Frequently Asked Questions - comp.lang.prolog--- Synchronet 3.20a-Linux NewsLink 1.114
Last-modified: 2022-02-24
Last-changes: Update link to tutorial by J.R. Fisher. Geoffrey Churchill.
Markus Triska (Mar. 2 2007 - ... )
Remko Troncon (Jan. 6 2002 - Mar. 2 2007)
Dirk-Jan Faber (Feb. 1 1999 - Jan. 6 2002)
Jamie Andrews (Aug 26 1992 - Oct. 16 1997) __________________________________________________________________
General Information: This article contains the answers to some
Frequently Asked Questions (FAQ) often seen in
news://comp.lang.prolog/. It is posted (twice a month, currently on
the 2nd and 16th) to help reduce volume in this newsgroup and to
provide hard-to-find information of general interest.
The World Wide Web URL for this FAQ is:
http://www.logic.at/prolog/faq/
Please send questions about the FAQ and updates to
<tri...@logic.at>.
1. What is the Association for Logic Programming?
To keep up with the current state of logic programming technology,
readers can join the Association for Logic Programming (ALP) and
receive their Newsletter. For details on how to join or send in contributions, check http://www.cs.nmsu.edu/ALP/ or contact
Sandro Etalle <eta...@cs.utwente.nl>
The Prolog Resource Guide (v0.6) was printed in issue 5/1 of the
Newsletter (Feb. 1992). This lists information concerning Prolog
Archives, Books, Suppliers, etc. It is now maintained by Mark
Kantrowitz (<Mark.Ka...@glinda.oz.cs.cmu.edu>), and used to be
posted periodically to news://comp.lang.prolog.
2. Where can I get a free Prolog for system X (PC, Mac, Unix or other)?
The following are anonymous-FTP sites for free Prologs (or related languages) which are either in the public domain or are "copy-lefted" (permitted to be copied with some restrictions on commercial use).
(Please note that for extensive development work, users will probably
want a robust interpreter or compiler with good debugging facilities
and a standard syntax, among other things. While public-domain systems
are a valuable service to the community, they do not necessarily have
all these things, and users should weigh carefully what they want to do against the capabilities and costs of the available systems.)
ALF (Algebraic Logic Functional language)
+ Platforms: UNIX
+ Available: Unknown
+ E-mail: Rudolf Opalla
<opa...@julien.informatik.uni-dortmund.de>
+ Info: WAM-based language with narrowing/rewriting
Amzi! Prolog + Logic Server
+ Platforms: Window, Linux and Solaris
+ Available: http://www.amzi.com/download/
+ E-mail: <in...@amzi.com>
+ Info: Registration is compulsory, except for the Free Academic/Personal/Evaluation License.
Aquarius Prolog 1.0
+ Platforms: UNIX
+ Available: http://www.info.ucl.ac.be/people/PVR/aquarius.html
+ Info: High performance, commercial functionality except
debugging and modules.
Argo Prolog v.1.1
+ Platforms: Solaris 1.x and HP-UX 9.x
+ Available: Unknown
+ Contact: Takao Doi <d...@csk.co.jp>
Arity/Prolog32
+ Platforms: Win32
+ Available: https://github.com/Peter-Gabel/ArityProlog32
+ Info: Arity/Prolog32 provides a complete Prolog programming
environment in which you can write, debug, and run Prolog
programs in 32-bit Windows environments (95/98/NT/2000).
Arity/Prolog32 is a powerful, highly optimized, and extended
version of the logic programming language Prolog.
Arity/Prolog32 is a complete compiler and interpreter written
in Prolog, C, and Assembly language and is a superset of
Clocksin and Mellish Prolog.
B-Prolog 8.1
+ Platforms: Win32, Solaris, SunOS, UNIX, FreeBSD and Linux
+ Available: http://www.probp.com/
+ E-mail: Neng-Fa Zhou <sup...@probp.com>
+ Info: Free of charge for individual users.
