From gatorreina at gmail.com  Tue Aug  4 15:01:44 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Tue, 4 Aug 2015 17:01:44 -0500
Subject: [Chicago-talk] Accessing a web app on a host.
Message-ID: <CAKLxnzY78TvOWy+e9rwS2hs7LCoYbXuVZ9nkoCgv8zmMyk80tw@mail.gmail.com>

Please bear with me because I am an extreme newbie when it comes to web
apps. That said I am playing around with dancer on a machine at my office.
I make slight changes to the basic app that one builds with "dancer -a
MyApp" and then start up dancer to see the changes on the local machine
http://0.0.0.0:3000. I would like to be able to work on the app while I am
at home.  Would I have to leave this machine in the DMZ of my linksys
router and then ssh to it? Or is the a better way of doing this?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150804/73b2ff40/attachment.html>

From amead2 at alanmead.org  Tue Aug  4 15:33:33 2015
From: amead2 at alanmead.org (Alan Mead)
Date: Tue, 04 Aug 2015 17:33:33 -0500
Subject: [Chicago-talk] Accessing a web app on a host.
In-Reply-To: <CAKLxnzY78TvOWy+e9rwS2hs7LCoYbXuVZ9nkoCgv8zmMyk80tw@mail.gmail.com>
References: <CAKLxnzY78TvOWy+e9rwS2hs7LCoYbXuVZ9nkoCgv8zmMyk80tw@mail.gmail.com>
Message-ID: <55C13DBD.8000201@alanmead.org>

There are many solutions.  I think most people install Dancer, etc.
locally and check out copies of the project from a software repository
using git, subversion, p4, etc.  But if you don't already have a repo or
you cannot reach it from home then you could just ZIP up the files and
send them to yourself. But this assumes you have a suitable development
computer at home.

You could also do what you propose. Even better, I think, would be to
use ssh tunneling because you wouldn't need to expose your nascent web
app to the Internet. You'd need to be able to ssh to the server at work,
then configure putty (at home) to forward to work and configure your
browser to use this proxy.  Something like this:

http://www.adamfowlerit.com/2013/01/05/using-firefox-with-a-putty-ssh-tunnel-as-a-socks-proxy/

If you have Linux at home, you can of course do this.  I think it's just
"ssh -D <hostname>".

-Alan

On 8/4/2015 5:01 PM, Richard Reina wrote:
> Please bear with me because I am an extreme newbie when it comes to
> web apps. That said I am playing around with dancer on a machine at my
> office. I make slight changes to the basic app that one builds with
> "dancer -a MyApp" and then start up dancer to see the changes on the
> local machine http://0.0.0.0:3000. I would like to be able to work on
> the app while I am at home.  Would I have to leave this machine in the
> DMZ of my linksys router and then ssh to it? Or is the a better way of
> doing this?
>
> Thanks
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk

-- 

Alan D. Mead, Ph.D.
President, Talent Algorithms Inc.

science + technology = better workers

+815.588.3846 (Office)
+267.334.4143 (Mobile)

http://www.alanmead.org

Announcing the Journal of Computerized Adaptive Testing (JCAT), a
peer-reviewed electronic journal designed to advance the science and
practice of computerized adaptive testing: http://www.iacat.org/jcat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150804/952ca4c2/attachment.html>

From madcityzen at gmail.com  Tue Aug  4 16:55:37 2015
From: madcityzen at gmail.com (Doug Bell)
Date: Tue, 4 Aug 2015 18:55:37 -0500
Subject: [Chicago-talk] Accessing a web app on a host.
In-Reply-To: <55C13DBD.8000201@alanmead.org>
References: <CAKLxnzY78TvOWy+e9rwS2hs7LCoYbXuVZ9nkoCgv8zmMyk80tw@mail.gmail.com>
	<55C13DBD.8000201@alanmead.org>
Message-ID: <B70FAC66-8FA5-4B92-908A-B971CCF331CE@gmail.com>

This is basically what I use Github for. I push all my code to GitHub, and whenever I need to work on it, I pull down the latest version and get to work. BitBucket is another solution, and that one allows free private repositories.

It does require that you learn a version control system (in this case, Git). For Git, https://help.github.com <https://help.github.com/> is a good place to start, and the Pro Git book is available for free at https://git-scm.com/book/en/v2 <https://git-scm.com/book/en/v2>.

If you're close enough to downtown Chicago to join one of the Office Hours meetings (http://www.meetup.com/ChicagoPM/events/224156909/ <http://www.meetup.com/ChicagoPM/events/224156909/>), we can help you get started with some of these kinds of things.

Indeed, it might be a good time for a presentation on version control if anyone's interested in speaking about one (or more).


Doug Bell
madcityzen at gmail.com



> On Aug 4, 2015, at 5:33 PM, Alan Mead <amead2 at alanmead.org> wrote:
> 
> There are many solutions.  I think most people install Dancer, etc. locally and check out copies of the project from a software repository using git, subversion, p4, etc.  But if you don't already have a repo or you cannot reach it from home then you could just ZIP up the files and send them to yourself. But this assumes you have a suitable development computer at home.
> 
> You could also do what you propose. Even better, I think, would be to use ssh tunneling because you wouldn't need to expose your nascent web app to the Internet. You'd need to be able to ssh to the server at work, then configure putty (at home) to forward to work and configure your browser to use this proxy.  Something like this:
> 
> http://www.adamfowlerit.com/2013/01/05/using-firefox-with-a-putty-ssh-tunnel-as-a-socks-proxy/ <http://www.adamfowlerit.com/2013/01/05/using-firefox-with-a-putty-ssh-tunnel-as-a-socks-proxy/>
> 
> If you have Linux at home, you can of course do this.  I think it's just "ssh -D <hostname>".
> 
> -Alan
> 
> On 8/4/2015 5:01 PM, Richard Reina wrote:
>> Please bear with me because I am an extreme newbie when it comes to web apps. That said I am playing around with dancer on a machine at my office. I make slight changes to the basic app that one builds with "dancer -a MyApp" and then start up dancer to see the changes on the local machine http://0.0.0.0:3000 <http://0.0.0.0:3000/>. I would like to be able to work on the app while I am at home.  Would I have to leave this machine in the DMZ of my linksys router and then ssh to it? Or is the a better way of doing this? 
>> 
>> Thanks
>> 
>> 
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org <mailto:Chicago-talk at pm.org>
>> http://mail.pm.org/mailman/listinfo/chicago-talk <http://mail.pm.org/mailman/listinfo/chicago-talk>
> -- 
> 
> Alan D. Mead, Ph.D.
> President, Talent Algorithms Inc.
> 
> science + technology = better workers
> 
> +815.588.3846 (Office)
> +267.334.4143 (Mobile)
> 
> http://www.alanmead.org <http://www.alanmead.org/>
> 
> Announcing the Journal of Computerized Adaptive Testing (JCAT), a
> peer-reviewed electronic journal designed to advance the science and
> practice of computerized adaptive testing: http://www.iacat.org/jcat <http://www.iacat.org/jcat>_______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150804/196d3acf/attachment.html>

From gatorreina at gmail.com  Wed Aug  5 11:01:24 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Wed, 5 Aug 2015 13:01:24 -0500
Subject: [Chicago-talk] finding *any* defined elements of a hash
Message-ID: <CAKLxnzYwyTjM=+Md_moqmtRjbfnac7bdtunPS8eSr2nuyMnBoA@mail.gmail.com>

Is there a way to tell if any element of a hash has a defined element
without having to check all the elements?

Such that if I have the following *potential* input from a HTML form

 my $input_hash = {

       FName => param('firstname'),
       LName => param('lastname'),
       Email => param('email'),

   };

Can I check to see if any of the hash's element is defined without checking
all the elements as the hash could grow in the future as the fields of the
form grow.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150805/3876ce2c/attachment-0001.html>

From andy at petdance.com  Wed Aug  5 11:05:42 2015
From: andy at petdance.com (Andy Lester)
Date: Wed, 5 Aug 2015 13:05:42 -0500
Subject: [Chicago-talk] finding *any* defined elements of a hash
In-Reply-To: <CAKLxnzYwyTjM=+Md_moqmtRjbfnac7bdtunPS8eSr2nuyMnBoA@mail.gmail.com>
References: <CAKLxnzYwyTjM=+Md_moqmtRjbfnac7bdtunPS8eSr2nuyMnBoA@mail.gmail.com>
Message-ID: <200B1214-DDCE-4BC6-90A1-83C68A23AC8E@petdance.com>


> On Aug 5, 2015, at 1:01 PM, Richard Reina <gatorreina at gmail.com> wrote:
> 
> my $input_hash = {  
>        
>        FName => param('firstname'),  
>        LName => param('lastname'),
>        Email => param('email'),
> 
>    };
>    
> Can I check to see if any of the hash's element is defined without checking all the elements as the hash could grow in the future as the fields of the form grow.


grep through the values and check their count.

my $number_of_defined_values = scalar grep { defined } values %{$input_hash};

--
Andy Lester => www.petdance.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150805/f423b378/attachment.html>

From dcmertens.perl at gmail.com  Wed Aug  5 11:29:05 2015
From: dcmertens.perl at gmail.com (David Mertens)
Date: Wed, 5 Aug 2015 14:29:05 -0400
Subject: [Chicago-talk] finding *any* defined elements of a hash
In-Reply-To: <CAKLxnzYwyTjM=+Md_moqmtRjbfnac7bdtunPS8eSr2nuyMnBoA@mail.gmail.com>
References: <CAKLxnzYwyTjM=+Md_moqmtRjbfnac7bdtunPS8eSr2nuyMnBoA@mail.gmail.com>
Message-ID: <CA+4ieYWa+VYFKJ+CM5kfC7zJE+J_h=QgNz8uy6bt3DLW5aE4hQ@mail.gmail.com>

On Wed, Aug 5, 2015 at 2:01 PM, Richard Reina <gatorreina at gmail.com> wrote:

> ...
>
> Can I check to see if any of the hash's element is defined without
> checking all the elements as the hash could grow in the future as the
> fields of the form grow.
> <http://mail.pm.org/mailman/listinfo/chicago-talk>


That sounds like a premature optimization to me. Even the low-level
internals of Perl hashes don't know which of their contents are defined.
But, since it looks like you construct the hash, I would bet that you could
check the return value of param() before adding it to the hash. Something
like this comes to mind (untested):

my %input_hash = map { my $val = param($_); $val ? ($_ => $val) : () }
qw(firstname lastname email);

You can then get the number of elements by getting the number of keys, or
values, in scalar context:

my $N_field_filled_out = scalar(keys %input_hash);

David



-- 
 "Debugging is twice as hard as writing the code in the first place.
  Therefore, if you write the code as cleverly as possible, you are,
  by definition, not smart enough to debug it." -- Brian Kernighan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150805/2608fa2a/attachment.html>

From madcityzen at gmail.com  Wed Aug  5 11:32:14 2015
From: madcityzen at gmail.com (Doug Bell)
Date: Wed, 5 Aug 2015 13:32:14 -0500
Subject: [Chicago-talk] finding *any* defined elements of a hash
In-Reply-To: <200B1214-DDCE-4BC6-90A1-83C68A23AC8E@petdance.com>
References: <CAKLxnzYwyTjM=+Md_moqmtRjbfnac7bdtunPS8eSr2nuyMnBoA@mail.gmail.com>
	<200B1214-DDCE-4BC6-90A1-83C68A23AC8E@petdance.com>
Message-ID: <7757550616112362910@unknownmsgid>

For some other possibilities, see the List::Util module, which has "any"
and "all".

use List::Util qw( any );
my $has_a_value = any { defined } values %{ $input_hash };

Though it is a core module, those functions have been added more recently,
so unless you have a modern Perl, you may need to update the List::Util
module from CPAN.

Doug Bell
preaction at me.com

On Aug 5, 2015, at 1:05 PM, Andy Lester <andy at petdance.com> wrote:


On Aug 5, 2015, at 1:01 PM, Richard Reina <gatorreina at gmail.com> wrote:

my $input_hash = {

       FName => param('firstname'),
       LName => param('lastname'),
       Email => param('email'),

   };

Can I check to see if any of the hash's element is defined without checking
all the elements as the hash could grow in the future as the fields of the
form grow.


grep through the values and check their count.

my $number_of_defined_values = scalar grep { defined } values
%{$input_hash};

--
Andy Lester => www.petdance.com

_______________________________________________
Chicago-talk mailing list
Chicago-talk at pm.org
http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150805/7929f02c/attachment.html>

From gatorreina at gmail.com  Wed Aug  5 13:32:36 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Wed, 5 Aug 2015 15:32:36 -0500
Subject: [Chicago-talk] finding *any* defined elements of a hash
In-Reply-To: <7757550616112362910@unknownmsgid>
References: <CAKLxnzYwyTjM=+Md_moqmtRjbfnac7bdtunPS8eSr2nuyMnBoA@mail.gmail.com>
	<200B1214-DDCE-4BC6-90A1-83C68A23AC8E@petdance.com>
	<7757550616112362910@unknownmsgid>
Message-ID: <CAKLxnzYFwcgF_Bm4kZoLzLkosN+3vRrjgtr1vKwE_S+o9Cmkaw@mail.gmail.com>

Thanks for all the replies.  I went with Andy's suggestion. But I will keep
in mind all others.

