1. 6

    Since I’m graduated, I have loads of free time now before starting my new job in a few weeks :)

    As an exercise to learn D, I’ve been working on reimplementing MPD in D (https://github.com/charles-l/mop). I am really liking it so far - I feel far more secure in the correctness of my code than with C or C++, and the compile-time code generation is the most flexible I’ve seen for a systems-level language.

    I’m writing some bindings for the Zumo 32u4 robot for microscheme (https://github.com/charles-l/zumo-32u4-ms), and hoping to get most of the sensors working this week.

    Also, I’ve been messing around with J, hoping to learn it well enough to use it sort of as a desktop calculator on steriods for writing throwaway scripts. I wrote a Kalman filter with J last week, and will probably write an Extended Kalman filter or something similar this week.

    I’ll probably also work a bit more on my graphics engine (https://github.com/charles-l/ugg) and possibly a new language project.

    1. 3

      All of that sounds really cool. :) On desktop calculator, anyone interested in calculators mixed with programming should check out Frink. It’s a neat, little project.

      1. 2

        Neat - I’ll definitely check out Frink if only because its unit conversion is really nice :)

        1. 1

          That’s the main reason I kept it. I was thinking having common units in mainstream languages would be a good idea. Frink would be a reference if I ever tried to add it to my own.

          1. 2

            Here are a few other languages with support for units of measure:
            F#
            Swift

    1. 3

      Very cool - I really like lower-power equipment like this. However, I think it’s a terrible idea for security since it looks like its an unencrypted video stream which would make eavsdropping trivial.

      1. 6

        I’d hesitate to call it eavesdropping if you have to get within 8 ft of the camera to do it

        1. 3

          It’s sort of the digital equivalent of corner mirrors in stores and on streets.

          1. 0

            Well that just about kills most of the uses for this product :/

            1. 3

              No? It’s perfect for home security cameras or on-body cameras.

              Sign me up.

          1. 3

            Did some work on my graphics engine. Added proper FPS camera (still not entirely sure why my code works - I can’t find a clear explanation as to why my view matrix isn’t storing the world coordinates of the camera in the fourth column - I think I’m doing something wrong, but it still works), and basic texturing support (ugly screenshot) this weekend. Going to add a proper lighting model, work on shadows, and refactor the code a bit next weekend. That’ll all probably push me towards adding global illumination and volumetrics for the pretty lighting effects.

            Don’t want to get too bogged down in those details though, otherwise I’ll never actually write a game :P

            For school, I worked on writing a 2D robot simulator that models a differential drive robot that I’ll be using for the final project in my Robotics class (https://github.com/charles-l/robsim). Good practice for using my linalg skills.

            1. 2

              I don’t agree with this article. Besides the point about the big distros getting all the support (which is bad). It doesn’t affect me as much, since I use a niche distro (Void Linux FTW!). I’ve happily been running Linux for the past 5 years (which is slightly past the date range of this article…)

              I can’t think of one experience where I couldn’t build an old version of software I needed on Linux. If the project has a makefile, I have full confidence that I’ll be able to make && make install without trouble.

              Granted, most of the software I run is CLI based, but this it’s still true for all the graphical applications I run.

              While I don’t use Windows (at all) and rarely touch my Mac, I can’t really say the experience is as good with them. Some of my friends have found the Wine runs old Windows software better than Windows does (ironic, considiering that Linux is a better Windows than Windows). And the reason I switched from Mac to Linux was because the development experience was being crapped on with every update.

              This does all come from the perspective of a developer, but I still use it as a desktop user and would be restricted if I had to use OSX.

              1. 7

                Have been learning x86_64 asm for a couple of projects I have. I hope I’ll get my e-ink screens this week to start trying to make them refresh fast for a e-ink laptop project I’m working on.

                I’ve been also building my jekyll blog to release a couple of write-ups later this week.

                1. 1

                  Which e-ink screens? I haven’t seen anything that was particularly hacker-friendly when I’ve looked in the past.

