From talexb at gmail.com Wed Aug 1 10:27:34 2007 From: talexb at gmail.com (Alex Beamish) Date: Wed, 1 Aug 2007 13:27:34 -0400 Subject: [tpm] Regex to validate (international) phone numbers In-Reply-To: <46AFA5B0.5020908@alteeve.com> References: <46AFA5B0.5020908@alteeve.com> Message-ID: On 7/31/07, Madison Kelly wrote: > [..] > How might I go about checking telephone numbers from both NA and > international? Hi Madison, How rigorous does this test have to be? Once you've answered that question, then you can move towards a solution. If the answer is 'not that rigorous', I'd suggest you ask for the phone number in an International format, which is + $countryCode $everythingElse Since North America is where the phone was developed, we get the #1 country code, and everything else is a three digit area code and a seven digit number. Other country's numbers vary, even within countries, I think. Or you can go the other route and follow E.164 ( http://en.wikipedia.org/wiki/E.164). That's useful, actually, as it limits a phone number to 15 digits. So as long as the phone number string consists of just numbers, spaces, hyphens and perhaps a leading '+', and as long as there are no more than 15 digits, I'd say it passes. -- Alex Beamish Toronto, Ontario aka talexb -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pm.org/pipermail/toronto-pm/attachments/20070801/a2f5d633/attachment.html From arocker at vex.net Mon Aug 6 09:51:20 2007 From: arocker at vex.net (arocker at vex.net) Date: Mon, 6 Aug 2007 12:51:20 -0400 (EDT) Subject: [tpm] Ma, I think they're laughing at me Message-ID: <60054.70.53.121.7.1186419080.squirrel@webmail.vex.net> http://ars.userfriendly.org/cartoons/?id=20070806 From janes.rob at gmail.com Mon Aug 6 15:17:17 2007 From: janes.rob at gmail.com (Rob Janes) Date: Mon, 06 Aug 2007 18:17:17 -0400 Subject: [tpm] Regex to validate (international) phone numbers In-Reply-To: <46AFBA8B.5030400@alteeve.com> References: <46AFA8CA.2070501@alteeve.com> <1185920488.18694.15.camel@dell.barefootcomputing.com> <46AFBA8B.5030400@alteeve.com> Message-ID: <46B79DED.8070406@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 011 country-code zone-code phone-number that's the syntax. country code is 1-3 digits. zone-codes are like areacodes in north america, but they aren't necessarily geographic in nature. they may represent cellphone or marine districts which are nation wide. telcordia distributes an up-to-date list which is used for switching equipment. probably $500/month. each country code has it's own set of zone codes. the caribbean and various us protectorates are countries that fall in 1+ dialing. the further you go past 011 the more dependent you become on a subscription service. the attached country code list is out of date. czechoslovakia for example is no longer 42, it has split into 420 and 421. - -rob Madison Kelly wrote: > Thanks Andy and Liam! > > Number::Phone was more than I needed, but the 'is_valid' function > gave me enough of a pointer to work out something I think will work. As > for extensions, I have a separate DB column for that. > > What I do is check for the leading '+' (as this is needed by some > mobile GSM phones), strip off all non-digit characters, then check the > length. Well, I check a little more than that, but ultimately it comes > down to length. Then I can "clean up" the number to something standard > before saving it. > > http://en.wikipedia.org/wiki/List_of_country_calling_codes > > That had enough info for me to feel comfortable that I can identify > *most* international numbers. As for "evenings only" or alternative > numbers, info like that will have to go in the comments section. The > number asked for is simply "preferred number" so I have *something* on > file. > > Thanks both! > > Madi > _______________________________________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/listinfo/toronto-pm > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFGt53sGEx3U8yKO8YRAqI8AJQMEPe8i2c9TObxIBjdW1nTnESnAKCKn5tI BlfTzUCT9OBPF/RZigKFGQ== =kMe3 -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: country.txt Url: http://mail.pm.org/pipermail/toronto-pm/attachments/20070806/10eb2554/attachment.txt From jbrind at oanda.com Thu Aug 9 12:57:56 2007 From: jbrind at oanda.com (Jane Brind) Date: Thu, 09 Aug 2007 15:57:56 -0400 Subject: [tpm] Perl Job Opportunity Message-ID: <46BB71C4.7060009@oanda.com> Hello Toronto Perl Mongers, OANDA is looking to hire a Perl expert. A blurb about our company is listed below, but if you have specific questions or wish to send a resume please contact me at: *jbrind at oanda.com* OR can send to our general HR email: *hr-oanda at oanda.com.