Fork me on GitHub
#clojure
<
2021-05-11
>
Rob Haisfield13:05:02

Is there a good Clojure library for image manipulation? I have a bunch of .png and .jpg files that I need to resize

Noah Bogart13:05:45

if no one has good library recs, image magick on the command line is sick

borkdude13:05:09

yeah image magick is really good (and you can shell out to it with whatever scripting solution you like :))

☝️ 3
borkdude13:05:21

I've also used https://github.com/mikera/imagez a few times, don't remember much of it though

Rob Haisfield13:05:22

Yeah I’d love an alternative to Image Magick mostly just because I want to practice Clojure more (I’m a beginner and wanting early projects)

borkdude13:05:52

@rob370 You could practice Clojure using babashka and then shell out to image magick, if this is just for scripting and not a long running JVM production app or something

borkdude13:05:36

But else the imagez library should in theory work as well, on the JVM

valerauko15:05:12

image magick is a disaster as soon as you actually care about not blowing things up

☝️ 3
chrisfarber15:05:58

I’m curious if you could elaborate on this, as I’m actively considering shelling out to graphicsmagick or imagemagick for something I’m working on 🙂

valerauko15:05:33

it's a vulnerability, you need to learn to write its policy file so you don't accidentally your server to some attacker

valerauko15:05:48

not to mention you're shelling out to an external binary which in itself is slow

valerauko15:05:19

it will keep throwing errors at you in the most arcane and mysterious ways (depending on how you call it) so good luck figuring out what actually is wrong when it fails

chrisfarber15:05:34

Good points. And thanks for sharing that twelve monkeys library, I hadn’t come across it yet.

valerauko16:05:05

i'm actually in the middle of rewriting our image processing from ruby-calling-imagemagick in clojure/java imageio because the former combination is just slow and vulnerable and complicated and fragile

valerauko16:05:18

if you do try imageio/twelve monkeys then feel free to throw questions at me if you get stuck haha (though i'm not doing complicated graphics editing, just simple compositing/resizing/cropping)

👍 3
Noah Bogart16:05:20

can you say more about how it's a security disaster? when would it be exposed to users?

valerauko16:05:54

when your user uploads an image that you want imagemagick to convert

👍 3
Christoffer Ekeroth22:05:36

This is sort of how the original PSP was hacked: https://en.wikibooks.org/wiki/PSP/Homebrew_History#The_TIFF_Exploit By exploiting a buffer overrun bug in libtiff the hackers were able to run unsigned code, essentially by loading an image from a memory card

😮 4
valerauko15:05:11

i've used the twelve monkeys library for doing imageio (compositing, resizing, thumbnails) https://github.com/haraldk/TwelveMonkeys

valerauko15:05:45

sure it's not clojure but it's not hard to use

seancorfield16:05:23

At work we use both the mikera/imagez library and the TwelveMonkeys libraries. We do a lot of resizing, rotation, and cropping.

dpsutton19:05:42

On java 11, we're getting the following warning on startup: > WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance. We currently think that this is caused by the use of log4j which is a multi-release jar, including specific code for different jvm versions. It seems that depending on a multi-release jar makes the jar you create a multi-release, but it seems you need to set it yourself. We are still creating an uberjar with lein at the moment. Does anyone know if there's a way for lein to add this configuration? It seems I can manually do it myself with jar umf manifest-update target/uberjar.jar where manifest-update is a file with Multi-Release: true\n.

hiredman19:05:39

You can set arbitrary keys in the manifest like so

dpsutton19:05:50

oh thank you. i was looking for something specific to multi-release and didn't think to look for arbitrary manifest entry

dpsutton19:05:15

i'm still a bit surprised that multi-release is transitive like this. depending on a jar with this requires your own jar to set this

ghadi19:05:54

Alternatively you could view it as a bug in lein where uberjars are losing critical information

hiredman19:05:16

Jars are not really transitive

hiredman19:05:12

It isn't that depending on a jar requires your jar to set it

hiredman19:05:38

When you build an uberjar you create a whole new jar

dpsutton19:05:57

thanks. those are good points. I'll open up an issue on lein about it.

hiredman19:05:19

The process is basically take the jars and unzip into the same place and then rezip, to merge the contents

hiredman19:05:06

Which is of course problematic when you have conflicts, and thjar manifest is something that will always conflict

dpsutton19:05:31

yeah. i wonder if depstar handles this correctly

ghadi19:05:15

pretty sure @seancorfield did the correct thing

dpsutton19:05:36

it seems he did. awesome

borkdude19:05:32

of course, he's sean!

ghadi19:05:31

another thing lein does with uberjars is propagate the module-info.class from modularized jars

ghadi19:05:47

this makes the whole uberjar modularized -- which it shouldn't be

ghadi19:05:01

kind of the opposite problem

ghadi19:05:11

anyways, depstar handles both of these cases correctly

seancorfield20:05:05

depstar also handles the log4j2 plugin cache correctly which you need if you build an uberjar with multiple dependencies that each include some log4j2 plugins (there is a Leiningen plugin that will “fix” lein uberjar’s behavior).