[17857] in Perl-Users-Digest
Perl-Users Digest, Issue: 17 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Mon Jan 8 11:45:43 2001
Date: Mon, 8 Jan 2001 08:45:16 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <978972315-v10-i17@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Mon, 8 Jan 2001 Volume: 10 Number: 17
Today's topics:
Statistics for comp.lang.perl.misc <gbacon@cs.uah.edu>
Stopping users from exploiting Perl 'interpreter' on NT <clyde@NOSPAMgetofftheline.freeserve.co.uk>
Re: Stopping users from exploiting Perl 'interpreter' o <joe+usenet@sunstarsys.com>
Re: Stopping users from exploiting Perl 'interpreter' o (Maggert)
Re: Stopping users from exploiting Perl 'interpreter' o <jasonh_/dev/null_autonomy.com>
Stripping HTML problem <laurence@tk.co.za>
Re: Stripping HTML problem <tony_curtis32@yahoo.com>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Mon, 08 Jan 2001 15:01:39 -0000
From: Greg Bacon <gbacon@cs.uah.edu>
Subject: Statistics for comp.lang.perl.misc
Message-Id: <t5jlijf7mnqq58@corp.supernews.com>
Following is a summary of articles spanning a 7 day period,
beginning at 01 Jan 2001 15:05:38 GMT and ending at
08 Jan 2001 13:23:08 GMT.
Notes
=====
- A line in the body of a post is considered to be original if it
does *not* match the regular expression /^\s{0,3}(?:>|:|\S+>|\+\+)/.
- All text after the last cut line (/^-- $/) in the body is
considered to be the author's signature.
- The scanner prefers the Reply-To: header over the From: header
in determining the "real" email address and name.
- Original Content Rating (OCR) is the ratio of the original content
volume to the total body volume.
- Find the News-Scan distribution on the CPAN!
<URL:http://www.perl.com/CPAN/modules/by-module/News/>
- Please send all comments to Greg Bacon <gbacon@cs.uah.edu>.
- Copyright (c) 2001 Greg Bacon.
Verbatim copying and redistribution is permitted without royalty;
alteration is not permitted. Redistribution and/or use for any
commercial purpose is prohibited.
Excluded Posters
================
perlfaq-suggestions\@(?:.*\.)?perl\.com
Totals
======
Posters: 382
Articles: 1086 (485 with cutlined signatures)
Threads: 331
Volume generated: 2069.1 kb
- headers: 872.2 kb (17,243 lines)
- bodies: 1128.1 kb (36,801 lines)
- original: 768.3 kb (26,706 lines)
- signatures: 67.7 kb (1,404 lines)
Original Content Rating: 0.681
Averages
========
Posts per poster: 2.8
median: 1.0 post
mode: 1 post - 227 posters
s: 5.5 posts
Posts per thread: 3.3
median: 2 posts
mode: 1 post - 105 threads
s: 2.9 posts
Message size: 1950.9 bytes
- header: 822.4 bytes (15.9 lines)
- body: 1063.7 bytes (33.9 lines)
- original: 724.4 bytes (24.6 lines)
- signature: 63.8 bytes (1.3 lines)
Top 10 Posters by Number of Posts
=================================
(kb) (kb) (kb) (kb)
Posts Volume ( hdr/ body/ orig) Address
----- -------------------------- -------
55 137.4 ( 46.6/ 79.9/ 52.4) mgjv@tradingpost.com.au
51 106.4 ( 39.7/ 59.6/ 40.9) Tad McClellan <tadmc@metronet.com>
39 76.9 ( 37.4/ 33.3/ 29.5) abigail@foad.org
28 110.2 ( 21.6/ 87.6/ 87.6) PerlFAQ Server <faq@denver.pm.org>
28 40.4 ( 23.9/ 16.2/ 10.6) Bart Lateur <bart.lateur@skynet.be>
26 45.4 ( 18.7/ 26.1/ 14.4) Garry Williams <garry@zvolve.com>
22 58.4 ( 19.5/ 38.6/ 22.3) Joe Schaefer <joe+usenet@sunstarsys.com>
21 43.4 ( 19.5/ 17.4/ 12.9) Mark Jason Dominus <mjd@plover.com>
20 32.8 ( 14.4/ 17.6/ 9.2) Chris Fedde <cfedde@fedde.littleton.co.us>
20 36.7 ( 14.6/ 22.1/ 9.9) Anno Siegel <anno4000@lublin.zrz.tu-berlin.de>
These posters accounted for 28.5% of all articles.