* */Why OANDA?/* It's really pretty simple. We're 'Silicon Valley' in Toronto. We develop new technologies in financial services. We employ exceptionally talented, highly intelligent people. We foster a spirit of innovation and creativity. At OANDA, you will work under the leadership of world-renowned computer science and economics experts. You will develop and challenge your skills every day. You will have the ability to be self-directed in your work within a collaborative team environment. You'll enjoy the immediacy of a small company, but use the most advanced tools/technologies that a large firm can offer. And to maintain that community feel at OANDA we offer flexibility & sociability with things like a concierge service, weekly Wed lunch, Friday @ 4 gatherings and more. You will contribute to the growth and direction of OANDA, and your contributions to the success of the company will be recognized and rewarded. */Who We Are:/* OANDA Corporation is a high-growth, financially stable software development and data services firm focused on the $2 trillion per day foreign exchange industry. Our goal is to drive the development of global foreign exchange by building the technologies that underpin this lucrative, fast-paced industry. We are a small firm with a world-class service line and a global customer base. We are extremely successful in a highly competitive industry, while having fun and building a friendly, learning-oriented culture. OANDA has a sustained history of innovation and growth. Founded in 1996, OANDA: # Launched the first online currency conversion data service, which today is referenced by over 85,000 websites. # Launched the FXTradeTM platform -- the first graphical-based forex trading platform to offer true 24/7, fully automated online trading with immediate execution and second-by-second interest. (We execute over 300,000 trades daily.) # Provides data and currency services to organizations such as global accounting firms, international banks, major airlines, news organizations, government tax authorities, and major financial companies. # Developed the "Forex Trader's Bill of Rights" and leads the foreign exchange industry in promoting transparency and ethical conduct. For further information about OANDA Corporation, please visit our website at_* www.oanda.com.*_ -- Jane Brind OANDA E: jbrind at oanda.com P: 416-593-6767 ext. 232 W: www.oanda.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pm.org/pipermail/toronto-pm/attachments/20070809/ef7b64e1/attachment.html From alexmac131 at hotmail.com Thu Aug 9 13:19:31 2007 From: alexmac131 at hotmail.com (Alex Mackinnon) Date: Thu, 09 Aug 2007 20:19:31 +0000 Subject: [tpm] Perl Job Opportunity In-Reply-To: <46BB71C4.7060009@oanda.com> Message-ID: Hello Jane, Could you be more specifc in your Perl expert needs. I currently work for Accenture on an outsource to Morgan Stanley but am looking for a new position. Alex >From: Jane Brind >To: tpm at to.pm.org >Subject: [tpm] Perl Job Opportunity >Date: Thu, 09 Aug 2007 15:57:56 -0400 >MIME-Version: 1.0 >Received: from x6.develooper.com ([63.251.223.186]) by >bay0-mc9-f20.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Thu, 9 >Aug 2007 13:13:39 -0700 >Received: from x6.develooper.com (localhost.localdomain [127.0.0.1])by >x6.develooper.com (Postfix) with ESMTP id 00F6717865for >; Thu, 9 Aug 2007 13:13:39 -0700 (PDT) >Received: (qmail 17918 invoked from network); 9 Aug 2007 19:59:12 -0000 >Received: from x1a.develooper.com (HELO x1.develooper.com) >(216.52.237.111)by lists.develooper.com with SMTP; 9 Aug 2007 19:59:12 >-0000 >Received: (qmail 17207 invoked by uid 225); 9 Aug 2007 19:59:12 -0000 >Received: (qmail 17197 invoked by alias); 9 Aug 2007 19:59:11 -0000 >Received: neutral (x1.develooper.com: local policy) >Received: from centralhosting.net (HELO centralhosting.net) (69.0.211.22)by >la.mx.develooper.com (qpsmtpd/0.28) with SMTP;Thu, 09 Aug 