Clojurians Log v2

Clojure programming

Channels

# 100-days-of-code # aatree # admin-announcements # adventofcode # ai # alda # aleph # all-the-channels # announcements # arachne # architecture # asami # atlanta-clojurians # atom-editor # autochrome-github # avi # aws # aws-lambda # babashka # babashka-sci-dev # bangalore-clj # beginners # berlin # biff # bigdata # bitcoin # boot # boot-dev # boulder-clojurians # braid-chat # braveandtrue # brevis # bristol-clojurians # business # calva # capetown # carry # cbus # cestmeetup # chestnut # chlorine-clover # cider # circleci # clara # clj-commons # cljdoc # cljfx # clj-http # clj-kondo # clj-on-windows # cljs-dev # cljs-experience # cljsfiddle # cljsjs # cljsrn # cljtogether # clojars # clojure # clojure-android # clojure-argentina # clojure-art # clojure-austin # clojure-australia # clojure-austria # clojure-bangladesh # clojure-bay-area # clojure-beijing # clojure-belgium # clojure-berlin # clojure-boston # clojure-brasil # clojurebridge # clojurebridge-ams # clojure-canada # clojure-chennai # clojure-chicago # clojure-china # clojure-colombia # clojure-conj # clojurecup # clojure-czech # clojured # clojure-denmark # clojure-denver # clojure-derby # clojuredesign-podcast # clojure-dev # clojure-dusseldorf # clojure-ecuador # clojure-egypt # clojure-estonia # clojure-europe # clojure-filipino # clojure-finland # clojure-france # clojure-gamedev # clojure-germany # clojure-greece # clojure-guangzhou # clojure-hamburg # clojure-hk # clojure-houston # clojure-hungary # clojure-india # clojureindia # clojure-indonesia # clojure-ireland # clojure-israel # clojure-italy # clojure-japan # clojure-kc # clojure-korea # clojure-losangeles # clojure-madison # clojure-mexico # clojure-miami # clojure-mk # clojure-mke # clojure-morsels # clojure-my # clojure-new-zealand # clojure-nl # clojure-nlp # clojure-norway # clojure-poland # clojure-portugal # clojure-provo # clojure-quebec # clojureremote # clojure-romania # clojure-russia # clojure-sanfrancisco # clojurescript # clojurescript-ios # clojure-sdn # clojure-seattle # clojure-serbia # clojure-sg # clojure-shanghai # clojure-spain # clojure-spec # clojuresque # clojure-survey # clojure-sweden # clojure-switzerland # clojure-taiwan # clojure-turkiye # clojure-uk # clojure-ukraine # clojureverse-ops # clojurewerkz # clojurewest # clojurex # clojure-za # clojurian-chat-app # clojutre # cloverage # cloxp # clr # code-art # code-reviews # community-development # component # conf-proposals # conjure # consulting # contributions-welcome # copenhagen-clojurians # core-async # core-logic # core-matrix # core-typed # cryogen # crypto # css # cursive # cz-clojure # d2q # datacrypt # datahike # datalevin # datalog # data-oriented-programming # data-science # datascript # datavis # dato # datomic # defnpodcast # deps-new # depstar # devcards # devops # dirac # docker # docs # domino-clj # duct # dunaj # eastwood # editors # emacs # error-message-catalog # etaoin # ethereum # euroclojure # events # exercism # expound # figwheel # figwheel-main # flambo # fulcro # funcool # functionalprogramming # funimage # garden # ghostwheel # girouette # gis # google-cloud # gorilla # graalvm # graalvm-mobile # graclj # graphql # gratitude # gsoc # hammock-driven-dev # helix # heroku # hispano # holy-lambda # honeysql # hoplon # hugsql # humor # hypercrud # hyperfiddle # immutant # improve-getting-started # incanter # indycljs # inf-clojure # instaparse # integrant # interceptors # interop # introduce-yourself # iot # iotivity # ipfs # jackdaw # jaunt # java # javascript # javelin # jobs # jobs-discuss # jobs-rus # joker # jukebox # juxt # jvm # kaocha # keechma # kekkonen # keyboards # klipse # kosmos # lambdaisland # ldnclj # ldnproclodo # lein-figwheel # leiningen # liberator # liquid # livestream # local-first-clojure # london-clojurians # lsp # luminus # lumo # mail # malli # mathematics # meander # melbourne # membrane # mental-health # microservices # mid-cities-meetup # midje # minecraft # minimallist # missionary # monads # mount # music # new-channels # new-clojure # nextjournal # nginx # nrepl # numerical-computing # nyc # observability # off-topic # om # om-next # onyx # other-languages # other-lisps # overtone # pamela # parinfer # pathom # pedestal # perun # philosophy # phzr # planck # plastic # play-clj # podcasts # polylith # portal # portkey # portland-or # powderkeg # practicalli # precept # prelude # programming-beginners # project-updates # proletarian # proton # protorepl # pulsar # pure-frame # qa # qlkit # quil # random # rdf # react # reactive # reading-clojure # reagent # reclojure # re-frame # reitit # releases # remote-jobs # respo # rethinkdb # reveal # rewrite-clj # ring # ring-swagger # robots # rum # schema # sci # sfcljs # shadow-cljs # _silence # sim-testing # sioux-falls # slack-help # sneer # sneer-br # spacemacs # specmonstah # specter # speculative # spirituality-ethics # sql # startup-in-a-month # sydney # test200 # test-check # testing # thejaloniki # timbre # tmp-json-parsing # tools-build # tools-deps # trading # tree-sitter # uncomplicate # unrepl # untangled # utah-clojurians # videos # vim # vrac # vscode # wasm # web-security # windows # xtdb # yada # yleinen

