[23645] in Perl-Users-Digest
Perl-Users Digest, Issue: 5852 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Mon Nov 24 14:05:59 2003
Date: Mon, 24 Nov 2003 11:05:14 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Mon, 24 Nov 2003 Volume: 10 Number: 5852
Today's topics:
Re: Avoiding running a process twice <dodgynewsgroups@ewildgoose.demon.co.uk>
Re: Bit counting benchmarks Was: count of 1s in a binar <bik.mido@tiscalinet.it>
Re: Bit counting benchmarks Was: count of 1s in a binar (Anno Siegel)
Re: Bit counting benchmarks Was: count of 1s in a binar <flavell@ph.gla.ac.uk>
Can this script be used to spam? <davezx1@yahoo.com>
Re: Can this script be used to spam? <uri@stemsystems.com>
client/ server <james.welsby@virgin.net>
Re: client/ server <nobull@mail.com>
Re: code structure <pinyaj@rpi.edu>
Re: Comments on parsing solution. <uri@stemsystems.com>
Re: Image::Magick memory leak question <stanb@panix.com>
Re: Image::Magick memory leak question <stanb@panix.com>
Re: Image::Magick memory leak question <usenet@morrow.me.uk>
Re: Newbie question - calling perl from html <dan@mathjunkies.com>
Re: Performance problem on SunOS 5.8 <Juha.Laiho@iki.fi>
Re: Performance problem on SunOS 5.8 <abigail@abigail.nl>
Perl Editor (AnnMarie)
Re: Perl Editor <xaonon@hotpop.com>
Re: Perl Editor <me@privacy.net>
Re: Protecting Source code of a perl script ctcgag@hotmail.com
Re: Protecting Source code of a perl script <usenet@morrow.me.uk>
Re: Protecting Source code of a perl script (Rafael Garcia-Suarez)
Re: sending stdin to a shell command in perl (Andrew)
Re: sending stdin to a shell command in perl <usenet@morrow.me.uk>
Re: sending stdin to a shell command in perl (Villy Kruse)
Re: sending stdin to a shell command in perl <dmcbride@naboo.to.org.no.spam.for.me>
Re: status of redirecting STDOUT/STDERR to file (jonathan)
substring <alexj@freesurf.ch>
use strick & hash ref <tom@nosleep.net>
Re: use strick & hash ref <zoooz@gmx.de>
Re: use strick & hash ref <dmcbride@naboo.to.org.no.spam.for.me>
Re: use strick & hash ref <nobull@mail.com>
Re: use strick & hash ref (Anno Siegel)
Re: use strick & hash ref <tom@nosleep.net>
Re: use strick & hash ref <dmcbride@naboo.to.org.no.spam.for.me>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Mon, 24 Nov 2003 18:12:22 GMT
From: "Ed W" <dodgynewsgroups@ewildgoose.demon.co.uk>
Subject: Re: Avoiding running a process twice
Message-Id: <aSrwb.647805$be.90783@news.easynews.com>
> If you can use file locking (not sure about the windows side), that would
> be the way to go. Again you use a file, but it isn't created/deleted
> with program runs, but only locked (exclusively). The advantage is that
> it's easier to get correct (because it's what locking is about), and
> you're not responsible for deleting the file. The system takes care
> of the lock.
Could you show me a perl example of this in action perhaps? A unix version
would be fine
Thanks
------------------------------
Date: Mon, 24 Nov 2003 15:27:35 +0100
From: Michele Dondi <bik.mido@tiscalinet.it>
Subject: Re: Bit counting benchmarks Was: count of 1s in a binary number
Message-Id: <sh24svov91e4tbvjn560d814cguo8er4pl@4ax.com>
On Sat, 22 Nov 2003 23:18:58 +0000 (UTC), Ilya Zakharevich
<nospam-abuse@ilyaz.org> wrote:
>> Not an attempt to revive this thread (it *was* a good one)
>
>Ok, so let *me* attempt to revive it. ;-)
[snip]
>I do not see the *other* optimization I (kinda ;-) mentioned used:
Also, as another attempt to (*sort of*) reviving it, why don't you
include also less performant solutions that may be useful when
conjuring up a quick hack, such as those based upon tr/// et similia?
This would be, as I hinted in my previous post, mostly for educational
purposes...