2007 12:58:57 >-0700 >Received: (qmail 26425 invoked by uid 110); 9 Aug 2007 19:38:35 -0000 >Received: (qmail 26419 invoked from network); 9 Aug 2007 19:38:35 -0000 >Received: from q9.oanda.com (HELO mail.oanda.com) (216.220.44.222)by >to.pm.org with SMTP; 9 Aug 2007 19:38:35 -0000 >Received: from localhost (localhost [127.0.0.1])by mail.oanda.com (Postfix) >with ESMTP id E5A0AEC079for ; Thu, 9 Aug 2007 15:57:50 >-0400 (EDT) >Received: from mail.oanda.com ([127.0.0.1])by localhost (mail.q9.oanda.com >[127.0.0.1]) (amavisd-new, port 10024)with ESMTP id 27518-03 for >;Thu, 9 Aug 2007 15:57:50 -0400 (EDT) >Received: from [127.0.0.1] (unknown [216.235.10.210])by mail.oanda.com >(Postfix) with ESMTP id BFE5BEC00Cfor ; Thu, 9 Aug 2007 >15:57:50 -0400 (EDT) >X-Message-Delivery: Vj0zLjQuMDt1cz0wO2k9MDtsPTA7YT0w >X-Message-Info: >JGTYoYF78jEc0yHp+zx+hzQGdCMmDA8N3y5SQOdCjhWOqGC4pSKbJzF33ZIi/DHbh7ZxHwCSKuMSjrfQSmm62A== >Delivered-To: mailman-toronto-pm at mailman.pm.dev >Delivered-To: toronto-pm at pm.org >X-Spam-Status: No, hits=0.7 required=8.0tests=BAYES_50, >DKIM_POLICY_SIGNSOME, DK_POLICY_SIGNSOME, HTML_MESSAGE,SPF_HELO_PASS, >SPF_NEUTRAL >X-Spam-Check-By: la.mx.develooper.com >Delivered-To: 4-tpm at to.pm.org >User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) >X-Virus-Checked: Checked >X-Mailman-Approved-At: Thu, 09 Aug 2007 13:13:20 -0700 >X-BeenThere: toronto-pm at pm.org >X-Mailman-Version: 2.1.9 >Precedence: list >List-Id: Toronto Perl Mongers >List-Unsubscribe: >, >List-Archive: >List-Post: >List-Help: >List-Subscribe: >, >Errors-To: toronto-pm-bounces+alexmac131=hotmail.com at pm.org >Return-Path: toronto-pm-bounces+alexmac131=hotmail.com at pm.org >X-OriginalArrivalTime: 09 Aug 2007 20:13:39.0399 (UTC) >FILETIME=[C64F7D70:01C7DAC1] > >Hello Toronto Perl Mongers, > >OANDA is looking to hire a Perl expert. A blurb about our company is >listed below, but if you have specific questions or wish to send a resume >please contact me at: *jbrind at oanda.com* OR can send to our general HR >email: *hr-oanda at oanda.com.* > >*/Why OANDA?/* > >It's really pretty simple. We're 'Silicon Valley' in Toronto. We develop >new technologies in financial services. We employ exceptionally talented, >highly intelligent people. We foster a spirit of innovation and creativity. > >At OANDA, you will work under the leadership of world-renowned computer >science and economics experts. You will develop and challenge your skills >every day. You will have the ability to be self-directed in your work >within a collaborative team environment. You'll enjoy the immediacy of a >small company, but use the most advanced tools/technologies that a large >firm can offer. And to maintain that community feel at OANDA we offer >flexibility & sociability with things like a concierge service, weekly Wed >lunch, Friday @ 4 gatherings and more. You will contribute to the growth >and direction of OANDA, and your contributions to the success of the >company will be recognized and rewarded. > >*/Who We Are:/* > >OANDA Corporation is a high-growth, financially stable software development >and data services firm focused on the $2 trillion per day foreign exchange >industry. Our goal is to drive the development of global foreign exchange >by building the technologies that underpin this lucrative, fast-paced >industry. We are a small firm with a world-class service line and a global >customer base. We are extremely successful in a highly competitive >industry, while having fun and building a friendly, learning-oriented >culture. > >OANDA has a sustained history of innovation and growth. Founded in 1996, >OANDA: > ># Launched the first online currency conversion data service, which today >is referenced by over 85,000 websites. > ># Launched the FXTradeTM platform -- the first graphical-based forex >trading platform to offer true 24/7, fully automated online trading with >immediate execution and second-by-second interest. (We execute over 300,000 >trades daily.) > ># Provides data and currency services to organizations such as global >accounting firms, international banks, major airlines, news organizations, >government tax authorities, and major financial companies. > ># Developed the "Forex Trader's Bill of Rights" and leads the foreign >exchange industry in promoting transparency and ethical conduct. > >For further information about OANDA Corporation, please visit our website >at_* www.oanda.com.