Thanks again.

2015-08-05 13:32 GMT-05:00 Doug Bell <madcityzen at gmail.com>:

> For some other possibilities, see the List::Util module, which has "any"
> and "all".
>
> use List::Util qw( any );
> my $has_a_value = any { defined } values %{ $input_hash };
>
> Though it is a core module, those functions have been added more recently,
> so unless you have a modern Perl, you may need to update the List::Util
> module from CPAN.
>
> Doug Bell
> preaction at me.com
>
> On Aug 5, 2015, at 1:05 PM, Andy Lester <andy at petdance.com> wrote:
>
>
> On Aug 5, 2015, at 1:01 PM, Richard Reina <gatorreina at gmail.com> wrote:
>
> my $input_hash = {
>
>        FName => param('firstname'),
>        LName => param('lastname'),
>        Email => param('email'),
>
>    };
>
> Can I check to see if any of the hash's element is defined without
> checking all the elements as the hash could grow in the future as the
> fields of the form grow.
>
>
> grep through the values and check their count.
>
> my $number_of_defined_values = scalar grep { defined } values
> %{$input_hash};
>
> --
> Andy Lester => www.petdance.com
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150805/6d54bdbf/attachment.html>

From richard at rushlogistics.com  Fri Aug  7 07:35:01 2015
From: richard at rushlogistics.com (richard at rushlogistics.com)
Date: Fri, 07 Aug 2015 09:35:01 -0500
Subject: [Chicago-talk] Password strength
Message-ID: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>

I am using perl dancer to create a new user login page. I was surfing arround to try to find how to create a password strength meter when I found this http://www.perlmonks.org/?node_id=948997 which has me second-guessing as to whether having one is even a good idea. Can anyone lend some insight in this matter and perhaps where to go get a good one if you believe they are a good idea?

Thanks,

Richard

From joel.limardo at forwardphase.com  Fri Aug  7 08:53:02 2015
From: joel.limardo at forwardphase.com (Joel Limardo)
Date: Fri, 7 Aug 2015 10:53:02 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
Message-ID: <CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>

If I'm not mistaken a strength meter tells the user 'hey..your password is
weak' which doesn't *force* them to change the password *nor* does it tell
them how to make a better one. As a rule of thumb, once you find yourself
acting on more than one assumption it is a good sign that you have too many
variables on hand to make a workable design.

I would instead a) force the user to enter a password of an appropriate
length with certain characters like numbers and symbols b) periodically ask
users to update their password (every 3 months, etc.) c) Disallow reuse of
passwords (store MD5 hashes somewhere) d) check IP addresses to identify
potential unauthorized access.

On Fri, Aug 7, 2015 at 9:35 AM, <richard at rushlogistics.com> wrote:

> I am using perl dancer to create a new user login page. I was surfing
> arround to try to find how to create a password strength meter when I found
> this http://www.perlmonks.org/?node_id=948997 which has me
> second-guessing as to whether having one is even a good idea. Can anyone
> lend some insight in this matter and perhaps where to go get a good one if
> you believe they are a good idea?
>
> Thanks,
>
> Richard
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/dca279a3/attachment.html>

From cjhamil at gmail.com  Fri Aug  7 09:07:19 2015
From: cjhamil at gmail.com (Chris Hamilton)
Date: Fri, 7 Aug 2015 11:07:19 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
Message-ID: <CA+H4PxDR1Jf+brhVqVoLNf-W+wHhtSfzSosoTcQtkdFWHfpzDA@mail.gmail.com>

> Disallow reuse of passwords (store MD5 hashes somewhere)

I wouldn't personally suggest doing this (and if you are going to do it, I
certainly wouldn't store them as MD5 hashes).

Presumably you're generating a new salt and strongly hashing the password
each time it's changed, as such your easiest choice is storing a history of
prior salt/hash combinations and comparing against these.  Still, I'm not
sure I'd recommend spending too much time caring about password reuse,
because unless you're going to disallow password reuse for all time, you
aren't actually preventing someone from reusing a password anyway (they
just need to go through N+1 quick password change iterations to get back to
where they started).

Some related reading:

http://security.stackexchange.com/questions/85074/is-it-safe-to-store-a-password-hash-history-for-preventing-user-to-keep-same-pas

-Chris

On Fri, Aug 7, 2015 at 10:53 AM, Joel Limardo <joel.limardo at forwardphase.com
> wrote:

> If I'm not mistaken a strength meter tells the user 'hey..your password is
> weak' which doesn't *force* them to change the password *nor* does it tell
> them how to make a better one. As a rule of thumb, once you find yourself
> acting on more than one assumption it is a good sign that you have too many
> variables on hand to make a workable design.
>
> I would instead a) force the user to enter a password of an appropriate
> length with certain characters like numbers and symbols b) periodically ask
> users to update their password (every 3 months, etc.) c) Disallow reuse of
> passwords (store MD5 hashes somewhere) d) check IP addresses to identify
> potential unauthorized access.
>
>
> On Fri, Aug 7, 2015 at 9:35 AM, <richard at rushlogistics.com> wrote:
>
>> I am using perl dancer to create a new user login page. I was surfing
>> arround to try to find how to create a password strength meter when I found
>> this http://www.perlmonks.org/?node_id=948997 which has me
>> second-guessing as to whether having one is even a good idea. Can anyone
>> lend some insight in this matter and perhaps where to go get a good one if
>> you believe they are a good idea?
>>
>> Thanks,
>>
>> Richard
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/bc0d91a9/attachment.html>

From madcityzen at gmail.com  Fri Aug  7 09:10:00 2015
From: madcityzen at gmail.com (Doug Bell)
Date: Fri, 7 Aug 2015 11:10:00 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
Message-ID: <901787056661836722@unknownmsgid>

Obligatory xkcd: https://xkcd.com/936/

Password length is really the most important metric. Logging, and enforcing
limits on login attempts are the second most important thing.

Anything that makes it harder for the user to use password managers or
remember their password (like causing them to make a new password
periodically) will cause them to either write their password down on a slip
of paper, opening a security hole, or use the "password recovery" feature
of your site a lot.

Really, if you want security, you want multi-factor auth: A password is
something the user "knows". Send a validation code to a mobile phone, or
use RSA key fobs, which are something the user "has". (to a lesser extent,
sending an e-mail is another factor, but it's required that the user have
secured that e-mail account well)

Also, as Chris Hamilton mentioned, MD5 must not be used for storing hashed
passwords. Blowfish is the current best practice (to my knowledge).

Also, if you can avoid doing your own authentication altogether, delegating
to an OAuth or OpenID provider (Facebook, Twitter, Github, StackExchange,
etc...), then you don't have anything to worry about (cough)

Doug Bell
preaction at me.com

On Aug 7, 2015, at 10:53 AM, Joel Limardo <joel.limardo at forwardphase.com>
wrote:

If I'm not mistaken a strength meter tells the user 'hey..your password is
weak' which doesn't *force* them to change the password *nor* does it tell
them how to make a better one. As a rule of thumb, once you find yourself
acting on more than one assumption it is a good sign that you have too many
variables on hand to make a workable design.

I would instead a) force the user to enter a password of an appropriate
length with certain characters like numbers and symbols b) periodically ask
users to update their password (every 3 months, etc.) c) Disallow reuse of
passwords (store MD5 hashes somewhere) d) check IP addresses to identify
potential unauthorized access.

On Fri, Aug 7, 2015 at 9:35 AM, <richard at rushlogistics.com> wrote:

> I am using perl dancer to create a new user login page. I was surfing
> arround to try to find how to create a password strength meter when I found
> this http://www.perlmonks.org/?node_id=948997 which has me
> second-guessing as to whether having one is even a good idea. Can anyone
> lend some insight in this matter and perhaps where to go get a good one if
> you believe they are a good idea?
>
> Thanks,
>
> Richard
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>


_______________________________________________
Chicago-talk mailing list
Chicago-talk at pm.org
http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/3818659a/attachment-0001.html>

From gatorreina at gmail.com  Fri Aug  7 09:20:51 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Fri, 7 Aug 2015 11:20:51 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <901787056661836722@unknownmsgid>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
	<901787056661836722@unknownmsgid>
Message-ID: <CAKLxnzak3F5U8u102W5HSV4hkrVv56cQJBkGZzzw+9pSHvb82Q@mail.gmail.com>

Also, if you can avoid doing your own authentication altogether, delegating
to an OAuth or OpenID provider (Facebook, Twitter, Github, StackExchange,
etc...), then you don't have anything to worry about (cough)

Doug Bell
preaction at me.com



By this do you mean do not collect any passwords but just allow everyone to
just login withe their facebook, twitter, github, etc accounts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/a5468498/attachment.html>

From joel.limardo at forwardphase.com  Fri Aug  7 09:25:48 2015
From: joel.limardo at forwardphase.com (Joel Limardo)
Date: Fri, 7 Aug 2015 11:25:48 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <CAKLxnzak3F5U8u102W5HSV4hkrVv56cQJBkGZzzw+9pSHvb82Q@mail.gmail.com>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
	<901787056661836722@unknownmsgid>
	<CAKLxnzak3F5U8u102W5HSV4hkrVv56cQJBkGZzzw+9pSHvb82Q@mail.gmail.com>
Message-ID: <CAOfjracNwd8qOK6Q0uqB4e4WZUwM3gb5xZSygWorn13n_CaBhw@mail.gmail.com>

"...By this do you mean do not collect any passwords but just allow
everyone to just login withe their facebook, twitter, github, etc
accounts?..."

One thing to think about here is that using an OAuth that uses Facebook or
some other system then a third party now has/stores potentially identifying
information about you as well as possible metrics about your usage,
frequency of use, etc. of the application. If you were in a foreign country
with a repressive government and, let's say, that organization was under
some kind of agreement to share this information with said government they
might just show up at your door after a few logins to the 'Freedom for
Panau Online Database'...

On Fri, Aug 7, 2015 at 11:20 AM, Richard Reina <gatorreina at gmail.com> wrote:

>
> Also, if you can avoid doing your own authentication altogether,
> delegating to an OAuth or OpenID provider (Facebook, Twitter, Github,
> StackExchange, etc...), then you don't have anything to worry about (cough)
>
> Doug Bell
> preaction at me.com
>
>
>
> By this do you mean do not collect any passwords but just allow everyone
> to just login withe their facebook, twitter, github, etc accounts?
>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/96e2598c/attachment.html>

From madcityzen at gmail.com  Fri Aug  7 09:27:06 2015
From: madcityzen at gmail.com (Doug Bell)
Date: Fri, 7 Aug 2015 11:27:06 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <CAKLxnzak3F5U8u102W5HSV4hkrVv56cQJBkGZzzw+9pSHvb82Q@mail.gmail.com>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
	<901787056661836722@unknownmsgid>
	<CAKLxnzak3F5U8u102W5HSV4hkrVv56cQJBkGZzzw+9pSHvb82Q@mail.gmail.com>
Message-ID: <2539352027464461738@unknownmsgid>

Right. Facebook does the authentication part, which is verifying the person
is who they say they are, then you do the authorization part, which is
"this person is allowed to do ..."

This is useful if you want to streamline the account/login process. It's
not as useful if you want privacy, since it requires your users to have
signed up for Facebook, Twitter, Github, Google, StackExchange, whatever.
Mozilla Persona might have fewer privacy implications.

There's also the possibility of simply not requiring a login at all.
Identify the user based on a cookie, and/or a browser fingerprint. If
identity / security isn't supremely important, and for a lot of webapps,
they aren't, you can remove barriers to participation by forgoing any need
for authentiation.

Doug Bell
preaction at me.com

On Aug 7, 2015, at 11:21 AM, Richard Reina <gatorreina at gmail.com> wrote:


Also, if you can avoid doing your own authentication altogether, delegating
to an OAuth or OpenID provider (Facebook, Twitter, Github, StackExchange,
etc...), then you don't have anything to worry about (cough)

Doug Bell
preaction at me.com



By this do you mean do not collect any passwords but just allow everyone to
just login withe their facebook, twitter, github, etc accounts?


