Re: mailmam, web bridge, forum, p2p (was: Diversification)

On Fri, Oct 25, 2019 at 2:08 PM pelzflorian (Florian Pelz) < pelzflor...@pelzflorian.de> wrote: > On Fri, Oct 25, 2019 at 07:42:41AM +0800, Nala Ginrut wrote: > > Yes, you need to login if you change IP, but the last IP keeps session. > > Does checking the IP enhance security in any way? There ar

Re: mailmam, web bridge, forum, p2p (was: Diversification)

On Fri, Oct 25, 2019 at 07:42:41AM +0800, Nala Ginrut wrote: > Yes, you need to login if you change IP, but the last IP keeps session. Does checking the IP enhance security in any way? There are some (few) reasons IPs may change. > BTW, encoding token in URL is bad for SEO. > That is interesti

Re: mailmam, web bridge, forum, p2p

On Thu, Oct 24, 2019 at 14:30:23 +0200, pelzflorian (Florian Pelz) wrote: > Ordinary HTTP cookies are bad practice for session tokens because of > CSRF. If you want a normal link to another page on your site but > retain the login session, you should not use cookies for that. > Session tokens must

Re: mailmam, web bridge, forum, p2p (was: Diversification)

Yes, you need to login if you change IP, but the last IP keeps session. BTW, encoding token in URL is bad for SEO. Zelphir Kaltstahl 于 2019年10月25日周五 01:44写道： > Hi Nala! > > I have a question regarding this IP check. > > Does this mean that both, the IP address and (logical and) the cookie > need

Re: Use core or SRFIs?

I see, thank you. I am still not sure using SRFI 151 will have any advantage for my program: - Is there any plan to phase out SRFI 60, so that in the future my code using SRFI 60 would not work any longer? - Is SRFI 60 considered to be slow running code? - Is there something bad about how SRFI 60

Re: Use core or SRFIs?

See . Clone it and do a little adapting. The .sld extension is a common, but not required, convention for R7RS libraries, but the guts of it are in the other files. On Thu, Oct 24, 2019 at 3:47 PM Zelphir Kaltstahl < zelphirkaltst...

Re: Use core or SRFIs?

Thanks for your input! This also reads reasonable. On 10/24/19 7:01 PM, Taylan Kammer wrote: > On 24.10.2019 17:55, Zelphir Kaltstahl wrote: >> Hello Guile Users! >> >> I have a question regarding usage of SRFIs in Guile code. >> >> Sometimes there are core functions, which are also available fro

Re: Use core or SRFIs?

Sorry, I am a bit clueless right now. I have the following questions: Where would I find srfi-151.sld? What is a *.sld file? (If I had to come up with a guess: "Scheme language definition"?) If it is already standard Scheme code, why would I need to adapt it for Guile? Does it need to be modifie

Re: Use core or SRFIs?

Compile it yourself! Just look at the logic in srfi-151.sld and see how it needs to be modified for Guile. Easy-peasy. It's a lot less work to port a SRFI implementation than to do things from scratch. On Thu, Oct 24, 2019 at 2:26 PM Zelphir Kaltstahl < zelphirkaltst...@posteo.de> wrote: > Ah,

Re: Use core or SRFIs?

Ah, but SRFI 151 is not implemented in my version of Guile: ~ scheme@(guile-user)> (use-modules (srfi srfi-151)) While compiling expression: no code for module (srfi srfi-151) scheme@(guile-user)> ~ Guile version: 2.2.6 from Guix: ~ guile (GNU Guile) 2.2.6 Copyright (C) 2019 Free Sof

Re: srfi-64 apathetic test-error

Sorry, I said something wrong in my previous email. The SRFI-64 specification does not mention the possibility of providing an arbitrary predicate. That's a feature supported by my R7RS-based implementation of SRFI-64: https://github.com/TaylanUB/scheme-srfis/tree/master/srfi/64 (The file '

Re: mailmam, web bridge, forum, p2p (was: Diversification)

Hi Nala! I have a question regarding this IP check. Does this mean that both, the IP address and (logical and) the cookie need to be correct, or is it an inclusive logical or? I sometimes find myself switching location of the server of the VPN I am using. In such a case, would I still be logged

Re: Use core or SRFIs?

For bitwise integers, I recommend SRFI 151. If you use your implementation to provide the seven core functions bitwise-not, bitwise-and, bitwise-ior, bitwise-xor, arithmetic-shift, integer-length, and bit-count, all of which have definitions in bitwise-core.scm that are very slow, then you'll have

Re: mailmam, web bridge, forum, p2p (was: Diversification)

Hi Tomas! Do you still remember some of the issues you came across when making such a shop? If I am not mistaken, Racket's continuation based webserver does something like this. It also stores state in the URL, which then looks a bit strange. I think that state even encodes the continuation. Reg

Re: Use core or SRFIs?

