104600+ entries in 0.054s
trinque: whether
the
thing has a "bite your dick off" switch, or bites your dick off by default, either way discussing degree of idiocy, I fully agree.
trinque: jurov: looks
to me like
that :search parameter is indeed evil, DWIMs and runs in shell
trinque: mircea_popescu: I mean
the shell command, only way I can conceive ^ happening if it is indeed using
the shell
trinque: I don't see an extra shell in
there, unless
they hand-off via "exec"
trinque: huh.
that's pretty sad
then.
jurov: for example, if sbcl ran
the command using shell,
this would have side effect of actually running
touch: (run-program "ls" '("`touch /tmp/evil`") :SEARCH
T)
jurov: trinque (run-program "ls" '() :SEARCH
T)
jurov: No, you don't need shell
to execute other programs.
trinque: even if some other wrapper is using only shellout, has
to be firing up
that shell *somehow*, right?
lobbes: I
thought he meant
to cut out
the shell middleman entirely and just directly call execve()?
jurov: lisp calls shell with command and parameters. Shell
then splits
the parameters (and expands variables and many other
things uncalled for) and pass
them
to execve syscall anyway.
jurov: because it does not execute shell but
the command directly
jurov: i mean, execve does not mutilate any parameters passed
to it
trinque: jurov: can't blame
the forklift when it runs over
the operator
a111: Logged on 2018-04-27 13:00
trinque: I dunno why anyone would write a blog post proposing "shell out" and
then omit
the proper handling of inputs as out of article scope
BingoBoingo: A man on a gruelling mission acquires one McGuffin which will allow him
to finally rest, and begins a race against
time as
the forces of socialism and fake humanitarian scammers align against him.
BingoBoingo: I'm used
to seeing It spelled in my head as
Trump,
thusly fixed
BingoBoingo: But Provided
this is
taken as
the end of
the story, it is
the right ending
BingoBoingo: asciilifeform: Definitely.
The right fellow wins.
mircea_popescu: the crime and
the punishment are indistinguishable in all divine systems.
☟︎ a111: Logged on 2018-04-27 13:34 spyked: good
to know, I'll add an example using sbcl's run-program. iirc drakma (or one of
the libraries it depends on) forced me
to update
to asdf3 because of uiop dependency, when getting cl-feed-parser
to run.
a111: Logged on 2018-04-27 13:20 spyked: anyway,
thanks for
the escape-shell-token
tip
trinque, I'm looking into it and will update
the post.
a111: Logged on 2018-04-26 19:35 asciilifeform:
the d00d
throwing away his sores, is classical 'назло кондуктору: куплю билет пойду пешком!' analchild maculae
lobbes: Neato spyked. I'm sure I'll be putting your guide
to practical use once it comes
time
to implement
the self-voicing bit of
the eventual
tickerbot I'm building
☟︎ trinque: isn't "rm -rf /"
the correct
type?
spyked: neat phf, I had no idea
that was possible. I was going
to add some assert/check-type calls anyway
though.
trinque first says "ohey p.bvulpes has lisp highlighting!"
then "oh wait, lack of escaping as a feature"
spyked: anyway, I've learned a few useful
things
today and I'm adding
them as (hopefully brief!) updates :D
phf: but you don't even have
to jump
through
the hoops of escaping, most lisp's run program implementations, uiop including, support passing in command as a list of strings, which are in
turn handled properly by
the underlying machinery
spyked: I understand
that, I even put an example of command injection in
the post. I
thought
there was some other reason.
a111: Logged on 2018-04-27 12:59 spyked:
the post doesn't purport
to be a guide in correct common lisp programming (issues with
those functions are explicitly discussed at
the end). anyway,
trinque, what's wrong with format?
a111: Logged on 2018-04-27 13:34 spyked: good
to know, I'll add an example using sbcl's run-program. iirc drakma (or one of
the libraries it depends on) forced me
to update
to asdf3 because of uiop dependency, when getting cl-feed-parser
to run.
phf:
http://btcbase.org/log/2018-04-27#1805906 << asdf3 is pretty much standard in all
the lisps right now, you have
to go out of
the way
to downgrade. at
the very least avoid implicit uiop dependency and declare it in your asdf file (this is by
the way even fare's recommendation, but people ignore it "oh i have asdf3, means i can just
throw a sneak uiop:foo all over my code)
☝︎ spyked: pretty good, learning new
things about
the common lisp environment. :)
spyked: good
to know, I'll add an example using sbcl's run-program. iirc drakma (or one of
the libraries it depends on) forced me
to update
to asdf3 because of uiop dependency, when getting cl-feed-parser
to run.
☟︎☟︎ a111: Logged on 2016-09-15 15:08 phf: i
think asdf is evil, version 3 is doing some straight up systemd shit. for
those who don't know asdf 3 comes with fare's own portability layer called uiop, which in a very systemd agressive and underhanded style is superseding existing utility libraries.
spyked: anyway,
thanks for
the escape-shell-token
tip
trinque, I'm looking into it and will update
the post.
☟︎ spyked: only one reason: brevity. had I solved
this,
then I would also have
to solve "GPG error codes" and all
the other problems
that GPGME solves.
the point was
to avoid
this complexity altogether for what I'm doing.
trinque: I dunno why anyone would write a blog post proposing "shell out" and
then omit
the proper handling of inputs as out of article scope
☟︎ spyked: (other
than
the issues mentioned in
the post)
spyked: the post doesn't purport
to be a guide in correct common lisp programming (issues with
those functions are explicitly discussed at
the end). anyway,
trinque, what's wrong with format?
☟︎ trinque: wtf. you're using format?! yet used uiop, but didn't bother
to use
their escape-shell-token ?
mod6: wow,
this is quite
the accounting of
these beasts
mod6: Thing landed in
the snow, and I quickly used a hockey stick
to shove it into a contractor bag. Nothing flew out -- but
they say
that
the larve somehow survive
the cold up here.
mod6: i dont have pics, which i
totally regret not
taking, but
this past february I found a giant (think, basketball size) paperwasp nest in one of my huge Silver Maple
trees. Had it cut down.
That
thing looked like it was gonna have a mega-count of
the bastards.
mod6: after getting hosed down, went back
to work.
mod6: mircea_popescu's
thorn/winged-paratrooper boob stinging story; reminds me of a
time I was cutting down a
tree and a wasps nest was in
there - it was hot out and I had my shirt off.
the fuckers flew down my pants, stung me in
the ass like a hundred
times.
mod6: Alright, good
to hear. :]
hanbot: pretty much. header and footer are off by one pixel but i'm saving
that fix for next
time i feel all ocd. i'm very happy with
the hosting!
mod6: site is looking good
too - everything working as it should be now?
mod6: asciilifeform: panamacityairport was
that bad?
hanbot: <asciilifeform> hanbot: on my display ,
the article is about an inch wide ( photos also squashed ) << fixed nao.
thanks for reporting!
mircea_popescu: hey, world also is full of
terminal cancer patients going "lalala my cancer went away"
mircea_popescu: "While no one has directly accused
the NSA of inserting backdoors"
mircea_popescu: just in
time because we have
these
tough customers running out of reading material >D
a111: Logged on 2017-05-13 14:31 asciilifeform:
the simon and speck
thing was egregiously funny because
they were published 'for lulz', 'maybe someone will pick up
this
toy', rather
than mandated somewhere
mircea_popescu: ^ proofread item again, fixed like
two dozen byte errors, so. reload if you're reading prior version.