Michele
--
# This prints: Just another Perl hacker,
seek DATA,15,0 and print q... <DATA>;
__END__
------------------------------
Date: 24 Nov 2003 17:46:16 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Bit counting benchmarks Was: count of 1s in a binary number
Message-Id: <bptg58$7uq$1@mamenchi.zrz.TU-Berlin.DE>
Anno Siegel <anno4000@lublin.zrz.tu-berlin.de> wrote in comp.lang.perl.misc:
> Ilya Zakharevich <nospam-abuse@ilyaz.org> wrote in comp.lang.perl.misc:
> > [A complimentary Cc of this posting was sent to
> > Anno Siegel
> > <anno4000@lublin.zrz.tu-berlin.de>], who wrote in article
> > <bpnmtk$fja$1@mamenchi.zrz.TU-Berlin.DE>:
> > > Not an attempt to revive this thread (it *was* a good one)
> >
> > Ok, so let *me* attempt to revive it. ;-)
> >
> > > I just want
> > > to mention that I have code that compiles, in either Perl or C, the
> > > mask/shift/add-method (thread-insiders know what I mean) according to
> > > the current word length. By itself it doesn't quite make a CPAN module,
> > > but if anyone wants to make use of it, it's at
> > >
> > > http://www.tu-berlin.de/zrz/mitarbeiter/anno4000/clpm/bench.bitcount
> >
> > I do not see the *other* optimization I (kinda ;-) mentioned used:
> >
> > "MASKING" is required only on steps when "the step number" is a
> > power of 2 (so only with 1-bit, 2-bit, 4-bit, 16-bit, 256-bit etc
> > "nibbles").
>
> I think I see what you mean, overflow cannot occur on some steps, so
> we don't care if spurious additions happen on the side as long as we
> mask off the results eventually.
>
> I don't quite see how you arrive at the particular step numbers that
> require masking, and applied blindly to my code-generator they appear
> to give the wrong result. That's very preliminary, I'll pursue it
> further... or maybe not :)
[following up to myself some more]
Okay, I wasn't using the right final mask, I'm getting correct results
now.
I still don't agree which steps need masking and which don't.
http://www.hackersdelight.org/HDcode/newCode/pop_arrayHS.cc (only the
first code example relevant) doesn't show masking for the 16-bit step.
It shows further possible optimizations in masking only one of the
summands in some cases.
I can't come up with a useful rule for when masking is needed. The rule
seems to be more involved than "step-numbers that are powers of two". Step
0 never fit in there anyway.
Anno
------------------------------
Date: Mon, 24 Nov 2003 18:08:35 +0000
From: "Alan J. Flavell" <flavell@ph.gla.ac.uk>
Subject: Re: Bit counting benchmarks Was: count of 1s in a binary number
Message-Id: <Pine.LNX.4.53.0311241757151.9301@ppepc56.ph.gla.ac.uk>
On Mon, 24 Nov 2003, Anno Siegel wrote:
> I can't come up with a useful rule for when masking is needed. The rule
> seems to be more involved than "step-numbers that are powers of two".
Yup, that's how I remembered it from way back. I worked it out for
our 32-bit case (the unrolled loop fitted in the IBM mainframe's
execution cache anyway), but I didn't work out a general rule for when
it would be necessary in the general case.
(In any case the code is long lost - the punched cards tossed, and the
mag tapes used as bird scares and garden twine...).
cheers
------------------------------
Date: Mon, 24 Nov 2003 18:42:54 GMT
From: "David Staschover" <davezx1@yahoo.com>
Subject: Can this script be used to spam?
Message-Id: <Oiswb.38545$A%3.512977@ord-read.news.verio.net>
We are getting numerous bounceback messages with the following script in the
bounced email. It appears that someone is using this script to send spam. Is
there any way for a visitor to break this script over the web, changing the
recipient, or added Bcc's to this message through a web browser? And if so,
any idea how to fix it?
Thanks in advance!
#!/usr/bin/perl
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
open (MAIL, "|/usr/lib/sendmail -oi -oem -odi -t ") || die "Can't open
$mailpro>
print MAIL "To: recipient\@domain.com\n";
print MAIL "From: $FORM{'username'} ($FORM{'realname'})\n";
print MAIL "Subject: Site Comments
$FORM{'username'} ($FORM{'realname'}) sent the following
------------------------------------------------------------
Email: $FORM{'username'}
Name: $FORM{'realname'}
Subject: $FORM{'subject'}
Comments:
$FORM{'comments'}
------------------------------------------------------------\n\n";
close (MAIL);
print "Location: http://www.domain.com/thankyou.html\n\n";
------------------------------
Date: Mon, 24 Nov 2003 19:01:31 GMT
From: Uri Guttman <uri@stemsystems.com>
Subject: Re: Can this script be used to spam?
Message-Id: <x7ekvxy4j8.fsf@mail.sysarch.com>
don't use that. formmail is infamous for spamming attacks.
look for the NMS replacement on sourceforge.