Top 10 Posters by Volume
========================
(kb) (kb) (kb) (kb)
Volume ( hdr/ body/ orig) Posts Address
-------------------------- ----- -------
137.4 ( 46.6/ 79.9/ 52.4) 55 mgjv@tradingpost.com.au
110.2 ( 21.6/ 87.6/ 87.6) 28 PerlFAQ Server <faq@denver.pm.org>
106.4 ( 39.7/ 59.6/ 40.9) 51 Tad McClellan <tadmc@metronet.com>
76.9 ( 37.4/ 33.3/ 29.5) 39 abigail@foad.org
58.4 ( 19.5/ 38.6/ 22.3) 22 Joe Schaefer <joe+usenet@sunstarsys.com>
45.4 ( 18.7/ 26.1/ 14.4) 26 Garry Williams <garry@zvolve.com>
43.4 ( 19.5/ 17.4/ 12.9) 21 Mark Jason Dominus <mjd@plover.com>
42.7 ( 12.4/ 25.8/ 25.4) 16 The WebDragon <nospam@nospam.com>
40.4 ( 23.9/ 16.2/ 10.6) 28 Bart Lateur <bart.lateur@skynet.be>
36.7 ( 14.6/ 22.1/ 9.9) 20 Anno Siegel <anno4000@lublin.zrz.tu-berlin.de>
These posters accounted for 33.7% of the total volume.
Top 10 Posters by OCR (minimum of five posts)
==============================================
(kb) (kb)
OCR orig / body Posts Address
----- -------------- ----- -------
1.000 ( 5.3 / 5.3) 6 BUCK NAKED1 <dennis100@webtv.net>
1.000 ( 87.6 / 87.6) 28 PerlFAQ Server <faq@denver.pm.org>
0.985 ( 25.4 / 25.8) 16 The WebDragon <nospam@nospam.com>
0.888 ( 29.5 / 33.3) 39 abigail@foad.org
0.876 ( 6.8 / 7.7) 5 Stan Brown <stanb@panix.com>
0.762 ( 20.2 / 26.6) 5 nadie@latino-2000.com
0.738 ( 12.9 / 17.4) 21 Mark Jason Dominus <mjd@plover.com>
0.735 ( 6.9 / 9.4) 10 Jeff Helman <jhelman@wsb.com>
0.731 ( 7.6 / 10.5) 12 "John Boy Walton" <johngros@Spam.bigpond.net.au>
0.714 ( 5.7 / 8.0) 9 nobull@mail.com
Bottom 10 Posters by OCR (minimum of five posts)
=================================================
(kb) (kb)
OCR orig / body Posts Address
----- -------------- ----- -------
0.468 ( 1.8 / 3.9) 5 Dan Sugalski <dan@tuatha.sidhe.org>
0.466 ( 2.9 / 6.2) 5 Eric Bohlman <ebohlman@omsdev.com>
0.464 ( 3.9 / 8.4) 5 "Ian Trudel" <ian.trudel@tr.cgocable.ca>
0.462 ( 3.4 / 7.3) 8 Tony Curtis <tony_curtis32@yahoo.com>
0.449 ( 9.9 / 22.1) 20 Anno Siegel <anno4000@lublin.zrz.tu-berlin.de>
0.414 ( 1.6 / 3.8) 6 adelton@informatics.muni.cz
0.413 ( 3.8 / 9.1) 13 Rafael Garcia-Suarez <rgarciasuarez@free.fr>
0.366 ( 1.9 / 5.2) 8 Randal L. Schwartz <merlyn@stonehenge.com>
0.347 ( 3.1 / 9.0) 5 "Charles K. Clarkson" <c_clarkson@hotmail.com>
0.138 ( 0.4 / 3.2) 5 AvA <a.v.a@home.nl>
45 posters (11%) had at least five posts.
