Clojurians Log v2

Clojure programming
Channels
# 100-days-of-code# aatree# admin-announcements# adventofcode# ai# alda# aleph# all-the-channels# announcements# arachne# architecture# asami# atlanta-clojurians# atom-editor# autochrome-github# avi# aws# aws-lambda# babashka# babashka-sci-dev# bangalore-clj# beginners# berlin# biff# bigdata# bitcoin# boot# boot-dev# boulder-clojurians# braid-chat# braveandtrue# brevis# bristol-clojurians# business# calva# capetown# carry# cbus# cestmeetup# chestnut# chlorine-clover# cider# circleci# clara# clj-commons# cljdoc# cljfx# clj-http# clj-kondo# clj-on-windows# cljs-dev# cljs-experience# cljsfiddle# cljsjs# cljsrn# cljtogether# clojars# clojure# clojure-android# clojure-argentina# clojure-art# clojure-austin# clojure-australia# clojure-austria# clojure-bangladesh# clojure-bay-area# clojure-beijing# clojure-belgium# clojure-berlin# clojure-boston# clojure-brasil# clojurebridge# clojurebridge-ams# clojure-canada# clojure-chennai# clojure-chicago# clojure-china# clojure-colombia# clojure-conj# clojurecup# clojure-czech# clojured# clojure-denmark# clojure-denver# clojure-derby# clojuredesign-podcast# clojure-dev# clojure-dusseldorf# clojure-ecuador# clojure-egypt# clojure-estonia# clojure-europe# clojure-filipino# clojure-finland# clojure-france# clojure-gamedev# clojure-germany# clojure-greece# clojure-guangzhou# clojure-hamburg# clojure-hk# clojure-houston# clojure-hungary# clojure-india# clojureindia# clojure-indonesia# clojure-ireland# clojure-israel# clojure-italy# clojure-japan# clojure-kc# clojure-korea# clojure-losangeles# clojure-madison# clojure-mexico# clojure-miami# clojure-mk# clojure-mke# clojure-morsels# clojure-my# clojure-new-zealand# clojure-nl# clojure-nlp# clojure-norway# clojure-poland# clojure-portugal# clojure-provo# clojure-quebec# clojureremote# clojure-romania# clojure-russia# clojure-sanfrancisco# clojurescript# clojurescript-ios# clojure-sdn# clojure-seattle# clojure-serbia# clojure-sg# clojure-shanghai# clojure-spain# clojure-spec# clojuresque# clojure-survey# clojure-sweden# clojure-switzerland# clojure-taiwan# clojure-turkiye# clojure-uk# clojure-ukraine# clojureverse-ops# clojurewerkz# clojurewest# clojurex# clojure-za# clojurian-chat-app# clojutre# cloverage# cloxp# clr# code-art# code-reviews# community-development# component# conf-proposals# conjure# consulting# contributions-welcome# copenhagen-clojurians# core-async# core-logic# core-matrix# core-typed# cryogen# crypto# css# cursive# cz-clojure# d2q# datacrypt# datahike# datalevin# datalog# data-oriented-programming# data-science# datascript# datavis# dato# datomic# defnpodcast# deps-new# depstar# devcards# devops# dirac# docker# docs# domino-clj# duct# dunaj# eastwood# editors# emacs# error-message-catalog# etaoin# ethereum# euroclojure# events# exercism# expound# figwheel# figwheel-main# flambo# fulcro# funcool# functionalprogramming# funimage# garden# ghostwheel# girouette# gis# google-cloud# gorilla# graalvm# graalvm-mobile# graclj# graphql# gratitude# gsoc# hammock-driven-dev# helix# heroku# hispano# holy-lambda# honeysql# hoplon# hugsql# humor# hypercrud# hyperfiddle# immutant# improve-getting-started# incanter# indycljs# inf-clojure# instaparse# integrant# interceptors# interop# introduce-yourself# iot# iotivity# ipfs# jackdaw# jaunt# java# javascript# javelin# jobs# jobs-discuss# jobs-rus# joker# jukebox# juxt# jvm# kaocha# keechma# kekkonen# keyboards# klipse# kosmos# lambdaisland# ldnclj# ldnproclodo# lein-figwheel# leiningen# liberator# liquid# livestream# local-first-clojure# london-clojurians# lsp# luminus# lumo# mail# malli# mathematics# meander# melbourne# membrane# mental-health# microservices# mid-cities-meetup# midje# minecraft# minimallist# missionary# monads# mount# music# new-channels# new-clojure# nextjournal# nginx# nrepl# numerical-computing# nyc# observability# off-topic# om# om-next# onyx# other-languages# other-lisps# overtone# pamela# parinfer# pathom# pedestal# perun# philosophy# phzr# planck# plastic# play-clj# podcasts# polylith# portal# portkey# portland-or# powderkeg# practicalli# precept# prelude# programming-beginners# project-updates# proletarian# proton# protorepl# pulsar# pure-frame# qa# qlkit# quil# random# rdf# react# reactive# reading-clojure# reagent# reclojure# re-frame# reitit# releases# remote-jobs# respo# rethinkdb# reveal# rewrite-clj# ring# ring-swagger# robots# rum# schema# sci# sfcljs# shadow-cljs# _silence# sim-testing# sioux-falls# slack-help# sneer# sneer-br# spacemacs# specmonstah# specter# speculative# spirituality-ethics# sql# startup-in-a-month# sydney# test200# test-check# testing# thejaloniki# timbre# tmp-json-parsing# tools-build# tools-deps# trading# tree-sitter# uncomplicate# unrepl# untangled# utah-clojurians# videos# vim# vrac# vscode# wasm# web-security# windows# xtdb# yada# yleinen
Apps

