quicklisp-client
screenshotbot-oss
quicklisp-client | screenshotbot-oss | |
---|---|---|
6 | 19 | |
287 | 185 | |
- | 1.6% | |
0.0 | 9.9 | |
14 days ago | 6 days ago | |
Common Lisp | Common Lisp | |
MIT License | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
quicklisp-client
-
Steel Bank Common Lisp
Yes, that's clear.
I'm not very familiar with how quicklisp works. I thought that “updates once a month” implies a separate update channel (distribution, ...).
Looking at the relevant issue, https://github.com/quicklisp/quicklisp-client/issues/167 , it's not clear that even hashes are in place.
I recently found out that most Nix fetchers use https, but do not actually do verification (`curl --insecure` or equivalent libcurl settings). Channel updates do verify and include hashes, so the overall chain is authenticated.
-
quicklisp security (or total lack of it)
The latest comment I see about this here from Oct. 2022 says they're working on it. There's also comment by the developer in 2016 saying want to improve the security soon, so it doesn't really seem this will actually happen soon. I realise making signature verification work cross platform in pure lisp without external dependencies isn't easy but from latest comment it seems they have that working, in a branch written 4 years ago? The simplest no-code solution is just since quicklisp is published every month or so, on each new update publish a file with sha256 hash of every package contained in quicklisp signed with same developer's pgp key they are already using to sign download of the initial quicklisp.lisp, yes then users if they care about security would have to manually download the file and verify signature every month or so but it's at least some solution that can be done now.
-
Common Lisp Implementations in 2023
> That's what regular devs do, they don't even bother writing articles or commenting on HN :-)
I'll take the bait, and roll up several of my comments into one.
First, the support contract costs from the commercial vendors can make sense. It's one of the most expensive parts of software. We joke about fixing relatives' printers, but its not false. Support costs introduce a counter-balance.
Second, a message to everyone looking into or using QuickLisp, it uses http instead of https: https://github.com/quicklisp/quicklisp-client/issues/167
You can patch your version to fix this. I'd also recommend adding firewall rules to deny in case your patches roll back. And any other mitigation. Or stricter policies, such as not using it, if it makes sense for your organization.
And the AI bots? I hope there aren't people herding them who don't want to, that's how you get unloving brats and a crappy world.
-
Securing Quicklisp through mitmproxy
I found this github issue about it, open since 2018: https://github.com/quicklisp/quicklisp-client/issues/167
-
Why do people use Quicklisp although it is known to be vulnerable to man-in-the-middle attacks?
I agree 100% about needing to test and audit for security. But based on the information I've seen and public activity in repos, I assumed Xach was going for home-grown CL implementation. https://github.com/quicklisp/quicklisp-client/blob/pgp/quicklisp/openpgp.lisp
screenshotbot-oss
-
We need to talk about parentheses
Examples (for Common Lisp, so not citing Emacs): reddit v1, Google's ITA Software that powers airfare search engines (Kayak, Orbitz…), Postgres' pgloader (http://pgloader.io/), which was re-written from Python to Common Lisp, Opus Modus for music composition, the Maxima CAS, PTC 3D designer CAD software (used by big brands worldwide), Grammarly, Mirai, the 3D editor that designed Gollum's face, the ScoreCloud app that lets you whistle or play an instrument and get the music score,
but also the ACL2 theorem prover, used in the industry since the 90s, NASA's PVS provers and SPIKE scheduler used for Hubble and JWT, many companies in Quantum Computing, companies like SISCOG, who plans the transportation systems of european metropolis' underground since the 80s, Ravenpack who's into big-data analysis for financial services (they might be hiring), Keepit (https://www.keepit.com/), Pocket Change (Japan, https://www.pocket-change.jp/en/), the new Feetr in trading (https://feetr.io/, you can search HN), Airbus, Alstom, Planisware (https://planisware.com),
or also the open-source screenshotbot (https://screenshotbot.io), the Kandria game (https://kandria.com/),
and the companies in https://github.com/azzamsa/awesome-lisp-companies and on LispWorks and Allegro's Success Stories.
https://github.com/tamurashingo/reddit1.0/
http://opusmodus.com/
https://www.ptc.com/en/products/cad/3d-design
http://www.izware.com/mirai
https://apps.apple.com/us/app/scorecloud-express/id566535238
-
Common Lisp Implementations in 2023
This LispWorks comment on reddit is very interesting:
---
[cite]
As a Lispworks user, yes it is super pricey, but it does make sense for certain people. Arguably, Lispworks provides features that aren't available in any other programming language, Lisp or not.