Top 10 Threads by Number of Posts
=================================
Posts Subject
----- -------
16 $ENV{'QUERY_STRING'} Question
16 perl and zombies
15 Newbie but serious - Problems reading file from multipart forms (no binmode!) (repost)
15 Remote Controll other windows software by Perl
15 bitwise operation to find the inversion of a color
15 Perl based web server
13 %ENV does not contain some variables?
12 What do you call the => operator?
12 Quote "machine"
11 Perl for Palm
These threads accounted for 12.9% of all articles.
Top 10 Threads by Volume
========================
(kb) (kb) (kb) (kb)
Volume ( hdr/ body/ orig) Posts Subject
-------------------------- ----- -------
52.3 ( 16.2/ 34.4/ 24.9) 15 bitwise operation to find the inversion of a color
39.1 ( 14.0/ 23.3/ 14.8) 15 Newbie but serious - Problems reading file from multipart forms (no binmode!) (repost)
38.2 ( 12.2/ 24.6/ 17.3) 13 %ENV does not contain some variables?
34.1 ( 14.6/ 17.4/ 9.1) 16 $ENV{'QUERY_STRING'} Question
30.9 ( 11.7/ 17.8/ 10.0) 15 Perl based web server
30.3 ( 13.1/ 16.9/ 7.5) 15 Remote Controll other windows software by Perl
26.3 ( 13.3/ 10.6/ 6.0) 16 perl and zombies
25.6 ( 8.7/ 16.1/ 13.5) 11 FAQ 7.9: How do I create a module?
24.6 ( 9.5/ 14.3/ 10.5) 12 Quote "machine"
24.0 ( 10.1/ 13.7/ 9.1) 11 Unitialised value error.
These threads accounted for 15.7% of the total volume.
Top 10 Threads by OCR (minimum of five posts)
==============================================
(kb) (kb)
OCR orig / body Posts Subject
----- -------------- ----- -------
0.837 ( 13.5/ 16.1) 11 FAQ 7.9: How do I create a module?
0.812 ( 13.0/ 16.0) 8 /\/Password Redirect Script Nightmare/\/\
0.789 ( 3.0/ 3.8) 5 Modify @INC?
0.774 ( 4.8/ 6.2) 5 Shall use a reference instead?
0.772 ( 8.8/ 11.3) 9 PERLLIB,PERL5LIB - How to unset inside perl script?
0.749 ( 10.9/ 14.5) 8 General Personal Development Strategy
0.746 ( 2.1/ 2.8) 5 compare files
0.736 ( 5.4/ 7.4) 11 Any good Perl books?
0.734 ( 10.5/ 14.3) 12 Quote "machine"
0.731 ( 2.7/ 3.7) 5 Net::FTP question
Bottom 10 Threads by OCR (minimum of five posts)
=================================================
(kb) (kb)
OCR orig / body Posts Subject
----- -------------- ----- -------
0.494 ( 3.1 / 6.2) 6 ActivePerl and IIS3
0.486 ( 1.7 / 3.6) 6 rsh/cvs problem
0.473 ( 2.0 / 4.3) 5 newbie to Perl on W2K. How do I 'make' CPAN modules ?
0.457 ( 4.4 / 9.6) 8 files in directory
0.455 ( 5.2 / 11.5) 10 newsreader suggestions?
0.444 ( 7.5 / 16.9) 15 Remote Controll other windows software by Perl
0.442 ( 3.7 / 8.3) 5 Perl Strange Output
0.430 ( 6.0 / 14.0) 9 [Q] matching many regular expressions [..]
0.425 ( 1.1 / 2.6) 6 LWP and referer
0.422 ( 1.8 / 4.3) 5 Files in Perl
74 threads (22%) had at least five posts.
