From westerman at purdue.edu Tue Jan 6 08:29:26 2009 From: westerman at purdue.edu (Rick Westerman) Date: Tue, 06 Jan 2009 11:29:26 -0500 Subject: [Purdue-pm] Meetings: change of time, day-of-month and place Message-ID: <496386E6.1000302@purdue.edu> Big changes for the technical meetings this semester. 1) We are confirming the change of starting time to 6:00 PM. So meetings will run from 6 to 7:30 PM. 2) We are switching from the 2nd to the 3rd Tuesday of the month. 3) We are meeting on the south side of campus. Specifically BCHM 102. For the upcoming tech meeting in two weeks on Tuesday, Jan. 20th, we have three speakers: Mark Senn will talk on Perl 6 Rules. Rick Westerman and/or Dave Jacoby will talk on Jifty -- a MVC Joe Kline will talk about Strawberry Perl (windows-based) with, perhaps, a bit of Padre (IDE) or Gantry (MVC) on the side. -- Rick Westerman westerman at purdue.edu Bioinformatics specialist at the Genomics Facility. Phone: (765) 494-0505 FAX: (765) 496-7255 Department of Horticulture and Landscape Architecture 625 Agriculture Mall Drive West Lafayette, IN 47907-2010 Physically located in room S049, WSLR building From gizmo at purdue.edu Thu Jan 8 12:51:53 2009 From: gizmo at purdue.edu (Joe Kline) Date: Thu, 08 Jan 2009 15:51:53 -0500 Subject: [Purdue-pm] meeting date Message-ID: <49666769.8040603@purdue.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - From a recent blog entry by chromatic on use.perl.org: "We release a new stable version of Rakudo on the third Tuesday every month, as we've done every month since November 2007" So our meeting date is Rakudo Tuesday. :-) joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFJZmdob0mzA2gRTpkRAqidAJ9bG6olYr+HZZosOG75BiM77SWEoQCeLxns 5jxJ3qOuWNDlfqiwSxmIm8k= =7VJE -----END PGP SIGNATURE----- From jacoby.david at gmail.com Thu Jan 8 22:08:59 2009 From: jacoby.david at gmail.com (Dave Jacoby) Date: Fri, 9 Jan 2009 01:08:59 -0500 Subject: [Purdue-pm] meeting date In-Reply-To: <49666769.8040603@purdue.edu> References: <49666769.8040603@purdue.edu> Message-ID: Hrm. My eldest has a one-time-only evening meet-and-greet dealing with an Introduction to Engineering Design course he's trying to get into for next year, which falls on Rakudo Tuesday this month. Don't bother rescheduling, as it will not reoccur. I will be there the next week (with the first two kids, at least) to see what Mark can do with Perl and Legos for February. On Thu, Jan 8, 2009 at 15:51, Joe Kline wrote: > - From a recent blog entry by chromatic on use.perl.org: > > "We release a new stable version of Rakudo on the third Tuesday every > month, as we've done every month since November 2007" > > So our meeting date is Rakudo Tuesday. :-) > > joe -- David Jacoby jacoby.david at gmail.com From pmiguel at purdue.edu Fri Jan 9 05:55:50 2009 From: pmiguel at purdue.edu (Phillip San Miguel) Date: Fri, 09 Jan 2009 08:55:50 -0500 Subject: [Purdue-pm] R - perl interface discussed on bioperl list Message-ID: <49675766.8020109@purdue.edu> Or lack thereof, actually. But, anyway, discussion of this topic is ongoing on the bioperl email list. You can peruse that here: http://bioperl.org/pipermail/bioperl-l/ (In the Jan 2009 archive), or more generally: http://www.bioperl.org/wiki/Mailing_lists Phillip PS The long awaited stable bioperl version 1.6 is nigh! (Currently in RC2). From gizmo at purdue.edu Wed Jan 14 07:25:35 2009 From: gizmo at purdue.edu (Joe Kline) Date: Wed, 14 Jan 2009 10:25:35 -0500 Subject: [Purdue-pm] Perl Healthcheck Message-ID: <496E03EF.3050108@purdue.