<< 23-10-2023 >>
00:02:19*Mister_Magister quit (Quit: bye)
00:04:14*Mister_Magister joined #nim
00:07:05arkanoidtrying right now. It's harder than expected. Surely the *Impl wrapper version seems cleaner
00:07:22arkanoidbut I feel like learning something very interesting
00:07:30arkanoidninja typing
00:09:11arkanoiddone: https://play.nim-lang.org/#ix=4JIX
00:12:21arkanoidI have yet to address what's the full potential of this pattern. Seems to overlap with the effect system
00:17:23FromDiscord<Elegantbeef> Yea it's a kinda like a type based effect tracking, instead of side effect
00:17:43*xet7__ joined #nim
00:21:48*xet7_ quit (Ping timeout: 260 seconds)
00:23:58arkanoidin the wrapper (ExperimentImpl) solution, I'm not quite sure why copies should be blocked on ExperimentImpl[T] instead of Experiment[T; MaterialState: static State]
00:24:24FromDiscord<Elegantbeef> I'm lazy and it was easier that way
00:24:57arkanoidyou mean the choice between the two meakes no difference, being one the distinct version of the other?
00:25:35FromDiscord<Elegantbeef> Since the distinct inherits the 'parent's hooks, it's the same for most intents and purposes
00:26:23FromDiscord<Elegantbeef> If `ExperimentImpl` is not exported there is no practical difference really
00:26:23FromDiscord<Elegantbeef> But yes you'd want to define your hooks to be the least intrusive
00:27:40arkanoidsure, on the edge of the type system
00:28:50*xet7_ joined #nim
00:32:53*xet7__ quit (Ping timeout: 260 seconds)
00:50:23arkanoidElegantbeef, thanks again for all the hints. It has been an interesting weekend. Goodnight
01:03:59*xet7__ joined #nim
01:07:51*xet7_ quit (Ping timeout: 240 seconds)
01:07:58*xet7 joined #nim
01:11:23*xet7__ quit (Ping timeout: 260 seconds)
01:13:31FromDiscord<takemichihanagaki3129> Is there something similar to Python's Protocol in Nim?
01:14:01FromDiscord<takemichihanagaki3129> In reply to @takemichihanagaki3129 "Is there something similar": I mean, structural inheritance instead of nominal one.
01:20:12*xet7_ joined #nim
01:23:49*xet7 quit (Ping timeout: 245 seconds)
01:36:21*xet7__ joined #nim
01:39:02FromDiscord<takemichihanagaki3129> NVM, Concepts is what I'm looking for!↵https://nim-lang.org/docs/manual_experimental.html#concepts
01:39:55*xet7_ quit (Ping timeout: 258 seconds)
01:49:29*xet7_ joined #nim
01:53:23*xet7__ quit (Ping timeout: 260 seconds)
02:12:43*xet7__ joined #nim
02:14:47*xet7 joined #nim
02:16:20*xet7_ quit (Ping timeout: 258 seconds)
02:17:53*xet7__ quit (Ping timeout: 260 seconds)
02:26:34FromDiscord<demotomohiro> sent a long message, see http://ix.io/4JJe
02:27:26FromDiscord<Elegantbeef> They don't want copy for typestates
02:27:56FromDiscord<Elegantbeef> The code is using type states, which means wherever a state change happens the memory needs to be given to prevent later use of that value/type
02:30:54FromDiscord<demotomohiro> I see.
02:32:11FromDiscord<demotomohiro> So you don't want to read `e1` after declaring `e2`.
02:33:44FromDiscord<Elegantbeef> Correct
02:35:39FromDiscord<Elegantbeef> sent a code paste, see https://play.nim-lang.org/#ix=4JJf
02:38:21*xet7_ joined #nim
02:40:18FromDiscord<demotomohiro> That looks nice
02:42:23*xet7 quit (Ping timeout: 260 seconds)
02:49:31*xet7__ joined #nim
02:53:24*xet7_ quit (Ping timeout: 245 seconds)
02:57:39*xet7_ joined #nim
02:59:41*xet7 joined #nim
03:01:19*xet7__ quit (Ping timeout: 245 seconds)
03:02:34*xet7_ quit (Ping timeout: 245 seconds)
03:02:41*xet7__ joined #nim
03:06:33*xet7 quit (Ping timeout: 258 seconds)
03:07:19*xet7_ joined #nim
03:11:19*xet7__ quit (Ping timeout: 245 seconds)
03:13:29*xet7__ joined #nim
03:17:40*xet7_ quit (Ping timeout: 258 seconds)
03:19:27*xet7_ joined #nim
03:23:25*xet7__ quit (Ping timeout: 258 seconds)
03:23:48*xet7__ joined #nim
03:28:01*xet7_ quit (Ping timeout: 258 seconds)
03:29:22*azimut joined #nim
03:29:48*xet7_ joined #nim
03:30:47*xet7 joined #nim
03:33:49*xet7__ quit (Ping timeout: 245 seconds)
03:34:09*xet7__ joined #nim
03:34:53*xet7_ quit (Ping timeout: 260 seconds)
03:35:48*xet7_ joined #nim
03:36:03*xet7 quit (Ping timeout: 260 seconds)
03:37:37*xet7 joined #nim
03:40:08*xet7__ quit (Ping timeout: 260 seconds)
03:40:39FromDiscord<odexine> ~~out is a keyword isnt it~~
03:40:43*xet7_ quit (Ping timeout: 260 seconds)
03:41:08*xet7_ joined #nim
03:43:03*xet7 quit (Ping timeout: 260 seconds)
03:51:09*xet7__ joined #nim
03:52:59*xet7 joined #nim
03:54:46*xet7_ quit (Ping timeout: 252 seconds)
03:55:17*xet7_ joined #nim
03:56:25*xet7__ quit (Ping timeout: 252 seconds)
03:57:29*xet7 quit (Ping timeout: 246 seconds)
04:03:38*xet7__ joined #nim
04:07:30*xet7_ quit (Ping timeout: 258 seconds)
04:12:29*xet7_ joined #nim
04:16:19*xet7__ quit (Ping timeout: 258 seconds)
04:16:50*xet7__ joined #nim
04:20:58*xet7_ quit (Ping timeout: 260 seconds)
04:22:07*xet7 joined #nim
04:25:01*xet7__ quit (Ping timeout: 252 seconds)
04:31:58*xet7_ joined #nim
04:36:01*xet7 quit (Ping timeout: 252 seconds)
04:37:15*xet7__ joined #nim
04:41:23*xet7_ quit (Ping timeout: 260 seconds)
04:43:29*xet7_ joined #nim
04:45:04*xet7 joined #nim
04:47:48*xet7__ quit (Ping timeout: 260 seconds)
04:47:59*xet7_ quit (Ping timeout: 245 seconds)
04:48:25*xet7_ joined #nim
04:50:29*xet7 quit (Ping timeout: 245 seconds)
05:03:27*xet7__ joined #nim
05:07:09*xet7_ quit (Ping timeout: 245 seconds)
05:11:17*xet7_ joined #nim
05:14:51*xet7__ quit (Ping timeout: 246 seconds)
05:37:01*xet7__ joined #nim
05:40:44*xet7_ quit (Ping timeout: 246 seconds)
05:41:57*advesperacit joined #nim
05:43:31*xet7__ quit (Quit: Leaving)
06:35:58FromDiscord<Chronos [She/Her]> In reply to @Elegantbeef "Say this was an": Wouldn't `Gpio[Output](1)` be nicer?
06:38:22FromDiscord<Elegantbeef> Except you need to set the pin high in a proc
06:38:55FromDiscord<Chronos [She/Her]> Ah that makes sense
06:39:03FromDiscord<Elegantbeef> Sorry set the pin to output
06:39:14FromDiscord<Elegantbeef> so it'd be like `let myPin = output(1)`
06:40:07FromDiscord<Chronos [She/Her]> Yeah that makes sense
07:14:59*xet7 joined #nim
08:14:59*PMunch joined #nim
08:49:57*adium quit (Read error: Connection reset by peer)
09:06:58FromDiscord<Chronos [She/Her]> sent a code paste, see https://play.nim-lang.org/#ix=4JJR
09:11:33PMunchDefine dangerous
09:11:43PMunchIt won't kidnap your kids or murder your buddy
09:12:09FromDiscord<odexine> are you sure about that
09:12:24PMunchYou got me there, I didn't actually read the code :P
09:13:24PMunchI'm not sure why you are casting stuff to a pointer here
09:14:58PMunchAnd what exactly are you trying to achieve?
09:16:03PMunchOh you're casting to a pointer so that you can have procs which takes different types in there, that makes sense
09:17:27*adium joined #nim
09:19:04PMunchI guess it should be safe. Tried to pass a closure in but it complained that it couldn't be cast to a pointer
09:19:30PMunchAnd since you're not allowed to pass in closures you won't have issues with the GC
09:20:10FromDiscord<Elegantbeef> The real issue is using `string`
09:20:21PMunchIt's even able to handle exceptions, which is nice
09:20:30PMunchWhat do you mean Elegantbeef?
09:20:32FromDiscord<Elegantbeef> If this doesnt have to be serialised just `getTypeInfo`
09:21:12FromDiscord<Elegantbeef> Using strings is icky and if two types are named the same but have different type implementations it's an unhandled collision
09:21:19PMunchOh right, if you used this from two modules with types named the same?
09:21:28PMunchYeah, that would be bad
09:21:32FromDiscord<Elegantbeef> Yes
09:22:05FromDiscord<Elegantbeef> sent a code paste, see https://play.nim-lang.org/#ix=4JJU
09:22:41FromDiscord<Elegantbeef> Luckily Nim's type info is always there and is just a pointer so good for tagging types
09:22:51FromDiscord<Elegantbeef> It's what I use in my ECS for instance
09:23:48PMunchHuh, that's nifty
09:23:53PMunchWhat is it a pointer to?
09:24:28FromDiscord<Elegantbeef> can always use `once` or have an `assert default(t).getTypeInfo not in eventHandlers`
09:24:28FromDiscord<Elegantbeef> The type information 😛
09:24:30FromDiscord<Elegantbeef> The stuff https://nim-lang.org/docs/typeinfo.html abstracts
09:43:14FromDiscord<Chronos [She/Her]> In reply to @Elegantbeef "If this doesnt have": Oh that's probably a good idea
09:48:18arkanoidhow would you implement dynamic typing in a nim program?
09:48:57arkanoidI mean dtypes, to load and handle external typed data formats
09:58:39FromDiscord<Chronos [She/Her]> Ah... Hey Beef, how would I check if a param has a certain type? Making validation a tad more strict to prevent funky behaviour when registering listeners
09:59:14FromDiscord<Chronos [She/Her]> In reply to @arkanoid "I mean dtypes, to": Do you mean dynamic as in something similar to `JsonNode`s and how they store data?
