From toby.corkindale at strategicdata.com.au Wed May 6 16:46:30 2015 From: toby.corkindale at strategicdata.com.au (Toby Corkindale) Date: Thu, 7 May 2015 09:46:30 +1000 (EST) Subject: [Melbourne-pm] Mozilla::CA In-Reply-To: References: <915721193.741093.1428390109637.JavaMail.zimbra@strategicdata.com.au> <91354495.741406.1428392660139.JavaMail.zimbra@strategicdata.com.au> <173448464.754145.1428452477345.JavaMail.zimbra@strategicdata.com.au> Message-ID: <354530741.44805.1430955990605.JavaMail.zimbra@strategicdata.com.au> Thanks for that link, Kal. The RHEL solution (re-adding the 1024-bit certs) was discussed on the CPAN Mozilla::CA package, but the maintainer and others are *not* re-adding the certs, sadly. So we can look forward to another couple of years of constant CPAN test failures until distros with newer openssl/libressl/gnutls arrive :/ T ----- Original Message ----- > From: "Kahlil Hodgson" > To: "Toby Corkindale" > Sent: Thursday, 7 May, 2015 9:34:39 AM > Subject: Re: [Melbourne-pm] Mozilla::CA > > Hi Toby, > > Belated thanks for the info;-) > > Discovered the following link to RedHat's response to this issue > https://access.redhat.com/articles/1413643 which you may find > interesting. > > Cheers, > > Kal > > On 8 April 2015 at 10:21, Toby Corkindale > wrote: > > Hi Kahlil, > > There's some discussion in here: https://github.com/gisle/mozilla-ca/pull/5 > > > > The issue is that it has removed some CAs that were still using 1024-bit > > RSA, rather than stronger levels. > > The actual Mozilla browser has the ability to still get around this some > > how, but not so much in libssl < 1.0.2. > > > > It does sound like some of these websites really should upgrade their own > > certs, as the ultimate proper fix, but unfortunately in the meantime a lot > > of things are breaking :( > > > > Toby > > > > ----- Original Message ----- > >> From: "Kahlil Hodgson" > >> To: "Toby Corkindale" > >> Sent: Wednesday, 8 April, 2015 8:27:34 AM > >> Subject: Re: [Melbourne-pm] Mozilla::CA > >> > >> Thanks for the heads up Toby. > >> > >> Any idea why the CAs were removed? Was this because of SHA1 issues? > >> If this is a legitimate removal, should we be trusting services that > >> still use them? > >> > >> On 7 April 2015 at 17:44, Toby Corkindale > >> wrote: > >> > And updated to say.. apparently it's kind of a bug or missing feature in > >> > OpenSSL that causes the failures once these certs went away; but if > >> > you're > >> > running the latest, greatest version of openssl[1] then you can pass a > >> > flag to it to get it to work[2]. > >> > >> So its not a problem with Mozilla::CA? Do you have any links to the > >> openssl bug/feature/options you are referring to? > >> > >> > 1: But you won't be running it; even ubuntu 15.04 is still shipping > >> > 1.0.1 > >> > 2: But you won't be, because this will be something in IO::Socket::SSL > >> > or > >> > similar and out of your control > >> > >> Might be lucky and have a distro that backports the option to > >> openssl-1.0.1 or patches IO::Socket::SSL From melbourne-pm at popcorn.cx Sat May 9 04:45:44 2015 From: melbourne-pm at popcorn.cx (Stephen Edmonds) Date: Sat, 9 May 2015 21:45:44 +1000 Subject: [Melbourne-pm] May meeting Message-ID: Do we have any interest in a meeting on Wednesday the 13th? Suggestions welcome :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From dean at fragfest.com.au Sat May 9 04:51:27 2015 From: dean at fragfest.com.au (Dean Hamstead) Date: Sat, 09 May 2015 21:51:27 +1000 Subject: [Melbourne-pm] May meeting In-Reply-To: References: Message-ID: <554DF4BF.4090901@fragfest.com.au> fastmail is melbourne based and a perl-friendly company. perhaps someone from there is lurking on this list? On 09/05/15 21:45, Stephen Edmonds wrote: > Do we have any interest in a meeting on Wednesday the 13th? > Suggestions welcome :) > > > _______________________________________________ > Melbourne-pm mailing list > Melbourne-pm at pm.org > http://mail.pm.org/mailman/listinfo/melbourne-pm -------------- next part -------------- An HTML attachment was scrubbed... URL: From brong at fastmail.fm Sat May 9 04:57:53 2015 From: brong at fastmail.fm (Bron Gondwana) Date: Sat, 09 May 2015 13:57:53 +0200 Subject: [Melbourne-pm] May meeting In-Reply-To: <554DF4BF.4090901@fragfest.com.au> References: <554DF4BF.4090901@fragfest.com.au> Message-ID: <1431172673.1909575.264797325.6890F8C2@webmail.messagingengine.com> Unlikely, those FastMail people are a standoffish bunch. On Sat, May 9, 2015, at 01:51 PM, Dean Hamstead wrote: > fastmail is melbourne based and a perl-friendly company. > > perhaps someone from there is lurking on this list? > > > > On 09/05/15 21:45, Stephen Edmonds wrote: >> Do we have any interest in a meeting on Wednesday the 13th? Suggestions welcome :) >> >> >> _______________________________________________ Melbourne-pm mailing list >> Melbourne-pm at pm.org http://mail.pm.org/mailman/listinfo/melbourne-pm > > _________________________________________________ > Melbourne-pm mailing list Melbourne-pm at pm.org > http://mail.pm.org/mailman/listinfo/melbourne-pm -- Bron Gondwana brong at fastmail.fm -------------- next part -------------- An HTML attachment was scrubbed... URL: From ddick at iinet.net.au Sat May 9 14:30:43 2015 From: ddick at iinet.net.au (David Dick) Date: Sun, 10 May 2015 07:30:43 +1000 Subject: [Melbourne-pm] May meeting In-Reply-To: References: Message-ID: <554E7C83.5060205@iinet.net.au> On 05/09/2015 09:45 PM, Stephen Edmonds wrote: > Do we have any interest in a meeting on Wednesday the 13th? Suggestions > welcome :) Meeting sounds good! Mitre would be my suggestion, but happy with any alternative. Dave From brong at fastmail.fm Sat May 9 23:20:22 2015 From: brong at fastmail.fm (Bron Gondwana) Date: Sun, 10 May 2015 08:20:22 +0200 Subject: [Melbourne-pm] May meeting In-Reply-To: References: <554DF4BF.4090901@fragfest.com.au> <1431172673.1909575.264797325.6890F8C2@webmail.messagingengine.com> Message-ID: <1431238822.708743.264996201.42587603@webmail.messagingengine.com> Seriously though... I think we can organise something at FastMail. Let me talk to everyone on Monday. I have to negotiate taking yet ANOTHER evening away from home after being overseas on a junket^Wconference all last week. I don't know that we have any recent talks about perl specifically, but I have a bunch of talks of varying quality that I could recycle... Bron. On Sat, May 9, 2015, at 04:25 PM, Tim Connors wrote: > > That's not very friendly Bron. Perhaps you could dob one of your workers > in to give a talk - have any of them been sent on any overseas > junkets^Wconferences recently and given a talk on use of perl within > fastmail? > > Or who's played with perl6? > > > > On Sat, 9 May 2015, Bron Gondwana wrote: > > > Unlikely, those FastMail people are a standoffish bunch. > > > > On Sat, May 9, 2015, at 01:51 PM, Dean Hamstead wrote: > > > fastmail is melbourne based and a perl-friendly company. > > > > > > > > perhaps someone from there is lurking on this list? > > > > > > > > > > > > On 09/05/15 21:45, Stephen Edmonds > > wrote: > > >> Do we have any interest in a meeting on Wednesday > > the 13th? Suggestions welcome :) > > >> > > >> > > >> _______________________________________________ > > Melbourne-pm mailing list > > >> Melbourne-pm at pm.org http://mail.pm.org/mailman/listinfo/melbourne-pm > > > > > > _________________________________________________ > > > Melbourne-pm mailing list Melbourne-pm at pm.org > > > http://mail.pm.org/mailman/listinfo/melbourne-pm > > > > -- > > Bron Gondwana brong at fastmail.fm > > > > > > > > -- > Tim Connors -- Bron Gondwana brong at fastmail.fm From rob at eatenbyagrue.org Sat May 9 23:39:13 2015 From: rob at eatenbyagrue.org (Robert Norris) Date: Sun, 10 May 2015 16:39:13 +1000 Subject: [Melbourne-pm] May meeting In-Reply-To: <1431238822.708743.264996201.42587603@webmail.messagingengine.com> References: <554DF4BF.4090901@fragfest.com.au> <1431172673.1909575.264797325.6890F8C2@webmail.messagingengine.com> <1431238822.708743.264996201.42587603@webmail.messagingengine.com> Message-ID: <6752DB15-C830-4DD5-B245-F228DC700C27@eatenbyagrue.org> I could do a talk about our image proxy[1]. It'd be a new talk; I've written a bit about it on my blog but haven't talked about it. There's various angles I could come at it from: the actual purpose and need, a pure-PSGI app, streaming PSGI, Starlet and Furl for high performance, SSRF protection, the inadequacy of Mozilla::CA, and deployment via Carton and Docker. Just let me know which bits you're interested in :) 1. https://github.com/robn/hopscotch -- thumb typing, tap tap tap On 10 May 2015 4:20:22 pm AEST, Bron Gondwana wrote: >Seriously though... > >I think we can organise something at FastMail. Let me talk to everyone >on Monday. I have to negotiate taking yet ANOTHER evening away from >home after being overseas on a junket^Wconference all last week. > >I don't know that we have any recent talks about perl specifically, but >I have a bunch of talks of varying quality that I could recycle... > >Bron. > >On Sat, May 9, 2015, at 04:25 PM, Tim Connors wrote: >> >> That's not very friendly Bron. Perhaps you could dob one of your >workers >> in to give a talk - have any of them been sent on any overseas >> junkets^Wconferences recently and given a talk on use of perl within >> fastmail? >> >> Or who's played with perl6? >> >> >> >> On Sat, 9 May 2015, Bron Gondwana wrote: >> >> > Unlikely, those FastMail people are a standoffish bunch. >> > >> > On Sat, May 9, 2015, at 01:51 PM, Dean Hamstead wrote: >> > > fastmail is melbourne based and a perl-friendly company. >> > > >> > > >> > perhaps someone from there is lurking on this list? >> > > >> > > >> > > >> > > On 09/05/15 21:45, Stephen Edmonds >> > wrote: >> > >> Do we have any interest in a meeting on Wednesday >> > the 13th? Suggestions welcome :) >> > >> >> > >> >> > >> _______________________________________________ >> > Melbourne-pm mailing list >> > >> Melbourne-pm at pm.org >http://mail.pm.org/mailman/listinfo/melbourne-pm >> > > >> > > _________________________________________________ >> > > Melbourne-pm mailing list Melbourne-pm at pm.org >> > > http://mail.pm.org/mailman/listinfo/melbourne-pm >> > >> > -- >> > Bron Gondwana brong at fastmail.fm >> > >> > >> > >> >> -- >> Tim Connors > > >-- > Bron Gondwana > brong at fastmail.fm >_______________________________________________ >Melbourne-pm mailing list >Melbourne-pm at pm.org >http://mail.pm.org/mailman/listinfo/melbourne-pm -------------- next part -------------- An HTML attachment was scrubbed... URL: From jkaye29 at gmail.com Sun May 10 05:45:04 2015 From: jkaye29 at gmail.com (John Kaye) Date: Sun, 10 May 2015 22:45:04 +1000 Subject: [Melbourne-pm] May meeting In-Reply-To: References: Message-ID: Thanks for stirring up interest in another Perl Mongers meeting, Stephen. Unfortunately, I can't come this Wednesday evening. Cheers, John Kaye On Sat, May 9, 2015 at 9:45 PM, Stephen Edmonds wrote: > Do we have any interest in a meeting on Wednesday the 13th? Suggestions > welcome :) > > _______________________________________________ > Melbourne-pm mailing list > Melbourne-pm at pm.org > http://mail.pm.org/mailman/listinfo/melbourne-pm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From toby.corkindale at strategicdata.com.au Mon May 11 00:01:58 2015 From: toby.corkindale at strategicdata.com.au (Toby Corkindale) Date: Mon, 11 May 2015 17:01:58 +1000 (EST) Subject: [Melbourne-pm] May meeting In-Reply-To: <6752DB15-C830-4DD5-B245-F228DC700C27@eatenbyagrue.org> References: <554DF4BF.4090901@fragfest.com.au> <1431172673.1909575.264797325.6890F8C2@webmail.messagingengine.com> <1431238822.708743.264996201.42587603@webmail.messagingengine.com> <6752DB15-C830-4DD5-B245-F228DC700C27@eatenbyagrue.org> Message-ID: <1006335270.22026.1431327718697.JavaMail.zimbra@strategicdata.com.au> ----- Original Message ----- > There's various angles I could come at it from: the actual purpose and need, > a pure-PSGI app, streaming PSGI, Starlet and Furl for high