On 24.10.2019 17:55, Zelphir Kaltstahl wrote: > Hello Guile Users! > > I have a question regarding usage of SRFIs in Guile code. > > Sometimes there are core functions, which are also available from an > SRFI implementation. One example I am currently dealing with are bitwise > operations for int

Re: Use core or SRFIs?

Hi! I see. Thanks, that is what I did so far as well : ) Best regards, Zelphir On 10/24/19 6:01 PM, Nala Ginrut wrote: > Personally, I prefer srfi. But sometimes I mix with RnRS. > I think it's better to avoid Guile specific things, however, Guile > provides many good things that the standard d

Re: srfi-64 apathetic test-error

Note however that such error tests are inherently non-portable (except in R6RS systems only) and should be avoided when testing code intended to be portable. On Thu, Oct 24, 2019 at 12:20 PM Taylan Kammer wrote: > On 23.10.2019 06:37, Christopher Howard wrote: > > Hi, I was just wondering: `test

Re: Use core or SRFIs?

Personally, I prefer srfi. But sometimes I mix with RnRS. I think it's better to avoid Guile specific things, however, Guile provides many good things that the standard doesn't have. On Thu, Oct 24, 2019 at 11:56 PM Zelphir Kaltstahl < zelphirkaltst...@posteo.de> wrote: > Hello Guile Users! > > I

Re: srfi-64 apathetic test-error

On 23.10.2019 06:37, Christopher Howard wrote: > Hi, I was just wondering: `test-error' from (srfi srfi-64) gives a pass > if it catches an exception, but it doesn't seem to care whether or not > the exception caught matches what you told it to expect. Is this a bug? The (test-error ...) form take

Re: mailmam, web bridge, forum, p2p (was: Diversification)

On Thu, Oct 24, 2019 at 11:03:07PM +0800, Nala Ginrut wrote: > I've ever tried to write a site for our local community without any JS > code, all auxiliary features include simple animation are implemented with > CSS. > However, I have to say it's painful to write a more complex site. I don't > kno

Re: mailmam, web bridge, forum, p2p (was: Diversification)

I've ever tried to write a site for our local community without any JS code, all auxiliary features include simple animation are implemented with CSS. However, I have to say it's painful to write a more complex site. I don't know if there's any framework for that. I'm too lazy to write all things m

Use core or SRFIs?

Hello Guile Users! I have a question regarding usage of SRFIs in Guile code. Sometimes there are core functions, which are also available from an SRFI implementation. One example I am currently dealing with are bitwise operations for integer numbers. There is SRFI 60 and there are the core functi

Re: mailmam, web bridge, forum, p2p (was: Diversification)

On Thu, Oct 24, 2019 at 8:30 PM pelzflorian (Florian Pelz) < pelzflor...@pelzflorian.de> wrote: > Because of login CSRF the Referer header should also be verified for > all links internal to the website (external links should strip the > Referer header via redirect pages similar to what the code a

Re: mailmam, web bridge, forum, p2p (was: Diversification)

On Thu, Oct 24, 2019 at 11:35:52AM +0200, Amirouche Boubekki wrote: > Le jeu. 24 oct. 2019 à 03:01, Nala Ginrut a écrit : [...] > Last time I checked the security requirements for web application that > do not rely on JavaScript was too complicated. I preferred to forget > about it. > > See >

Re: mailmam, web bridge, forum, p2p (was: Diversification)

On Thu, Oct 24, 2019 at 11:35:52AM +0200, Amirouche Boubekki wrote: > Last time I checked the security requirements for web application that > do not rely on JavaScript was too complicated. I preferred to forget > about it. > > See > https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Reque

mailmam, web bridge, forum, p2p (was: Diversification)

Le jeu. 24 oct. 2019 à 03:01, Nala Ginrut a écrit : > > Hi folks! > Artanis has been using in product, that is to say, working stable and keep > maintaining. Artanis aims for rapid development just like Ruby on Rails. So > that you may try your different ideas quickly. > > If anyone is willing to

Re: Interactive Debugging

Le jeu. 24 oct. 2019 à 01:48, Christopher Lam a écrit : [...] > Not sure how much knowledge of debugger is required, all I want to do is to > dump local variables at the breakpoint. For records there is (set-record-type-printer! type proc): https://www.gnu.org/software/guile/manual/html_nod

Re: Diversification [ branched from Re: conflicts in the gnu project now affect guile]

Thank you kindly to you for your offers and to Nala for your amazing software and documentation. I will get back to you. Regards, Florian