Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

KM (4)

KM
  (email not shown publicly)
AOL IM: perlguy13 (Add Buddy, Send Message)

I wrote a book, maybe you will buy it. Writing CGI Applications with Perl [perlcgi-book.com]

Journal of KM (4)

Friday March 26, 2004
07:52 PM

CA Collections Attorney?

Anyone happen to know a good and reasonably priced (don't pay if you don't collect) collections attorney located around Contra Costa County to handle a small claims case? Being in NY I can't really judge who is reputable out there.

Tuesday March 23, 2004
09:51 PM

A/V Streaming

I haven't done much with streaming A/V since I was at DEC, and Real Networks was the only game in town. But, I have a client who wants to be able to provide his clients the ability to stream. The RealServer (or Helix, or whatever it's called today) seems somewhat expensive.. but has a free encoder for users. Then, there is the Darwin Streaming Server, which is free... but I'm not sure what he'd tell users to use to encode. Windows Media is not an option.

What are opinions?

Tuesday January 13, 2004
04:48 PM

Spoon

Spoon (Iain Truskett) has passed on. I knew him for some time on IRC, and always liked him. He was someone I could always chat with which wouldn't turn into a "I LOVE PIE" conversation after 30 seconds. It was nice knowing you, and you'll be missed.
Saturday December 27, 2003
08:58 AM

Happy Birthday!

To me!

Friday December 19, 2003
10:23 PM

Non Competes

Now that I'm independent I do work for various people. When doing a large project I expect that I get a NDA from the client. No problem. But, a new client sent me a contract which included a non-compete section. It seemed to be worded with a W2 employee in mind. It states that the Programmer (me, the consultant in this case) can't work for any competition of theirs directly or indirectly for 1 year after working for them. Then, a bunch of "you can request permission" stuff, and if you can't get a job because of this provision they pay you 80% of your salary until you can. All wording which seems reasonable for a salaried employee. But, not a consultant. I sent an email back saying I wouldn't sign it unless that section was removed, as I couldn't agree to having my income limited because I do work for them, and since I'm not salaried.. 80% of no salary is $0. I haven't heard back yet (it's Friday, so didn't expect to).

Then I started to wonder how enforcable something like this would be anyways. If you worked for Acme Corp, left (or was asked to leave) the company, then was hired by Widget Corp (Acme Corps bitter enemy).. what could Acme Corp. really do about it? I once worked for a company which hired someone who was a consultant. The consulting company tried to pull some legal stuff on the guy, but didn't seem to be able to enforce it. I figured I could just sign that contract and a) the company would never know who I did work for anyways, or b) couldn't enforce anything. But, I just don't like signing things I don't agree with and don't want to have the possability of any legal hassles.

Does anyone know of any cases where a non-compete was broken and successfully enforced? And, if so.. what was enforced? Did the person have to quit their job? Pay money?

Sunday November 23, 2003
06:17 PM

Safari Pop-Up blocker

I enjoy pop-up/under/sideways free browsing using Safari's built-in pop-up blocking. Until today! I read that Kellie Waymire died. It said she was on Six Feet Under, which I watch.. and couldn't place who she is. I guess she was some recurring hooker that I don't remember at all in the show. Anyways, I was searching for a photo of her, which I couldn't find many.

Anywho... I went to http://www.bestzilla.com/K/Kellie_Waymire/ and all of a sudden.. a full screen pop-up! I closed it, made sure I had blocking enabled (which I did, of course).. reloaded.. and there it was again! Seems like they get around the usual JavaScript pop-ups which Safari blocks.

How? They have a JavaScript called from an onLoad, which submits a form with a new target. Pretty sneaky sis.

Safari is basically all I use, so I'm not sure if this gets around other pop-up blocking technolgies or not.

Tuesday November 18, 2003
09:47 AM

Non-corporate world

Since I've been unemployed since I quit Verio and moved up to NY, I've need to help pay the bills. So, I've started my own consulting business. I'm gearing towards local business', joined the Chamber of Commerce, blah blah blah. But, in order to make some money I do odd Perl jobs for people. I'll install some things, write some custom scripts, give general Linux help, troubleshoot, etc...

