Fork me on GitHub

@justinlee Nice find!


@tbaldridge @dpsutton So then… If one were to write a naive lisp interpreter, where the repl reader constructs some tree structure for the evaluator to evaluate, what would that tree structure be called?


I guess we’re in agreement then? x)


with our previous messages, I had thought the word “form” refers to the tree structure that the reader outputs… I guess that’s not really correct…


I might be wrong but I don't think there's any deep insight lurking in the distinction between form and expression. But would be a good blog post if you can find anything


meh, it's just words, people use them interchangeably


and yeah, some people do say that lisp forms are an AST, but I've always found that to be quite meaningless -- when people talk about ASTs, there is usually an implied assumption that the nodes will be not just simple values but will also have some sort of tag and meta information attached


terms like these don't have an agreed upon formal definition so it's not very useful (IMO) to try to find deep semantic insights on them


other than entertaining curiosity/doing CS archeology (which is tons of fun tho :) )


Yeah, there probably isn’t any important insight about the word “form”. It just bugs me a bit that the word “form” is used when talking about lispy languages. I can’t quite grasp the meaning, which makes explaining it to other people a little awkward. The best I can say currently is, it’s a thing that looks like ” ( fn-here param-here ) “.


form is what a repl accepts as a complete input


as opposed to AST which might not even be valid code


@odie that definition is incorrect, 1 is a form


right~ ” ( fn-here param-here ) ” is not the correct definition… I’m saying I don’t have a good or intuitive way of explaining what it is to other people…


I'd say that for lisps, given no difference between form and expression, a lisp form is any value that can be returned by the reader and passed to the evaluator, so @noisesmith definition of what a repl accepts as a complete input is quite good


and I say what can be returned by the reader rather than what can be input to a reader because when people talk about lisp forms/expressions they mean the reified objects, not the string representation


okay~ just to rephrase for my own understanding, anything the repl is happy to evaluate is a “form”?


you could go with that, yes


so then a “special form” would be explained as…


special forms exist at a different level


forms are syntactic, special forms exist at the semantic level


the form in special form doesn't quite mean the same thing altho it's pretty close. I guess if you wanted to use that meaning of form, you could say that a special form is a particular form that is a list and whose first element is a particular symbol that causes the evaluator to handle the form in a special way/ different from the normal evaluation rules for forms


clojure has a fun case - could we interpret #_ as being -1 forms?

Clojure 1.9.0
+user=> (#_ / + #_#_ invalid not-good 1 0)


and by particular symbol I mean a symbol that belongs to a closed set of symbols (`if`, def, do ..)


@noisesmith yeah, that's also why i talked about what the reader returns rather than inputs -- reader macros make this all a bit fuzzy :)


ahh, good trick


but just to exemplify how any definition of this is a bit fuzzy -- take a tagged literal #foo [], I would say that this is a single form composed of two "expressions", but expression here obviously doesn't mean lisp expression/form


so you have to accept a bit of non formalism when talking about this stuff. There is likely some formal definition of those terms in some lisp manual, but using a formal definition in general is a bit meaningless when that formal definition is only enforced within a particular manual


alrighty~ Just trying to clear up some terminology… Thanks for all the help, all! 😃


Wow! never knew the form comment is stackable, I always thought they would just cancel out 😄


@U1WMJ5CQ2 You're not alone, that's what the emacs syntax highlighting thinks as well


I am total noob with AWS (and deploying in general). 😬 I set up a S3 containing a client side SPA. I am on Route53 console and wondering what is the next step. Do I need to transfer the domain ( bought with namesilo in order to use it? As I have already set up S3 and cloudfront is there an easy way to link the url and the s3 directly without Route53?


@mohamedhayibor AWS has a guide for static hosting on S3, should be the first few results if you search on google.


I was thinking of opening #news-and-articles, we don't have such a channel right? for blog posts and


(I know there's rss... personally not an attractive option for me anymore, and I guess it has lost traction in general)


@vemv: if it's clojure related newsarticles, I'd be interested in lurking


ok, let's! #news-and-articles


does anyone know any good resources about Java 8 streams and Java Spliterators?


Ideally also if/how they can be used in Clojure 🙂


This is a good topic for #clojure or #java , probably. You can use them just like any other Java interop construct. That said, keep in mind that Clojure's persistent data structures and the 'sequence' abstraction are greatly preferred when working inside Clojure, as they don't rely on stateful operations.


yeah I guess this is kinda on-topic, I’ll repost it there 🙂


Caveat: I am no security researcher, just someone who knows a fair amount about hardware design and software, but the new Spectre attack looks pretty fundamental -- given enough knowledge about a program you want to attack, running at the same time on the same CPU core as a program you have written ("same time" = normal OS multiple processes executing instructions in a time-sliced fashion in the way normal multi-user OS's do), your process can use techniques like warming up the branch prediction unit's on-chip caches, and the L1/L2 cache, and speculative execution of the CPU hardware, to fairly quickly determine secret data values in that victim process's memory, even if the victim process has no security bugs in it. Research paper with more details on it and Meltdown here:

Ben Redden19:01:36

hmm. i wonder if using containers could help mitigate that attack?