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.stemsystems.com
--Perl Consulting, Stem Development, Systems Architecture, Design and Coding-
Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
------------------------------
Date: Mon, 24 Nov 2003 17:01:39 -0000
From: "spleen" <james.welsby@virgin.net>
Subject: client/ server
Message-Id: <VKqwb.2017$3P2.881820@newsfep1-win.server.ntli.net>
Hiya,
Basically at the moment Im planning on using a python script to send a
string of text to a website, I was woundering in perl, using the cgi-bin how
I can accept this connection and take the text string and add it to a file
(.txt)
cheers
greg
------------------------------
Date: 24 Nov 2003 17:52:20 +0000
From: Brian McCauley <nobull@mail.com>
Subject: Re: client/ server
Message-Id: <u9k75pfycr.fsf@wcl-l.bham.ac.uk>
"spleen" <james.welsby@virgin.net> writes:
>
> Basically at the moment Im planning on using a python script to send a
> string of text to a website, I was woundering in perl, using the cgi-bin how
> I can accept this connection and take the text string and add it to a file
> (.txt)
Basically, you should either learn en enough Perl write a script yourself or hire
someone who knows enough Perl to write it for you.
Examples and tutorials of writing trivial CGI scipts in Perl can be
found all over the place.
If you have problems feel free to come here for help.
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Mon, 24 Nov 2003 09:56:55 -0500
From: Jeff 'japhy' Pinyan <pinyaj@rpi.edu>
Subject: Re: code structure
Message-Id: <Pine.SGI.3.96.1031124095624.14294A-100000@vcmr-64.server.rpi.edu>
On Mon, 24 Nov 2003, Edo wrote:
>could this
>
> %info = prepare (%data, $field);
>
>using the same method as you suggested be done
> prepare (%data, $field => %info); ?
Sure... just a note, though. The '=>' is really the same as a comma, it
just has a nice visual connotation.
--
Jeff Pinyan RPI Acacia Brother #734 2003 Rush Chairman
"And I vos head of Gestapo for ten | Michael Palin (as Heinrich Bimmler)
years. Ah! Five years! Nein! No! | in: The North Minehead Bye-Election
Oh. Was NOT head of Gestapo AT ALL!" | (Monty Python's Flying Circus)
------------------------------
Date: Mon, 24 Nov 2003 18:44:41 GMT
From: Uri Guttman <uri@stemsystems.com>
Subject: Re: Comments on parsing solution.
Message-Id: <x7ptfhy5bb.fsf@mail.sysarch.com>
>>>>> "TA" == Tore Aursand <tore@aursand.no> writes:
>> my has a runtime effect of clearing variables.
TA> That's right, but you must be a real speed-demon if you're hoping to gain
TA> anything. But - I guess - a little here and a little there sums up to be
TA> something very big somewhere else. :-)
TA> Just for the fun of it, I benchmark'ed this. Setting a scalar, an array
TA> and a hash explicit took more than twice the time than "leaving them
TA> alone".
good to know but i don't assign () or undef in my as it is redundant and
poor style IMO. the higher speed is nice as well.
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.stemsystems.com
--Perl Consulting, Stem Development, Systems Architecture, Design and Coding-
Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
------------------------------
Date: Mon, 24 Nov 2003 14:14:06 +0000 (UTC)
From: Stan Brown <stanb@panix.com>
Subject: Re: Image::Magick memory leak question
Message-Id: <bpt3ne$12e$1@reader2.panix.com>
In <slrnbrqddg.vu6.mgjv@verbruggen.comdyn.com.au> Martien Verbruggen <mgjv@tradingpost.com.au> writes:
>On Wed, 19 Nov 2003 19:57:31 +0000 (UTC),
> Stan Brown <stanb@panix.com> wrote:
>> In <bpgf47$fei$2@wisteria.csv.warwick.ac.uk> Ben Morrow <usenet@morrow.me.uk> writes:
>>>> my $image = Image::Magick->new(magick=>'GIF',font=>'clean');
>>>> $image->Read($l_tmpfile);
>>>> undef $image;
>>>>
>>>> In a loop leaks memory.
>[snip of other material, which is not relevant to this point]
>> BTW, adding @$image = ();, right before the undef $image; call seems to
>> have drasticly lowered the ammount of memory that it's leaking.
>It shouldn't make a difference.
>An ImageMagick object is a blessed reference to an array of
>ImageMagick objects. If you undef the object, then all other elements
>in the data structure should automatically be freed up. getting rid of
>them explicitly by doing @$im = (); _should_ not make a difference.
>If it does, then there is a bug in ImageMagick, and the authors should
>be told.
>When you report the bug, make sure you try the latest version, and
>include information about the versions of Perl, IM and your
>platform/OS. It would also be a good idea to mention how you measure
>that there is a memory leak, and how large it is.
Thanks for the advice.
Unfortunately, I can't get the latest version to build on the target
machine (Debian "testing").
