In this thread, we discuss the applications of Scheme and Common Lisp in creating and defending against malware.
Firstly, we need to study the source code of SchemeBBS to determine how to achieve arbitrary code execution via the textarea.
Clojure and Fennel?
Did the Lisp machines have any anti-virus software preinstalled?
>>4
Not only they didn't, but they had absolutely no access control system whatsoever, and overriding critical parts of the system is absolutely trivial. I would strongly recommend anybody interested in malware development to seriously consider the Lisp Machines as a potential target, as they provide possibilities for subversion not seen anywhere else to date.
>>5
The only problem is their market share is not very big, hehe.
>>4
>>5
Not only did they not have any kind of antivirus, they didn't provide any kind of memory protection; they were revered by their users precisely for the lack thereof.
Lisp has historically been maximalist about dynamicity, at the expense of encapsulation. It's only now, with Strandh's SICL and associated work, that the community has come to take encapsulation and security seriously. (and, even so, it's at a coarse granularity of "separating worlds")
We could attack the irresponsible Common Lisp users who are still using Quicklisp despite its security flaws. Quicklisp is vulnerable to man-in-the-middle attacks because it uses HTTP instead of HTTPS.
https://github.com/quicklisp/quicklisp-client/issues/167
We should spread a virus that fixes computers by removing Quicklisp.
>>8
I guess I have to learn to use Guix then?
>>9
Yes, Guix has a large number of Common Lisp packages (nearly 600). However, it is a Linux-only solution. The BSD and macOS users could probably get some Common Lisp packages via Nix, but I don' know how well Nix supports the BSDs and macOS. As for the Windows users, I don't know how they are going to get their Common Lisp packages in a secure manner.
TinyScheme was used as the core of Direct Revenue's adware, making it the world's most widely distributed Scheme runtime.
https://en.wikipedia.org/wiki/TinyScheme
https://web.archive.org/web/20171115230338/http://philosecurity.org/2009/01/12/interview-with-an-adware-author
We should spread a virus that fixes computers by removing Quicklisp.
Note that https://paste.textboard.org relies on Quicklisp.