_______________________________________________
Chicago-talk mailing list
Chicago-talk at pm.org
http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/67198fb5/attachment.html>

From joel.limardo at forwardphase.com  Fri Aug  7 10:35:38 2015
From: joel.limardo at forwardphase.com (Joel Limardo)
Date: Fri, 7 Aug 2015 12:35:38 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <CA+H4PxDR1Jf+brhVqVoLNf-W+wHhtSfzSosoTcQtkdFWHfpzDA@mail.gmail.com>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
	<CA+H4PxDR1Jf+brhVqVoLNf-W+wHhtSfzSosoTcQtkdFWHfpzDA@mail.gmail.com>
Message-ID: <CAOfjrae9rU3bxcWJMu1nE-Ouu-di4eTPzf35=a96LTzsdWSLog@mail.gmail.com>

"...I wouldn't personally suggest doing this (and if you are going to do
it, I certainly wouldn't store them as MD5 hashes)...."

I read the suggested article on stackexchange and I cannot discern what the
problem with storing old MD5 hashes of the password would be from it.  One
reply seemed to indicate that successive, nearly similar versions of a
hashed password could somehow be used to discern the password:

"...A user uses a relatively weak password, realizes this and updates the
password to a better password...superawesome -> !sup3eraw3s0m3!"

But the hashes of even those two examples are so markedly different I
cannot imagine what process would be used to identify anything similar
between them:

$ perl -MDigest::MD5 -e 'print Digest::MD5::md5_hex(q|superawesome|);'
b088b8dd3440c243eac53b2b23003c60

$ perl -MDigest::MD5 -e 'print Digest::MD5::md5_hex(q|!sup3eraw3s0m3!|);'
f1e8301312feacb45b752a6ce77eb880

MD5 hash 'reversal' appears to be done using some kind of dictionary file
(see http://www.perlmonks.org/?node_id=727370) which is defeated by using
the *combination* of numbers and characters as I recommended.

The biggest issue appears to be with asking a user to recreate a password
after some time period. The complaint is that it forces users to pick
passwords that are weaker. Responders agreed that forcing the password to
be a particular length (much like, "enter a password of an appropriate
length") is a solution here.

So I'm confused about what the issue would be with using MD5s if my
recommendations are taken together. Any insight?

On Fri, Aug 7, 2015 at 11:07 AM, Chris Hamilton <cjhamil at gmail.com> wrote:

> > Disallow reuse of passwords (store MD5 hashes somewhere)
>
> I wouldn't personally suggest doing this (and if you are going to do it, I
> certainly wouldn't store them as MD5 hashes).
>
> Presumably you're generating a new salt and strongly hashing the password
> each time it's changed, as such your easiest choice is storing a history of
> prior salt/hash combinations and comparing against these.  Still, I'm not
> sure I'd recommend spending too much time caring about password reuse,
> because unless you're going to disallow password reuse for all time, you
> aren't actually preventing someone from reusing a password anyway (they
> just need to go through N+1 quick password change iterations to get back to
> where they started).
>
> Some related reading:
>
>
> http://security.stackexchange.com/questions/85074/is-it-safe-to-store-a-password-hash-history-for-preventing-user-to-keep-same-pas
>
> -Chris
>
> On Fri, Aug 7, 2015 at 10:53 AM, Joel Limardo <
> joel.limardo at forwardphase.com> wrote:
>
>> If I'm not mistaken a strength meter tells the user 'hey..your password
>> is weak' which doesn't *force* them to change the password *nor* does it
>> tell them how to make a better one. As a rule of thumb, once you find
>> yourself acting on more than one assumption it is a good sign that you have
>> too many variables on hand to make a workable design.
>>
>> I would instead a) force the user to enter a password of an appropriate
>> length with certain characters like numbers and symbols b) periodically ask
>> users to update their password (every 3 months, etc.) c) Disallow reuse of
>> passwords (store MD5 hashes somewhere) d) check IP addresses to identify
>> potential unauthorized access.
>>
>>
>> On Fri, Aug 7, 2015 at 9:35 AM, <richard at rushlogistics.com> wrote:
>>
>>> I am using perl dancer to create a new user login page. I was surfing
>>> arround to try to find how to create a password strength meter when I found
>>> this http://www.perlmonks.org/?node_id=948997 which has me
>>> second-guessing as to whether having one is even a good idea. Can anyone
>>> lend some insight in this matter and perhaps where to go get a good one if
>>> you believe they are a good idea?
>>>
>>> Thanks,
>>>
>>> Richard
>>> _______________________________________________
>>> Chicago-talk mailing list
>>> Chicago-talk at pm.org
>>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>>
>>
>>
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/0e96148a/attachment-0001.html>

From jtk at depaul.edu  Fri Aug  7 10:41:52 2015
From: jtk at depaul.edu (John Kristoff)
Date: Fri, 7 Aug 2015 17:41:52 +0000
Subject: [Chicago-talk] Password strength
In-Reply-To: <e7d93361780149f4a31ba7b81a8eaa66@XCASPRD02-DFT.dpu.depaul.edu>
References: <e7d93361780149f4a31ba7b81a8eaa66@XCASPRD02-DFT.dpu.depaul.edu>
Message-ID: <20150807174152.GA3199@aharp.iorc.depaul.edu>

On Fri, Aug 07, 2015 at 02:35:01PM +0000, richard at rushlogistics.com wrote:
> I am using perl dancer to create a new user login page. I was surfing
> arround to try to find how to create a password strength meter when I
> found this http://www.perlmonks.org/?node_id=948997 which has me
> second-guessing as to whether having one is even a good idea. Can
> anyone lend some insight in this matter and perhaps where to go get a
> good one if you believe they are a good idea?

A meter seems little more than eye candy if it doesn't do anything other
than just show the complexity.  If the password must reach a certain
point on the meter, then that might be slightly more helpful.  It is
unlikely to affect user behavior much if at all.  As long as a password
satisifies the minimal constraints, most users won't exert much effort
to impress the meter.

USENIX and the IEEE Security & Privacy journals, to name just two, have
had numerous good articles related to passwords over the years that
might be useful references.  For instance:

  <https://www.usenix.org/sites/default/files/rethinking_password_policies_unabridged.pdf>

John

From jtk at depaul.edu  Fri Aug  7 10:52:48 2015
From: jtk at depaul.edu (John Kristoff)
Date: Fri, 7 Aug 2015 17:52:48 +0000
Subject: [Chicago-talk] Password strength
In-Reply-To: <61a61f0a2f5449fd929245994c33f155@XCASPRD02-DFT.dpu.depaul.edu>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
	<CA+H4PxDR1Jf+brhVqVoLNf-W+wHhtSfzSosoTcQtkdFWHfpzDA@mail.gmail.com>
	<61a61f0a2f5449fd929245994c33f155@XCASPRD02-DFT.dpu.depaul.edu>
Message-ID: <20150807175248.GC3199@aharp.iorc.depaul.edu>

On Fri, Aug 07, 2015 at 05:35:38PM +0000, Joel Limardo wrote:
> MD5 hash 'reversal' appears to be done using some kind of dictionary
> file (see http://www.perlmonks.org/?node_id=727370) which is defeated
> by using the *combination* of numbers and characters as I recommended.

Not necessarily.  Dictionaries aren't necessarily just word lists.  They
can contain all sorts of things.  There are many large "password
dictionaries" floating about.  There are also "rainbow tables", which
are precomputed hashes of potential passwords.  You might be surprised
what is some dictionaries and rainbow tables, seeminglying otherwise
very complex-looking passwords.

This appears to be a good write up of how to do salted password hashing:

  <https://crackstation.net/hashing-security.htm>

John

From cjhamil at gmail.com  Fri Aug  7 11:00:24 2015
From: cjhamil at gmail.com (Chris Hamilton)
Date: Fri, 7 Aug 2015 13:00:24 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <CAOfjrae9rU3bxcWJMu1nE-Ouu-di4eTPzf35=a96LTzsdWSLog@mail.gmail.com>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
	<CA+H4PxDR1Jf+brhVqVoLNf-W+wHhtSfzSosoTcQtkdFWHfpzDA@mail.gmail.com>
	<CAOfjrae9rU3bxcWJMu1nE-Ouu-di4eTPzf35=a96LTzsdWSLog@mail.gmail.com>
Message-ID: <CA+H4PxAWS112YMpkmdQrQZ+_a8XMMy+bvBK=O3KDqbTDd7Sw9w@mail.gmail.com>

> I cannot discern what the problem with storing old MD5 hashes of the
password would be from it

> the hashes of even those two examples are so markedly different I cannot
imagine what process would be used to identify anything similar between them

An attacker would not be looking for similarities in the hashes themselves,
they would be looking for similarities in cracked passwords.  Cracking an
MD5 hash is somewhat trivial (particularly if you're talking about unsalted
data going into it), if an attacker has access to unsalted MD5's and
distills that down to a list of passwords containing things like
"applejack4", they are going to have a reasonable degree of success trying
current passwords similar to this (e.g. "applejack5", etc.).

Particularly for systems that force regular password changes, users often
skirt this requirement by just incrementing a number at the end (or some
other similar common change).

Furthermore, once a known password scheme for a set of users has been
compromised, an attacker would also have a reasonable level of success
applying these known passwords (with small variations) to a wide variety of
other accounts in other systems tied to that same email address.

I'd also flip the question around on you:  What on earth would you have to
gain by storing old passwords (or *any* passwords) with an MD5 hash?  The
savings on a few bytes of data simply isn't worth the risk you introduce.

In short:  Don't use MD5 (at least not for anything even remotely related
to sensitive data).

-Chris

On Fri, Aug 7, 2015 at 12:35 PM, Joel Limardo <joel.limardo at forwardphase.com
> wrote:

> "...I wouldn't personally suggest doing this (and if you are going to do
> it, I certainly wouldn't store them as MD5 hashes)...."
>
> I read the suggested article on stackexchange and I cannot discern what
> the problem with storing old MD5 hashes of the password would be from it.
> One reply seemed to indicate that successive, nearly similar versions of a
> hashed password could somehow be used to discern the password:
>
> "...A user uses a relatively weak password, realizes this and updates the
> password to a better password...superawesome -> !sup3eraw3s0m3!"
>
> But the hashes of even those two examples are so markedly different I
> cannot imagine what process would be used to identify anything similar
> between them:
>
> $ perl -MDigest::MD5 -e 'print Digest::MD5::md5_hex(q|superawesome|);'
> b088b8dd3440c243eac53b2b23003c60
>
> $ perl -MDigest::MD5 -e 'print Digest::MD5::md5_hex(q|!sup3eraw3s0m3!|);'
> f1e8301312feacb45b752a6ce77eb880
>
> MD5 hash 'reversal' appears to be done using some kind of dictionary file
> (see http://www.perlmonks.org/?node_id=727370) which is defeated by using
> the *combination* of numbers and characters as I recommended.
>
> The biggest issue appears to be with asking a user to recreate a password
> after some time period. The complaint is that it forces users to pick
> passwords that are weaker. Responders agreed that forcing the password to
> be a particular length (much like, "enter a password of an appropriate
> length") is a solution here.
>
> So I'm confused about what the issue would be with using MD5s if my
> recommendations are taken together. Any insight?
>
> On Fri, Aug 7, 2015 at 11:07 AM, Chris Hamilton <cjhamil at gmail.com> wrote:
>
>> > Disallow reuse of passwords (store MD5 hashes somewhere)
>>
>> I wouldn't personally suggest doing this (and if you are going to do it,
>> I certainly wouldn't store them as MD5 hashes).
>>
>> Presumably you're generating a new salt and strongly hashing the password
>> each time it's changed, as such your easiest choice is storing a history of
>> prior salt/hash combinations and comparing against these.  Still, I'm not
>> sure I'd recommend spending too much time caring about password reuse,
>> because unless you're going to disallow password reuse for all time, you
>> aren't actually preventing someone from reusing a password anyway (they
>> just need to go through N+1 quick password change iterations to get back to
>> where they started).
>>
>> Some related reading:
>>
>>
>> http://security.stackexchange.com/questions/85074/is-it-safe-to-store-a-password-hash-history-for-preventing-user-to-keep-same-pas
>>
>> -Chris
>>
>> On Fri, Aug 7, 2015 at 10:53 AM, Joel Limardo <
>> joel.limardo at forwardphase.com> wrote:
>>
>>> If I'm not mistaken a strength meter tells the user 'hey..your password
>>> is weak' which doesn't *force* them to change the password *nor* does it
>>> tell them how to make a better one. As a rule of thumb, once you find
>>> yourself acting on more than one assumption it is a good sign that you have
>>> too many variables on hand to make a workable design.
>>>
>>> I would instead a) force the user to enter a password of an appropriate
>>> length with certain characters like numbers and symbols b) periodically ask
>>> users to update their password (every 3 months, etc.) c) Disallow reuse of
>>> passwords (store MD5 hashes somewhere) d) check IP addresses to identify
>>> potential unauthorized access.
>>>
>>>
>>> On Fri, Aug 7, 2015 at 9:35 AM, <richard at rushlogistics.com> wrote:
>>>
>>>> I am using perl dancer to create a new user login page. I was surfing
>>>> arround to try to find how to create a password strength meter when I found
>>>> this http://www.perlmonks.org/?node_id=948997 which has me
>>>> second-guessing as to whether having one is even a good idea. Can anyone
>>>> lend some insight in this matter and perhaps where to go get a good one if
>>>> you believe they are a good idea?
>>>>
>>>> Thanks,
>>>>
>>>> Richard
>>>> _______________________________________________
>>>> Chicago-talk mailing list
>>>> Chicago-talk at pm.org
>>>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Chicago-talk mailing list
>>> Chicago-talk at pm.org
>>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>>
>>
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/1c59e85c/attachment-0001.html>

