From jeremygwa at hotmail.com Sat Jul 8 16:15:44 2006 From: jeremygwa at hotmail.com (Jer A) Date: Sat, 08 Jul 2006 16:15:44 -0700 Subject: [VPM] perl process security Message-ID: hello all, I am working on a project and need some security advice. how secure are strings running in perl process? I am using string scalars to inject/embed (Ruby/Python)code into a Ruby/Python etc, piped child processes. considering the user does not have access to the perl code, how can I lockdown a perl process to prevent perl scalar memory from being read, from outside the process? also is there any security risk when passing data (scalar string values (large ones)) to a child process? Thanks in advance for all your help. -Jeremy A From jeremygwa at hotmail.com Sat Jul 8 16:22:38 2006 From: jeremygwa at hotmail.com (Jer A) Date: Sat, 08 Jul 2006 16:22:38 -0700 Subject: [VPM] perl process security Message-ID: hello all, I am working on a project and need some security advice. how secure are strings running in perl process? I am using string scalars to inject/embed (Ruby/Python)code into a Ruby/Python etc, piped child processes. considering the user does not have access to the perl code, how can I lockdown a perl process to prevent perl scalar memory from being read, from outside the process? also is there any security risk when passing data (scalar string values (large ones)) to a child process? My OS is Win32. Thanks in advance for all your help. -Jeremy A From jeremygwa at hotmail.com Sat Jul 8 16:22:38 2006 From: jeremygwa at hotmail.com (Jer A) Date: Sat, 08 Jul 2006 16:22:38 -0700 Subject: [VPM] perl process security Message-ID: hello all, I am working on a project and need some security advice. how secure are strings running in perl process? I am using string scalars to inject/embed (Ruby/Python)code into a Ruby/Python etc, piped child processes. considering the user does not have access to the perl code, how can I lockdown a perl process to prevent perl scalar memory from being read, from outside the process? also is there any security risk when passing data (scalar string values (large ones)) to a child process? My OS is Win32. Thanks in advance for all your help. -Jeremy A From darren at DarrenDuncan.net Sun Jul 9 23:06:19 2006 From: darren at DarrenDuncan.net (Darren Duncan) Date: Sun, 9 Jul 2006 23:06:19 -0700 Subject: [VPM] need car-pool and/or room-share for OSCON 2006 Message-ID: All, Today I made the (late) decision to sign up for the "hallway track" of OSCON 2006 that starts in 2 weeks ( http://conferences.oreillynet.com/os2006/ ). (Initially I wasn't going to go largely due to the cost, but then yesterday I realized that I could get 80% of what I want for zero conference fees with an "Exhibit Hall" registration; while I don't get most sessions and tutorials, I do get the networking and many extraneous events.) I am writing you because I would like to know who among us, or that is otherwise local, is going to this event. I would also like to know if I can car-pool with and/or room-share with you, or if you know someone else with whom I can car-pool or room-share. (Before you say it, I did also contact the 3 people on the event's room-sharing wiki, but that was only about sharing, not car-pooling.) (Note that while I could take a Greyhound-like bus both ways, I want to do each trip within one day, and I want the southbound trip to arrive at Portland during broad daylight for safety reasons, and I'm not sure if that's possible or easy.) Thank you in advance for any leads you can give me on this short notice. Thank you. -- Darren Duncan From Peter at PSDT.com Mon Jul 10 09:32:35 2006 From: Peter at PSDT.com (Peter Scott) Date: Mon, 10 Jul 2006 09:32:35 -0700 Subject: [VPM] need car-pool and/or room-share for OSCON 2006 In-Reply-To: References: Message-ID: <6.2.3.4.2.20060710093134.02688300@mail.webquarry.com> At 11:06 PM 7/9/2006, Darren Duncan wrote: >(Note that while I could take a Greyhound-like bus both ways, I want >to do each trip within one day, and I want the southbound trip to >arrive at Portland during broad daylight for safety reasons, and I'm >not sure if that's possible or easy.) Agreed with the other comments. I'm sure there are parts of Portland that aren't that safe at night, but I haven't found them and I don't think you will either. -- Peter Scott Pacific Systems Design Technologies http://www.perldebugged.com/ http://www.perlmedic.com/ From darren at DarrenDuncan.net Sun Jul 16 02:26:56 2006 From: darren at DarrenDuncan.net (Darren Duncan) Date: Sun, 16 Jul 2006 02:26:56 -0700 Subject: [VPM] the July meeting In-Reply-To: <6.2.3.4.2.20060613113031.02616b30@mail.webquarry.com> References: <6.2.3.4.2.20060613113031.02616b30@mail.webquarry.com> Message-ID: At 11:32 AM -0700 6/13/06, Peter Scott wrote: >The June Perl Mongers meeting is cancelled; part of the meeting on July >18 will be devoted to a preview of my OSCON session, "Mind Like Water: >The Path to Perl Bliss". Anyone with ideas for the other half of the >time, please contact me. Thanks. Regarding filling out the July meeting, I could also take a bit of time and share the latest goings-on in the development group for Perl 6, as I am regularly/actively involved in it. Both interesting developments project wise, but I can also share recent updates to the language design itself, and maybe demo some Perl 6 code or answer any questions about Perl 6 from people. As an example development, we now have a working subset of and rapidly improving implementation of Perl 6, called v6.pm, using pure Perl 5 (such as Moose and other CPAN modules). You can write Perl 6 code that is compiled to Perl 5 and integratable into a Perl 5 environment, so it is practically useable right now. No Haskell or Parrot necessary, though the Haskell implementation is currently further ahead as to the level of Perl 6 implemented (v6 will probably catch up soon), and in the long term Parrot will be the fastest implementation. That's very exciting news, and in fact I've decided to suspend any further development of newer CPAN modules written in Perl 5, and will be writing only the Perl 6 versions, since they are easier to write and should be invokable in Perl 5 code. My first such Perl 6 module that I expect to get working, and released on CPAN, is Set::Relation, that lets you manipulate data in your own programs in ways that you would normally use a SQL database to provide. -- Darren Duncan From Peter at PSDT.com Mon Jul 17 10:51:14 2006 From: Peter at PSDT.com (Peter Scott) Date: Mon, 17 Jul 2006 10:51:14 -0700 Subject: [VPM] Perl Mongers Meeting tomorrow Message-ID: <6.2.3.4.2.20060717104712.02827be8@mail.webquarry.com> Victoria.pm will meet at its regular date and time at 7:00 pm tomorrow, Tuesday, May 16, at UVic in ECS 660 (Engineering Computer Science, new building next to the engineering wing, see bottom left of C4 at http://www.uvic.ca/maps/2dmap.html). I will give a preview of my OSCON session "Mind Like Water: The Path to Perl Bliss" (http://conferences.oreillynet.com/cs/os2006/view/e_sess/8875). Darren Duncan will give an overview of recent exciting Perl 6 developments: >As an example development, we now have a working subset of and >rapidly improving implementation of Perl 6, called v6.pm, using pure >Perl 5 (such as Moose and other CPAN modules). You can write Perl 6 >code that is compiled to Perl 5 and integratable into a Perl 5 >environment, so it is practically useable right now. No Haskell or >Parrot necessary, though the Haskell implementation is currently >further ahead as to the level of Perl 6 implemented (v6 will probably >catch up soon), and in the long term Parrot will be the fastest >implementation. (Courtesy copy to VLUG and VOSSOC members by permission of the list managers. Victoria.pm's home page is .) -- Peter Scott Pacific Systems Design Technologies http://www.perldebugged.com/ http://www.perlmedic.com/ From Peter at PSDT.com Mon Jul 17 13:36:22 2006 From: Peter at PSDT.com (Peter Scott) Date: Mon, 17 Jul 2006 13:36:22 -0700 Subject: [VPM] Perl Mongers Meeting tomorrow - date correction Message-ID: <6.2.3.4.2.20060717133558.024649a0@mail.webquarry.com> Victoria.pm will meet at its regular date and time at 7:00 pm tomorrow, Tuesday, *July 18*, at UVic in ECS 660 (Engineering Computer Science, new building next to the engineering wing, see bottom left of C4 at http://www.uvic.ca/maps/2dmap.html). I will give a preview of my OSCON session "Mind Like Water: The Path to Perl Bliss" (http://conferences.oreillynet.com/cs/os2006/view/e_sess/8875). Darren Duncan will give an overview of recent exciting Perl 6 developments: >As an example development, we now have a working subset of and >rapidly improving implementation of Perl 6, called v6.pm, using pure >Perl 5 (such as Moose and other CPAN modules). You can write Perl 6 >code that is compiled to Perl 5 and integratable into a Perl 5 >environment, so it is practically useable right now. No Haskell or >Parrot necessary, though the Haskell implementation is currently >further ahead as to the level of Perl 6 implemented (v6 will probably >catch up soon), and in the long term Parrot will be the fastest >implementation. (Courtesy copy to VLUG and VOSSOC members by permission of the list managers. Victoria.pm's home page is .) -- Peter Scott Pacific Systems Design Technologies http://www.perldebugged.com/ http://www.perlmedic.com/ From jeremygwa at hotmail.com