From gtts3 at cable.net.co Wed Aug 4 00:02:39 2004 From: gtts3 at cable.net.co (gtts3@cable.net.co) Date: Wed Aug 4 00:02:39 2004 Subject: Dont miss print supplies savings Message-ID: <137.312369.872739@cable.net.co> An HTML attachment was scrubbed... URL: http://mail.pm.org/archives/melbourne-pm/attachments/20020812/a6f13b05/attachment.htm From Dont_miss_printsupplies120032 at mindspring.com Wed Aug 4 00:02:49 2004 From: Dont_miss_printsupplies120032 at mindspring.com (Dont_miss_printsupplies120032@mindspring.com) Date: Wed Aug 4 00:02:49 2004 Subject: LASER PRINTER, COPIER, & FAX SUPPLIES. Message-ID: <706.94824.70160@unknown> An HTML attachment was scrubbed... URL: http://mail.pm.org/archives/melbourne-pm/attachments/20030127/37bec6cd/attachment.htm From scottp at dd.com.au Sun Aug 8 00:18:15 2004 From: scottp at dd.com.au (Scott Penrose) Date: Sun Aug 8 00:18:37 2004 Subject: [Melbourne-pm] Talks for next week Message-ID: <59B6FAB0-E8FA-11D8-BB0A-000D93ADDF32@dd.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Perl Mongers We have a volunteer for one talk next week and I was wondering if people had some others. In particular, those of you who have had a talk accepted at OSDC may want the opportunity to give it a test run. We will be happy to listen and if you would like also give you some feedback. Email your suggestions. Ta Scooter - -- * - * http://www.osdc.com.au - Open Source Developers Conference * - * Scott Penrose VP in charge of Pancakes http://linux.dd.com.au/ scottp@dd.com.au Dismaimer: If you receive this email in error - please eat it immediately to prevent it from falling into the wrong hands. Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBFbebDCFCcmAm26YRAkhZAJ9yi3TRmtxccuoRpBB66I1QQhNB2gCgnHxx OTH0JEoOoE6Tg+9k2Pd9R+Q= =Lwtk -----END PGP SIGNATURE----- From pjf at perltraining.com.au Sun Aug 8 20:53:33 2004 From: pjf at perltraining.com.au (Paul Fenwick) Date: Sun Aug 8 20:53:38 2004 Subject: [Melbourne-pm] Proc::UID testing, call for machines Message-ID: <4116D91D.2040802@perltraining.com.au> G'day Everyone, After a small break, I'm working on improving Proc::UID to provide better support for systems that do not provide a native getresuid/setresuid implementation. I'm hoping to start with BSD and friends, as that covers a very large number of installed systems. After that I'll worry about systems like Solaris where you have to dig into the /proc filesystem to get your saved-UID. Unfortunately, I don't have any BSD boxes handy, which makes my development cycle on these machines rather long. As such, I'm requesting a little help. If anyone happens to have a *BSD machine (including MacOS X), and does not mind me having access to it, please let me know. All I really need is Perl, cvs, and a compiler -- having man pages would definitely be a plus. I don't need root, and I'm happy for my every keystroke to be logged. It should go without saying, but please make sure that you have the authority to give me access before making any offer. Cheerio, Paul -- Paul Fenwick | http://perltraining.com.au/ Director of Training | Ph: +61 3 9354 6001 Perl Training Australia | Fax: +61 3 9354 2681 From alfiejohn at acm.org Sun Aug 8 21:29:31 2004 From: alfiejohn at acm.org (Alfie John) Date: Sun Aug 8 21:29:48 2004 Subject: [Melbourne-pm] Proc::UID testing, call for machines In-Reply-To: <4116D91D.2040802@perltraining.com.au> Message-ID: <000001c47db8$b7944ae0$5f3f1cd3@aldags> Hi Paul, >Unfortunately, I don't have any BSD boxes handy, >which makes my development cycle on these machines >rather long. As such, I'm requesting a little help. >If anyone happens to have a *BSD machine (including >MacOS X), and does not mind me having access to it, >please let me know. I don't have any boxes online, but do have a couple of old Pentium boxes you could borrow. Disk space is small (between 500Mb - 6 gig), but that should be all you need for BSD, Perl and CVS. int 20h; Alfie John From pjf at perltraining.com.au Sun Aug 8 21:56:28 2004 From: pjf at perltraining.com.au (Paul Fenwick) Date: Sun Aug 8 21:56:31 2004 Subject: [Melbourne-pm] Proc::UID testing, call for machines In-Reply-To: <000001c47db8$b7944ae0$5f3f1cd3@aldags> References: <000001c47db8$b7944ae0$5f3f1cd3@aldags> Message-ID: <4116E7DC.4090504@perltraining.com.au> G'day Alfie / All, Firstly, I've had two generous offers to give me access to both a NetBSD and FreeBSD machine. Thank-you very much, this should keep me out of trouble for a little while. Alfie John wrote: > I don't have any boxes online, but do have a couple of old Pentium boxes > you could borrow. Disk space is small (between 500Mb - 6 gig), but that > should be all you need for BSD, Perl and CVS. I'm afraid I'm going to have to decline x86 hardware, as I have a goodly amount of it lying around myself -- I'm just too lazy to build a whole new box in order to run a couple of devel/test cycles on it. ;) However, if you do want to put your old hardware to good use, you may wish to look at computerbank (www.computerbank.org.au). Cheerio, Paul -- Paul Fenwick | http://perltraining.com.au/ Director of Training | Ph: +61 3 9354 6001 Perl Training Australia | Fax: +61 3 9354 2681 From scottp at dd.com.au Tue Aug 10 19:08:22 2004 From: scottp at dd.com.au (Scott Penrose) Date: Tue Aug 10 19:08:38 2004 Subject: [Melbourne-pm] Meeting Cancelled for Tonight & Incorporation Message-ID: <8EA7E9AA-EB2A-11D8-9EF9-000D93ADDF32@dd.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dudes Very sorry for the short notice here. Many of the presenters and organisers for Melbourne Perl Mongers have been spending their spare time preparing for the Open Source Developers Conference - things are going really well and we now have 45 speakers organised for the event - it will rock ! Therefore we have decided that it is best to cancel the meeting tonight and hopefully organise a longer and better meeting next month. On some other news we are finally incorporated. Next we will have a bank account (all free thanks to the banks and society accounts, I guess they have to do something right). Thanks for your patience and see you next month. BTW. Congratulations to those who have had their talks accepted for OSDC, don't forget you can try them on a smaller group at our meetings. Scott - -- * - * http://www.osdc.com.au - Open Source Developers Conference * - * Scott Penrose Welcome to the Digital Dimension http://www.dd.com.au/ scottp@dd.com.au Dismaimer: Contents of this mail and signature are bound to change randomly. Whilst every attempt has been made to control said randomness, the author wishes to remain blameless for the number of eggs that damn chicken laid. Oh and I don't want to hear about butterflies either. Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBGWN2DCFCcmAm26YRAqVyAJ0foXb4iIEd4wQ2aBvb9wAOMJQCwQCfQFA1 q72Ln7jmNJwsaPmMrE6Mlcs= =gPMe -----END PGP SIGNATURE----- From joshua at roughtrade.net Fri Aug 13 08:28:06 2004 From: joshua at roughtrade.net (Joshua Goodall) Date: Fri Aug 13 08:28:16 2004 Subject: [Melbourne-pm] $a $b $c Message-ID: <20040813132806.GG6480@roughtrade.net> Slightly amused by: [529] joshua@green:~$ perl -le 'use strict; $a = 42;' [529] joshua@green:~$ perl -le 'use strict; $b = 101;' [530] joshua@green:~$ perl -le 'use strict; $c = 3.141;' Global symbol "$c" requires explicit package name at -e line 1. Execution of -e aborted due to compilation errors. This probably has something to do with sort BLOCK, doesn't it? perlfunc -f sort alludes to $a / $b being package variables, but I'd always assumed it was black magic for 'sort BLOCK' only. There appears to be an implied our($a, $b) at the start of each scope. This tripped me up today because -w / use strict didn't catch a typo I'd made. Briefly tested with 5.8.5 only. J -- Joshua Goodall "as modern as tomorrow afternoon" joshua@roughtrade.net - FW109 From tconnors+pmmelb at astro.swin.edu.au Fri Aug 13 08:34:47 2004 From: tconnors+pmmelb at astro.swin.edu.au (Tim Connors) Date: Fri Aug 13 08:35:02 2004 Subject: [Melbourne-pm] $a $b $c In-Reply-To: <20040813132806.GG6480@roughtrade.net> References: <20040813132806.GG6480@roughtrade.net> Message-ID: On Fri, 13 Aug 2004, Joshua Goodall wrote: > Slightly amused by: > > [529] joshua@green:~$ perl -le 'use strict; $a = 42;' > [529] joshua@green:~$ perl -le 'use strict; $b = 101;' > [530] joshua@green:~$ perl -le 'use strict; $c = 3.141;' > Global symbol "$c" requires explicit package name at -e line 1. > Execution of -e aborted due to compilation errors. > > This probably has something to do with sort BLOCK, doesn't it? > perlfunc -f sort alludes to $a / $b being package variables, > but I'd always assumed it was black magic for 'sort BLOCK' only. I was amused and then annoyed today, when I noticed in all of my perl scripts that use 'mycommon'; and perl -w: complained with: Subroutine log10 redefined at /home/office/tconnors/perllib/mycommon.pm line 118. It turns out that despite the manpage (perlfunc) not saying anything about log10, if I have my own "sub log10" in mycommon.pm, in @EXPORT, then perl complains about log10 being redefined. If I remove log10 from the mycommon.pm altogether, then perl complains no such routine being defined. If I simply remove the definition from mycommon.pm, but still keep it in @EXPORT and @EXPORT_OK, then all works fine. Maybe perl has defined a log10, but someone forgot to @EXPORT it? -- TimC -- http://astronomy.swin.edu.au/staff/tconnors/ Just don't create a file called -rf. :-) -- Larry Wall in <11393@jpl-devvax.JPL.NASA.GOV> From kalinabears at iinet.net.au Fri Aug 13 18:25:19 2004 From: kalinabears at iinet.net.au (Sisyphus) Date: Fri Aug 13 18:30:48 2004 Subject: [Melbourne-pm] $a $b $c In-Reply-To: References: <20040813132806.GG6480@roughtrade.net> Message-ID: <411D4DDF.20509@iinet.net.au> Tim Connors wrote: > On Fri, 13 Aug 2004, Joshua Goodall wrote: > > >>Slightly amused by: >> >>[529] joshua@green:~$ perl -le 'use strict; $a = 42;' >>[529] joshua@green:~$ perl -le 'use strict; $b = 101;' >>[530] joshua@green:~$ perl -le 'use strict; $c = 3.141;' >>Global symbol "$c" requires explicit package name at -e line 1. >>Execution of -e aborted due to compilation errors. >> >>This probably has something to do with sort BLOCK, doesn't it? >>perlfunc -f sort alludes to $a / $b being package variables, >>but I'd always assumed it was black magic for 'sort BLOCK' only. > The special status of $a and $b extends beyond the 'sort' block .... as you have just demonstrated :-) I don't know the details, but I guess that it's impractical and/or undesirable to limit that special status to a 'sort' block only. > > I was amused and then annoyed today, when I noticed in all of my perl > scripts that > > use 'mycommon'; > and perl -w: > > complained with: > Subroutine log10 redefined at /home/office/tconnors/perllib/mycommon.pm line 118. > > > It turns out that despite the manpage (perlfunc) not saying anything about > log10, if I have my own "sub