09:59:33FromDiscord<taperfade> In reply to @user2m "`nim c -r ": Thx but i meant in the code itself
10:03:04FromDiscord<taperfade> I want it to copy itself into startup
10:04:14FromDiscord<Chronos [She/Her]> In reply to @taperfade "Thx but i meant": Docs exist, look at `std/os` and figure out how to copy and get the current binary
10:04:29FromDiscord<Chronos [She/Her]> In reply to @taperfade "I want it to": Why are you making malware
10:07:20FromDiscord<taperfade> Its not malware this time
10:07:32FromDiscord<taperfade> I just want it to do something on startup
10:07:44FromDiscord<taperfade> Just thinking abt what it could do
10:08:01FromDiscord<taperfade> :groover:
10:09:12FromDiscord<taperfade> Also i made malware but im too stupid for anything too fancy
10:09:28FromDiscord<Chronos [She/Her]> In reply to @taperfade "Its not malware this": ...'this time'
10:09:30FromDiscord<Chronos [She/Her]> Sigh
10:09:42FromDiscord<taperfade> https://tenor.com/view/canthelpmyself-gif-27241158
10:09:47FromDiscord<taperfade> No embed
10:09:50FromDiscord<taperfade> Very sad
10:09:57FromDiscord<taperfade> In reply to @chronos.vitaqua "...'this time'": Yeah
10:10:12FromDiscord<taperfade> Lost all trust on me 😭
10:10:14FromDiscord<Chronos [She/Her]> `getAppFilename()` should be enough for you
10:10:25FromDiscord<taperfade> Thx :3
10:10:45FromDiscord<arathanis> In reply to @taperfade "Its not malware this": 🤨 📸
10:10:54FromDiscord<Chronos [She/Her]> https://nim-lang.org/docs/osfiles.html#copyFile%2Cstring%2Cstring also for copying files:
10:11:14FromDiscord<taperfade> Hell yeah
10:11:29FromDiscord<taperfade> :teehee:
10:11:40FromDiscord<taperfade> I will make fungi simulation
10:11:50FromDiscord<taperfade> It will spread through your whole pc
10:12:07FromDiscord<taperfade> And sometimes mushrooms will grow on your desktop
10:12:27FromDiscord<Chronos [She/Her]> Sounds like malware
10:12:30FromDiscord<taperfade> I rlly loved that era when malware was cool af
10:12:38FromDiscord<taperfade> With cool visuals
10:12:45FromDiscord<taperfade> And most of the time not actually malicious
10:13:04FromDiscord<Chronos [She/Her]> Too bad that that's gone
10:13:09FromDiscord<taperfade> Sadge
10:13:13FromDiscord<taperfade> I will make
10:13:15FromDiscord<taperfade> No worry
10:13:35FromDiscord<taperfade> Holy shir
10:13:41FromDiscord<taperfade> I will call it mold mario
10:13:54FromDiscord<Chronos [She/Her]> Sigh
10:14:03FromDiscord<taperfade> https://media.discordapp.net/attachments/371759389889003532/1165956291538202675/image0.jpg?ex=6548bc6a&is=6536476a&hm=da7015a1653dd45527626e94f897b508c8fc49607168e538d93b40e1c3773939&
10:14:06FromDiscord<taperfade> Lmfao
10:14:13FromDiscord<taperfade> Its gonna be so hilarious
10:14:16FromDiscord<taperfade> Trust
10:33:29FromDiscord<nnsee> In reply to @taperfade "Its not malware this": that's literally what you said last time when you asked about something that was incredibly sus
10:33:29FromDiscord<nnsee> denied it
10:33:49FromDiscord<nnsee> and then i caught you red handed
10:33:55FromDiscord<nnsee> so why would this time be any different?
10:35:01FromDiscord<nnsee> oh for fuck's sake
10:35:02FromDiscord<nnsee> https://github.com/senzur/madkitty-grabber/blob/main/madkitty.nim
10:36:41FromDiscord<nnsee> you keep pulling the same shit time and time again https://media.discordapp.net/attachments/371759389889003532/1165961984513163335/image.png?ex=6548c1b7&is=65364cb7&hm=f5051b7a346c32254774f4720cee149b7c9261249e62a6f4ed163f4dcad81f93&
10:40:34FromDiscord<sOkam! 🫐> In reply to @arkanoid "I mean dtypes, to": `pointer` and vulkan-C-like handling of the actual type kinds with enums? that might fit 🤔
10:41:12FromDiscord<sOkam! 🫐> (edit) "🤔" => "🤔↵https://registry.khronos.org/vulkan/specs/1.3-extensions/man/html/VkStructureType.html"
10:41:55FromDiscord<sOkam! 🫐> my understanding is that they have internal code that checks the type and casts the raw pointer passed to the correct actual type
10:42:06FromDiscord<sOkam! 🫐> (edit) "my understanding is that they have internal code that checks the type and casts the raw pointer passed to the correct actual type ... " added "based on the enum"
11:43:25FromDiscord<taperfade> Ras is my arch enemy apparently
11:43:31FromDiscord<taperfade> Stalking my github
11:45:19FromDiscord<pmunch> You're the one who keeps posting your malware on a public website..
11:45:37FromDiscord<taperfade> Yuh
11:45:40FromDiscord<taperfade> Its fun
11:45:42*PMunch quit (Quit: Leaving)
11:45:46FromDiscord<taperfade> :kirukosmug:
11:45:59FromDiscord<taperfade> Im too bad to make something actually really malicious
11:46:05FromDiscord<taperfade> Dw
11:47:10FromDiscord<Phil> Pmunch, I would like to propose a rule that is against writing malware on discord/asking for help with writing one.↵I'm just not sure how to phrase it so it's clear that doesn't apply to writing protection measures against it
11:48:32FromDiscord<taperfade> Yeah
11:48:37FromDiscord<taperfade> Well
11:48:51FromDiscord<taperfade> Im consistently working on different stuff
11:49:05FromDiscord<taperfade> Im scared to ask anything if that becomes a rule
11:49:19FromDiscord<taperfade> :P
11:57:44*junaid_ joined #nim
12:06:35*junaid_ quit (Remote host closed the connection)
12:32:39FromDiscord<mratsim> In reply to @isofruit "Pmunch, I would like": Is red teaming malware?
12:32:46FromDiscord<Chronos [She/Her]> In reply to @nnsee "you keep pulling the": I'm not even surprised
12:35:28FromDiscord<.e.l.i> what https://media.discordapp.net/attachments/371759389889003532/1165991881570791434/image.png?ex=6548dd8f&is=6536688f&hm=a406e15c70bd8c16eb4acf2ad60fe4abaa8b82675c06b208222d6ba70c24f733&
12:35:33FromDiscord<Chronos [She/Her]> In reply to @isofruit "Pmunch, I would like": - Creation of malware and support for it is forbidden within this server. This does not apply to writing malware protection measures.
12:35:38FromDiscord<Chronos [She/Her]> In reply to @.e.l.i "what": ...what
12:35:52FromDiscord<.e.l.i> In reply to @nnsee "https://github.com/senzur/madkitty-grabber/blob/mai": from this...
12:35:58FromDiscord<.e.l.i> I should have led with that
12:36:02FromDiscord<Chronos [She/Her]> Ah... Not even surprised
12:37:56FromDiscord<.e.l.i> this is a mastermind hacker https://media.discordapp.net/attachments/371759389889003532/1165992502176776192/image.png?ex=6548de23&is=65366923&hm=e6b19f0bce24a66af3c5e8d1aab08b4fd4f481f77a6edcd8a3c5a4f5b3cb79dd&
12:41:01FromDiscord<Chronos [She/Her]> Lol
12:42:11FromDiscord<_gumbercules> It's funny to me because as long as the malware is from some approved authority like MS or the NSA apparently no one cares
12:42:33FromDiscord<_gumbercules> As soon as some n00b tries to write a keylogger in Nim the world is suddenly on fire
12:43:53FromDiscord<Chronos [She/Her]> In reply to @_gumbercules "It's funny to me": What malware from them? Curious
12:44:14FromDiscord<Chronos [She/Her]> In reply to @_gumbercules "As soon as some": I mean, coule make AVs flag Nim even more, which wouldn't be great
12:45:19FromDiscord<_gumbercules> Antivirus software is malware in its own right so who cares?
12:45:44FromDiscord<_gumbercules> In reply to @chronos.vitaqua "What malware from them?": Look up Edward Snowden or just google nsa backdoors
12:46:29FromDiscord<_gumbercules> Everyone acts like security is so important but in reality nation states already have backdoors into everything
12:46:39FromDiscord<.e.l.i> In reply to @_gumbercules "Look up Edward Snowden": Only one I know of is Dual_EC_DRBG, but it's been withdrawn
12:47:04FromDiscord<_gumbercules> Im sure the NSA is disclosing them all to you
12:47:07FromDiscord<Chronos [She/Her]> Ah not surprised about the NSA having backdoors in everything
12:47:17FromDiscord<_gumbercules> Not just the NSA
12:47:21FromDiscord<.e.l.i> It was alleged they paid RSA to distribute it when they had a secret cryptographic backdoor
12:47:23FromDiscord<Chronos [She/Her]> And other companies obviously
12:47:34FromDiscord<_gumbercules> Any nation state with the capacity
12:47:51FromDiscord<.e.l.i> In reply to @_gumbercules "Im sure the NSA": No, they actually haven't, but thank you for thinking so.
12:47:54FromDiscord<mratsim> There are Ubiquiti backdoors aparently, and also a Swiss company
12:48:08FromDiscord<_gumbercules> In reply to @.e.l.i "No, they actually haven't,": It was sarcasm hahaha
12:48:17FromDiscord<_gumbercules> But I'm pretty sure you know that
12:48:40FromDiscord<mratsim> (edit) "Ubiquiti" => "Unifi"
12:48:42FromDiscord<_gumbercules> Security is an illusion
12:48:44FromDiscord<mratsim> https://twitter.com/matthew_d_green/status/1703959863796158678?s=20
12:49:01FromDiscord<.e.l.i> In reply to @_gumbercules "Security is an illusion": not if you use Rust! /s
12:49:08FromDiscord<_gumbercules> Lol
12:49:16FromDiscord<mratsim> https://www.forbes.com/sites/daveywinder/2020/02/12/cia-secretly-bought-global-encryption-provider-built-backdoors-spied-on-100-foreign-governments/
12:49:31FromDiscord<mratsim> In reply to @.e.l.i "not if you use": Rust "only" prevents memory bugs.
12:49:47FromDiscord<_gumbercules> Its like the dairy industry in the US - propped up by lies and psyops
12:49:54FromDiscord<mratsim> It's like you know how to protect from the flu and thinking you solved medecine
12:50:01FromDiscord<mratsim> (but the flu is a huge PITA)
12:50:59FromDiscord<.e.l.i> In reply to @mratsim "It's like you know": Is medicine something to solve?
12:51:24FromDiscord<.e.l.i> Pedantic, but I see your point.
12:52:08FromDiscord<mratsim> My main peeve with Rust is overpromising stuff like "fearless concurrency"
12:52:32FromDiscord<.e.l.i> Yes, as long as you don't fear UB.
12:52:34FromDiscord<_gumbercules> It's funny because the CIA and DARPA invented the internet and enabled most of modern computing
12:52:45FromDiscord<_gumbercules> and people think they can somehow secure their shit
12:53:09FromDiscord<_gumbercules> pretty sure intelligence agencies were thinking about these things when they creatd these technologies in the first place, no?
