Clojurians Log v2

Clojure programming

Channels

# 100-days-of-code # aatree # admin-announcements # adventofcode # ai # alda # aleph # all-the-channels # announcements # arachne # architecture # asami # atlanta-clojurians # atom-editor # autochrome-github # avi # aws # aws-lambda # babashka # babashka-sci-dev # bangalore-clj # beginners # berlin # biff # bigdata # bitcoin # boot # boot-dev # boulder-clojurians # braid-chat # braveandtrue # brevis # bristol-clojurians # business # calva # capetown # carry # cbus # cestmeetup # chestnut # chlorine-clover # cider # circleci # clara # clj-commons # cljdoc # cljfx # clj-http # clj-kondo # clj-on-windows # cljs-dev # cljs-experience # cljsfiddle # cljsjs # cljsrn # cljtogether # clojars # clojure # clojure-android # clojure-argentina # clojure-art # clojure-austin # clojure-australia # clojure-austria # clojure-bangladesh # clojure-bay-area # clojure-beijing # clojure-belgium # clojure-berlin # clojure-boston # clojure-brasil # clojurebridge # clojurebridge-ams # clojure-canada # clojure-chennai # clojure-chicago # clojure-china # clojure-colombia # clojure-conj # clojurecup # clojure-czech # clojured # clojure-denmark # clojure-denver # clojure-derby # clojuredesign-podcast # clojure-dev # clojure-dusseldorf # clojure-ecuador # clojure-egypt # clojure-estonia # clojure-europe # clojure-filipino # clojure-finland # clojure-france # clojure-gamedev # clojure-germany # clojure-greece # clojure-guangzhou # clojure-hamburg # clojure-hk # clojure-houston # clojure-hungary # clojure-india # clojureindia # clojure-indonesia # clojure-ireland # clojure-israel # clojure-italy # clojure-japan # clojure-kc # clojure-korea # clojure-losangeles # clojure-madison # clojure-mexico # clojure-miami # clojure-mk # clojure-mke # clojure-morsels # clojure-my # clojure-new-zealand # clojure-nl # clojure-nlp # clojure-norway # clojure-poland # clojure-portugal # clojure-provo # clojure-quebec # clojureremote # clojure-romania # clojure-russia # clojure-sanfrancisco # clojurescript # clojurescript-ios # clojure-sdn # clojure-seattle # clojure-serbia # clojure-sg # clojure-shanghai # clojure-spain # clojure-spec # clojuresque # clojure-survey # clojure-sweden # clojure-switzerland # clojure-taiwan # clojure-turkiye # clojure-uk # clojure-ukraine # clojureverse-ops # clojurewerkz # clojurewest # clojurex # clojure-za # clojurian-chat-app # clojutre # cloverage # cloxp # clr # code-art # code-reviews # community-development # component # conf-proposals # conjure # consulting # contributions-welcome # copenhagen-clojurians # core-async # core-logic # core-matrix # core-typed # cryogen # crypto # css # cursive # cz-clojure # d2q # datacrypt # datahike # datalevin # datalog # data-oriented-programming # data-science # datascript # datavis # dato # datomic # defnpodcast # deps-new # depstar # devcards # devops # dirac # docker # docs # domino-clj # duct # dunaj # eastwood # editors # emacs # error-message-catalog # etaoin # ethereum # euroclojure # events # exercism # expound # figwheel # figwheel-main # flambo # fulcro # funcool # functionalprogramming # funimage # garden # ghostwheel # girouette # gis # google-cloud # gorilla # graalvm # graalvm-mobile # graclj # graphql # gratitude # gsoc # hammock-driven-dev # helix # heroku # hispano # holy-lambda # honeysql # hoplon # hugsql # humor # hypercrud # hyperfiddle # immutant # improve-getting-started # incanter # indycljs # inf-clojure # instaparse # integrant # interceptors # interop # introduce-yourself # iot # iotivity # ipfs # jackdaw # jaunt # java # javascript # javelin # jobs # jobs-discuss # jobs-rus # joker # jukebox # juxt # jvm # kaocha # keechma # kekkonen # keyboards # klipse # kosmos # lambdaisland # ldnclj # ldnproclodo # lein-figwheel # leiningen # liberator # liquid # livestream # local-first-clojure # london-clojurians # lsp # luminus # lumo # mail # malli # mathematics # meander # melbourne # membrane # mental-health # microservices # mid-cities-meetup # midje # minecraft # minimallist # missionary # monads # mount # music # new-channels # new-clojure # nextjournal # nginx # nrepl # numerical-computing # nyc # observability # off-topic # om # om-next # onyx # other-languages # other-lisps # overtone # pamela # parinfer # pathom # pedestal # perun # philosophy # phzr # planck # plastic # play-clj # podcasts # polylith # portal # portkey # portland-or # powderkeg # practicalli # precept # prelude # programming-beginners # project-updates # proletarian # proton # protorepl # pulsar # pure-frame # qa # qlkit # quil # random # rdf # react # reactive # reading-clojure # reagent # reclojure # re-frame # reitit # releases # remote-jobs # respo # rethinkdb # reveal # rewrite-clj # ring # ring-swagger # robots # rum # schema # sci # sfcljs # shadow-cljs # _silence # sim-testing # sioux-falls # slack-help # sneer # sneer-br # spacemacs # specmonstah # specter # speculative # spirituality-ethics # sql # startup-in-a-month # sydney # test200 # test-check # testing # thejaloniki # timbre # tmp-json-parsing # tools-build # tools-deps # trading # tree-sitter # uncomplicate # unrepl # untangled # utah-clojurians # videos # vim # vrac # vscode # wasm # web-security # windows # xtdb # yada # yleinen