performance, SSRF > protection, the inadequacy of Mozilla::CA, and deployment via Carton and > Docker. Speaking of which.. Has anyone forked Mozilla::CA and IO::Socket::SSL yet? I think t0m was suggesting it, but haven't heard anything further about it actually happening. From rob at eatenbyagrue.org Mon May 11 00:09:54 2015 From: rob at eatenbyagrue.org (Robert Norris) Date: Mon, 11 May 2015 17:09:54 +1000 Subject: [Melbourne-pm] May meeting In-Reply-To: <1006335270.22026.1431327718697.JavaMail.zimbra@strategicdata.com.au> References: <554DF4BF.4090901@fragfest.com.au> <1431172673.1909575.264797325.6890F8C2@webmail.messagingengine.com> <1431238822.708743.264996201.42587603@webmail.messagingengine.com> <6752DB15-C830-4DD5-B245-F228DC700C27@eatenbyagrue.org> <1006335270.22026.1431327718697.JavaMail.zimbra@strategicdata.com.au> Message-ID: <1431328194.387892.265328297.5183AFAE@webmail.messagingengine.com> On Mon, May 11, 2015, at 05:01 PM, Toby Corkindale wrote: > Speaking of which.. Has anyone forked Mozilla::CA and IO::Socket::SSL > yet? I think t0m was suggesting it, but haven't heard anything further > about it actually happening. Since lots of stuff is already using Mozilla::CA, my thought was to patch Mozilla::CA to use the platform-provided certificate store (eg /etc/ssl/certs) if available, and fall back to the bundled one. It would mean the name is now wrong, but that happens sometimes. I imagine that getting such a patch included could be a bit of an uphill battle though, which is why I haven't made any effort yet. Rob N. From kahlil.hodgson at dealmax.com.au Mon May 11 16:32:54 2015 From: kahlil.hodgson at dealmax.com.au (Kahlil Hodgson) Date: Tue, 12 May 2015 09:32:54 +1000 Subject: [Melbourne-pm] May meeting In-Reply-To: <1431328194.387892.265328297.5183AFAE@webmail.messagingengine.com> References: <554DF4BF.4090901@fragfest.com.au> <1431172673.1909575.264797325.6890F8C2@webmail.messagingengine.com> <1431238822.708743.264996201.42587603@webmail.messagingengine.com> <6752DB15-C830-4DD5-B245-F228DC700C27@eatenbyagrue.org> <1006335270.22026.1431327718697.JavaMail.zimbra@strategicdata.com.au> <1431328194.387892.265328297.5183AFAE@webmail.messagingengine.com> Message-ID: On 11 May 2015 at 17:09, Robert Norris wrote: > Since lots of stuff is already using Mozilla::CA, my thought was to > patch Mozilla::CA to use the platform-provided certificate store (eg > /etc/ssl/certs) if available, and fall back to the bundled one. It would > mean the name is now wrong, but that happens sometimes. > > I imagine that getting such a patch included could be a bit of an uphill > battle though, which is why I haven't made any effort yet. > ?Nice idea. If this rule did not apply by default, but was tied to, say, an environment variable?, it might be more palatable. ?Kal? -------------- next part -------------- An HTML attachment was scrubbed... URL: From brong at fastmail.fm Tue May 12 03:21:28 2015 From: brong at fastmail.fm (Bron Gondwana) Date: Tue, 12 May 2015 12:21:28 +0200 Subject: [Melbourne-pm] May meeting In-Reply-To: <1431238822.708743.264996201.42587603@webmail.messagingengine.com> References: <554DF4BF.4090901@fragfest.com.au> <1431172673.1909575.264797325.6890F8C2@webmail.messagingengine.com> <1431238822.708743.264996201.42587603@webmail.messagingengine.com> Message-ID: <1431426088.3375280.266505425.1AEE1084@webmail.messagingengine.com> Due to sick family on my part, I'm not going to be coming to anything tomorrow night. I don't think FastMail is going to have anyone else who can make it either, so I guess it's the Mitre! Let's do another one at FastMail though, just with a bit more notice and a bit fewer sick people at home... Bron. On Sun, May 10, 2015, at 08:20 AM, Bron Gondwana wrote: > Seriously though... > > I think we can organise something at FastMail. Let me talk to everyone on Monday. I have to negotiate taking yet ANOTHER evening away from home after being overseas on a junket^Wconference all last week. > > I don't know that we have any recent talks about perl