                  1. 2

                    I went with these ones: https://www.waveshare.com/wiki/7.5inch_e-Paper_HAT Following the work from @ninjatrappeur

                    1. 1

                      Neat - thanks for the link.

                1. 7

                  I’m currently trying to hack together some sort of text editor, and learn some ClojureScript.

                  I’m embedding and forking Servo to render stuff, with NeoVim running as a daemon. I don’t really know if it will actually get anywhere, but it’s definitely an interesting learning experience.

                  1. 1

                    How easy is it to embed Servo? I’m curious since I haven’t seen any web browsers based on it yet, besides FF. Everything still seems to be Chrome based.

                    1. 1

                      It’s… interesting. It wasn’t actually that difficult, just not amazingly documented. The documentation that was there is a little outdated* and I had to figure it out. The main issue is just that it’s changing really quickly at the moment.

                      I’d definitely recommend having a go if you want, but I wouldn’t call it production ready.

                      *: I am planning on making a PR when I get the time!

                      1. 2

                        Interesting - that explains why I haven’t seen it used. Hoping the embedding gets better soon - I’d like to see servo in something like QuteBrowser.

                  1. 3

                    Finishing off my senior thesis thing on PL implementation (http://github.com/charles-l/capstone), and planning to delve into more graphics stuff this coming weekend. So far I have basic Racket bindings for mesh loading, shader loading, basic (hacky) keyboard/mouse input, and an FPS camera (demo). Still have a long way to go before the dern thing is actually usable, but I’ll start dog-fooding it once I have textures, physics, and some basic audio code working.

                    1. 4

                      Huh - this might be enough to make me give D a serious shot. Having to write binding code for something that’s roughly at the same level (i.e. its a low-level language, not a scripting layer - which I don’t mind writing bindings for) always seemed odd for me.

                      I write C++ like C anyway without much use of templates, so this would work perfectly for me.

                      1. 1

                        Uggg - this sucks. Twitterific is the only way I read Twitter anymore. The Twitter website and official app are trash - I can’t use them ’cause they stick so much unrelated junk in my notifications and timelines.

                          1. 2

                            Also http://andykeep.com/pubs/dissertation.pdf

                            I’ve been using this for my senior project for compilers, and it’s been quite nice. I really like how it does verification of your IR at each pass (really helps debugging), and how declarative each transformation is.

                          1. 7

                            But a lot fewer people think holistically in terms of writing an application in “Python + C”.

                            This is actually my preferred development style now. For some recent work, I was using Python for quick iteration, and an inital prototyping, then I profiled it, found the slow sections in the code, and rewrote those in C++ called through the FFI. I initially wrote the project in C++, but after rewriting it in Python with a few utility functions written in C++ I found it much easier to maintain and debug. I rarely hit segfaults anymore :)

                            Unfortunately, it’s probably not especially common that C is the engineering language you want

                            I’ve been thinking about this a lot recently. My prefered combo would be Scheme (for wizardry) + SML (for engineering) + C (for speed/low-level control), but there doesn’t seem to be an easy way combine these languages currently. Sure, there are implementations for each of these languages that emit LLVM bitcode, so I guess you could make it all play nice at the LLVM bitcode level. However, a functional IR at a higher level (i.e. a typed lambda calculus IR that could be targeted by functional languages), would be extremely nice since things like types wouldn’t be lost. I’m working on a project for this right now, but I’m not sure how well it’ll turn out.

                            Another interesting combination is described in Out of the Tar Pit. The authors suggest a functional language paired with a relational database. I think this model is very interesting and plan to try it with game development (using a custom lightweight in-memory database) with the goal of being as performant as possible (which should be easy since it’s a very data-driven model). This idea isn’t really new - it’s partially what Rails does already, which is why it can scale to larger projects successfully. The database is an engineering tool that handles typing.