12:53:51FromDiscord<nnsee> In reply to @_gumbercules "It's funny to me": what do you mean no-one cares? It's literally a bombshell every time new information like this drops
12:53:54FromDiscord<_gumbercules> every big tech company has some intelligence agency behind it / conncted to it in some way
12:54:20FromDiscord<_gumbercules> In reply to @nnsee "what do you mean": it's a bombshell for security researchers - no one bats an eye outside of that field
12:54:55FromDiscord<_gumbercules> thus why when I mentioned it - almost no one in here was aware of it
12:55:05FromDiscord<nnsee> and they do for keyloggers written by n00bs? I'm not sure the comparison you're trying to make here makes sense
12:55:10FromDiscord<_gumbercules> unless they pay close attention to security - which unfortunately most people don't
12:55:42FromDiscord<.e.l.i> In reply to @nnsee "and they do for": I think n00b is a little hasty. Did you see the fake error diversion tactic? That's pretty advanced
12:55:54FromDiscord<nnsee> his words, not mine :p
12:55:57FromDiscord<mratsim> In reply to @.e.l.i "I think n00b is": >_>
12:56:01FromDiscord<_gumbercules> apparently - because this n00bs keylogger generated 100x more discussion than the discovery of a potential NSA backdoor in AWS hardware used for storing secrets
12:56:26FromDiscord<_gumbercules> in this discord server anwyay
12:56:36FromDiscord<mratsim> In reply to @_gumbercules "apparently - because this": Have you heard of Chinese silicon backdoors, sent to AWS
12:56:37FromDiscord<nnsee> because the person directly responsible for it is literally in this channel asking for help on it?
12:56:44FromDiscord<_gumbercules> In reply to @mratsim "Have you heard of": yes I know they are verywhere
12:56:51FromDiscord<_gumbercules> and my point is - who cares?
12:56:55FromDiscord<_gumbercules> let them ask questions
12:56:57FromDiscord<mratsim> anyway, this is for #offtopic now
12:57:12FromDiscord<_gumbercules> what are they going to do that is worse than what has already transpired? maybe they're trying to learn how to write one so they can get into the field of security
12:57:35FromDiscord<nnsee> In reply to @_gumbercules "and my point is": I think most people would not be okay with knowing that they unwittingly helped some skid write malware my dude
12:57:43FromDiscord<_gumbercules> being openly hostile to someone for asking questions about how to do something even if it seems malicious is silly in my estimation - I'm sure everyone in here at some point had the idea in their head that being a hacker would be cool
12:57:53FromDiscord<_gumbercules> I'm prefectly fine with it / don't care
12:58:03FromDiscord<nnsee> you're also not most people
12:58:11FromDiscord<_gumbercules> thankfully
12:58:22FromDiscord<nnsee> 🙄
12:58:58FromDiscord<Chronos [She/Her]> In reply to @_gumbercules "It's funny because the": I swear it was CERN who made the www
12:59:11FromDiscord<_gumbercules> no they made the large hadron collider
12:59:23FromDiscord<_gumbercules> which is a whole nother leve of batshit craziness but I'm not going to get into that here
12:59:44FromDiscord<Chronos [She/Her]> Yep it was CERN
12:59:54FromDiscord<Chronos [She/Her]> Google says so
13:00:20FromDiscord<_gumbercules> 😄 they may have made the world wide web - but DARPA made the internet
13:00:35FromDiscord<_gumbercules> and either way they're intimately connected to intelligence services
13:01:16FromDiscord<_gumbercules> https://www.darpa.mil/about-us/timeline/arpanet
13:01:22FromDiscord<Chronos [She/Her]> Hm
13:01:27FromDiscord<_gumbercules> https://qz.com/1145669/googles-true-origin-partly-lies-in-cia-and-nsa-research-grants-for-mass-surveillance
13:01:38FromDiscord<mratsim> I think we're really off-tangent here, so continue this in #offtopic
13:01:49FromDiscord<nnsee> > being openly hostile to someone for asking questions about how to do something even if it seems malicious is silly in my estimation↵I'm being openly hostile because they have directly lied to everyone about their intentions. Not once, but multiple times. https://media.discordapp.net/attachments/371759389889003532/1165998512102723664/image.png?ex=6548e3bc&is=65366ebc&hm=257a3c64180c891569910da009936081cee0ab0dc6f36edc100817914ae9d303&
13:01:53FromDiscord<nnsee> In reply to @mratsim "I think we're really": sorry
13:35:31FromDiscord<Phil> In reply to @mratsim "Is red teaming malware?": It isn't (in my eyes) and that's the problem with formulating rules like that, though I really would want one.↵Because it's functionally near identical with very different intent
14:26:09FromDiscord<Chronos [She/Her]> Wondering if it's a good idea to make my chat app implement OAuth 2 or if making my own thing would be better tbh
14:29:00FromDiscord<nnsee> In reply to @chronos.vitaqua "Wondering if it's a": implementing oauth support is a much bigger effort than rolling your own. I think you should think about whether you would like other auth providers to be able to provide authentication for your chat app or not. If it's not that important, I say go with your own. You can always add oauth support further down the line too
14:29:15FromDiscord<nnsee> but if you want to get familiar with how oauth works, I say go for it
14:29:21FromDiscord<Chronos [She/Her]> In reply to @nnsee "implementing oauth support is": That's a good idea yeah
14:29:46FromDiscord<Chronos [She/Her]> If I actually take this project as something serious, I'll definitely end up implementing OAuth 2 but for now rolling my own should be easy
14:30:39FromDiscord<jviega> Oh god, it's not hard to use Auth0 or hello.dev
14:30:45FromDiscord<jviega> And so bad to roll your own
14:30:50FromDiscord<nnsee> hard disagree
14:31:02FromDiscord<Chronos [She/Her]> Auth0?
14:31:14FromDiscord<nnsee> rolling your own is relatively easy to "get right" compared to the mess that is the world of oauth2 gotchas
14:31:48FromDiscord<nnsee> most applications i test these days have something they've done wrong in their oauth implementation
14:31:55FromDiscord<jviega> That's if you try to do the whole thing yourself. There are plenty of good options to abstract out the important flows.
14:32:01FromDiscord<nnsee> even then
14:33:01FromDiscord<jviega> It's absolutely not easy to provide a usable experience and good security both if you do it yourself. It's why Auth0 was so successful in the first place, and why there are plenty of other good options in the space.
14:33:08FromDiscord<Chronos [She/Her]> https://github.com/CORDEA/oauth this exists but I don't know how it works tbh, I should probably look into OAuth more but I don't understand technical stuff that great tbh
14:33:14FromDiscord<nnsee> wrong grants, wrong scopes, incorrect state checking, incorrect callback url checking, etc
14:33:18FromDiscord<nnsee> there's just so many things to get wrong
14:33:20FromDiscord<Chronos [She/Her]> I've always just been winging it, in terms of programming :p
14:34:01FromDiscord<Chronos [She/Her]> Either way: This'll be my first chat app and nothing is stopping me from changing what I do for auth down the line
14:34:24FromDiscord<nnsee> absolutely
14:34:56FromDiscord<Chronos [She/Her]> I don't want to stop myself from at least trying something out of anxiety of not getting it right
14:35:15FromDiscord<nnsee> oh absolutely
14:35:17FromDiscord<jviega> I can't remember the last time I saw a hand-rolled auth system that didn't have risks I could drive a truck through.
14:35:38FromDiscord<jviega> But they all end up password based anyway which is not an experience anyone needs
14:35:47FromDiscord<jviega> Or wants
14:35:52FromDiscord<jviega> Who wants another account to manage?
14:36:13FromDiscord<jviega> Solving those problems are important for basic adoption these days
14:36:31FromDiscord<nnsee> yes, this is where oauth shines
14:36:33FromDiscord<jviega> And people expect to be able to bring their google or MS or github account
14:37:24FromDiscord<jviega> So pick up auth0 or hello.dev or one of the other 40 startups for the implementation, many of them will be free for small apps anyway. Most of them make it easy to deal with getting oauth right.
14:37:39FromDiscord<nnsee> In reply to @jviega "I can't remember the": i'm not sure i can say i've had the same experience. Most of the applications I've tested, hand-rolled auth has been done more or less correctly, it's session management itself that's been dubious
14:38:15FromDiscord<jviega> Eh, that you can turn over to TLS easily.
14:38:45FromDiscord<nnsee> I'm not sure I follow
14:38:49FromDiscord<nnsee> how is TLS related?
14:39:26FromDiscord<Chronos [She/Her]> OAuth and similar would only be for stuff directly impacting the user, right? How about between different chat servers (since, it's gonna be federated, even if not supporting ActivityPub :p)
14:40:13FromDiscord<Chronos [She/Her]> Weirdly federated, I think at least, since chat providers and account providers are two separate things
14:41:00FromDiscord<jviega> I misunderstood, I thought you were talking about the session when following the crypto; things like simple JWT bearer tokens are again all part of the package with things like auth0
14:41:20FromDiscord<jviega> Too much context switching
14:41:49FromDiscord<nnsee> nah, think cookies, bearer tokens, etc - in regards to rolling your own
14:42:34*azimut quit (Remote host closed the connection)
14:42:51FromDiscord<nnsee> it's part of the package, but that's sort of the issue too - if you're not _that_ familiar with the underlying mechanism of how the auth/refresh token/scope management works, it's much easier to get it wrong and do proper session management
14:43:02*azimut joined #nim
14:43:17FromDiscord<nnsee> if you're doing purely stateless JWTs, there's no session management at all to begin with, which I personally think is insecure by design
14:45:46FromDiscord<nnsee> things i look for when testing applications which have implemented oauth: does the application present an overview of sessions to the user and lets them cancel all/any of them; does the refresh token allow generating multiple valid tokens at the same time, in which case does invalidating one (or the refresh token) also invalidate the others; is the token still valid after the user "logs out", etc
14:45:53FromDiscord<nnsee> these are all common pain points
14:46:31FromDiscord<Chronos [She/Her]> In reply to @nnsee "if you're doing purely": Stateless JWT sounds like a bad idea, it's auth without checking a database everytime for credentials, right?
14:47:15FromDiscord<Chronos [She/Her]> I'd imagine tokens would just, not be possible to expire if you don't check a database at all... unless I'm mistaken which I probably am considering my lack of knowledge on this
14:47:16FromDiscord<nnsee> yes, it's pretty much just checking that↵1. the jwt is signed correctly with a trusted key↵2. the expiry time hasn't passed
14:47:20FromDiscord<Chronos [She/Her]> Ah neat
14:47:43FromDiscord<nnsee> the expiry time is in the signed jwt itself, so that can still be checked
14:47:48FromDiscord<Chronos [She/Her]> Is there any benefit to using JWT rather than my own format which store credentials in a binary format anyway?
14:47:48FromDiscord<nnsee> along with the issue time, etc
14:48:26FromDiscord<nnsee> jwt is something you pass to the client and the client must then use to prove that they are who they claim to be - the latter is probably something else, something you don't want to give to the user?
14:48:53FromDiscord<Chronos [She/Her]> Well, by credentials I mean the user ID + something for expiry and the ability to revoke a session
14:48:58FromDiscord<nnsee> the simplest, tried and tested method is storing sessionIDs in a database (perhaps in a hashed form) and giving those sIDs to users
14:49:30FromDiscord<nnsee> then you have full control over when and for how long session ids are valid for, which session id authenticates which user, etc
14:50:45FromDiscord<Chronos [She/Her]> sent a code paste, see https://play.nim-lang.org/#ix=4JL5
14:50:59FromDiscord<nnsee> i personally don't like JWTs too much for user authorization - I think they're fine for machine-to-machine communication, but that's a layer of abstraction that shouldn't be presented to the user
14:51:31FromDiscord<nnsee> In reply to @chronos.vitaqua "So probably something like": well the `sessionId` is something you want your users to have so they can authenticate requests, not just for revoking
14:52:37FromDiscord<Chronos [She/Her]> So I'd store the IDs in a db and check against that every time then?