BinProlog 7.0
+ Platforms: Windows 95/98/NT, Linux and all major Unix
platforms.
+ Available: https://code.google.com/archive/p/binprolog/
+ Info: Download free evaluation copies and see online demos.
Inexpensive Educational licensing available.Has built-in
networking, multi-threading, mobile code and distributed
blackboards. Supports BinNet Internet Programming Tool kit.
Brain Aid Prolog (BAP) v1.4
+ Platforms: Transputer systems
+ Info: BAP is a parallel prolog system for Transputer systems.
Available under a Berkely style of copyright.
C#Prolog
+ Platforms: Win32, UNIX
+ Available: http://sourceforge.net/projects/cs-prolog/
+ E-mail: John Pool <j.p...@ision.nl>
+ Info: A Prolog interpreter written in C#. Can easily be
integrated in C# programs. Characteristics: reliable and quite
fast beta version, command line interface, builtin DCG,
XML-predicates, persistent predicates (using Firebird RDBMS),
extendible.
Ciao 1.4
+ Platforms: Linux, Win32 (95/98/NT), Solaris, SunOS, UNIX in
general.
+ Available: http://ciao-lang.org
+ E-mail: Developers <ci...@clip.dia.fi.upm.es>, Users <ciao-...@clip.dia.fi.upm.es>
+ Info: Next generation LP/CLP system. Commercial functionality,
but freely available w/source. ISO-Prolog + modules,
networking, multi-threading, clp(r), clp(q), interfaces (Java,
C, tcltk, WWW, databases/ODBC, ...), functions, higher-order,
records, persistence, objects, assertions (types, modes, ...),
source debugger, auto-documenter, static debugger, and more.
clp(FD)
+ Platforms: UNIX
+ Contact: Daniel Diaz <danie...@inria.fr>
+ Info: Constraint logic programming over finite domains.
Requires GNU C v.2.4.5 or higher.
clp(FD,S)
+ Platforms: UNIX
+ Contact: Yan Georget <Yan.G...@inria.fr>
+ Info: Requires GNU C (gcc) version 2.4.5. or higher.
CLP(R)
+ Platforms: UNIX
+ Available: E-mail request from Joxan Jaffar
<jo...@watson.ibm.com>.
+ Info: Constraint logic programming language, for academic and
research purposes only.
CxProlog
+ Platforms: UNIX, MacOS X, Windows
+ Available: http://ctp.di.fct.unl.pt/~amd/cxprolog/
+ Info: Open source (GPL) implementation supporting Unicode,
threads, sockets, processes, contexts, imperative data
structures, and interfaces with C/C++, Java, and wxWidgets
+ Contact: Artur Miguel Dias <a...@fct.unl.pt>
ECLiPSe Constraint Logic Programming System, subsuming Prolog.
+ Platforms: Solaris, Linux, Linux/Alpha, Mac OS X, Windows
+ Available: http://eclipseclp.org or http://www.sourceforge.net/projects/eclipse-clp
+ Info: ECLiPSe is a Prolog and Constraint Programming platform
with a long history and has been open-source since Sept 2006.
+ License: MPL
IF Prolog V5.3
+ Platforms: Windows 95/98/NT/2000/XP, Linux, Solaris, AIX,
HP-UX and other UNIX platforms
+ Available: http://www.ifcomputer.de/Products/Prolog/
+ E-mail: <in...@ifcomputer.de>
+ Info: IF Prolog is a commercial Prolog system with interfaces
to C/C++, Java, sockets, Windows events and a COM servers. A
graphical debugger allows step-forward, step backward
debugging of Prolog code. A static module concept allows many
additional errors to be detected at compile time. Constraint
Programming (for finite domains, intervals and booleans using
global constraints and linear optimisation).
+ License: Free evaluation copies and inexpensive educational
licensing available.