                            Finally, I really like Racket’s ability to combine languages together in the same project. You can have two different modules in one project, one with Typed Racket and one with regular Racket (i.e. dynamically typed), and the two languages will happily interop with each other. To be honest, I haven’t really had a reason to do this in any of my non-trival Racket projects yet, but from what I’ve experiment with, it seems to work well.

                            1. 5

                              Terra Language seems like an interesting mixed language approach. High level Lua code and low level C-like Terra code can be mixed, with the Lua code being able to generate Terra for macro type purposes. One could write most of the system in Lua, dropping down to Terra for speed and mix and match as needed.

                              1. 5

                                If you combine Python and C++, you might find Nim interesting. It’s a language with Python-like syntax that compiles to C with low-latency GC (several actually). You might still prefer C++ for something requiring performance advantages of its abstractions. Given all the Python-to-Go conversions, there’s likely a set of apps you’d write where Nim’s performance alone would be fine. From there, you might either use C++ for the rest or see what of its abstractions you can port over to Nim to retain benefits of Python-like style. The times I’ve seen Racket or Haskell used for things like C++ metaprogramming tell me there’s probably some value for Python/C++ programmers in doing C++ within Python-like language.

                                Just a brainstorming aloud here. :)

                                Edit to add: I wrote that comment reading your first paragraph. Then I see you bring up Racket. Maybe I wouldn’t have to sell you on benefits of mocking up a system language in a macro language after all.

                                1. 4

                                  In my experience with FFI (at least in Python, with ctypes or cffi), crossing the boundary between the languages is very costly. In libparsing, which uses a C core and a Python module, 90% of the time is spend wrapping match objects from C to Python. This is arguably an edge case given the fact that parsers do generate a ton of data (the match nodes and the AST).

                                  1. 4

                                    Painfully true. It’s why both OpenVMS calling standard and Microsoft’s CLR were brilliant in standardizing that part across languages. Then, one can use the right tool for the job mixing them up as needed. That most hardware and compilers are optimized for C means its data types, calling conventions, etc are my default recommendation for this compatibility layer now regardless of what’s technically superior. If it’s possible: sometimes clean-slate stuff that’s not compatible actually gets adoption. Principle also applies to other massively-deployed runtimes like .NET, JVM, Apple Objective-C, or Android ART.

                                    In some cases, a subset of a massively-deployed language becomes this layer like we’ve seen with Javascript. One I eyeballed for that recently was Go language due to all the articles griping about it. The solution would be some language fixing its shortcomings while totally plugging into its ecosystem with zero-cost integration. That might get a good response. Last popular one with low barrier-to-entry I looked into assuring was PHP. Turns out Quercus beat me to general concept by re-implementing it in Java with access to Java libraries. Still possible to redo something like it or Python in Nim supporting a mix of better-via-new-lang components and legacy-stuff-gradually-rewritten-or-enhanced.

                                    1. 3

                                      JavaScript was indeed a promising candidate, with a highly optimized runtime, composite data types and prototypical inheritance. If only the steering committee of that language decided that instead of adding more features and make it look like Java or C#, they should focus on adding core primitives to make it faster (typing, pragma-like compiler hints), then we would have a pretty good candidate for a runtime on which to quickly build a wide range of languages. I’m sure that if we looked at the languages which are used as a base for other languages, JavaScript would come just after C, or maybe even first!

                                    2. 1

                                      I never really measured the cost of jumping back and forth between Python and C, but I’m sure it’s horrible. It’s fine for me because I tend to have the C code do a significant amount of processing before returning back into Python. Python type conversions regularly surprise me with how expensive they are, but I guess that’s because Python is the only language I pay close attention to for performance issues (since the problems I tend to solve with it are computationally expensive).

                                      1. 1

                                        And also if you try different runtimes like Py2, Py3 or PyPy you’ll see how things are handled differently. PyPy for instance has a tendency to reallocate strings, which forces you to copy string values from Python to C. I came to a point where I considered making the C library spit out a string representation of the matches to be parsed by Python. I did not do it, but I bet the performance might not be too different, maybe even better!