--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin
------------------------------
Date: Mon, 24 Nov 2003 14:15:54 +0000 (UTC)
From: Stan Brown <stanb@panix.com>
Subject: Re: Image::Magick memory leak question
Message-Id: <bpt3qq$12e$2@reader2.panix.com>
In <bpjl3q$qps$2@wisteria.csv.warwick.ac.uk> Ben Morrow <usenet@morrow.me.uk> writes:
>Stan Brown <stanb@panix.com> wrote:
>> In <3fbc4f37.145998938@news2.news.adelphia.net>
>> posting.account@lynxview.com (William Herrera) writes:
>> Yes, it make perfect sense. I was naievly believing that since I had left
>> the subroutine, and the $image object was "local" to it, that all traces of
>> it would eb retruned to the free pool, as would be done, for non malloced
>> memory in C.
>>
>> This seems to be a pretty basic weakness of perl. I wonder if perl6
>> addresses this?
>No, this is a basic weakness of ImageMagick, or of C. Perl will
>correctly tell the Image::Magick object to free itself at the end of
>the scope: if it fails to do so correctly, this is not Perl's fault.
Well, OK. I guess I was thinking in a perfect world, perl would be in
charge of freeing all out of scope objects. Isn't that one og Java's claims
to fame? Or not, I know littel about Java.
--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin
------------------------------
Date: Mon, 24 Nov 2003 15:15:58 +0000 (UTC)
From: Ben Morrow <usenet@morrow.me.uk>
Subject: Re: Image::Magick memory leak question
Message-Id: <bpt7be$bsv$2@wisteria.csv.warwick.ac.uk>
Stan Brown <stanb@panix.com> wrote:
> In <bpjl3q$qps$2@wisteria.csv.warwick.ac.uk> Ben Morrow
> <usenet@morrow.me.uk> writes:
> >Stan Brown <stanb@panix.com> wrote:
> >> This seems to be a pretty basic weakness of perl. I wonder if perl6
> >> addresses this?
>
> >No, this is a basic weakness of ImageMagick, or of C. Perl will
> >correctly tell the Image::Magick object to free itself at the end of
> >the scope: if it fails to do so correctly, this is not Perl's fault.
>
> Well, OK. I guess I was thinking in a perfect world, perl would be in
> charge of freeing all out of scope objects. Isn't that one og Java's claims
> to fame? Or not, I know littel about Java.
Yes it is, and also one of Perl's. However, most of Image::Magick is
not written in Perl, but in C, so it can leak. Similarly, stuff
written for Java using the JNI (the Java equivalent of XS) can leak,
as well.
Ben
--
Although few may originate a policy, we are all able to judge it.
- Pericles of Athens, c.430 B.C.
ben@morrow.me.uk
------------------------------
Date: Mon, 24 Nov 2003 15:37:09 GMT
From: Dan Anderson <dan@mathjunkies.com>
Subject: Re: Newbie question - calling perl from html
Message-Id: <m265h94w2j.fsf@syr-24-59-76-83.twcny.rr.com>
Charles <charles_dunhill@postmaster.co.uk> writes:
First off, from your responses to other posts, you seem to be
in a hurry to get this done. That's understandable, but it seems
you're very confused about how everything works. You talk of using
the right "keywords", whereas you're using several separate
technolgies (unsuccessfully) in your script:
1. HTML
2. CGI
3. Javascript
These are *distinct and seperate things*. So you need to
(ideally) attack the problem in those three different parts. Check
out safari.oreilly.com and get their 14 day free trial. Then you
might want to do some reading.
Your perl script outputs, for all intensive purposes, an HTML
document. You can only include it within a web page using an HTML or
javascript command to include an HTML web page. We know this because
you're outputting a text/html header.
Counters, however, use images. So all you need to do to
include a counter is by using an <img src=> tag. This doesn't help us
because, well, you're using a perl script which outputs a *web page*
and not an *image*.
You have four options for including *text* on a web page:
1. Don't use HTML or include all of the HTML in your perl
script. If you include all of the HTML from the web page
in your perl script you can just open the perl script like
it was a web page. If you don't use HTML you can figure
out some other way to communicate using Perl.
2. Use an iFrame element. <iframe="url"> puts the web page
from url into an inline frame with a scroll bar within the
web page. Unfortunately this is only properly supported
by IE (and possibly Opera -- not sure).
3. Use Javascript to read in the output of your script and
output it to the web page.
4. Create an image of the text you want to display, and
include it using an <img src=""> tag -- thus defeating the
need for embedding text within a web page.
-Dan
------------------------------
Date: Mon, 24 Nov 2003 17:32:01 GMT
From: Juha Laiho <Juha.Laiho@iki.fi>
Subject: Re: Performance problem on SunOS 5.8
Message-Id: <bptf2v$ua7$1@ichaos.ichaos-int>
kielhd@freenet.de (kielhd) said:
>I am running a script doing some calculations on a SunOS box. It takes
>about 11hrs to finish.
>When running the same script on WinNT, it takes only 7min!
