jhass changed the topic of #crystal-lang to: The Crystal programming language | https://crystal-lang.org | Crystal 0.35.1 | Fund Crystal's development: https://crystal-lang.org/sponsors | GH: https://github.com/crystal-lang/crystal | Docs: https://crystal-lang.org/docs | Gitter: https://gitter.im/crystal-lang/crystal
deavmi has quit [Ping timeout: 272 seconds]
deavmi has joined #crystal-lang
chachasmooth has quit [Ping timeout: 260 seconds]
chachasmooth has joined #crystal-lang
f1reflyylmao has joined #crystal-lang
f1refly has quit [Ping timeout: 260 seconds]
avane has quit [Quit: ZNC - https://znc.in]
avane has joined #crystal-lang
<FromGitter> <grkek> nice
zorp has joined #crystal-lang
<FromGitter> <mattrberry> I don't have experience with opengl really in the first place and I haven't spent much time looking into it, but I figured I'd ask here in case anybody has a simple demo they're willing to share. I'm hoping to apply a color shift to an sdl texture (using ysbaddaden/sdl.cr), specifically the shift described in the Game Boy Advance section here: https://byuu.net/video/color-emulation/ ⏎ Does anyone know if
<FromGitter> ... this is possible with pure sdl? I don't think that it is, and that this would require the use of opengl. Has anyone here gotten opengl to work with ysbaddaden's sdl bindings and have a little example?
<FromGitter> <mattrberry> I can do more research tomorrow, but I just figured I'd ask in case there's a quick solution that I wasn't finding in my initial google searching
<sorcus> mattrberry: why not? https://en.wikipedia.org/wiki/List_of_games_using_SDL - there is a lot of games written with SDL.
<FromGitter> <mattrberry> My question isn’t whether sdl is useful or whether it’s used :p I’ve used it a number of times. I don’t think sdl supports features like applying a color transformation over a texture, though. They provide raw multipliers with SetTextureColorMod, but I need to have rgb values affect each other, eg: color.g = 0.039 * color.r + 0.901 * color.g + 0.117 * color.b
<FromGitter> <mattrberry> That’s why I was asking about OpenGL/sdl in crystal, since I know that’s something you can do in OpenGL
<sorcus> mattrberry: Oh, then i don't know the answer :-(
<oprypin> mattrberry, isnt this just a shader
<FromGitter> <j8r> what's the context, a game?
<FromGitter> <j8r> I thought at first having a native game, but then, being a simple 2D one, using the Web as a client will bring a lot more players
<FromGitter> <j8r> because it is cross-platform. Plus, I won't have platform/bindings issue :)
<oprypin> j8r, this is an emulator for games
<FromGitter> <eliasjpr> I have a question in regards to `uninitialized` keyword it is stated that it is unsafe. yet many languages allows you to `declare` a variable in crystal one would have to declare and initialize a variable like `@example : String? = nil`, otherwise an error `Error: instance variable '@exam' of Example was not initialized directly in all of the 'initialize' methods, rendering it nilable. Indirect initialization
<FromGitter> ... is not supported.` would be raised
<FromGitter> <eliasjpr> One does not always want to initialize variables in a class and the only way to do this is with `unitialized` keyword, if it is `unsafe`, which almost sounds like dangerous, why the language has the keyword in the first place?
<FromGitter> <eliasjpr> What alternatives do we have for declaring `@something : Type` without initializing?
<FromGitter> <eliasjpr> I would think the compiler should help you in the cases where a variable is declared and not used and if the fear is memory leak or overwriting the variable in those cases making a variable immutable might help the compiler to know how to treat these cases
<FromGitter> <asterite> The solution is to use nil. You can do everything without uninitialized, but in some hot paths uninitialized is faster and that's why we have it
<FromGitter> <eliasjpr> Thank you Ary.
<FromGitter> <HertzDevil> is there a reason `uninitialized` can't be a top-level pseudo-method, like `instance_sizeof` for example
<FromGitter> <kyku> Hi
<oprypin> HertzDevil, yea it's not a value
<FromGitter> <kyku> is it a bug or is it a feature: https://play.crystal-lang.org/#/r/9ujr
<oprypin> `foo = uninitialized Bar` is a core syntax all together. there's no such syntax as `uninitialized Bar`
<FromGitter> <kyku> (that is to say, the presence of inner block argument with the same name as outer block argument seems to change the value of the outer block)
<oprypin> kyku, i think there was some resent issue opened about that
<FromGitter> <kyku> @oprypin , thanks for the info. I preferred to ask here first before filling the bug report.
