From jay at jays.net Mon Jul 6 08:53:42 2009 From: jay at jays.net (Jay Hannah) Date: Mon, 06 Jul 2009 10:53:42 -0500 Subject: [Omaha.pm] Next meeting: Tuesday July 14 | Call for presentations Message-ID: <4A521E06.5010200@jays.net> Hola, Sam moved to San Francisco earlier than originally planned so he will not be presenting next week. What have you been working on lately? Are you willing to do a 5 minute presentation? A longer one? Please add to our wish list, volunteer list: http://jays.net/wiki/ODynUG --- In case we don't get a flood of other ideas, I'll be presenting: MooseX::Workers Forked process management with Perl5, Moose, and POE. http://github.com/jhannah/moosex-workers/raw/master/doc/yapc2009/workers.pdf http://search.cpan.org/~jhannah/MooseX-Workers-0.07/lib/MooseX/Workers.pm See you there! :) --- Can whoever controls these domains tear them down please? http://odynug.blainebuxton.net/ http://odynug.kicks-ass.org/ No point in having out-of-date information no one is maintaining out on the interwebs. :) j mobile: 578-3976 From jay at jays.net Mon Jul 6 09:39:22 2009 From: jay at jays.net (Jay Hannah) Date: Mon, 06 Jul 2009 11:39:22 -0500 Subject: [Omaha.pm] Next meeting: Tuesday July 14 | Call for presentations In-Reply-To: References: <4A521E06.5010200@jays.net> Message-ID: <4A5228BA.8000901@jays.net> Matt Secoske wrote: > I suggest we also discuss architectures for large amounts of data ;-) > Like Google Bigtable? :) http://labs.google.com/papers/bigtable.html I can also ramble about this Erlang genome problem I've been working on: http://github.com/jhannah/sandbox/tree/master/erlang Oh... Do we have an official TEK Systems contact? I should reach out to them. Love that free pizza. :) http://www.teksystems.com/ j Omaha Dynamic Language Users Group http://jays.net/wiki/ODynUG From techmonkey4u at gmail.com Mon Jul 6 11:59:18 2009 From: techmonkey4u at gmail.com (techmonkey4u at gmail.com) Date: Mon, 06 Jul 2009 18:59:18 +0000 Subject: [Omaha.pm] [odynug] Re: Next meeting: Tuesday July 14 | Call for presentations In-Reply-To: <4A5228BA.8000901@jays.net> Message-ID: <002215048ac76942a3046e0e1a93@google.com> I can do 5 minutes on OpenCV, an open-source computer vision framework that I've just started really digging into. (written in C++, but is easily used as a shared object in Ruby or Python or whatever). So next month? On Jul 6, 2009 11:39am, Jay Hannah wrote: > Matt Secoske wrote: > > I suggest we also discuss architectures for large amounts of data ;-) > > > Like Google Bigtable? :) > http://labs.google.com/papers/bigtable.html > I can also ramble about this Erlang genome problem I've been working on: > http://github.com/jhannah/sandbox/tree/master/erlang > Oh... Do we have an official TEK Systems contact? I should reach out to > them. Love that free pizza. :) > http://www.teksystems.com/ > j > Omaha Dynamic Language Users Group > http://jays.net/wiki/ODynUG > --~--~---------~--~----~------------~-------~--~----~ > You received this message because you are subscribed to the Google > Groups "Omaha Dynamic Language User Group" group. > To post to this group, send email to odynug at googlegroups.com > To unsubscribe from this group, send email to > odynug+unsubscribe at googlegroups.com > For more options, visit this group at > http://groups.google.com/group/odynug?hl=en > -~----------~----~----~----~------~----~------~--~--- -------------- next part -------------- An HTML attachment was scrubbed... URL: From jay at jays.net Mon Jul 6 13:18:08 2009 From: jay at jays.net (Jay Hannah) Date: Mon, 6 Jul 2009 16:18:08 -0400 Subject: [Omaha.pm] Next meeting: Tuesday July 14 | Call for presentations In-Reply-To: <002215048ac76942a3046e0e1a93@google.com> References: <002215048ac76942a3046e0e1a93@google.com> Message-ID: On Jul 6, 2009, at 2:59 PM, techmonkey4u at gmail.com wrote: > I can do 5 minutes on OpenCV, an open-source computer vision framework