14:54:11FromDiscord<jviega> That does mean if your DB is ever compromised in any way, you've got to invalidate everything. No ability to separate signing creds to avoid such problems.
14:54:19FromDiscord<nnsee> sent a long message, see http://ix.io/4JL8
14:54:46FromDiscord<nnsee> In reply to @jviega "That does mean if": this is why I generally recommend hashing session IDs before storing them in the database, just like passwords
14:56:09FromDiscord<nnsee> it's somewhat expensive to check a hash every time, which is why you should use something that's not too hard computationally, but it should still be a good enough stopgap from the time your DB gets leaked until the time you get around to invalidating all sessions
14:56:18FromDiscord<nnsee> provided your session ID plaintexts are random enough, of course
14:56:28FromDiscord<jviega> No, the best practice for passwords is to use an "expensive" key derivation function like Argon or PBKDF2. Doing that for every request on an API isn't a cost most people would take
14:56:46FromDiscord<Chronos [She/Her]> For passwords I was already planning on using Argon2 tbf
14:56:47FromDiscord<jviega> Meaning you're quite susceptible to brute force when the db is owned.
14:56:54FromDiscord<nnsee> i just addressed this
14:57:11FromDiscord<jviega> No, you didn't.
14:57:20FromDiscord<nnsee> In reply to @nnsee "it's somewhat expensive to": .
14:57:31FromDiscord<jviega> I'm saying it's not good enough
14:57:40FromDiscord<jviega> Most people don't even know when their DB is owned.
14:58:14FromDiscord<nnsee> good enough? we're comparing hashing session IDs with SHA-1 or something else that's cheap to not hashing session IDs at all
14:59:25FromDiscord<jviega> No, I'm saying don't roll your own, go use off the shelf solutions where it's not too hard to get these problems addressed, and you're saying it's easier to roll your own, but already showing where you'd cut massive corners that many security teams wouldn't find an acceptable risk.
15:00:17FromDiscord<nnsee> er
15:00:32FromDiscord<nnsee> what?
15:02:08FromDiscord<nnsee> even if you use some off-the-shelf product for your authentication, you still have to integrate your own application with it, and it's incredibly easy to get that wrong as opposed to traditional methods
15:02:21FromDiscord<nnsee> i literally see this on a daily basis as a pentester
15:02:52FromDiscord<nnsee> i also think that a lot of "security teams" don't really know what the hell they're doing, but that's besides the point :p
15:03:19FromDiscord<jviega> LOL
15:03:42FromDiscord<Chronos [She/Her]> I don't there's much pre-made for Nim anyway, there's the specs that I could follow but this is for a first-time thing I wanna work on
15:04:17FromDiscord<Chronos [She/Her]> Maybe I should just use something like Auth0 or hello.dev
15:04:48FromDiscord<Chronos [She/Her]> But then I get the problem of not being motivated to work on it because I can't be creative with how I implement things :p↵Even if they're dumb
15:06:01FromDiscord<Chronos [She/Her]> Is it real a big issue to just implement something more trusted further down the line?
15:07:20FromDiscord<jviega> Ras, if we're playing "appeal to authority", I am a cryptographer (google GCM), I wrote the first book for developers on security 25 years ago, and then like 4 more after that. The guy who has lead most of the OAUTH work in the IEEE is a good friend of mine too. And, I've spent my whole career with security teams in large enterprises across tech and finance, so I've got a pretty good perview myself.
15:11:25FromDiscord<jviega> Chronos, those things are far easier to get started with than anything else, and look more like the shape of what most people do at scale anyway.
15:14:03FromDiscord<nnsee> In reply to @jviega "Ras, if we're playing": I'm not "playing appeal to authority", I'm simply stating what my daily experience is
15:14:29FromDiscord<nnsee> Everything you say is fine and dandy but the truth of the matter is that it is often incorrectly implemented
15:14:34FromDiscord<jviega> That is what "appeal to authority" is, basically, but okay 🙂
15:15:24FromDiscord<jviega> I don't disagree on people often getting it wrong on top of abstractions. I'm saying things are generally much, much worse not on top of them.
15:15:48FromDiscord<nnsee> In reply to @jviega "Ras, if we're playing": and don't take this personally, but I think cryptographers are among the people most disconnected from application security :p
15:16:29FromDiscord<jviega> LOL, depends on the cryptographer, but you clearly don't know many of them.
15:16:36FromDiscord<nnsee> you would be surprised
15:17:33FromDiscord<jviega> If you look at my resume, or Dan Bernstein's resume, and think we don't know anything about appsec, you're nuts.
15:18:01FromDiscord<nnsee> like I said, don't take it personally
15:18:05FromDiscord<nnsee> it was a general comment
15:18:06FromDiscord<jviega> Frankly, it's mainly theoretists who don't get it. Applied cryptographers usually do.
15:18:08FromDiscord<nnsee> not specifically about you
15:19:00FromDiscord<jviega> I don't take it personally, I don't have anything to prove to anyone. I'm saying you're wrong; your view would align w/ mine for the theory crowd but not the practitioners.
15:19:28FromDiscord<jviega> Who tend to be among the most well rounded in security. Ian Goldberg, Adam Black.
15:19:32FromDiscord<jviega> Lots of people.
15:27:02FromDiscord<nnsee> In reply to @jviega "If you look at": and to counter this - a lot of people who have impressive resumes and maybe even once were the top in their field might not be as knowledgeable as they used to be, but still erroneously think they're hot shit and their word is gospel
15:27:42FromDiscord<nnsee> in any field really, but IT and infosec moves _so fast_ that it's most prevalent here i feel like
15:28:00FromDiscord<Phil> In reply to @jviega "If you look at": Just in case this helps for clarity:↵To me Ras statements reads more to me that his statement was more generalized, like "If you pick the a general cryptographer, they tend to have no clue about app security".↵I didn't see anything that related that statement to you specifically, though of course I might be wrong there.
15:28:16*FromDiscord quit (Remote host closed the connection)
15:28:29*FromDiscord joined #nim
15:28:46FromDiscord<nnsee> In reply to @nnsee "and to counter this": and again, just to be clear: this isn't about you specifically
15:29:07FromDiscord<nnsee> although saying "i'm right and you're wrong because look at my resume" isn't exactly the best look, but i digress
15:30:03FromDiscord<jviega> LOL it's fine both of you, I really don't take it personally
15:30:13FromDiscord<Phil> TBF if I had walked to school uphill both ways in the snow and built up a pretty sweet resume on the side I would definitely bring that up!
15:30:25FromDiscord<nnsee> that's fair
15:30:25FromDiscord<jviega> I only did that because you pulled the "I know what I'm talking about I'm a pentester"
15:30:31FromDiscord<nnsee> that's not what i said
15:30:36FromDiscord<jviega> It's how it read
15:31:07FromDiscord<jviega> Otherwise I wouldn't have... the appeal to authority is the only thing here that pushes a button for me
15:31:31FromDiscord<nnsee> i said "this is my daily experience" and clarified that it's my experience because i'm a pentester who sees broken oauth implementations every day
15:32:05FromDiscord<nnsee> how else would i have phrased that? i'm not saying that i'm inherently right (or even right at all, speaking in absolutes) because of my job, I'm simply stating my experience
15:32:08FromDiscord<jviega> That's saying, "Trust me, I'm an expert", yes
15:33:51FromDiscord<Phil> ~~Didn't somebody start handing out the "Trust-me-bro guarantee" ?~~
15:34:10FromDiscord<nnsee> In reply to @jviega "That's saying, "Trust me,": when have i said i'm an expert
15:34:27FromDiscord<nnsee> why are you putting words in my mouth? I've never claimed to be an expert
15:34:34FromDiscord<nnsee> I've claimed to have seen hundreds of broken impls
15:34:42FromDiscord<nnsee> because that is factual
15:34:42FromDiscord<Phil> You didn't, however to the security noobs, e.g. me, reading "Pentester" makes me think "Knows a lot about security, trust'im"
15:35:03FromDiscord<Phil> It's not necessarily intended by you, but that information swings with the job description ^^
15:35:12FromDiscord<Phil> (edit) "swings" => "and subcontext"
15:35:15FromDiscord<Phil> (edit) "It's not necessarily intended by you, but that information and subcontext ... with" added "comes"
15:39:11FromDiscord<nnsee> which is exactly what I claimed
15:39:12FromDiscord<nnsee> sent a long message, see http://ix.io/4JLv
15:40:10FromDiscord<nnsee> and the reason they keep getting oauth wrong is that they treat it like a black box because of its complexity - at least, that's my theory
15:42:41FromDiscord<leorize> i mean, developers getting supposedly simple security wrong is an actual avenue of scientific research
15:42:43FromDiscord<nnsee> what it essentially boils down to is this: the simpler a system is, the harder it is to shoot yourself in the foot with it because you don't know how to operate it. DB-backed session tokens fall into the category of "simple". OAuth2 definitely doesn't
15:43:38FromDiscord<jviega> Yeah, neither falls into the category of simple, though the complexity lies on different dimensions.
15:44:54FromDiscord<jviega> And I will say that "Don't roll your own" is a saying in security for a good reason, it's much easier to start w/ a good abstraction and learn how to use it properly, than to build your own thing from 0. That's as true here as anywhere else.
15:47:36FromDiscord<jviega> When developers get interested in security, they should get good abstractions and be trained on the pitfalls and how to use them well, not told to reinvent the wheel under the expectation they are willing to become an expert on everything they touch. It's bad enough that developers do tend to think "crypto is cool" and miss the macro challenges as they over-focus on exceptionally well solved parts of the problem
15:48:29FromDiscord<nnsee> I don't agree that it's easier, at all. OAuth is a beast. Even people claiming to know everything about OAuth keep screwing up their integration with keycloak or whatever.
15:49:39FromDiscord<jviega> Most security instruction is, when the goal is to build houses, "Let me teach you about all the tools in the toolbox, as you too can build a house!" Whereas it should be more like, "Let me help give you the info need and the Q's you need to ask to do a good job in selecting an architect and a builder, and then to take care of what they do properly".
15:50:00FromDiscord<jviega> That second one is too boring and doesn't make careers I guess?
15:50:34FromDiscord<nnsee> the first one sounds much, much more realistic to a hobbyist
15:50:56FromDiscord<jviega> Except that it won't get you the house you want, ever.
15:51:06FromDiscord<jviega> It won't even get you a doghouse that keeps the rain out.