Apps

clojure-dev

Issues: https://clojure.atlassian.net/browse/CLJ | Guide: https://insideclojure.org/2015/05/01/contributing-clojure/

2019-04-22T05:16:52.049Z

Hello, I have a small improvement idea and would like to discuss it to see if it is interesting for the Clojure language: the “Unquote Conditional” ~? which adds the value of the following expression if it is not nil, and adds nothing otherwise.

2019-04-22T05:26:39.051400Z

Without ~?expr, users have to do something like ~@(when-let [e expr] [e]).

2019-04-22T05:36:03.053300Z

… maybe it would need to use another character, as ? is valid as the first character of a symbol.

slipset 2019-04-22T07:54:42.062200Z

I’ll almost promise that this is the last time I’ll bring up the clojure.set thing, but I’d like to flog the dead horse one last time. The argument goes that Clojure is correct for correct programs, and by this, passing non-sets to the set functions is deemed as an incorrect program, as is (as discussed above) using - as a comparator. If these programs threw an exception (as does using str as a comparator), I wouldn’t have a problem with this line of reasoning, but I do find it very scary that such incorrect programs are allowed to run and produce seemingly correct outputs.

2019-04-22T10:11:56.062600Z

I think the answer to the clojure.set situation is supposed to be spec

seancorfield 2019-04-22T18:05:02.063700Z

The other consideration is performance: adding a runtime type check on set functions adds a cost that all programs have to pay, even correct ones (which already pass sets).

seancorfield 2019-04-22T18:05:59.064500Z

I agree with @gfredericks that this feels like something that matters more in dev/test and that Spec could help with that @slipset

john 2019-04-22T19:52:48.069200Z

I'm wondering - With the Spectre attack being the product of speculative execution, are Clojure's speculative/optimistic concurrency features also vulnerable to such timing attacks? If supposing someone tried to use STM in a multi-tenant environment? Or any other concurrency primitives that retry? I'd assume you probably can't get a high enough timer resolution on retries to do the same thing in Clojure.

ghadi 2019-04-22T20:13:05.071Z

Spectre is much more insidious and pervasive than STM / atoms. It does not need retry / concurrency features

ghadi 2019-04-22T20:13:23.071500Z

Ordinary conditionals can make decent spectre gadgets

john 2019-04-22T20:14:27.072100Z

Aye, Spectre is a hardware-level flaw

ghadi 2019-04-22T20:14:58.072500Z

https://openjdk.java.net/jeps/342

john 2019-04-22T20:15:06.072700Z

Much lower level than Clojure's abstractions

john 2019-04-22T20:17:04.074Z

And I understand that the "speculative execution" being talked about in Spectre is a fairly different thing than what is in Clojure. Just wondering if there's in any spiritual similarity there.

john 2019-04-22T20:17:17.074400Z

I'll check out that JEP, thanks @ghadi

john 2019-04-22T20:20:27.075800Z

I guess part of the Spectre exploit depends on cache misses, which aren't really part of the picture wrt Clojure's retries.

arohner 2019-04-22T20:50:08.076800Z

Spectre is also scary because untrusted code can read memory out of unrelated processes. If you’re executing potentially hostile code inside the JVM, you have no security guarantees

2019-04-22T23:03:42.078Z

I don't know the details of the existing software changes made to help protect against Spectre, unfortunately, to give a summary of what they do, but if you really want to protect against Spectre, do not run your process on the same physical CPU core as other code you do not trust.

2019-04-22T23:04:04.078500Z

i.e. on AWS, rent a physical machine instead of a VM