From lembark at wrkhors.com  Sun Aug  9 09:02:58 2015
From: lembark at wrkhors.com (Steven Lembark)
Date: Sun, 9 Aug 2015 11:02:58 -0500
Subject: [Chicago-talk] Password strength
In-Reply-To: <CAOfjrae9rU3bxcWJMu1nE-Ouu-di4eTPzf35=a96LTzsdWSLog@mail.gmail.com>
References: <20150807093501.tlg9ajle88cckc88@hostingemail.xo.com>
	<CAOfjrac__heF++n1GR4Q4tJ9xUu_biPVMNxvfRD=Oy5sA+Ng8Q@mail.gmail.com>
	<CA+H4PxDR1Jf+brhVqVoLNf-W+wHhtSfzSosoTcQtkdFWHfpzDA@mail.gmail.com>
	<CAOfjrae9rU3bxcWJMu1nE-Ouu-di4eTPzf35=a96LTzsdWSLog@mail.gmail.com>
Message-ID: <20150809110258.1574dcbd@cannibal>


> So I'm confused about what the issue would be with using MD5s if my
> recommendations are taken together. Any insight?

The collision domain of MD5 hashes is not large enough to defeat
the computer resources avaialble to generate collisions.

The original /etc/passwd scheme of salt+hash worked in the days of
full-height 5MB drives because storing the enough strings to defeat 
it would have passed the Chandrasekhar limit. Today I can get enough
4TiB+ drives to store the space; or generate colliding hash chains
quickly enough to find collisions in "reasonable" times.

MD5 password hashes were a workable answer at the time they were
first invented but are now in the same bucket as salt+checksum: 
the hardware available to compute, store, and index collision 
chains is readily accessable. At that point MD5's collision domain
is not large enough to defeat someone.

The approach of requiring "better" passwords solves issues with 
brute-force generation of dictionary strings but does nothing to solve 
hash collision issues, which are simply a function of the MD5 digest 
size, not the input domain of the passwords.  The only real fix for 
this is using an ever-larger digest in order to make the domain of 
collisions large enough to avoid pre-computing them. Once that is 
done, forcing longer, more varied passwords is an excellent way to 
improve security; until then it doesn't help all that much.




-- 
Steven Lembark                                             3646 Flora Pl
Workhorse Computing                                   St Louis, MO 63110
lembark at wrkhors.com                                      +1 888 359 3508

From gatorreina at gmail.com  Mon Aug 10 12:01:10 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Mon, 10 Aug 2015 14:01:10 -0500
Subject: [Chicago-talk] (no subject)
Message-ID: <CAKLxnza+o=c8U5bBy3k7EGSvb-rNm8XXKj0akS=7bxY-F7kf0w@mail.gmail.com>

I get this message in my browser when doing form validation via
Dancer::Plugin::FormValidator.  Does anyone know why this might be
happening and if so how I can correct it?


'/profile.yml' is empty or non-existent at
/home/richard/perl5/lib/perl5/i486-linux-gnu-thread-multi-64int/YAML/Syck.pm


Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150810/0f2e1eb9/attachment.html>

From madcityzen at gmail.com  Mon Aug 10 18:27:31 2015
From: madcityzen at gmail.com (Doug Bell)
Date: Mon, 10 Aug 2015 20:27:31 -0500
Subject: [Chicago-talk] Meeting August 27 - Distribution Module Shootout
Message-ID: <171F84A1-1F6F-4C25-8CE2-A24FC2595F8F@gmail.com>

This month, Doug Bell, Joel Berger, and Eric Johnson will be giving short demonstrations of tools to manage Perl distributions. A distribution is an installable bundle of modules, usually uploaded to CPAN for others to download.

Doug will be presenting Dist::Zilla, the 500-lb gorilla of dist management. Joel will presenting Module::Build and Module::Build::Tiny with App::ModuleBuildTiny. Finally, Eric will be presenting Minilla and Carton.

Each talk with take about 20 minutes, with some extra time for questions.

RSVP on the Chicago.PM Meetup: http://www.meetup.com/ChicagoPM/events/224393894/ <http://www.meetup.com/ChicagoPM/events/224393894/>

Office hours will be held this Thursday, August 13. RSVP on the Meetup: http://www.meetup.com/ChicagoPM/events/224156909/ <http://www.meetup.com/ChicagoPM/events/224156909/>

Doug Bell
madcityzen at gmail.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150810/ab692278/attachment.html>

From richard at rushlogistics.com  Tue Aug 11 08:16:07 2015
From: richard at rushlogistics.com (richard at rushlogistics.com)
Date: Tue, 11 Aug 2015 10:16:07 -0500
Subject: [Chicago-talk] Hash help
Message-ID: <20150811101607.a95iiq4m8ksgsw8g@hostingemail.xo.com>

In the script below I can't figure out what I am doing wrong in building the $error_hash refrence. It only ends up containing the last missing parameter instead all that are missing (Lname and Email) can anyone help point out something that should be obvious to me?

Thanks

#!/usr/bin/perl;

use strict;
use warnings;

my $key;
my $hash;
my $value;
my $error_hash;
my %error_hash;
my %hash;

# create a hash

$hash = { 

??? FName? => 'Gregory',
??? LName? => '',
??? Email? => '',
??? Phone? => '312-888-9999',

?? };

# check the hash for missing values. 
?while ( ($key, $value) = each %$hash) {
??? 
???? ??? print "What we have in hash: $key => $value\n";
??? # test for an empty element
??? if (!defined($value) || $value eq '') {
??? print "NO " . $key . " WAS ENTERED\n";

??? $error_hash = {? # create a hash with missing paramaters & msg
??? ??? 
??? ????? $key => ' is missing.', 
??? ???? 
??? ?}

??? }
}

# iterate the error hash

?? %hash = %$error_hash;
??? ???? foreach my $k (keys %hash) {
??? ??? ??? ?print "$k: $hash{$k}\n";
??? ???? 
??? ???? }

From kirbyk at gmail.com  Tue Aug 11 08:18:02 2015
From: kirbyk at gmail.com (Kate Kirby)
Date: Tue, 11 Aug 2015 15:18:02 +0000
Subject: [Chicago-talk] Hash help
In-Reply-To: <20150811101607.a95iiq4m8ksgsw8g@hostingemail.xo.com>
References: <20150811101607.a95iiq4m8ksgsw8g@hostingemail.xo.com>
Message-ID: <CAOGd4TWktmC7qtoAV5kbp+rsLPunS0qKv7y0wa71eBAU2O_EoA@mail.gmail.com>

Change your inner thing to:

$error_hash->{ $key } = 'is missing';

It's resetting the whole hash each time rather than assigning a value to a
key.

-- Kate

On Tue, Aug 11, 2015 at 10:16 AM <richard at rushlogistics.com> wrote:

> In the script below I can't figure out what I am doing wrong in building
> the $error_hash refrence. It only ends up containing the last missing
> parameter instead all that are missing (Lname and Email) can anyone help
> point out something that should be obvious to me?
>
> Thanks
>
> #!/usr/bin/perl;
>
> use strict;
> use warnings;
>
> my $key;
> my $hash;
> my $value;
> my $error_hash;
> my %error_hash;
> my %hash;
>
> # create a hash
>
> $hash = {
>
>     FName  => 'Gregory',
>     LName  => '',
>     Email  => '',
>     Phone  => '312-888-9999',
>
>    };
>
> # check the hash for missing values.
>  while ( ($key, $value) = each %$hash) {
>
>          print "What we have in hash: $key => $value\n";
>     # test for an empty element
>     if (!defined($value) || $value eq '') {
>     print "NO " . $key . " WAS ENTERED\n";
>
>     $error_hash = {  # create a hash with missing paramaters & msg
>
>           $key => ' is missing.',
>
>      }
>
>     }
> }
>
> # iterate the error hash
>
>    %hash = %$error_hash;
>          foreach my $k (keys %hash) {
>              print "$k: $hash{$k}\n";
>
>          }
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150811/1cdd635e/attachment.html>

From shawn.c.carroll at gmail.com  Tue Aug 11 08:21:43 2015
From: shawn.c.carroll at gmail.com (Shawn Carroll)
Date: Tue, 11 Aug 2015 10:21:43 -0500
Subject: [Chicago-talk] Hash help
In-Reply-To: <20150811101607.a95iiq4m8ksgsw8g@hostingemail.xo.com>
References: <20150811101607.a95iiq4m8ksgsw8g@hostingemail.xo.com>
Message-ID: <CAFa6BoGrBKY58iiqJwEd1P=E3FpYnZHK6YoC4Lv9VteXmSNsXg@mail.gmail.com>

You are recreating your error_hash each time you try to add to it. Instead:

$error_hash{$key} = 'is missing';


shawn.c.carroll at gmail.com
Software Engineer
Soccer Referee

On Tue, Aug 11, 2015 at 10:16 AM, <richard at rushlogistics.com> wrote:

> In the script below I can't figure out what I am doing wrong in building
> the $error_hash refrence. It only ends up containing the last missing
> parameter instead all that are missing (Lname and Email) can anyone help
> point out something that should be obvious to me?
>
> Thanks
>
> #!/usr/bin/perl;
>
> use strict;
> use warnings;
>
> my $key;
> my $hash;
> my $value;
> my $error_hash;
> my %error_hash;
> my %hash;
>
> # create a hash
>
> $hash = {
>
>     FName  => 'Gregory',
>     LName  => '',
>     Email  => '',
>     Phone  => '312-888-9999',
>
>    };
>
> # check the hash for missing values.
>  while ( ($key, $value) = each %$hash) {
>
>          print "What we have in hash: $key => $value\n";
>     # test for an empty element
>     if (!defined($value) || $value eq '') {
>     print "NO " . $key . " WAS ENTERED\n";
>
>     $error_hash = {  # create a hash with missing paramaters & msg
>
>           $key => ' is missing.',
>
>      }
>
>     }
> }
>
> # iterate the error hash
>
>    %hash = %$error_hash;
>          foreach my $k (keys %hash) {
>              print "$k: $hash{$k}\n";
>
>          }
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150811/070f635c/attachment-0001.html>

From gatorreina at gmail.com  Tue Aug 11 08:27:20 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Tue, 11 Aug 2015 10:27:20 -0500
Subject: [Chicago-talk] Hash help
In-Reply-To: <CAFa6BoGrBKY58iiqJwEd1P=E3FpYnZHK6YoC4Lv9VteXmSNsXg@mail.gmail.com>
References: <20150811101607.a95iiq4m8ksgsw8g@hostingemail.xo.com>
	<CAFa6BoGrBKY58iiqJwEd1P=E3FpYnZHK6YoC4Lv9VteXmSNsXg@mail.gmail.com>
Message-ID: <CAKLxnzYEXLey4Jac7Fz5XA5SvF2NRA2GWhcSY5NR3B63Qn_AaQ@mail.gmail.com>

Thanks guys.  Painful to be so clueless.  Many thanks also for the quick
reply.