15:51:11FromDiscord<Phil> What in the name of hell
15:51:31FromDiscord<Phil> I had a wonderfully running testament test-suite and randomly it decides it stops working now↵`cannot open file: ../[nimnodes,utils]`
15:51:31FromDiscord<jviega> LOL taking the analogy too far? 🙂
15:52:03FromDiscord<Phil> If there's one thing that drives me up the wall it's somebody elses code changes suddenly breaking my workflow despite me not doing any version changes
15:54:17FromDiscord<leorize> this is why you don't use testament unless you are in nim source folder↵(@Phil)
15:54:32FromDiscord<nnsee> In reply to @jviega "It won't even get": auth was working perfectly fine before oauth got popularized. It's not like the internet was in flames before that. oauth solves a pretty specific problem (how do you delegate auth to decoupled parties) and does that pretty well, but I simply cannot agree that it is in any way simple. Maybe it is to you, because of your extensive experience in this field, but I wouldn't dare say the same about regu
15:54:45FromDiscord<jviega> Yeah, my favorite was the time nimcrypto changed some dumb crap and broke code because some dependency I used to use had it as a dependency (but not in its nimble file)... though my code was not calling the 1 function that depended on libcrypto. No tests, no tags, ick.
15:56:11FromDiscord<jviega> I didn't say it was simple, I said rolling your own is far worse. And the world was NOT better off before oauth became popularized, you just weren't paying attention. You had a much, much bigger surface for password breaches ruining your life, and now due to oauth adoption, 2FA is promanent and passwords will mostly go away over the next 10 years.
15:56:39FromDiscord<nnsee> oauth didn't invent 2fa
15:57:08FromDiscord<nnsee> and i fail to see how oauth is responsible for the latter either
15:57:10FromDiscord<jviega> No, oauth isn't a thinking entity. It's adoption facilitated widespread adoption of it.
15:57:47FromDiscord<nnsee> er
15:57:48FromDiscord<nnsee> how?
15:58:19FromDiscord<nnsee> pardon my ignorance but what did oauth do different in terms of 2fa that wasn't already been done?
15:58:44FromDiscord<jviega> Was it easier to add bad auth to your app 15 years ago than to use a good oauth-based vendor solution today? Actually, not really. It was still plenty of work, compared to the relatively small amount of work you'd need to get an auth0 integrated.
15:58:51FromDiscord<nnsee> considering you can use oauth with no 2fa at all (which is the case for most applications i test)
16:00:40FromDiscord<jviega> The fact that people have been comfortable letting a small set of OAUTH2 providers (Google, MS, Apple, Facebook, etc) be the home for their identities has made it much easier for other people to leverage this and get 2FA for free... even require it. They never would have themselves.
16:00:49FromDiscord<nnsee> In reply to @jviega "Was it easier to": it's funny you should say this. About a month ago or so, I reported a vuln in Fiverr which let you bypass 2FA entirely _thanks_ to oauth and SSO login, which was implemented incorrectly
16:00:52FromDiscord<jviega> Especially when you factor in usability and security
16:02:49FromDiscord<jviega> You seem to think I'm saying it's impossible to implement OAuth and not be secure. That's not even remotely what I'm saying. I don't even like oauth2 much myself; it isn't what I would have designed. But it's a much easier path to succeed on, big picture sense. Both in terms of corporate security and end user security. But it still takes some work and knowledge.
16:02:55FromDiscord<jviega> Still, far less than the hard way.
16:02:57FromDiscord<Phil> In reply to @jviega "Yeah, my favorite was": I think this one was on me. The issue was less testament and more a dependency of mine where I hadn't nailed down the version.↵A recent patch change of it broke things for me
16:04:00FromDiscord<jviega> Phil, let's just blame it on Oauth and be done w/ it 🙂
16:05:39FromDiscord<nnsee> In reply to @nnsee "it's funny you should": oh wow, it was over a year ago!? https://media.discordapp.net/attachments/371759389889003532/1166044775200334014/image.png?ex=65490ed2&is=653699d2&hm=9d561844d2d9f4053a9aaa41608180ad47efb11b95ae81daf7ce8a8b0a4e2453&
16:05:42FromDiscord<nnsee> my memory is not what it used to be at all
16:06:08FromDiscord<nnsee> In reply to @jviega "You seem to think": I agree with you on this
16:06:17FromDiscord<Phil> In reply to @jviega "Phil, let's just blame": I'll do you one better, I blame it on github
16:06:19FromDiscord<Phil> And thus microsfot
16:06:22FromDiscord<Phil> (edit) "microsfot" => "microsoft"
16:06:28FromDiscord<Phil> Perfect target every time.
16:07:02FromDiscord<jviega> Ras, you're not marketable if you're not cranking out the bugs faster than that! 😄
16:07:12FromDiscord<Phil> In this event not even impossible.↵Apparently they nuked my github pages deployment that was a couple months old (?)↵Apparently the links were broken (I checked just now, they were) and I needed to make a marginal code change just to redeploy, which fixed the issue.
16:08:04FromDiscord<nnsee> In reply to @jviega "Ras, you're not marketable": this is what i thought to myself just the other day when i realized i haven't posted something on my blog for ages now
16:08:12FromDiscord<nnsee> unfortunately, IRL work is just...
16:08:12FromDiscord<nnsee> well
16:08:15FromDiscord<nnsee> there's a lot of it
16:08:52FromDiscord<jviega> Which firm do you work for??
16:09:01FromDiscord<Phil> A firm firm I'm sure
16:09:36FromDiscord<nnsee> you probably wouldn't have heard of it, it's not US-based (or FAANG-ish)
16:10:39FromDiscord<nnsee> there's only about 20 of us
16:10:44FromDiscord<nnsee> in the firm, i mean
16:11:00FromDiscord<Phil> Get 4 more so you can say "There's dozens of us! Dozens!"
16:11:42FromDiscord<jviega> I mean, don't sell yourself short, I know plenty of good people doing the job in small firms globally
16:13:48FromDiscord<nnsee> In reply to @jviega "I mean, don't sell": i don't think i can go into too much detail here, but at times i wish we were a smaller _business_ and not just a smaller team
16:13:54FromDiscord<nnsee> ie, fewer clients
16:15:01FromDiscord<nnsee> since we do manual pentesting (not just cranking out scanner reports), every project takes quite a bit of time and actually getting in-depth with the application
16:15:08FromDiscord<nnsee> but there's only so much of that you can do in a small timeframe
16:15:31FromDiscord<nnsee> before "overheating your brain" for lack of a better phrase :p
16:18:21FromDiscord<jviega> Yeah, many of my good friends are more on the "find the exploits in this memory manager" side of it; I don't know anyone well who just run scanners.
16:19:41FromDiscord<nnsee> In reply to @nnsee "before "overheating your brain"": it's a shame because I really enjoy vuln research and exploit dev - I mean, it was what I used to do as a hobby before turning it into an actual job, but having to concentrate so much means that I don't really want to do it in my free time as much anymore, even though I _want_ to want it
16:19:44FromDiscord<nnsee> if that makes sense
16:21:44FromDiscord<jviega> Sure. I'd say 80% of my friends who were doing exploit dev 15 years ago and thought they would always do it do almost none of it now. We still find exploitable bugs on accident strangly often, though
16:23:39FromDiscord<nnsee> In reply to @jviega "Sure. I'd say": :/ that just makes me feel like I actually _will_ be unmarketable in the future. It's the one thing I'm actually good at. The prospect of not doing it (or not wanting to do it) is kind of scary to me
16:25:23FromDiscord<jviega> Eh, everyone who moved on did so when they found other areas they were just as passionate about where they felt like they could have a bigger impact on the world. There are still people like Mark Dowd and John McDonald who are never going to be interested in doing anything else
16:25:29FromDiscord<nnsee> also sorry if my English is a bit wonky at times, not my first (or, well, even second) language
16:27:34FromDiscord<jviega> That's nothing to apologize for, ever. Your english is excellent, and even if it weren't, it's quite an unfair expectation to expect people to speak your language, and it's not easy for many to learn other languages well. So don't even feel a little self-conscious about it.
16:29:44FromDiscord<nnsee> hey, thanks
16:30:56FromDiscord<nnsee> and I guess you're right
16:31:29FromDiscord<jviega> About what??!!!
16:31:38FromDiscord<jviega> It's got to happen occasionally I guess!
16:33:07FromDiscord<nnsee> that it's an unfair expectation and it's nothing that should be apologized for :p
16:35:11FromDiscord<jviega> Yup, there's very much an implicit arrogance in the anglocentric business world. I get that it's also a practical necessity, but when native english speakers don't realize how privileged they are to not have the hurdle, it pisses me off
16:36:40FromDiscord<jviega> I say this as someone who took maybe a sum total of 15 years of foreign language instruction, tried hard, but failed pretty badly (often I feel like I failed with English too)
16:45:55FromDiscord<jviega> BTW Ras, iIf you're good and you want to do just focused exploit dev without the rest of the pen testing garbage, let me know and depending on your resume can definitely intro you around to places where that's all you'd have to do.
16:47:04FromDiscord<Phil> `Error: unhandled exception: index out of bounds, the container is empty [IndexDefect]` well that compiler error's new
16:48:34FromDiscord<jviega> It's a runtime error so if it's happening during compile, it's with your static code
16:48:45FromDiscord<jviega> I don't think it's new
16:49:36FromDiscord<Phil> New to my code I mean ^^
16:50:11FromDiscord<jviega> Ahh sorry 🙂
16:52:00FromDiscord<Chronos [She/Her]> Wondering if I should use a distinct character array (`array[4, char]`) that contains 4 characters rather than a distinct string hm...
16:52:39FromDiscord<jviega> My view as always is focus on clarity first, then optimize later where you know you have performance issues
16:53:31FromDiscord<Phil> Was there a list which exception is supposed to be used for what kind of error?↵I got errors I want to throw at runtime if you try to use a feature that requires you to compile for a specific version of a dynamically loaded library (libadwaita from gtk)
16:53:49FromDiscord<Phil> I'm stealing glances at LibraryError
16:54:36FromDiscord<jviega> I once tried to find some guidance, and it was so skant I just decided everything's either an IOError or a ValueError 🙂
16:54:40*rockcavera joined #nim
16:54:58FromDiscord<Phil> I kinda didn't want to start making up my own nomenclature 😦
17:06:01FromDiscord<Chronos [She/Her]> In reply to @jviega "My view as always": Is that to me? :p
17:06:34FromDiscord<jviega> I guess.
17:06:48FromDiscord<Chronos [She/Her]> Assuming no then lol
17:07:07FromDiscord<jviega> Which one is clearer? That's the one you should go w/
17:07:40FromDiscord<Chronos [She/Her]> Fair, I'd say the char array
17:10:33FromDiscord<Chronos [She/Her]> I need a better way to document types of stuff in my spec :p
17:11:34FromDiscord<leorize> why are you using a char array?
17:12:14FromDiscord<Chronos [She/Her]> Because it's 4 characters within `A-Z` and `0-9`, it has to be 4 characters too
17:12:17FromDiscord<Chronos [She/Her]> No more, no less
17:12:27FromDiscord<Chronos [She/Her]> Makes sense in my mind
17:13:18Amun-Rawhy not uint32?
17:13:22FromDiscord<leorize> what is this api that you're making then?
17:19:42FromDiscord<Phil> In reply to @jviega "My view as always": This is also the attitude I have gotten beaten into my from my time on StackExchange - CodeReview.↵I find it very agreeable
17:19:50FromDiscord<Phil> (edit) "my" => "me"
17:26:32FromDiscord<patz3r.eth> I think I'm misunderstanding something about Nim variables and/or procs. I have a proc that converts a string representing a number in binary to its integer equivalent. I call the proc twice in my program and assign the result to different variables. ↵↵When I echo the return value from the proc, I see a new calculation for the second call. However, when I echo the value of the variable assigned for the second call, it's assigned th
17:26:38FromDiscord<patz3r.eth> Any ideas what's going on?
