Leif Andersen | 8 Feb 21:05 2016
Picon
Gravatar

Fwd: Now Accepting GSoC 2016 Mentor Organization Applications

Is there any interest from this community in participating in GSoC?

~Leif Andersen

---------- Forwarded message ----------
From: sttaylor <sttaylor@...>
Date: Mon, Feb 8, 2016 at 2:57 PM
Subject: Now Accepting GSoC 2016 Mentor Organization Applications
To: Google Summer of Code Announce
<google-summer-of-code-announce@...>

Hello everyone,

We are now accepting applications from open source projects interested
in participating as mentor organizations for Google Summer of Code
2016.

Visit our new website to apply as an organization today. For helpful
tips on what is expected as a mentor organization and as a mentor or
org admin for GSoC 2016 read the Mentor Manual.

One person from your Org must act as an Organization Administrator and
submit the application for your organization. The organization
application process consists of 3 parts:

Application -- answering straightforward questions about why your org
would like to mentor students in GSoC

Organization Profile -- details about your organization that will be
used to attract students to your organization (short and long
(Continue reading)

Sam Tobin-Hochstadt | 8 Feb 17:19 2016
Picon
Picon
Gravatar

Racket Web Server Security Vulnerability

We recently discovered a serious security vulnerability in the Racket
web server, which can lead to unintended disclosure of files on the
machine running the web server. This vulnerability is fixed in Racket
version 6.4, just released, and we encourage people to upgrade to that
version.

The vulnerability affects web servers that serve static files using
the `#:extra-static-files` option, including the default value of this
option. If you do not use the Racket web serve to serve static files,
or you do so via a mechanism that does not use the `make-url-≥path`
function, then you are likely not vulnerable. Affected web serves will
allow specially-crafted URLs to access files outside of the specified
paths, potentially exposing any file that the web server process is
able to read.

If you cannot immediately upgrade to version 6.4, we have provided a
package catalog with updated versions of the "web-server-lib" package
for versions of Racket back to 6.0. That catalog is located at

  http://download.racket-lang.org/patches/web-server-1/

To use it to upgrade your Racket installation, add it as a catalog
using `raco pkg config`. To make this process easier, you can download
the Racket script available at
https://gist.github.com/samth/c81e1e2fabc744759970. Then run:

  $ racket add-catalog.rkt
  $ raco pkg update -i web-server-lib

On some systems, this may need to be run with administrator or
(Continue reading)

Leif Andersen | 4 Feb 21:24 2016
Picon
Gravatar

Module Provides Syntax Properties Missing in Expanded Module

A module's syntax properties when fully expanded do a reasonable job
getting the requires and provides out. However, if I have something
defined (and provided) in a phase other than 0, it seems to be
missing. For example:

#lang racket

(require zordoz)

(define mod
  #'(module foo racket/base
      (#%plain-module-begin
       (#%require (only racket/match match))
       (#%provide x)
       (#%provide (for-syntax y))
       (define x 5)
       (define-for-syntax y 6))))

(expand mod)

In the expanded module there is no syntax property for `y`, even
though it's provided for syntax.

Now, I could (and currently do) just recalculate this when I'm
compiling the module, but this seems a little bit silly to redo as the
macro expander seems to already have this information.

Is it possible to have all of a module's provides included when a
syntax object is expanded, and not just it's phase level 0 ones, or am
I missing something?
(Continue reading)

Ryan Culpepper | 28 Jan 17:58 2016

Pre-Release Checklist for v6.4, second call

Checklist items for the v6.4 release
   (using the v6.3.90.900 release candidate build)

Search for your name on the checklist page to find relevant items, reply
when you finish an item (please indicate which item/s is/are done).  Also,
if you have any commits that should have been picked, make sure that the
changes are in.

The checklist page is at:
      https://github.com/racket/racket/wiki/Release-Checklist-6.4

NOTE: You can either either edit the checklist page yourself to check
off items or reply to me and I'll check them off for you.

Important: new builds are created without announcement, usually whenever
I pick a few commits.  If you need to commit changes, please make sure
you tell me to pick it into the release branch.