                                  1. 15

                                    C++ got its act together. Java and Perl came along (and later, Python). Meanwhile, Lisp hadn’t advanced much in about a decade (since the ANSI spec was finalized). It was still a win, but the competition had narrowed the field. Once upon a time Lisp had a long list of features that no other language had (GC, full numeric tower, CLOS, incremental development, macros) that list kept getting shorter and shorter, and the case for Lisp, which had never been easy even in the best of times, was getting harder and harder to make.

                                    I think that this is definitely an issue with Lisp. The core is really, really good; it still has plenty of features that common languages don’t have. But even though it’s more advanced than they are, it’s still stuck in 1994. The median language is a lot better in 2018 than it was in 1994: it’s JavaScript, which is a horrible, terrible, no-good language but still orders of magnitude better than C for software development.

                                    Lisp is still better: it still has things JavaScript, Python, Java, Ruby, Scala, Erlang & Go are all missing. But it’s not as much better as it used to be, because all of those languages are much more capable than C, assembler & Pascal.

                                    But then a very strange thing happened: I noticed that all around me people were writing code using C++ and Java and Python and even (gasp!) Perl, and they were actually getting it to work without tearing their hair out. In fact, in a number of cases I saw people whip things up in Perl in a couple of hours that would have taken me days or weeks to do in Lisp.

                                    I think that’s a factor of batteries being included. Once upon a time Common Lisp was derided for including hash tables: nowadays they are table stakes. Once upon a time people laughed at Common Lisp for being a huge standard; now they laugh at it for not including a web server, let alone standardising sockets.

                                    The good news is that this is fixable (we can always have a new standard, if we want to go to the effort), and in practice it more-or-less is fixed: Quicklisp provides semi-standard libraries for everything. Would it be nice to have a truly-standardised library equivalent to, say, Go’s? Hell yes. Can we get by with what we have now? Sure.

                                    I do think that the Lisp world needs to consider a compatibility-breaking Common Lisp 2 at some point. The world has changed a lot in 24 years; it’s time Lisp took note.

                                    1. 9

                                      What do you think of other newer age Lisps like Clojure?

                                      1. 9

                                        Honestly, I don’t like Clojure — it’s not (IMHO) really a Lisp (among other things, it breaks conses). It’s a neat language, but it’s not my cup of tea. I’d like to see a Lisp continued & carried on, not a break with tradition.

                                        1. 8

                                          cons, car, cdr is the least that I miss in clojure, I guess they are a bit too low-level for my taste (and kind of complicated for reading code, although I never had a problem writing them out for some reason).

                                          What I kind of miss is in Clojure is CLOS, i.e. a multiple dispatch object system.

                                          1. 3

                                            I am not familiar with CLOS, but Clojure does have this.

                                            1. 1

                                              Yes, and if it hadn’t this, one could probably write a multiple dispatch system with macros. I guess i could build my own island of multi methods. But that is a little different from an ecosystem that invests in them like Dylan or cl.

                                              1. 1

                                                I’ve been meaning to try Common Lisp. Things like the condition system, image dumping, CLOS, and MOP seem different from what I know and worth learning. I’m going to try out PAIP. Any insight on what the CL ecosystem tends to do with mutli-dispatch?

                                                1. 2

                                                  I might be the wrong person to ask, because I never really used it (CL, and multiple dispatch) for more than a few example programs. First of all it implements OO in a way that nicely fits into the lisp functional programming world, i.e. procedures/functions first. Then there are the instances were you’d normally resort to the visitor pattern and can use multiple dispatch for truely polymorphic functions. I think they aren’t as widespread as one might think, but every now and then, multiple dispatch really helps at keeping code simple.

                                        2. 8

                                          You beat me to it. Ill go straight to saying it seems to solve that very problem with proof being its mainstream status having a big community and plenty of job ads for it. Need more LISP initiatives like that.

                                        3. 8

                                          I do think that the Lisp world needs to consider a compatibility-breaking Common Lisp 2 at some point.

