Just a comment on APIs in Scheme...
If you're defining a Web server route handler, it's reasonable to do it as you would in most languages, like this package's example:
(get "/hello/:who"
(lambda (rc)
(format #f "<p>hello ~a</p> " (params rc "who"))))
(define-http-get-route ("/hello/" who)
(format #f "<p>hello ~a</p> " who))
Guile's builtin server is similar:
(define (hello-world-handler request request-body)
(values '((content-type . (text/plain)))
"Hello World!"))I've used this in production once.
Mostly able to because Guile's web server is standard, and if you need to bypass the framework, you can rather easily.
It's more than fast enough for most people's needs. Flexible, because Scheme, and Artanis' design will be familiar to all the Flask/etc devs.
Maybe you can answer one thing that pickled my mind, no mention of CSRF protections,etc in the documentation that seems to cover quite a few bases. (apart from one xss symbol application that I couldn't fully decipher).
XSS should not be a problem with many Scheme dialects and Lisps, unless you render JS from user input. This is because SXML does not treat HTML as a mere string, but as structured data (as any sane library should, but very few do). So if you get some user input and want to display that in some label or paragraph or whatever, then SXML is aware what is a tag and what is text content of the tag, due to how you build the SXML expression. This is not PHP or something.
I do not know, whether GNU Artanis makes use of SXML all the way, but I think it is very likely, since SXML is in GNU Guile's standard library.
Even if it is structured data, it's ultimately passed to the browser as a string. If I put text in between two tags, and that text came from user input, how is it going to solve that? Does it autoencode as html entity tags anything coming out in a text node?
While working on the HTML document in your program, you have it always represented as a tree of nodes, a nested list often. When you want to insert user input, that user input is available as a string (unless you first turn it into something else). When you put a string into that nested list, and then at the very end, when you form the response, ask SXML to turn your tree into the HTML string, SXML will error, because it wouldn't know how to handle the string.
(All the other nodes are symbols with potentially subtrees in them, which are also symbols with potentially more subtress in them.)
If you put your user input into one such node as a value of that node, lets say a paragraph tag <p>, then SXML sees the user input as it is, a string. It will make sure, that when it turns the tree into HTML, that string remains merely a string, by escaping things, so that for example when your string is <evil-tag-with attrs="bla"> this is exactly what will be seen as text inside your paragraph text, and not be interpreted.
Basically, SXML will render it like: "Oh, you want some string to be inside your p tag? Sure, can do ... This is what you wanted to be displayed to the user ... You didn't want to run that, did you? Nahh, because then you wouldn't have passed it in the SXML as text content of a p tag."
So I think the answer to your question is "Yes.".
Ah okay - so it uses some special type to represent html-encoded text, which is then valid to shove inside a text element? That sounds quite nice.
CSRF wasn't really a concern, because we weren't requesting anything from anybody else, and didn't use cookies, etc.
But, specifying your own headers is easy, and we had it in a macro we used for our routes.
So instead, to rip from the manual:
(response-emit
body
#:status 200
#:headers '(
(Content-Type . application/json)
(X-Frame-Options . DENY)
)
#:mtime (current-time))I have to wonder why Guile hasn’t become more popular over the years, frameworks or not. It ships with so many distributions that the ease of access is there, but I’ve yet to come across any significant code base using it for web apps.
Little tooling: you need to use Emacs and there's no LSP, no great debugging capabilities, no great testing libs, etc Bad docs for beginners: the docs are very complete in terms of coverage and yet have no tutorials or explanations in how to use Guile properly.
Very little visibility as well, Scheme is already a niche. By catering to only the most FOSS oriented/adamant part of the public, your pool of devs is very tiny.
Most guile libs can also only be installed through Guix or failing that, tar files.
The ergonomics of the language are bad and there no concerted community story and publicity around it either imo.
It's sad because it's a cool language and the efforts Wingo and people like the Spritely institute have put into it, are amazing.