*_ > >-- >Jane Brind >OANDA >E: jbrind at oanda.com >P: 416-593-6767 ext. 232 >W: www.oanda.com > > >_______________________________________________ >toronto-pm mailing list >toronto-pm at pm.org >http://mail.pm.org/mailman/listinfo/toronto-pm _________________________________________________________________ Show Your Messenger Buddies How You Really Feel http://www.freemessengeremoticons.ca/?icid=EMENCA122 From smitht at expertgrid.com Tue Aug 14 18:23:16 2007 From: smitht at expertgrid.com (Tomas Smith) Date: Tue, 14 Aug 2007 21:23:16 -0400 Subject: [tpm] Job: Perl Developer - 6 month contract - Toronto Downtown Message-ID: <46C25584.7040606@expertgrid.com> Our client has an immediate need for an Intermediate Programmer/Analyst in a dynamic IT team responsible for design and development of the Risk Management System. The successful candidate is required to work both independently and as a member of a team, interacting effectively with business personnel to adapt and integrate new technologies and processes. The ideal candidate will have a strong background in analysis, design and development of multi-tier client-server applications; plus an understanding of risk management methodologies. The Programmer/Analyst filling this position is required to contribute to analysis and design while being accountable for the development, testing and implementation of solutions and enhancements to this system. Responsibilities will evolve to include work on other applications within the group, as well as providing team leader with weekly status reports on assigned tasks, and performing any other software maintenance duties as needed. Primary Responsibilities: Technical Analysis and Development: * On-time completion of deliverables measured on quality, quantity and consistency. * Participate actively and pro-actively in the identification, design and implementation of timely and robust solutions to risk-management-related issues. * Development and implementation of the day-to-day market risk process. * Design, develop, integrate, test and implement fixes to production problems or enhancements to existing applications. * Interaction with Group Risk Management (GRM), gather requirements, planning implementations of GRM's requirements. * Write/update user and operations manuals. * Provide time estimates and resource requirements. Key Competencies Required: Analytical / Technical Skills / Experience: Mandatory: * Experience with multi-tier client server architecture * 3 years experience with PERL (no perl-CGI) * 2 years experience with UNIX/Solaris, UNIX shell scripting * 2 years experience with ODBC/JDBC * 2 years experience with Oracle/Sybase Analytical / Technical Skills / Experience: Nice to have: * CSC - Canadian Security Course * Experience with the development of Web based applications using WebLogic, Java, J2EE development, ETL utilities If you are interested in this contract opportunity and are able to demonstrate that you have required skills by providing a detailed project list, please send your resume to job at at@expertgrid at dot@com. Unfortunately, only those candidates who are short-listed will be contacted for this opportunity. From magog at the-wire.com Wed Aug 15 23:44:41 2007 From: magog at the-wire.com (Michael Graham) Date: Thu, 16 Aug 2007 02:44:41 -0400 Subject: [tpm] August Meeting - Thu 23 Aug, 2007 - Cees Hek speaks about Rose::DB::Object Message-ID: <20070816024441.67276333@caliope> Please note that this month's meeting has been moved a week earlier: to Thursday Aug 23. This is to accommodate our special guest speaker Cees Hek, who is visiting from Australia to give a talk about Rose::DB::Object. (These details are also on the TPM web site: http://to.pm.org/) The next meeting is this Thursday, 23 Aug. Date: Thursday 23 Aut 2007 Time: 6:45pm Where: 2 Bloor Street West (NW corner of Yonge/Bloor, skyscraper with the CIBC logo on top) Classroom 2 on the 12th floor. =================================================================== Talk Details: Speaker: Cees Hek Title: Using Rose::DB::Object Description: Cees will be giving a talk on Rose::DB::Object, everything you ever wanted in an ORM (Object Relational