Fri Jul 21 19:05:35 2006 From: jeremygwa at hotmail.com (Jer A) Date: Fri, 21 Jul 2006 19:05:35 -0700 Subject: [VPM] proxy question Message-ID: hello all gurus This is not really a perl question, more of an infrastructure question. I want to write a simple smtp/pop/imap proxy filter. the proxy will sit between the client (eg eudora) and the isp mailserver. I dont really need help implementing it, but how do I set this proxy up, so the clients can still use the same email settings (eg. mail.host.com etc), as If the proxy was never their. for example, I have computers on a network behind a linksys router. All computers are Win2000pro. a proxy would site on computer "a" . "b","c" and "d" would connect(smtp/pop/imap client) to the proxy on computer "a", which would connect to the mailserver on the internet. how do I have the settings on each computer remain pointed to the mailserver on the internet, even though they would connect to a proxy in between? Thanks in advance for your reply. Jer A. From jeremygwa at hotmail.com Fri Jul 21 20:55:05 2006 From: jeremygwa at hotmail.com (Jer A) Date: Fri, 21 Jul 2006 20:55:05 -0700 Subject: [VPM] proxy question In-Reply-To: Message-ID: hello all gurus This is not really a perl question, more of an infrastructure question. I want to write a simple smtp/pop/imap proxy filter. the proxy will sit between the client (eg eudora) and the isp mailserver. I dont really need help implementing it, but how do I set this proxy up, so the clients can still use the same email settings (eg. mail.host.com etc), as If the proxy was never their. for example, I have computers on a network behind a linksys router. All computers are Win2000pro. a proxy would site on computer "a" . "b","c" and "d" would connect(smtp/pop/imap client) to the proxy on computer "a", which would connect to the mailserver on the internet. how do I have the settings on each computer remain pointed to the mailserver on the internet, even though they would connect to a proxy in between? Thanks in advance for your reply. Jer A. From darren at DarrenDuncan.net Mon Jul 31 12:06:46 2006 From: darren at DarrenDuncan.net (Darren Duncan) Date: Mon, 31 Jul 2006 12:06:46 -0700 Subject: [VPM] perl process security In-Reply-To: References: Message-ID: At 4:15 PM -0700 7/8/06, Jer A wrote: >hello all, >I am working on a project and need some security advice. how secure are >strings running in perl process? I am using string scalars to inject/embed >(Ruby/Python)code into a Ruby/Python etc, piped child processes. considering >the user does not have access to the perl code, how can I lockdown a perl >process to prevent perl scalar memory from being read, from outside the >process? also is there any security risk when passing data (scalar string >values (large ones)) to a child process? >Thanks in advance for all your help. >-Jeremy A This question is something you should read your operating system documentation for, as that is where it is handled, if the feature exists at all. Normally a protected memory OS will stop this. -- Darren Duncan From darren at DarrenDuncan.net Mon Jul 31 12:08:38 2006 From: darren at DarrenDuncan.net (Darren Duncan) Date: Mon, 31 Jul 2006 12:08:38 -0700 Subject: [VPM] proxy question In-Reply-To: References: Message-ID: At 7:05 PM -0700 7/21/06, Jer A wrote: >hello all gurus > >This is not really a perl question, more of an infrastructure question. >I want to write a simple smtp/pop/imap proxy filter. the proxy will sit >between the client (eg eudora) and the isp mailserver. > >I dont really need help implementing it, but how do I set this proxy up, so >the clients can still use the same email settings (eg. mail.host.com etc), >as If the proxy was never their. > >for example, I have computers on a network behind a linksys router. All >computers are Win2000pro. >a proxy would site on computer "a" . >"b","c" and "d" would connect(smtp/pop/imap client) to the proxy on computer >"a", which would connect to the mailserver on the internet. how do I have >the settings on each computer remain pointed to the mailserver on the >internet, even though they would connect to a proxy in between? > >Thanks in advance for your reply. > >Jer A. I don't know the answer to this. -- Darren Duncan From darren at DarrenDuncan.net Mon Jul 31 12:14:36 2006 From: darren at DarrenDuncan.net (Darren Duncan) Date: Mon, 31 Jul 2006 12:14:36 -0700 Subject: [VPM] Perl 6...taking sooo long...is it dead? In-Reply-To: References: Message-ID: At 6:55 AM -0700 6/4/06, Jer A wrote: >hey all, >I'd like to jump on the band wagon, and use perl 6 on the parrot vm, but I >cannot seem to get a working distrobution, and I cannot find enough >documentation. When i do a