17:27:20FromDiscord<patz3r.eth> (edit) "I think I'm misunderstanding something about Nim variables and/or procs. I have" => "sent" | "proc that converts a string representing a number in binary to its integer equivalent. I call the proc twice in my program and assign the result to different variables. ↵↵When I echo the return value from the proc, I see a new calculation for the second call. However, when I echo the value of the variable assigned for the second c
17:28:37FromDiscord<jviega> No that doesn't make any sense wrt nim's typical semantics, so I think you should post a link to the smallest code sample you can get to show the issue
17:28:51FromDiscord<Phil> Could you just provide example? That would make things faster for me
17:28:57FromDiscord<Phil> (edit) "Could you just provide ... example?" added "an"
17:28:57FromDiscord<patz3r.eth> OK. I'm doing AoC 2021 to try and learn.
17:29:04FromDiscord<patz3r.eth> I'm hitting some strange issues.
17:29:22FromDiscord<patz3r.eth> I'm also seeing a counter that increments to 1,000 but it shows 0 later in the program.
17:29:57FromDiscord<patz3r.eth> I tried moving my main code to main() to see if was a scoping issue but no luck.
17:31:07FromDiscord<leorize> what is your proc prototypes?
17:31:58FromDiscord<patz3r.eth> https://gist.github.com/4rc0s/ce98f404b24267607bd44f0ffc9c2845
17:32:22FromDiscord<fabric.input_output> sent a code paste, see https://play.nim-lang.org/#ix=4JLY
17:35:15FromDiscord<patz3r.eth> In reply to @patz3r.eth "https://gist.github.com/4rc0s/ce98f404b24267607bd44": The other wierd thing is that my variable `totalBitNums` counts up to 1,000 in the `for line in lines` loop but shows as either `0` or `1` when I try and use it later. So I had to hardcode `500`...
17:35:59FromDiscord<patz3r.eth> sent a code paste, see https://play.nim-lang.org/#ix=4JLZ
17:37:28FromDiscord<patz3r.eth> Nevermind ya'll
17:37:38FromDiscord<patz3r.eth> I didn't chage the variable
17:37:40FromDiscord<patz3r.eth> Dih
17:38:31FromDiscord<patz3r.eth> (edit) "Dih" => "Duh"
17:38:40FromDiscord<leorize> no, use a template instead
17:38:46FromDiscord<leorize> Nim supports templates within type contexts, so you can use the above like this\: `var x: Bar(Foo, int)`
17:38:47FromDiscord<leorize> sent a code paste, see https://play.nim-lang.org/#ix=4JM5
17:39:02FromDiscord<patz3r.eth> sent a code paste, see https://play.nim-lang.org/#ix=
17:39:55FromDiscord<patz3r.eth> Still don't know why `totalBitNums / 2` was yielding `0`
17:40:52FromDiscord<leorize> lol
17:40:52FromDiscord<leorize> integer division is done with the `div` operator fwiw
17:41:21FromDiscord<leorize> also, consider using the implicit result variable instead of creating your own then return
17:42:21FromDiscord<patz3r.eth> In reply to @leorize "also, consider using the": I was trying to find documentation on that but didn't. How does that work?
17:44:05FromDiscord<Phil> sent a long message, see https://paste.rs/SxnhO
17:44:54FromDiscord<leorize> > If the proc returns a value, the procedure body can access an implicitly declared variable named result that represents the return value. Procs can be overloaded.
17:46:31FromDiscord<patz3r.eth> sent a code paste, see https://play.nim-lang.org/#ix=4JM8
17:48:44FromDiscord<jviega> Yes; result will implicitly be 0 at the beginning too
17:49:05FromDiscord<jviega> But is the input signed? And what is the max # of bits it might have??
17:49:29FromDiscord<patz3r.eth> The AoC data is 12 bits
17:49:37FromDiscord<patz3r.eth> Example data was 5 bits
17:50:26FromDiscord<patz3r.eth> I was trying to avoid hard coding the number of bits but ended up doing so in the main program
17:51:32FromDiscord<patz3r.eth> Kept getting errors that the compiler couldn't determine a len() at compile time. So I just hard coded `var bitCount = newSeq[int](12)`
17:51:47FromDiscord<leorize> you can definitely do some golfing to optimize that code, but it's fine as is
17:51:56FromDiscord<leorize> do it like so\: `var bitCount: seq[int]`
17:52:44FromDiscord<leorize> but you gotta push new bits in if it's not there
17:52:52FromDiscord<patz3r.eth> Yeah
17:52:55FromDiscord<patz3r.eth> That was the issue
17:53:09FromDiscord<patz3r.eth> I've had that with Python as well. Add if exists or push if not
17:53:29FromDiscord<patz3r.eth> So I was hoping to allocate the length in advance
17:55:02FromDiscord<leorize> if you don't intend to grow it then you can do `var bitCount: array[<size>, int]`
17:55:37FromDiscord<patz3r.eth> Cool -- I wanted to do an array but couldn't figure it out
17:56:36FromDiscord<Chronos [She/Her]> In reply to @Amun-Ra "why not uint32?": For a discriminator-like thing
17:59:54FromDiscord<patz3r.eth> Thanks all! The `div` tip was great. Baby steps.
18:02:29FromDiscord<patz3r.eth> Coming from this fresh, I found it odd that almost all the examples of reading files show the `f = open` syntax then ` let firstLine = f.readLine()` but never show how to iterate additional lines. Took me forever to find the simple way to do it.
18:03:21FromDiscord<Chronos [She/Her]> In reply to @leorize "what is this api": It's for a chat app aha
18:04:08FromDiscord<leorize> typically I consider array of char to be a code smell but maybe there's a reason for yours \:P
18:04:13FromDiscord<patz3r.eth> (edit) "from" => "to"
18:05:14FromDiscord<Chronos [She/Her]> Why would it be a code smell in other cases? Curious
18:07:12FromDiscord<leorize> typically what you end up wanting is an array of bytes and not chars
18:07:24FromDiscord<leorize> also a fixed size is really hard to extend in the future
18:07:26FromDiscord<Chronos [She/Her]> Ah makes sense
18:08:02FromDiscord<Chronos [She/Her]> Tbf I could make it a string and make it be a fixed size for now
18:08:55FromDiscord<leorize> what data are you transferring?
18:10:09FromDiscord<Chronos [She/Her]> Idk what you mean by that aha, it's an identifier to just put in front of usernames to keep them unique even if someone uses the same name :p
18:10:14FromDiscord<Chronos [She/Her]> Like discord used to have
18:10:36FromDiscord<leorize> then definitely use variable length
18:10:48FromDiscord<leorize> or just like, use a number internally
18:10:56FromDiscord<jviega> Yeah, ick, why would that ever need to be fixed size?
18:11:53FromDiscord<jviega> There's an old principle, the 0, 1, ∞ principle. The only correct number of items to support in principle is those three
18:12:48FromDiscord<jviega> It was formulated for language design, but it's fairly universal in programming
18:15:50NimEventerNew post on r/nim by Robert_Bobbinson: Does Nim have a release schedule? if they announce dates, where are they?, see https://reddit.com/r/nim/comments/17er1s2/does_nim_have_a_release_schedule_if_they_announce/
18:17:52FromDiscord<leorize> no schedule or any known intervals↵(<@709044657232936960_=4eim=45venter=5b=49=52=43=5d>)
18:18:51FromDiscord<patz3r.eth> Revised versio of my AoC 2021 day 3 program. Thanks for the help! https://gist.github.com/4rc0s/ce98f404b24267607bd44f0ffc9c2845
18:18:59FromDiscord<leorize> Nim prefers to aim for 8mo to yearly release, but it never worked out
18:19:02FromDiscord<patz3r.eth> (edit) "versio" => "version"
18:21:44FromDiscord<leorize> here's some style advice for that code\:↵● don't declare types if they can be inferred (ie. you set a value `var x = y`)↵● don't use `: void` return type↵(@patz3r.eth)
18:23:39FromDiscord<patz3r.eth> What would the proc signature for main() be then?
18:23:56FromDiscord<leorize> `proc main() = body`
18:25:09FromDiscord<leorize> sent a code paste, see https://play.nim-lang.org/#ix=4JMd
18:25:28FromDiscord<patz3r.eth> OK, line `enumerate(foo) ` in Python
18:25:36FromDiscord<patz3r.eth> (edit) "line" => "like"
18:26:16FromDiscord<leorize> std/enumerate would provide you with that, although you don't need it in this case
18:26:47FromDiscord<patz3r.eth> In reply to @leorize "`proc main() = body`": `undeclared identifier: 'body'`
18:27:13FromDiscord<leorize> body is just a stand in for the actual proc contents...
18:27:14NimEventerNew thread by SuaveSteve: Issue with calling a routine defined in a concept, see https://forum.nim-lang.org/t/10566
18:27:24Amun-Rait's `proc main()`
18:27:26FromDiscord<patz3r.eth> ahhh
18:29:17FromDiscord<leorize> nim lets you omit a lot of constructs
18:30:38FromDiscord<leorize> oh and use `let` for variables you won't mutate, like `gammaRate` and `epsilonRate`
18:31:02FromDiscord<leorize> it's best practice to declare everything with `let` then turn them to `var` when you need to change them
18:36:07FromDiscord<patz3r.eth> In reply to @leorize "it's best practice to": Interesting. Just re-declare as a `var`?
18:36:42FromDiscord<patz3r.eth> And assign the previous value?
18:37:21FromDiscord<leorize> ah, no, what I meant is that you just do a quick `let` -\> `var` in your original definition
18:37:36FromDiscord<patz3r.eth> ah ok
18:37:40FromDiscord<leorize> it's better to not have to mutate at all but nim don't punish you for it as much as rust
18:37:54FromDiscord<patz3r.eth> latest cleaned up version
18:37:56FromDiscord<patz3r.eth> https://gist.github.com/4rc0s/ce98f404b24267607bd44f0ffc9c2845
18:38:03Amun-Raor even: const → let → var
18:40:42FromDiscord<leorize> oh and a small tip\: `len(array)` or `array.len` is a valid nim thing \:)
18:41:02FromDiscord<leorize> also that same `for idx, value in x` construct works with arrays too
18:41:13FromDiscord<Phil> Depends on if style-wise you want to make your code "protocol oriented"
18:41:40FromDiscord<leorize> the only tidying left after that would be logic wise, but I'll let you go about it on your own later
18:41:43FromDiscord<Phil> You can always go the python route and have a set of default procs for everything that you define for yourself.↵But note that'll be a pattern from yourself, not one that nim enforces
18:41:53FromDiscord<Chronos [She/Her]> In reply to @leorize "also that same `for": Oh so you can get index ID and value of the object? Nice, never knew that
18:42:48FromDiscord<leorize> yep, just look for the `pairs()` iterator, which is responsible for that
18:43:43FromDiscord<Chronos [She/Her]> Sweeet
18:54:17FromDiscord<Chronos [She/Her]> Is it better to use BE byte ordering for stuff sent over the internet or LE? BE is called network order but I'm pretty sure a heavy majority of home PCs are LE so
18:54:52FromDiscord<leorize> it doesn't matter
18:55:00FromDiscord<leorize> just pick one
18:55:39FromDiscord<leorize> conversion is practically free on modern hardware anyways
18:55:43FromDiscord<leorize> but are you making your own on-the-wire protocol?