* Support for just about every platform I can imagine. Yes it's expensive, but if I want to port to a new platform I can pay Lispworks, and get it over with. It'll mostly work without too much changes. It works on Android, iOS, Windows, Linux, Mac, and some really obscure systems.
* Application delivery with tree shaking. May be there are other languages that do this, but I haven't worked with something like this before in my career. (Maybe proguard for Java, but that's very rudimentary compared to LW's delivery). The tool I work on delivers a binary that people need to download during the CI jobs for every run, so having it be 100MB is way too big. After compression, my LW delivered binaries come to around 9MB.
* You mention support being expensive. Actually, for simple support questions LW does a pretty good job of responding back to you. I've asked tonnes of questions over the years, and have not paid for a separate support contract apart from the yearly maintenance contract. I suspect they like people asking questions, because then they fix those bugs and it becomes even more rock solid.
* The documentation is glorious. And in the off-chance that I need to know something that's not documented, I just mail them and they'll respond usually by the next working day.
* Very stable Java support (although the API could be better), let's me use the entire Java ecosystem of libraries when I need it.
* The platform itself is rock-solid. Now SBCL is fantastic, but when I ran my servers on SBCL, I would have a crash every now and then. With LW, I can have my server running weeks (current uptime is a month) with reloading code multiple times a day, and everything is still super stable.
There's more, but I think the rest is more negotiable. For instance, the FLI is a lot more polished than using CFFI, which makes a huge difference in productivity when writing native code. Or the fact that its remote-debugger facility can be used as a very stable protocol to programmatically control a remote LW process. I don't use the IDE btw, so I'm not even considering that. I don't use CAPI either, but I mean to someday.
2023, Arnold @tdrhq of Screenshotbot (https://github.com/screenshotbot/screenshotbot-oss) on reddit: https://www.reddit.com/r/Common_Lisp/comments/11979q4/common...
[/cite]
-
Paparazzi 1.2 is out
You can avoid having to do the step of recording screenshots if you use a tool like Screenshotbot (https://github.com/screenshotbot/screenshotbot-oss) or Vizzy (https://github.com/workday/vizzy)
-
I want to pursue this web app project - advice using CL?
Oh yeah, github.com/screenshotbot/screenshotbot-oss :)
-
How to do screenshot tests on android
There are open source tools to achieve this workflow. I've personally built screenshotbot (https://screenshotbot.io / https://github.com/screenshotbot/screenshotbot-oss), I've also built the screenshot testing infrastructure at Facebook. Workday has open-sourced their own tool at https://github.com/workday/vizzy. AirBnb uses another commercial tool called Happo (https://happo.io). Use any of these services with Paparazzi.
-
Why go with Paparazzi? Our journey with Android Screenshot Testing
There are a few open source tools to do this: there's a tool I built: https://github.com/screenshotbot/screenshotbot-oss similar to the infrastructure at Facebook, and there's another one built at Workday: https://github.com/workday/vizzy. These are screenshot-library agnostic services to notify you on Pull Requests when screenshots change.
-
How Screenshot Tests Elevate our Android Testing Strategy — Inside GetYourGuide
Screenshotbot is completely open-source by the way: https://github.com/screenshotbot/screenshotbot-oss
- Building a Startup on Clojure
-
Fun with Macros: Do-File
So, I'm in the process of defining something I'm calling an easy-macro. (You can see the code here, but I'm going to extract this into a quicklisp library once I'm happy with it: https://github.com/screenshotbot/screenshotbot-oss/blob/main/src/util/macros.lisp)
-
Help with automated website testing, please
I'm the author Screenshotbot (https://github.com/screenshotbot/screenshotbot-oss) , and I think this is exactly what you need. Although the README claims to not support browsers, it does actually support browsers, both in the open source and non open source version. I just need to update the docs.
What are some alternatives?
CIEL - CIEL Is an Extended Lisp. Scripting with batteries included.
cl-webdriver-client - cl-webdriver-client is a client library for WebDriver (W3C specification).
quicklisp-https
qvm - The high-performance and featureful Quil simulator.
BDFProxy - Patch Binaries via MITM: BackdoorFactory + mitmProxy.
quilc - The optimizing Quil compiler.
ocicl - An OCI-based ASDF system distribution and management tool for Common Lisp
weblog - a weblog
cerberus - Common Lisp Kerberos v5 implementation
etaoin - Pure Clojure Webdriver protocol implementation
aserve - AllegroServe, a web server written in Common Lisp
ergolib - A library designed to make programming in Common Lisp easier