2015-08-11 10:21 GMT-05:00 Shawn Carroll <shawn.c.carroll at gmail.com>:

> You are recreating your error_hash each time you try to add to it. Instead:
>
> $error_hash{$key} = 'is missing';
>
>
> shawn.c.carroll at gmail.com
> Software Engineer
> Soccer Referee
>
> On Tue, Aug 11, 2015 at 10:16 AM, <richard at rushlogistics.com> wrote:
>
>> In the script below I can't figure out what I am doing wrong in building
>> the $error_hash refrence. It only ends up containing the last missing
>> parameter instead all that are missing (Lname and Email) can anyone help
>> point out something that should be obvious to me?
>>
>> Thanks
>>
>> #!/usr/bin/perl;
>>
>> use strict;
>> use warnings;
>>
>> my $key;
>> my $hash;
>> my $value;
>> my $error_hash;
>> my %error_hash;
>> my %hash;
>>
>> # create a hash
>>
>> $hash = {
>>
>>     FName  => 'Gregory',
>>     LName  => '',
>>     Email  => '',
>>     Phone  => '312-888-9999',
>>
>>    };
>>
>> # check the hash for missing values.
>>  while ( ($key, $value) = each %$hash) {
>>
>>          print "What we have in hash: $key => $value\n";
>>     # test for an empty element
>>     if (!defined($value) || $value eq '') {
>>     print "NO " . $key . " WAS ENTERED\n";
>>
>>     $error_hash = {  # create a hash with missing paramaters & msg
>>
>>           $key => ' is missing.',
>>
>>      }
>>
>>     }
>> }
>>
>> # iterate the error hash
>>
>>    %hash = %$error_hash;
>>          foreach my $k (keys %hash) {
>>              print "$k: $hash{$k}\n";
>>
>>          }
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150811/27ce7afb/attachment.html>

From richard at rushlogistics.com  Tue Aug 11 15:21:03 2015
From: richard at rushlogistics.com (richard at rushlogistics.com)
Date: Tue, 11 Aug 2015 17:21:03 -0500
Subject: [Chicago-talk] dancer2 authentication
Message-ID: <20150811172103.4khptp410kgc8gk0@hostingemail.xo.com>

I am using dancer2 and was wondering if someone could point me in the direction of code that encrypts a password provided by a user and so that it can be stored in a MySQL database and code that would would allow me to match a provided password with the stored one when the user wants to log back in. Would in be better to use some sort of dancer plugin or just write my own code that uses Blowfish and Crypt:CBC? I am hoping that there must be some strong existing code out there. Please let me know if you know of any or if you have any ideas. 

Thanks

From cjhamil at gmail.com  Tue Aug 11 16:30:41 2015
From: cjhamil at gmail.com (Chris Hamilton)
Date: Tue, 11 Aug 2015 18:30:41 -0500
Subject: [Chicago-talk] dancer2 authentication
In-Reply-To: <20150811172103.4khptp410kgc8gk0@hostingemail.xo.com>
References: <20150811172103.4khptp410kgc8gk0@hostingemail.xo.com>
Message-ID: <CA+H4PxAOppdCd2N8ywAe-UWqQpJAwZYVvvbgp9n2RKPs=T+OQw@mail.gmail.com>

I don't use Dancer, but I believe what you're looking for is
Dancer2::Plugin::Passphrase.

https://metacpan.org/pod/Dancer2::Plugin::Passphrase

The important things to do (especially if you opt not to use a plugin) is
to ensure you are using distinct per-user salts and using a strong hashing
algorithm (e.g. bcrypt).  You'll store the salt and the bcrypt result in
two columns in your DB.  To validate an authentication request from a user
you will take their input, concatenate it with the same salt, bcrypt the
result, and then compare the output to what you have stored.  If they
match, the password was correctly entered.

-Chris

On Tue, Aug 11, 2015 at 5:21 PM, <richard at rushlogistics.com> wrote:

> I am using dancer2 and was wondering if someone could point me in the
> direction of code that encrypts a password provided by a user and so that
> it can be stored in a MySQL database and code that would would allow me to
> match a provided password with the stored one when the user wants to log
> back in. Would in be better to use some sort of dancer plugin or just write
> my own code that uses Blowfish and Crypt:CBC? I am hoping that there must
> be some strong existing code out there. Please let me know if you know of
> any or if you have any ideas.
>
> Thanks
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150811/8b127e75/attachment.html>

From drench at gmail.com  Tue Aug 11 20:35:50 2015
From: drench at gmail.com (Daniel Rench)
Date: Tue, 11 Aug 2015 22:35:50 -0500
Subject: [Chicago-talk] dancer2 authentication
In-Reply-To: <CA+H4PxAOppdCd2N8ywAe-UWqQpJAwZYVvvbgp9n2RKPs=T+OQw@mail.gmail.com>
References: <20150811172103.4khptp410kgc8gk0@hostingemail.xo.com>
	<CA+H4PxAOppdCd2N8ywAe-UWqQpJAwZYVvvbgp9n2RKPs=T+OQw@mail.gmail.com>
Message-ID: <CAOaq=gd-OeYgF=QCRfX+Kuw+s1p-o=6zJuJV5vyTSqZ_F1_8Fw@mail.gmail.com>

I agree with Chris: this looks like a good plugin if you use the
default bcrypt mode.

I'd suggest letting the module generate the salts for you though, and
I'd go with a single database column since the salt is embedded in the
bcrypt string itself[1].

Any thoughts on the default cost/work factor of 4? It seems low. Just
as a comparison, Devise (a common Rails authentication library)
defaults to 10.

[1] There's a decent explanation of the format in answer #2 here:
http://wenda.baba.io/questions/94842/can-someone-explain-how-bcrypt-verifies-a-hash.html

Dan


On Tue, Aug 11, 2015 at 6:30 PM, Chris Hamilton <cjhamil at gmail.com> wrote:
> I don't use Dancer, but I believe what you're looking for is
> Dancer2::Plugin::Passphrase.
>
> https://metacpan.org/pod/Dancer2::Plugin::Passphrase
>
> The important things to do (especially if you opt not to use a plugin) is to
> ensure you are using distinct per-user salts and using a strong hashing
> algorithm (e.g. bcrypt).  You'll store the salt and the bcrypt result in two
> columns in your DB.  To validate an authentication request from a user you
> will take their input, concatenate it with the same salt, bcrypt the result,
> and then compare the output to what you have stored.  If they match, the
> password was correctly entered.
>
> -Chris
>
> On Tue, Aug 11, 2015 at 5:21 PM, <richard at rushlogistics.com> wrote:
>>
>> I am using dancer2 and was wondering if someone could point me in the
>> direction of code that encrypts a password provided by a user and so that it
>> can be stored in a MySQL database and code that would would allow me to
>> match a provided password with the stored one when the user wants to log
>> back in. Would in be better to use some sort of dancer plugin or just write
>> my own code that uses Blowfish and Crypt:CBC? I am hoping that there must be
>> some strong existing code out there. Please let me know if you know of any
>> or if you have any ideas.
>>
>> Thanks
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk

From gatorreina at gmail.com  Thu Aug 13 08:48:19 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Thu, 13 Aug 2015 10:48:19 -0500
Subject: [Chicago-talk] Expandable HTML form in dancer
Message-ID: <CD9DEDEE-E9E8-49B1-974B-C68F6B8DBB44@gmail.com>

Does anyone know where I can find a tutorial or sample code for creating an expandable HTML widget for a form that when the user checks a box it expands and asks for additional information to be filled in? So far I have only been able to find examples for Java.

Thanks 



From amead2 at alanmead.org  Thu Aug 13 09:06:33 2015
From: amead2 at alanmead.org (Alan Mead)
Date: Thu, 13 Aug 2015 11:06:33 -0500
Subject: [Chicago-talk] Expandable HTML form in dancer
In-Reply-To: <CD9DEDEE-E9E8-49B1-974B-C68F6B8DBB44@gmail.com>
References: <CD9DEDEE-E9E8-49B1-974B-C68F6B8DBB44@gmail.com>
Message-ID: <55CCC089.9000707@alanmead.org>

Richard,

I don't know if there is a easy Dancer way to do this.  Otherwise,
you'll need to use JavaScript:

https://www.google.com/search?q=javascript+expand+form+checkbox&ie=utf-8&oe=utf-8

-Alan

On 8/13/2015 10:48 AM, Richard Reina wrote:
> Does anyone know where I can find a tutorial or sample code for creating an expandable HTML widget for a form that when the user checks a box it expands and asks for additional information to be filled in? So far I have only been able to find examples for Java.
>
> Thanks 
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk

-- 

Alan D. Mead, Ph.D.
President, Talent Algorithms Inc.

science + technology = better workers

+815.588.3846 (Office)
+267.334.4143 (Mobile)

http://www.alanmead.org

Announcing the Journal of Computerized Adaptive Testing (JCAT), a
peer-reviewed electronic journal designed to advance the science and
practice of computerized adaptive testing: http://www.iacat.org/jcat


From doug.bell at baml.com  Thu Aug 13 09:55:40 2015
From: doug.bell at baml.com (Bell, Doug)
Date: Thu, 13 Aug 2015 16:55:40 +0000
Subject: [Chicago-talk] Expandable HTML form in dancer
In-Reply-To: <55CCC089.9000707@alanmead.org>
References: <CD9DEDEE-E9E8-49B1-974B-C68F6B8DBB44@gmail.com>
	<55CCC089.9000707@alanmead.org>
Message-ID: <CCEB9D2FD7BED8469B58420244DB6E0C305BAFEE@smtp_mail.bankofamerica.com>

Only JavaScript has that kind of interactivity. You might also consider adopting a UI library like Bootstrap (http://getbootstrap.com), Semantic-UI (http://semantic-ui.com/), Foundation (http://foundation.zurb.com/), or others, to make some common tasks easier (though I'm not sure if this will be one of them).



-----Original Message-----
From: Chicago-talk [mailto:chicago-talk-bounces+doug.bell=baml.com at pm.org] On Behalf Of Alan Mead
Sent: Thursday, August 13, 2015 11:07 AM
To: Chicago.pm chatter
Subject: Re: [Chicago-talk] Expandable HTML form in dancer

Richard,

I don't know if there is a easy Dancer way to do this.  Otherwise, you'll need to use JavaScript:

https://www.google.com/search?q=javascript+expand+form+checkbox&ie=utf-8&oe=utf-8

-Alan

On 8/13/2015 10:48 AM, Richard Reina wrote:
> Does anyone know where I can find a tutorial or sample code for creating an expandable HTML widget for a form that when the user checks a box it expands and asks for additional information to be filled in? So far I have only been able to find examples for Java.
>
> Thanks
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk

-- 

Alan D. Mead, Ph.D.
President, Talent Algorithms Inc.

science + technology = better workers

+815.588.3846 (Office)
+267.334.4143 (Mobile)

http://www.alanmead.org

Announcing the Journal of Computerized Adaptive Testing (JCAT), a peer-reviewed electronic journal designed to advance the science and practice of computerized adaptive testing: http://www.iacat.org/jcat

_______________________________________________
Chicago-talk mailing list
Chicago-talk at pm.org
http://mail.pm.org/mailman/listinfo/chicago-talk

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.

From gatorreina at gmail.com  Tue Aug 18 08:28:14 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Tue, 18 Aug 2015 10:28:14 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
Message-ID: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>

When I use the code below I get:

Odd number of elements in hash assignment at Conxtn.pm line 29.
I have read about this in perlmonks but still don't get why it's happening
here because as
far as I know I am not innitializing my hash with undef.  Can anyone tell
me how I can correct so that I do not get this warning?

Thanks


   use Conxtn;

   my $desired_db = 'user_opps';
   my $con_object = Conxtn->new(db => $desired_db);







package Conxtn;

use DBI;
use strict;
use warnings;


#############################
sub new {
#############################

    my ( $class, %args ) = @_;

    bless {

    _db_name => $args{'db'},
    _server => $args{'server'},

    }, $class;

#######################
} # end of sub new
######################

########################
sub connect {
########################

    my ( $self, %args ) = @_;
    my $server; # db server

    open MICLAVE, "/home/richard/Dancer2/MyApp/pass" or die "$!";
    chomp (my ($user, $clave) = <MICLAVE>);
    close MICLAVE;

    # select a server for a connection
    unless ( defined($self->{_server}) )  {
     $server = '127.0.0.1'; ### enter server IP HERE
    }

    my $dbh =
DBI->connect("DBI:mysql:database=$self->{_db_name};$server",$user,$clave);

    return $dbh;

################################
} # end of sub connect
###############################

1;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/b8d6b1ce/attachment.html>

From andy at petdance.com  Tue Aug 18 08:30:03 2015
From: andy at petdance.com (Andy Lester)
Date: Tue, 18 Aug 2015 10:30:03 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
Message-ID: <C62E7582-755B-42C1-99BC-48192580D21B@petdance.com>


> On Aug 18, 2015, at 10:28 AM, Richard Reina <gatorreina at gmail.com> wrote:
> 
> Odd number of elements in hash assignment at Conxtn.pm line 29.
> 


Which line is line 29?

--
Andy Lester => www.petdance.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/63059605/attachment.html>

From gatorreina at gmail.com  Tue Aug 18 08:41:51 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Tue, 18 Aug 2015 10:41:51 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <C62E7582-755B-42C1-99BC-48192580D21B@petdance.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
	<C62E7582-755B-42C1-99BC-48192580D21B@petdance.com>
Message-ID: <CAKLxnzaVnm-vgfGXAzv=z8yH+yqwGhLKZ9DmBBJru3dC37EHpQ@mail.gmail.com>

  my ( $self, %args ) = @_;

Sorry.