log10" in mycommon.pm, in @EXPORT, then perl > complains about log10 being redefined. > Hmmm .... there's no such problem with a module that defines and exports a 'log10' subroutine on *my* perl. Are you sure you haven't defined the sub twice in 'mycommon.pm' ? Cheers, Rob From tconnors+pmmelb at astro.swin.edu.au Fri Aug 13 22:22:51 2004 From: tconnors+pmmelb at astro.swin.edu.au (Tim Connors) Date: Fri Aug 13 22:23:07 2004 Subject: [Melbourne-pm] $a $b $c In-Reply-To: <411D4DDF.20509@iinet.net.au> References: <20040813132806.GG6480@roughtrade.net> <411D4DDF.20509@iinet.net.au> Message-ID: On Sat, 14 Aug 2004, Sisyphus wrote: > Tim Connors wrote: > > On Fri, 13 Aug 2004, Joshua Goodall wrote: > > log10, if I have my own "sub log10" in mycommon.pm, in @EXPORT, then perl > > complains about log10 being redefined. > > > > Hmmm .... there's no such problem with a module that defines and exports > a 'log10' subroutine on *my* perl. > > Are you sure you haven't defined the sub twice in 'mycommon.pm' ? Quadruple checked. And furthermore, it seems to only fail on my 5.8.0 perl installation at work, but not my perl 5.8.4 here. Damn. Looks like I am going to have to do an ugly workaround until I can get the sysadmins to upgrade perl (not likely, since we use a stupid distribution that doesn't have the concept of upgrades without reinstalling everything) How do you temporarily turns warnings off around a block of code? -- TimC -- http://astronomy.swin.edu.au/staff/tconnors/ You must realize that the computer has it in for you. The irrefutable proof of this is that the computer always does what you tell it to do. From david_dick at iprimus.com.au Fri Aug 13 22:30:58 2004 From: david_dick at iprimus.com.au (David Dick) Date: Fri Aug 13 22:36:43 2004 Subject: [Melbourne-pm] $a $b $c In-Reply-To: References: <20040813132806.GG6480@roughtrade.net> <411D4DDF.20509@iinet.net.au> Message-ID: <411D8772.8@iprimus.com.au> try no warnings # # bad code here.. # use warnings Tim Connors wrote: > On Sat, 14 Aug 2004, Sisyphus wrote: > > >>Tim Connors wrote: >> >>>On Fri, 13 Aug 2004, Joshua Goodall wrote: >>>log10, if I have my own "sub log10" in mycommon.pm, in @EXPORT, then perl >>>complains about log10 being redefined. >>> >> >>Hmmm .... there's no such problem with a module that defines and exports >>a 'log10' subroutine on *my* perl. >> >>Are you sure you haven't defined the sub twice in 'mycommon.pm' ? > > > Quadruple checked. > > And furthermore, it seems to only fail on my 5.8.0 perl installation at > work, but not my perl 5.8.4 here. Damn. > > Looks like I am going to have to do an ugly workaround until I can get the > sysadmins to upgrade perl (not likely, since we use a stupid distribution > that doesn't have the concept of upgrades without reinstalling everything) > > How do you temporarily turns warnings off around a block of code? > From joshua at roughtrade.net Fri Aug 13 22:55:37 2004 From: joshua at roughtrade.net (Joshua Goodall) Date: Fri Aug 13 22:55:45 2004 Subject: [Melbourne-pm] $a $b $c In-Reply-To: References: <20040813132806.GG6480@roughtrade.net> <411D4DDF.20509@iinet.net.au> Message-ID: <20040814035537.GK6480@roughtrade.net> On Sat, Aug 14, 2004 at 01:22:51PM +1000, Tim Connors wrote: > How do you temporarily turns warnings off around a block of code? { no warnings; ... } J -- Joshua Goodall "as modern as tomorrow afternoon" joshua@roughtrade.net - FW109 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040814/7026713f/attachment.bin From daniel at rimspace.net Sat Aug 14 04:43:47 2004 From: daniel at rimspace.net (Daniel Pittman) Date: Sat Aug 14 04:44:05 2004 Subject: [Melbourne-pm] Perl web application framework recommendations Message-ID: <87657mkqb0.fsf@enki.rimspace.net> I am looking at doing some web application development, both to keep my hand in on the programming side and because I have a need for a couple of database driven tools. I have taken a look at a variety of packages out there, and now I am looking for recommendations about which ones actually work *well*. So far, the three options that look worth considering are OpenInteract, Maypole and writing my own framework. Also, in terms of modeling the data, one issue that I have is that I need to store an ordered set of objects associated with a given object. I also don't fancy writing my own database persistence layer, if I can at all avoid it, so I have been looking at those. So far, only Tangram seems to offer this functionality, and this is not well spoken of in a google search, and the lack of a home is also not very inspiring. Does anyone have anything helpful to offer, or especially a Class::DBI based solution with code, to achieve this? Thanks, Daniel -- Only pigs under husbandry without recourse are filthy animals. Swine in the wild are fastidious. I like pigs. Dogs look up to us. Cats look down on us. Pigs treat us as equals. -- Winston Churchill From scottp at dd.com.au Sat Aug 14 05:10:21 2004 From: scottp at dd.com.au (Scott Penrose) Date: Sat Aug 14 05:10:37 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <87657mkqb0.fsf@enki.rimspace.net> References: <87657mkqb0.fsf@enki.rimspace.net> Message-ID: <26CE8F10-EDDA-11D8-8584-000D93ADDF32@dd.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14/08/2004, at 7:43 PM, Daniel Pittman wrote: > I am looking at doing some web application development, both to keep my > hand in on the programming side and because I have a need for a couple > of database driven tools. > > I have taken a look at a variety of packages out there, and now I am > looking for recommendations about which ones actually work *well*. > > So far, the three options that look worth considering are OpenInteract, > Maypole and writing my own framework. Also consider http://www.axkit.org/ > Also, in terms of modeling the data, one issue that I have is that I > need to store an ordered set of objects associated with a given object. > > I also don't fancy writing my own database persistence layer, if I can > at all avoid it, so I have been looking at those. > > So far, only Tangram seems to offer this functionality, and this is not > well spoken of in a google search, and the lack of a home is also not > very inspiring. > > Does anyone have anything helpful to offer, or especially a Class::DBI > based solution with code, to achieve this? Hmm.. my problem with things like Class::DBI is that OO and Relational are not the same paradigm. But you are probably talking more general data persistence, which can optionally use a DB or similar. If you have just your local code talking, reading/writing to this data storage, you should consider using a file system with directories and something like Storable (fastest of the serialisation code). The performance will be far greater than any other solution. There is two downsides though: * No indexes (although there are ways of doing this, eg: http://www.namazu.org/) * Not standard with other code (eg: if you want to mix Java and Perl accessing same data) Scooter - -- * - * http://www.osdc.com.au - Open Source Developers Conference * - * Scott Penrose Anthropomorphic Personification Expert http://search.cpan.org/search?author=SCOTT scott@cpan.org Dismaimer: While every attempt has been made to make sure that this email only contains zeros and ones, there has been no effort made to guarantee the quantity or the order. Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBHeUQDCFCcmAm26YRAm2sAKCtj3zhUVhVZNYYXvZd12UTdSgBUACdH1W7 VzuMiExzXeN3rYbZSejeMDI= =HnBw -----END PGP SIGNATURE----- From joshua at roughtrade.net Sat Aug 14 05:17:37 2004 From: joshua at roughtrade.net (Joshua Goodall) Date: Sat Aug 14 05:17:48 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <87657mkqb0.fsf@enki.rimspace.net> References: <87657mkqb0.fsf@enki.rimspace.net> Message-ID: <20040814101737.GL6480@roughtrade.net> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040814/04c62d23/attachment-0001.bin From daniel at rimspace.net Sat Aug 14 05:42:43 2004 From: daniel at rimspace.net (Daniel Pittman) Date: Sat Aug 14 05:42:59 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <26CE8F10-EDDA-11D8-8584-000D93ADDF32@dd.com.au> (Scott Penrose's message of "Sat, 14 Aug 2004 20:10:21 +1000") References: <87657mkqb0.fsf@enki.rimspace.net> <26CE8F10-EDDA-11D8-8584-000D93ADDF32@dd.com.au> Message-ID: <87wu02j90c.fsf@enki.rimspace.net> On 14 Aug 2004, Scott Penrose wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 14/08/2004, at 7:43 PM, Daniel Pittman wrote: > >> I am looking at doing some web application development, both to keep my >> hand in on the programming side and because I have a need for a couple >> of database driven tools. >> >> I have taken a look at a variety of packages out there, and now I am >> looking for recommendations about which ones actually work *well*. >> >> So far, the three options that look worth considering are OpenInteract, >> Maypole and writing my own framework. > > Also consider http://www.axkit.org/ I should have mentioned looking at it, and deciding that XML and XSLT were not what I wanted to use. >> Also, in terms of modeling the data, one issue that I have is that I >> need to store an ordered set of objects associated with a given object. >> >> I also don't fancy writing my own database persistence layer, if I can >> at all avoid it, so I have been looking at those. >> >> So far, only Tangram seems to offer this functionality, and this is not >> well spoken of in a google search, and the lack of a home is also not >> very inspiring. >> >> Does anyone have anything helpful to offer, or especially a Class::DBI >> based solution with code, to achieve this? > > Hmm.. my problem with things like Class::DBI is that OO and Relational > are not the same paradigm. No, they are certainly not. If there was an OO-DBMS worth using as anything but road filler out there, I would be looking at using it instead. :) > But you are probably talking more general data persistence, which can > optionally use a DB or similar. What I want, pretty much, is something that does the hard work of writing the annoying little SQL interactions for me, so that I can have something that resembles a Perl object in my code, and that stores the content in the database. Class::DBI is good at this, since it doesn't try to do anything clever or helpful to present OO semantics wrapped over relational data, but rather automates the hard work of writing a wrapper class for every table and relationship in the database. > If you have just your local code talking, reading/writing to this data > storage, you should consider using a file system with directories and > something like Storable (fastest of the serialisation code). > > The performance will be far greater than any other solution. > > There is two downsides though: > > * No indexes (although there are ways of doing this, eg: > http://www.namazu.org/) That would require a serialization that was more amenable to standard search engine queries