GNU Prolog
+ Platforms: Many Unixes, Windows, MacOS X
+ Available: http://www.gprolog.org/
+ E-mail: Daniel Diaz <danie...@inria.fr>
Jinni 2.27
+ Platforms: Java-based
+ Available: https://github.com/heathmanb/JinniProlog
+ Info: Multi-threaded, Java based Prolog interpreter with
built-in networking, distributed blackboards and mobile code
(inexpensive shareware licensing available).
JIProlog
+ Platforms: Java-based
+ Available: http://www.jiprolog.com/
+ Info: Java Internet Prolog is a cross-platform pure Java 100%
prolog interpreter that supplies Java world with the power of
prolog language and provides prolog language with a technology
to implement new predicates in Java.
KLIC
+ Platforms: UNIX
+ Info: ICOT Free Software. Concurrent logic programming. Tested
on Sparcs, DEC 7000, Gateway P5-60.
+ Contact: <i...@icot.or.jp>
LPA Win-Prolog, demo version
+ Platforms: Windows
+ Available: Available from http://www.lpa.co.uk/ind_dow.htm
MINERVA
+ Platforms: Java
+ Info: Proprietary commercial ISO-Prolog Compiler in 100% Java
support for web programming, XML, servlets, applets,
standalones. Free evaluation license.
Modular SB-Prolog (= SB-Prolog version 3.1 plus modules)
+ Platforms: SPARC, DECstation, MIPS, HP 9000 series, Sun 3.
+ Info: Copy-lefted.
Open Prolog
+ Platforms: Apple Macintosh
+ Available: http://www.cs.tcd.ie/open-prolog/
+ E-mail: <br...@cs.tcd.ie>. (Michael Brady).
Poplog Prolog
+ Platforms: Various Unixes, including Sun, Dec Alpha, HP and
many others. Also a Win32 version is available. Sources
available for other combinations.
+ Available: At the Free Poplog Web/FTP site, including full
sources
http://www.cs.bham.ac.uk/research/poplog/freepoplog.html
+ E-mail: queries may be posted to news://comp.lang.pop/, or to <pop-...@cs.bham.ac.uk> or <A.Sl...@cs.bham.ac.uk> (Last
resort!)
+ Info: Robust incremental compiler, part of the multi-language
Poplog system (including Common Lisp, Pop-11 and Standard ML).
Unix, Linux & VMS versions include full support for X window facilities/Motif. More information at http://www.cs.bham.ac.uk/research/poplog/poplog.info.html
Licence modelled on XFree86. Can be freely distributed, though
copyright is owned by Sussex University and ISL.
PIE2
+ Platforms: Unknown
+ Available: On CompuServe in the AIEXPERT forum, interpreter
and examples in PIE2.ZIP, documentation in PIEDOC.ZIP.
+ E-mail: Brent Ruggles <rug...@shell.com>
QuProlog
+ Platforms: UNIX, Linux, beta for MAC
+ Available:
http://www.itee.uq.edu.au/~pjr/HomePages/QuPrologHome.html
+ E-mail: <p...@itee.uq.edu.au>
+ Info: Extended WAM with support for quantifiers and
substitutions, multi-threaded, high-level communication.
Scryer Prolog
+ Platforms: Unix, Linux, Windows and Mac
+ Available: https://github.com/mthom/scryer-prolog
+ Info: A modern Prolog system written mostly in Rust.
Strawberry Prolog
+ Platforms: Windows 95/NT, plans for UNIX and Macintosh
+ Available: http://www.dobrev.com/
+ E-mail: <dim...@dobrev.com>
SWI Prolog
+ Platforms: Binaries for Linux, Windows (NT/2000/XP/Vista) and
Mac OS X (darwin). Sources: ANSI-C, both 32 and 64-bit
machines, compiles on almost all Unix systems and more.