Apps

clojure

New to Clojure? Try the #beginners channel. Official docs: https://clojure.org/ Searchable message archives: https://clojurians-log.clojureverse.org/

2021-05-11T00:01:54.269600Z

Huh I thought juxt lib required deps.edn

2021-05-11T13:28:02.270800Z

Is there a good Clojure library for image manipulation? I have a bunch of .png and .jpg files that I need to resize

NoahTheDuke 2021-05-11T13:28:45.271300Z

if no one has good library recs, image magick on the command line is sick

borkdude 2021-05-11T13:29:09.271800Z

yeah image magick is really good (and you can shell out to it with whatever scripting solution you like :))

☝️ 1

borkdude 2021-05-11T13:29:21.272300Z

I've also used https://github.com/mikera/imagez a few times, don't remember much of it though

2021-05-11T13:30:22.273600Z

Yeah I’d love an alternative to Image Magick mostly just because I want to practice Clojure more (I’m a beginner and wanting early projects)

borkdude 2021-05-11T13:30:52.274200Z

@rob370 You could practice Clojure using babashka and then shell out to image magick, if this is just for scripting and not a long running JVM production app or something

borkdude 2021-05-11T13:31:36.275300Z

But else the imagez library should in theory work as well, on the JVM

valerauko 2021-05-11T15:34:12.276700Z

image magick is a disaster as soon as you actually care about not blowing things up

☝️ 1

valerauko 2021-05-11T15:35:11.277400Z

i've used the twelve monkeys library for doing imageio (compositing, resizing, thumbnails) https://github.com/haraldk/TwelveMonkeys

valerauko 2021-05-11T15:35:45.277800Z

sure it's not clojure but it's not hard to use

2021-05-11T15:53:58.277900Z

I’m curious if you could elaborate on this, as I’m actively considering shelling out to graphicsmagick or imagemagick for something I’m working on 🙂

valerauko 2021-05-11T15:55:33.278100Z

it's a vulnerability, you need to learn to write its policy file so you don't accidentally your server to some attacker

valerauko 2021-05-11T15:55:48.278300Z

not to mention you're shelling out to an external binary which in itself is slow

valerauko 2021-05-11T15:57:19.278500Z

it will keep throwing errors at you in the most arcane and mysterious ways (depending on how you call it) so good luck figuring out what actually is wrong when it fails

2021-05-11T15:59:34.278700Z

Good points. And thanks for sharing that twelve monkeys library, I hadn’t come across it yet.