<oprypin> kyku, hold up.. there's no issue in your code
<oprypin> nvm there is
<oprypin> i'll continue looking
<oprypin> kyku, your report would be valid. seems like https://github.com/crystal-lang/crystal/issues/9813 has the same root cause but your repro is more general as it doesnt involve procs
<FromGitter> <kyku> This seems to only happen with a tuple parameter |(_, index)|, using "normal" arguments as in https://play.crystal-lang.org/#/r/9uk6 fixes it.
<oprypin> yes
<oprypin> (include the ```crystal code directly, not a link)
<FromGitter> <kyku> but if it is a know problem, then what for?
<oprypin> [15:39:17] <oprypin> kyku, your report would be valid. seems like https://github.com/crystal-lang/crystal/issues/9813 has the same root cause but your repro is more general as it doesnt involve procs
<FromGitter> <kyku> @oprypin , I think your code should look more like this then: https://play.crystal-lang.org/#/r/9ukf
<FromGitter> <kyku> your passing of `x` to `each` which then calls "puts x" is they way it should work, isn't it?
<oprypin> kyku, no huge difference, but yes, your latest example makes the problem even clearer.
<oprypin> kyku, clearly i'm actually not passing `x` to each
<FromGitter> <kyku> you're right, my mistake
<FromGitter> <HertzDevil> i'm asking why it can't be a pseudo-method, not why it isn't
<FromGitter> <HertzDevil> like, does anything render a pseudo-method form of `uninitialized` undesirable from a design perspective, compared to a syntactic form
<oprypin> HertzDevil, i dont know why it bothers you so much when you're not even supposed to use `uninitialized` at all
<oprypin> and, again, `uninitialized Foo` doesn't mean anything, you couldn't do anything with it
f1reflyylmao has quit [Quit: bye fags]
f1refly has joined #crystal-lang
<FromGitter> <eliasjpr> @oprypin what is the difference/penalty when declaring variables like `@example : String? = nil` vs `@example = uninitialized String`?
<FromGitter> <Blacksmoke16> ones inherently unsafe if you go to use `@example` before it gets set
<FromGitter> <eliasjpr> with uninitialized I understand there there is no allocation
<FromGitter> <eliasjpr> what `unsafe` means?
<FromGitter> <eliasjpr> Well if I use it before it gets set it will throw an error no?
<FromGitter> <Blacksmoke16> https://play.crystal-lang.org/#/r/9ukj
<FromGitter> <eliasjpr> I dont think thats how is intended to be used @Blacksmoke16
<FromGitter> <Blacksmoke16> prob not, but it shows its not something to just throw around because it makes errors go away
<FromGitter> <Blacksmoke16> its a lower level thing, prob dont need it in 99% of cases
<FromGitter> <eliasjpr> agree you might not need it. It stills leaves me without understanding it. It throws an error if is not set at the right moment so that gives me sense that there is some sort of safety
<FromGitter> <Blacksmoke16> i mean it doesnt really throw an error, it just segfaults. Imagine trying to figure out why if you're program is anything more than a 1 file thing
<FromGitter> <eliasjpr> It was said that `uninitialized` offers some performance because of the lazy initialization
<FromGitter> <eliasjpr> that that's something important to understand it's use case or why you you use it and when to use it
<FromGitter> <eliasjpr> > i mean it doesnt really throw an error, it just segfaults. Imagine trying to figure out why if you're program is anything more than a 1 file thing ⏎ ⏎ That's valuable given that from the stack trace you cant identify where the issue exactly comes from
<FromGitter> <Blacksmoke16> right
<FromGitter> <Blacksmoke16> my understanding is its a low level thing used in some certain cases for performance reasons, mainly `StaticArray`
<FromGitter> <eliasjpr> So the issue with having variables initialize with `nil` is that the program will need to have nil checks
<FromGitter> <eliasjpr> for instance ⏎ ⏎ `````` [https://gitter.im/crystal-lang/crystal?at=5f8c63dc61007f7d1b7c4961]
<FromGitter> <Blacksmoke16> you can use `getter!` for this, would make nil errors a runtime thing tho
<FromGitter> <Blacksmoke16> but whats a use case for not wanting to initialize an ivar in a class?
<FromGitter> <eliasjpr> Is a choice we have to make
<FromGitter> <Blacksmoke16> wouldnt that be better solved by having more specific types that doesnt include vars it doesnt need?