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An interesting article about the current state of Perl. http://www.heise-online.co.uk/open/features/print/112388 joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkluA+oACgkQb0mzA2gRTpkaNACePVe05HRgTtGOldsIqQzQiz+V LFYAoIGbQJ9AUBFcSTkUjdPUHqe6jfMQ =F6SG -----END PGP SIGNATURE----- From westerman at purdue.edu Tue Jan 20 06:34:12 2009 From: westerman at purdue.edu (Rick Westerman) Date: Tue, 20 Jan 2009 09:34:12 -0500 Subject: [Purdue-pm] Reminder: meeting tonight, Jan 20, new place Message-ID: <4975E0E4.7040406@purdue.edu> Reminder that the PM meeting is tonight in our new location -- BCHM 102 -- from 6:00 PM until 7:30 or so. I have not confirmed the speakers but we should have Mark talking about Perl 6 Rules and Joe talking about Strawberry Perl (on Windows) plus Padre and maybe Gantry. Dave won't be there and I haven't worked on Jifty since before Christmas and thus that talk is probably going to be canceled until next month. As always, impromptu talks are welcome. -- Rick From gizmo at purdue.edu Tue Jan 20 09:55:17 2009 From: gizmo at purdue.edu (Joe Kline) Date: Tue, 20 Jan 2009 12:55:17 -0500 Subject: [Purdue-pm] security exploits Message-ID: <49761005.4040303@purdue.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Something of interest to us: http://use.perl.org/~Alias/journal/38319 An oldy but a goody: http://insecure.org/news/P55-07 joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFJdhAEb0mzA2gRTpkRAp9RAJ435RDjVoMFjq/bEe5MoFesqU41lgCfSKgs muN0F0cRrW7es3WdVg6MvA0= =Dv24 -----END PGP SIGNATURE----- From jacoby at purdue.edu Tue Jan 20 10:18:39 2009 From: jacoby at purdue.edu (Dave Jacoby) Date: Tue, 20 Jan 2009 13:18:39 -0500 Subject: [Purdue-pm] security exploits In-Reply-To: <49761005.4040303@purdue.edu> References: <49761005.4040303@purdue.edu> Message-ID: <4976157F.7050603@purdue.edu> Joe Kline wrote: > Something of interest to us: > http://use.perl.org/~Alias/journal/38319 > An oldy but a goody: > http://insecure.org/news/P55-07 I was here when they started up PLUG, the campus Linux group, and one of the first meetings had the president showing off his fancy SGI box. He had a CGI program that would show certain system data on it. He said it was secure. I tried it, in front of the LUG and everybody. I got it to show /etc/passwd with a simple injection attack. And this was in the bad old days before shadow passwords. Last I knew, the guy worked for a computer security company. I've been thinking about config files for a while, trying to roll my own with eval. When I found I could put abstract code in my config and it would run, I decided that was a non-starter. So I did what I should've done in the first place and checked Perl Best Practices. Conway suggests using a CPAN module, Config::[General|Std|Tiny] to parse config files rather than parsing them yourself. I tried Config::Std, and while it takes care of the ickiness of abstract code, I didn't notice it doing any chmod testing. PBP isn't about security but about coding better, so I'm not too surprised. I'll have to work up a standward way of doing that. I saw that Use Perl post but not the insecure.org one. Thanks. -- Dave Jacoby Address: WSLR S049 Purdue Genomics Core Mail: jacoby at purdue.edu Jabber: jacoby at jabber.org Phone: hah! From mikeb at purdue.edu Tue Jan 20 11:29:19 2009 From: mikeb at purdue.edu (Budzik, Michael J.) Date: Tue, 20 Jan 2009 14:29:19 -0500 Subject: [Purdue-pm] security exploits In-Reply-To: <4976157F.7050603@purdue.edu> References: <49761005.4040303@purdue.edu> <4976157F.7050603@purdue.edu> Message-ID: Dave sez: > I was here when they started up PLUG, the campus Linux group, and one of > the first meetings had the president showing off his fancy SGI box. He > had a CGI program that would show certain system data on it. He said it > was secure. I tried it, in front of the LUG and everybody. I got it to > show /etc/passwd with a simple injection attack. And this was in the bad > old days before shadow passwords. That *would* be embarrassing. Let's be clear. If this happened, it wasn't at one of the first meetings of Plug. I would remember a fail like that, and as the founding VP (1995 *if* memory serves), I can assure you that Matt (the founding Prez) never had an SGI box. The next Prez didn't have an SGI either. I think your timeline (or memory) is off. I'm going to assume it was a more