Top 10 Targets for Crossposts
=============================
Articles Newsgroup
-------- ---------
14 comp.sys.mac.programmer.help
14 comp.sys.mac.programmer.tools
14 comp.sys.mac.system
9 comp.lang.perl
5 microsoft.public.inetserver.iis
5 comp.sys.mac.programmer
5 alt.perl
4 comp.lang.perl.modules
3 comp.lang.c
2 comp.answers
Top 10 Crossposters
===================
Articles Address
-------- -------
10 Ilya Zakharevich <ilya@math.ohio-state.edu>
9 Peter Seebach <seebs@plethora.net>
7 mgjv@tradingpost.com.au
7 abigail@foad.org
4 Kenny Pearce <kenny@kennypearce.net>
4 Weston Cann <iowa88_song88.remove_eights@hotmail.com>
4 Randall Woodman <rwoodman@verio.net>
4 Michael Ash <mail@mikeash.com>
4 David <david_xia@yahoo.com>
4 David Burgun <NOdburgunSPAM@earthlink.net>
------------------------------
Date: Mon, 8 Jan 2001 12:52:52 -0000
From: "Clyde Ingram" <clyde@NOSPAMgetofftheline.freeserve.co.uk>
Subject: Stopping users from exploiting Perl 'interpreter' on NT
Message-Id: <93cda3$ccu$1@newsg1.svr.pol.co.uk>
On my project we use lots of Perl on Solaris servers.
We have recently replaced Solaris client workstations with NT PCs for our
customer's system users.
Now some engineers are getting nervous at the threat of 'smart' NT users
developing their own rogue Perl programs to tamper with the network, because
they can easily access RPC, socket, and other facilities in the Perl on
their PCs. (All so easy to run Notepad, and set executable permissions on a
home-grown script.)
Can anyone suggest how to prevent NT users from producing their own working
Perl programs?
Should we remove Socket.pm and other networking modules, or ultimately the
whole of Perl's interpretative capability?
And replace Perl sources on the NT platforms with compiled code (from a
Perl-to-C generator)?
Is this indeed the only safe solution?
A lot of folks round here get twitchy at supplying any interpreter on the
platform users have. (Imagine their nervousness when users had Solaris on
the desktop, equipped with sh, ksh, csh, awk, sed, perl, . . . )
Some Philistines would like to see Perl boxed-up, chucked out, and replaced
with Java.
Regards,
Clyde
------------------------------
Date: 08 Jan 2001 08:33:47 -0500
From: Joe Schaefer <joe+usenet@sunstarsys.com>
Subject: Re: Stopping users from exploiting Perl 'interpreter' on NT
Message-Id: <m3d7dy183o.fsf@mumonkan.sunstarsys.com>
"Clyde Ingram" <clyde@NOSPAMgetofftheline.freeserve.co.uk> writes:
> Now some engineers are getting nervous at the threat of 'smart' NT users
> developing their own rogue Perl programs to tamper with the network,
> because they can easily access RPC, socket, and other facilities in the
> Perl on their PCs. (All so easy to run Notepad, and set executable
> permissions on a home-grown script.)
Then you need smarter engineers :)
> Can anyone suggest how to prevent NT users from producing their own
> working Perl programs?
8^O
>
> Should we remove Socket.pm and other networking modules, or ultimately
> the whole of Perl's interpretative capability?
> And replace Perl sources on the NT platforms with compiled code (from a
> Perl-to-C generator)?
No.
> Is this indeed the only safe solution?
> A lot of folks round here get twitchy at supplying any interpreter on
> the platform users have. (Imagine their nervousness when users had Solaris
> on the desktop, equipped with sh, ksh, csh, awk, sed, perl, . . . )
What about all that "fine-grained access control" that Redmond touts at
every opportunity to bash *nix?
http://www.microsoft.com/ntserver/nts/exec/compares/ntsysman/3_wntadvantages.asp
Can't your engineers learn how to use all that great stuff you paid
so much for?
> Some Philistines would like to see Perl boxed-up, chucked out, and
> replaced with Java.
%^<
Unless you are trolling, you have asked this question in the wrong ng.
Try some sysadmin newsgroup for NT servers instead.