                                          i’d love to see that effort put into optimising the racket runtime and adding libraries to it, personally. i think it has real potential to be an “industrial-strength” langage; the design is already excellent.

                                          1. 6

                                            i’d love to see that effort put into optimising the racket runtime and adding libraries to it

                                            Some work is being done right now to integrate the Chez scheme backend with Racket, which would mean some really nice speed improvements for compiled code.

                                            1. 3

                                              The problem with Racket is that it’s very much a Scheme rather than Lisp, with all the mistakes that come with being a Scheme: Lisp-1, #f, (car '()) being an error. It’s an incredibly impressive body of work, but I wish that effort had been expended on Common Lisp instead.

                                              1. 8

                                                wait why shouldn’t that be an error though.

                                                1. 4

                                                  wait why shouldn’t that be an error though.

                                                  Because it makes writing code which walks through lists a bit simpler. It’s useful that (car nil)nil & (cdr nil)nil. This — like having multiple namespaces — is one of the places where Lisp is more pragmatic than Scheme. I find that quality attractive in a programming language meant to be used.

                                                  I really wish that I could find a good article about this to share with you. I know that I’ve read one in the past, found the arguments convincing and have had the ‘nil should be carable’ bit set in my head since.

                                                  1. 7

                                                    It’s useful that (car nil) → nil & (cdr nil) → nil.

                                                    That sounds horrible, a recipe for “foo is not a property of undefined”-style errors miles away from where the problem actually occurred. Surely your functions should know what kind of data they expect to be operating on, and fail-fast is not.

                                                    1. 3

                                                      Yes that is my view too. Though I think for smal projects bargap’s proposal could be good but as the project grows in size the need for errors to happen close to the source of the problem grows.

                                                      1. 1

                                                        It actually works out very well with the sort of code which is written in Lisp. Typically, Lisp systems depend on it.

                                                        1. 2

                                                          I’ve found it to be the single largest source of errors in the lisp systems I work with.

                                                          1. 1

                                                            Are you writing Lisp or Scheme? If you’re finding it to be a huge source of errors in Scheme, then wouldn’t that tend to support the Common Lisp way of doing things?

                                                            1. 3

                                                              I mostly write Clojure and Emacs Lisp, (since 2008 and 2004 respectively) which use nil in the same way Common Lisp does. I don’t have these problems when I write Racket.

                                                              1. 1

                                                                I don’t know Clojure, but I’ll agree elisp is a good basis for comparison. All I can say is that my experience with elisp & Common Lisp differs from your own, and that my experience with Scheme has convinced me that I do not want to write a large system in it — nor use a large system written in it.

                                                      2. 6

                                                        Leaving nil out of the language is hands-down my favorite thing about Racket. So many of the problems of CL and Clojure just evaporate completely.

                                                        1. 6

                                                          Of course Racket has nil. It’s just written '().

                                                          1. 7

                                                            When I say nil here I’m referring to a single value which can mean “emptiness”, “false”, or “not found” depending on the context. Racket has three different values for each of those cases instead of lumping them all into a single value, and that is much less error-prone.

                                                        2. 2

                                                          Could you write a car that doesn’t error, Call it care

                                                  2. 3

                                                    That reference to Quicklisp made me think about slib

                                                    I like the idea of having a standard library build only on spec scheme and app’s built with the specific particularities of scheme implementations.

                                                  1. 1

                                                    Still no code on their GitHub profile :’(

                                                    1. 3

                                                      check the FAQ

                                                      1. 5

                                                        Needs a new distributed version control system where the versioned objects are sheets of paper and changelists are composed of paper cutouts and glue.

                                                        1. 3

                                                          It’ll certainly bring a fresh perspective to the “your project is still stuck on CVS?” :)

                                                    1. 2

                                                      Why is this a surprise? Function calls will always have slight overhead, because of the indirection of a jump. That’s why inlining is a thing.