Mapper): easy to use, extensible, fast, well documented and well supported. The talk will give pointers on how to get started with RDBO, when and why you should use it, and how it can overall simplify and improve your database code. =================================================================== Note: The elevators in the building are "locked down" after 5:30pm to people without building access cards. Leading up to the meeting someone will come down to the main floor lobby every few minutes to ferry people upstairs. After 19:00, you can reach the access-card-carrying guy via a cell phone number that we'll leave with security in the front lobby. The room and floor numbers will be left with security too. -- Michael Graham From linux at alteeve.com Tue Aug 21 09:15:45 2007 From: linux at alteeve.com (Madison Kelly) Date: Tue, 21 Aug 2007 12:15:45 -0400 Subject: [tpm] Dumb regex question Message-ID: <46CB0FB1.4070809@alteeve.com> For the life of me, I can't seem to get a simple regex working... All I want is to be able to match a word-character string that may have a hyphen in it. So: mizu-bu # should match alteeve # should match m!zu-bu # should not match a|teeve # should not match Someone mind hitting me with a clue-stick? Google and perldoc have failed me so far (though I readily admit fault here) ... Thanks! Madi From talexb at gmail.com Tue Aug 21 09:45:07 2007 From: talexb at gmail.com (Alex Beamish) Date: Tue, 21 Aug 2007 12:45:07 -0400 Subject: [tpm] Dumb regex question In-Reply-To: <46CB0FB1.4070809@alteeve.com> References: <46CB0FB1.4070809@alteeve.com> Message-ID: On 8/21/07, Madison Kelly wrote: > > For the life of me, I can't seem to get a simple regex working... > > All I want is to be able to match a word-character string that may have > a hyphen in it. > > So: > > mizu-bu # should match > alteeve # should match > m!zu-bu # should not match > a|teeve # should not match > > Someone mind hitting me with a clue-stick? Google and perldoc have > failed me so far (though I readily admit fault here) ... So /[a-z-]+/ doesn't work? What have you tried? A dash needs to be at the end of a regex so it isn't interpreted as part of a range. If in doubt, backslash it. -- Alex Beamish Toronto, Ontario aka talexb ps You could probably get an answer on IRC .. if you dare. ;) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pm.org/pipermail/toronto-pm/attachments/20070821/bd243284/attachment.html From liam at holoweb.net Tue Aug 21 09:45:02 2007 From: liam at holoweb.net (Liam R E Quin) Date: Tue, 21 Aug 2007 12:45:02 -0400 Subject: [tpm] Dumb regex question In-Reply-To: <46CB0FB1.4070809@alteeve.com> References: <46CB0FB1.4070809@alteeve.com> Message-ID: <1187714702.27369.85.camel@dell.barefootcomputing.com> On Tue, 2007-08-21 at 12:15 -0400, Madison Kelly wrote: > For the life of me, I can't seem to get a simple regex working... > > All I want is to be able to match a word-character string that may have > a hyphen in it. > > So: > > mizu-bu # should match > alteeve # should match > m!zu-bu # should not match > a|teeve # should not match Two things to note here (1) hypen is special in a character class, e.g. [a-z] (2) you need to anchor the match, since a!b could be two matching words separated by a "!" Perl defines \w for a word character, so we can match that or a hyphen with (\w|-) and then, ^(\w|-)+$ will do what you want I think. You can also use a character class as long as the hyphen is at the end: ^[\w-]+$/ If Perl's definition of a word character (alphanumeric plus _) isn't what you want, you can use ^[a-zA-Z0-9-]+$ for example, or you can use the bizarre Posix syntax: ^[[:alnum:]-]+$ You'll want "use locale" for that to be sensible. If you do, "use utf8" you can also use the the Unicode properties: ^[\p{Letter}\l{Number}-]+$ and this will allow, for example, Hindi words too. Hope this helps. Liam (now living in Prince Edward County) -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Pictures from old books: http://fromoldbooks.org/ Ankh: irc.sorcery.net irc.gnome.org www.advogato.org From andy+lists at veracity.ca Tue Aug 21 09:56:04 2007 From: andy+lists at veracity.ca (Andy Jack) Date: Tue, 21 Aug 2007 12:56:04 -0400 Subject: [tpm] Dumb regex question In-Reply-To: <46CB0FB1.4070809@alteeve.com> References: <46CB0FB1.4070809@alteeve.com> Message-ID: <20070821165603.GB8632@seahorse.localdomain> On Tue, Aug 21, 2007 at 12:15:45PM -0400, Madison Kelly wrote: > All I want is to be able to match a word-character string that may have > a hyphen in it. > > So: > > mizu-bu # should match > alteeve # should match > m!zu-bu # should not match > a|teeve # should not match /me warms up clue-stick if ( $str =~ m#\A[\w\-]+\z# ) { # matched } else { # didn't match } \A matches the absolute beginning of the string, \z matches the absolute end. \w is the alphanumeric character class [0-9A-Za-z_] depending on your locale, and the hyphen is added since you wanted it. + says "one or more characters in this class". So the regex says the string must be composed entirely of one or more alphanumeric characters plus hyphen. HTH Andy From magog at the-wire.com Thu Aug 23 08:02:22 2007 From: magog at the-wire.com (Michael Graham) Date: Thu, 23 Aug 2007 11:02:22 -0400 Subject: [tpm] August Meeting - Tonight - Thu 23 Aug, 2007 - Cees Hek speaks about Rose::DB::Object Message-ID: <20070823110222.781de2fd@caliope> Please note that this month's meeting has been moved a week earlier: to Thursday Aug 23 (Tonight). This is to accommodate our special guest speaker Cees Hek, who is visiting from Australia to give a talk about Rose::DB::Object. (These details are also on the TPM web site: http://to.pm.org/) The next meeting is this Thursday, 23 Aug. Date: Thursday 23 Aut 2007 Time: 6:45pm Where: 2 Bloor Street West (NW corner of Yonge/Bloor, skyscraper with the CIBC logo on top) Classroom 2 on the 12th floor. =================================================================== Talk Details: Speaker: Cees Hek Title: Using Rose::DB::Object Description: Cees will be giving a talk on Rose::DB::Object, everything you ever wanted in an ORM (Object Relational Mapper): easy to use, extensible, fast, well documented and well supported. The talk will give pointers on how to get started with RDBO, when and why you should use it, and how it can overall simplify and improve your database code. =================================================================== Note: The elevators in the building are "locked down" after 5:30pm to people without building access cards. Leading up to the meeting someone will come down to the main floor lobby every few minutes to ferry people upstairs. After 19:00, you can reach the access-card-carrying guy via a cell phone number that we'll leave with security in the front lobby. The room and floor numbers will be left with security too. -- Michael Graham From rdice at pobox.com Thu Aug 23 08:09:50 2007 From: rdice at pobox.com (Richard Dice) Date: Thu, 23 Aug 2007 11:09:50 -0400 Subject: [tpm] August TPM meeting is tonight Message-ID: <5bef4baf0708230809o10247abcuaf748f54ba8e9891@mail.gmail.com> Hi everyone, I haven't seen a post regarding this in a while but a reminder - the TPM meeting is *tonight*, not next week. This is to accommodate our speaker, Cees Hek, who is visiting from Australia and able to present this week but not next. Do we have confirmation on the floor & room # yet? Cheers, Richard -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pm.org/pipermail/toronto-pm/attachments/20070823/d69c6205/attachment.html From magog at the-wire.com Thu Aug 23 08:18:40 2007 From: magog at the-wire.com (Michael Graham) Date: Thu, 23 Aug 2007 11:18:40 -0400 Subject: [tpm] August TPM meeting is tonight In-Reply-To: <5bef4baf0708230809o10247abcuaf748f54ba8e9891@mail.gmail.com> References: <5bef4baf0708230809o10247abcuaf748f54ba8e9891@mail.gmail.com> Message-ID: <20070823111840.796af17a@caliope> It's Classroom 2 on the 12th floor. Michael On Thu, 23 Aug 2007 11:09:50 -0400 "Richard Dice" wrote: > Hi everyone, > > I haven't seen a post regarding this in a while but a reminder - the > TPM meeting is *tonight*, not next week. This is to accommodate our > speaker, Cees Hek, who is visiting from Australia and able to present > this week but not next. > > Do we have confirmation on the floor & room # yet? > > Cheers, > Richard -- Michael Graham From rdice at pobox.com Fri Aug 24 14:10:12 2007 From: rdice at pobox.com (Richard Dice) Date: Fri, 24 Aug 2007 17:10:12 -0400 Subject: [tpm] Pittsburgh Perl Workshop Message-ID: <5bef4baf0708241410s5d5831c6g2edf775e5e118fb7@mail.gmail.com> Hi