--
Joe Schaefer
------------------------------
Date: Mon, 08 Jan 2001 14:40:50 GMT
From: mag@ionet.net (Maggert)
Subject: Re: Stopping users from exploiting Perl 'interpreter' on NT
Message-Id: <3a59cf06.58165667@news.ionet.net>
On Mon, 8 Jan 2001 12:52:52 -0000, "Clyde Ingram"
<clyde@NOSPAMgetofftheline.freeserve.co.uk> wrote:
>Some Philistines would like to see Perl boxed-up, chucked out, and replaced
>with Java.
>
Whats to prevent someone using Java to do the same thing? You
don't have to install Perl on all your systems, but if you let people
go online then they can download it just like they could download
java. Installations can be prevented on NT though.
The bottom line was you were much more secure using Solaris
even with all the programming languages installed because it has a
much better security model.
Now you're stuck with NT but this isn't anything to get your
panties all bunched up in a knot. Just secure your network the best
you can and monitor logs.
You could get the Balsa Log Viewer from http://balsa-tech.com
and monitor all the log files in your interprise from one machine and
take actions depending on keywords. It's a great sysadmin program and
was written up in sysadmin magazine!
------------------------------
Date: Mon, 8 Jan 2001 14:45:16 -0000
From: "Jason Holland" <jasonh_/dev/null_autonomy.com>
Subject: Re: Stopping users from exploiting Perl 'interpreter' on NT
Message-Id: <3a59d301_2@nnrp1.news.uk.psi.net>
Then "they" will write their programs in Java, instead of Perl. What are
they using NT for if they're not allowed to have any "smart" software? Do
they actually get any work done?
J.
"Clyde Ingram" <clyde@NOSPAMgetofftheline.freeserve.co.uk> wrote in message
news:93cda3$ccu$1@newsg1.svr.pol.co.uk...
> On my project we use lots of Perl on Solaris servers.
> We have recently replaced Solaris client workstations with NT PCs for our
> customer's system users.
>
> Now some engineers are getting nervous at the threat of 'smart' NT users
> developing their own rogue Perl programs to tamper with the network,
because
> they can easily access RPC, socket, and other facilities in the Perl on
> their PCs. (All so easy to run Notepad, and set executable permissions on
a
> home-grown script.)
>
> Can anyone suggest how to prevent NT users from producing their own
working
> Perl programs?
>
> Should we remove Socket.pm and other networking modules, or ultimately the
> whole of Perl's interpretative capability?
> And replace Perl sources on the NT platforms with compiled code (from a
> Perl-to-C generator)?
>
> Is this indeed the only safe solution?
> A lot of folks round here get twitchy at supplying any interpreter on the
> platform users have. (Imagine their nervousness when users had Solaris on
> the desktop, equipped with sh, ksh, csh, awk, sed, perl, . . . )
>
> Some Philistines would like to see Perl boxed-up, chucked out, and
replaced
> with Java.
>
> Regards,
> Clyde
>
>
------------------------------
Date: Mon, 8 Jan 2001 17:09:39 +0200
From: "Laurence Mulder" <laurence@tk.co.za>
Subject: Stripping HTML problem
Message-Id: <3a59d74f$0$228@helios.is.co.za>
Please Help, I'm stripping HTML using CPAN's. My problem lies where a single
HTML string broken into multiple lines. How can I append all the lines into
a single line or a array into a single variable.
Any help will be greatly appreciated.
Thanks
Laurence :)
------------------------------
Date: 08 Jan 2001 09:22:15 -0600
From: Tony Curtis <tony_curtis32@yahoo.com>
Subject: Re: Stripping HTML problem
Message-Id: <87u27a2hnc.fsf@limey.hpcc.uh.edu>
>> On Mon, 8 Jan 2001 17:09:39 +0200,
>> "Laurence Mulder" <laurence@tk.co.za> said:
> Please Help, I'm stripping HTML using CPAN's. My problem
^^^
there's a noun missing here. What are you using from
CPAN? Modules? If so, which ones?
> lies where a single HTML string broken into multiple
> lines. How can I append all the lines into a single line
> or a array into a single variable.
HTML::Parser
HTML::TokeParser
HTML::TreeBuilder
should be a good starting point. I'm sure Randal's perl
column has some examples of use:
http://www.stonehenge.com/merlyn/WebTechniques/
hth
t
--
Eih bennek, eih blavek.
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 17
*************************************