                                                      1. 10

                                                        The surprising thing is I would expect {} to be syntactic sugar for dict().

                                                        1. 3

                                                          Really? Since {} is recognized by the parser, I’d expect to generate the opcode directly as part of the bytecode compilation pass.

                                                          Frankly, I’m surprised that dict() doesn’t compile to an opcode, since it’s easy to inline. I guess doing that would take away the ability to rebind what dict() does in the local scope (but I don’t know why anyone would care besides that).

                                                          1. 7

                                                            You can even rebind it globally.

                                                            $ python3
                                                            >>> dict({1: 2})
                                                            {1: 2}
                                                            >>> import builtins
                                                            >>> builtins.dict = list
                                                            >>> dict({1: 2})
                                                            [1]
                                                            

                                                            EDIT: use builtins instead of __builtins__, compare https://stackoverflow.com/questions/11181519/python-whats-the-difference-between-builtin-and-builtins

                                                      1. 3

                                                        My requirements for a laptop are pretty simple, but they’re apparently impossible to meet:

                                                        • A sturdy, metal chassis. It shouldn’t bend easily, nor should I be able to create screen artifacts when I push on the back
                                                        • A 1080p display or better (it’s absurd to me that many laptops today still ship with 1024x768 displays)
                                                        • A decent keyboard
                                                        • HDMI (or mini-HDMI) out
                                                        • SSD, 128GB is more than sufficient
                                                        • Not be Apple (I don’t like how locked-down their hardware is)
                                                        • Cost less than $2500

                                                        Thus far, I have found nothing that meets these requirements.

                                                        1. 3

                                                          I haven’t used one myself, but the laptops from puri.sm look pretty good. A bit of a gamble, though (small company with not much of a track record yet).

                                                          1. 1

                                                            Reviews on YouTube have been helpful and reassuring, in my experience.

                                                          2. 2

                                                            I’ve had reasonable success with the Asus ZenBook. It’s a total ripoff of the macbook air design, but I’m fine with it. Runs Linux nicely and has reasonable support for OpenBSD (sans trackpad). It’s my daily driver for when I’m at school and can’t use a huge desktop machine like I normally would.

                                                            1. 1

                                                              I returned the ZenBook because the fan was so noisy and would start as soon as you thought about moving the mouse. Instead, I got the HP Spectre x360, which was so silent I had to make -j something just to prove to myself that there was a fan. It also looks much better (one of the few laptops that look really good without being a Macbook ripoff).

                                                              Both seem to run Ubuntu just fine, though I’ve of course tested the Spectre much more.

                                                          1. 1

                                                            But… why not just pass a lambda with a pattern match and call it a day? I know ruby doesn’t have pattern matching but a switch statement can be used with the .class method and its way less code.

                                                              1. 5

                                                                Some people don’t understand why URLs should not change: https://www.w3.org/Provider/Style/URI

                                                              1. 2

                                                                I’m not seeing this issue at all when testing with clang 4.0.1 and 6.0.0 (slightly out of date trunk), but the issue (if it exists in a different version) isn’t that function pointers are bad. That dead code should be removed in an early analysis passes of LLVM so there’s no chance of calling it later on.

                                                                1. 1

                                                                  FWIW, I think it’s with some versions. I see it with Clang 3.9.1:

                                                                  > clang --version
                                                                  clang version 3.9.1-4ubuntu3~16.04.1 (tags/RELEASE_391/rc2)
                                                                  Target: x86_64-pc-linux-gnu
                                                                  Thread model: posix
                                                                  InstalledDir: /usr/bin
                                                                  

                                                                  with -O1:

                                                                  0000000000400520 <main>:
                                                                    400520:       eb ee                   jmp    400510 <_ZL8EraseAllv>
                                                                    400522:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
                                                                    400529:       00 00 00
                                                                    40052c:       0f 1f 40 00             nopl   0x0(%rax)
                                                                  

                                                                  with -O3:

                                                                  0000000000400510 <main>:
                                                                    400510:       bf a4 05 40 00          mov    $0x4005a4,%edi
                                                                    400515:       e9 b6 fe ff ff          jmpq   4003d0 <system@plt>
                                                                    40051a:       66 0f 1f 44 00 00       nopw   0x0(%rax,%rax,1)
                                                                  

                                                                  and I just grabbed the build of Clang 5.0.0-svn312333-1~exp1 and see it there too.