Adding to the other requests, you're not giving any info on what
hardware you're on. I believe I could find a WinNT environment that
runs at a fraction of the speed of the WinNT environment you have,
and perhaps also a WinNT environment twice as fast as you have.
Of course, _if_ these results were obtained on the same hardware
(doesn't seem so), it's a different issue.
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
------------------------------
Date: 24 Nov 2003 17:41:36 GMT
From: Abigail <abigail@abigail.nl>
Subject: Re: Performance problem on SunOS 5.8
Message-Id: <slrnbs4gmg.q9r.abigail@alexandra.abigail.nl>
kielhd (kielhd@freenet.de) wrote on MMMDCCXXXVII September MCMXCIII in
<URL:news:10a4173d.0311232306.2648e882@posting.google.com>:
__ Hi NG,
__ I am running a script doing some calculations on a SunOS box. It takes
__ about 11hrs to finish.
__ When running the same script on WinNT, it takes only 7min!
__ I was very surprised about WinNT being app. 100 times faster then
__ SunOS and compared the results. The results are the same, so the
__ script is working well on both machines.
__ I am using perl v5.8.0 and the module Net::Netmask on both machines.
__
__ Could somebody please explain this to me or - even better - give me a
__ hint of how to improve the performance on SunOS.
Speed up line 17.
Abigail
--
BEGIN {$^H {q} = sub {pop and pop and print pop}; $^H = 2**4.2**12}
"Just "; "another "; "Perl "; "Hacker\n";
------------------------------
Date: 24 Nov 2003 09:32:29 -0800
From: carusoa@optonline.net (AnnMarie)
Subject: Perl Editor
Message-Id: <c659b5f9.0311240932.58c5a21@posting.google.com>
What is the best editor for Perl CGI-Scripts?
------------------------------
Date: 24 Nov 2003 17:33:23 GMT
From: Xaonon <xaonon@hotpop.com>
Subject: Re: Perl Editor
Message-Id: <slrnbs4g6t.qvf.xaonon@xaonon.local>
Ned i bach <c659b5f9.0311240932.58c5a21@posting.google.com>, AnnMarie
<carusoa@optonline.net> teithant i thiw hin:
> What is the best editor for Perl CGI-Scripts?
Emacs.
--
Xaonon, EAC Chief of Mad Scientists and informal BAAWA, aa #1821, Kibo #: 1
http://xaonon.dyndns.org/ Guaranteed content-free since 1999. No refunds.
"No more gods, no more faith, no more timid holding back. The future
belongs to posthumanity." -- Max More
------------------------------
Date: 24 Nov 2003 17:39:42 GMT
From: James Keasley <me@privacy.net>
Subject: Re: Perl Editor
Message-Id: <slrnbs4gis.9a5.me@localhost.localdomain>
In article <c659b5f9.0311240932.58c5a21@posting.google.com>, AnnMarie wrote:
> What is the best editor for Perl CGI-Scripts?
Either Emacs or Vi, depending on how your brain works.
IIRC they are both available on *nix and Win32 systems, and they both have
very good syntax highlighting and other useful features.
--
James jamesk[at]homeric[dot]co[dot]uk
"...And so it begins." (Amb. Kosh, B5 "Chrysalis")
------------------------------
Date: 24 Nov 2003 14:41:42 GMT
From: ctcgag@hotmail.com
Subject: Re: Protecting Source code of a perl script
Message-Id: <20031124094142.552$HO@newsreader.com>
"Eric J. Roode" <REMOVEsdnCAPS@comcast.net> wrote:
> Hash: SHA1
>
> ctcgag@hotmail.com wrote in news:20031120130645.330$nD@newsreader.com:
>
> > "Eric J. Roode" <REMOVEsdnCAPS@comcast.net> wrote:
> [...]
> >> What makes you think that hiding the source code will make your
> >> application more secure?
> >
> > Reality.
>
> Hah. It will make your application more secure if and only if there are
> no crackers who will try to reverse-engineer your algorithms,
Actually, it will be more secure only if there are crackers. If there
are no crackers, security isn't an issue in the first place.
>*and* there
> are no bugs or holes that can be found by white-hats.
If you change "can" to "will", I might agree with you there.
> >> Typically, a dedicated cracker will figure out
> >> what the program is doing and find a way around it anyhow,
> >
> > True, and a dedicated lock-picker can pick my lock. But I'd prefer
> > not to make the parts transparent, as that would lower the bar for how
> > dedicated he would have to be.
>
> That analogy is not quite on. The parts need not be transparent, but the
> design of the lock should be published. Would you trust a lock from a
> manufacturer who refused to tell you how it worked, but simply said,
> "Trust me. It's super-duper secure. Nobody can pick this lock!" ?
Well, if *I* was that manufacturer, sure, I would trust myself. And isn't
that what's going on here?