<FromGitter> <Blacksmoke16> i.e. only include initialize the var in the subtype that needs it
<FromGitter> <eliasjpr> it is more about the moment a var needs to be assigned vs wanting to initialized it with a `nil`
<FromGitter> <Blacksmoke16> so lazily initialization?
<FromGitter> <Blacksmoke16> i.e.*
<FromGitter> <Blacksmoke16> lazy initialization*
<FromGitter> <eliasjpr> is a placeholder not necesarily lazy initialization
<FromGitter> <eliasjpr> I would like to better understand what happens when you initialize with `nil` and later set the true value
<FromGitter> <eliasjpr> Anyways this is more to learn more about the `uninitialized` keyword, the documentation only states that is `unsafe` without much details. It almost feels that it should be hidden from the developer if the intention is not to be used 99.99%
<FromGitter> <Blacksmoke16> ill leave that to someone else. But from what I know i suppose if you can be certain you'll be setting the proper values before they get used i would imagine it would be fine. But its also getting into unsafe territory for prob not much reason
<FromGitter> <eliasjpr> a tool is only unsafe if you dont know how to operate it :)
<FromGitter> <eliasjpr> As has been stated it is being used for StaticArray
<FromGitter> <j8r> @eliasjpr humans make mistakes
<FromGitter> <j8r> remind me people saying if you we how to use C, it is safe. ⏎ The history told us, no - no one is perfect.
<oprypin> @eliasjpr: that's a 100% invalid use case for uninitialized
<oprypin> it also likely has 0 performance advantage
<oprypin> [17:43:26] <e90d7f@eliasjpr> It was said that `uninitialized` offers some performance because of the lazy initialization
<oprypin> where was it said?
<jhass> it's miniscule performance, only really critical for things being called very very often
<jhass> and that's where it should be used, if you absolutely need to safe the initial zeroing and potential nil check later
<jhass> otherwise forget it exists
<jhass> *save, even
<FromGitter> <mattrberry> @oprypin Yeah it’s just a shader
<oprypin> @mattrberry: so just use a shader. does sdl really not let you do that? then use sfml
<FromGitter> <mattrberry> I was hoping there might be a way to do it without a shader because using a shader with sdl doesn't seem to be trivial. But I just need to look more into it this morning I guess
<FromGitter> <mattrberry> I have been considering moving to crsfml for awhile, but still sticking with sdl for now
<FromGitter> <eliasjpr> > The solution is to use nil. You can do everything without uninitialized, but in some hot paths uninitialized is faster and that's why we have it ⏎ @oprypin @asterite mentioned about in the thread
<FromGitter> <rishavs> quick question on webdev; ⏎ i am making a simple web site in Crystal and was wondering if I need to solve for CSRF if my site is likely to run behind a reverse proxy
<FromGitter> <Blacksmoke16> how are you handling auth? there are measures you can take as part of that
<FromGitter> <Blacksmoke16> if using cookies
<FromGitter> <rishavs> my plan right now is to go with JWT
<FromGitter> <rishavs> planning to keep that in local storage and send only with the requests which need authn
<FromGitter> <Blacksmoke16> tbh cookies these days are pretty safe
<FromGitter> <Blacksmoke16> secure, samesite, httpOnly flags
<FromGitter> <Blacksmoke16> local storage is still accessible via JS, if thats a concern at all
<FromGitter> <rishavs> I love sessions and cookies too, but I am planning to add in oauth later on, so thinking of doing purely JWT
<FromGitter> <rishavs> if I gotta jump into JWT, might as well jump in with both feet :)
<FromGitter> <Blacksmoke16> i mean you can store the JWT token in a cookie
<FromGitter> <rishavs> Thanks!
<FromGitter> <Blacksmoke16> np
holst has joined #crystal-lang
<jhass> /b diaspora
<jhass> ups, sorry
<raz> there's a little more to CSRF prevention, sadly
<raz> fwiw, the "Encryption based Token Pattern" can be done in crystal like so: https://carc.in/#/r/9ul3
<FromGitter> <rishavs> thanks raz!
