From cj at enersave.ca Wed Apr 4 21:58:16 2012 From: cj at enersave.ca (Chris Jones) Date: Thu, 05 Apr 2012 00:58:16 -0400 Subject: [tpm] Irritation problem In-Reply-To: References: Message-ID: <20120405045828.738492E8A81@xx1.develooper.com> Activestate Perl Window 7 web application using cgi I use a tab delineated config file that is read into a hash: infilename ../input outfilename ../output Plus a bunch other stuff. I read it: #Read the config file open INFILE, "../input/config1.dat" or die "config1.dat not found\n"; my ($key, $value); my %confighash; while( ) { s/#.*//; # ignore comments by erasing them next if /^(\s)*$/; # skip blank lines chomp; # remove trailing newline characters ($key, $value)=split("\t",$_); $confighash{ $key } = $value; } close INFILE; Further I use: my $infilename = $confighash{infilename}; my $d2cfilename = $infilename.".dbs"; open INFILE, "$d2cfilename" or &Error_Exit("$d2cfilename not found: $!"); my @d2clines = ; close(INFILE); Works fine. But: my $outfilename = $confighash{outfilename}; my $modfilename = $outfiilename . ".mod"; #add the extension. open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened: $!"); Produces an: "Insecure dependency in open while running with -T switch at /cgi-bin/my_script.cgi line 1371 Where as:my $outfilename = "hardcode_the_path/filename"; my $modfilename = $outfiilename . ".mod"; #add the extension open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened: $!"); Does not product an error. I am stuck with this one. Thanks for any help! >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: From uri at stemsystems.com Thu Apr 5 00:47:54 2012 From: uri at stemsystems.com (Uri Guttman) Date: Thu, 05 Apr 2012 03:47:54 -0400 Subject: [tpm] Irritation problem In-Reply-To: <20120405045828.738492E8A81@xx1.develooper.com> References: <20120405045828.738492E8A81@xx1.develooper.com> Message-ID: <4F7D4E2A.9030409@stemsystems.com> On 04/05/2012 12:58 AM, Chris Jones wrote: > #Read the config file > open INFILE, "../input/config1.dat" or die "config1.dat not found\n"; > first off, use lexical file handles, not global bareword handles. > my ($key, $value); declare vars when first used. you are using lexicals but i can tell you are not using strict. see why i can tell below. > my %confighash; > > while( ) { > s/#.*//; # ignore comments by erasing them > next if /^(\s)*$/; # skip blank lines > chomp; # remove trailing newline characters > ($key, $value)=split("\t",$_); my( $key, $value ) = split /\t/ ; as i said above declare vars when first used. use more horizontal white space for your readers. the first arg to split is always a regex so make it look like one. split's default string input is $_. in general i recommend not using $_ for various reasons but i won't go into them now. > my $outfilename = $confighash{outfilename}; > my $modfilename = $outfiilename . ".mod"; #add the extension. look carefully at those two lines. there is a major difference. if you asked perl for help by using strict, perl would have told you the problem. this is why you always use strict in programs big and small. > open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened: don't call subs with &. that is perl4 style and is not required nor desired in perl5. > $!"); > > Produces an: > "Insecure dependency in open while running with -T switch at > /cgi-bin/my_script.cgi line 1371 that is because you read data from the outside which is tainted and you didn't untaint it before using it in a file name to be opened. besides that you have the typo i mentioned. > > Where as:my $outfilename = "hardcode_the_path/filename"; the filename is not coming from the outside so it isn't tainted so no error. > my $modfilename = $outfiilename . ".mod"; #add the extension same typo. if this was real code, the file open would work as you opening just '.mod' in the current dir. > open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened: > $!"); > uri From cj at enersave.ca Thu Apr 5 01:58:14 2012 From: cj at enersave.ca (Chris Jones) Date: Thu, 05 Apr 2012 04:58:14 -0400 Subject: [tpm] Irritation problem