lua-l archive

Search lua-l

This index contains 143,615 documents and 1,774,615 keywords. Last update on 2023-03-09 .

201. Re: [PATCH] 'data' mode for loadfile (score: 2)

Author: Rena <hyperhacker@...>

Date: Mon, 17 Mar 2014 12:54:33 -0400

You do not need to be paranoic to be worried. A 12-line program like this can trash many machines, without needing any reserved word: a = "01234567890123456789012345678901234567890123456789012345678

202. Re: [PATCH] 'data' mode for loadfile (score: 2)

Author: Roberto Ierusalimschy <roberto@...>

Date: Mon, 17 Mar 2014 13:31:13 -0300

You do not need to be paranoic to be worried. A 12-line program like this can trash many machines, without needing any reserved word: a = "01234567890123456789012345678901234567890123456789012345678

203. Re: [PATCH] 'data' mode for loadfile (score: 2)

Author: "Ashwin Hirschi" <lua-l@...>

Date: Mon, 17 Mar 2014 17:10:13 +0100

The data mode patch defines a new mode 'd' for loadfile which raises an error at the lexical stage if any loop construct or function definition has been found when loading the file. It's useful to ha

204. Re: Talk topic brainstorming for Lua Workshop 2014 (score: 2)

Author: "Pierre Chapuis" <catwell@...>

Date: Thu, 27 Feb 2014 10:55:08 +0100

I would like to see talks about Lua used in video games. That may sound weird because it is not my field at all (I work in systems, previously server-side, now embedded). But Lua is used a lot in ga

205. Talk topic brainstorming for Lua Workshop 2014 (score: 2)

Author: Alexander Gladysh <agladysh@...>

Date: Wed, 26 Feb 2014 23:55:58 +0400

Hi, list! As you all know, the place and date for this year's Workshop are not yet officially announced and confirmed. However, this does not mean that we can't start a discussion regarding the progr

206. RE: Launching and controlling multiple lua scripts from Lua (score: 2)

Author: Thijs Schreijer <thijs@...>

Date: Sat, 1 Feb 2014 09:58:48 +0000

Sandboxing thirdparty scripts has been written a lot about. If the possibility of them hogging the system is an issue, you could use something like the 'corowatch' module does. But anyway, using deb

207. Re: Using Lua for config files (score: 2)

Author: steve donovan <steve.j.donovan@...>

Date: Fri, 20 Dec 2013 10:05:03 +0200

Totally! I think one should take reasonable precautions (sandboxing) but not to go overboard. The difference between being 'paranoid' and 'cautious/street-savvy' is that the former wastes a lot more

208. Re: Using Lua for config files (score: 2)

Author: Rena <hyperhacker@...>

Date: Thu, 19 Dec 2013 14:29:04 -0500

Indeed, there are definitely different use cases for config files, with different levels of trust - from "only the sysadmin should be able to edit this, so if they put something stupid in there, that

209. Re: Using Lua for config files (score: 3)

Author: Francisco Olarte <folarte@...>

Date: Thu, 19 Dec 2013 20:55:26 +0100

Me likes, although aIthough I cannot say wether is correct, so I assume it. One think I do not grok. To me it seems the memory counting function is set to be called in nearly all garbage collection e

210. Re: Using Lua for config files (score: 3)

Author: William Ahern <william@...>

Date: Wed, 18 Dec 2013 17:20:34 -0800

It will never be safe to load untrusted code, simply because it's naive to assume that Lua will ever be without bugs. This last release fixed a couple of issues that could have led to a crash or expl

211. Re: [ANN] Dynamic object interfaces in RADOS with Lua (score: 2)

Author: Noah Watkins <jayhawk@...>

Date: Tue, 29 Oct 2013 13:55:13 -0700

i guess that should be considered in context of the current C/C++ plugin deployment.  maybe the Lua plugin should have some 'startup script(s)' in a predefined place. Yes, providing persistence is p

212. Re: [ANN] Lua 5.3.0 (work1) now available (score: 2)

Author: Eric Wing <ewmailing@...>

Date: Tue, 9 Jul 2013 16:49:41 -0700

That wasn't my point. My point is that on Android and iOS, everybody has to ship self-contained apps due to sandboxing restrictions. And the iOS App Store approval process forbids downloading and run

213. Re: In praise of globals (score: 2)

Author: Philipp Janda <siffiejoe@...>

Date: Mon, 15 Apr 2013 11:51:51 +0200

Am 15.04.2013 08:38 schröbte Dirk Laurie: [...] You can tell the programs written by the supporters of this ideology. They start out something like this: local pairs, ipairs, print, tostring, getmeta

214. Re: Some metrics on Lua 5.1 -> 5.2 migration (score: 2)

Author: David Burgess <dburgess@...>

Date: Mon, 15 Apr 2013 12:43:02 +1000

That is definitely intuitive behaviour. -- David Burgess

215. Some metrics on Lua 5.1 -> 5.2 migration (score: 2)

Author: Brian Kelley <brian.kelley@...>

Date: Sun, 14 Apr 2013 17:39:12 -0700

I haven't seen any quantitative assessments of the cost of moving to Lua 5.2 from 5.1, but I thought someone might be curious, so I collected some stats while migrating a code base recently. 29,300 l

216. [ANN] Celedev uses Lua for live-coding iOS Apps (video) (score: 2)

Author: Jean-Luc Jumpertz <jean-luc@...>

Date: Mon, 25 Mar 2013 17:22:18 +0100

Hi, In short, Celedev is a soon-to-be-released development system for iOS Apps, that uses Lua as the programming language for dynamic application code. This permits the live-coding of iOS application

217. Re: thinking about not sandboxing (score: 34)

Author: Patrick <patrick@...>

Date: Sat, 12 Jan 2013 10:14:36 -0500

then is it safe to say that it is alright to run their lua files without a sandbox? It depends... Who is writing the Lua scripts? If it's the user, then I think it's ok to run it unsandboxed. But if

218. Re: thinking about not sandboxing (score: 34)

Author: Elias Barrionovo <elias.tandel@...>

Date: Sat, 12 Jan 2013 12:54:47 -0200

It depends... Who is writing the Lua scripts? If it's the user, then I think it's ok to run it unsandboxed. But if the Lua scripts are plugins that the user downloads (like in WoW), then sandboxing b

219. thinking about not sandboxing (score: 33)

Author: Patrick <patrick@...>

Date: Sat, 12 Jan 2013 09:46:49 -0500

I have gotten the impression that some people don't think it's a good idea to run user scripts without a sandbox. I am wondering if I have taken this out of context. Surely it is a bad idea to run un

220. Re: Is Lua used as a data representation language? (score: 2)

Author: Eric Wing <ewmailing@...>

Date: Wed, 9 Jan 2013 19:05:11 -0800

Just a thought and I don't actually know the answer (haven't done this myself). Doesn't LPeg + Leg have the capability to read Lua tables from Lua source code avoiding the untrusted execution problem