Fork me on GitHub
#boot
<
2016-09-12
>
borkdude10:09:40

what is the boot equivalent of lein ancient?

martinklepsch10:09:24

boot show -u is also sufficient most of the time

borkdude10:09:40

@martinklepsch what’s the difference?

martinklepsch10:09:44

the output is a bit different, try both and you'll quickly see

martinklepsch10:09:11

I guess we could also improve the output of boot show --updates, not sure if there's a particular reason for it being so basic

xcthulhu15:09:07

@micha : I was looking over this, it's just using SHA1 hashes 😞 https://docs.oracle.com/javase/tutorial/deployment/jar/intro.html

xcthulhu15:09:41

Collision attacks for SHA1 are getting easier and easier, which is why google is sunsetting SHA1 and nobody in digital currency uses them at all - https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html

xcthulhu15:09:11

You should maybe not use this tool.

micha16:09:17

@xcthulhu ah yeah, that's a bummer

xcthulhu16:09:34

<@U055HMK9L> Also, in general, ~5% of registered certs and *~10%* of ssh-keys are crackable by due to insufficient randomness - <https://factorable.net/>

xcthulhu16:09:32

Part of the horror of GCD attacks is that they are embarrassingly parallelizable, so you can farm out lots of crackers on AWS or a botnet. The common factor problem is an issue for ECC and Twisted Edwards curves too, but I've never read about a researcher implementing the published techniques.

xcthulhu16:09:07

So you might consider migrating your GPG certs and ssh-keys to ED25519 if you haven't already.

richiardiandrea17:09:41

@xcthulhu did not that, thanks for sharing it! Even rsa4096 is weak?

richiardiandrea17:09:28

ah ok no, reading it better, this should not happen if you generated your key on a desktop right?

xcthulhu17:09:51

the GCD attacks are harder for RSA4096. The lack-of-entropy problem is less of a big deal for desktops than servers where keys might be generated automatically as part of a bring up procedure.

zilti17:09:36

Hi! I have a little problem... I'm storing a file into the fileset using a task, and launch the application using a task, but the application can't access/find the file stored by the task. Is there something I misunderstood? Here's the relevant code snippets: https://bitbucket.org/snippets/zilti/ogx8d

juhoteperi17:09:03

@zilti First, you need to use io/resource to access files in classpath. io/file with relative path only sees working directory

juhoteperi17:09:37

Secondly, you can replace (reduce str (line-seq ...)) with just slurp (it will keep the newlines, but I doubt that matters)

juhoteperi17:09:16

But, even that is probably unnecessary, the http server can probably just use URL as response: :handle-ok (io/resource "data/css/main.css")

zilti17:09:13

@juhoteperi Oh dear, why did I run into this mistake again πŸ˜• That solved it, thanks a lot! I spent my half afternoon trying to get it to work ^^ Yes, I had slurp at first, but I thought replacing it would probably, maybe help.

flyboarder19:09:41

@xcthulhu i posted a few security thoughts in #clojars

jeffh-fp20:09:09

should I think of boot as a replacement for Leiningen?

seancorfield20:09:57

At a high level, yes.

seancorfield20:09:44

Perhaps my series of blog posts will be useful reading in that context?

jeffh-fp21:09:01

ah wow thanks

jeffh-fp21:09:38

very helpful

peeja21:09:03

I have boot-cljs outputting source maps, but no original sources. Is there a trick to getting those to show up in the output?

juhoteperi21:09:11

@peeja Original sources are outputted by default

juhoteperi21:09:37

You can check the target dir to see that the files are written correctly

juhoteperi21:09:43

They just aren't being loaded

juhoteperi21:09:09

Maybe automatically set source-map-path is not correct

peeja21:09:41

Oh, you're right. I wasn't seeing them for some reason, but it was bad console-fu.

peeja21:09:35

Ah, yep, that's it. The source file is reported as /js/devcards.out/compassus/devcards.out/compassus/core.cljc

juhoteperi21:09:46

Interesting, I don't remember seeing any case before with incorrect source-map-path

peeja21:09:20

Looks like the actual reported source is devcards.out/compassus/core.cljc

peeja21:09:32

So, maybe it's an issue with having a / in the build id?

juhoteperi21:09:57

It is possible. I remember seeing projects with that before, but I can't be sure if source-maps worked on those.

richiardiandrea23:09:19

One thing I wanted to ask, I still cannot obtain full class path isolation if I use :clj clauses in .cljc files. This never happen in lein as we know, but it can in boot pods. Let's say I am using a clj-only dependency in a .cljc file, I require it as:

(:require #?(:clj [clj-time.core :as t]))

richiardiandrea23:09:02

Now, when this loads as cljs, the :clj part is evaluated

richiardiandrea23:09:10

because of macro resolution

richiardiandrea23:09:26

but I don't have clj-time in my frontend deps

richiardiandrea23:09:19

the only workaround is of course to include clj-time in both classpaths

richiardiandrea23:09:31

but this bothers me a little πŸ˜„

kenny23:09:10

I have had that question as well ^

richiardiandrea23:09:28

it might be worth opening a JIRA issue I guess