You can also use it pretty comfortably in vim (with a couple of plugins) https://gist.github.com/mhitza/a00d7900571e9f13bac2bbf4a203d... . I've used this setup to write both Guile and Chicken Scheme programs.
The LSP is the biggest missing piece for these niche languages.
In my perspective the reason why it still hasn't taken over is because it's not a focused and supported effort. In my understanding Guile should have been "the GNU scripting language" but the integration is nowhere near what a universal language would be (GNU Make integration is disappointing and totally not what I was expecting).
Then the fact that the project seems to be hopping between different directions (last time I checked they wanted to be a runtime for more than one language).
And they also lived their own Python2 -> Python 3 "migration pain". (In my above gist, I specifically had to compile Guile from source because at that time some application with a hard dependency on Guile2 wasn't getting updated in Fedora, which was holding back the Guile v3 rollout).
Here is an experimental for Guile Scheme. While it is currently for VSCodium and Emacs looks interesting.
That is why I created https://codeberg.org/ZelphirKaltstahl/guile-examples. I like GNU Guile and many things exist, even in the batteries that are included, but are not easy to find or one needs to figure out how to effectively use them. Also got an awesome list somewhere, but I need to migrate that to codeberg later.
Compared to some other languages, the ecosystem is small though. While in Python often you have 3 or 4 libraries solving the same or similar problem, in GNU Guile you often only have 1 or need to write your own. Knowledgeable people are able to quickly throw something together, or call out to C libraries using FFI, but I have not done FFI yet. Some day I really should look into that ... And into Hoot by Spritely Institute [1]
If one wants to check out more algorithmic stuff, I also have some stuff on that: AoC 2024[2] (and previous years too), and guile-algorithms[3] (not that much yet, but useful things, and trying to keep it fully functional). Some time ago I also wrote a toy implementation of a decision tree in Guile[4]. It is even parallelized and achieves linear speedup in my tests. I call it a toy, because you will have to do all the data preparation yourself, because it only deals with numbers, and there are probably smarter ways of storing the data for each node, maybe even avoiding duplication. There is also no library like numpy or dataframes like in Python, so I am using possibly not so optimal data structures. But it is probably worth checking out and adapting, if anyone wants to make a proper decision tree library. It is a start.
[1]: https://spritely.institute/ [2]: https://codeberg.org/ZelphirKaltstahl/advent-of-code-2024 [3]: https://codeberg.org/ZelphirKaltstahl/guile-algorithms [4]: https://codeberg.org/ZelphirKaltstahl/guile-ml
Nowadays static typing is the rage for maintainability and sustainability. Types also assist performance. https://dthompson.us/posts/optimizing-guile-scheme.html
I think Scheme, however elegant, is just not really a practical language, especially its standard library situation.
Making it clear that I never worked with Racket... Guile was the most ergonomic Scheme I used. Great documentation, "mostly" batteries included, and a while loop macro (the blasphemy, but the convenience!).
The reason I switched was that I wanted to use my small programs on servers, and with Chicken Scheme it was easy to build a statically linked executable. Guile should definitely be packageable as such, if someone versed in C has the patience, but it isn't out of the box and there are no "project templates" out there.
The standard library can be very practical, if it implements the SRFIs you need. And Guile implements quite a lot of them.
Is this named after the Protoss Executor Artanis?
> Has a Sinatra-like style route, hence the name "Artanis" ;-)
"Artanis" backwards is "Sinatra" which happens to be the name of a popular Ruby gem for web dev.
And was a gag in the ancient Dick van Dyke show, where Dick's character gets a painting signed by `Artanis', and thinks it worthless, until someone spells it backward.
My first thought as well. State your will!
Beautiful and clean website (loads well without JS and fonts); not sure why some people are reacting negatively to some poetry... I swear, HN crowd can be often worse than Mean Girls.