recent PLUG prez (they don't make 'em like they used to). I just wanted to defend Matt's good name. Hey, I'm no longer a lurker! Bummer that it was off topic. Mike B From jacoby at purdue.edu Tue Jan 20 11:35:51 2009 From: jacoby at purdue.edu (Dave Jacoby) Date: Tue, 20 Jan 2009 14:35:51 -0500 Subject: [Purdue-pm] security exploits In-Reply-To: References: <49761005.4040303@purdue.edu> <4976157F.7050603@purdue.edu> Message-ID: <49762797.1090500@purdue.edu> Budzik, Michael J. wrote: > That *would* be embarrassing. Let's be clear. If this happened, it > wasn't at one of the first meetings of Plug. I would remember a fail > like that, and as the founding VP (1995 *if* memory serves), I can > assure you that Matt (the founding Prez) never had an SGI box. The next > Prez didn't have an SGI either. It was PLUG Mark 2. Minga was president. > I think your timeline (or memory) is off. I'm going to assume it was a > more recent PLUG prez (they don't make 'em like they used to). I just > wanted to defend Matt's good name. > > Hey, I'm no longer a lurker! Bummer that it was off topic. Yay! > Mike B -- Dave Jacoby Address: WSLR S049 Purdue Genomics Core Mail: jacoby at purdue.edu Jabber: jacoby at jabber.org Phone: hah! From mikeb at purdue.edu Tue Jan 20 11:48:04 2009 From: mikeb at purdue.edu (Budzik, Michael J.) Date: Tue, 20 Jan 2009 14:48:04 -0500 Subject: [Purdue-pm] security exploits In-Reply-To: <49762797.1090500@purdue.edu> References: <49761005.4040303@purdue.edu> <4976157F.7050603@purdue.edu> <49762797.1090500@purdue.edu> Message-ID: 3rd party confirmation that Dave's memory ain't too bad after all. I remember the SGI meeting. remember the /etc/passwd fail? Yeah. It was like the 2nd or 3rd year of Plug. Someone brought in an INdy. Not Minga? I think it was that one guy everyone hated. The short uber-smart kid. Dark hair. He was more into the IEEECS though. I wish I had been there. Tough lesson, but at least he learned it at college. Mike B -----Original Message----- From: purdue-pm-bounces+mikeb=purdue.edu at pm.org [mailto:purdue-pm-bounces+mikeb=purdue.edu at pm.org] On Behalf Of Dave Jacoby Sent: Tuesday, January 20, 2009 2:36 PM To: Purdue Perl Mongers Subject: Re: [Purdue-pm] security exploits Budzik, Michael J. wrote: > That *would* be embarrassing. Let's be clear. If this happened, it > wasn't at one of the first meetings of Plug. I would remember a fail > like that, and as the founding VP (1995 *if* memory serves), I can > assure you that Matt (the founding Prez) never had an SGI box. The next > Prez didn't have an SGI either. It was PLUG Mark 2. Minga was president. > I think your timeline (or memory) is off. I'm going to assume it was a > more recent PLUG prez (they don't make 'em like they used to). I just > wanted to defend Matt's good name. > > Hey, I'm no longer a lurker! Bummer that it was off topic. Yay! > Mike B -- Dave Jacoby Address: WSLR S049 Purdue Genomics Core Mail: jacoby at purdue.edu Jabber: jacoby at jabber.org Phone: hah! _______________________________________________ Purdue-pm mailing list Purdue-pm at pm.org http://mail.pm.org/mailman/listinfo/purdue-pm From jacoby at purdue.edu Wed Jan 21 10:25:41 2009 From: jacoby at purdue.edu (Dave Jacoby) Date: Wed, 21 Jan 2009 13:25:41 -0500 Subject: [Purdue-pm] On The Proper Use Of Config Files Message-ID: <497768A5.4090605@purdue.edu> The Use Perl journal post from Alias yesterday brought up a question I have had for a while. I've been thinking about configuration files. I have of course rolled my own more than once. I have also read and parsed variables out of the ENV variables for web apps before I discovered CGI, and I would occasionally try to get my own options before Conway pointed me to Getopt::Long. With my most recent attempt, I realized that I could include abstract code into my config, which seemed to be a security hole in the making. So, went to the books. The Perl Cookbook 2nd Ed (8:16) suggests you roll your