than Storable, though. :) Also, this addresses object persistence to some degree, but does not object relationships in a quick fashion, usually. > * Not standard with other code (eg: if you want to mix Java and Perl > accessing same data) I think you also missed the third, and fairly major, point here: This also means writing my own serialization layer, and paying attention to things like object identity and rapid storage. This is a world of pain that, like the framework itself, I would rather avoid if I can. Daniel -- Heu! Tintinnuntius Meus Sonat! From david_dick at iprimus.com.au Sat Aug 14 06:19:28 2004 From: david_dick at iprimus.com.au (David Dick) Date: Sat Aug 14 06:24:58 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <87657mkqb0.fsf@enki.rimspace.net> References: <87657mkqb0.fsf@enki.rimspace.net> Message-ID: <411DF540.2060100@iprimus.com.au> Daniel Pittman wrote: > I am looking at doing some web application development, both to keep my > hand in on the programming side and because I have a need for a couple > of database driven tools. > > I have taken a look at a variety of packages out there, and now I am > looking for recommendations about which ones actually work *well*. Okay. Work well to what purpose? Do you want to obtain a deeper level of understanding about the subtler aspects of web development (hence writing your own framework is probably a good task) or is speed of development a bigger concern? Are you designing for cross platform (mod_perl/ISAPI/etc) compatability or can you not afford to sacrifice any performance hit at all? > So far, the three options that look worth considering are OpenInteract, > Maypole and writing my own framework. why are these the attractive options? might be worthwhile listing the advantages/disadvantages that you see in these and see if anyone else can think of other points. uru -Dave From daniel at rimspace.net Sun Aug 15 02:24:22 2004 From: daniel at rimspace.net (Daniel Pittman) Date: Sun Aug 15 02:24:39 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <411DF540.2060100@iprimus.com.au> (David Dick's message of "Sat, 14 Aug 2004 21:19:28 +1000") References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> Message-ID: <87zn4wj23d.fsf@enki.rimspace.net> On 14 Aug 2004, David Dick wrote: > Daniel Pittman wrote: >> I am looking at doing some web application development, both to keep my >> hand in on the programming side and because I have a need for a couple >> of database driven tools. >> I have taken a look at a variety of packages out there, and now I am >> looking for recommendations about which ones actually work *well*. > > Okay. Work well to what purpose? Thanks. Those were the questions that I should have been asking, and have helped clarify my mind about what, exactly, I was trying to do here. > Do you want to obtain a deeper level of understanding about the > subtler aspects of web development (hence writing your own framework > is probably a good task) or is speed of development a bigger concern? Two things: build a working web-based application, and work out which tools are worth using the next time I need to do this. So, speed of development and the ability to reuse existing work is the biggest point of interest to me, I think. > Are you designing for cross platform (mod_perl/ISAPI/etc) > compatability or can you not afford to sacrifice any performance hit > at all? Neither. Cross-platform would be vaguely nice, but running under mod_perl is sufficient for anything I anticipate caring about. As for performance ... as with any development, performance is nice, but I would rather get something done sooner and easier, then resolve any real performance issues. >> So far, the three options that look worth considering are OpenInteract, >> Maypole and writing my own framework. > > why are these the attractive options? might be worthwhile listing the > advantages/disadvantages that you see in these and see if anyone else > can think of other points. OK. Working through that tells me that what I am really looking for is a framework with the following features: * abstract "authentication" and session support. * simple, and extensible, mapping of HTTP requests to Perl module calls. * hooks into Template::Toolkit, or a similar template engine, for output. I would also like, but can reasonably easily supply externally: * simple, and extensible, database wrapper generation. * simple workflow management (create/update/search/display/delete) I also have one hard requirement, which is to be able to get the database abstraction layer to provide a *nice* interface to maintaining an ordered set of objects - the sequence of text "steps" associated with producing mixed drinks, specifically. OpenInteract is a fairly good match for these requirements. It has the auth and session layer, and the mapping of HTTP requests to Perl modules, and provides standard workflow classes. The big issue I have hit with it is that it is tied to SPOPS for the database persistence layer, and it looks very hard to get SPOPS to provide an "ordered set" interface or object. Maypole is also a fairly good match for the requirements. Like OpenInteract it has all the basic requirements, as well as the simple workflow stuff. After spending a few hours trying, though, I can't convince it to let go enough to allow me to use the Class::DBI objects that provide the "ordered set" interface. So, having actually spent the time to try and get my code working, even in a very basic form, with the promising looking tools, I am thwarted. Both of the options that look reasonable are, in fact, full of tight bindings between their "user interface" layer and their "data storage" layer, and usually with tentacles into their "business logic" layer as well. Since none of them supplied a "data storage" layer that met my requirements, this means that I can't use their "user interface" or "business logic" components. So, I guess the next step is to move back and look to see which, if any, modules provide support for building the user-interface side of a mod_perl application. OTOH, at least I now know how to get mod_perl configured and running nicely in a testbed environment, and how it holds itself together, so it isn't wasted time getting this far. Daniel ...though I am starting to consider giving up on the web application and moving directly to the mixed drinks stage. ;) -- Sometimes a scream is better than a thesis. -- Ralph Waldo Emerson From david_dick at iprimus.com.au Sun Aug 15 07:50:13 2004 From: david_dick at iprimus.com.au (David Dick) Date: Sun Aug 15 07:55:53 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <87zn4wj23d.fsf@enki.rimspace.net> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> Message-ID: <411F5C05.5030902@iprimus.com.au> > > OK. Working through that tells me that what I am really looking for is a > framework with the following features: > > * abstract "authentication" and session support. > * simple, and extensible, mapping of HTTP requests to Perl module calls. > * hooks into Template::Toolkit, or a similar template engine, for output. > > I would also like, but can reasonably easily supply externally: > > * simple, and extensible, database wrapper generation. > * simple workflow management (create/update/search/display/delete) > > I also have one hard requirement, which is to be able to get the > database abstraction layer to provide a *nice* interface to maintaining > an ordered set of objects - the sequence of text "steps" associated with > producing mixed drinks, specifically. Another possibility that comes to mind is rolling your framework out of major structural pieces. You mention an admiration for Class::DBI, a perl.com article discusses mixing Class::DBI and Template Toolkit in a favourable light at http://www.perl.com/pub/a/2003/07/15/nocode.html Likewise, CGI::Application is another possiblity that you could roll together with Class::DBI. You can find it discussed at the following url. http://www.perl.com/pub/a/2001/06/05/cgi.html I haven't tried either of these approaches myself, so I am unable to offer any practical experience with them, but thought they might be worth mentioning. From tim.hunt at its.monash.edu.au Sun Aug 15 17:56:29 2004 From: tim.hunt at its.monash.edu.au (Tim Hunt) Date: Sun Aug 15 17:57:02 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <411F5C05.5030902@iprimus.com.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> Message-ID: <411FEA1D.9050102@its.monash.edu.au> If you're looking at Template Toolkit, don't ignore HTML::Mason ( http://www.masonhq.com ) used by Monash Uni's portal, Amazon.com and other fine sites. Features abound, and are explained on the web site. For your data management you might look at Alzabo - "A data modeling tool and RDBMS-OO mapper" - ( http://www.alzabo.org ), written by one of the core Mason maintainers. I have not looked at this, but know that it uses Mason as its GUI, so there must be some synergy. Hope this helps, Tim. David Dick wrote: >> >> OK. Working through that tells me that what I am really looking for is a >> framework with the following features: >> >> * abstract "authentication" and session support. >> * simple, and extensible, mapping of HTTP requests to Perl module calls. >> * hooks into Template::Toolkit, or a similar template engine, for output. >> >> I would also like, but can reasonably easily supply externally: >> >> * simple, and extensible, database wrapper generation. >> * simple workflow management (create/update/search/display/delete) >> >> I also have one hard requirement, which is to be able to get the >> database abstraction layer to provide a *nice* interface to maintaining >> an ordered set of objects - the sequence of text "steps" associated with >> producing mixed drinks, specifically. > > > Another possibility that comes to mind is rolling your framework out of > major structural pieces. You mention an admiration for Class::DBI, a > perl.com article discusses mixing Class::DBI and Template Toolkit in a > favourable light at > > http://www.perl.com/pub/a/2003/07/15/nocode.html > > Likewise, CGI::Application is another possiblity that you could roll > together with Class::DBI. You can find it discussed at the following url. > > http://www.perl.com/pub/a/2001/06/05/cgi.html > > I haven't tried either of these approaches myself, so I am unable to > offer any practical experience with them, but thought they might be > worth mentioning. -- Tim Hunt Senior Portal Developer, Flexible Learning and Teaching Program, Information Technology Services, Monash University, Victoria 3800, AUSTRALIA From pjf at perltraining.com.au Mon Aug 16 06:15:56 2004 From: pjf at perltraining.com.au (Paul Fenwick) Date: Mon Aug 16 06:16:14 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <411FEA1D.9050102@its.monash.edu.