                                                                1. 4

                                                                  Lisp’s boast is that Code is Data. Ruby accidentally and regrettably allowed Data to become Code. Oops.

                                                                  Huh? That’s not what’s happening - a deserialization method that allows DOSing isn’t allowing data to become code. It’s just an unsafe function.

                                                                  While I agree that you don’t want complex functions that are difficult to audit facing the public interwebs, the entire reason I like using Ruby is because it “gives me too much power.” Ruby is a language designed for small teams of good programmers. If you want something that takes away power from the developer (and thus will always increase development time), use Java.

                                                                  1. 5

                                                                    the entire reason I like using Ruby is because it “gives me too much power.”

                                                                    I don’t think the author is saying Ruby is too powerful. I think they’re saying the two problems observed here:

                                                                    • writing a YAML parser that automatically recognizes !-directives and turns the contents into arbitrary Ruby classes
                                                                    • writing an XML parser that automatically recognizes <id type="yaml"> tags and parses the contents as YAML

                                                                    have the same underlying problem: Rubyists in 2013 had written libraries that were more powerful than they needed to be, and thus had vulnerabilities one wouldn’t expect the libraries to have.

                                                                    Lisp’s boast is that Code is Data. Ruby accidentally and regrettably allowed Data to become Code. Oops.

                                                                    Huh? That’s not what’s happening - a deserialization method that allows DOSing isn’t allowing data to become code. It’s just an unsafe function.

                                                                    Both things are happening, actually. (Or, at least, were happening in 2013.) That there are lots of DOS attacks against XML parsers is generally true of XML parsers, but not the main point. The problem that prompted the article is that Ruby’s XML parser, in 2013, would parse embedded YAML; and Ruby’s YAML parser would interpret YAML ! directives as intended Ruby classes. So a payload like the one below would result in remote code execution. (CVE-2013-0156)

                                                                    <id type="yaml">
                                                                    ---
                                                                    !ruby/object:Gem::Requirement
                                                                    requirements:
                                                                      - !ruby/object:Rack::Session::Abstract::SessionHash
                                                                          env:
                                                                            HTTP_COOKIE: "a=#{payload}"
                                                                          by: !ruby/object:Rack::Session::Cookie
                                                                            coder: !ruby/object:Rack::Session::Cookie::Base64::Marshal {}
                                                                            key: a
                                                                            secrets: []
                                                                          exists: true
                                                                    </id>
                                                                    
                                                                    1. 1

                                                                      Comparison with lisp is not by accident, it’s the same “lisp vs unix” discourse, “The Right Thing vs Worse is better”, modernist design vs postmodernist design.

                                                                      Fortunately, Ruby (and Rails too) is in the middle of this spectrum. On one extreme side we have Perl, on other side Clojure. Rails (which defines much of Ruby culture) is slowly moving towards modernist side in recent times because it’s in fashion now. I impatiently wait for times when Perl approaches will be in fashion again.

                                                                    1. 4

                                                                      I started working on a little 3D game/graphics engine in C with Chibi Scheme embedded inside. I ran into some issues with the automatic FFI code generator (for static arrays inside structs), so I’m working on a patch to correct that.

                                                                      I’m interested to see where performance will actually be a problem, especially since Chibi isn’t an especially performance aggressive scheme. I’ve fallen into a little premature optimization trap since I decided to make vectors and matrices packed C structs rather than using a scheme vector/list for storage. I’m sure boxing/unboxing of matrices would be the source of a performance bottleneck and implementing all the important math in C should head it off before it becomes a problem. Probably.