own. http://proquest.safaribooksonline.com/0596003137/perlckbk2-CHP-8-SECT-16 Perl Best Practices (19:3) suggests you use a module. http://proquest.safaribooksonline.com/0596001738/perlbp-CHP-19 (We're all Purdue people, so if we're at work [or can tunnel] we should all have access. And you should have PBP anyway.) My instinct is to follow Conway here. I have some Alias-inspired Config::Std-using code on the Wiki. (http://pm.purdue.org/Wiki/wiki.pl/DaveJacobyDiary) But to what extent is the test I do necessary? To what extent is it sufficient? More for following PBP than the other way. If I can't trust CPAN modules, how can I use CPAN modules to help me test and trust CPAN modules? -- Dave Jacoby Address: WSLR S049 Purdue Genomics Core Mail: jacoby at purdue.edu Jabber: jacoby at jabber.org Phone: hah! From gizmo at purdue.edu Wed Jan 21 10:51:58 2009 From: gizmo at purdue.edu (Joe Kline) Date: Wed, 21 Jan 2009 13:51:58 -0500 Subject: [Purdue-pm] On The Proper Use Of Config Files In-Reply-To: <497768A5.4090605@purdue.edu> References: <497768A5.4090605@purdue.edu> Message-ID: <49776ECE.4020307@purdue.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Jacoby wrote: > The Use Perl journal post from Alias yesterday brought up a question I > have had for a while. I've been thinking about configuration files. > > I have of course rolled my own more than once. I have also read and > parsed variables out of the ENV variables for web apps before I > discovered CGI, and I would occasionally try to get my own options > before Conway pointed me to Getopt::Long. With my most recent attempt, I > realized that I could include abstract code into my config, which seemed > to be a security hole in the making. > > So, went to the books. > > The Perl Cookbook 2nd Ed (8:16) suggests you roll your own. > > http://proquest.safaribooksonline.com/0596003137/perlckbk2-CHP-8-SECT-16 > > Perl Best Practices (19:3) suggests you use a module. > > http://proquest.safaribooksonline.com/0596001738/perlbp-CHP-19 > > (We're all Purdue people, so if we're at work [or can tunnel] we should > all have access. And you should have PBP anyway.) > > My instinct is to follow Conway here. I have some Alias-inspired > Config::Std-using code on the Wiki. > (http://pm.purdue.org/Wiki/wiki.pl/DaveJacobyDiary) > > But to what extent is the test I do necessary? To what extent is it > sufficient? More for following PBP than the other way. If I can't trust > CPAN modules, how can I use CPAN modules to help me test and trust CPAN > modules? > I would say that _Mastering Perl_ might be a good suggestion as well: http://www252.pair.com/comdog/mastering_perl/Chapters/11.configuration.html brian d foy goes over different ways folks do config files and modules to use. The premise in the book is that programming is like a craft and this book is a way to get from a journeyman coder to master coder. http://www252.pair.com/comdog/mastering_perl/Chapters/01.introduction.html - From a quick scan of the chapter again I would say that AppConfig looks to be the most flexible. He seems to lean towards INI style config files but I think he would agree that it probably depends upon who will be tweaking the config file. If it's just you then no big deal. If it's someone else it's best to get their input. joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD4DBQFJd27Nb0mzA2gRTpkRAndEAJ9GEj1boaru2xQI640HSIEaNjAmFwCYtByI 7fRD6qdoxHEkCeCKYW/JfA== =wdyG -----END PGP SIGNATURE----- From gizmo at purdue.edu Wed Jan 21 14:40:35 2009 From: gizmo at purdue.edu (Joe Kline) Date: Wed, 21 Jan 2009 17:40:35 -0500 Subject: [Purdue-pm] regex and code Message-ID: <4977A463.1030102@purdue.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It looks you can stick "random" code in a regex: http://www.perl.com/doc/manual/html/pod/perlre.html (?