| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Teliva isn't yet smart enough to know the caller of an indirect function
where the function being called goes through a local variable.
I'd expected fixing this to be a long death march. However, there's a
shockingly easy fix: just make every indirect call go through an
additional direct function call.
My policy for zet.tlv was that function 'main' could open any file. This
stopped working since I introduced spawn_main. But with this commit it's
working again.
I can also drop all my special-casing of 'main' since it's now a regular
Lua call.
We still can't rely on the caller of an indirect call. That affects
start_reading and start_writing, which really need to be part of the
framework.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
File operations now always return a channel (or nil on error or
permission denied).
When start_reading() from a filename, you can repeatedly :recv() from
the channel it returns.
When :recv() returns nil, you're at the end of the file. Stop.
When you start_writing() to a filename, you can repeatedly :send() to
the channel it returns.
When you're done writing, :close() the channel. Writes to the file won't
be externally visible until you do.
To make this work I'm now always starting up the scheduler, so I need to
fix sieve.tlv.
Transparently running the scheduler is an abstraction, and whenever I
create an abstraction I always worry about how it might fail. There's
a hopefully-clear error when you read past end of a file.
|
| | |
|
| |
|
|
|
|
|
| |
Until now you had to press ctrl-x twice in rapid succession to exit if
an app turned on non-blocking keyboard with nodelay(true). This became
particularly noticeable after the previous change to anagrams.tlv, which
could no longer exit.
|
| | |
|
| |
|
|
|
|
|
| |
Now we cancel screen-painting if any key is pressed.
However it looks like just computing the list of anagrams can take a
long time.
|
| | |
|
| |
|
|
|
| |
We don't care to distinguish modes like "rw" or "a+". An app is
permitted to perform either just reads or both reads and writes.
|
| | |
|
| |
|
|
| |
In particular, the periods looked like passing tests.
|
| | |
|
| |
|
|
|
| |
This feels more intrusive. Let's see how we like it. Will I start having
ctrl-x ctrl-x in my muscle memory?
|
| |
|
|
|
| |
I'm totally fine with lexical scope in other languages. Why does it feel
like such a big deal in C?
|
| |
|
|
|
| |
Let's see if we can live with this rather than some way to let apps
indicate if they want confirmation or not..
|
| | |
|
| |
|
|
| |
Also a little test program to demo channels in action.
|
| | |
|
| |
|
|
|
|
|
|
| |
They make it seem like you can use them to create simple REPL apps, but
you can't, because standard Teliva shortcuts won't work.
I _could_ make them work by emulating them using getch(), but that feels
like an unnecessary abstraction for now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I introduced this ability when I packaged up the lfs directory, but it
can enable apps to circumvent sandboxing rules in some situations. If
you can socially engineer someone to allow reading a file called
'passwd' in the current directory, you can now change directory to /etc
and read something sensitive.
Protecting against stuff like this gets subtle. It's easy for people to
create policies that aren't robust to changing directories. Requiring
absolute paths is also pretty unfriendly. So the whole notion of current
directory is perhaps implicit state that is confusing to manage. Fix it
in the context of a single session.
|
| |
|
|
| |
They aren't evaluating strings after all.
|
| |
|
|
|
|
| |
This is for what the app does, as opposed to 'doc:main', which is also
intended to include commentary about the internal organization of the
app.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When I started logging getch() events (which are just to help the reader
orient on the log), this suddenly became more urgent.
Now the log is larger, and it's also a circular buffer that rolls back
to the start when it fills up.
The next failure mode will be if we see the buffer filled up with just
getch() calls, reducing visibility over real file and network
operations. In which case we'll need to start coalescing getch() events.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This will eliminate some spurious git diffs I keep having to clean up.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The problem I'm running into is that apps might want to perform their
own editing. So I can't take up prime estate like the ctrl-e hotkey or a
menu name of 'edit'.
I'm still prioritizing rendering Teliva's edit and permissions menu. If
the window is too narrow the app's settings will be overwritten and
Teliva's hotkeys will be preferentially displayed. Seems safer.
|
| | |
|
| |
|
|
| |
Now we can be sure apps can't call `require`.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Just like with `require`, we don't we don't know how to sandbox it.
(Though we still have `require` because standard libraries outside apps
need it. I need to make sure apps can't invoke `require`..)
|
| | |
|
| |
|
|
|
| |
How many levels of macros do we need. Also stop lying that we're using
Linux in BSD.
|
| |
|
|
|
|
|
|
| |
I've never tested with it, and it is likely broken after all my changes
to base Lua 5.1. Might as well be transparent about that.
If you care about this platform, please let me know:
http://akkartik.name/contact
|
| | |
|
| | |
|
| |
|
|
|
| |
It's not clear to me where my Linux gets strlcpy and strlcat from
¯\_(ツ)_/¯
|
| | |
|
| |
|
|
| |
Submitted upstream at https://github.com/antirez/kilo/pull/81.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'd already dropped the variant without a filename. But even the variant
with a filename is very easy to use in a way that is confusing to use in
the presence of sandboxing:
* call io.lines()
* Sandboxing saves an error, io.lines() returns nil
* Caller (usually a loop) raises an error.
* We show the error and not the sandboxing failure.
* Worse, there's no way to adjust permissions from within Teliva,
because we can't ever get to that menu while there's an error.
Best solution I can come up with: encourage a separate step for
translating filename to file handle. That way it's more obvious that we
need to check for errors.
|
| | |
|
| | |
|
| |
|
|
|
| |
This will help people cross-correlate when the app performs specific
calls.
|
| | |
|
| |
|
|
|
| |
To sandbox apps robustly, we're going to need to always work with
canonical absolute paths.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I fucking hate feature macros. Egregious discharge of our
division-of-labor-obsessed society. People should be able to introduce
names. People should be able to give up names to lower levels of
abstraction when they encounter conflicts.
Feature macros seem to exist[1] to support more than two levels of
abstraction. You try to build, one of your libraries fails to build
because of a conflict between it and one level down. You don't want to
modify this library. Just fucking https://catern.com/change_code.html
already. But no, I have to litter my code with feature macros even
though I just want the abstraction the original library provides.
[1] https://man7.org/linux/man-pages/man7/feature_test_macros.7.html
https://lwn.net/Articles/590381
|