> >> while your
> >> program may not be reviewed for bugs or security holes by your peers.
> >
> > It seems like a rather unlikely event that some kind-hearted person is
> > going to stumble upon your code uninvited, find the holes, and point
> > them out to you. Premeditated code review is a great thing, but in
> > the absense of it, it's hard to see how making the code available to
> > untrustworthy parties is a good thing.
>
> It may seem unlikely, but nearly every month some white-hat finds and
> reports (or patches) a security hole in sendmail, bind, or any of a
> hundred other unix networking and administration tools.
But the poster isn't writing any of a hundred unix networking or
administration tools. It doesn't sound like he wants to upload
his code to CPAN. He doesn't command the attention and respect
of a bunch of white-hats. So if he makes it easy for someone to find
the holes, chances are that that someone will be doing so in order to
exploit the holes, not to report them. If he doesn't even trust his
administrator, who is he going to trust to be wearing the white hat?
> Often, these are
> professionals who have encountered a problem at work, but often they are
> also hobbyists who are endeavoring to understand the program.
>
> There is no possibility of such peer-review with, say, Microsoft
> networking and administration tools. Many bugs are reported, and many
> patches come out. These must perforce come by way of internal code
> review at Microsoft, or painstaking reverse-engineering by people in the
> field.
Right. And that reverse-engineering by people in the field is just as
painstaking for the black-hats as it is for the white-hats. You can't have
it both ways.
> I suspect there are far more latent security holes in MS-Windows OS
> software than in unix OS software, simply because in the unix world, it
> is all laid bare for everyone to see.
But he isn't writing unix OS software. I doubt he has a bunch of groupies
to review the code he is writing.
>
> Take for example the PGP program with which I signed this message.
> Nobody will argue that it's not secure -- and its source code is open for
> anyone to see.
And does that make it secure from an untrusted administrator? How do you
know that what I, evil person in charge of your computer, installed on the
machine is actually identical to the source that is open for anyone to see?
Xho
--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service New Rate! $9.95/Month 50GB
------------------------------
Date: Mon, 24 Nov 2003 15:19:47 +0000 (UTC)
From: Ben Morrow <usenet@morrow.me.uk>
Subject: Re: Protecting Source code of a perl script
Message-Id: <bpt7ij$bsv$3@wisteria.csv.warwick.ac.uk>
ctcgag@hotmail.com wrote:
> "Eric J. Roode" <REMOVEsdnCAPS@comcast.net> wrote:
> > That analogy is not quite on. The parts need not be transparent, but the
> > design of the lock should be published. Would you trust a lock from a
> > manufacturer who refused to tell you how it worked, but simply said,
> > "Trust me. It's super-duper secure. Nobody can pick this lock!" ?
>
> Well, if *I* was that manufacturer, sure, I would trust myself. And isn't
> that what's going on here?
If it is, then you should not. Not unless you are a computer security expert.
The main point here, which you seem not to be getting, is that is it
*just as easy* (pretty much) to find exploitable holes in code if you
don't have the source, but impossible to fix them.
Ben
--
Although few may originate a policy, we are all able to judge it.
- Pericles of Athens, c.430 B.C.
ben@morrow.me.uk
------------------------------
Date: 24 Nov 2003 15:51:16 GMT
From: rgarciasuarez@free.fr (Rafael Garcia-Suarez)
Subject: Re: Protecting Source code of a perl script
Message-Id: <slrnbs4a2k.irn.rgarciasuarez@rafael.serd.lyon.hexaflux.loc>
Ben Morrow wrote:
>
>The main point here, which you seem not to be getting, is that is it
>*just as easy* (pretty much) to find exploitable holes in code if you
>don't have the source, but impossible to fix them.
And to audit them.
Installing an obfuscated script to run on a system I administrate would
be a no-no. It demonstrates (a) the lack of knowledge of the author
(b) the lack of confidence he has on his own skills (c) the poor opinion
s?he has of his users.
------------------------------
Date: 24 Nov 2003 08:23:53 -0800
From: myfam@surfeu.fi (Andrew)
Subject: Re: sending stdin to a shell command in perl
Message-Id: <c5826e91.0311240823.6fdac70b@posting.google.com>
tadmc@augustmail.com (Tad McClellan) wrote in message news:<slrnbs316h.ooh.tadmc@magna.augustmail.com>...
> Andrew <myfam@surfeu.fi> wrote:
>
> > in my simple perl script I have to send string to stdin of an
> > excutable binary which I run from perl.
>
>
> perldoc perlopentut
>
> perldoc -f open
Hm, I need to execute command from perl pass something to its stdin
and read from stdout. Can you give an example?