{ code }) I wonder if the named captures in 5.10 can be accessed inside the code? I'm guessing it probably can. I haven't done any googling recoding arbitrary code in a regex yet. joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFJd6Rjb0mzA2gRTpkRAhUKAJ4iUzMzE8ekvEJrARMgs+i08AmWUgCfURQo EO4F7E+qs3h7h52ykjhmjWY= =qEwB -----END PGP SIGNATURE----- From mark at purdue.edu Sat Jan 24 18:38:59 2009 From: mark at purdue.edu (Mark Senn) Date: Sat, 24 Jan 2009 21:38:59 -0500 Subject: [Purdue-pm] Perl 6 regex question Message-ID: <17747.1232851139@pier.ecn.purdue.edu> The following match regex works as expected $s ~~ m/ (abc) # match and capture as $0 (def) # match and capture as $1 .+? # match one or more characters $1 # match previously captured $1 $0 # match previously captured $0 / I don't know if the following can be done with % p6 --version This is Rakudo Perl 6, revision 0 built on parrot 0.8.1 for x86_64-linux-thread-multi. Copyright 2006-2008, The Perl Foundation. I'd like to change the regex to do the following. Instead of (abc) I'd like to have $a to be 'abc' and use $a instead of 'abc'. Instead of $1 I'd like to have it match $1 but with the characters in reverse order. Any hints? -mark From pmiguel at purdue.edu Mon Jan 26 04:48:26 2009 From: pmiguel at purdue.edu (Phillip San Miguel) Date: Mon, 26 Jan 2009 07:48:26 -0500 Subject: [Purdue-pm] [ANNOUNCEMENT] BioPerl 1.6.0 Message-ID: <497DB11A.6070305@purdue.edu> At long last... -------- Original Message -------- All, I am proud to announce, on behalf of the BioPerl core developers, that BioPerl 1.6.0 is now available. This is the first BioPerl core release in the 1.6 series and is considered a 'stable' (non-developer) release. The distribution has been uploaded to CPAN and is available under author name CJFIELDS; it should be hitting the various CPAN nodes over the next 24 hours. A direct CPAN link is here: http://search.cpan.org/~cjfields/BioPerl-1.6.0/ The release can also be directly downloaded here: http://bioperl.org/DIST/BioPerl-1.6.0.tar.bz2 http://bioperl.org/DIST/BioPerl-1.6.0.tar.gz http://bioperl.org/DIST/BioPerl-1.6.0.zip Signature file: http://bioperl.org/DIST/SIGNATURES.md5 Please feel free to report issues with testing, installation, etc. on the mail list, on this page: http://www.bioperl.org/wiki/Release_1.6_Testing or via Bugzilla: http://bugzilla.open-bio.org/ We will be releasing BioPerl-run, BioPerl-db, BioPerl-network, and other BioPerl distributions separately in the next few days. These will likely go through a short alpha release cycle depending on any problems that arise. A PPM release for all distributions (including BioPerl core) will also be announced in the near future. Thanks to everyone for chipping in on getting this release out the door! It's been a looooong wait... Enjoy! chris _______________________________________________ Bioperl-l mailing list Bioperl-l at lists.open-bio.org http://lists.open-bio.org/mailman/listinfo/bioperl-l From gizmo at purdue.edu Tue Jan 27 10:28:11 2009 From: gizmo at purdue.edu (Joe Kline) Date: Tue, 27 Jan 2009 13:28:11 -0500 Subject: [Purdue-pm] modern perl et al. Message-ID: <497F523B.4010306@purdue.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A rather interesting use.perl.org thought and discussion. http://use.perl.org/~Alias/journal/38347 joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFJf1I7b0mzA2gRTpkRAnPUAJ4l9eSFvdI86G/0Oqv7hdJhCnrc7wCffrnK Ih7hVU4/b5WR/G1VDiHBtB0= =r6J1 -----END PGP SIGNATURE----- From gizmo at purdue.edu Tue Jan 27 16:37:45 2009 From: gizmo at purdue.edu (Joe Kline) Date: Tue, 27 Jan 2009 19:37:45 -0500 Subject: [Purdue-pm] Frozen Perl Message-ID: <497FA8D9.5010402@purdue.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'll be heading to Frozen Perl next week. http://www.frozen-perl.org/ I just noticed they have a talk on Rakudo grammars. I had intended to go to the CGI::Application talk but now I'm really tempted to go to it and ask him about the grammar mark is working on. joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl/qMcACgkQb0mzA2gRTplrwgCeM0JIOOs6tN8Mo/inGmKhH96a ABMAniJ+kHO0S7NIqq3Skn05S8d+ILwx =VRDT -----END PGP SIGNATURE-----