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> Message-ID: <4120976C.4020408@perltraining.com.au> G'day Daniel, Tim, and Melb.PM, Tim Hunt wrote: > If you're looking at Template Toolkit, don't ignore HTML::Mason ( > http://www.masonhq.com ) used by Monash Uni's portal, Amazon.com and > other fine sites. I can chime in with a vote for HTML::Mason here. Mason gives you very easy sessions (check out MasonX::Request::WithApacheSession), very fast development, and very nice ways of compartmentalizing features. RT is written in HTML::Mason. As for authentication, keep in mind that apache lets you set a PerlAuthHandler and a PerlAccessHandler (and a few more), that you can use independently to whatever you have generating your content. That's incredibly handy, and something I've been using recently with great success. mod_perl gives you a great many hooks into apache, many of which are often overlooked. Getting Mason installed and set-up for the first time can be a little bit tricky, but once you have done that, using it for development is fantastic. I'm happy to provide assistance should you hit any snags. If you want to use Template Toolkit then there shouldn't be anything in HTML::Mason stopping you -- indeed, it should just be a few tweaks to the autohandler. However, I've found that Mason's native features do the vast majority of the templating work for you when used correctly. All the very best, Paul -- Paul Fenwick | http://perltraining.com.au/ Director of Training | Ph: +61 3 9354 6001 Perl Training Australia | Fax: +61 3 9354 2681 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040816/5438aeb8/signature.bin From daniel at rimspace.net Mon Aug 16 08:15:49 2004 From: daniel at rimspace.net (Daniel Pittman) Date: Mon Aug 16 08:16:07 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <4120976C.4020408@perltraining.com.au> (Paul Fenwick's message of "Mon, 16 Aug 2004 21:15:56 +1000") References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> Message-ID: <873c2nusu2.fsf@enki.rimspace.net> On 16 Aug 2004, Paul Fenwick wrote: > Tim Hunt wrote: > >> If you're looking at Template Toolkit, don't ignore HTML::Mason ( >> http://www.masonhq.com ) used by Monash Uni's portal, Amazon.com and >> other fine sites. > > I can chime in with a vote for HTML::Mason here. *nod* It keeps looking tempting, so I guess I should have a whack at prototyping my application in it... [...] > As for authentication, keep in mind that apache lets you set a > PerlAuthHandler and a PerlAccessHandler (and a few more), that you can > use independently to whatever you have generating your content. Unfortunately, this only gives access to the very broken HTTP authentication layer which, while useful for small scale work, tends to be problematic for real-world applications in my experience. Specifically, the lack of any way to 'log out' of the system and the difficulty in implementing any sort of single sign on[1] across servers are usually the killers out in the wild. [...] > Getting Mason installed and set-up for the first time can be a little > bit tricky, but once you have done that, using it for development is > fantastic. I'm happy to provide assistance should you hit any snags. The biggest hitch for me is that I have apache2 running on the server that I want to put this on, and I don't particularly want to run a second complete web server just for this. Has anyone any advice on getting mason and Apache2 to work together? The developers site suggests, basically, that I am short of luck. :/ > If you want to use Template Toolkit then there shouldn't be anything in > HTML::Mason stopping you -- indeed, it should just be a few tweaks to > the autohandler. However, I've found that Mason's native features do > the vast majority of the templating work for you when used correctly. My preference comes from a desire to keep the template engine and the business logic as distinct as possible, and the feeling that Perl isn't actually the language I want to do templating in. At the end of the day, though, there isn't /that/ much difference between the two. :) Daniel Footnotes: [1] As opposed to 'same password', many prompt sign on. -- I saw that most programmers never mature above the "see jack run" level. My pals at the [suppressed!] Comp Sci Dept scoff at the estimates I make, but I never underestimate -- they always do. I think of the big picture, the 75% that remains after the code "works". -- Erik Naggum From scottp at dd.com.au Mon Aug 16 17:16:07 2004 From: scottp at dd.com.au (Scott Penrose) Date: Mon Aug 16 17:16:23 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <873c2nusu2.fsf@enki.rimspace.net> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/08/2004, at 11:15 PM, Daniel Pittman wrote: > On 16 Aug 2004, Paul Fenwick wrote: >> Tim Hunt wrote: >> >>> If you're looking at Template Toolkit, don't ignore HTML::Mason ( >>> http://www.masonhq.com ) used by Monash Uni's portal, Amazon.com and >>> other fine sites. >> >> I can chime in with a vote for HTML::Mason here. > > *nod* It keeps looking tempting, so I guess I should have a whack at > prototyping my application in it... Do a quick comparison between HTML::Mason and Template::Tolkit. They have many outstanding features, but they are not the same. My preferences is for Template::Toolkit, but like so many things, I think it is very dependant on the job you are doing, and therefore I would not push for one over the other unless I knew all the variables :-) Good luck. > Unfortunately, this only gives access to the very broken HTTP > authentication layer which, while useful for small scale work, tends to > be problematic for real-world applications in my experience. It isn't as broken as you might think. If you use Digest Auth, there is no problem with password security. And most browsers these days support Digest. I would actually say that most cookie logins are broken as people are trying to implement their own authentication. The one thing that Basic Auth has wrong is clear text passwords. But that is only because you use HTTP. Even the cookie methods require HTTPS, and in HTTPS even the Basic Auth passwords are encrypted. Digest gives you unencrypted HTTP but protected passwords. > Specifically, the lack of any way to 'log out' of the system and the > difficulty in implementing any sort of single sign on[1] across servers > are usually the killers out in the wild. You can do single sign on. My Basic Auth module looks at headers first and then decides whether to allow through OR send back a 405. But sign out is a problem. There is an example Apache module (in Perl) which does this, but only works on a subset of browsers and relies on the browser honouring it. So that may be the show stopper for Basic auth for you. Have fun with your selections :-) Scott - -- * - * http://www.osdc.com.au - Open Source Developers Conference * - * Scott Penrose Open source developer http://linux.dd.com.au/ scottp@dd.com.au Dismaimer: Open sauce usually ends up never coming out (of the bottle). Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBITIqDCFCcmAm26YRAsx/AKCCqkujMLtuy4aI2UGpCO6D9bK1zQCgjbAE 3oQDgxoxNzb3L3yiF0+m4dE= =6fYX -----END PGP SIGNATURE----- From rendler at iinet.net.au Mon Aug 16 20:07:27 2004 From: rendler at iinet.net.au (Robert Rendler) Date: Mon Aug 16 20:08:17 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <873c2nusu2.fsf@enki.rimspace.net> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> Message-ID: <20040817110727.6a2f1c79@zippo> On Mon, 16 Aug 2004 23:15:49 +1000 Daniel Pittman wrote: > The biggest hitch for me is that I have apache2 running on the server > that I want to put this on, and I don't particularly want to run a > second complete web server just for this. > > Has anyone any advice on getting mason and Apache2 to work together? > The developers site suggests, basically, that I am short of luck. :/ http://www.jtoy.net/mason2.htm http://www.michael-forman.com/unix/mason.html On a personal note, I too have done a fair amount of work using Mason and absolutely love it. Just had to be said *giggle* From daniel at rimspace.net Mon Aug 16 20:50:32 2004 From: daniel at rimspace.net (Daniel Pittman) Date: Mon Aug 16 20:50:48 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: (Scott Penrose's message of "Tue, 17 Aug 2004 08:16:07 +1000") References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> Message-ID: <87y8kesfbr.fsf@enki.rimspace.net> On 17 Aug 2004, Scott Penrose wrote: > On 16/08/2004, at 11:15 PM, Daniel Pittman wrote: >> On 16 Aug 2004, Paul Fenwick wrote: >>> Tim Hunt wrote: [...] >> Unfortunately, this only gives access to the very broken HTTP >> authentication layer which, while useful for small scale work, tends to >> be problematic for real-world applications in my experience. > > It isn't as broken as you might think. If you use Digest Auth, there is > no problem with password security. And most browsers these days support > Digest. *nod* This issue with it is... [...] > But sign out is a problem. There is an example Apache module (in Perl) > which does this, but only works on a subset of browsers and relies on > the browser honouring it. So that may be the show stopper for Basic > auth for you. This is the usual show-stopper. Most of the commercial web stuff I have either dealt with or been around needed the ability to sign out, ideally without giving the user back a 401 page of any sort, and with IE. Daniel -- A wonderful discovery, psychoanalysis. Makes quite simple people feel they're complex. -- S. N. Behrman From pjf at perltraining.com.au Mon Aug 16 22:24:23 2004 From: pjf at perltraining.com.au (Paul Fenwick) Date: Mon Aug 16 22:24:38 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <873c2nusu2.fsf@enki.rimspace.net> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> Message-ID: <41217A67.4030505@perltraining.com.au> Howdy from sunny BrisVegas, Daniel Pittman wrote: >>As for authentication, keep in mind that apache lets you set a >>PerlAuthHandler and a PerlAccessHandler (and a few more), that you can >>use independently to whatever you have generating your content. > > Unfortunately, this only gives access to the very broken HTTP > authentication layer which, while useful for small scale work, tends to > be problematic for real-world applications in my experience. > > Specifically, the lack of any way to 'log out' of the system and the > difficulty in implementing any sort of single sign on[1] across servers > are usually the killers out in the wild. You want to have cookie-based authentication tokens? No problemo! The PerlAccessHandler gives you this opportunity. You've got the request (and any cookies associated with it), and if you find them acceptable you can accept the request. If they're not, generate a redirect to the login page, and you're done. Obviously you always want to allow people to hit the login page. Even better, this is an example in the mod_perl book, and the sample chapter is freely available on-line. Cruise on over to: http://modperl.com:9000/book/chapters/ch6.html It uses Apache::TicketAccess as the AccessHandler to do