18:56:02FromDiscord<leorize> I'd recommend going with an established system like protobuf, msgpack or similar
18:56:27FromDiscord<leorize> capt n' proto is a fun one as well
18:56:36FromDiscord<Chronos [She/Her]> In reply to @leorize "but are you making": 🤷 Maybe? Depends on what I'll do, still planning the spec out for the most part
18:58:40FromDiscord<xtrayambak> In reply to @taperfade "Trust": senzur
18:58:47FromDiscord<xtrayambak> why the fuck are you making a keylogger
18:59:06FromDiscord<xtrayambak> it doesn't look very educational-y
19:07:31*calebjohn quit (Ping timeout: 264 seconds)
19:17:28FromDiscord<bossman7309> hi
19:18:02FromDiscord<bossman7309> sent a long message, see http://ix.io/4JMq
19:18:13FromDiscord<bossman7309> In reply to @xtrayambak "it doesn't look very": https://cdn.discordapp.com/emojis/1068191368842854470.webp?size=48&name=gigachad&quality=lossless
19:19:43FromDiscord<leorize> help others and don't make your own wire protocol↵(@Chronos [She/Her])
19:20:13FromDiscord<leorize> there are plenty of stuff out there that already managed this problem very well
19:27:00FromDiscord<Chronos [She/Her]> Fair enough aha
19:27:12FromDiscord<Chronos [She/Her]> I'll prolly look into Protobuf or Msgpack
19:28:13FromDiscord<leorize> json always work and doesn't care about byte ordering \:P
19:28:37FromDiscord<taperfade> In reply to @xtrayambak "why the fuck are": for fun
19:28:44FromDiscord<leorize> I think msgpack have a standardized version called CBOR
19:28:47FromDiscord<xtrayambak> fun...
19:28:49FromDiscord<xtrayambak> fun.
19:28:54FromDiscord<taperfade> yea
19:28:56FromDiscord<xtrayambak> fun depends
19:28:58FromDiscord<taperfade> what else should i work on
19:29:17FromDiscord<xtrayambak> fun can mean either you wanna steal someone's stuff or it's for amusement
19:29:27FromDiscord<taperfade> for amusement
19:29:30FromDiscord<taperfade> lol
19:29:34FromDiscord<xtrayambak> I sure hope so
19:29:36FromDiscord<taperfade> dw
19:29:39FromDiscord<leorize> I mean work on whatever you feel like, including malware
19:29:40FromDiscord<leorize> but don't expect people in this channel to help you
19:29:52FromDiscord<taperfade> i dont ???
19:29:59FromDiscord<taperfade>
19:30:15FromDiscord<xtrayambak> I like how Araq told people to not make malware in Nim as if it's gonna deter those cybercrims
19:30:31FromDiscord<xtrayambak> cough BazarLoader got rewritten in Nim
19:30:45FromDiscord<taperfade> lmfao what
19:30:49FromDiscord<taperfade> hahahha no way
19:32:39FromDiscord<taperfade> Bazar is a hilarious name
19:32:45FromDiscord<taperfade> bladabindi :3
19:33:05FromDiscord<xtrayambak> Bazar means market in the language I speak
19:33:13FromDiscord<xtrayambak> makes sense I guess
19:33:29FromDiscord<taperfade> same
19:35:12FromDiscord<Chronos [She/Her]> In reply to @leorize "I think msgpack have": That looks cool
19:35:30FromDiscord<taperfade> imagine mold mario infecting your pc
20:09:40*rockcavera quit (Remote host closed the connection)
20:15:54FromDiscord<nnsee> In reply to @jviega "BTW Ras, iIf you're": thanks for the offer. As it stands, I'm pretty happy overall with where I am, even though you probably wouldn't have guessed that from what I wrote 😅 It's just very busy times right now, is all. But I do appreciate it and I'll keep it in mind :)
20:17:05FromDiscord<nnsee> and I'm sorry I was "jumpy" earlier
20:18:44FromDiscord<jviega> I didn’t think you were jumpy just didn’t agree 🙂
20:18:53FromDiscord<jviega> It’s fine to disagree
20:18:56FromDiscord<nnsee> fair enough 😅
20:33:34*rockcavera joined #nim
20:54:15FromDiscord<d4r5c0d3> sent a code paste, see https://play.nim-lang.org/#ix=4JMM
20:55:19FromDiscord<Phil> Is that the full error message?
20:56:24FromDiscord<Elegantbeef> @patitotective with empty defaults there entire point is you store a default state
20:56:37FromDiscord<Elegantbeef> As such `var a = initSettings()` never can be changed
20:57:00FromDiscord<Elegantbeef> Add another flag if you want your behaviour, but it's just wrong
20:57:04FromDiscord<d4r5c0d3> In reply to @isofruit "Is that the full": yes I think so
20:57:06FromDiscord<Elegantbeef> Since the point is to define a default state
20:58:26FromDiscord<Phil> sent a code paste, see https://play.nim-lang.org/#ix=4JMO
20:58:52FromDiscord<leorize> that shouldn't matter btw
20:59:04FromDiscord<d4r5c0d3> I dont think I understand what you trying to say, sorry I am verry new to nim. Could you rephrase it
20:59:10FromDiscord<Phil> In reply to @leorize "that shouldn't matter btw": Wouldn't be the first time that that difference blew up on me
21:00:30FromDiscord<Phil> In reply to @d4r5c0d3 "I dont think I": Try to annotate your proc with {.closure.}, that's the only meaningful difference I can say. Unless it's gcsafe, in which case this'll be fun.
21:00:47FromDiscord<Phil> `proc requestHandler(req: Request) {.async, closure.}`
21:01:01FromDiscord<Phil> (edit) "it's" => "the problem is"
21:01:57FromDiscord<Phil> If that doesn't work, try ` {.async, closure, gcsafe.}`, at the very least that should change the error message and tell you where the problem is
21:02:18FromDiscord<Phil> Current bet is that either its {.closure.} or it's the access to `routes` as that looks like a global variable
21:03:35FromDiscord<leorize> I like how we are diagnosing a problem the compiler knows by throwing random tags on the code
21:03:46FromDiscord<d4r5c0d3> Seems to dos omething @Phil but now it says↵↵- '.closure' calling convention for top level routines is invalid↵- 'requestHandler (Async)' is not GC-safe as it accesses 'routes' which is a global using GC'ed memory
21:04:59FromDiscord<Phil> In reply to @d4r5c0d3 "Seems to dos omething": Then it was gcsafe.↵Generally accessing a global variable inside a proc isn't a good idea because you can't know who all accesses that thing and will manipulate it.↵That'd be different if routes were, e.g. a `const`, but it appears to not be (I assume it's a var or a ref-type?)
21:05:25FromDiscord<d4r5c0d3> Is a table type yes
21:05:49FromDiscord<leorize> are you using httpbeast or asynchttpserver?
21:06:18FromDiscord<d4r5c0d3> I think I can figure out the global thing, but could you maybe tell me abit about why it generate differend function signature. Is kind of new for me
21:06:28FromDiscord<d4r5c0d3> In reply to @leorize "are you using httpbeast": asynchttpserver
21:06:29FromDiscord<Phil> The way to solve this are either:↵A) Design your code so you don't need `routes`↵B) Make `routes` immutable after initializing it↵C) Tell the compiler to shut up by using `cast(gcsafe)` and tanking the risk of `routes` possibly changing out from under you by e.g. a different thread etc.
21:07:13FromDiscord<d4r5c0d3> i'd like to try B thinkt that might be easiest
21:07:21FromDiscord<leorize> just go for C then
21:07:25FromDiscord<d4r5c0d3> lolz
21:07:39FromDiscord<leorize> asynchttpserver doesn't do threading, so that gcsafe warning is useless
21:08:29FromDiscord<Phil> sent a code paste, see https://play.nim-lang.org/#ix=4JMP
21:08:30FromDiscord<d4r5c0d3> I had taken a look at httpbeast but is my first app tbf. So I was just trying to stay vanilla as I am also learning the language
21:08:43FromDiscord<Phil> (edit) "https://play.nim-lang.org/#ix=4JMP" => "https://play.nim-lang.org/#ix=4JMQ"
21:08:54FromDiscord<leorize> you can clone the routes variable then create a closure to satisfy gcsafe
21:09:04FromDiscord<leorize> but that's wholly unnecessary for this
21:09:13FromDiscord<d4r5c0d3> So what would you advice ?
21:09:21FromDiscord<leorize> cast all the way
21:10:17FromDiscord<Phil> Honestly, write yourself a proc/proces for accessing `routes` that use cast so you isolate that code away and don't have to repeat it over and over
21:10:22FromDiscord<Phil> (edit) "proc/proces" => "proc/procs"
21:10:55FromDiscord<leorize> this isn't the first time I see someone got confused by that gcsafe warning on asynchttpserver
21:11:17FromDiscord<leorize> I think the intent back when that's introduced was to let asyncdispatch do the threading thing
21:11:24FromDiscord<leorize> but didn't work out I think
21:11:24FromDiscord<Phil> 🤷 ↵I mean, I agree, but I can't change that.
21:11:28FromDiscord<leorize> correct me if I'm wrong
21:12:41FromDiscord<d4r5c0d3> In reply to @isofruit "Honestly, write yourself a": will refactor and try this 2morrow I am done for now 🙂↵thnx for the help
21:37:39*advesperacit quit ()
21:47:38*azimut quit (Ping timeout: 256 seconds)
22:12:52FromDiscord<Chronos [She/Her]> Rn working on implementing OAuth aha
22:15:36FromDiscord<Chronos [She/Her]> Also I'm wondering if I should use `asyncdispatch` or `chronos`... Not sure which one would be better
22:16:40FromDiscord<Chronos [She/Her]> I think I'll stick with `asyncdispatch` for now tbh
22:16:46FromDiscord<Chronos [She/Her]> Since I'm more familiar with it
22:18:32FromDiscord<kcvinker5420> sent a code paste, see https://play.nim-lang.org/#ix=4JMW
22:27:44FromDiscord<demotomohiro> In reply to @kcvinker5420 "Is this possible in": https://nim-lang.org/docs/manual.html#macros-debug-example
22:28:19FromDiscord<kcvinker5420> @demotomohiro Thanks. Let me check.
22:30:01FromDiscord<Phil> In reply to @kcvinker5420 "Is this possible in": Honestly, you'd make your life far easier if you just defined `proc foo(args: varargs[int])`, `proc foo(args: varargs[string])` and if you want a fallback for any other type `proc foo(args: varargs[auto])`
22:30:30FromDiscord<Phil> There's no need to write your own if-else statement if you can just push that work onto the compiler and how it links your procs together based on the type
22:32:17FromDiscord<demotomohiro> sent a code paste, see https://play.nim-lang.org/#ix=4JN0
22:33:39FromDiscord<kcvinker5420> sent a code paste, see https://play.nim-lang.org/#ix=4JN1
22:33:55FromDiscord<demotomohiro> In reply to @isofruit "Honestly, you'd make your": But it doesnt works in case you want to pass different types.