+ Available: http://www.swi-prolog.org
+ Info: Complete, ISO and Edinburgh standard, common
optimizations, GC including atoms. Portable graphics, multiple
threads, constraints, comprehensive libraries for (semantic)
web programming, Unicode, source-level debugger, advanced
syntax colouring
+ License: Simplified BSD. Run license/0 for more information.
Tau Prolog
+ Platforms: Web-based
+ Available: http://tau-prolog.org/
+ Info: An open source Prolog interpreter in JavaScript.
Trinc-Prolog
+ Platforms: Windows 95/98/NT 4.0, plans for Windows 2000, Linux
and Sun Solaris
+ E-mail: <in...@trinc-prolog.com>
Visual Prolog
+ Platforms: Win32
+ Available: http://www.visual-prolog.com
+ Info: Includes all the facilities necessary to write mission
critical commercial-grade applications. Fully visual
development environment. Open architecture. Object-oriented.
Built-in database system and ODBC support. Visual Prolog
Personal Edition is available on a freeware license.
wamcc
+ Platforms: UNIX
+ Info: Compiler which translates Prolog to C via WAM.
Debuggers. Requires GNU C v.2.4.5 or higher.
+ Contact: Daniel Diaz <danie...@inria.fr>
XGP
+ Platforms: Apple Macintosh OS X, 10.2.3+
+ Available: http://xgp.sourceforge.net/
+ Info: XGP is an open source (GPL) integrated development
environment with user interface and graphics support based on
gprolog and Cocoa under Macintosh OS X.
XSB
+ Platforms: Many, including SunOS, Linux and Windows
+ Available: http://xsb.sourceforge.net/
+ E-mail: <xsb-...@lists.sourceforge.net>
+ Info: system with SLG-resolution, HiLog syntax, and
unification factoring.
Yap
+ Platforms: UNIX-based platforms and Windows
+ Available: https://github.com/vscosta/yap-6.3
+ E-mail: Vitor Santos Costa <v...@ncc.up.pt>
+ Info: Yap is entirely written in C and Prolog and should be
portable to most 32-bit and 64-bit Unix based platforms. A
Windows port is also available. Yap4.2 is distributed under
Perl's artistic license and can be freely distributed.
3. What commercial systems are available? What about systems available
for a price from research institutions?
Many commercial systems are listed in the Prolog Resource Guide. The Resource Guide also lists many systems which are not exactly
"commercial", but available for a price from research institutions. The
list of such systems was originally compiled by Chris Moss, of Imperial College. The rest of the Resource Guide was originally compiled by Dag Wahlberg, of Uppsala University.
The Prolog Resource Guide hasn't been updated lately, but nevertheless
still contains some valuable information. It can be found at http://www-2.cs.cmu.edu/Groups/AI/html/faqs/lang/prolog/prg/top.html.
4. How do I get in touch with my Prolog's users' group, sales representative, or technical support line?
Here are some e-mail addresses of these contacts, listed alphabetically
by company or major product name.
ALS (Applied Logic Systems)
+ Web site: http://alsprolog.com
Amzi! inc.
+ Web site: http://www.amzi.com
+ Information: <in...@amzi.com>
+ Sales: <sa...@amzi.com>
+ Support: <sup...@amzi.com>
Arity/Prolog32
+ Web site: https://github.com/Peter-Gabel/ArityProlog32
Ciao, PiLLoW, WebDB, etc.
