Fork me on GitHub
#clojure-uk
<
2019-05-15
>
dharrigan07:05:35

good morning

yogidevbear08:05:09

Morning. Does anyone have an account with ft? I don't, but I'd really like to know what this article says about the protocol used in the WhatsApp vulnerability and if it says anything positive/negative about the Signal app which uses the same protocol as WhatsApp https://www.ft.com/content/4da1117e-756c-11e9-be7d-6d846537acab

alexlynham08:05:37

@mccraigmccraig @dominicm +1 for west country fudge. Creamier

dharrigan08:05:45

I believe it was a buffer overflow on voip messages, not specifically about the encryption protocol

yogidevbear08:05:25

Yeah I read similar on a Verge article I think. Curious to find out if this is something specifically related to WhatsApp or whether it's some generic about VOIP that other apps like Signal would be subject to

dharrigan08:05:27

I see, so nothing about the encryption protocol per se. Gotcha.

yogidevbear08:05:19

>A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number

yogidevbear08:05:29

All seems a bit vague as to whether this is purely a WhatsApp issue or not 🤷

Ben Hammond08:05:01

reckons it is purely a WhatsApp bug albeit a cross platform one

Ben Hammond08:05:26

>After all, why bother cracking WhatsApp's strong end-to-end encryption when you can overflow a buffer and hack the code itself?

yogidevbear08:05:07

Cool, thanks @ben.hammond 👍

dominicm09:05:01

Signal is not vulnerable

maleghast10:05:48

@dominicm - Which is why I tell everyone that will listen that they should use Signal instead, but do they listen..?

alexlynham10:05:00

> that will listen > but do they listen is this a symbol/signifier postmodernist thing?

alexlynham12:05:32

I once f***ed up a uni essay on postmodernism by using postmodernist critique on the question, and concluding that there was nothing I could say that could be marked as relatively more valid or less valid than any other answer (and thus, is it even an exam question if it cannot be objectively assessed?)

alexlynham12:05:49

that… did not go down well

rickmoynihan13:05:41

And down the Mandelbrot we go…

alexlynham10:05:17

sorry, niche joke

alexlynham10:05:25

my humanities degree is showing…

jasonbell10:05:46

@maleghast It got to the point that I had two friends on my contacts who were using Signal, everyone else was on Messenger or WhatsApp. And those two friends on Signal I didn’t talk to much anyway…… May have well renamed it Tumbleweed.

dominicm10:05:09

@maleghast I talk to my partner on there, which is 99% of my personal communication

dominicm10:05:31

I may install the app on my mum's phone and set it as the sms app, so she'll use it to talk to me without trying

maleghast10:05:02

@jasonbell @dominicm - I use Signal to talk to my parents and a couple of paranoid friends... 😉

dominicm10:05:52

on topic question: I have some code which may terminate early, currently it's returning {::skipped true} which I don't love. This is a process that will be retried later (it's a retryable failure)

dominicm10:05:24

None of the anomalies quite fit except maybe :busy, which isn't quite right either. It's usually going to be "dependency unresolved".

dominicm10:05:56

Looking for naming suggestions 🙂

dominicm11:05:09

trying to talk about clojure in this channel is going to go badly eh 😛

💯 4
jasonbell11:05:40

(prn "might do")

seancorfield22:05:26

I love 🙂

Ben Hammond11:05:53

may be available in the future being the important thing

Ben Hammond11:05:48

doesn't quite work does it

dominicm11:05:30

404 is nice, except you're not technically supposed to return a body for that, except I might do. If you do this:

(def atom 0)
(inc (dependency-failure (swap! some-atom inc)))
I want to return
{:xxx true
 :??? (inc (dependency-failure 1))}

dominicm11:05:48

But if it succeeds, I'll return {:??? 2}

Ben Hammond11:05:09

well you're actually retturning http are you? its more a sort of paradigm inspiration thing?

dominicm11:05:18

oh for sure 😄

Ben Hammond11:05:55

so I guess I'm suggesting :not-found as the anomaly

dominicm11:05:16

I suppose the fact you had to explicitly mention that "may be available in the future" should indicate that it's not entirely clear 🙂

Ben Hammond11:05:36

yeah maybe thats right

dominicm11:05:22

I'm tempted to open an issue for this category.

Ben Hammond11:05:57

:retry-later ?

dominicm11:05:14

Although, one could argue that in my case it isn't a retryable thing at all. You are literally saying "You have not given me all that I need in order to continue".