<raz> yw, and good luck! ;) - this stuff is a rabbit hole
<FromGitter> <Blacksmoke16> context of your app is also something to consider
<FromGitter> <Blacksmoke16> prob dont need to make it as secure as a bank
<raz> ^ famous last words
<raz> no CSRF = an attacker can post to any form as any of your users ;)
<FromGitter> <Blacksmoke16> im not saying *dont* take precautions. Just that following standard practices (like sameSite cookie attribute) is probably sufficient
<FromGitter> <Blacksmoke16> most likely dont need to spend days engineering some super robust/super secure system if there isnt a need to be *that* secure
<raz> as a framework author, you shouldn't say that :p
<FromGitter> <Blacksmoke16> i mean its the same for any framework,
<FromGitter> <Blacksmoke16> if im making an app for some niche side project thing im not going to spend hours and hours making it 100% secure when there's 1) almost no chance of someone trying to hack it and 2) nothing of value if someone did get a hold of a token or something
<raz> yup, well, it's a slippery slope. sometimes side projects get popular, happyness ensues. and then some kiddo grabs all your data ¯\_(ツ)_/¯
<FromGitter> <Blacksmoke16> also let me reiterate, im not saying dont do anything security wise. Just that use secure, httpOnly, sameSite cookie attributes, dont store token in localstorage, hash your password, etc and you'll most likely be fine
<FromGitter> <j8r> @rishavs what would you use as OAuth?
<FromGitter> <j8r> which provider?
<FromGitter> <Blacksmoke16> raz: that does remind me i should prob get some security abstractions implemented...think thats ones area Athena is lacking in atm
<raz> yeh, homework: implement CSRF. then you'll understand why it's necessary ;)
<FromGitter> <Blacksmoke16> again, im not saying its not. But from my understanding `sameSite` makes it not that big of a problem anymore
<raz> even with all of the above, i can send your users a mail with a nice blue button (it has to be blue) that changes their email & password on your site to values of my choice
<FromGitter> <Blacksmoke16> and whats your plan to get their token in that case?
<raz> why would i need their token when i have updated their login?
<raz> my email is just a POST to your change-password/change-email form, which their browser will happily post using their cookie
<FromGitter> <Blacksmoke16> i guess i mean how would you update their credentials when you're not authed
<FromGitter> <Blacksmoke16> but it wont if im using samesite cookie
<FromGitter> <Blacksmoke16> `Strict` mode at least anyway
<raz> if their browser supports that...
<FromGitter> <Blacksmoke16> https://caniuse.com/same-site-cookie-attribute looks like 93.6% of people it would be fine
<raz> sadly the remaining 7.4% tend to be the valuable ones. the big corp secretary on her company mandated MSIE from 2001, etc.
<FromGitter> <Blacksmoke16> again we're getting into context
<raz> (yes, i put an extra % in there to scare you more :p)
Liothen has quit [Ping timeout: 240 seconds]
<raz> well, the other problem with SameSite=Strict is that it also breaks legit email deep links into your app, which is sth you want (for notifications)
Liothen has joined #crystal-lang
<FromGitter> <Blacksmoke16> `Lax` mode is also a thing, allows top level navigation and safe requests (GET, HEAD)
<FromGitter> <Blacksmoke16> which is prob the more common value
<raz> yea, i don't think anyone uses strict
<FromGitter> <rishavs> @j8r Google to start off with. Maybe twitter/FB later
<FromGitter> <Blacksmoke16> prob not a bad idea for things like banks
<raz> hm yup they might
<FromGitter> <Blacksmoke16> oof, looks like Symfony added a new authorization system as well...guess i got some reading to do
* raz bitter sweet symfony noises
<FromGitter> <Blacksmoke16> oh wait i lied, authentication system*
<raz> it's still a good song tho
_whitelogger has joined #crystal-lang
<FromGitter> <j8r> @rishavs It remings I should put this https://github.com/Priv-Page/privpage/blob/master/src/session.cr into a shard
<FromGitter> <j8r> BTW the project is a proxy using OAuth2 - part of it be useful for yours
<FromGitter> <aaaScript> Would anyone have any insights on Granite and the way that it serializes One-To-One relationships like in this example (https://github.com/amberframework/granite/blob/master/docs/relationships.md#one-to-many)? ⏎ ⏎ I'm basically confused on how how to get a JSON representation of the User model with all of it's Posts in an Array. ⏎ ⏎ I was able to do this using jennifer.cr, however ran into some
<FromGitter> ... issues with Amber, so I'm trying to see if I can get something viable with Granite. For context, I'm using SQLite. [https://gitter.im/crystal-lang/crystal?at=5f8cc1b657fe0a4f301bfbb0]
<FromGitter> <aaaScript> @Blacksmoke16 thanks exactly what I needed.
<FromGitter> <Blacksmoke16> 👍