+ Web site: http://www.clip.dia.fi.upm.es/Software
+ Users' group: <ciao-...@clip.dia.fi.upm.es>
+ Information: <ci...@clip.dia.fi.upm.es>
+ Tech support: <ciao...@clip.dia.fi.upm.es>
COSYTEC (CHIP V5)
+ Web site: http://www.cosytec.com
+ Information: <in...@cosytec.com> (or .fr)
+ Tech Support: <sup...@cosytec.com> (or .fr)
ECLiPSe
+ Web site: http://eclipseclp.org
+ Users' group: <eclipse-...@lists.sf.net>
+ Tech support: <http://eclipseclp.org/bugs.html>
+ Support contracts: <in...@coninfer.com>
Expert Systems Ltd. (Prolog-2)
+ Sales: <sa...@expert.demon.co.uk>
+ Support: <sup...@expert.demon.co.uk>
+ Users' group: <prolog2...@hplb.hpl.hp.com>
GNU Prolog
+ Web site: http://www.gprolog.org/
+ Users' group: <users-prol...@gnu.org>
+ Bug reports: <bug-p...@gnu.org>
LPA
+ Web site: http://www.lpa.co.uk/
+ Sales: <sa...@lpa.co.uk>
+ Tech support: <sup...@lpa.co.uk>
MasterProLog
+ Formerly BIM ProLog
PDC Prolog
+ PDC Prolog is the succesor to Turbo Prolog and the predecessor
to Visual Prolog.
ProLog by BIM
+ Currently MasterProLog
Quintus
+ Web site: http://quintus.sics.se
+ Mailing list: see
http://www.sics.se/isl/quintuswww/site/community.html
+ Sales: <qps...@sics.se>
+ Tech support: <qpsu...@sics.se>
SICStus
+ Web page: http://www.sics.se/sicstus
+ Mailing list: see
http://www.sics.se/isl/sicstuswww/site/community.html
+ Sales: <sicstus...@sics.se>
+ Tech support: <sicstus...@sics.se>
Trinc / Trinc-Prolog
+ Information: <in...@trinc-prolog.com>
+ Sales: <sa...@trinc-prolog.com>
+ Support: <sup...@trinc-prolog.com>
Turbo Prolog
+ Turbo Prolog is the predecessor of PDC Prolog (see above).
Visual Prolog
+ Web site: http://www.visual-prolog.com/
+ Information: <sa...@pdc.dk> (or <sa...@visual-prolog.com>)
+ Sales: <sa...@pdc.dk> (or <sa...@visual-prolog.com>)
+ Tech support: <sup...@pdc.dk> (or
<sup...@visual-prolog.com>)
5. I think language X is better than Prolog. What do you think?
These debates rarely result in any productive discussion. To some
extent, one's favourite language is based on irrational ideology.
However, many people now agree that different languages are good for different things. Prolog seems to be good for problems in which logic
is intimately involved, or whose solutions have a succinct logical characterization. Like other interactive, symbolic languages, Prolog is
also good for rapid prototyping.
Also, note that there are many different "Prologs" and other logic programming languages available, all with different capabilities.
6. What are the recent developments?
There are some languages in development which do not have Prolog
syntax, but do subsume and generalize Prolog's logic programming
abilities.
Mercury
+ Web site: http://www.mercury.cs.mu.oz.au/index.html
The Mozart Consortium:
+ Web site: http://mozart.github.io/
+ Mailing lists: <http://mozart.github.io/mailing-lists/>
Some other languages bring new developments while also supporting
Prolog syntax and functionality as an option:
Ciao
+ Web site: http://www.clip.dia.fi.upm.es/Software
+ Users' group: <ciao-...@clip.dia.fi.upm.es>
+ Information: <ci...@clip.dia.fi.upm.es>
+ Tech support: <ciao...@clip.dia.fi.upm.es>
Logtalk
+ Web site: http://logtalk.org/
+ E-mail: Paulo Moura <pmo...@logtalk.org>
+ Info: Open source object-oriented extension to Prolog
compatible with most Prolog compilers.
7. My Prolog prof assigned me this problem. Can you help me with it?
If your instructor assigned it to you, he or she probably wanted you to
do it yourself. If it's an introductory Prolog course, your question
might be elementary to most readers, so it might be a waste of network resources to ask it. Please ask your instructor, a friend, a teaching assistant, or a local newsgroup for help first.
That being said, there are news://comp.lang.prolog/ readers who would
be glad to help people making a legitimate attempt to learn Prolog.