--> Release candidates are at
-->   http://pre-release.racket-lang.org

Please use these installers (or source bundles) -- don't test from
your own git clone (don't test the `master' branch by mistake!).  To
get the tests, you can do this:

   cd ...racket-root...
   ./bin/raco pkg install -i main-distribution-test

--

-- 
You received this message because you are subscribed to the Google Groups "Racket Developers" group.
(Continue reading)

Tony Garnock-Jones | 28 Jan 17:32 2016
Gravatar

Review & merge process for split-out packages

Hi all,

I'd like to know what process we have for merging contributions to
split-out packages that are somewhat core-ish, such as those making up
the net collect.

Perhaps the process could be:
 1. fork the repo
 2. make the change
 3. make a pull request
 4. get someone (who?) to review it
 5. if it passes review, merge

The question "who" is interesting, and I can imagine that perhaps two
reviewers might be preferred or similar. Thoughts?

Here's a concrete example: I recently forked github.com/racket/net to
add support for SRV. I made a pull request and Asumu kindly took the
time to review it. After incorporating his feedback, I got a "looks good
to me" from him, and now I'd like to know if it's OK to just go ahead
and merge it in (since both he and I happen to have the commit bit
there, I think).

Thanks! And sorry if this is some kind of FAQ. I found [1], but it
focusses more on the core repo and not on split-out packages.

Tony

[1]
http://www.greghendershott.com/2013/04/a-guide-for-infrequent-contributors-to-racket.html
(Continue reading)

Sam Tobin-Hochstadt | 28 Jan 01:43 2016
Picon
Picon
Gravatar

Re: Release Announcement for v6.4

For Typed Racket:

Typed Racket now generates contracts with lower overhead in many
cases, speeding up typed/untyped interaction.

The contract generated for the `Any` type is now more permissive,
allowing more typed/untyped programs to work without contract errors.

Sam

On Mon, Jan 25, 2016 at 1:24 PM, Vincent St-Amour
<stamourv@...> wrote:
> The release announcement sketch that I have so far is below.  Please
> mail me new items and/or edits.
>
> Please phrase announcements using complete sentences and avoid the
> word "now".
> ----------------------------------------------------------------------
>
> general:
> - HTTPS (for pkg catalog, and others)
>
> mflatt:
> - incremental GC (ba8103bbde441e38df8dce16e6cbfd36f72c1ce0)
> - add `internal-definition-context-{binding-identifier,track}` (0e16ce4be)
> - deterministic bytecode generation (2743ea06bbc and others)
> - `procedure-specialize` (db0a6de1d2d5d3059ec971275b287860c5bda6e2)
> - openssl 'secure protocol (92f1bfa4d23e0a691778b814a5956c849bb3af83)
> - libssl on Mac (273bc4ea4914cbe73bbb343015cc4fdeb3a1c6a4)
> - windows code signing (666c5f1557703ed24272387f9272321ded2ecf7f)
(Continue reading)

Scott Moore | 27 Jan 20:05 2016
Picon

Bounded parametric polymorphic contracts

While we were developing shill we devised a useful form of contract
that we called a "bounded parametric polymorphic contract." A bounded
parametric polymorphic contract emulates bounded parametric
polymorphism similar to how existing Racket parametric contracts
emulate parametric polymorphism. Our original implementation was
specialized to a particular set of contracts we used for shill, but I
have developed an experimental library that supports arbitrary
higher-order contracts that I would like feedback on.

Here is a brief example:

> (define (id x) x)
> (define/contract (check fn val)
    (bounded-polymorphic->/c ([X (integer? . -> . integer?)]) (X any/c . -> . X))
    (fn val)
    fn)
> (check id 0)
#<procedure:id>
> (check id 'bad)
check: broke its own contract
  promised: integer?
  produced: 'bad
  in: the 1st argument of
      ...
      the 1st argument of
      (bounded-polymorphic->/c
       ((X (-> integer? integer?)))
       (-> X any/c X))
  contract from: (function check)
  blaming: (function check)
   (assuming the contract is correct)
  at: eval:3.0
> ((check id 0) 'ok)
'ok

At each application of the contracted function,
bounded-polymorphic->/c creates a fresh contract for each type
variable. Values flowing into the polymorphic function through a
generated contract are wrapped with the bounding contract of the
corresponding type variable. Values flowing out of the function
through a generated contract are required to be wrapped by the
corresponding contract. If so, the contract is removed. If not, a
contract violation is raised.