the hard work, but you can alter this to taste if you like. The lovely thing about this is that because it hooks in at the Access stage, you can still use any technology you like for generating content. Cheerio, Paul -- Paul Fenwick | http://perltraining.com.au/ Director of Training | Ph: +61 3 9354 6001 Perl Training Australia | Fax: +61 3 9354 2681 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040817/52ca81e4/signature.bin From Nathan.Bailey at its.monash.edu Tue Aug 17 02:25:05 2004 From: Nathan.Bailey at its.monash.edu (Nathan Bailey) Date: Tue Aug 17 02:25:24 2004 Subject: [Melbourne-pm] Perl/Apache consultants? Message-ID: <302789.1092727505@silas.cc.monash.edu.au> I'm aware of: http://melbourne.pm.org/index.cgi?tid=4 but no equivalent page on LUV. We have a range of work for experienced perl programmers and/or experience Apache administrators (especially with WebCT and/or BEA WebLogic experience). I'm interested in knowing which companies in Melbourne actively contract in these areas (i.e. have staff that are available to bill out for work, as compared to do perl work internally for themselves). Please contact me directly, with a few examples of past clients/work completed. thanks! Nathan -- Nathan Bailey * Email: Nathan.Bailey@its.monash.edu Manager, Flexible Learning and Teaching Program, Application Services, Information Technology Services * Phone: +61 3 990 54741 Monash University 3800 Australia * Fax: +61 3 990 53024 From david_dick at iprimus.com.au Tue Aug 17 04:47:03 2004 From: david_dick at iprimus.com.au (David Dick) Date: Tue Aug 17 04:52:40 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <873c2nusu2.fsf@enki.rimspace.net> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> Message-ID: <4121D417.6000700@iprimus.com.au> > Unfortunately, this only gives access to the very broken HTTP > authentication layer which, while useful for small scale work, tends to > be problematic for real-world applications in my experience. Now you've pressed my buttons.. :) HTTP is my favourite protocol!! It has no flaws!!! the dictionary should change the spelling of Referer to correctly reflect the protocol!!! yeah ok, i'm over it... :) i actually tend to like HTTP auth because it makes automating a site with wget/et al trivial as distinct from fooling around with session cookies and POST requests, which, while possible is not fun. > Specifically, the lack of any way to 'log out' of the system and the > difficulty in implementing any sort of single sign on[1] across servers > are usually the killers out in the wild. the ability to log out has become a little weird imho, given that the major browsers offer to "remember" password fields anyway, so the ability to log back in again is usually a click away. Hmmm.... i think i may need to check out an idea... single sign on is a necessary thing sometimes thou, and as mentioned by paul the mod_perl.com example is a good one. It just depends on whether your application needs to jump across multiple domains. From scottp at dd.com.au Tue Aug 17 07:26:36 2004 From: scottp at dd.com.au (Scott Penrose) Date: Tue Aug 17 07:27:16 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <4121D417.6000700@iprimus.com.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/08/2004, at 7:47 PM, David Dick wrote: > > single sign on is a necessary thing sometimes thou, and as mentioned > by paul the mod_perl.com example is a good one. It just depends on > whether your application needs to jump across multiple domains. > Actually using Basic Auth still allows single sign on. You simply check for that before returning the 401. Scooter - -- * - * http://www.osdc.com.au - Open Source Developers Conference * - * Scott Penrose VP in charge of Pancakes http://linux.dd.com.au/ scottp@dd.com.au Dismaimer: If you receive this email in error - please eat it immediately to prevent it from falling into the wrong hands. Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBIfmCDCFCcmAm26YRAktcAJ9euRgLYbjaMqKIktmPO2S6OJVPMACghuw5 8+linEoRKjsdBflk5pLqOFc= =dLdu -----END PGP SIGNATURE----- From david_dick at iprimus.com.au Tue Aug 17 07:35:23 2004 From: david_dick at iprimus.com.au (David Dick) Date: Tue Aug 17 07:40:58 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> Message-ID: <4121FB8B.5040408@iprimus.com.au> Scott Penrose wrote: > On 17/08/2004, at 7:47 PM, David Dick wrote: > >> >> single sign on is a necessary thing sometimes thou, and as mentioned >> by paul the mod_perl.com example is a good one. It just depends on >> whether your application needs to jump across multiple domains. >> > > Actually using Basic Auth still allows single sign on. You simply check > for that before returning the 401. > my bad english... i meant single sign on for multiple servers... eg. get a auth ticket from security.example.com, and use it to visit application.example.com and mail.example.com... From scottp at dd.com.au Tue Aug 17 07:45:12 2004 From: scottp at dd.com.au (Scott Penrose) Date: Tue Aug 17 07:45:27 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <4121FB8B.5040408@iprimus.com.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> Message-ID: <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/08/2004, at 10:35 PM, David Dick wrote: > > > Scott Penrose wrote: > >> On 17/08/2004, at 7:47 PM, David Dick wrote: >>> >>> single sign on is a necessary thing sometimes thou, and as mentioned >>> by paul the mod_perl.com example is a good one. It just depends on >>> whether your application needs to jump across multiple domains. >>> >> Actually using Basic Auth still allows single sign on. You simply >> check for that before returning the 401. > > my bad english... i meant single sign on for multiple servers... Yeah, that is what I mean. Single sign on is usually done by adding a special header (ala passport). > eg. get a auth ticket from security.example.com, and use it to visit > application.example.com and mail.example.com... Exactly :-) Scooter - -- * - * http://www.osdc.com.au - Open Source Developers Conference * - * Scott Penrose Welcome to the Digital Dimension http://www.dd.com.au/ scottp@dd.com.au Dismaimer: Contents of this mail and signature are bound to change randomly. Whilst every attempt has been made to control said randomness, the author wishes to remain blameless for the number of eggs that damn chicken laid. Oh and I don't want to hear about butterflies either. Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBIf3aDCFCcmAm26YRAjyDAJ4tLHbMHvaNJcZXGdB8ugurFGOtBgCfRnMC AouO3v1+z5mhLITaENTESYY= =+qyy -----END PGP SIGNATURE----- From daniel at rimspace.net Tue Aug 17 08:23:35 2004 From: daniel at rimspace.net (Daniel Pittman) Date: Tue Aug 17 08:23:51 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <4121D417.6000700@iprimus.com.au> (David Dick's message of "Tue, 17 Aug 2004 19:47:03 +1000") References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> Message-ID: <871xi5rj8o.fsf@enki.rimspace.net> On 17 Aug 2004, David Dick wrote: >> Unfortunately, this only gives access to the very broken HTTP >> authentication layer which, while useful for small scale work, tends to >> be problematic for real-world applications in my experience. [...] > i actually tend to like HTTP auth because it makes automating a site > with wget/et al trivial as distinct from fooling around with session > cookies and POST requests, which, while possible is not fun. I agree completely -- it is a great shame that basic auth falls short of real-world requirements for login/user session management, since the alternatives are awful, horrible and impossible to support generically.[1] >> Specifically, the lack of any way to 'log out' of the system and the >> difficulty in implementing any sort of single sign on[1] across servers >> are usually the killers out in the wild. > > the ability to log out has become a little weird imho, given that the > major browsers offer to "remember" password fields anyway, so the > ability to log back in again is usually a click away. Most of the time when this has been an issue it has been one big thing that was the problem: the law. A number of places I have worked at have had various regulatory issues that mean you *must* offer a logout option, and that it *must* terminate the relevant access, etc, controls. Sure, not quite a match for the technology that remembers passwords, but that is the law for you. Even without that it is often desirable to know that the user has finished with something -- I am occasionally irritated when I need to administer my RT install, because it is hard to log out and back in as another users, but not impossible. > single sign on is a necessary thing sometimes thou, and as mentioned by > paul the mod_perl.com example is a good one. It just depends on whether > your application needs to jump across multiple domains. Yes. I am very pleased to have learned about that, and will probably go and study up on the apache2 hook structures in greater detail. Clearly they are more capable than I had believed. Regards, Daniel Footnotes: [1] I know. Trying to get an automated process to work with LiveJournal was a world of irritation that I could well have lived without. -- A silly remark can be made in Latin as well as in Spanish. -- Cervantes, _The Dialogue of the Dogs_, 1613 From david_dick at iprimus.com.au Tue Aug 17 15:58:39 2004 From: david_dick at iprimus.com.au (David Dick) Date: Tue Aug 17 16:04:22 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> Message-ID: <4122717F.4020700@iprimus.com.au> >>>> single sign on is a necessary thing sometimes thou, and as mentioned >>>> by paul the mod_perl.com example is a good one. It just depends on >>>> whether your application needs to jump across multiple domains. >>>> >>> Actually using Basic Auth still allows single sign on. You simply >>> check for that before returning the 401. >> >> >> my bad english... i meant single sign on for multiple servers... > > > Yeah, that is what I mean. Single sign on is usually done by adding a > special header (ala passport). > >> eg. get a auth ticket from security.example.com, and use it to visit >> application.example.com and mail.example.com... > > > Exactly :-) > Ok. Happy to concede you've impressed the hell outta me. You have strange and mysterious powers beyond the ken of mortal man. Can you show me how the following should play out? GET / HTTP/1.1 Host: london.gov.uk HTTP/1.1 401 Authorisation Required Content-Type: text/html WWW-Authenticate: Basic Realm="Rogue Robots" GET / HTTP/1.1 Host: london.gov.uk Authorization: Basic cGVuZm9sZDpwZW5mb2xk HTTP/1.1 200 OK Content-Type: text/html GET /baron/greenback HTTP/1.1 Host: london.gov.uk Authorization: Basic cGVuZm9sZDpwZW5mb2xk HTTP/1.1 200 OK Content-Type: text/html GET /silas/greenback HTTP/1.1 Host: scotland.org HTTP/1.1 401 Authorisation Required Content-Type: text/html WWW-Authenticate: Basic Realm="Who Stole the Bagpipes?" GET /silas/greenback HTTP/1.1 Host: scotland.org Authorization: Basic cGVuZm9sZDpwZW5mb2xk What did i miss? From david_dick at iprimus.com.au Tue Aug 17 16:51:45 2004 From: david_dick at iprimus.com.au (David Dick) Date: Tue Aug 17 16:57:20 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <4122717F.4020700@iprimus.com.