search on perl 6, it is all about the development >of perl 6 and parrot. >I wanna code perl 6 on parrot ....now;) They have been talking about this >perl 6 ever since I have picked up perl......is there a betas available, >that are in binary form and run on Win32? >Thanks for all your help. >-Jer A The Perl 6 development environment is in pre-alpha, so it is mainly useful to use it now if you are working on making or testing Perl 6 itself, as am I. Some binaries for Win32 exist, since Windows users tend to lack free build tools to compile their own. Have a look here to get some: http://pugs.kwiki.org/?PugsBinaries -- Darren Duncan From sk at infinitepigeons.org Mon Jul 31 12:21:25 2006 From: sk at infinitepigeons.org (Steven Kurylo) Date: Mon, 31 Jul 2006 12:21:25 -0700 Subject: [VPM] proxy question In-Reply-To: References: Message-ID: <6d91d5d80607311221h5d17a3fbh6a5a42703ea34526@mail.gmail.com> On 7/21/06, Jer A wrote: > hello all gurus > > This is not really a perl question, more of an infrastructure question. > I want to write a simple smtp/pop/imap proxy filter. the proxy will sit > between the client (eg eudora) and the isp mailserver. > > I dont really need help implementing it, but how do I set this proxy up, so > the clients can still use the same email settings (eg. mail.host.com etc), > as If the proxy was never their. > > for example, I have computers on a network behind a linksys router. All > computers are Win2000pro. > a proxy would site on computer "a" . > "b","c" and "d" would connect(smtp/pop/imap client) to the proxy on computer > "a", which would connect to the mailserver on the internet. how do I have > the settings on each computer remain pointed to the mailserver on the > internet, even though they would connect to a proxy in between? You need to make a transperant proxy. If you're router was linux, you'd use iptables to redirect the traffic to the proxy. Then the proxy would make the connection out to the internet. Instead of squid you would use your proxy: http://www.tldp.org/HOWTO/TransparentProxy.html I doubt you can do this with a linksys router. I also don't know of any windows tools for doing this. -- Steven Kurylo From darren at DarrenDuncan.net Mon Jul 31 12:27:56 2006 From: darren at DarrenDuncan.net (Darren Duncan) Date: Mon, 31 Jul 2006 12:27:56 -0700 Subject: [VPM] multiple questions and answers In-Reply-To: <200607300216.k6U2GqBb009604@pd2.baremetal.com> References: <200607300216.k6U2GqBb009604@pd2.baremetal.com> Message-ID: At 7:16 PM -0700 7/29/06, Jeremy Aiyadurai wrote (by private email): >hello Darren, Hello Jeremy, Note that I made this reply public since others could benefit from the answers. >P.S. the VPM mailing list seems dead, I have tried posting messages >but no-one seems to respond, and there seems to be little >discussion. Whats wrong? The list isn't dead, and I have seen several messages from you. But I think many of them weren't answered because no one who saw them could think of any quick and simple solutions, other than to look or ask somewhere else. (Also, you shouldn't post the same question multiple times in short succession.) All this said, I sent replies just now to your last 3 (unanswered) questions. >Also, I have heard that companies like IBM give away patents for >open-source projects. Is this still true. Can I get one for free? Forget about it. Software patents are evil and are best ignored. Don't try to look for or obtain any patent grants no matter what they say. Patents are hard to search, mostly useless, and largely unenforceable. Just go about and do your work, and pretend that there are no patents. >I am going full steam ahead, in making major project (not complete >yet -will have a perl component) of mine open-source using the GPL >license. I would also like to make some income from the project. My >Question is: how do I setup a dual license? eg. GPL for personal use >and non-profit business and Commercial license ($$$) for proprietory >integration. Can this be done? how? Dual-licensing can be done easily. Just release your project under the GPL as per a plain GPL project. Assuming you are the only author of the project (or other contributors agree to turn over their copyright interests to you and/or give you unlimited permission to use and sublicense as you see fit), you can additionally license the project to people under proprietary terms. If people want a non-GPL license, such as if they want their changes to be proprietary, they can contact you to ask for a proprietary license. You can also make money from supporting the project or customization even for people that just use the GPL license. Various companies such as MySQL AB go this route. -- Darren Duncan