The effect of this contract is that the contracted function can access
the value only according to the restrictions imposed by the bound, but
values returned from the function can be used without restriction.
For blame correctness, any contracts applied in the body of the
function remain after unwrapping.

This does not quite achieve bounded parametric polymorphism because
there is no check that all values flowing through the same type
variable have the same type. This is also a limitation of
parametric->/c, though solutions are discussed in Guha et al's
"Relationally-Parametric Polymorphic Contracts". It should be
straightforward to create a version of the contract that requires
specialization to a particular type, but we found the current version
adequate for our needs.

I've posted the library on github.com/thinkmoore/bounded with
documentation at thinkmoore.github.io/bounded.  Implementing the
contracts with correct blame and contract enforcement requires a new
operation that removes a chaperone or impersonator from a stack of
chaperones around a value. Because this is not something the existing
implementation allows, I had to add a new primitive function as a
Racket extension that accesses private types from the Racket
implementation. This is very much a hack, so some extra compilation
trickiness is required. If the functionality makes sense, perhaps it
makes sense to incorporate into Racket directly.

The new primitive is (remove-impersonator value imp orig), which
returns a new copy of value with the given impersonator removed.
value must itself be an chaperone for imp, and orig nust be the
value that is directly impersonated by imp. This serves as a witness
that the caller already has the ability to invoke the underlying value
without the imp impersonator. My rational for why this method is safe
is that by the chaperone and impersonator properties, an outer
impersonator cannot rely on whether the value it wraps is already
chaperoned or impersonated. (Of course, it is possible to write such
a chaperone using eq? or impersonator? and associated functions, but
I don't think this is done in practice or recommended.) I could see this
primitive also being useful for things like option contracts.

I'd appreciate any thoughts on both the new contracts and the
implementation details.

--
You received this message because you are subscribed to the Google Groups "Racket Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to racket-dev+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org.
To post to this group, send email to racket-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org.
To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/etPan.56a914e6.112e6f82.124%40Scotts-MacBook-Pro.local.
For more options, visit https://groups.google.com/d/optout.

Vincent St-Amour | 25 Jan 19:24 2016

Release Announcement for v6.4

The release announcement sketch that I have so far is below.  Please
mail me new items and/or edits.

Please phrase announcements using complete sentences and avoid the
word "now".
----------------------------------------------------------------------

general:
- HTTPS (for pkg catalog, and others)

mflatt:
- incremental GC (ba8103bbde441e38df8dce16e6cbfd36f72c1ce0)
- add `internal-definition-context-{binding-identifier,track}` (0e16ce4be)
- deterministic bytecode generation (2743ea06bbc and others)
- `procedure-specialize` (db0a6de1d2d5d3059ec971275b287860c5bda6e2)
- openssl 'secure protocol (92f1bfa4d23e0a691778b814a5956c849bb3af83)
- libssl on Mac (273bc4ea4914cbe73bbb343015cc4fdeb3a1c6a4)
- windows code signing (666c5f1557703ed24272387f9272321ded2ecf7f)

robby:
- contract performance improvements (various)
- racket/contract/combinator exports cleanup (99d7ad56d954)

jay:
- `read-cdot` and related parameters (551e4d5a0d395)
- doc categories (2e34599ce37068072a98d8b14a3065bfc31848b5)
- cheat sheet

asumu:
- Make id-table API more hash-like (14d25abd 92fc1f41)

stamourv:
- additions to `racket/random`

Juan Francisco Cantero Hurtado:
- Add config for linux/ppc64. (e957a7d6557f9718ba8493c20675b75a1145084a)

Alex Knauth:
- Allow separate read and write contracts for box/c (67e3899272792c2e5)

Other repos:

redex:
- robby / Paul Stansifer: binding specifications (6410411)

scribble:
- mflatt: scribble/examples (50f835c)
- florence: allow manipulation of scribble.tex imports (2881ef2)

plot:
- bennn: jitter (fc4f7e2)

pict:
- florence: pict/convertible changes (b95113d)
- stamourv: codeblock-pict (29806e2)

typed racket:
- contract performance improvements
- typechecking performance improvements

profile / contract profile:
- stamourv: add raco profile / raco contract-profile
- stamourv: overhaul contract-profile output

htdp:
- mflatt: performance improvements for world from incremental GC?