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> Message-ID: <41227DF1.7040505@iprimus.com.au> David Dick wrote: > >>>>> single sign on is a necessary thing sometimes thou, and as >>>>> mentioned by paul the mod_perl.com example is a good one. It just >>>>> depends on whether your application needs to jump across multiple >>>>> domains. >>>>> >>>> Actually using Basic Auth still allows single sign on. You simply >>>> check for that before returning the 401. >>> >>> >>> >>> my bad english... i meant single sign on for multiple servers... >> >> >> >> Yeah, that is what I mean. Single sign on is usually done by adding a >> special header (ala passport). >> >>> eg. get a auth ticket from security.example.com, and use it to visit >>> application.example.com and mail.example.com... >> >> >> >> Exactly :-) >> > > Ok. Happy to concede you've impressed the hell outta me. You have > strange and mysterious powers beyond the ken of mortal man. Can you > show me how the following should play out? > GET / HTTP/1.1 Host: london.britain.org HTTP/1.1 401 Authorisation Required Content-Type: text/html WWW-Authenticate: Basic Realm="Rogue Robots" GET / HTTP/1.1 Host: london.britain.org Authorization: Basic cGVuZm9sZDpwZW5mb2xk HTTP/1.1 200 OK Content-Type: text/html GET /baron/greenback HTTP/1.1 Host: london.britain.org Authorization: Basic cGVuZm9sZDpwZW5mb2xk HTTP/1.1 200 OK Content-Type: text/html GET /silas/greenback HTTP/1.1 Host: scotland.britain.org HTTP/1.1 401 Authorisation Required Content-Type: text/html WWW-Authenticate: Basic Realm="Who Stole the Bagpipes?" GET /silas/greenback HTTP/1.1 Host: scotland.britain.org Authorization: Basic cGVuZm9sZDpwZW5mb2xk > > What did i miss? *ahem* Amended Host headers should be easier to demonstrate with. :) From scottp at dd.com.au Tue Aug 17 17:58:02 2004 From: scottp at dd.com.au (Scott Penrose) Date: Tue Aug 17 17:58:17 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <4122717F.4020700@iprimus.com.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/08/2004, at 6:58 AM, David Dick wrote: > >>>>> single sign on is a necessary thing sometimes thou, and as >>>>> mentioned by paul the mod_perl.com example is a good one. It just >>>>> depends on whether your application needs to jump across multiple >>>>> domains. >>>>> >>>> Actually using Basic Auth still allows single sign on. You simply >>>> check for that before returning the 401. >>> >>> >>> my bad english... i meant single sign on for multiple servers... >> Yeah, that is what I mean. Single sign on is usually done by adding a >> special header (ala passport). >>> eg. get a auth ticket from security.example.com, and use it to visit >>> application.example.com and mail.example.com... >> Exactly :-) > > Ok. Happy to concede you've impressed the hell outta me. You have > strange and mysterious powers beyond the ken of mortal man. Can you > show me how the following should play out? > > GET / HTTP/1.1 > Host: london.gov.uk > > HTTP/1.1 401 Authorisation Required > Content-Type: text/html > WWW-Authenticate: Basic Realm="Rogue Robots" > > GET / HTTP/1.1 > Host: london.gov.uk > Authorization: Basic cGVuZm9sZDpwZW5mb2xk > > HTTP/1.1 200 OK > Content-Type: text/html > > GET /baron/greenback HTTP/1.1 > Host: london.gov.uk > Authorization: Basic cGVuZm9sZDpwZW5mb2xk > > HTTP/1.1 200 OK > Content-Type: text/html > > GET /silas/greenback HTTP/1.1 > Host: scotland.org > > HTTP/1.1 401 Authorisation Required > Content-Type: text/html > WWW-Authenticate: Basic Realm="Who Stole the Bagpipes?" > > GET /silas/greenback HTTP/1.1 > Host: scotland.org > Authorization: Basic cGVuZm9sZDpwZW5mb2xk > > What did i miss? It all depends how you do your single sign on. The problem with single sign on is there is no easy / standard way of doing it due to the fact that you can't add headers or cookies globally across domains. Passport does this by altering IE so that it does send the passport key each time, which you can then lookup on a server to check it is valid. That particular problem is not solved by or hindered by BasicAuth. So for a simple example I am going to actually use a cookie in a URL... > GET / HTTP/1.1 > Host: london.gov.uk > > HTTP/1.1 401 Authorisation Required > Content-Type: text/html > WWW-Authenticate: Basic Realm="Rogue Robots" > > GET / HTTP/1.1 > Host: london.gov.uk > Authorization: Basic cGVuZm9sZDpwZW5mb2xk > > HTTP/1.1 200 OK > Content-Type: text/html > > GET /baron/greenback HTTP/1.1 > Host: london.gov.uk > Authorization: Basic cGVuZm9sZDpwZW5mb2xk > > HTTP/1.1 200 OK > Content-Type: text/html > > GET /silas/greenback?mykey=ABC123 HTTP/1.1 > Host: scotland.org Auth module does these three things * Check cookie - if set and valid continue to next apache stage * Check URL for temporary cookie - If valid do a redirect including normal cookie for future requests (note we just need to check ABC123 is valid) * Finally, do a 401 Auth required if above two fail. > HTTP/1.1 307 Moved Temporarily > Location: http://scotland.org/silas/greenback > Set-Cookie: auth=XYZ321; expires... > Content-Type: text/html (please note, my redirect above is just from my head and is probably wrong) > What did i miss? Only that a Auth Module is not REQUIRED to do Basic Auth. Apache does not distinguish between authentication types. Basic Auth (via 401) is only internal to that module. The standard apache module will return a 401 unless there is a basic auth header. But that does not mean you have to do that. The module I use does not do it the same way. In my case I use no cookies, and no special URLs, but instead the proxy (which has already authenticated the user) passes in an extra header containing the users login name and customer name (or domain). The proxy only sends this header to trusted web servers, the web server only accepts the header from trusted proxy servers. This is only two examples of many for single sign on. My example uses a header each time and is not really a comparison to other systems. The example I went through above is sort of a mix between Basic Auth and Cookie Authentication. Scott - -- * - * http://www.osdc.com.au - Open Source Developers Conference * - * Scott Penrose Anthropomorphic Personification Expert http://search.cpan.org/search?author=SCOTT scott@cpan.org Dismaimer: While every attempt has been made to make sure that this email only contains zeros and ones, there has been no effort made to guarantee the quantity or the order. Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBIo19DCFCcmAm26YRAg5TAJwL0hC0Dv7yUUT0ukjXcn1wUZGnjwCgiQbU nk+5GEkV55vcCoBQSQxK4Sk= =8izm -----END PGP SIGNATURE----- From jarich at perltraining.com.au Tue Aug 17 19:51:47 2004 From: jarich at perltraining.com.au (Jacinta Richardson) Date: Tue Aug 17 19:51:57 2004 Subject: [Melbourne-pm] Dr Damian Conway's Perl courses and other PTA courses in Melbourne. Message-ID: <4122A823.5010601@perltraining.com.au> G'day folks, Perl Training Australia is pleased to announce that over the next few months we'll be running publicly enrolable courses by Dr Damian Conway. These are in addition to our first public run of our new Perl Security course and our introductory courses. I encourage you to encourage your managers to send you and your collegues on these courses as I'm certain there will be something to interest all programmers. Our current Melbourne calendar is as follows: *Early bird date* 27th August 2004 (see below) Introduction to Perl: 21st September - 22nd September 2004 Intermediate Perl: 23rd September - 24th September 2004 Perl Security: 8th October 2004 Advanced Object Oriented Perl: 31st January - 1st February 2005 * Text Processing with Perl: 3rd February 2005 * * - presented by Dr Damian Conway Places can be booked on these courses from our bookings page: http://www.perltraining.com.au/bookings.html The Advanced Object Oriented Perl and Text Processing with Perl (previously named Data Munging with Perl) will be presented by Dr Damian Conway. Advanced OO starts with how, and when, to bless arrays and scalars and ends at how to use multiple dispatch. Text Processing, on the other hand, covers regular expressions through to natural languages. The Perl Security course is our newest developed course and covers how to program securely in Perl. It includes taint checking and taint traps, using the multi-argument versions of system and exec, opening files with open and sysopen, safe temporary files, the Unix privilege model and how to work with it, ops and Safe, chroot and virtual machines, DBI and TaintIn/Out, Perl tricks and traps. About 60% of this information was covered in our test runs with PM. The introductory courses, as you know, are hands-on courses with plenty of time devoted to practicing the concepts covers. These two courses combined cover everything you need to get from being a Perl novice to coding up quite complex Perl applications and course content is applicable to Unix, Unix-like, Macintosh and MS Windows environments. Group booking discounts apply for bookings of 3 or more people on the same course. The group booking discounts can be found on our bookings page: http://www.perltraining.com.au/bookings.html Further more, mentioning Melbourne Perl Mongers when making your booking will entitle you to the same amount per person, per course (as a group booking) as a user group discount. If you book and pay by the appropriate early bird special date, you will be entitled to one free Perl book (of your choice) per person, per course booking. You can see the available books at: http://www.perltraining.com.au/books.html *Please Note* The early bird special date for the introductory courses in Melboure is Friday August 27th 2004 (9 business days time). As a further incentive to encourage you to encourage your collegues to come on these courses, we will give *you* one free Perl book (up to the value of $80 RRP) for every person who books on our course and mentions your name (one name per course booking). That means an average booking of 2 people from an organisation on both introductory courses gains your organisation *4* books^, *plus* $200 worth of user group discounts and gives *you* 4 books as well! ^ - assuming payment by early bird special date. These courses are run as a first-come first-served basis. Places are limited so early booking is recommended. We look forward to seeing you on our courses. All the very best, Jacinta Richardson -- ("`-''-/").___..--''"`-._ | Jacinta Richardson | `6_ 6 ) `-. ( ).`-.__.`) | Perl Training Australia | (_Y_.)' ._ ) `._ `. ``-..-' | +61 3 9354 6001 | _..`--'_..-_/ /--'_.' ,' | contact@perltraining.com.au | (il),-'' (li),' ((!.