Ben Hammond11:05:41

:tell-me-more-or-i'll-start-making-stuff-up

dominicm11:05:36

The fact that my calling process loops over everything over and over again (so will eventually get there) is irrelevant, another implementation might examine the map to find out what dependency is missing and jump straight to it (depth first search vs restarting process)

Ben Hammond11:05:20

:dependency-not-available

dominicm11:05:02

I may switch to something like that tbh. I'm trying to figure remember if there's any other use-cases I had in mind which may need to defer.

dominicm11:05:27

(defer is a good word to consider for this state and pairs nicely as :defer and :deferred for the new deferred value)

rickmoynihan13:05:23

:retryable-failure

rickmoynihan13:05:24

if it’s a generic api and the internals are raising the error — then it should be in the domain of the api i.e. generic… if it’s an application/domain level thing and not a reusable api then name it in domain terms. It seems you’re undecided which level it’s at.

jasonbell13:05:31

:shoulder-shrugs-from-this-point-on

maleghast13:05:06

South African edition: :just-now

maleghast13:05:30

Scottish Edition: :away-ter-f***

otfrom13:05:20

:gonnae-no-dae-that is if you can't retry it, but you will anyway

yogidevbear13:05:34

:just-now == :now-now too

otfrom13:05:37

when you try again it returns :just-gonnae-no

😂 4
rickmoynihan14:05:32

and when you try again :shut-yer-puss … and again :glesga-kiss 💥

rickmoynihan14:05:22

hmm the Scotts dialect wikipedia translation is crying out to have HTTP status codes translated 😀 https://sco.wikipedia.org/wiki/Main_Page

yogidevbear13:05:52

:now-now as opposed to :real-now

Ben Hammond14:05:54

haha showing your roots there Andy

yogidevbear14:05:56

well, part of my roots. It was pretty comical when I still used those terms after moving back here and getting my first job 🙂

jasonbell13:05:53

:there-was-a-cat-that-really-was-gone

maleghast14:05:35

:ra-ra-rasputin-russias-greatest-love-machine

maleghast14:05:42

Anyone in here played with Fission -> https://fission.io/ <- with Clojure..?

alexlynham15:05:32

why fission > kubeless?

jasonbell15:05:00

I saw RedHat demoing Kafka/ML/Kubeless a couple of weeks ago, very good it was too.

alexlynham15:05:09

if I was running k8s clusters and didn’t mind the faff, I’d be p into it

alexlynham15:05:22

tbh tho, happy to pay AWS on the whole

mccraigmccraig15:05:16

i quite like the sound of it because ops on k8s is easier and (a lot) more portable than ops on AWS

alexlynham15:05:50

I guess the big thing is deploying the artifacts is easier

alexlynham15:05:05

because you don’t need to faff with cloudformation or terraform

alexlynham15:05:40

you could use Serverless (the framework) which is easier than either (as long as your entire service is lambdas)

alexlynham15:05:13

if there’s an impedance mismatch between your code and runtime env then k8s will help as you’re able to run and test in the same containers you’ll deploy - which is p much how you test AWS lambdas - i.e. using containers

Conor15:05:25

API Gateway is a cursed service

jasonbell15:05:48

Have to admit having read the Fission stuff it looks rather faffy to me.

maleghast17:05:55

OK, so no one has any direct experience, but “leaving it to AWS Lambda” seems to be the consensus…

maleghast17:05:41

I do have another Kubernetes related question to put to the room, however… Does anyone have any experience with either Rancher or Heptio as a gateway to K8s usage, a simplifying force, shall we say..?

jasonbell17:05:00

Sorry @maleghast I’ve not been completely keeping up with the convo, what is it you’re trying to achieve?

maleghast17:05:22

I am looking for a tool or environment to help me with managing K8s and deploying workloads into K8s environments

maleghast17:05:52

I don’t like the look of OpenShift, so the other options that look “of interest” to me are Rancher and Heptio

maleghast17:05:27

My knee-jerk reaction is to prefer Rancher because it’s more open source AND not owned by VMWare

jasonbell17:05:05

I’d still get comfy with the command line first in all honesty. Tools are all very well but there are days you just need to command line.

dharrigan18:05:44

I used rancher, but only as a spike

dharrigan18:05:59

Seemed to work well for what I was, a service mesh to handling the ingress and egress

dharrigan18:05:16

I liked Rancher

dharrigan18:05:35

I also liked the ability for it to route requests to services depending upon URL path, or type etc.., and to scale and perform ratios of requests to services.

dharrigan18:05:45

given the sidecar proxy it utilised.