in advance
<_death>
you can do (trace ql-util:file-size) and see the pathname and resulting size
<no-defun-allowed>
What's the SLIME package named that makes indentation in Emacs reasonable?
<akoana>
_death: thank you, hmm, I can't repeat the (ql:update-dist "quicklisp"), it says You already have the latest version of "quicklisp"