2015-08-18 10:30 GMT-05:00 Andy Lester <andy at petdance.com>:

>
> On Aug 18, 2015, at 10:28 AM, Richard Reina <gatorreina at gmail.com> wrote:
>
> Odd number of elements in hash assignment at Conxtn.pm line 29.
>
>
> Which line is line 29?
>
> --
> Andy Lester => www.petdance.com
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/ab884b11/attachment.html>

From me at heyjay.com  Tue Aug 18 08:55:12 2015
From: me at heyjay.com (Jay Strauss)
Date: Tue, 18 Aug 2015 10:55:12 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <CAKLxnzaVnm-vgfGXAzv=z8yH+yqwGhLKZ9DmBBJru3dC37EHpQ@mail.gmail.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
	<C62E7582-755B-42C1-99BC-48192580D21B@petdance.com>
	<CAKLxnzaVnm-vgfGXAzv=z8yH+yqwGhLKZ9DmBBJru3dC37EHpQ@mail.gmail.com>
Message-ID: <CANpdWGVxyR7usaKo5AEDZB+EPJH40T508S8yE2xJFpzJ53aNfw@mail.gmail.com>

maybe

my ( $self, @args ) = @_;

On Tue, Aug 18, 2015 at 10:41 AM, Richard Reina <gatorreina at gmail.com>
wrote:

>   my ( $self, %args ) = @_;
>
> Sorry.
>
> 2015-08-18 10:30 GMT-05:00 Andy Lester <andy at petdance.com>:
>
>>
>> On Aug 18, 2015, at 10:28 AM, Richard Reina <gatorreina at gmail.com> wrote:
>>
>> Odd number of elements in hash assignment at Conxtn.pm line 29.
>>
>>
>> Which line is line 29?
>>
>> --
>> Andy Lester => www.petdance.com
>>
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/68f10aa7/attachment.html>

From me at heyjay.com  Tue Aug 18 08:58:23 2015
From: me at heyjay.com (Jay Strauss)
Date: Tue, 18 Aug 2015 10:58:23 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <CANpdWGVxyR7usaKo5AEDZB+EPJH40T508S8yE2xJFpzJ53aNfw@mail.gmail.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
	<C62E7582-755B-42C1-99BC-48192580D21B@petdance.com>
	<CAKLxnzaVnm-vgfGXAzv=z8yH+yqwGhLKZ9DmBBJru3dC37EHpQ@mail.gmail.com>
	<CANpdWGVxyR7usaKo5AEDZB+EPJH40T508S8yE2xJFpzJ53aNfw@mail.gmail.com>
Message-ID: <CANpdWGXnZgjCYyzbr5uww+KZ11FyoxKWTjebHyDtLyv6nduWqw@mail.gmail.com>

Whoops, sorry, didn't see previous email.

my answer is wrong :)

On Tue, Aug 18, 2015 at 10:55 AM, Jay Strauss <me at heyjay.com> wrote:

> maybe
>
> my ( $self, @args ) = @_;
>
> On Tue, Aug 18, 2015 at 10:41 AM, Richard Reina <gatorreina at gmail.com>
> wrote:
>
>>   my ( $self, %args ) = @_;
>>
>> Sorry.
>>
>> 2015-08-18 10:30 GMT-05:00 Andy Lester <andy at petdance.com>:
>>
>>>
>>> On Aug 18, 2015, at 10:28 AM, Richard Reina <gatorreina at gmail.com>
>>> wrote:
>>>
>>> Odd number of elements in hash assignment at Conxtn.pm line 29.
>>>
>>>
>>> Which line is line 29?
>>>
>>> --
>>> Andy Lester => www.petdance.com
>>>
>>>
>>> _______________________________________________
>>> Chicago-talk mailing list
>>> Chicago-talk at pm.org
>>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>>
>>
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/791dc1e8/attachment-0001.html>

From imranjj at gmail.com  Tue Aug 18 09:25:57 2015
From: imranjj at gmail.com (imran javaid)
Date: Tue, 18 Aug 2015 11:25:57 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
Message-ID: <CACgL-nJ33t_4bw8DRzPSQzCXe_eMidQNrbv2meqPy6fg5ZJ=Wg@mail.gmail.com>

Your example shows how you created the $con_object but how are you calling
the connect method after that?

On Tue, Aug 18, 2015 at 10:28 AM, Richard Reina <gatorreina at gmail.com>
wrote:

> When I use the code below I get:
>
> Odd number of elements in hash assignment at Conxtn.pm line 29.
> I have read about this in perlmonks but still don't get why it's happening
> here because as
> far as I know I am not innitializing my hash with undef.  Can anyone tell
> me how I can correct so that I do not get this warning?
>
> Thanks
>
>
>    use Conxtn;
>
>    my $desired_db = 'user_opps';
>    my $con_object = Conxtn->new(db => $desired_db);
>
>
>
>
>
>
>
> package Conxtn;
>
> use DBI;
> use strict;
> use warnings;
>
>
> #############################
> sub new {
> #############################
>
>     my ( $class, %args ) = @_;
>
>     bless {
>
>     _db_name => $args{'db'},
>     _server => $args{'server'},
>
>     }, $class;
>
> #######################
> } # end of sub new
> ######################
>
> ########################
> sub connect {
> ########################
>
>     my ( $self, %args ) = @_;
>     my $server; # db server
>
>     open MICLAVE, "/home/richard/Dancer2/MyApp/pass" or die "$!";
>     chomp (my ($user, $clave) = <MICLAVE>);
>     close MICLAVE;
>
>     # select a server for a connection
>     unless ( defined($self->{_server}) )  {
>      $server = '127.0.0.1'; ### enter server IP HERE
>     }
>
>     my $dbh =
> DBI->connect("DBI:mysql:database=$self->{_db_name};$server",$user,$clave);
>
>     return $dbh;
>
> ################################
> } # end of sub connect
> ###############################
>
> 1;
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/cb2f5b36/attachment.html>

From gatorreina at gmail.com  Tue Aug 18 09:36:13 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Tue, 18 Aug 2015 11:36:13 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <CACgL-nJ33t_4bw8DRzPSQzCXe_eMidQNrbv2meqPy6fg5ZJ=Wg@mail.gmail.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
	<CACgL-nJ33t_4bw8DRzPSQzCXe_eMidQNrbv2meqPy6fg5ZJ=Wg@mail.gmail.com>
Message-ID: <CAKLxnzbg=LGQh2PvvacydXcmAhy-LcX8-B04SQPYcQePx2a57g@mail.gmail.com>

With:

my $dbh = $con_object->connect($desired_db);


2015-08-18 11:25 GMT-05:00 imran javaid <imranjj at gmail.com>:

> Your example shows how you created the $con_object but how are you calling
> the connect method after that?
>
> On Tue, Aug 18, 2015 at 10:28 AM, Richard Reina <gatorreina at gmail.com>
> wrote:
>
>> When I use the code below I get:
>>
>> Odd number of elements in hash assignment at Conxtn.pm line 29.
>> I have read about this in perlmonks but still don't get why it's
>> happening here because as
>> far as I know I am not innitializing my hash with undef.  Can anyone tell
>> me how I can correct so that I do not get this warning?
>>
>> Thanks
>>
>>
>>    use Conxtn;
>>
>>    my $desired_db = 'user_opps';
>>    my $con_object = Conxtn->new(db => $desired_db);
>>
>>
>>
>>
>>
>>
>>
>> package Conxtn;
>>
>> use DBI;
>> use strict;
>> use warnings;
>>
>>
>> #############################
>> sub new {
>> #############################
>>
>>     my ( $class, %args ) = @_;
>>
>>     bless {
>>
>>     _db_name => $args{'db'},
>>     _server => $args{'server'},
>>
>>     }, $class;
>>
>> #######################
>> } # end of sub new
>> ######################
>>
>> ########################
>> sub connect {
>> ########################
>>
>>     my ( $self, %args ) = @_;
>>     my $server; # db server
>>
>>     open MICLAVE, "/home/richard/Dancer2/MyApp/pass" or die "$!";
>>     chomp (my ($user, $clave) = <MICLAVE>);
>>     close MICLAVE;
>>
>>     # select a server for a connection
>>     unless ( defined($self->{_server}) )  {
>>      $server = '127.0.0.1'; ### enter server IP HERE
>>     }
>>
>>     my $dbh =
>> DBI->connect("DBI:mysql:database=$self->{_db_name};$server",$user,$clave);
>>
>>     return $dbh;
>>
>> ################################
>> } # end of sub connect
>> ###############################
>>
>> 1;
>>
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/ac624f89/attachment.html>

From imranjj at gmail.com  Tue Aug 18 09:45:12 2015
From: imranjj at gmail.com (imran javaid)
Date: Tue, 18 Aug 2015 11:45:12 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <CAKLxnzbg=LGQh2PvvacydXcmAhy-LcX8-B04SQPYcQePx2a57g@mail.gmail.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
	<CACgL-nJ33t_4bw8DRzPSQzCXe_eMidQNrbv2meqPy6fg5ZJ=Wg@mail.gmail.com>
	<CAKLxnzbg=LGQh2PvvacydXcmAhy-LcX8-B04SQPYcQePx2a57g@mail.gmail.com>
Message-ID: <CACgL-n+wk53WDM4qeU7aBQ4_ET4_UNoeZ8Zs3RtpVME2Zy+EMQ@mail.gmail.com>

Call it without any parameters.
For one thing, the code is not doing anything with the %args variable.
Secondly, you already passed $desired_db to the new() method to initialize
the class.

On Tue, Aug 18, 2015 at 11:36 AM, Richard Reina <gatorreina at gmail.com>
wrote:

> With:
>
> my $dbh = $con_object->connect($desired_db);
>
>
> 2015-08-18 11:25 GMT-05:00 imran javaid <imranjj at gmail.com>:
>
>> Your example shows how you created the $con_object but how are you
>> calling the connect method after that?
>>
>> On Tue, Aug 18, 2015 at 10:28 AM, Richard Reina <gatorreina at gmail.com>
>> wrote:
>>
>>> When I use the code below I get:
>>>
>>> Odd number of elements in hash assignment at Conxtn.pm line 29.
>>> I have read about this in perlmonks but still don't get why it's
>>> happening here because as
>>> far as I know I am not innitializing my hash with undef.  Can anyone
>>> tell me how I can correct so that I do not get this warning?
>>>
>>> Thanks
>>>
>>>
>>>    use Conxtn;
>>>
>>>    my $desired_db = 'user_opps';
>>>    my $con_object = Conxtn->new(db => $desired_db);
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> package Conxtn;
>>>
>>> use DBI;
>>> use strict;
>>> use warnings;
>>>
>>>
>>> #############################
>>> sub new {
>>> #############################
>>>
>>>     my ( $class, %args ) = @_;
>>>
>>>     bless {
>>>
>>>     _db_name => $args{'db'},
>>>     _server => $args{'server'},
>>>
>>>     }, $class;
>>>
>>> #######################
>>> } # end of sub new
>>> ######################
>>>
>>> ########################
>>> sub connect {
>>> ########################
>>>
>>>     my ( $self, %args ) = @_;
>>>     my $server; # db server
>>>
>>>     open MICLAVE, "/home/richard/Dancer2/MyApp/pass" or die "$!";
>>>     chomp (my ($user, $clave) = <MICLAVE>);
>>>     close MICLAVE;
>>>
>>>     # select a server for a connection
>>>     unless ( defined($self->{_server}) )  {
>>>      $server = '127.0.0.1'; ### enter server IP HERE
>>>     }
>>>
>>>     my $dbh =
>>> DBI->connect("DBI:mysql:database=$self->{_db_name};$server",$user,$clave);
>>>
>>>     return $dbh;
>>>
>>> ################################
>>> } # end of sub connect
>>> ###############################
>>>
>>> 1;
>>>
>>>
>>> _______________________________________________
>>> Chicago-talk mailing list
>>> Chicago-talk at pm.org
>>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>>
>>
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/a95c396f/attachment-0001.html>

From cjhamil at gmail.com  Tue Aug 18 09:45:46 2015
From: cjhamil at gmail.com (Chris Hamilton)
Date: Tue, 18 Aug 2015 11:45:46 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <CAKLxnzbg=LGQh2PvvacydXcmAhy-LcX8-B04SQPYcQePx2a57g@mail.gmail.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
	<CACgL-nJ33t_4bw8DRzPSQzCXe_eMidQNrbv2meqPy6fg5ZJ=Wg@mail.gmail.com>
	<CAKLxnzbg=LGQh2PvvacydXcmAhy-LcX8-B04SQPYcQePx2a57g@mail.gmail.com>
Message-ID: <CA+H4PxA=GshVv3juv-E5amsW0HrKnu2+QXmSaL3hUu9Q=BiNNg@mail.gmail.com>

> $con_object->connect($desired_db);

You're passing a single scalar but your connect() method is looking for a
hash (i.e. an even-number of elements).