In-Reply-To: <4F7D4E2A.9030409@stemsystems.com> References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> Message-ID: <20120405085821.EECDD2E8A81@xx1.develooper.com> Thanks so much! This is the top of my script files: #! c:/apps/perl/bin/perl.exe -w use strict; use CGI 2.5 qw(:all) ; use CGI qw/escape unescape/; use CGI::Carp qw/fatalsToBrowser/; use DBI; I do have use strict; I check from the command line: perl -c frameset3.cgi perl -c frameset3.cgi frameset3.cgi: Name "Mysql::db_errstr" used only once: possible typo at frameset3.cgi line 41 frameset3.cgi syntax OK I am going to correct the errors you noted, thank you! At 03:47 AM 05/04/2012, Uri Guttman wrote: >On 04/05/2012 12:58 AM, Chris Jones wrote: > >>#Read the config file >>open INFILE, "../input/config1.dat" or die "config1.dat not found\n"; > >first off, use lexical file handles, not global bareword handles. > > >>my ($key, $value); > >declare vars when first used. > >you are using lexicals but i can tell you are not using strict. see >why i can tell below. > >>my %confighash; >> >>while( ) { >>s/#.*//; # ignore comments by erasing them >>next if /^(\s)*$/; # skip blank lines >>chomp; # remove trailing newline characters >>($key, $value)=split("\t",$_); > >my( $key, $value ) = split /\t/ ; > >as i said above declare vars when first used. use more horizontal >white space for your readers. the first arg to split is always a >regex so make it look like one. split's default string input is $_. >in general i recommend not using $_ for various reasons but i won't >go into them now. > > >>my $outfilename = $confighash{outfilename}; >>my $modfilename = $outfiilename . ".mod"; #add the extension. > >look carefully at those two lines. there is a major difference. if >you asked perl for help by using strict, perl would have told you >the problem. this is why you always use strict in programs big and small. > >>open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened: > >don't call subs with &. that is perl4 style and is not required nor >desired in perl5. > >>$!"); >> >>Produces an: >>"Insecure dependency in open while running with -T switch at >>/cgi-bin/my_script.cgi line 1371 > >that is because you read data from the outside which is tainted and >you didn't untaint it before using it in a file name to be opened. >besides that you have the typo i mentioned. >> >>Where as:my $outfilename = "hardcode_the_path/filename"; > >the filename is not coming from the outside so it isn't tainted so no error. > >>my $modfilename = $outfiilename . ".mod"; #add the extension > >same typo. if this was real code, the file open would work as you >opening just '.mod' in the current dir. > >>open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened: >>$!"); > >uri >_______________________________________________ >toronto-pm mailing list >toronto-pm at pm.org >http://mail.pm.org/mailman/listinfo/toronto-pm >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca From arocker at Vex.Net Thu Apr 5 13:25:16 2012 From: arocker at Vex.Net (arocker at Vex.Net) Date: Thu, 5 Apr 2012 16:25:16 -0400 Subject: [tpm] Irritation problem In-Reply-To: <20120405045828.738492E8A81@xx1.develooper.com> References: <20120405045828.738492E8A81@xx1.develooper.com> Message-ID: <893b024ac1891ef0d86a2b5b2e058955.squirrel@mail.vex.net> Uri's pointed out the specific problems, but there's an additional point to consider. If you have the invoking script/.BAT file specify the config file as redirected input, the OS should take care of any missing/misnamed files. (I.e. perlprog < config.dat > results.txt) I believe even Windows' brain-damaged shell can handle this. Then the Perl code doesn't have to do anything beyond reading STDIN, and any error messages are standard OS output that doesn't need special explanation. The same idea applies to output. An additional benefit is that when testing, it's easy to type stuff at the program, and view the output directly, rather than having to create and read files. (This may not apply if the input is long, complicated, and static.) From cj at enersave.ca Fri Apr 6 18:11:42 