8. Can you suggest some books on Prolog?
The Prolog Resource Guide (see above) contains a listing of Prolog
books. It is maintained by Mark Kantrowitz (<Mark.Ka...@glinda.oz.cs.cmu.edu>), and posted periodically on news://comp.lang.prolog.
Here are some of the most popular books on Prolog.
Introductory
+ "Programming In Prolog". William F. Clocksin and Christopher
S. Mellish. Springer-Verlag, 2003 (5th ed).
+ "Prolog for Programmers". Feliks Kluzniak and Stanislaw
Szpakowicz. Academic Press, London, 1985, now available
without charge from
https://sites.google.com/site/prologforprogrammers/
+ "Prolog Programming for Artificial Intelligence". Ivan Bratko. Addison-Wesley, 2001 (3rd ed).
Advanced
+ "The Art of Prolog: Advanced Programming Techniques". Leon
Sterling and Ehud Shapiro. MIT Press, 1994 (2nd ed).
+ "The Craft of Prolog". Richard A. O'Keefe. MIT Press, 1990.
Logic programming theory
+ "Foundations of Logic Programming". John Lloyd.
Springer-Verlag, 1988 (2nd ed).
+ "Logic, Programming and Prolog". Ulf Nilsson and Jan
Maluszynski. Originally published by John Wiley & Sons Ltd
(2nd ed. 1995) and now available without charge from http://www.ida.liu.se/~ulfni/lpp
Expert Systems
+ "Building Expert Systems in Prolog". Dennis Merritt.
Springer-Verlag, 1989. HTML & PDF versions available from http://www.amzi.com/ExpertSystemsInProlog
9. Are there any WWW archives of comp.lang.prolog ?
Yes, there are: Google Groups has archives of news://comp.lang.prolog/.
They can be found at https://groups.google.com/forum/#!forum/comp.lang.prolog
10. How can I get the ISO Prolog standard? Where can I go for more information about it?
You can obtain the approved international standards from your national member body or directly from ISO (http://www.iso.org).
The working group on Prolog standardisation is ISO/IEC JTC1/SC22/WG17 (http://www.sju.edu/~jhodgson/wg17/).
Contacts:
+ Convenor of WG17: Ulrich Neumerkel
(<ulr...@mips.complang.tuwien.ac.at>)
Further literature: "Prolog: The Standard (Reference manual)", P.
Deransart, A. Ed-Dbali, L. Cervoni, Springer Verlag (1996). Extra information can be found on http://pauillac.inria.fr/~deransar/prolog/docs.html
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/ai-repository/ai/lang/pr olog/doc/standard/ contains the December 1991 draft, the March 1993
draft, Michael Covington's summary of it, and Richard O'Keefe's 1984
Prolog standard draft.
http://www.complang.tuwien.ac.at/ulrich/iso-prolog/ ISO Prolog works
and related material by the convenor of WG17.
For questions about the standard, use this newsgroup or Stackoverflow.
11. How does the WAM (Warren Abstract Machine) work? How do I write a WAM-based compiler or a WAM emulator?
Reportedly the best tutorial is Hassan Ait-Kaci's book "Warren's
Abstract Machine: A Tutorial Reconstruction" (MIT Press, 1991). The
book is out of print, and available online at http://wambook.sourceforge.net.
12. Is there a WWW page on logic programming?
Yes, there is one by Jonathan Bowen; the URL is http://www.afm.sbu.ac.uk/logic-prog/. He invites us to mail him at <jonatha...@sbu.ac.uk> with any relevant information for inclusion.
A collection of artifacts from logic programming languages beginning
with Marseille Prolog is available from http://www.softwarepreservation.org/projects/prolog/index.html
A large amount of Prolog code is available from the CMU AI Repository: http://www.cs.cmu.edu/afs/cs/project/ai-repository/ai/lang/prolog/0.htm
l
Recently, Stackoverflow has become a valuable resource for Prolog
questions and answers: http://stackoverflow.com/questions/tagged/prolog
Another community resource is the #prolog IRC channel on
irc.libera.chat.