-' | www.perltraining.com.au | From list at bereft.net Tue Aug 17 23:50:56 2004 From: list at bereft.net (Brad Bowman) Date: Tue Aug 17 23:51:12 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> Message-ID: <1092804656.2214.33.camel@oxum> > > You can't nicely log out or modify the credentials. > > True, but as stated, you can't with any login/password field in mozilla > - - ie: it caches those too if the users clicks the button. > But... there are circumstances where you can - eg: a lab of computers > are setup to not allow password saving, then it will probably work. > Either way, you are depending on the implementation of the client. I may have drifted off the topic here. See below. > > Mozilla will always give you a popup. > > Not true. That is totally dependent on the authentication module. If > you don't send back a 401, you don't get a popup. I guess I should clarify where I'm coming from here. I looked into using the basic credentials as a ticket for authentication since it can be set in the url http://user:pass@blah/ cross-site and works w/o cookies. The snag was that mozilla ignored the url credentials when it had already used other credentials successfully and instead of trying the url ones as a fallback it poped up the box. It also ignored the auth domain in this scenario. This was the specific problem I was getting at. I only noticed it when trying out a cross-site auth idea. Brad -- When faced with a crisis, if one puts some spittle on his earlobe and exhales deeply through his nose, he will overcome anything at hand. This is a secret matter. -- Hagakure http://bereft.net/hagakure/ From scottp at dd.com.au Wed Aug 18 00:04:40 2004 From: scottp at dd.com.au (Scott Penrose) Date: Wed Aug 18 00:04:53 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <1092804656.2214.33.camel@oxum> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> Message-ID: <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/08/2004, at 2:50 PM, Brad Bowman wrote: > I guess I should clarify where I'm coming from here. > > I looked into using the basic credentials as a ticket for > authentication since it can be set in the url > http://user:pass@blah/ cross-site and works w/o cookies. > > The snag was that mozilla ignored the url credentials when > it had already used other credentials successfully and > instead of trying the url ones as a fallback it poped up > the box. It also ignored the auth domain in this scenario. Got you now :-) Yes that is correct and it sucks. Safari, IE and Konqueror all support user@ type URL, which is great when you just want to change your user, you just add user@ in front of your URL. Unfortunately it appears that the Mozilla team have seen this to be compromise of security (not sure why). Maybe it is a Mozilla bug. Scooter > This was the specific problem I was getting at. > I only noticed it when trying out a cross-site auth idea. > > - -- * - * http://www.osdc.com.au - Open Source Developers Conference * - * Scott Penrose VP in charge of Pancakes http://linux.dd.com.au/ scottp@dd.com.au Dismaimer: If you receive this email in error - please eat it immediately to prevent it from falling into the wrong hands. Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBIuNoDCFCcmAm26YRAry1AJsFTHafGs/xY4+zC46Snf45tnx7dACeMllk PWihhHEk2KIwXux1AVuVnc4= =lZ/w -----END PGP SIGNATURE----- From rickm at isite.net.au Wed Aug 18 00:16:52 2004 From: rickm at isite.net.au (Rick Measham) Date: Wed Aug 18 00:17:16 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> References: <87657mkqb0.fsf@enki.rimspace.net> <411DF540.2060100@iprimus.com.au> <87zn4wj23d.fsf@enki.rimspace.net> <411F5C05.5030902@iprimus.com.au> <411FEA1D.9050102@its.monash.edu.au> <4120976C.4020408@perltraining.com.au> <873c2nusu2.fsf@enki.rimspace.net> <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> Message-ID: At 3:04 pm +1000 2004-08-18, Scott Penrose wrote: >Safari, IE and Konqueror all support user@ type URL, which is great >when you just want to change your user, you just add user@ in front >of your URL. > >Unfortunately it appears that the Mozilla team have seen this to be >compromise of security (not sure why). Maybe it is a Mozilla bug. Strange then that they never picked it up until now ... I just checked Netscape 1.1N for Mac and it worked back then! Cheers! Rick -- -------------------------------------------------------- There are 10 kinds of people: those that understand binary, and those that don't. -------------------------------------------------------- The day Microsoft makes something that doesn't suck is the day they start selling vacuum cleaners -------------------------------------------------------- "Write a wise proverb and your name will live forever." -- Anonymous -------------------------------------------------------- From joshua at roughtrade.net Wed Aug 18 00:23:37 2004 From: joshua at roughtrade.net (Joshua Goodall) Date: Wed Aug 18 00:23:45 2004 Subject: [Melbourne-pm] Perl web application framework recommendations In-Reply-To: <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> References: <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> Message-ID: <20040818052337.GE15967@roughtrade.net> On Wed, Aug 18, 2004 at 03:04:40PM +1000, Scott Penrose wrote: > Safari, IE and Konqueror all support user@ type URL, which is great > when you just want to change your user, you just add user@ in front of > your URL. > > Unfortunately it appears that the Mozilla team have seen this to be > compromise of security (not sure why). Maybe it is a Mozilla bug. This is a security bug and was dropped by IE in February. http://www.kb.cert.org/vuls/id/652278 http://support.microsoft.com/?id=834489 http://xforce.iss.net/xforce/xfdb/13935 In IE, you now get an invalid syntax error. Mozilla allows it, but pops up a dialog with the message "You are about to login to this website, but the website does not require authentication. The website may be trying to trick you." if it doesn't get a challenge, or if you were already authenticated under another username. Joshua. -- Joshua Goodall "as modern as tomorrow afternoon" joshua@roughtrade.net - FW109 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040818/ef05118f/attachment.bin From david_dick at iprimus.com.au Tue Aug 24 04:56:58 2004 From: david_dick at iprimus.com.au (David Dick) Date: Tue Aug 24 05:02:41 2004 Subject: [Melbourne-pm] Testing fork In-Reply-To: <20040818052337.GE15967@roughtrade.net> References: <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> <20040818052337.GE15967@roughtrade.net> Message-ID: <412B10EA.40100@iprimus.com.au> Ok, test scripts are very nice, but some things are just ridiculously hard to do properly. i've got a cgi-script that needs to accept a job from a user, return a 202 and point the user to a url that they can use to monitor the job's status. Now, to kick off a job, the best way that i can think of is to partially daemonize (i don't want to close STDERR for example) and run the job in the partial daemon, while the original cgi process returns the pointer to the user. Unfortunately, the following bit of code has some issues; FORK: { if ($pid = fork) { exit 0; } elsif (defined $pid) { } elsif ($! =~ /No more process/) { sleep 5; redo FORK; } else { die("Can't fork:$!"); } } 1) How on earth can i test the /No more process/ line? I think i need a "ulimit -u" sort of capability, and need to switch it on and off to get the code to enter and exit the condition. 2) The horrifying mutations that this code can be subjected to. For example, i'm writing the code as a cgi script to maximise portability. For speed, the code be run using Apache::Registry. Which, among other things silently overrides the exit statement, unless you fully qualify as CORE::exit. I'm damned if i know how, even if i know and expect the weird environmental conditions, that i can test that my code is correct in an environment such as Apache::Registry; 3) probably a whole lot of other issues that i'm not aware of yet. anyone got any ideas on writing a test script for these sort of issues? From jpadfield at hotkey.net.au Tue Aug 24 17:46:27 2004 From: jpadfield at hotkey.net.au (Jonathon Padfield) Date: Tue Aug 24 17:46:33 2004 Subject: [Melbourne-pm] Testing fork In-Reply-To: <412B10EA.40100@iprimus.com.au> References: <4121D417.6000700@iprimus.com.au> <20040818052337.GE15967@roughtrade.net> <412B10EA.40100@iprimus.com.au> Message-ID: <200408250846.27862.jpadfield@hotkey.net.au> On Tue, 24 Aug 2004 07:56 pm, David Dick wrote: > i've got a cgi-script that needs to accept a job from a user, return a > 202 and point the user to a url that they can use to monitor the job's > status. > > Now, to kick off a job, the best way that i can think of is to partially > daemonize (i don't want to close STDERR for example) and run the job in > the partial daemon, while the original cgi process returns the pointer > to the user. > > 3) probably a whole lot of other issues that i'm not aware of yet. You've also got issues as to what user & permissions the script runs as (apache / root?), what directories it's limited to, etc. I had a similar situation in the past, but instead of forking the secondary process directly, I wrote a second daemon that simply kept scanning a directory for instructions left in files created by the webserver. When a new job was detected, it'd spawn off a new process. Now I'd probably achieve the same result using a database, and keep more information about the new processes, such as PID's, start time, exit code, etc. -Jon -- Jonathon Padfield Software Engineer Hotkey Internet Services From joshua at roughtrade.net Tue Aug 24 18:18:24 2004 From: joshua at roughtrade.net (Joshua Goodall) Date: Tue Aug 24 18:18:36 2004 Subject: [Melbourne-pm] Testing fork In-Reply-To: <412B10EA.40100@iprimus.com.au> References: <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> <20040818052337.GE15967@roughtrade.net> <412B10EA.40100@iprimus.com.au> Message-ID: <20040824231824.GB80011@roughtrade.net> On Tue, Aug 24, 2004 at 07:56:58PM +1000, David Dick wrote: > 2) The horrifying mutations that this code can be subjected to. For > example, i'm writing the code as a cgi script to maximise portability. > For speed, the code be run using Apache::Registry. Which, among other > things silently overrides the exit statement, unless you fully qualify > as CORE::exit. I'm damned if i know how, even if i know and expect the > weird environmental conditions, that i can test that my code is correct > in an environment such as Apache::Registry; > > 3) probably a whole lot of other issues that i'm not aware of yet. I'm used to Apache killing off children that run for too long. Why don't you write a real daemon instead? Your CGI can then just connect to it, give it the appropriate parameters, then leave it to work. Give it a couple of methods more for retrieving status/results, and then the CGIs are just presentation wrappers for the API your daemon presents. I suggest having it listen on a UNIX socket in /var/run/ Three advantages: