2022-10-16 15:33:04 <lagash      > olle: local stack? have you seen Factor?
2022-10-16 15:33:53 <lagash      > Would anyone actually be interested in a Forth IRC bot on here??
2022-10-16 15:35:48 <olle        > lagash: I have seen nothing x)
2022-10-16 15:35:53 <olle        > Totally new to Forth
2022-10-16 15:36:09 <olle        > If #c has a C bot, this channel damn sure need a forth bot!
2022-10-16 15:36:45 <Friithian   > #C++* has geordi
2022-10-16 15:37:24 <olle        > Forth is like the perfect language as well
2022-10-16 15:37:40 <olle        > Bonus points if it's persistent per user or channel, so you can collab
2022-10-16 17:02:01 <lagash      > #c has a C bot?? Is it TCC?
2022-10-16 17:02:34 <lagash      > I recall TCC allowed a limited interpreted form of C..??
2022-10-16 17:04:05 <eris[m]     > tcc is c99 and it doesnt interpreter, it just compiles then runs
2022-10-16 17:05:23 <olle        > lagash: Dunno, go there and check? Call it with ,cc I think
2022-10-16 17:08:41 <thrig       > one could jam the C code into a main(), compile, and run. there's probably more elegant ways
2022-10-16 17:13:18 <lagash      > So, does anyone know any existing Forth IRC libraries?
2022-10-16 17:14:13 <MrMobius    > ya
2022-10-16 17:14:20 <MrMobius    > #geordi it was in #c
2022-10-16 17:14:36 <MrMobius    > I was interested in a Forth bot but never got around to it
2022-10-16 17:14:46 <lagash      > I see there's https://comp.lang.forth.narkive.com/GX6dubCN/nano-irc-client-in-forth
2022-10-16 17:15:11 <MrMobius    > you would have to pick a forth. I think running an embedded forth in an emulator would give you the most control of everything but may not be everyone's taste
2022-10-16 17:18:09 <thrig       > I could rig up eforth to an irc bot pretty quick, probably
2022-10-16 17:19:06 <thrig       > tricky bits would be showing the stack, halting loops and other abuse, etc
2022-10-16 17:19:44 <lagash      > Perhaps we could initially use https://tools.suckless.org/ii/ so we don't have to do all the IRC work in Forth yet?
2022-10-16 17:20:26 <lagash      > thrig: halting loops as in, infinite loops designed to DoS the bot?
2022-10-16 17:20:42 <MrMobius    > thrig: thats why I think an emulator is good. you can limit the number of iterations before terminating for example
2022-10-16 17:21:27 <lagash      > Huh. Factor SHIPS with its own IRC bot!
2022-10-16 17:21:56 <thrig       > truncating the ouput to fit in IRC, overflowing to a website, blah blah
2022-10-16 17:22:19 <Zarutian_iPad> terminating or just pausing it until the user cranks it again
2022-10-16 17:22:25 <thrig       > so not difficult but a lot i's to cross and t's to dot
2022-10-16 17:23:00 <eris[m]     > languages like Idris dont have this issue, because theyre guaranteed to terminate!
2022-10-16 17:24:36 <MrMobius    > I think you could solve just about all of those problems with emulation
2022-10-16 17:25:10 <MrMobius    > also sandboxing is nice so no one tries to do unkind things to your system
2022-10-16 17:54:00 <olle        > Just put it in docker?
2022-10-16 17:54:26 <eris[m]     > docker isnt a sandboxing tool
2022-10-16 17:54:32 <eris[m]     > usernamespaces are a notoriously vulnerable api :)
2022-10-16 17:54:51 <eris[m]     > and i believe the normal ones are similarly bad
2022-10-16 17:55:13 <eris[m]     > with the added benefit that 'breaking out' gives you root!
2022-10-16 17:55:42 <olle        > sandboxed enough for most cases?
2022-10-16 17:55:56 <eris[m]     > not for running arbitary code off the internet
2022-10-16 17:55:59 <eris[m]     > you need more than docker
2022-10-16 17:56:11 <Zarutian_iPad> bocker!
2022-10-16 17:56:15 <eris[m]     > ....or less, considering how much docker is
2022-10-16 17:59:47 <olle        > freebsd jail?
2022-10-16 17:59:53 <thrig       > presumably you'd use pledge and unveil or try to cope on linux
2022-10-16 18:00:56 <olle        > How'd that be safer that docker, which also has its own filesystem?
2022-10-16 18:03:29 <thrig       > and fun with that filesystem e.g. https://www.opencve.io/cve/CVE-2021-21284
2022-10-16 18:05:26 <olle        > hm
2022-10-16 18:06:52 <thrig       > with pledge you'd probably put the forth in a process allowed to do stdio only
2022-10-16 18:08:14 <olle        > any comments on jail?
2022-10-16 18:08:20 <Friithian   > I
2022-10-16 18:08:27 <Friithian   > 'd say copy what geordi does for security
2022-10-16 18:10:19 <olle        > The hell is geordi?
2022-10-16 18:10:35 <olle        > "Geordi La Forge was a Human male Starfleet officer who originally was the helmsman of the USS Enterprise-D during 2364,"
2022-10-16 18:12:19 <Friithian   > http://www.eelis.net/geordi/
2022-10-16 18:13:35 <olle        > aha
2022-10-16 18:36:22 <olle        > "
2022-10-16 18:36:23 <olle        > geordi runs as a Docker container."
2022-10-16 18:36:25 <olle        > :|
2022-10-16 18:36:44 <Friithian   > lmao
2022-10-16 19:24:06 <KipIngram   > There's like no end to the layers.  :-|
2022-10-16 22:54:10 <lagash      > I'd say a FreeBSD jail or using OpenBSD's pledge / unveil would be superior to any Docker copycats.
2022-10-16 22:55:00 <lagash      > The only "worry" I'd have would be side-channel attacks like SPECTRE
2022-10-16 23:03:48 <Friithian   > it would be very impressive if you managed to exploit SPECTRE via a forth bot
2022-10-16 23:04:35 <lagash      > Hence the quotes.
2022-10-16 23:04:50 <lagash      > Just disallow /query'ing the bot and we're good!
2022-10-16 23:12:23 <thrig       > someone is working on pledge for linux
2022-10-16 23:16:43 <lagash      > So I've heard, so I've heard. I'm keeping on eye out for seL4 and other secure microkernels.