22:34:24FromDiscord<Phil> That will not be possible to do in nim, you can categorically not have a type with 2 different types at once unless you use object varargs has special rules that I'm not aware of
22:34:36FromDiscord<Phil> (edit) "with" => "containing"
22:34:45FromDiscord<Phil> (edit) "That will not be possible to do in nim, you can categorically not have a type containing 2 different types at once unless you use object ... varargs" added "variants. Unless"
22:34:53FromDiscord<Phil> (edit) "nim," => "nim that way,"
22:36:36FromDiscord<demotomohiro> In reply to @isofruit "That will not be": I think it is possible by using generics.
22:37:05FromDiscord<Phil> In reply to @demotomohiro "I think it is": But even generics can't push 2 different types into the same iterable, at least that goes against everything I've known in nim.
22:41:10FromDiscord<demotomohiro> In reply to @isofruit "But even generics can't": https://play.nim-lang.org/#ix=4JN3
22:41:37FromDiscord<Phil> sent a code paste, see https://play.nim-lang.org/#ix=4JN4
22:42:41FromDiscord<Phil> In reply to @demotomohiro "https://play.nim-lang.org/#ix=4JN3": That basically turns the entire thing into one gigantic tuple. Fair, that's an avenue
22:43:17FromDiscord<Phil> I'm not sure if I'd personally like it but it does satisfy the requirements given.
22:43:19FromDiscord<kcvinker5420> Both are nice solutions
22:43:51FromDiscord<kcvinker5420> BTW, what is mean by↵`tuple or object` @demotomohiro
22:43:59FromDiscord<Phil> Honestly the way to go imo is not try trickery like that and go for using overloads and proper static dispatching.
22:45:08FromDiscord<Phil> In reply to @kcvinker5420 "BTW, what is mean": Honestly the "or object" could be left out for your purposes, it just makes the proc apply to more things.↵What he did there was turn myProc into a generic the same way I did, just with different Syntax.↵It now accepts every tuple or object.↵The way it works is it turns all your parameters into one large tuple, you can see that by the requirement to use double brackets
22:45:17FromDiscord<demotomohiro> In reply to @kcvinker5420 "BTW, what is mean": It is type class. So that proc become generics that takes any tuple or object types.
22:45:56FromDiscord<kcvinker5420> sent a code paste, see https://play.nim-lang.org/#ix=4JN5
22:45:57FromDiscord<demotomohiro> https://nim-lang.org/docs/manual.html#generics-type-classes
22:46:05FromDiscord<Phil> sent a code paste, see https://play.nim-lang.org/#ix=4JN6
22:46:24FromDiscord<Phil> And that one you can iterate over without needing to know the fields ahead of time.
22:46:50FromDiscord<Phil> Or rather you do know them ahead of time, this works as long as you hard-code the fields.↵I don't think this will work if you enter the fields at runtime
22:46:53FromDiscord<kcvinker5420> (edit) "https://play.nim-lang.org/#ix=4JN5" => "https://play.nim-lang.org/#ix=4JN7"
22:48:00FromDiscord<Phil> In reply to @kcvinker5420 "<@180601887916163073> I wrote some": Yeah, that could work.↵Make sure that you pretty much start your proc with `assert names.len == width.len` so that your proc immediately blows up if somebody uses it wrongly (or think about whether that should or shouldn't happen and how you want to deal with this "error-case")
22:48:27FromDiscord<Phil> Overall you always have a width belonging to a name, right?
22:48:36FromDiscord<kcvinker5420> In reply to @isofruit "Honestly the "or object"": Yeah, I got it. But the need for `or object` is not what digesting
22:49:10FromDiscord<kcvinker5420> In reply to @demotomohiro "It is type class.": Okay. Thanks
22:50:30FromDiscord<kcvinker5420> In reply to @isofruit "Overall you always have": Yes.
22:50:46FromDiscord<demotomohiro> Maybe what actually you want is this?↵https://nim-lang.org/docs/manual.html#statements-and-expressions-table-constructor
22:51:30FromDiscord<kcvinker5420> In reply to @demotomohiro "Maybe what actually you": A table is a nice option
22:51:40FromDiscord<Phil> sent a code paste, see https://play.nim-lang.org/#ix=4JN8
22:52:01FromDiscord<Phil> Would be useful because then you could just work with Fruit going forward and use the same code in both cases
22:53:45FromDiscord<kcvinker5420> sent a code paste, see https://play.nim-lang.org/#ix=4JN9
22:54:40FromDiscord<kcvinker5420> sent a code paste, see https://play.nim-lang.org/#ix=4JNa
22:58:13FromDiscord<Phil> I don't code Odin, I couldn't tell you how they handle types
22:58:41FromDiscord<Phil> All I can tell you is that in nim, when all the magic behind generics, templates and macros is said and done, the code left behind always has explicit types
22:59:32FromDiscord<Phil> Which means there can not be types that depend on runtime code other than Object variants which are type unions
22:59:47FromDiscord<Phil> (edit) removed "which are type unions"
23:00:13FromDiscord<Phil> And even there the way you can combine things into one type is static, so there's no attaching something to that at runtime.
23:02:14FromDiscord<leorize> odin uses RTTI for everything
23:02:15FromDiscord<Elegantbeef> It's a bit silly
23:02:41FromDiscord<leorize> you can have code like that in nim, just not flat
23:03:27FromDiscord<leorize> you'd have to call it like this\: `foo({"name": 10, "bar": 1000})`
23:04:35FromDiscord<kcvinker5420> Table literals, right ?
23:05:13FromDiscord<kcvinker5420> @Phil ↵> I couldn't tell you how they handle types↵No problem.
23:05:35FromDiscord<leorize> the perk would be that your data is structured so there's never a failure state
23:05:35FromDiscord<leorize> if you want it flat, then that's also possible with a bit of varargs trickery
23:06:34FromDiscord<kcvinker5420> With varargs[auto] ?
23:06:54FromDiscord<leorize> nope
23:08:39FromDiscord<Elegantbeef> Does work
23:08:41FromDiscord<Elegantbeef> sent a code paste, see https://play.nim-lang.org/#ix=4JNd
23:09:17FromDiscord<Elegantbeef> But you're odin code uses boxing afaict
23:09:19FromDiscord<Elegantbeef> your odin\
23:10:33FromDiscord<leorize> sent a code paste, see https://play.nim-lang.org/#ix=4JNf
23:10:58FromDiscord<leorize> for making the IntString type I'd just plug this here\: https://github.com/alaviss/union
23:11:48FromDiscord<kcvinker5420> In reply to @Elegantbeef "But you're odin code": What do you mean by `boxing afaict` ?
23:12:27FromDiscord<kcvinker5420> In reply to @leorize "for making the IntString": Nice, let me study that
23:12:47FromDiscord<Elegantbeef> How does one pass a type erased heterogeneous collection type?
23:12:51FromDiscord<Elegantbeef> You need to use type information to extract that information
23:13:15FromDiscord<Elegantbeef> Which means either odin has type information attached to all their data or the passing an array of `any` stores type information aswell
23:13:48FromDiscord<Elegantbeef> Does that odin proc work with an array allocated at runtime?
23:14:47FromDiscord<Elegantbeef> My ill-informed view is that the odin proc only will work on constants
23:15:55FromDiscord<leorize> https://odin-lang.org/docs/overview/#any-type \<- looks like it's a box
23:16:16FromDiscord<kcvinker5420> In reply to @Elegantbeef "Does that odin proc": Yup
23:16:49FromDiscord<leorize> odin looks surprisingly like go
23:17:11FromDiscord<Elegantbeef> Odin is inspired by go
23:17:29FromDiscord<Elegantbeef> But yea using RTTI for the aforementioned operation is pretty silly
23:18:06FromDiscord<leorize> it has its ups and downs
23:18:16FromDiscord<pcarrier> do I understand correctly that a `const` can't be of a type that _might_ contain references?
23:18:23FromDiscord<Elegantbeef> Right
23:18:25FromDiscord<pcarrier> (edit) "references?" => "`ref`s?"
23:18:31FromDiscord<pcarrier> that's... frustating, but thanks 🙂
23:18:58FromDiscord<pcarrier> can I refer to the location of the current source file in Nim?
23:19:18FromDiscord<Elegantbeef> `currentSourcePath`
23:19:44FromDiscord<leorize> you could always use a `let`
23:21:37FromDiscord<leorize> I think actually it just can't have ref in it↵(@pcarrier)
23:21:50FromDiscord<leorize> if you have a ref field set to nil it shouldn't matter I think
23:24:00FromDiscord<kcvinker5420> > My ill-informed view is that the odin proc only will work on constants
23:24:03FromDiscord<Elegantbeef> !eval const a = (ref int)(nill)
23:24:05NimBotCompile failed: /usercode/in.nim(1, 21) Error: undeclared identifier: 'nill'
23:24:15FromDiscord<kcvinker5420> (edit) "constants" => "constants↵> ↵That's what I wanted"
23:24:17FromDiscord<Elegantbeef> Lol I have skills
23:24:22FromDiscord<Elegantbeef> !eval const a = (ref int)(nil)
23:24:25NimBot<no output>
23:24:48FromDiscord<Elegantbeef> !eval const a = new int
23:24:50NimBotCompile failed: /playground/nim/lib/system.nim(843, 8) Error: integer literal must have some int type
23:26:43NimEventerNew post on r/nim by Better-Process5239: NIM - Error: cannot evaluate at compile time: glGetString, see https://reddit.com/r/nim/comments/17eye7m/nim_error_cannot_evaluate_at_compile_time/
23:27:05FromDiscord<pcarrier> if I might ask a potentially stupid question, why?
23:27:30FromDiscord<Elegantbeef> What does a constant reference mean?
23:27:52FromDiscord<pcarrier> well maybe I misunderstand what refs are for, but it'd be a pointer to the data section of my binary?
23:28:01FromDiscord<pcarrier> (edit) "are for," => "are,"
23:28:14FromDiscord<Elegantbeef> sent a code paste, see https://play.nim-lang.org/#ix=4JNg
23:28:26FromDiscord<pcarrier> a page fault?
23:28:40FromDiscord<pcarrier> (edit) "fault?" => "fault or however attempts at modifying read-only memory are handled?"
23:28:51FromDiscord<leorize> nim refs are reference-counted values
23:29:19FromDiscord<Elegantbeef> sent a code paste, see https://play.nim-lang.org/#ix=4JNh
23:29:22FromDiscord<leorize> they don't support CoW to allow for const ref
23:29:26FromDiscord<leorize> unlike sequences
23:29:43FromDiscord<leorize> well but even then the CoW is weird because you'd be unsharing the value
23:29:56FromDiscord<Elegantbeef> Yea a const ref does not make much sense imo
23:30:30FromDiscord<pcarrier> I'd like to build a read-only, in-executable graph of data. is that possible somehow?
23:30:50FromDiscord<Elegantbeef> `Option[T]`
23:31:10FromDiscord<pcarrier> is there a non-optional equivalent? 🙂
23:31:30FromDiscord<leorize> make your own `ptr`-based tyepe
23:31:50FromDiscord<Elegantbeef> Yea use a `seq[T]` and `distinct int`
23:32:00FromDiscord<Elegantbeef> Accessing data from the `distinct int` indexes the sequence
23:32:14FromDiscord<leorize> a flat graph works, yea
23:32:23FromDiscord<pcarrier> that's fair, thanks
23:55:07FromDiscord<leorize> something like this could become natively supported in the future when views are stable