everyone, I believe I mentioned this at the meeting tonight but I wanted to point out that Pittsburgh.pm is hosting the Pittsburgh Perl Workshop over the weekend of Oct 13/14 at beautiful Carnegie Mellon University. http://pghpw.org/ I was there last year and I have to tell you it was a fantastic event. They are still accepting speakers. If you're interested in submitting a paper you can do so through the web site until Monday 27 August. Cheers, Richard -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pm.org/pipermail/toronto-pm/attachments/20070824/f2f48fd0/attachment.html From fulko.hew at gmail.com Mon Aug 27 06:48:18 2007 From: fulko.hew at gmail.com (Fulko Hew) Date: Mon, 27 Aug 2007 09:48:18 -0400 Subject: [tpm] NEWS FLASH: Lightning strikes in Toronto during September Message-ID: <8204a4fe0708270648v52140ac7r926a749e5c0d0f1e@mail.gmail.com> As per recent history, September in Toronto is fraught with lightning. ...lightning talks that is. TPM's September talk (27th) is scheduled to be a Lightning Talk session, so we need volunteers! Pick a topic, pick a module, pick a rant, pick a favorite, pick anything related to Perl, or anything even vaguely related to programing or computers. Come up with 5 minutes of stand-up material for your talk (or ten minutes, or even longer if you need it) Send me a title and an estimate of how much time you'd like, and I'll compile/announce the list and act as moderator/gong-operator for the night. Judging for this talent show will be done strictly by the amount of applause, with no internet voting allowed. The winner and runners-up get... well... they get nothing because we don't have a prize budget. But everyone who presents and listens is guaranteed to learn something (dammit... I want entertainment, not 'lernin!) So send me your topics (by the 20th), its always a great night. Fulko (gong) Hew -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pm.org/pipermail/toronto-pm/attachments/20070827/ef4dce52/attachment.html From linux at alteeve.com Thu Aug 30 07:14:19 2007 From: linux at alteeve.com (Madison Kelly) Date: Thu, 30 Aug 2007 10:14:19 -0400 Subject: [tpm] Taint question Message-ID: <46D6D0BB.2040208@alteeve.com> Hi all, I've got a script (installer for my app) that I am working on. I am trying to do it "the right way", but I have run into a wall with a taint problem. Specifically, I am unable to launder a variable in the way that is described in 'perldoc perlsec'. Specifically (code somewhat simplified for clarity and brevity): -=-=-=- #!/usr/bin/perl -T $ENV{PATH} = '/bin:/usr/bin'; delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; # MADI: This allows me to develop my modules in the same directory. Move this # out later. BEGIN { push @INC, "./"; } use strict; use warnings; use POSIX; use locale; use IO::Handle; use Scalar::Util qw(tainted); # A bunch of unrelated code... # Record the current directory. my $shell_call="pwd"; my $pwd=IO::Handle->new(); open ($pwd, "$shell_call 2>&1 |") || die "Error calling: $shell_call, error: $!\n"; my $initial_dir=<$pwd>; chomp($initial_dir); $pwd->close(); # This is tainted, need to launder. if ( $initial_dir =~ /^([-\w\/.]+)$/ ) { $initial_dir=$1; } else { die "path: [$initial_dir] looks insecure.\n"; } my $tainted=tainted($initial_dir); print __LINE__."; 'tainted': [$tainted]?\n"; -=-=-=- This returns true all the time, and trying to use 'chdir' later based in part on '$initial_dir' causes the expected error: Insecure dependency in chdir while running with -T switch at ./install line 323 Anyone here can see what I am missing? This is what I was using as an example from 'perldoc perlsec': -=-=-=- Here?s a test to make sure that the data contains nothing but "word" characters (alphabetics, numerics, and underscores), a hyphen, an at sign, or a dot. if ($data =~ /^([-\@\w.]+)$/) { $data = $1; # $data now untainted } else { die "Bad data in ?$data?"; # log this somewhere } -=-=-=- Thanks as always!! Madi From sfryer at sourcery.ca Thu Aug 30 10:28:55 2007 From: sfryer at sourcery.ca (Shaun Fryer) Date: Thu, 30 Aug 2007 13:28:55 -0400 Subject: [tpm] Taint question In-Reply-To: <46D6D0BB.2040208@alteeve.com> References: <46D6D0BB.2040208@alteeve.com> Message-ID: <20070830172855.GB4794@sourcery.ca> The culprit is 'use locale' (try commenting it out). Maybe someone else can explain why, but I'm guessing from the man page that it messes with how perl compiles regexes. Sadly, if you replace your regex with /(.