This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2016-09-12
Channels
- # admin-announcements (3)
- # beginners (17)
- # boot (52)
- # braveandtrue (95)
- # cider (4)
- # cljs-dev (2)
- # clojars (118)
- # clojure (146)
- # clojure-art (4)
- # clojure-austin (1)
- # clojure-finland (20)
- # clojure-italy (33)
- # clojure-nl (1)
- # clojure-russia (49)
- # clojure-spec (136)
- # clojure-uk (28)
- # clojurescript (134)
- # clojutre (1)
- # conf-proposals (64)
- # cursive (3)
- # datomic (76)
- # hoplon (11)
- # ipfs (7)
- # jobs (1)
- # jobs-rus (1)
- # leiningen (4)
- # luminus (4)
- # mount (9)
- # om (34)
- # onyx (34)
- # proton (1)
- # re-frame (4)
- # reagent (35)
- # ring (2)
- # ring-swagger (6)
- # rum (15)
- # untangled (87)
boot show -u
is also sufficient most of the time
@martinklepsch whatβs the difference?
the output is a bit different, try both and you'll quickly see
I guess we could also improve the output of boot show --updates
, not sure if there's a particular reason for it being so basic
@micha : I was looking over this, it's just using SHA1 hashes π https://docs.oracle.com/javase/tutorial/deployment/jar/intro.html
Collision attacks for SHA1 are getting easier and easier, which is why google is sunsetting SHA1 and nobody in digital currency uses them at all - https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
<@U055HMK9L> Also, in general, ~5% of registered certs and *~10%* of ssh-keys are crackable by due to insufficient randomness - <https://factorable.net/>
Part of the horror of GCD attacks is that they are embarrassingly parallelizable, so you can farm out lots of crackers on AWS or a botnet. The common factor problem is an issue for ECC and Twisted Edwards curves too, but I've never read about a researcher implementing the published techniques.
So you might consider migrating your GPG certs and ssh-keys to ED25519 if you haven't already.
@xcthulhu did not that, thanks for sharing it! Even rsa4096 is weak?
ah ok no, reading it better, this should not happen if you generated your key on a desktop right?
the GCD attacks are harder for RSA4096. The lack-of-entropy problem is less of a big deal for desktops than servers where keys might be generated automatically as part of a bring up procedure.
Hi! I have a little problem... I'm storing a file into the fileset using a task, and launch the application using a task, but the application can't access/find the file stored by the task. Is there something I misunderstood? Here's the relevant code snippets: https://bitbucket.org/snippets/zilti/ogx8d
@zilti First, you need to use io/resource
to access files in classpath. io/file
with relative path only sees working directory
Secondly, you can replace (reduce str (line-seq ...))
with just slurp
(it will keep the newlines, but I doubt that matters)
But, even that is probably unnecessary, the http server can probably just use URL as response: :handle-ok (io/resource "data/css/main.css")
@juhoteperi Oh dear, why did I run into this mistake again π That solved it, thanks a lot! I spent my half afternoon trying to get it to work ^^ Yes, I had slurp at first, but I thought replacing it would probably, maybe help.
@xcthulhu i posted a few security thoughts in #clojars
At a high level, yes.
Perhaps my series of blog posts will be useful reading in that context?
http://seancorfield.github.io/blog/2016/01/29/rebooting-clojure/ http://seancorfield.github.io/blog/2016/01/30/building-on-boot/ http://seancorfield.github.io/blog/2016/01/31/testing-with-boot/
Also http://seancorfield.github.io/blog/2016/02/02/boot-new/ http://seancorfield.github.io/blog/2016/06/17/more-boot/
I have boot-cljs
outputting source maps, but no original sources. Is there a trick to getting those to show up in the output?
@peeja Original sources are outputted by default
Huh. It doesn't appear to be working for me here: https://github.com/compassus/compassus/blob/master/build.boot#L58-L70
You can check the target dir to see that the files are written correctly
They just aren't being loaded
Maybe automatically set source-map-path is not correct
Ah, yep, that's it. The source file is reported as /js/devcards.out/compassus/devcards.out/compassus/core.cljc
Interesting, I don't remember seeing any case before with incorrect source-map-path
It is possible. I remember seeing projects with that before, but I can't be sure if source-maps worked on those.
One thing I wanted to ask, I still cannot obtain full class path isolation if I use :clj
clauses in .cljc
files. This never happen in lein
as we know, but it can in boot pods. Let's say I am using a clj-only dependency in a .cljc
file, I require it as:
(:require #?(:clj [clj-time.core :as t]))
Now, when this loads as cljs, the :clj
part is evaluated
because of macro resolution
but I don't have clj-time
in my frontend deps
the only workaround is of course to include clj-time
in both classpaths
but this bothers me a little π
it might be worth opening a JIRA issue I guess