Thanks
Andrew
------------------------------
Date: Mon, 24 Nov 2003 17:08:14 +0000 (UTC)
From: Ben Morrow <usenet@morrow.me.uk>
Subject: Re: sending stdin to a shell command in perl
Message-Id: <bptdtu$j13$1@wisteria.csv.warwick.ac.uk>
myfam@surfeu.fi (Andrew) wrote:
> Hm, I need to execute command from perl pass something to its stdin
> and read from stdout. Can you give an example?
perldoc -q both
Ben
--
I've seen things you people wouldn't believe: attack ships on fire off the
shoulder of Orion; I've watched C-beams glitter in the darkness near the
Tannhauser Gate. All these moments will be lost, in time, like tears in rain.
Time to die. |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| ben@morrow.me.uk
------------------------------
Date: 24 Nov 2003 17:15:12 GMT
From: vek@station02.ohout.pharmapartners.nl (Villy Kruse)
Subject: Re: sending stdin to a shell command in perl
Message-Id: <slrnbs4f50.5kp.vek@station02.ohout.pharmapartners.nl>
On 24 Nov 2003 08:23:53 -0800,
Andrew <myfam@surfeu.fi> wrote:
>tadmc@augustmail.com (Tad McClellan) wrote in message news:<slrnbs316h.ooh.tadmc@magna.augustmail.com>...
>> Andrew <myfam@surfeu.fi> wrote:
>>
>> > in my simple perl script I have to send string to stdin of an
>> > excutable binary which I run from perl.
>>
>>
>> perldoc perlopentut
>>
>> perldoc -f open
>
>Hm, I need to execute command from perl pass something to its stdin
>and read from stdout. Can you give an example?
Running the command "perldoc perlopentut" will give you examples.
Villy
------------------------------
Date: Mon, 24 Nov 2003 17:45:23 GMT
From: Darin McBride <dmcbride@naboo.to.org.no.spam.for.me>
Subject: Re: sending stdin to a shell command in perl
Message-Id: <Tsrwb.485454$pl3.279689@pd7tw3no>
Andrew wrote:
> tadmc@augustmail.com (Tad McClellan) wrote in message
> news:<slrnbs316h.ooh.tadmc@magna.augustmail.com>...
>> Andrew <myfam@surfeu.fi> wrote:
>>
>> > in my simple perl script I have to send string to stdin of an
>> > excutable binary which I run from perl.
>>
>>
>> perldoc perlopentut
>>
>> perldoc -f open
>
> Hm, I need to execute command from perl pass something to its stdin
> and read from stdout. Can you give an example?
That becomes a bit more difficult than I think Tad thought.
Admittedly, I missed it, too.
You may want to look at:
perldoc IPC::Open2
------------------------------
Date: 24 Nov 2003 10:46:56 -0800
From: ttyp32000@yahoo.com (jonathan)
Subject: Re: status of redirecting STDOUT/STDERR to file
Message-Id: <f05e664d.0311241046.13eb600d@posting.google.com>
anno4000@lublin.zrz.tu-berlin.de (Anno Siegel) wrote in message news:<bpklsj$da3$1@mamenchi.zrz.TU-Berlin.DE>...
> jonathan <ttyp32000@yahoo.com> wrote in comp.lang.perl.misc:
> > hey all,
> >
> > just curious, but if I do the following (after __cut__), does this
> > have any repercussions for the 'regular' STDERR, STDOUT handles?
>
> It shouldn't.
>
> Why are you dealing with STDOUT in redirect()? You're not using it in
> any way.
its called a *typo*. read:
print STDOUT "HERE!!!\n";
print STDERR "HEREA!!!!\n";
I appreciate the help, but the attitude could be a little less snide.
The code snippet was designed to show whether or not any effects might
happen outside of the subroutine.
jon
------------------------------
Date: Mon, 24 Nov 2003 18:34:21 +0100
From: "Alexandre Jaquet" <alexj@freesurf.ch>
Subject: substring
Message-Id: <3fc24122$0$3220$5402220f@news.sunrise.ch>
Hi,
I'm new to perl and I want to extract a substring from a response :
I wanna to extract the part between pseudoinscrite= and " I've try
something like that but don't know how to do :
if ($resp->content =~/pseudoinscrite=(.+)"/) {
// affect to $user the value
Thanks for your help.
------------------------------
Date: Mon, 24 Nov 2003 08:17:06 -0800
From: "Tom" <tom@nosleep.net>
Subject: use strick & hash ref
Message-Id: <3fc23c67$1@nntp0.pdx.net>
Hi
I do not understand the error:
Cannot use string to reference has while use strict
This makes no sense.
The correct hash reference is i.e., per the manual
$newval = $hash{DATA};
This works fine and correctly polulates the hash and works in a tied hash
system, up until I uncomment use strict.
Can someone please point me to docs with the reason and corect way to
reference hashes.