*)/, it becomes untainted, even with 'use locale'. -- Shaun Fryer On Thu, Aug 30, 2007 at 10:14:19AM -0400, Madison Kelly wrote: > Hi all, > > I've got a script (installer for my app) that I am working on. I am > trying to do it "the right way", but I have run into a wall with a taint > problem. Specifically, I am unable to launder a variable in the way that > is described in 'perldoc perlsec'. > > Specifically (code somewhat simplified for clarity and brevity): > > -=-=-=- > #!/usr/bin/perl -T > $ENV{PATH} = '/bin:/usr/bin'; > delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; > > # MADI: This allows me to develop my modules in the same directory. Move > this > # out later. > BEGIN { push @INC, "./"; } > > use strict; > use warnings; > use POSIX; > use locale; > use IO::Handle; > use Scalar::Util qw(tainted); > > # A bunch of unrelated code... > > # Record the current directory. > my $shell_call="pwd"; > my $pwd=IO::Handle->new(); > open ($pwd, "$shell_call 2>&1 |") || die "Error calling: $shell_call, > error: $!\n"; > my $initial_dir=<$pwd>; > chomp($initial_dir); > $pwd->close(); > # This is tainted, need to launder. > if ( $initial_dir =~ /^([-\w\/.]+)$/ ) > { > $initial_dir=$1; > } > else > { > die "path: [$initial_dir] looks insecure.\n"; > } > my $tainted=tainted($initial_dir); > print __LINE__."; 'tainted': [$tainted]?\n"; From linux at alteeve.com Thu Aug 30 10:53:54 2007 From: linux at alteeve.com (Madison Kelly) Date: Thu, 30 Aug 2007 13:53:54 -0400 Subject: [tpm] Taint question In-Reply-To: <20070830172855.GB4794@sourcery.ca> References: <46D6D0BB.2040208@alteeve.com> <20070830172855.GB4794@sourcery.ca> Message-ID: <46D70432.7050109@alteeve.com> Shaun Fryer wrote: > The culprit is 'use locale' (try commenting it out). Maybe someone else > can explain why, but I'm guessing from the man page that it messes with > how perl compiles regexes. Sadly, if you replace your regex with /(.*)/, > it becomes untainted, even with 'use locale'. > -- > Shaun Fryer *sigh* This I suspected, but feared. My program is (as best I can make it) internationalized and supports non-ascii characters (like Japanese *kana/kanji). I understood (perhaps wrongly) that using locale (et. al.) changed the definition of '\w', length(), etc to recognize these characters. Shouldn't this flow to taint? Obviously, it doesn't seem to though... Using (.*?) is essentially the same as giving up on taint all together. This isn't desirable. :) Thanks!! The still curious Madi From sfryer at sourcery.ca Thu Aug 30 12:32:30 2007 From: sfryer at sourcery.ca (Shaun Fryer) Date: Thu, 30 Aug 2007 15:32:30 -0400 Subject: [tpm] Taint question In-Reply-To: <46D70432.7050109@alteeve.com> References: <46D6D0BB.2040208@alteeve.com> <20070830172855.GB4794@sourcery.ca> <46D70432.7050109@alteeve.com> Message-ID: <20070830193230.GC4794@sourcery.ca> What I'd suggest then is a comprimise hack. Develop everthing with -T in mind (or in place), but remove it from the finished program in the knowledge that it's already helped you to cover all the bases. Alot of folks do this with 'use warnings' and 'use diagnostics', using those only for development, but leaving them out of code deployed in production environments. -- Shaun Fryer On Thu, Aug 30, 2007 at 01:53:54PM -0400, Madison Kelly wrote: > Shaun Fryer wrote: > >The culprit is 'use locale' (try commenting it out). Maybe someone else > >can explain why, but I'm guessing from the man page that it messes with > >how perl compiles regexes. Sadly, if you replace your regex with /(.*)/, > >it becomes untainted, even with 'use locale'. > >-- > > Shaun Fryer > > *sigh* > > This I suspected, but feared. > > My program is (as best I can make it) internationalized and supports > non-ascii characters (like Japanese *kana/kanji). I understood (perhaps > wrongly) that using locale (et. al.) changed the definition of '\w', > length(), etc to recognize these characters. Shouldn't this flow to > taint? Obviously, it doesn't seem to though... > > Using (.*?) is essentially the same as giving up on taint all together. > This isn't desirable. :) > > Thanks!! > > The still curious Madi >