This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-07-26
Channels
- # announcements (6)
- # beginners (69)
- # calva (10)
- # clj-kondo (9)
- # clojure (32)
- # clojure-uk (9)
- # clojuredesign-podcast (13)
- # clojurescript (14)
- # clojureverse-ops (2)
- # conjure (24)
- # cursive (12)
- # data-science (1)
- # datomic (13)
- # graalvm (5)
- # jobs-discuss (4)
- # malli (6)
- # meander (33)
- # off-topic (9)
- # pedestal (2)
- # re-frame (38)
- # reitit (6)
- # rum (4)
- # shadow-cljs (6)
- # tools-deps (8)
- # xtdb (26)
Perhaps more detail on comparators and sorting in Clojure than you might want to know, but this article might be useful: https://clojure.org/guides/comparators
I just watched this https://www.youtube.com/watch?v=CBL59w7fXw4 which basically talks about how bad security is for clojure web apps. Is there any update on this? It was 6 years ago... How secure are luminus and pedestal?
Aaron’s talk spurred a lot of immediate improvements to the Clojure library default setups and addressed many of the issues. Joy Clark did a great talk covering the major OWASP security items in the context of Clojure a few years later https://www.youtube.com/watch?v=lRHPZXKQVLk
Thanks so much, that's exactly what I was looking for!
They're as secure as whatever security/auth library you're using with them. I'm not sure if Luminus bundles anything in that space but I'm pretty sure Pedestal is a narrower focused web library.
We don't tend to have "frameworks" in Clojure: we build web apps using our preferred composition of libraries. There's no "standard" approach that includes security in a particular way. So apps are exactly as secure as people decide to make them.
Fair enough. That was kind of my impression. Security scares me because it's so easy to get wrong. I'm no expert, so I was hoping there was something that could guide me a bit
I remember attending that talk -- although I can't remember what specifically he was promoting in it. Buddy and Friend are probably the two security libs I hear the most about but I think at least one of them is no longer maintained.
Looks like neither of them has been updated for three years...
Ya I'm looking at those now
But does that mean they're super stable, or just abandoned? 😛
I think they're both fairly stable but I also think they are both unmaintained 🙂
Here's an article from last year on the topic of Clojure & security, that references Aaron's talk from 2014 https://jemurai.com/2019/11/27/clojure-signal/
It calls out security issues that aren't solved by a library but are systemic -- such as not using parameters in SQL queries. Security is a systemic issue. I've never used Friend or Buddy. We have built our own OAuth2 system at work -- we have separate Auth, Login, and API servers and built that on top of Apache OLTP stuff. We also have login-via-Facebook and we've talked about offering other auth services.
Thanks! Reading
Hello everybody! I just wanted to share the two small games I made to learn Clojure / Clojurescript. Any feedback welcome! Snake: https://github.com/Phantas0s/sokoban Sokoban: https://github.com/Phantas0s/sokoban
@akoppela Totally depends on your usecase. I general I would say less than 1%. When I do web dev I'd say it's less than 0.1% for me. That said, it's also considered idiomatic to use a java library when there is no good clojure fit.
there's more than one editor? :thinking_face:
everything from a magnetic needle with a microscope to emacs will do. depends on what you like. there's that gui, cursive for cljs, some people use Atom, some people use SublimeText you can see on the latest clojure user survey what the distributions are actually... linking one moment juanita in accounts receivable just a sec..
although it include clj and cljs... https://clojure.org/news/2020/02/20/state-of-clojure-2020
I'm playing around with transduce, and I thought I understood it with simple examples like (transduce (map inc) conj (range 10))
, which returns the expected [1 2 3 4 5 6 7 8 9 10]
. But if I throw a string into the collection argument, I get a strange result. Can anyone explain why this is happening?
(transduce (map inc) conj [0 1 2 3 4 5 6 7 8 9 "clojure"])
;; => [1 2 3 4 5 6 7 8 9 10 "clojure1"]
is this clojurescript?
Yes it's clojurescript. I realize Javascript has some weird string behaviours, but I'm surprised that (inc "clojure")
errors when the transducer version doesn't.