2012 From: cj at enersave.ca (Chris Jones) Date: Fri, 06 Apr 2012 21:11:42 -0400 Subject: [tpm] Irritation problem In-Reply-To: <4F7D4E2A.9030409@stemsystems.com> References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> Message-ID: <20120407011147.A744611DE2D@xx1.develooper.com> Uri Thanks again for your help. I have one question about untainting then files before opening. Would not the split untaint the data: my( $key, $value ) = split /\t/ ; As long as there is no bad characters in the data that should untaint it? Again the input config file contains: infilename ../input outfilename ../output If I use: my $outfilename = "$confighash{outfilename}"; my $modfilename = "$outfiilename".".mod"; #add the extension Would not $modfilename be untainted? Re lexical file handles. I have changed all the scripts: open my $fhIn, "$tool_input/config1.dat" or die "config1.dat not found\n"; my %confighash; while( <$fhIn> ) { s/#.*//; # ignore comments by erasing them next if /^(\s)*$/; # skip blank lines chomp; # remove trailing newline characters my( $key, $value ) = split /\t/ ; $confighash{ $key } = $value; } Which leads to a question about declaring variable and scope: my( $key, $value ) = split /\t/ ; Are these two variables in scope each time through the loop? That is why I declared them outside the while loop in my original version. Again, thanks for your help! At 03:47 AM 05/04/2012, you wrote: >On 04/05/2012 12:58 AM, Chris Jones wrote: > >>#Read the config file >>open INFILE, "../input/config1.dat" or die "config1.dat not found\n"; > >first off, use lexical file handles, not global bareword handles. > > >>my ($key, $value); > >declare vars when first used. > >you are using lexicals but i can tell you are not using strict. see >why i can tell below. > >>my %confighash; >> >>while( ) { >>s/#.*//; # ignore comments by erasing them >>next if /^(\s)*$/; # skip blank lines >>chomp; # remove trailing newline characters >>($key, $value)=split("\t",$_); > >my( $key, $value ) = split /\t/ ; > >as i said above declare vars when first used. use more horizontal >white space for your readers. the first arg to split is always a >regex so make it look like one. split's default string input is $_. >in general i recommend not using $_ for various reasons but i won't >go into them now. > > >>my $outfilename = $confighash{outfilename}; >>my $modfilename = $outfiilename . ".mod"; #add the extension. > >look carefully at those two lines. there is a major difference. if >you asked perl for help by using strict, perl would have told you >the problem. this is why you always use strict in programs big and small. > >>open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened: > >don't call subs with &. that is perl4 style and is not required nor >desired in perl5. > >>$!"); >> >>Produces an: >>"Insecure dependency in open while running with -T switch at >>/cgi-bin/my_script.cgi line 1371 > >that is because you read data from the outside which is tainted and >you didn't untaint it before using it in a file name to be opened. >besides that you have the typo i mentioned. >> >>Where as:my $outfilename = "hardcode_the_path/filename"; > >the filename is not coming from the outside so it isn't tainted so no error. > >>my $modfilename = $outfiilename . ".mod"; #add the extension > >same typo. if this was real code, the file open would work as you >opening just '.mod' in the current dir. > >>open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened: >>$!"); > >uri >_______________________________________________ >toronto-pm mailing list >toronto-pm at pm.org >http://mail.pm.org/mailman/listinfo/toronto-pm >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca From liam at holoweb.net Fri Apr 6 20:49:10 2012 From: liam at holoweb.net (Liam R E Quin) Date: Fri, 06 Apr 2012 23:49:10 -0400 Subject: [tpm] Irritation problem In-Reply-To: <20120407011147.A744611DE2D@xx1.develooper.com> References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> <20120407011147.A744611DE2D@xx1.develooper.com> Message-ID: <1333770550.21857.21.camel@localhost.localdomain> [sorry, resending