specifically, but I have a bunch of talks of varying quality that I could recycle... > > Bron. > > On Sat, May 9, 2015, at 04:25 PM, Tim Connors wrote: > > > > That's not very friendly Bron. Perhaps you could dob one of your workers > > in to give a talk - have any of them been sent on any overseas > > junkets^Wconferences recently and given a talk on use of perl within > > fastmail? > > > > Or who's played with perl6? > > > > > > > > On Sat, 9 May 2015, Bron Gondwana wrote: > > > > > Unlikely, those FastMail people are a standoffish bunch. > > > > > > On Sat, May 9, 2015, at 01:51 PM, Dean Hamstead wrote: > > > > fastmail is melbourne based and a perl-friendly company. > > > > > > > > > > > perhaps someone from there is lurking on this list? > > > > > > > > > > > > > > > > On 09/05/15 21:45, Stephen Edmonds > > > wrote: > > > >> Do we have any interest in a meeting on Wednesday > > > the 13th? Suggestions welcome :) > > > >> > > > >> > > > >> _______________________________________________ > > > Melbourne-pm mailing list > > > >> Melbourne-pm at pm.org http://mail.pm.org/mailman/listinfo/melbourne-pm > > > > > > > > _________________________________________________ > > > > Melbourne-pm mailing list Melbourne-pm at pm.org > > > > http://mail.pm.org/mailman/listinfo/melbourne-pm > > > > > > -- > > > Bron Gondwana brong at fastmail.fm > > > > > > > > > > > > > -- > > Tim Connors > > > -- > Bron Gondwana > brong at fastmail.fm > _______________________________________________ > Melbourne-pm mailing list > Melbourne-pm at pm.org > http://mail.pm.org/mailman/listinfo/melbourne-pm -- Bron Gondwana brong at fastmail.fm From kahlil.hodgson at dealmax.com.au Sun May 31 15:44:41 2015 From: kahlil.hodgson at dealmax.com.au (Kahlil Hodgson) Date: Mon, 1 Jun 2015 08:44:41 +1000 Subject: [Melbourne-pm] Dancing around the event horizon Message-ID: ?Its been a sad few days.? ?For the ? ?passed ? 7 years ?, ? DealMax ?has been? a ? proud Perl shop ?. We've written a lot of code over that time. I'm quite proud of what we managed to acheive with so little resoruces and constantly changing requirements.? I largely attribute our ability to weather various storms to having a fast, lean and expressive language at our core. I have fought valiantly to keep it, but sadly, it is not to be: ? ?It ? has now become a condition of funding ?that we move to a more mainstream technology ?. Bugger. Kal ? Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd GitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925 -------------- next part -------------- An HTML attachment was scrubbed... URL: From dean at fragfest.com.au Sun May 31 19:43:40 2015 From: dean at fragfest.com.au (Dean Hamstead) Date: Sun, 31 May 2015 19:43:40 -0700 Subject: [Melbourne-pm] Dancing around the event horizon Message-ID: Rewriting your stack for vc funding? On 31/05/2015 3:44 pm, Kahlil Hodgson wrote: > > ?Its been a sad few days.? > > ?For the ? > ?passed ? > 7 years > ?, ? > DealMax? > ?has been? > a > ? proud Perl shop > ?.? We've written a lot of code over that time. I'm quite proud of what we managed to acheive with so little resoruces and constantly changing requirements.?? I largely attribute our ability to weather various storms to having a fast, lean and expressive language at our core. I have fought valiantly to keep it, but sadly, it is not to be: > > ? > ?It ? > has now become a condition of funding? > ?that we move to a more mainstream technology > ?.? > > Bugger. > > Kal > ? > > Kahlil (Kal) Hodgson ? ? ? ? ? ? ? ? ? ? ? GPG: C9A02289 > Head of Technology ? ? ? ? ? ? ? ? ? ? ? ? (m) +61 (0) 4 2573 0382 > DealMax Pty Ltd ? ? ? ? ? ? ? ? ? ? ? ? ? ?GitHub: @tartansandal > > Suite 1416 > 401 Docklands Drive > Docklands VIC 3008 Australia > > "All parts should go together without forcing.? You must remember that > the parts you are reassembling were disassembled by you.? Therefore, > if you can't get them together again, there must be a reason.? By all > means, do not use a hammer." ?-- IBM maintenance manual, 1925