woot! Agenda is online: http://jays.net/wiki/ODynUG It's a wiki -- add stuff! More! More! :) j From choman at gmail.com Fri Jul 10 10:24:59 2009 From: choman at gmail.com (Chad Homan) Date: Fri, 10 Jul 2009 12:24:59 -0500 Subject: [Omaha.pm] here doc help Message-ID: Greets all So I have a interesting issue that I need some assistance with. I found a here doc "formatting" function on-line (at CPAN) that claims to "expect input from a here doc". I've made one little change to preserve "blank lines" (i.e, changed a couple "\s" to "[\t ]"), hence the function name. Now I want to offload it into a require file. however "perl -c" fails when doing so. --------[ code #1: file1.pl ]------------- sub dequote_blank_lines { local $_ = shift; my ($white, $leader); # common white space and common leading string if (/^[\t ]*(?:([^\w\s]+)(\s*).*\n)(?:\s*\1\2?.*\n)+$/) { ($white, $leader) = ($2, quotemeta($1)); } else { ($white, $leader) = (/^([\t ]+)/, ''); } s/^[\t ]*?$leader(?:$white)?//gm; return $_; } $cde_script = dequote_blank_lines <<_EOF_; #!/bin/sh #real code removed for brevity /usr/bin/echo "Hello World" _EOF_ print $cde_script In this first snippet everything works fine. and a "perl -c" returns OK. Now lets offload to a require file: --------[ code #2: file2.pl ]------------- sub dequote_blank_lines { local $_ = shift; my ($white, $leader); # common white space and common leading string if (/^[\t ]*(?:([^\w\s]+)(\s*).*\n)(?:\s*\1\2?.*\n)+$/) { ($white, $leader) = ($2, quotemeta($1)); } else { ($white, $leader) = (/^([\t ]+)/, ''); } s/^[\t ]*?$leader(?:$white)?//gm; return $_; } 1; --------[ code #2: file3.pl ]------------- require "file2.pl"; $cde_script = dequote_blank_lines <<_EOF_; #!/bin/sh #real code removed for brevity /usr/bin/echo "Hello World" _EOF_ print $cde_script In this case, file3.pl fails syntax check in every way imaginable. I have tried prototyping the function: sub dequote_blank_lines ($), but this fails too. I am not opposed to making this routine work like a real function and change it to: $cde_script = HERE_DOC; # for brevity $cde_script = &dequote_blank_lines($cde_script); But, I am one who likes flexibility and I think it should work either way. And I am trying to maintain the original intent of the subroutine, expecting a here doc Chad, CISSP Jack Benny - "I don't deserve this award, but I have arthritis and I don't deserve that either." -------------- next part -------------- An HTML attachment was scrubbed... URL: From stpierre at NebrWesleyan.edu Mon Jul 13 20:21:30 2009 From: stpierre at NebrWesleyan.edu (Chris St. Pierre) Date: Mon, 13 Jul 2009 22:21:30 -0500 (CDT) Subject: [Omaha.pm] here doc help In-Reply-To: References: Message-ID: On Fri, 10 Jul 2009, Chad Homan wrote: > Greets all > > So I have a interesting issue that I need some assistance with. > > I found a here doc "formatting" function on-line (at CPAN) that claims to > "expect input from a here doc". > I've made one little change to preserve "blank lines" (i.e, changed a couple > "\s" to "[\t ]"), hence the > function name. > > Now I want to offload it into a require file. however "perl -c" fails when > doing so. It worked for me when I changed file3.pl to: $cde_script = dequote_blank_lines(<<_EOF_ #!/bin/sh #real code removed for brevity /usr/bin/echo "Hello World" _EOF_ ); print $cde_script; Note the parens, lack of ; after the heredoc initiator. In general, it's considered best practice to always use parens with non-core functions, so this is the Right Thing to do anyway. I think the parser was probably just getting confused with some ambiguity there, although I'm not Perl wonk enough to know what the ambiguity might have been. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University From jay at jays.net Thu Jul 23 16:08:15 2009 From: jay at jays.net (Jay Hannah) Date: Thu, 23 Jul 2009 18:08:15 -0500 Subject: [Omaha.pm] Next meeting: Tue Aug 11, 2009 Message-ID: <4E9FF04A-C941-4AF1-AF63-8762425E4586@jays.net> Formulating the agenda for next month: http://jays.net/wiki/ODynUG#Meetings.2C_Presentations Call for presentations! Doing something interesting and willing to talk about it? Great! Sign up! This month, or coming months, we'd love to have you. I'll prep an hour on 'Modern Perl Programming: Moose and Catalyst'. Come see how the cool kids are doing development nowadays. :) I have commit bits in both of those projects now, so hopefully I can do passable introductory presentations. See you there! j P.S. I registered odlug.org, but haven't successfully wrestled my ISP's troublesome Apache vhost config yet. From rob.townley at gmail.com Fri Jul 24 14:37:25 2009 From: rob.townley at gmail.com (Rob Townley) Date: Fri, 24 Jul 2009 16:37:25 -0500 Subject: [Omaha.pm] [olug] Yesterday's dd-wrt release fixes vulnerability In-Reply-To: References: <4a67a69e.1b025a0a.682a.1166@mx.google.com> Message-ID: <7e84ed60907241437h2d93063bp32ab2014fdfec648@mail.gmail.com> On Wed, Jul 22, 2009 at 8:10 PM, Chad Homan wrote: > I've dug into this a little but. The bug exist in the v24 sp1 firmware. > I personally have been running the June 19 pre-sp2 release which also has > the bug. > > If your running anything prior to v24 sp1, you can run the test rob privided > > and verify that the bug effects you > > There are two fixes posted currently, both available on the dd-wrt home > page. > Note that the suggested firmware fix is temporary until the router DB is > updated. > well according to the website > > Chad, CISSP > > > > On Wed, Jul 22, 2009 at 6:54 PM, Cheyenne Deal wrote: > >> When did the problem start, I have a 04/07 release 07 as in 2007 >> >> -----Original Message----- >> From: Rob Townley >> Sent: Wednesday, July 22, 2009 6:31 PM >> To: Omaha Linux User Group >> Subject: [olug] Yesterday's dd-wrt release fixes vulnerability >> >> If you have dd-wrt firmware, you will want to update. ?There is a >> vulnerability in it that malicious website code could get root just by >> visiting that malicious website from behind your dd-wrt firewall, CSRF >> style. >> >> Test: ? ?http://192.168.1.1/cgi-bin/;reboot >> _______________________________________________ >> OLUG mailing list >> OLUG at olug.org >> https://lists.olug.org/mailman/listinfo/olug >> >> _______________________________________________ >> OLUG mailing list >> OLUG at olug.org >> https://lists.olug.org/mailman/listinfo/olug >> > _______________________________________________ > OLUG mailing list > OLUG at olug.org > https://lists.olug.org/mailman/listinfo/olug > Cross Site Request Forgery highlights a much broader security problem for just about anything that has a web based interface - printers, cameras, firewalls, switches, webmin, nagios, CUPS, web based address books, web based email and . i am going to pick on webmin to remind professionals that this type of attack applies to you even if you do not use dd-wrt. CSRF / XSRF allows malicious code on an internet website to call code on a private only webmin interface. Since google and HoneyNET project research suggest there could be millions of websites hacked, we really can't trust any website. What frustrates me is having webmin type browser sessions only accessible via https can actually make the problem worse. For the web developers out there such as the developers of the IE6 only Cisco SRW2048 and a local Omahan that commented that he will never develop web apps for Safari again because there is no need, test your code in multiple browsers because users need to easily be able to use one brand of browser for web based administration and another brand for browsing the web and yet another brand for web based email, calendering, and contacts. Yes, the alternative is to have multiple user profiles for the same browser, but that does not always work for me. If you use dd-wrt, check back often to see if there are updates. After using