drracket:
- robby: anything major?

gui:
- avoid using high-power GPU on Mac?
- scrolling speed improvements?

string-constants:
- robby / Alexander Shopov: Added bulgarian translation (fb04c62)

----------------------------------------------------------------------

--

-- 
You received this message because you are subscribed to the Google Groups "Racket Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to racket-dev+unsubscribe@...
To post to this group, send email to racket-dev@...
To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/m2mvrt7c1c.wl-stamourv%40eecs.northwestern.edu.
For more options, visit https://groups.google.com/d/optout.

Faré | 20 Jan 17:38 2016
Picon
Gravatar

SSL woes

raco pkg install livefrog
Resolving "livefrog" via https://pkgs.racket-lang.org ssl-connect:
connect failed (error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)

NB: just installed from http://plt.eecs.northwestern.edu/snapshots/
 64-bit x86_64 natipkg built on Debian Wheezy
 138.4 MB SHA1: cbff558fda8da4c33521345406ef2cecb877981e as “current”
(checked the sha1sum).
sh racket-test-6.4.0.4-x86_64-linux-natipkg-wheezy.sh --unix-style
--dest ~/local/stow/plt/

—♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org
Ever stop thinking and forget to start again?

--

-- 
You received this message because you are subscribed to the Google Groups "Racket Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to racket-dev+unsubscribe@...
To post to this group, send email to racket-dev@...
To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/CAN7nBXe7V1x0tAQw9KaX7x3gC35QKfr9tqeT1i5S0WhtzpnGhw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Gustavo Massaccesi | 19 Jan 22:34 2016
Picon

JIT: procedure-result-arity

I'm trying to add support in the JIT for primitive-result-arity and
procedure-result-arity. My idea is to copy the implementation of
procedure-arity-includes? and make some modifications.

In the JIT, procedure-arity-includes? only has a special case for
scheme_native_closure_type and scheme_prim_type. But it ignores other
types of primitives like scheme_closed_prim_type, that are redirected
to the C version.

https://github.com/racket/racket/blob/0fb11e61e6cf4327cf31d7c30ce5a34d11bf60cd/racket/src/racket/src/jitcommon.c#L3166

Are scheme_closed_prim_type rarely used or deprecated? Shoul I (try
to) add a special case for them in the JIT version of
primitive-result-arity, or it's not very usefull? Is there some hidden
problem?

Gustavo

--

-- 
You received this message because you are subscribed to the Google Groups "Racket Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to racket-dev+unsubscribe@...
To post to this group, send email to racket-dev@...
To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/CAPaha9Ppip_AJHH0tbVgw7AUWvUbFs%3DPJTz0oTgW7ECh5xQ5mQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Ryan Culpepper | 17 Jan 16:17 2016

Pre-Release Checklist for v6.4

Checklist items for the v6.4 release
   (using the v6.3.90.900 release candidate build)

Search for your name on the checklist page to find relevant items, reply
when you finish an item (please indicate which item/s is/are done).  Also,
if you have any commits that should have been picked, make sure that the
changes are in.

The checklist page is at:
      https://github.com/racket/racket/wiki/Release-Checklist

Important: new builds are created without announcement, usually whenever
I pick a few commits.  If you need to commit changes, please make sure
you tell me to pick it into the release branch.

--> Release candidates are at
-->   http://pre-release.racket-lang.org

Please use these installers (or source bundles) -- don't test from
your own git clone (don't test the `master' branch by mistake!).  To
get the tests, you can do this:

   cd ...racket-root...
   ./bin/raco pkg install -i main-distribution-test

----------------------------------------------------------------------

--

-- 
You received this message because you are subscribed to the Google Groups "Racket Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to racket-dev+unsubscribe@...
To post to this group, send email to racket-dev@...
To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/569BB06E.1000200%40ccs.neu.edu.
For more options, visit https://groups.google.com/d/optout.


Gmane