I'm guessing that (map inc) ends up calling + from js directly, and doing whatever weird thing js does for + on strings
yeah
$ cljs
ClojureScript 1.10.758
(ins)cljs.user=> (+ "clojure" 1)
WARNING: cljs.core/+, all arguments must be numbers, got [string number] instead at line 1 <cljs repl>
"clojure1"
(ins)cljs.user=> (inc "clojure")
WARNING: cljs.core/+, all arguments must be numbers, got [string number] instead at line 1 <cljs repl>
"clojure1"
those aren't errors, it returns the same string you saw
Hmm, for me in a shadow-cljs NodeJS repl, (inc "clojure")
doesn't return "clojure1"
, it returns nil
. But you're right, it's still a warning not an error. I also tried the (transduce (map inc) conj [0 1 2 3 4 5 6 7 8 9 "clojure"])
in a Clojure REPL, and it error-ed as expected.
sounds like shadow-cljs does some level of sanity checking cljs doesn't (or my cljs is badly out of date)
I guess so. Just one more detail to remember I guess. Please tell me this gets easier.
+ Thanks once again for your help @noisesmith!
in my experience cljs has more weird edges compared to clj
mostly due to the vm
Seems like it. I suppose it's better to run into them now rather than in the middle of a large application.
Oof, it does it for error objects too. That hurts.
(transduce (map inc) conj [0 1 2 3 4 5 6 7 8 9 (ex-info "My error" {})])
;; => [1 2 3 4 5 6 7 8 9 10 "#error {:message \"My error\", :data {}}1"]
I guess what really threw me off is 1. transduce
swallowing the warning, and 2. (inc "clojure")
returning nil
instead of "clojure1"
. Very weird.
operator overloading is my least favorite language feature, I'd rather use a language where you need two different versions of + for int / float (eg. ml) than one where every data type does a different thing when you call + on it
Yep, it's hard to imagine how anyone could to pass a JS object to +
and want it to mean "convert my object to a string and concatenate a 1 to the end of it".
how would i round floats in clojure?
e.g.
0.29868686
to 0.299
Id rather not have to convert to a string or anything...
@qmstuart I'm looking around too because I was curious, it looks like you just call the corresponding Java functions like in https://stackoverflow.com/questions/28551000/what-is-the-best-way-to-round-numbers-in-clojure .
I don't know Java at all, but rounding to the nth decimal place might require a little extra work, like in https://www.baeldung.com/java-round-decimal-number.
to be clear those are methods, not functions, and yeah for something like that interop is the answer
you can hack it with multiply/truncate/divide but the java methods are the right way
user=> (with-precision 4 :rounding FLOOR (/ 1 3M))
0.3333M
that's not so badHey can someone please explain what "com" and "org" are? I'm guessing it's a Java convention, but this is my first foray into the JVM :man-shrugging:
https://docs.oracle.com/javase/tutorial/java/package/namingpkgs.html
a way to distinguish packages is my using the organization's name in them. so you know an official version of clojure is named org.clojure/clojure
and its reversed domain. http://clojure.org -> org.clojure. https://stuartsierra.com/ means that component (a popular library) is com.stuartsierra/component
ohhhh ok
thanks
its common in clojure to see the tld dropped and just the organization used. For instance, all of sean corfield's packages are named seancorfield/next.jdbc
or what have you.
Hmm ok
or to disregard owning the name entirely, and creating non-existent projects implicitly with the same generic name as the library (I think this is actively discouraged though)
Any recommendations for a good (up-to-date) tutorial or book on building webpages with Clojure? I know just enough of the language to hack around and break things, but I’m extremely unfamiliar in the ways of web programming.
Are you looking to apply patterns you know in clojure? Or want to just try something very new and see where it takes you?
Just looking to try something new, and I was hoping to use Clojure to do it
> building webpages Are you thinking of a full end to end system or just HTML/css?
Ideally, I’d like to the learn the entire system, but I was mostly curious if there were some good to tutorials people liked to recommend.
Gotcha. Maybe https://www.learnreagent.com/ Or https://purelyfunctional.tv/courses/web-dev-in-clojure/ For tutorials. But keep in mind the web dev space is so large that you your never "done". It's interesting to just pick a project like rum, fulcro, reagent, etc.. and see what problems they're trying to solve.
Beta version of this book might be out soon https://pragprog.com/titles/dswdcloj3/
That would likely be a good start.
Interesting. Looks like some promising resources. Appreciate it!
+1 for reagent. If you know react at all, it's like that but better in so many ways
+1 For http://purelyfunctional.tv. I love Eric's teaching style.
Appreciate the replies. I will look at the http://purelyfunctional.tv article and look into reagent