soho firewalls for more than a decade, dd-wrt is still safer than most any other i have used. The open-wrt ssh base was not at fault here, it was the more closed web based interface. Below is gat3way's dd-wrt forum posting used for reference: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173 Posted: Fri Jul 24, 2009 7:48 am The patch makes that exploit impossible to succeed even though it does not thoroughly mitigate the CSRF attack vectors. That because now: 1) you have to be already authorized (before the fix it was possible to execute commands via /cgi-bin without authorization) 2) the CSRF attack has to come from a https site, otherwise a referer header is sent, it's checked against the httpd server hostname and since it won't match, the request will be rejected. OTOH, older POST-based CSRF could work if the attack comes from a https site AND if you have already authorized at the web ui. In other words, preventing CSRF attacks now will be easy if users just follow a simple rule: when you login at the web management ui, do your job, DO NOT browse other sites in other tabs (actually, closing all tabs except the dd-wrt one is best), then log-out from the dd-wrt web ui and continue browsing other sites. This way, you can be almost sure no CSRF attack will be possible. From rob.townley at gmail.com Fri Jul 24 15:00:17 2009 From: rob.townley at gmail.com (Rob Townley) Date: Fri, 24 Jul 2009 17:00:17 -0500 Subject: [Omaha.pm] [olug] Yesterday's dd-wrt release fixes vulnerability In-Reply-To: <7e84ed60907241437h2d93063bp32ab2014fdfec648@mail.gmail.com> References: <4a67a69e.1b025a0a.682a.1166@mx.google.com> <7e84ed60907241437h2d93063bp32ab2014fdfec648@mail.gmail.com> Message-ID: <7e84ed60907241500i4a2bf51brbd94e8f6c42dca79@mail.gmail.com> On Fri, Jul 24, 2009 at 4:37 PM, Rob Townley wrote: > On Wed, Jul 22, 2009 at 8:10 PM, Chad Homan wrote: >> I've dug into this a little but. The bug exist in the v24 sp1 firmware. >> I personally have been running the June 19 pre-sp2 release which also has >> the bug. >> >> If your running anything prior to v24 sp1, you can run the test rob privided >> >> and verify that the bug effects you >> >> There are two fixes posted currently, both available on the dd-wrt home >> page. >> Note that the suggested firmware fix is temporary until the router DB is >> updated. >> well according to the website >> >> Chad, CISSP >> >> >> >> On Wed, Jul 22, 2009 at 6:54 PM, Cheyenne Deal wrote: >> >>> When did the problem start, I have a 04/07 release 07 as in 2007 >>> >>> -----Original Message----- >>> From: Rob Townley >>> Sent: Wednesday, July 22, 2009 6:31 PM >>> To: Omaha Linux User Group >>> Subject: [olug] Yesterday's dd-wrt release fixes vulnerability >>> >>> If you have dd-wrt firmware, you will want to update. ?There is a >>> vulnerability in it that malicious website code could get root just by >>> visiting that malicious website from behind your dd-wrt firewall, CSRF >>> style. >>> >>> Test: ? ?http://192.168.1.1/cgi-bin/;reboot >>> _______________________________________________ >>> OLUG mailing list >>> OLUG at olug.org >>> https://lists.olug.org/mailman/listinfo/olug >>> >>> _______________________________________________ >>> OLUG mailing list >>> OLUG at olug.org >>> https://lists.olug.org/mailman/listinfo/olug >>> >> _______________________________________________ >> OLUG mailing list >> OLUG at olug.org >> https://lists.olug.org/mailman/listinfo/olug >> > > Cross Site Request Forgery highlights a much broader security problem > for just about anything that has a web based interface - printers, > cameras, firewalls, switches, webmin, nagios, CUPS, web based address > books, web based email and . ?i am going to pick on webmin to remind > professionals that this type of attack applies to you even if you do > not use dd-wrt. ? CSRF / XSRF allows malicious code on an internet > website to call code on a private only webmin