I'm used to programming within the corporate world, so I'm learning a new side of non-corporate Perl. There are quite a few "companies" (groups of programmers) who write a boatload of scripts, and sell them. Auctions, affiliate scripts, multi-level-marketing, etc... They write them, sell them, then seem to not support their products. This is where I have been coming in. People pay me to fix this junk. And, I mean *junk*. The crappy code sometimes makes my cringe.. and I cringe more that people buy this stuff.. and even more that people are selling it!! But, it's good for me since I get a few bucks here and there.

I now see a lot of what people do to start their websites in the attempt to make money, as opposed to the large corporation. It's sort of interesting, although I'm not sure what kind of revenue these people make.

Most of us are probably in the corporate world, and don't see this side of the Perl-world and internet-biz world. At least, I was somewhat shielded from it. I've considered re-writing all these bad scripts and just selling them myself. May as well sell a cheaper, well-written, version of someone elses crap. But, I don't want to maintain them since I wouldn't be using them personally.

Anywho... it's been interesting seeing this side. I get a decent share of repeat business (fix a script, then write a custom one, etc...) although I don't pull in the cash I used to yet. I need more steady work. I do, however, like not having a 9 to 5 anymore. Making my own hours, working from home and being able to choose what I want to work on is a *great* thing.

Thursday November 13, 2003
01:56 PM

Online Banking

My local bank is very local. Only a few branches. They have, like many banks, online banking. For some reason, I trust large banks, and credit card companies, with their online banking apps. Maybe I assume they have a team of people who work on it, and it goes through rigid Q&A and security auditing.

Anyways, my local bank uses a system I think was created by a local internet/hosting company.. at least it is hosted with them. It's also apparantly written in Perl, and running on Linux. The company I *think* wrote the system basically seems to do Windows based hosting, and says they do Cold Fusion and ASP programming. Not Perl, or Linux/BSD development.

On further inspection, I see this comment (and a few more) in the HTML:

<!-- RM/COBOL Runtime - Version 7.10.00 for Linux (Intel). -->

And this at the bottom:

<!-- COBOL STOP RUN at line 1692 in /U/PGMS/OBJ/ACCTLIST (/u/pgms/obj/acctlist).OSMCSINITIALIZE called! -->
<!-- OSMCS called! -->
<!-- Mcs Function = 8; McsPtrArea = 0x0 -->

So, it's COBOL.. at least in part.

I'm not sure why, but this makes me nervous. Has anyone ever contacted their bank to ask what sort of security audits, checking, Q&A, etc... which their online banking apps have gone through? They use 2 cookies, one with a session ID, and one called 'pass', which seems like a encrytped version of the password. When you log out, they clear the 'SID' cookie, but not the 'pass' cookie. And, neither of the cookies are secure, although the site uses SSL.

So, I took the contents of the cookie, which looks something like (this was NOT it, obviously):

ABhsHhYdsYR

And I thought to myself, "Hey, this just look like something passed through crypt().. not even a hash."

So, I did this:

perl -wle'print crypt("MY PASSWORD", "AB")';

Lo-and-behold, it prints out what is in the cookie. So, it's storing my password crypt()-ed in a non-secure cookie, and doesn't blank it out on logout.

Am I being *too* paranoid about this? I'm pretty sure the userid naming convention is a standard one. We didn't choose it, and it isn't random. So, if you can view someones cookie, you know the salt to use with crypt and could brute force the password without trying to actually log on (which would lock the account after 3 tries... according to an error message I viewed).

If I have a concern about the security for one thing in a system, I don't trust the rest of the system. Would I be out of line (I don't think I would) by asking the bank to provide information on security audits done on their online banking system? Took me 5 minutes to view a cookie and get my password from it... you'd think someone would have caught that.

Friday October 24, 2003
09:31 PM

Been MIA

I've been pretty much MIA from the Perl community lately, not that anyone has noticed. Not sure why I've been away. I guess being unemployed has taken me out of the normal geek-loop. And, #perl... well, I take a break from #perl every so often anyways. I'm still active with TPF, but that's about it right now.

Anyways... if anyone cares you can still see what's been up with my life on my regular journal. New house, new state, dead dog, wildlife, kid, etc... Mundane, but my life.

Tuesday September 30, 2003
10:57 PM

Nip/Tuck

If you're not watching this show on FX, you're missing out. Great drama, and I dare say one of the best shows on TV. If you like the HBO dramas, you'll probably like this.

When they get the first season on reruns (or DVD), check it out. I'm so happy to have an actual good show on TV (aside Family Guy, anime, and.. er.. um.. yeah).