from the right mail account] On Fri, 2012-04-06 at 21:11 -0400, Chris Jones wrote: > Uri > Thanks again for your help. I have one question about untainting > then files before opening. > > Would not the split untaint the data: > my( $key, $value ) = split /\t/ ; No. The only ways to untaint data are to use them as keys in a hash (so $key is OK here, but $value is not) or to pick them out of a regular expression match with $1, $2, etc. The point of marking input data as tainted is so you can catch things like, my ($filename, $info) = split; system("ls $filename"); and have filename be "/etc/group;reboot;" or something see "perldoc perlsec" for more info. > > As long as there is no bad characters in the data that should untaint it? > Again the input config file contains: > infilename ../input > outfilename ../output > > If I use: > my $outfilename = "$confighash{outfilename}"; > my $modfilename = "$outfiilename".".mod"; #add the extension > > Would not $modfilename be untainted? no. Also watch for the two i's in outfiilename. The general principle is that data from outside your program cannot be trusted (whereas data from inside your program _probably_ shouldn't be trusted :-)) and untrusted data must never be allowed to affect the world outside your program. Yes, your data file might be safe, but what if it wasn't? How does Perl know? [...] > Which leads to a question about declaring variable and scope: > my( $key, $value ) = split /\t/ ; > > Are these two variables in scope each time through the loop? That is > why I declared them outside the while loop in my original version. They are in scope, yes -- but if you have while ($sun_shines) { my $cider = split; . . . } then there's a new $cider made each time around the loop. Hope that helps. Liam -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Pictures from old books: http://fromoldbooks.org/ -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Pictures from old books: http://fromoldbooks.org/ Ankh: irc.sorcery.net irc.gnome.org www.advogato.org From cj at enersave.ca Mon Apr 9 08:43:02 2012 From: cj at enersave.ca (Chris Jones) Date: Mon, 09 Apr 2012 11:43:02 -0400 Subject: [tpm] Irritation problem In-Reply-To: <1333770511.21857.20.camel@localhost.localdomain> References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> <20120407011147.A744611DE2D@xx1.develooper.com> <1333770511.21857.20.camel@localhost.localdomain> Message-ID: <20120409154308.6D6A82E8A81@xx1.develooper.com> Thank you Liam. Having read perldoc perlsec, now for the first time, I realize I have not been paying attention at all. The web application has been running on the same Unix server since 2002 and it is being moved to a different server. Apparently this new server is doing things correctly and I am trying to catch up. In the pervious incarnation, I included the name of the cgi script to call in the datafile and could not for the life of me understand why this wasn't working anymore. The same with trying to open output files. I could not understand why the only way the file would open was if I hard coded the path in the script. Back to school time. At 11:48 PM 06/04/2012, Liam R E Quin wrote: >On Fri, 2012-04-06 at 21:11 -0400, Chris Jones wrote: > > Uri > > Thanks again for your help. I have one question about untainting > > then files before opening. > > > > Would not the split untaint the data: > > my( $key, $value ) = split /\t/ ; > >No. > >The only ways to untaint data are to use them as keys in a hash (so $key >is OK here, but $value is not) or to pick them out of a regular >expression match with $1, $2, etc. >The point of marking input data as tainted is so you can catch things >like, >my ($filename, $info) = split; >system("ls $filename"); >and have filename be "/etc/group;reboot;" or something > >see "perldoc perlsec" for more info. > > > > > As long as there is no bad characters in the data that should untaint it? > > Again the input config file contains: > > infilename ../input > > outfilename ../output > > > > If I use: > > my $outfilename = "$confighash{outfilename}"; > > my $modfilename = "$outfiilename".".mod"; #add the extension > > > > Would not $modfilename be untainted? >no. Also watch for the two i's in outfiilename. > >The general principle is that data from outside your program cannot be >trusted (whereas data from inside your program _probably_ shouldn't be >trusted :-)) and untrusted data must never be allowed to affect the >world outside your program. Yes, your data file might be safe, but what >if it wasn't? How does Perl know? > >[...] > > Which leads to a question about declaring variable and scope: > > my( $key, $value ) = split /\t/ ; > > > > Are these two variables in scope each time through the loop? That is > > why I declared them outside the while loop in my original version. > >They are in scope, yes -- but if you have > >while ($sun_shines) { > my $cider = split; > . . . >} > >then there's a new $cider made each time around the loop. > >Hope that helps. > >Liam > >-- >Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ >Pictures from old books: http://fromoldbooks.org/ >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca From cj at enersave.ca Mon Apr 9 09:10:17 2012 From: cj at enersave.ca (Chris Jones) Date: Mon, 09 Apr 2012 12:10:17 -0400 Subject: [tpm] Re. Tainted data Message-ID: <20120409161021.D67B411F815@xx1.develooper.com> So to confirm: my $language = ; my $index = "index.html"; if( $language ne "english" ) { $index = "indexo.html" } # $index is now tainted and # throws and error when selected by the user If that summarizes my issue, it certainly explains the problems I have been having. A follow on question: Is data retrieved from a database considered tainted? The application uses data retrieved from a mysql database. Would this data also be considered tainted? The program uses DBI, DBD-mysql. At 11:48 PM 06/04/2012, Liam R E Quin wrote: >On Fri, 2012-04-06 at 21:11 -0400, Chris Jones wrote: > > Uri > > Thanks again for your help. I have one question about untainting > > then files before opening. > > > > Would not the split untaint the data: > > my( $key, $value ) = split /\t/ ; > >No. > >The only ways to untaint data are to use them as keys in a hash (so $key >is OK here, but $value is not) or to pick them out of a regular >expression match with $1, $2, etc. >The point of marking input data as tainted is so you can catch things >like, >my ($filename, $info) = split; >system("ls $filename"); >and have filename be "/etc/group;reboot;" or something > >see "perldoc perlsec" for more info. > > > > > As long as there is no bad characters in the data that should untaint it? > > Again the input config file contains: > > infilename ../input > > outfilename ../output > > > > If I use: > > my $outfilename = "$confighash{outfilename}"; > > my $modfilename = "$outfiilename".".mod"; #add the extension > > > > Would not $modfilename be untainted? >no. Also watch for the two i's in outfiilename. > >The general principle is that data from outside your program cannot be >trusted (whereas data from inside your program _probably_ shouldn't be >trusted :-)) and untrusted data must never be allowed to affect the >world outside your program. Yes, your data file might be safe, but what >if it wasn't? How does Perl know? > >[...] > > Which leads to a question about declaring variable and scope: > > my( $key, $value ) = split /\t/ ; > > > > Are these two variables in scope each time through the loop? That is > > why I declared them outside the while loop in my original version. > >They are in scope, yes -- but if you have > >while ($sun_shines) { > my $cider = split; > . . . >} > >then there's a new $cider made each time around the loop. > >Hope that helps. > >Liam > >-- >Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ >Pictures from old books: http://fromoldbooks.org/ >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca From liam at holoweb.net Mon Apr 9 11:10:34 2012 From: liam at holoweb.net (Liam R E Quin) Date: Mon, 09 Apr 2012 14:10:34 -0400 Subject: [tpm] Irritation problem In-Reply-To: References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> <20120407011147.A744611DE2D@xx1.develooper.com> <1333770511.21857.20.camel@localhost.localdomain> Message-ID: <1333995034.19606.69.camel@localhost.localdomain> On Mon, 2012-04-09 at 11:43 -0400, Chris Jones wrote: > Thank you Liam. Having read perldoc perlsec, now for the first time, > I realize I have not been paying attention at all. Often the hardest thing with Perl seems to be figuring out where to look to find what you need to know :-) Best, Liam -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Pictures from old books: http://fromoldbooks.org/ From cj at enersave.ca Mon Apr 9 13:20:14 2012 From: cj at enersave.ca (Chris Jones) Date: Mon, 09 Apr 2012 16:20:14 -0400 Subject: [tpm] Irritation problem In-Reply-To: <1333995034.19606.69.camel@localhost.localdomain> References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> <20120407011147.A744611DE2D@xx1.develooper.com> <1333770511.21857.20.camel@localhost.localdomain> <1333995034.19606.69.camel@localhost.localdomain> Message-ID: <20120409202019.D6980120218@xx1.develooper.com> Does this example untaint the incoming $value data being fed into the %confighash? #! /perl/bin/perl.exe -w use strict; my $tool_input = "d:/screeningtool.ca/input"; open my $fhIn, "$tool_input/config1.dat" or die "config1.dat not found\n"; my %confighash; while( my $cfgLine = <$fhIn> ) { $cfgLine =~ s/#.*//; # ignore comments by erasing them next if ($cfgLine =~ /^(\s)*$/); # skip blank lines chomp( $cfgLine ); # remove trailing newline characters #print( "Okay\n" ); if( $cfgLine =~ /([\w]+)\t([-\w\/.]+)$/) #the key can have any word character, the value can have a valid number or path. { my $key = $1; my $value = $2; print ("Key: $key, Value: $value\n"); $confighash{ $key } = $value; } } close $fhIn; In the above example, I may be including some invalid path characters? The value can be a number or a valid path | path/filename statement. At 02:10 PM 09/04/2012, Liam R E Quin wrote: >On Mon, 2012-04-09 at 11:43 -0400, Chris Jones wrote: > > Thank you Liam. Having read perldoc perlsec, now for the first time, > > I realize I have not been paying attention at all. > >Often the hardest thing with Perl seems to be figuring out where to look >to find what you need to know :-) > >Best, > >Liam > >-- >Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ >Pictures from old books: http://fromoldbooks.org/ >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca From liam at holoweb.net Mon Apr 9 13:24:09 2012 From: liam at holoweb.net (Liam R E Quin) Date: Mon, 09 Apr 2012 16:24:09 -0400 Subject: [tpm] Irritation problem References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> <20120407011147.A744611DE2D@xx1.develooper.com> <1333770511.21857.20.camel@localhost.localdomain> <1333995034.19606.69.camel@localhost.localdomain> Message-ID: <1334003049.19606.82.camel@localhost.localdomain> On Mon, 2012-04-09 at 16:20 -0400, Chris Jones wrote: > Does this example untaint the incoming $value data being fed into the > %confighash? > if( $cfgLine =~ /([\w]+)\t([-\w\/.]+)$/) > { > my $key = $1; > my $value = $2; > print ("Key: $key, Value: $value\n"); > $confighash{ $key } = $value; Yes. It's up to you to check for things like ../../../etc/passwd though > } > > } > close $fhIn; > > In the above example, I may be including some invalid path characters? > The value can be a number or a valid path | path/filename statement. Filenames on most operating systems can include letter, digits, hyphen, but watch that \w probably uses your system's locale (and usually UTF8 if Linux), so ? is allowed too... legal and fine if it's what you want. If you mean / [a-z/.