13. Can I do Internet/WWW programming with Prolog?
Prolog is very suitable for this task. Several commercial and free implementations include special support for it. A page specifically on
this topic (including some tutorials) is maintained at http://www.clip.dia.fi.upm.es/lpnet/lpnet.html. A public-domain library exists (PiLLoW) for several popular Prolog systems which helps in the
task. See: http://www.clip.dia.fi.upm.es/Software/pillow/
14. Is there a WWW page with some tutorials on Prolog?
Beginner level:
+ Adventure in Prolog:
http://www.amzi.com/AdventureInProlog/advfrtop.htm
+ On-line guide to Prolog Programming: http://kti.ms.mff.cuni.cz/~bartak/prolog/index.html
+ Prolog Programming, A First Course: http://computing.unn.ac.uk/staff/cgpb4/prologbook/book.html
+ Learn Prolog Now!: http://www.learnprolognow.org
Intermediate to advanced level:
+ https://skolemmachines.org/ThePrologTutorial/
15. How do I edit Prolog code?
Emacs and VIM ship with basic support for Prolog. A much improved Emacs
mode is maintained by Stefan Bruda and available from https://bruda.ca/emacs/prolog_mode_for_emacs
Logtalk ships with various editing services for many common editors,
also usable for Prolog.
SWI Prolog has a built-in Emacs clone called PceEmacs. There are also
Emacs definitions that let you evaluate embedded queries: https://www.metalevel.at/ediprolog/. An SWI Prolog programming
environment suitable for schools is available from http://lernen.bildung.hessen.de/informatik/swiprolog/indexe.htm
A Prolog plug-in for the "Eclipse"-IDE is available from: http://eclipse.ime.usp.br/projetos/grad/plugin-prolog/index.html
A sophisticated integrated editing and teaching environment with
declarative debugging, termination analysis and many visualisations is available from http://www.complang.tuwien.ac.at/ulrich/gupu/
16. How do I publish Prolog code?
Logtalk ships with support for various syntax highlighters, also usable
for Prolog. These include support for Pygments (used e.g. on Trac and GitHub), Rouge (use e.g. in GitLab), GeSHi (used e.g. on Wikis), minted
and texments LaTeX packages (e.g. source code listings), Google Code Prettify, Source-highlight, Highlight, SyntaxHighlighter, and SHJS (JavaScript highlighter for e.g. web pages).
Acknowledgements
Thank you to all the people who helped put together the first version
of this FAQ, and everyone who has contributed to it over the years.
Special thanks to John Dowding for suggesting a good format for the
list, and to Chris Moss, Dag Wahlberg, and Mark Kantrowitz for their
work on the Prolog Resource Guide.
Special thanks to Jamie Andrews, Dirk-Jan Faber and Remko Troncon, who
have been maintaining and posting the FAQ in the past.
package manager directly talks to https
?- setting(prolog_pack:server, ServerBase).
ServerBase = 'https://www.swi-prolog.org/pack/'.
Since spoofing GIT content is so easy and
non-sandboxed Prolog code is a rather sensitive
thing, I guess this is why bother with HTTPS
and a HSTS (HTTP Strict Transport Security)
policy could be important. SWI-Prolog packs are
non-sandboxed, unlike SWISH notebooks, right?
Here is what ChatGPT says:
An HTTP to HTTPS redirect vulnerability occurs
when an insecure HTTP connection is used to
redirect users to a secure HTTPS connection,
but the initial HTTP request is not adequately
protected. Here’s how this vulnerability might be exploited:
- Man-in-the-Middle Attack (MitM): Since HTTP is
unencrypted, an attacker intercepting the
initial HTTP request could manipulate the
redirection process before the user reaches
the secure HTTPS site. This could involve:
* Redirecting the user to a malicious site that
looks identical to the intended destination.