Ben Redden19:01:53

or I guess since the container’s are running on the same CPU it wouldn’t matter?


the attack allows reading data across container boundaries


the work around for Linux / Windows eliminates that aspect, with a ~30% cost in performance


sounds to me like there was a big speedup by optimistically lining up data for calculations and bad permissions logic, plus some unknown factor, adding up to the ability to read data that was pre-cached for another task via branch prediction(?)

Ben Redden20:01:59

that sounds intense. a bit above my pay grade, i’m afraid lol


The Meltdown part of it looks like a missing security check to me, allowing an application to get access to kernel data. Something I'd call a processor security bug.


The Spectre thing is more like a timing attack, which some researchers in the past have found ways to exploit even remotely, e.g. if you write server code doing crypto key checks, and the software takes measurably longer times to do the crypto check if bit position J of the key is 1 vs. 0, then a remote attacker could use timing measurements to eventually learn your key.


Straightforward thing to do there on a crypto server is to make all of your calls take nearly the same run time.


The Spectre attacks let a local malicious process, with no traditional security violations in software or hardware, basically let the malicious process set up the processor low-level state in a way that it can do timing measurements of its own code, that give clues to what the other process did while it was running on that CPU a few nanoseconds or microseconds ago.


As far as I understand, the attacker process needs to know the object code of the victim process to be able to tune its behavior and learn the victim's data, by these kinds of measurements/inference.

Ben Redden20:01:38

:thinking_face: thats intense. it seems like that would be a pretty hard thing to accomplish, granted I don’t fully understand the intricacies


Safest mitigation strategy I can think of, which should not be news to anyone, is to only run code you trust on your physical CPUs, at least at the same time. I believe that many security-conscious folks consider running malicious code in the same OS is pretty dangerous due to traditional bugs in OS's and applications anyway, so nothing really surprising there.


what's not known is how much of this is targetable from JS, which is never trusted code 😛


Right. I should now be making several mental notes to myself to access on-line financial accounts from a web browser on a machine I use for almost nothing else at that time.


there's a chrome config to use separate processes for each tab that some are suggesting should be turned on


@noisesmith which doesnt matter in the end, if I understood the bug correctly. Its the scenario like the containers, still the same CPU, no matter the process.


I'm just relaying the suggestion I saw, not pretending to understand the nuances


Personally I've disabled JS until some things become more certain (full impact, patchability)


Also handy to have a second laptop for secondary tasks


it's possible to use slack without js?

Ben Redden20:01:17

😮 disabled JS

Ben Redden20:01:22

does the internet still work?!


I use desktop slack in secondary no-secrets-stored laptop


I was just about to say that. Time to wget the internet from now on.

Ben Redden20:01:16

lol let me know when you figure out how to wget Facebook


leaving facebook behind doesn't sound like a bad thing tbh

Ben Redden20:01:43

i know FB has a Tor hidden service too, actually…

Ben Redden20:01:56

you could proxy to that from a Raspberry PI


> does the internet still work?! I don't mind a little chastity for a month, will appreciate the productivity boost Gmail and github work!

Ben Redden21:01:01

i remember a time when we wrote stuff to work even with JS turned off. but that was a while ago


yeah at some point we gave up 😕


When our chat apps started using js, we couldn't hear people complaining about our website not using js anymore, so we stopped accommodating them


I'm sure they're still out there, reading only the comments of hacker news.


they are complaining on IRC, usenet, and email list servs as we speak

Ben Redden21:01:59

the Tor community is used to it. they were afraid of JS even before these exploits came out


Progressive enhancement should be more of a thing, there are plenty of nonpedantic reasons why someone may not want to run js to read some content who knows, maybe in a couple years Isomorphic apps are easier to build, and we go full circle (we js/cljs devs can match the Rails way again)


dante needs create a new layer of hell for js devs who take news articles than creates full page popups that appear 5 seconds after you start reading

qqq22:01:50 <-- can someone please explain to me what XRP is useful for? unlike bitcoin, there isn't even a "public ledger backed by lots of crypto hashing power" right?


its stated purpose is to transfer money around the world.. the volatility in it suggest it might not be great for that


although an hn reply to my question about the volatility suggests xrp is only used for paying fees...


although i have to admit i dont understand the need for a cryptocurrency to pay fees


“Globally, developers who use Clojure in their jobs have the highest average salary...” wow