-] /i, then say that instead ;) Liam -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Pictures from old books: http://fromoldbooks.org/ From fulko.hew at gmail.com Mon Apr 9 15:13:07 2012 From: fulko.hew at gmail.com (Fulko Hew) Date: Mon, 9 Apr 2012 18:13:07 -0400 Subject: [tpm] Fwd: END block ignored while AnyEvent::Util::run_cmd() is executing Message-ID: I'm going to throw this one to the mongers list too (in addition to the AnyEvent list), hoping to find a reason to, or how, something can prevent an END block from running. In this case, I'm using a feature of the AnyEvent::Util module. ------------ My next test after moving from using backticks to run_cmd() for executing and capturing external data has uncovered another side effect that I don't know how to get around. "Perl END blocks are not run if run_cmd(stuff) is executing." In the following code, I try to capture CTL C to perform some clean-up, and I also want my module's END block to get executed. Now that I've moved to using run_cmd(), it seems that while run_cmd() is executing... if I (for example) send it a INT signal, the INT signal is caught, but the END block doesn't get executed. If I wait for the run_cmd() to finish and then press CTL C, the END block _is_ executed. Comments or suggestions are welcome. TIA Fulko ------------- code example starts ------------- #!/usr/bin/perl use strict; use warnings; use Coro; use AnyEvent; use AnyEvent::Util; END { print "INSIDE END BLOCK\n"; } sub make_catcher { my $s = shift; return sub { signal_catcher($s); }; } sub signal_catcher { my ($name) = @_; print "\ncatcher called with '$name'\n"; exit if $name eq 'INT'; } sub get_cmd_data { my ($cmd) = @_; my $buffer = ''; my $ps_cv = run_cmd $cmd, ">" => sub {$buffer .= $_[0] if (scalar @_);}; $ps_cv->recv; return \$buffer; } sub obtainer { print "END not accessible during run_cmd()... wait 5 seconds till its done\n"; my $bufRef = get_cmd_data("sleep 5"); print "run_cmd() done, END is now reachable on CTL C\n"; } my $mysig = AnyEvent->signal (signal => 'INT', cb => make_catcher('INT') ); my $obtainer = AnyEvent->timer(after => 1, interval => 15, cb => \&obtainer); AnyEvent->condvar->wait; ------------- code example ends ------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From cj at enersave.ca Mon Apr 9 17:02:56 2012 From: cj at enersave.ca (Chris Jones) Date: Mon, 09 Apr 2012 20:02:56 -0400 Subject: [tpm] Irritation problem In-Reply-To: <1334003049.19606.82.camel@localhost.localdomain> References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> <20120407011147.A744611DE2D@xx1.develooper.com> <1333770511.21857.20.camel@localhost.localdomain> <1333995034.19606.69.camel@localhost.localdomain> <1334003049.19606.82.camel@localhost.localdomain> Message-ID: <20120410000303.347E311DDB3@xx1.develooper.com> Further to my last email, I revised the code to try to weed out leading ../../ and ./../ There must be an elegant way to eliminate the new inner if statement by combining it in the first test: if( $cfgLine =~ /([\w]+)\t([-\w\/.]+)$/) I added this inner if statement as I couldn't think of a way to combine, this may be preferable as more readable: Part of code: if( $value =~ m!^.{1,2}/.{2}/!) weed out leading ../../ and ./../ { print( "Value bad: $value\n"); $badValue++; } START Code: use strict; my $tool_input = "d:/screeningtool.ca/input"; open my $fhIn, "$tool_input/config1.dat" or die "config1.dat not found\n"; my %confighash; my $count = 0; my $badValue = 0; my $goodValue = 0; while( my $cfgLine = <$fhIn> ) { $cfgLine =~ s/#.*//; # ignore comments by erasing them next if ($cfgLine =~ /^(\s)*$/); # skip blank lines chomp( $cfgLine ); # remove trailing newline characters #print( "Okay\n" ); if( $cfgLine =~ /([\w]+)\t([-\w\/.]+)$/) # { my $key = $1; my $value = $2; if( $value =~ m!^.{1,2}/.{2}/!) { print( "Value bad: $value\n"); $badValue++; } else { print ("Key: $key, Value: $value\n"); $goodValue++;; } $confighash{ $key } = $value; $count++; } } close $fhIn; print( "Count: $count, Good values: $goodValue, Bad values: $badValue\n"); END Code >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca From cj at enersave.ca Tue Apr 10 17:10:51 2012 From: cj at enersave.ca (Chris Jones) Date: Tue, 10 Apr 2012 20:10:51 -0400 Subject: [tpm] Irritation problem - regex French character set In-Reply-To: <1334003049.19606.82.camel@localhost.localdomain> References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> <20120407011147.A744611DE2D@xx1.develooper.com> <1333770511.21857.20.camel@localhost.localdomain> <1333995034.19606.69.camel@localhost.localdomain> <1334003049.19606.82.camel@localhost.localdomain> Message-ID: <20120411001056.53EB62E8A82@xx1.develooper.com> Having successfully untainted one file while reading it in, I am now faced with untainting a file containing two languages, English and French. File - tagnames2.dat key English value French value p1a_help1 Getting Help Obtenir de l'aide p2a_type Building Type: Type de b?timent: p3a_error_less must be no less than ne peut pas ?tre inf?rieur ? As well, this file contains some math like symbols: >, =, <, ~ My initial regex is: if( $tagLine =~ /([\w]+)\t([-\w\/.]