* Modifying the content in transit, such as
injecting malicious scripts.
- Downgrade Attacks: Attackers could attempt to
keep users on an HTTP connection instead of
redirecting them to HTTPS, leaving communication
vulnerable to eavesdropping or tampering.
The severity of an HTTP to HTTPS redirect
vulnerability can vary depending on the
context, but it is generally considered
moderate to high, depending on the following factors:
- Moderate: For non-sensitive sites where the
main risk is traffic manipulation (e.g., content
modification or ads injection) without
significant consequences.
- High: For sites handling sensitive user data
(e.g., financial services, medical information),
especially when users are likely to connect
over insecure networks like public Wi-Fi.
The problem is the analogue of
the pager explosion:
package manager directly talks to https
Thats correct, I get:
?- setting(prolog_pack:server, ServerBase).
ServerBase = 'https://www.swi-prolog.org/pack/'.
The pack server could nevertheless act as a
multiplier of malicious software. For example
if we look at supply chain attacks, then the
weakest link determines the overall security.
How do you initially compute the hash? @kuniaki.mukai
page doesn’t have HTTP to HTTPS promotion, and
here he has published a HTTP url:
Package “pac”
1.9.8 526129e98f3910766eace5d63eaf7097739a7c5b 3 http://web.sfc.keio.ac.jp/~mukai/pac-1.9.8.tgz
https://www.swi-prolog.org/pack/list?p=pac
And the hash is listed side by side with a
HTTP URL, doesn’t make much sense to me,
since its not a HTTPS URL. A hacker can use
this as a gateway to distribute a tampered
.tar that automatically has a tampered hash.
And its not a blockchain and/or distributed,
you compute the hash from the downloaded .tar
alone at client side, and what is computed at
client side is identical to the server side,
so there is no additional security. Or maybe
there is additional security? How is the pack
upload realized on the packager side? I don’t know…
Mild Shock schrieb:
Since spoofing GIT content is so easy and
non-sandboxed Prolog code is a rather sensitive
thing, I guess this is why bother with HTTPS
and a HSTS (HTTP Strict Transport Security)
policy could be important. SWI-Prolog packs are
non-sandboxed, unlike SWISH notebooks, right?
Here is what ChatGPT says:
An HTTP to HTTPS redirect vulnerability occurs
when an insecure HTTP connection is used to
redirect users to a secure HTTPS connection,
but the initial HTTP request is not adequately
protected. Here’s how this vulnerability might be exploited:
- Man-in-the-Middle Attack (MitM): Since HTTP is
unencrypted, an attacker intercepting the
initial HTTP request could manipulate the
redirection process before the user reaches
the secure HTTPS site. This could involve:
* Redirecting the user to a malicious site that
looks identical to the intended destination.
* Modifying the content in transit, such as
injecting malicious scripts.
- Downgrade Attacks: Attackers could attempt to
keep users on an HTTP connection instead of
redirecting them to HTTPS, leaving communication
vulnerable to eavesdropping or tampering.
The severity of an HTTP to HTTPS redirect
vulnerability can vary depending on the
context, but it is generally considered
moderate to high, depending on the following factors:
- Moderate: For non-sensitive sites where the
main risk is traffic manipulation (e.g., content
modification or ads injection) without
significant consequences.
- High: For sites handling sensitive user data
(e.g., financial services, medical information),
especially when users are likely to connect
over insecure networks like public Wi-Fi.
| Sysop: | DaiTengu |
|---|---|
| Location: | Appleton, WI |
| Users: | 1,015 |
| Nodes: | 10 (0 / 10) |
| Uptime: | 57:02:25 |
| Calls: | 13,252 |
| Calls today: | 1 |
| Files: | 186,574 |
| D/L today: |
4,255 files (1,129M bytes) |
| Messages: | 3,335,117 |