i) The daemon can manage the workload queues e.g. a separate processing thread/child process per CPU, ii) You've decoupled the logic from the interface, so you can use it from more than just a CGI (e.g. you can monitor current workload from a command-line tool) iii) You've separated the permissions between the presentation layer and the logic layer. This is excellent for sidestepping a whole raft of security issues. Don't forget; to properly daemonise, reopen file descriptors 0,1,2 to /dev/null (don't just close them - it can cause problems if you exec subprocesses that expect them to be stdin/out/err), call setsid (to create a new session, a new process group, and remove references to any controlling terminal), and talk to syslog. There's a wrapper in CPAN for all that, but I forget the name. J -- Joshua Goodall "as modern as tomorrow afternoon" joshua@roughtrade.net - FW109 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040825/a7fa92fb/attachment.bin From leif.eriksen at hpa.com.au Tue Aug 24 20:53:26 2004 From: leif.eriksen at hpa.com.au (leif.eriksen@hpa.com.au) Date: Tue Aug 24 20:58:08 2004 Subject: [Melbourne-pm] Testing fork In-Reply-To: <412B10EA.40100@iprimus.com.au> References: <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> <20040818052337.GE15967@roughtrade.net> <412B10EA.40100@iprimus.com.au> Message-ID: <412BF116.20206@hpa.com.au> An HTML attachment was scrubbed... URL: http://mail.pm.org/pipermail/melbourne-pm/attachments/20040825/c26b8a74/attachment.htm From david_dick at iprimus.com.au Wed Aug 25 16:40:27 2004 From: david_dick at iprimus.com.au (David Dick) Date: Wed Aug 25 16:46:12 2004 Subject: [Melbourne-pm] Testing fork In-Reply-To: <412BF116.20206@hpa.com.au> References: <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> <20040818052337.GE15967@roughtrade.net> <412B10EA.40100@iprimus.com.au> <412BF116.20206@hpa.com.au> Message-ID: <412D074B.2080902@iprimus.com.au> Thanks all for those suggestions. Much appreciated. Am up to my neck in code the moment, but will attempt to get back to you later. From jarich at perltraining.com.au Thu Aug 26 00:56:15 2004 From: jarich at perltraining.com.au (Jacinta Richardson) Date: Thu Aug 26 00:56:26 2004 Subject: [Melbourne-pm] Call for papers reviewers Message-ID: <412D7B7F.2080606@perltraining.com.au> Roll up, roll up! Melbourne PM needs your help! Hi everyone, I'm the programme committee chair for the Open Source Developers' Conference - which is being organised and run by Melbourne PM later this year. In order for us to review the huge number of Perl papers we've received we're going to need either 20 people with some time on their hands (to review up to 3 papers each) or 50 people with a little time on their hands (to review 1 paper each). I'm going to hope that we can get at least 20 reviewers, but I need you to contact me and volunteer. If you are happy to review one paper, or two, or three, please let me know and I'll add you to my list. If you're also experienced with Python or PHP and would be happy to review papers there, your help would be appreciated. We also plan to have papers covering: Mozilla's XUL, Lego Micromouse, MySQL, Embedded Linux, CVS and make in system administration, Docbook, Javascript and Firebird. If you have sufficient experience to be able to spot ommissions, errors and other issues with papers on these topics, please mention this when you volunteer. All the very best, and I look forward to hearing from you. Jacinta Richardson -- ("`-''-/").___..--''"`-._ | Jacinta Richardson | `6_ 6 ) `-. ( ).`-.__.`) | Perl Training Australia | (_Y_.)' ._ ) `._ `. ``-..-' | +61 3 9354 6001 | _..`--'_..-_/ /--'_.' ,' | contact@perltraining.com.au | (il),-'' (li),' ((!.-' | www.perltraining.com.au | From Nathan.Bailey at its.monash.edu Thu Aug 26 01:36:54 2004 From: Nathan.Bailey at its.monash.edu (Nathan Bailey) Date: Thu Aug 26 01:40:22 2004 Subject: [Melbourne-pm] [JOB] HTML::Mason/perl/OOP/mod_perl/SQL programmer for Monash University Message-ID: <372917.1093502214@silas.cc.monash.edu.au> Monash University does a large amount of perl development from enterprise-level applications through to small-scale projects. Within the IT division, the FLT program have 10-15 perl developers working on maintenance, enhancements and the development of new and innovative systems ranging across Administration, Research, Learning and Teaching and the Community. Services are provided to both staff and students, with over 65,000 people regularly using FLT systems each month. Applications typically integrate with enterprise systems such as SAP HR/Finance, Endeavor Voyager, InterWoven TeamSite, WebCT Vista and the SunOne Messaging suite (LDAP, IMAP, WCAP, etc.). We also develop leading-edge internal solutions to issues such as billing/ecommerce, workflow, committee support, etc. ITS have a strong commitment to open standards and run almost all our web services on Apache-based Linux servers in a multi-server 'farm' configuration. FLT run Oracle on Solaris at the backend for maintaining state, configuration and other information. We are seeking a motivated team player with demonstrated ability in both procedural and object-oriented Perl, to design and develop innovative and rigorous solutions within an enterprise-wide, dynamic, database-backed web application environment. Essential attributes include expertise in Perl, and Unix (Linux/Solaris), project management and interpersonal skills. Knowledge of HTML::Mason and SQL (Oracle 9i) is highly regarded. Further information is available from: http://sssd.adm.monash.edu.au/employ/job.asp?refnumber=G045242 (I apologise for the MS Word document and if a PDF version is required, please request one from Kate or myself). re, N -- Nathan Bailey * Email: Nathan.Bailey@its.monash.edu Manager, Flexible Learning and Teaching Program, Application Services, Information Technology Services * Phone: +61 3 990 54741 Monash University 3800 Australia * Fax: +61 3 990 53024 From peterl at netlink.com.au Thu Aug 26 02:07:11 2004 From: peterl at netlink.com.au (Peter Lawrence) Date: Thu Aug 26 02:07:14 2004 Subject: [Melbourne-pm] Call for papers reviewers Message-ID: <200408260707.i7Q77BTm012011@www.pm.org> At 03:56 PM 8/26/04 +1000, Jacinta Richardson wrote: . . . >If you have sufficient experience to be able to spot ommissions, errors >and other issues with papers on these topics, please mention this when >you volunteer. It's spelled "omissions". Sorry, couldn't resist it. PML. GST+NPT=JOBS I.e., a Goods and Services Tax (or almost any other broad based production tax), with a Negative Payroll Tax, promotes employment. See http://member.netlink.com.au/~peterl/publicns.html#AFRLET2 and the other items on that page for some reasons why. From alfiejohn at acm.org Fri Aug 27 05:20:07 2004 From: alfiejohn at acm.org (Alfie John) Date: Fri Aug 27 05:20:09 2004 Subject: [Melbourne-pm] [JOB] HTML::Mason/perl/OOP/mod_perl/SQL programmer for Monash University In-Reply-To: <372917.1093502214@silas.cc.monash.edu.au> Message-ID: <000501c48c1f$70a801b0$5f3f1cd3@aldags> Hello, We are seeking a motivated team player with demonstrated ability in both procedural and object-oriented Perl, to design and develop innovative and rigorous solutions within an enterprise-wide, dynamic, database-backed web application environment. This is not just in regard to this particular job description, but I am searching for a junior position involving program design and implementation in a unix/perl environment. Because I lack the commercial experience in programming, I am willing to go ABSOLUTE MINIMUM pay to get a perl programming position! Thanks, Alfie John -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pm.org/pipermail/melbourne-pm/attachments/20040827/e1b6ea6b/attachment.htm From Nathan.Bailey at its.monash.edu Fri Aug 27 05:39:00 2004 From: Nathan.Bailey at its.monash.edu (Nathan Bailey) Date: Fri Aug 27 05:39:20 2004 Subject: [Melbourne-pm] [JOB] HTML::Mason/perl/OOP/mod_perl/SQL programmer for Monash University In-Reply-To: "27 Aug 2004 20:20:07 +1000." <000501c48c1f$70a801b0$5f3f1cd3@aldags> Message-ID: <378566.1093603140@silas.cc.monash.edu.au> Alfie John wrote: >Because I lack the commercial experience in programming, I am willing to >go ABSOLUTE MINIMUM pay to get a perl programming position! 1) It's generally a bad idea to play open-handed mizare before you evaluate your options :-) 2) You might want to give a sense of your current level of experience, i.e. no commercial programming, but what have you done in your own time? I have developed a (somewhat Monash-specific) perl career progression at: http://polynate.net/work/perl_career.html re, N From stas at stason.org Sat Aug 28 10:45:43 2004 From: stas at stason.org (Stas Bekman) Date: Sat Aug 28 10:45:53 2004 Subject: [Melbourne-pm] Testing fork In-Reply-To: <412B10EA.40100@iprimus.com.au> References: <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> <20040818052337.GE15967@roughtrade.net> <412B10EA.40100@iprimus.com.au> Message-ID: <4130A8A7.1050102@stason.org> David Dick wrote: [...] > 2) The horrifying mutations that this code can be subjected to. For > example, i'm writing the code as a cgi script to maximise portability. > For speed, the code be run using Apache::Registry. Which, among other > things silently overrides the exit statement, unless you fully qualify > as CORE::exit. I'm damned if i know how, even if i know and expect the > weird environmental conditions, that i can test that my code is correct > in an environment such as Apache::Registry; use Apache-Test (CPAN) > 3) probably a whole lot of other issues that i'm not aware of yet. You may find this useful: http://perl.apache.org/docs/1.0/guide/performance.html#Forking_and_Executing_Subprocesses_from_mod_perl -- __________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:stas@stason.org http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com From david_dick at iprimus.com.au Mon Aug 30 06:56:04 2004 From: david_dick at iprimus.com.au (David Dick) Date: Mon Aug 30 07:02:02 2004 Subject: [Melbourne-pm] Testing fork In-Reply-To: <412B10EA.40100@iprimus.com.au> References: <4121D417.6000700@iprimus.com.au> <4121FB8B.5040408@iprimus.com.au> <47B277E6-F04B-11D8-8ABE-000D93ADDF32@dd.com.au> <4122717F.4020700@iprimus.com.au> <1092800293.2212.21.camel@oxum> <4971427A-F0CF-11D8-8ABE-000D93ADDF32@dd.com.au> <1092804656.2214.33.camel@oxum> <1C852F68-F0D4-11D8-8ABE-000D93ADDF32@dd.com.au> <20040818052337.GE15967@roughtrade.net> <412B10EA.40100@iprimus.com.au> Message-ID: <413315D4.4060706@iprimus.com.au> David Dick wrote: > } elsif ($! =~ /No more process/) { *ahem* I believe the correct phrase is "cargo cult"... the following seems to be a little better. Or not... I still haven't had any luck actually creating this error for forks on linux. :( } elsif ($! == POSIX::EAGAIN()) { on linux at least the error message seems to be 'Try again' according to my copy of /usr/include/asm/errno.h