About Artanis itself... It looks really cool! Scheme is such a nice language to code and hack with; but, how safe would it be to expose it directly?
I see they are dogfooding on the Guix packages website, so... I'm guessing it's pretty well tested.
> Scheme is such a nice language to code and hack with; but, how safe would it be to expose it directly?
If you have really good Scheme programmers, who know their system, and built it competently, it's probably safer to expose that than your average conventional system.
(Example: A system in Scheme was the first to get a particular certification for sensitive data hosting on cloud servers. Partly because the very small team that developed it knew the stack inside and out, and could do whatever needed to be done, in a smart way.)
(Meanwhile, say, a consulting firm-led team who got a contract for a comparably complex system, and billed for 10 or 100 times the seat-warmers, with huge and ridiculously complex stacks they didn't understand... would just flounder, focus on appearances in sprint tasks, and churn out things implemented in poor ways, and with a large number of vulnerabilities, and probably take a lot longer before they could deliver a system that would survive the first day of use.)
In my experience this sentiment could be applied to anything. It's more about getting paid for "getting thing done" versus "working on thing".
I have particular personal experience with an app that could be done within several months with handful of people but was developed over several years by team of 50. I was flabbergasted at first but you need to understand politics first.
I can't fail to remember a joke about a law firm where the son of the most senior partner graduates from an ivy league university, joins the firm, and on the first day says he single-handedly sorted out one long-standing case. His father is angry: "You have just put an end to the case which was feeding us for last three years!"
> A system in Scheme was the first to get a particular certification for sensitive data hosting on cloud servers.
What system was this?
The poem is a parody of the first lines of Yeat's poem, "Sailing to Byzantium":
That is no country for old men. The young
In one another's arms, birds in the trees,
—Those dying generations—at their song
> not sure why some people are reacting negatively to some poetry...
It's a weird time for art. A lot of people's immediate reaction to genuine expression these days is "cringe".
I suppose that's always been the case to some degree, but it feels more prevalent now with internet-level attention span and broadcasting breadth.
Facing an avalanche of troubling, attention-grabbing, manipulative, and often misleading information, people protect their sanity by irony and nonchalance. A genuine expression, which does not employ irony and invites the reader to also cast away the shield of cynicism, feels both like an attack and the pull of something desirable but unattainable. The resulting pain, modulated by the protective irony, is expressed as cringe.
- The text is unusually large.
- Irrelevant noise at the beginning of the landing page.
- "What is it" is under the FAQ section, which has a heading that is the same size as the parent heading.
- It consumes all horizontal space.
The very first text on the page tells you what it is: “ GNU Artanis - A fast web application framework for Scheme”
- The text is of adequate size
- At least there are no images of fake people
- It's in an <h1> on top of the page
- `max-width: 60em` is absolutely reasonable
I can finally read a website without squinting despite having glasses on already. Yay!
As a newly old, I really appreciate websites with large text.
> It consumes all horizontal space.
That's a great thing. Sites which restrict text to a narrow column are a horrible reading experience. I have a large monitor and I wish to use a large monitor!
Unlimited line length results in poor readability, and is a UX failure on large monitors. Limiting the number of characters per line makes the text easier to read. https://www.researchgate.net/publication/234578707_Optimal_L...
Even my Grandmom knows Windows split screen shortcuts. Please don't give artificial margins to limit line length - they just annoy people.
But the web site shouldn't enforce it. If users want smaller line lengths they should resize the browser window
The page has a `max-width: 60em` on the main div.
I so appreciate the website. So easy to read makes it appealing to try the framework, especially taking into account the most recent experience writing on Scheme was back in college 15 years ago.
Projects using it is 404.
the link at the bottom is wrong. the one at the top works: https://artanis.dev/projects.html
it's 404 - nginx :-)
Disappointed they didn’t use hiccup to generate html. Format?
What's the guile hiccup package? Or are you confusing scheme with clojure?