portkey

Portkey: from REPL to Serverless in one call
viesti 2018-03-20T09:52:56.000409Z

anyways, I don't have any planned travels to conferences yet, excluding ClojuTre (but that doesn't require travel)

cgrand 2018-03-20T09:53:53.000368Z

I know in about one month if I can attend ClojuTRE

viesti 2018-03-20T09:58:06.000036Z

do you have other conference travels before ClojuTre?

cgrand 2018-03-20T09:58:15.000281Z

no

viesti 2018-03-20T09:59:37.000139Z

extreme talk driven development: hackday just before ClojuTre

viesti 2018-03-20T09:59:47.000375Z

maybe I should calm down :)

viesti 2018-03-20T10:07:58.000522Z

hum, like macro, kind of…

viesti 2018-03-20T10:08:35.000137Z

for some reason remembered this https://juxt.pro/blog/posts/data-macros.html

alexlynham 2018-03-20T11:41:29.000389Z

funnily enough at the AWS build day I'd asked about out of the box support for exposing CLJ(s) routes via SAM since conceptually it was so close to how you might use integrant to expose something

alexlynham 2018-03-20T11:41:40.000195Z

they were obv like 'lol do it yourself' though haha

cgrand 2018-03-20T11:56:51.000043Z

Calmed now?

viesti 2018-03-20T12:07:59.000085Z

enough so that I need more coffee

dominicm 2018-03-20T13:43:41.000134Z

just fwiw, I work for JUXT 😛 So yes, that's the idea.

alexlynham 2018-03-20T13:44:31.000007Z

@dominicm are you still using schema primarily, or are you migrating toward spec?

alexlynham 2018-03-20T13:44:43.000203Z

sorry, bit offtopic but related to that post

dominicm 2018-03-20T13:45:09.000556Z

@alex.lynham It varies. Some are excited and throwing it all away for the one true spec. I'm quite sceptical, so I'm using it in some places, but not others.

dominicm 2018-03-20T13:45:12.000837Z

Jury is still out.

alexlynham 2018-03-20T13:48:11.000205Z

I've recently done some stuff with spec and I found it uglier and harder to get useful outputs quickly... but then I'm not sure how much of that is familiarity

alexlynham 2018-03-20T13:48:31.000275Z

sort of feel like schema is simpler, but again...

dominicm 2018-03-20T13:50:27.000235Z

spec is for functions. Using them elsewhere seems ineffective.

alexlynham 2018-03-20T13:54:21.000750Z

yeah I was playing around with them for validation & data generation and it felt harder than the schema equivalent

tatut 2018-03-20T15:07:06.001039Z

that sounds like a very weird statement to me as I exclusively use spec for data (and am very lazy with fdefs)

tatut 2018-03-21T07:48:54.000194Z

I see what you mean, I also don’t really use spec for html form validation

tatut 2018-03-21T07:49:30.000253Z

but you could make a form spec, that adds restrictions to a map spec

tatut 2018-03-21T07:50:17.000305Z

but when integrating with external data sources, I start with specs to model how the data will be represent as clj data

dominicm 2018-03-21T08:15:38.000214Z

There's also the fact that spec shouldn't be used on endpoints, because of the open key nature, I essentially get to run arbitrary validations against endpoints.