valerauko 2021-05-11T16:00:05.278900Z

i'm actually in the middle of rewriting our image processing from ruby-calling-imagemagick in clojure/java imageio because the former combination is just slow and vulnerable and complicated and fragile

valerauko 2021-05-11T16:01:18.279100Z

if you do try imageio/twelve monkeys then feel free to throw questions at me if you get stuck haha (though i'm not doing complicated graphics editing, just simple compositing/resizing/cropping)

👍 1

NoahTheDuke 2021-05-11T16:16:20.279300Z

can you say more about how it's a security disaster? when would it be exposed to users?

valerauko 2021-05-11T16:24:54.279500Z

when your user uploads an image that you want imagemagick to convert

👍 1

seancorfield 2021-05-11T16:51:23.281Z

At work we use both the mikera/imagez library and the TwelveMonkeys libraries. We do a lot of resizing, rotation, and cropping.

dpsutton 2021-05-11T19:14:42.284300Z

On java 11, we're getting the following warning on startup: > WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance. We currently think that this is caused by the use of log4j which is a multi-release jar, including specific code for different jvm versions. It seems that depending on a multi-release jar makes the jar you create a multi-release, but it seems you need to set it yourself. We are still creating an uberjar with lein at the moment. Does anyone know if there's a way for lein to add this configuration? It seems I can manually do it myself with jar umf manifest-update target/uberjar.jar where manifest-update is a file with Multi-Release: true\n.

2021-05-11T19:29:15.284400Z

https://github.com/technomancy/leiningen/blob/master/sample.project.clj#L453

2021-05-11T19:29:39.284600Z

You can set arbitrary keys in the manifest like so

dpsutton 2021-05-11T19:30:50.285200Z

oh thank you. i was looking for something specific to multi-release and didn't think to look for arbitrary manifest entry

dpsutton 2021-05-11T19:32:15.285900Z

i'm still a bit surprised that multi-release is transitive like this. depending on a jar with this requires your own jar to set this

ghadi 2021-05-11T19:33:54.287500Z

Alternatively you could view it as a bug in lein where uberjars are losing critical information

2021-05-11T19:34:16.287600Z

Jars are not really transitive

2021-05-11T19:35:12.287700Z

It isn't that depending on a jar requires your jar to set it

2021-05-11T19:35:38.288Z

When you build an uberjar you create a whole new jar

dpsutton 2021-05-11T19:36:57.288900Z

thanks. those are good points. I'll open up an issue on lein about it.

2021-05-11T19:38:19.289Z

The process is basically take the jars and unzip into the same place and then rezip, to merge the contents

2021-05-11T19:39:06.289100Z

Which is of course problematic when you have conflicts, and thjar manifest is something that will always conflict

dpsutton 2021-05-11T19:41:31.289400Z

yeah. i wonder if depstar handles this correctly

ghadi 2021-05-11T19:45:49.289700Z

it does

ghadi 2021-05-11T19:46:15.290Z

pretty sure @seancorfield did the correct thing

dpsutton 2021-05-11T19:54:36.290800Z

it seems he did. awesome

borkdude 2021-05-11T19:55:32.291Z

of course, he's sean!

ghadi 2021-05-11T19:57:31.291500Z

another thing lein does with uberjars is propagate the module-info.class from modularized jars

ghadi 2021-05-11T19:57:47.291900Z

this makes the whole uberjar modularized -- which it shouldn't be

ghadi 2021-05-11T19:58:01.292200Z

kind of the opposite problem

ghadi 2021-05-11T19:58:11.292500Z

anyways, depstar handles both of these cases correctly

seancorfield 2021-05-11T20:14:05.293900Z

depstar also handles the log4j2 plugin cache correctly which you need if you build an uberjar with multiple dependencies that each include some log4j2 plugins (there is a Leiningen plugin that will “fix” lein uberjar’s behavior).

Christoffer Ekeroth 2021-05-11T22:16:36.294300Z

This is sort of how the original PSP was hacked: https://en.wikibooks.org/wiki/PSP/Homebrew_History#The_TIFF_Exploit By exploiting a buffer overrun bug in libtiff the hackers were able to run unsigned code, essentially by loading an image from a memory card

😮 1