Thanks,
Tom
------------------------------
Date: Mon, 24 Nov 2003 18:37:36 +0100
From: Amir Kadic <zoooz@gmx.de>
Subject: Re: use strick & hash ref
Message-Id: <bptcgc$1s7nv9$1@ID-142982.news.uni-berlin.de>
Tom wrote:
> $newval = $hash{DATA};
my $newval = $hash{DATA};
probably is the answer.
------------------------------
Date: Mon, 24 Nov 2003 17:47:17 GMT
From: Darin McBride <dmcbride@naboo.to.org.no.spam.for.me>
Subject: Re: use strick & hash ref
Message-Id: <Furwb.487748$9l5.57525@pd7tw2no>
Tom wrote:
> Hi
>
> I do not understand the error:
>
> Cannot use string to reference has while use strict
>
> This makes no sense.
> The correct hash reference is i.e., per the manual
>
>
> $newval = $hash{DATA};
>
> This works fine and correctly polulates the hash and works in a tied hash
> system, up until I uncomment use strict.
>
> Can someone please point me to docs with the reason and corect way to
> reference hashes.
What you're doing is correct ... given the lack of context. But we'd
need more code to see what you're doing wrong. Try reproducing your
error with the smallest amount of code - that excersise alone may point
you to your problem. If not, then post the complete sample code that
we can use to run on our systems.
Thanks,
------------------------------
Date: 24 Nov 2003 17:49:04 +0000
From: Brian McCauley <nobull@mail.com>
Subject: Re: use strick & hash ref
Message-Id: <u9oev1fyi7.fsf@wcl-l.bham.ac.uk>
"Tom" <tom@nosleep.net> writes:
> I do not understand the error:
>
> Cannot use string to reference has while use strict
That is not a Perl error message. Please always post error messages
verbatim. Do not paraphrase.
There is, a very similar Perl error message:
Can't use string ("....") as a HASH ref while "strict refs" in use
Is that perhaps what you saw?
> This makes no sense.
So why did you post it? :-)
> $newval = $hash{DATA};
>
> This works fine and correctly polulates the hash
It would not be correct for the above line to populate the hash.
> and works in a tied hash system, up until I uncomment use strict.
The above line would not (directly) cause the "Can't use string as a
HASH ref" error. If it looks like it is then there's something odd
going on. You say %hash is tied? What is it tied to - looks like
the tied hash implementation object is carp()ing.
Please generate a _minimal_ but _complete_ script to illustrate your
question.
Post it here verbatim.
See posting guidelines for further advice on helping people to help you.
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: 24 Nov 2003 18:03:27 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: use strick & hash ref
Message-Id: <bpth5f$7uq$2@mamenchi.zrz.TU-Berlin.DE>
Tom <tom@nosleep.net> wrote in comp.lang.perl.misc:
> Hi
>
> I do not understand the error:
>
> Cannot use string to reference has while use strict
>
> This makes no sense.
No, it doesn't, not with your code below.
> The correct hash reference is i.e., per the manual
^^^^
I don't like that "i.e.". Please don't show an arbitrary example, show
the code that gave you the error message.
> $newval = $hash{DATA};
That code doesn't give you the error message you (vaguely) quote.
> This works fine and correctly polulates the hash and works in a tied hash
> system, up until I uncomment use strict.
>
> Can someone please point me to docs with the reason and corect way to
> reference hashes.
Start with "perldoc strict". If you can "use" it, you can also "perldoc"
it.
Anno
------------------------------
Date: Mon, 24 Nov 2003 10:07:53 -0800
From: "Tom" <tom@nosleep.net>
Subject: Re: use strick & hash ref
Message-Id: <3fc2565e$1@nntp0.pdx.net>
Thanks guys.
I'll try to debug and post tonight some code.
The script is 15K lines, so I'll have to reproduce the error in example.
The weird thing is, this seems to come and go, i.e.e not happen every run.
Tom
------------------------------
Date: Mon, 24 Nov 2003 18:40:21 GMT
From: Darin McBride <dmcbride@naboo.to.org.no.spam.for.me>
Subject: Re: use strick & hash ref
Message-Id: <pgswb.484301$6C4.206287@pd7tw1no>
Tom wrote:
> Thanks guys.
>
> I'll try to debug and post tonight some code.
> The script is 15K lines, so I'll have to reproduce the error in example.
In the future, I would recommend *starting* with "use strict" rather
than attempting to fit it in later. That way, when you get the problem
after adding only 100 lines, you'll know the problem is related to
those 100 lines.
> The weird thing is, this seems to come and go, i.e.e not happen every run.
What you're looking for is that you possibly have two variables with
the same name, one $hash, the other %hash. While this is perfectly
valid, you do need to be always aware of when you're using $hash->{...}
(using $hash) vs $hash{...} (using %hash). Thus, in general, I'd
suggest attempting to avoid this.
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 5852
***************************************