> my ( $self, %args ) = @_;

Furthermore, you don't even seem to be using any of these %args in the
connect method anyway.  Why are you passing the $desired_db string to the
connect method (the object already knows this value)?

-Chris


On Tue, Aug 18, 2015 at 11:36 AM, Richard Reina <gatorreina at gmail.com>
wrote:

> With:
>
> my $dbh = $con_object->connect($desired_db);
>
>
> 2015-08-18 11:25 GMT-05:00 imran javaid <imranjj at gmail.com>:
>
>> Your example shows how you created the $con_object but how are you
>> calling the connect method after that?
>>
>> On Tue, Aug 18, 2015 at 10:28 AM, Richard Reina <gatorreina at gmail.com>
>> wrote:
>>
>>> When I use the code below I get:
>>>
>>> Odd number of elements in hash assignment at Conxtn.pm line 29.
>>> I have read about this in perlmonks but still don't get why it's
>>> happening here because as
>>> far as I know I am not innitializing my hash with undef.  Can anyone
>>> tell me how I can correct so that I do not get this warning?
>>>
>>> Thanks
>>>
>>>
>>>    use Conxtn;
>>>
>>>    my $desired_db = 'user_opps';
>>>    my $con_object = Conxtn->new(db => $desired_db);
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> package Conxtn;
>>>
>>> use DBI;
>>> use strict;
>>> use warnings;
>>>
>>>
>>> #############################
>>> sub new {
>>> #############################
>>>
>>>     my ( $class, %args ) = @_;
>>>
>>>     bless {
>>>
>>>     _db_name => $args{'db'},
>>>     _server => $args{'server'},
>>>
>>>     }, $class;
>>>
>>> #######################
>>> } # end of sub new
>>> ######################
>>>
>>> ########################
>>> sub connect {
>>> ########################
>>>
>>>     my ( $self, %args ) = @_;
>>>     my $server; # db server
>>>
>>>     open MICLAVE, "/home/richard/Dancer2/MyApp/pass" or die "$!";
>>>     chomp (my ($user, $clave) = <MICLAVE>);
>>>     close MICLAVE;
>>>
>>>     # select a server for a connection
>>>     unless ( defined($self->{_server}) )  {
>>>      $server = '127.0.0.1'; ### enter server IP HERE
>>>     }
>>>
>>>     my $dbh =
>>> DBI->connect("DBI:mysql:database=$self->{_db_name};$server",$user,$clave);
>>>
>>>     return $dbh;
>>>
>>> ################################
>>> } # end of sub connect
>>> ###############################
>>>
>>> 1;
>>>
>>>
>>> _______________________________________________
>>> Chicago-talk mailing list
>>> Chicago-talk at pm.org
>>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>>
>>
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150818/1d961f2b/attachment.html>

From gatorreina at gmail.com  Wed Aug 19 08:01:25 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Wed, 19 Aug 2015 10:01:25 -0500
Subject: [Chicago-talk] Odd number of elements in hash assignment
In-Reply-To: <CA+H4PxA=GshVv3juv-E5amsW0HrKnu2+QXmSaL3hUu9Q=BiNNg@mail.gmail.com>
References: <CAKLxnza8EvgVXPJsv2z4cudPCStJ0rhddFOOrY61KyWZUFAO7Q@mail.gmail.com>
	<CACgL-nJ33t_4bw8DRzPSQzCXe_eMidQNrbv2meqPy6fg5ZJ=Wg@mail.gmail.com>
	<CAKLxnzbg=LGQh2PvvacydXcmAhy-LcX8-B04SQPYcQePx2a57g@mail.gmail.com>
	<CA+H4PxA=GshVv3juv-E5amsW0HrKnu2+QXmSaL3hUu9Q=BiNNg@mail.gmail.com>
Message-ID: <CAKLxnzajzfweQVr4tHUEuuuodptWPsv0+ygh-Vz0y7O7j=epkA@mail.gmail.com>

Thank you Chris and Imran for pointing out my redundancy.  Calling it
without the parameter fixed the problem.

Thanks again.

2015-08-18 11:45 GMT-05:00 Chris Hamilton <cjhamil at gmail.com>:

> > $con_object->connect($desired_db);
>
> You're passing a single scalar but your connect() method is looking for a
> hash (i.e. an even-number of elements).
>
> > my ( $self, %args ) = @_;
>
> Furthermore, you don't even seem to be using any of these %args in the
> connect method anyway.  Why are you passing the $desired_db string to the
> connect method (the object already knows this value)?
>
> -Chris
>
>
> On Tue, Aug 18, 2015 at 11:36 AM, Richard Reina <gatorreina at gmail.com>
> wrote:
>
>> With:
>>
>> my $dbh = $con_object->connect($desired_db);
>>
>>
>> 2015-08-18 11:25 GMT-05:00 imran javaid <imranjj at gmail.com>:
>>
>>> Your example shows how you created the $con_object but how are you
>>> calling the connect method after that?
>>>
>>> On Tue, Aug 18, 2015 at 10:28 AM, Richard Reina <gatorreina at gmail.com>
>>> wrote:
>>>
>>>> When I use the code below I get:
>>>>
>>>> Odd number of elements in hash assignment at Conxtn.pm line 29.
>>>> I have read about this in perlmonks but still don't get why it's
>>>> happening here because as
>>>> far as I know I am not innitializing my hash with undef.  Can anyone
>>>> tell me how I can correct so that I do not get this warning?
>>>>
>>>> Thanks
>>>>
>>>>
>>>>    use Conxtn;
>>>>
>>>>    my $desired_db = 'user_opps';
>>>>    my $con_object = Conxtn->new(db => $desired_db);
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> package Conxtn;
>>>>
>>>> use DBI;
>>>> use strict;
>>>> use warnings;
>>>>
>>>>
>>>> #############################
>>>> sub new {
>>>> #############################
>>>>
>>>>     my ( $class, %args ) = @_;
>>>>
>>>>     bless {
>>>>
>>>>     _db_name => $args{'db'},
>>>>     _server => $args{'server'},
>>>>
>>>>     }, $class;
>>>>
>>>> #######################
>>>> } # end of sub new
>>>> ######################
>>>>
>>>> ########################
>>>> sub connect {
>>>> ########################
>>>>
>>>>     my ( $self, %args ) = @_;
>>>>     my $server; # db server
>>>>
>>>>     open MICLAVE, "/home/richard/Dancer2/MyApp/pass" or die "$!";
>>>>     chomp (my ($user, $clave) = <MICLAVE>);
>>>>     close MICLAVE;
>>>>
>>>>     # select a server for a connection
>>>>     unless ( defined($self->{_server}) )  {
>>>>      $server = '127.0.0.1'; ### enter server IP HERE
>>>>     }
>>>>
>>>>     my $dbh =
>>>> DBI->connect("DBI:mysql:database=$self->{_db_name};$server",$user,$clave);
>>>>
>>>>     return $dbh;
>>>>
>>>> ################################
>>>> } # end of sub connect
>>>> ###############################
>>>>
>>>> 1;
>>>>
>>>>
>>>> _______________________________________________
>>>> Chicago-talk mailing list
>>>> Chicago-talk at pm.org
>>>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>>>
>>>
>>>
>>> _______________________________________________
>>> Chicago-talk mailing list
>>> Chicago-talk at pm.org
>>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>>
>>
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150819/a2af6a21/attachment.html>

From richard at rushlogistics.com  Sun Aug 23 15:35:19 2015
From: richard at rushlogistics.com (richard at rushlogistics.com)
Date: Sun, 23 Aug 2015 17:35:19 -0500
Subject: [Chicago-talk] Concactenate results from perl DBI fetchall_hashref
Message-ID: <20150823173519.fqh8qaiqyogwsg4c@hostingemail.xo.com>

I fetch the following rows as follows

? ???? my $q = "SELECT ID, NAME, descrip
??????????????? FROM accomp_type 
??????????????? WHERE repair = ?
??????????????? ORDER BY NAME";
?????? my $sth = $dbh->prepare($q);
?????? $sth->execute($rep_id);
?????? my $accomp_ref = $sth->fetchall_hashref('ID'); 
???? 
?????? I would like to combine NAME and descrip into NAME so that in my page when
?????? I do:
???????????????? <label><input type="checkbox" value="<% Accomp.$ID.ID %>"><% Accomps.$ID.NAME %></label>

Name and description will appear instead of the name only. Can anyone tell me how I can accomplish this?

Thanks for any help. 
?

From imranjj at gmail.com  Mon Aug 24 09:26:31 2015
From: imranjj at gmail.com (imran javaid)
Date: Mon, 24 Aug 2015 11:26:31 -0500
Subject: [Chicago-talk] Concactenate results from perl DBI
	fetchall_hashref
In-Reply-To: <20150823173519.fqh8qaiqyogwsg4c@hostingemail.xo.com>
References: <20150823173519.fqh8qaiqyogwsg4c@hostingemail.xo.com>
Message-ID: <CACgL-n+8oC-gp0xpBmSyiYe=79YG_H4wvnVUvZwQSr2zwcM96Q@mail.gmail.com>

There is more than one way to skin this cat.

Did you try this?
<label><input type="checkbox" value="<% Accomp.$ID.ID <http://id.id/> %>"><%
Accomps.$ID.NAME <http://id.name/> %><% Accomps.$ID. <http://id.name/>
descrip %></label>

or you could change query:
my $q = "SELECT ID, NAME, descrip, NAME || descrip as COMBINED
                FROM accomp_type
                WHERE repair = ?
                ORDER BY NAME";
and refer to it as:
<label><input type="checkbox" value="<% Accomp.$ID.ID <http://id.id/> %>"><%
Accomps.$ID. <http://id.name/>COMBINED %></label>

Note that in either case, there is no space between NAME and descrip. You
can add that if you want.

-imran

On Sun, Aug 23, 2015 at 5:35 PM, <richard at rushlogistics.com> wrote:

> I fetch the following rows as follows
>
>        my $q = "SELECT ID, NAME, descrip
>                 FROM accomp_type
>                 WHERE repair = ?
>                 ORDER BY NAME";
>        my $sth = $dbh->prepare($q);
>        $sth->execute($rep_id);
>        my $accomp_ref = $sth->fetchall_hashref('ID');
>
>        I would like to combine NAME and descrip into NAME so that in my
> page when
>        I do:
>                  <label><input type="checkbox" value="<% Accomp.$ID.ID
> %>"><% Accomps.$ID.NAME %></label>
>
> Name and description will appear instead of the name only. Can anyone tell
> me how I can accomplish this?
>
> Thanks for any help.
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150824/1854367d/attachment.html>

From gatorreina at gmail.com  Wed Aug 26 05:22:42 2015
From: gatorreina at gmail.com (Richard Reina)
Date: Wed, 26 Aug 2015 07:22:42 -0500
Subject: [Chicago-talk] Concactenate results from perl DBI
	fetchall_hashref
In-Reply-To: <CACgL-n+8oC-gp0xpBmSyiYe=79YG_H4wvnVUvZwQSr2zwcM96Q@mail.gmail.com>
References: <20150823173519.fqh8qaiqyogwsg4c@hostingemail.xo.com>
	<CACgL-n+8oC-gp0xpBmSyiYe=79YG_H4wvnVUvZwQSr2zwcM96Q@mail.gmail.com>
Message-ID: <CAKLxnzYnHgjYyp9Tac=kPv-nG7GuhQXXJbk=+FViM00A6-eXiw@mail.gmail.com>

Imran,

Thank you very much for your reply.  Your first solution worked perfectly.

Thanks again.

2015-08-24 11:26 GMT-05:00 imran javaid <imranjj at gmail.com>:

> There is more than one way to skin this cat.
>
> Did you try this?
> <label><input type="checkbox" value="<% Accomp.$ID.ID <http://id.id/> %>"><%
> Accomps.$ID.NAME <http://id.name/> %><% Accomps.$ID. <http://id.name/>
> descrip %></label>
>
> or you could change query:
> my $q = "SELECT ID, NAME, descrip, NAME || descrip as COMBINED
>                 FROM accomp_type
>                 WHERE repair = ?
>                 ORDER BY NAME";
> and refer to it as:
> <label><input type="checkbox" value="<% Accomp.$ID.ID <http://id.id/> %>"><%
> Accomps.$ID. <http://id.name/>COMBINED %></label>
>
> Note that in either case, there is no space between NAME and descrip. You
> can add that if you want.
>
> -imran
>
> On Sun, Aug 23, 2015 at 5:35 PM, <richard at rushlogistics.com> wrote:
>
>> I fetch the following rows as follows
>>
>>        my $q = "SELECT ID, NAME, descrip
>>                 FROM accomp_type
>>                 WHERE repair = ?
>>                 ORDER BY NAME";
>>        my $sth = $dbh->prepare($q);
>>        $sth->execute($rep_id);
>>        my $accomp_ref = $sth->fetchall_hashref('ID');
>>
>>        I would like to combine NAME and descrip into NAME so that in my
>> page when
>>        I do:
>>                  <label><input type="checkbox" value="<% Accomp.$ID.ID
>> %>"><% Accomps.$ID.NAME %></label>
>>
>> Name and description will appear instead of the name only. Can anyone
>> tell me how I can accomplish this?
>>
>> Thanks for any help.
>>
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
>
>
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150826/e5e6b8b4/attachment.html>

From chicago.pm at iijo.org  Fri Aug 28 12:19:18 2015
From: chicago.pm at iijo.org (Eric Johnson (kablamo))
Date: Fri, 28 Aug 2015 19:19:18 +0000
Subject: [Chicago-talk] DuckDuckGo Quack and Hack
Message-ID: <CAJgSyF2LGWRedqB65M+gCqnMZ1KgR5C44dnsBi6aguj-PNHF-w@mail.gmail.com>

Hey everyone!