dominicm 2018-03-21T08:16:55.000030Z

Spec is great for "internal" use: functions etc. It's not a general purpose data validation metadata language.

alexlynham 2018-03-21T08:49:52.000208Z

right - and that's what I want from schema I think

dominicm 2018-03-21T08:50:56.000338Z

I don't think schema handles the password-confirm case particularly well either, but that's for other reasons. It can with a little bit of fiddling.

dominicm 2018-03-21T08:51:30.000014Z

I think clojure is missing a great library which handles the user-facing part of validation/errors imo. There's some good ones, but there's cases they choose not to handle.

dominicm 2018-03-21T08:51:53.000109Z

It's a hard problem to solve of course, so I'm not surprised at all.

alexlynham 2018-03-21T09:03:56.000093Z

for a previous project I had to provide human readable invalidation messages for large maps and schema wasn't too bad bc it quickly became clear what the problem fields were in general & then you could provide specific overrides

alexlynham 2018-03-21T09:04:03.000125Z

but then that is hacky

dominicm 2018-03-21T09:04:24.000252Z

https://github.com/logaan/vlad does a great job of this

alexlynham 2018-03-21T09:04:35.000433Z

I guess I like being able to type and validate my interfaces in a granular way & schema feels more like that tool

tatut 2018-03-21T09:47:34.000156Z

why wouldn’t you use spec on endpoints… I take it everyone has seen Rich’s spec-ulation talk

dominicm 2018-03-21T09:54:05.000090Z

I have. It's not secure. You shouldn't do it.

alexlynham 2018-03-21T09:58:55.000357Z

mmm vlad looks nice

dominicm 2018-03-21T09:58:58.000377Z

Because of the open key nature, let's say there's a bug/feature in LibraryA's specs, where it takes 1s/character of input, or something exponential perhaps. This is fine normally as the inputs are usually only 1/2 characters long. However, Eve can come along and send you a map like: 

{:user/login "eve"
 :libraryA/slow-spec "GOTCHAGOTCHAGOTCHA"} ;; pretend this is 4096 chars, or some other upper limit
If I send you that, maybe across a few thousand connections, I have just performed a DOS.

alexlynham 2018-03-21T09:59:01.000212Z

thanks for the link

tatut 2018-03-21T10:09:35.000011Z

ok, I see that it has a potential DDoS attack surface, if you have loaded namespaces w/ buggy specs

tatut 2018-03-21T10:12:21.000452Z

not a deal breaker imo, unless you have crazy side-effecting specs

dominicm 2018-03-21T10:26:00.000029Z

Bug they don't have to be in my library, just in an older transitive library one of my dependencies use. I don't think it's unrealistic to have slow specs at all. Some of them may necessarily be slow.

tatut 2018-03-21T10:30:43.000037Z

I get that, still not that big a deal imo

stathissideris 2018-03-21T13:17:47.000423Z

@dominicm I also remain unconvinced 🙂

stathissideris 2018-03-21T13:18:17.000086Z

have you raised this concern in a slightly more public forum?

dominicm 2018-03-21T13:18:40.000126Z

It was raised with Alex a while back. The response was to validate data before passing it to spec.

alexlynham 2018-03-21T13:20:28.000090Z

right, that's interesting because it seems the promise of spec is validation

alexlynham 2018-03-21T13:20:38.000221Z

(or, one of the main ones as well)

dominicm 2018-03-21T13:21:47.000398Z

but not for user-input, it's for data inside a system really.

stathissideris 2018-03-21T14:23:43.000174Z

select-keys would be enough, right?

dominicm 2018-03-21T14:28:58.000747Z

Yep. But you're violating the principles of spec there. 😉

dominicm 2018-03-20T20:50:55.000269Z

@alex.lynham moving this to a thread so it's not so spammy in portkey 😛

dominicm 2018-03-20T20:53:17.000601Z

@tatut the problem I have is things like forms, how do you validate password-confirm? You need the whole map to validate that it is =, but you can't say that the error is on password-confirm. It just doesn't work for forms where the expectations are different than the data you're validating.