interface. ?Since google > and HoneyNET project research suggest there could be millions of > websites hacked, we really can't trust any website. ?What frustrates > me is having webmin type browser sessions only accessible via https > can actually make the problem worse. > > For the web developers out there such as the developers of the IE6 > only Cisco SRW2048 and a local Omahan that commented that he will > never develop web apps for Safari again because there is no need, test > your code in multiple browsers because users need to easily be able to > use one brand of browser for web based administration and another > brand for browsing the web and yet another brand for web based email, > calendering, and contacts. ? Yes, the alternative is to have multiple > user profiles for the same browser, but that does not always work for > me. > > If you use dd-wrt, check back often to see if there are updates. > After using soho firewalls for more than a decade, dd-wrt is still > safer than most any other i have used. ?The open-wrt ssh base was not > at fault here, it was the more closed web based interface. > > > Below is gat3way's dd-wrt ?forum posting used for reference: > http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173 > > Posted: Fri Jul 24, 2009 7:48 am > The patch makes that exploit impossible to succeed even though it does > not thoroughly mitigate the CSRF attack vectors. That because now: > > 1) you have to be already authorized (before the fix it was possible > to execute commands via /cgi-bin without authorization) > 2) the CSRF attack has to come from a https site, otherwise a referer > header is sent, it's checked against the httpd server hostname and > since it won't match, the request will be rejected. > > OTOH, older POST-based CSRF could work if the attack comes from a > https site AND if you have already authorized at the web ui. > > In other words, preventing CSRF attacks now will be easy if users just > follow a simple rule: when you login at the web management ui, do your > job, DO NOT browse other sites in other tabs (actually, closing all > tabs except the dd-wrt one is best), then log-out from the dd-wrt web > ui and continue browsing other sites. This way, you can be almost sure > no CSRF attack will be possible. > *FireGPG and many other extensions are convenient, but would not be surprised if some are an extremely bad idea - not up on them at the moment. Other extensions provide some protection from Cross Site Scripting (XSS) - NoScript and CSRF Protector and are required. *web2.0collage.com could probably find your internal websites. From jay at jays.net Thu Jul 30 23:08:48 2009 From: jay at jays.net (jay at jays.net) Date: Fri, 31 Jul 2009 02:08:48 -0400 Subject: [Omaha.pm] New Perl books: Moose, Catalyst Message-ID: <7545be745a9cef0e8ce6b28c86bc4e2a@jays.net> Moose: http://www.lulu.com/content/paperback-book/moose/7406976 Catalyst: http://xrl.us/be3fh2 :) j From jay at jays.net Fri Jul 31 00:29:14 2009 From: jay at jays.net (jay at jays.net) Date: Fri, 31 Jul 2009 03:29:14 -0400 Subject: [Omaha.pm] [Bioperl-l] bioperl reorganization In-Reply-To: <4A60D73A.8030706@jays.net> References: <4239c0bb0907151625o7166edd6j3c2b13fec8adf530@mail.gmail.com> <4A5E7CE7.4040908@cornell.edu> <4A5ED518.7010504@cornell.edu> <4A603F82.9020202@cornell.edu> <4A60D73A.8030706@jays.net> Message-ID: <64439d16511f28ba7c28dcde8c8a0458@jays.net> On Fri, 17 Jul 2009 14:55:38 -0500, Jay Hannah wrote: > All Catalyst::* distributions live in the same SVN repository, as > entirely independent, ready-to-ship CPAN distributions: > > http://dev.catalyst.perl.org/repos/Catalyst/ > http://dev.catalyst.perl.org/repos/Catalyst/trunk/ Ah, progress(?). Catalyst has begun the migration to git: http://git.shadowcat.co.uk/gitweb/gitweb.cgi git clone git://git.shadowcat.co.uk/catagits/Catalyst-Action-REST.git Jay Hannah http://clab.ist.unomaha.edu/CLAB/index.php/User:Jhannah