DuckDuckGo is hosting a global open source event this Saturday, August 29th
<https://duck.co/blog/post/196/the-first-global-quack-hack>.  You are all
invited.  DuckDuckGo runs entirely on Perl and major portions of it are
open source.  The theme of the event is to improve results for developer
related searches with new or improved Instant Answers.   Here are examples
of some Instant Answers:

Perl Docs:  <https://duckduckgo.com/?q=python%20pandas>
https://duckduckgo.com/?q=perl+split&ia=about
CPAN Modules: https://duckduckgo.com/?q=Dist%3A%3AZilla+cpan&ia=software
Regex Help: https://duckduckgo.com/?q=regex+help&ia=cheatsheet
Cron Parsing: https://duckduckgo.com/?q=crontab+*+*%2F3+*+*+*&ia=answer

The event is happening virtually via Slack chat rooms (and via meetup groups
<http://www.meetup.com/pro/duckduckgo/>).  If you're interested in
contributing or creating your own Instant Answer, email
QuackSlack at duckduckgo.com
<QuackSlack at duckduckgo.com?subject=Plz%20Add%20Me%20To%20Slack> to get
access to Slack where you can chat with DuckDuckGo employees and others,
get your questions answered, and collaborate.

Thanks,
Eric (@kablamo)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150828/4b7ee7d6/attachment.html>

From joel.a.berger at gmail.com  Fri Aug 28 12:27:24 2015
From: joel.a.berger at gmail.com (Joel Berger)
Date: Fri, 28 Aug 2015 19:27:24 +0000
Subject: [Chicago-talk] DuckDuckGo Quack and Hack
In-Reply-To: <CAJgSyF2LGWRedqB65M+gCqnMZ1KgR5C44dnsBi6aguj-PNHF-w@mail.gmail.com>
References: <CAJgSyF2LGWRedqB65M+gCqnMZ1KgR5C44dnsBi6aguj-PNHF-w@mail.gmail.com>
Message-ID: <CAAMA-9NYH37DVBpJ48RPrrjtMjdtw2Owf1G2GMCwCONU8ZEaug@mail.gmail.com>

Hi Eric,

I'd be a lot more interested in attending if there was physical presence.
Any chance I could talk you into meeting at a bar with wifi?

Joel

On Fri, Aug 28, 2015 at 2:19 PM Eric Johnson (kablamo) <chicago.pm at iijo.org>
wrote:

> Hey everyone!
>
> DuckDuckGo is hosting a global open source event this Saturday, August
> 29th <https://duck.co/blog/post/196/the-first-global-quack-hack>.  You
> are all invited.  DuckDuckGo runs entirely on Perl and major portions of
> it are open source.  The theme of the event is to improve results for
> developer related searches with new or improved Instant Answers.   Here are
> examples of some Instant Answers:
>
> Perl Docs:  <https://duckduckgo.com/?q=python%20pandas>
> https://duckduckgo.com/?q=perl+split&ia=about
> CPAN Modules: https://duckduckgo.com/?q=Dist%3A%3AZilla+cpan&ia=software
> Regex Help: https://duckduckgo.com/?q=regex+help&ia=cheatsheet
> Cron Parsing: https://duckduckgo.com/?q=crontab+*+*%2F3+*+*+*&ia=answer
>
> The event is happening virtually via Slack chat rooms (and via meetup
> groups <http://www.meetup.com/pro/duckduckgo/>).  If you're interested in
> contributing or creating your own Instant Answer, email
> QuackSlack at duckduckgo.com
> <QuackSlack at duckduckgo.com?subject=Plz%20Add%20Me%20To%20Slack> to get
> access to Slack where you can chat with DuckDuckGo employees and others,
> get your questions answered, and collaborate.
>
> Thanks,
> Eric (@kablamo)
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150828/cf32f992/attachment.html>

From richard at rushlogistics.com  Fri Aug 28 12:33:06 2015
From: richard at rushlogistics.com (Richard Reina)
Date: Fri, 28 Aug 2015 14:33:06 -0500
Subject: [Chicago-talk] DuckDuckGo Quack and Hack
In-Reply-To: <CAAMA-9NYH37DVBpJ48RPrrjtMjdtw2Owf1G2GMCwCONU8ZEaug@mail.gmail.com>
References: <CAJgSyF2LGWRedqB65M+gCqnMZ1KgR5C44dnsBi6aguj-PNHF-w@mail.gmail.com>
	<CAAMA-9NYH37DVBpJ48RPrrjtMjdtw2Owf1G2GMCwCONU8ZEaug@mail.gmail.com>
Message-ID: <210A3C10-8CBE-410D-A2A2-E2C1F5E879F6@rushlogistics.com>

If it were a bar on the near Northside please let me know as I would try to attend. 



> El ago 28, 2015, a las 2:27 PM, Joel Berger <joel.a.berger at gmail.com> escribi?:
> 
> Hi Eric,
> 
> I'd be a lot more interested in attending if there was physical presence. Any chance I could talk you into meeting at a bar with wifi?
> 
> Joel
> 
>> On Fri, Aug 28, 2015 at 2:19 PM Eric Johnson (kablamo) <chicago.pm at iijo.org> wrote:
>> Hey everyone!
>> 
>> DuckDuckGo is hosting a global open source event this Saturday, August 29th.  You are all invited.  DuckDuckGo runs entirely on Perl and major portions of it are open source.  The theme of the event is to improve results for developer related searches with new or improved Instant Answers.   Here are examples of some Instant Answers:
>> 
>> Perl Docs: https://duckduckgo.com/?q=perl+split&ia=about  
>> CPAN Modules: https://duckduckgo.com/?q=Dist%3A%3AZilla+cpan&ia=software
>> Regex Help: https://duckduckgo.com/?q=regex+help&ia=cheatsheet
>> Cron Parsing: https://duckduckgo.com/?q=crontab+*+*%2F3+*+*+*&ia=answer 
>> 
>> The event is happening virtually via Slack chat rooms (and via meetup groups).  If you're interested in contributing or creating your own Instant Answer, email QuackSlack at duckduckgo.com to get access to Slack where you can chat with DuckDuckGo employees and others, get your questions answered, and collaborate.
>>  
>> Thanks,
>> Eric (@kablamo)
>> _______________________________________________
>> Chicago-talk mailing list
>> Chicago-talk at pm.org
>> http://mail.pm.org/mailman/listinfo/chicago-talk
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150828/cfc80c5d/attachment-0001.html>

From JJacobus at PonyX.com  Mon Aug 31 10:43:19 2015
From: JJacobus at PonyX.com (Jim Jacobus)
Date: Mon, 31 Aug 2015 12:43:19 -0500
Subject: [Chicago-talk] Converting HEX to ASCII
Message-ID: <20150831180112.9B63511DDC1@xx1.develooper.com>


I feel dumb for asking, but is there a quick way to convert:
<code>

%#x3cIMG 
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40; 
&#39;&#88;&#83;&#83;&#39;&#41;%#x3e

</code>
to
<code>

<IMG SRC=javascript:alert( 'XSS')>

</code>
I thought there would be a cpan module for this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150831/41b5eb8f/attachment.html>

From Andy_Bach at wiwb.uscourts.gov  Mon Aug 31 11:19:35 2015
From: Andy_Bach at wiwb.uscourts.gov (Andy_Bach at wiwb.uscourts.gov)
Date: Mon, 31 Aug 2015 13:19:35 -0500
Subject: [Chicago-talk] Converting HEX to ASCII
In-Reply-To: <20150831180112.9B63511DDC1@xx1.develooper.com>
References: <20150831180112.9B63511DDC1@xx1.develooper.com>
Message-ID: <OFD7959A4A.16E9B5AC-ON88257EB2.00648918-86257EB2.0064AAD4@uscmail.uscourts.gov>

Hmm, not really all hex so (via perldoc -q decode):
$ echo '%#x3cIMG 
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40; 
&#39;&#88;&#83;&#83;&#39;&#41;%#x3e
' | perl -pe 's/&#([[:xdigit:]]+);/chr $1/eg'
%#x3cIMG SRC=javascript:alert( 'XSS')%#x3e

if it were actually hex and not decimal ascii you'd add a call to "hex" in 
there:
' | perl -pe 's/&#([[:xdigit:]]+);/chr hex $1/eg'

a
----------------------
Andy Bach
Systems Mangler
Internet: andy_bach at wiwb.uscourts.gov
Voice: (608) 261-5738, Cell: (608) 658-1890

?That which can be asserted without evidence, can be dismissed without 
evidence.?
? Christopher Hitchens

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150831/88ae0776/attachment.html>

From madcityzen at gmail.com  Mon Aug 31 11:28:28 2015
From: madcityzen at gmail.com (Doug Bell)
Date: Mon, 31 Aug 2015 13:28:28 -0500
Subject: [Chicago-talk] Converting HEX to ASCII
In-Reply-To: <20150831180112.9B63511DDC1@xx1.develooper.com>
References: <20150831180112.9B63511DDC1@xx1.develooper.com>
Message-ID: <2945053450084165541@unknownmsgid>

Those are HTML entities (the &...; bits), so the HTML::Entities module
(part of the HTML::Parser distribution) will do it for you

Doug Bell
madcityzen at gmail.com

On Aug 31, 2015, at 1:01 PM, Jim Jacobus <JJacobus at ponyx.com> wrote:


I feel dumb for asking, but is there a quick way to convert:
<code>

%#x3cIMG
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;%#x3e

</code>
to
<code>

<IMG SRC=javascript:alert( 'XSS')>

</code>
I thought there would be a cpan module for this.

_______________________________________________
Chicago-talk mailing list
Chicago-talk at pm.org
http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150831/5b605e1f/attachment.html>

From JJacobus at PonyX.com  Mon Aug 31 12:44:49 2015
From: JJacobus at PonyX.com (Jim Jacobus)
Date: Mon, 31 Aug 2015 14:44:49 -0500
Subject: [Chicago-talk] Converting HEX to ASCII
In-Reply-To: <2945053450084165541@unknownmsgid>
References: <20150831180112.9B63511DDC1@xx1.develooper.com>
	<2945053450084165541@unknownmsgid>
Message-ID: <20150831194455.C1DD9120A90@xx1.develooper.com>


Thanks. HTML::Entities is what I needed. I didn't frame the question 
correctly or use the correct terminology.
I'm working on code to thwart Cross Site Scripting (XSS) into forms 
and I'm finding there are a lot of ways to inject malicious code. 
Perl is really the best way to deal with it.



At 01:28 PM 8/31/2015, Doug Bell wrote:

>Those are HTML entities (the &...; bits), so the HTML::Entities 
>module (part of the HTML::Parser distribution) will do it for you
>
>Doug Bell
><mailto:madcityzen at gmail.com>madcityzen at gmail.com
>
>On Aug 31, 2015, at 1:01 PM, Jim Jacobus 
><<mailto:JJacobus at ponyx.com>JJacobus at ponyx.com> wrote:
>
>>
>>I feel dumb for asking, but is there a quick way to convert:
>><code>
>>
>>%#x3cIMG 
>>SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40; 
>>&#39;&#88;&#83;&#83;&#39;&#41;%#x3e
>>
>></code>
>>to
>><code>
>>
>><IMG SRC=javascript:alert( 'XSS')>
>>
>></code>
>>I thought there would be a cpan module for this.
>>_______________________________________________
>>Chicago-talk mailing list
>><mailto:Chicago-talk at pm.org>Chicago-talk at pm.org
>>http://mail.pm.org/mailman/listinfo/chicago-talk
>_______________________________________________
>Chicago-talk mailing list
>Chicago-talk at pm.org
>http://mail.pm.org/mailman/listinfo/chicago-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150831/1b1310fa/attachment.html>