+)\t([-\w\/.]+)$/) # key and two values the same format { my $tag = $1; my $phraseE = $2; my $phraseF = $3; my $tmpref = { english => "$phraseE", francais => "$phraseF" }; $tags{ $tag } = $tmpref; $count++; } Works for the English phrase, $2 but not the French phrase $3. I use a test file to print the "bad" lines. It is the French phrases that cause the bad line error. I could set locale the loop then restore - and write the regex without the \w shortcut. Is that a good idea? >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca From liam at holoweb.net Tue Apr 10 18:52:41 2012 From: liam at holoweb.net (Liam R E Quin) Date: Tue, 10 Apr 2012 21:52:41 -0400 Subject: [tpm] Irritation problem - regex French character set References: <20120405045828.738492E8A81@xx1.develooper.com> <4F7D4E2A.9030409@stemsystems.com> <20120407011147.A744611DE2D@xx1.develooper.com> <1333770511.21857.20.camel@localhost.localdomain> <1333995034.19606.69.camel@localhost.localdomain> <1334003049.19606.82.camel@localhost.localdomain> Message-ID: <1334109161.31569.30.camel@localhost.localdomain> On Tue, 2012-04-10 at 20:10 -0400, Chris Jones wrote: > Having successfully untainted one file while > reading it in, I am now faced with untainting a > file containing two languages, English and French. > > File - tagnames2.dat > key English value French value > p1a_help1 Getting Help Obtenir de l'aide > p2a_type Building Type: Type de b?timent: > p3a_error_less must be no less than ne peut pas ?tre inf?rieur ? > > As well, this file contains some math like symbols: >, =, <, ~ > > My initial regex is: > if( $tagLine =~ > /([\w]+)\t([-\w\/.]+)\t([-\w\/.]+)$/) # key and two values the same format > { > my $tag = $1; > my $phraseE = $2; > my $phraseF = $3; > my $tmpref = { > english => "$phraseE", > francais => "$phraseF" }; > $tags{ $tag } = $tmpref; > $count++; > } It sounds like you might want this instead: if ($tagLine =~ m{^([^\t]+)\t([^\t]+)\t(.+)$}) { $tags{$1} = { english => $2, fran?aise => $3 }; ++$count; } else { # maybe log an error here? be careful not to # show the untrusted data in an error message that # goes to the user, though! } since you want to match based on tabs, not on what's between them. Liam -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Pictures from old books: http://fromoldbooks.org/ From legrady at gmail.com Wed Apr 11 00:47:37 2012 From: legrady at gmail.com (Tom Legrady) Date: Wed, 11 Apr 2012 09:47:37 +0200 Subject: [tpm] Re. Tainted data In-Reply-To: <20120409161021.D67B411F815@xx1.develooper.com> References: <20120409161021.D67B411F815@xx1.develooper.com> Message-ID: I'm generally dubious of constructs like "if $language ne 'english'". (Besides, should be "lc $language") .. are you certain there will never be another language ... Gernan .. Cree ... On a Hungarian keyboard from Budapest Tom On Mon, Apr 9, 2012 at 6:10 PM, Chris Jones wrote: > So to confirm: > > my $language = ; > > my $index = "index.html"; > > if( $language ne "english" ) > { > $index = "indexo.html" > } > > # $index is now tainted and > > > > # throws and error when selected by the user > > If that summarizes my issue, it certainly explains the problems I have > been having. > > A follow on question: > Is data retrieved from a database considered tainted? The application > uses data retrieved from a mysql database. Would this data also be > considered tainted? > The program uses DBI, DBD-mysql. > > > > > > At 11:48 PM 06/04/2012, Liam R E Quin wrote: > >> On Fri, 2012-04-06 at 21:11 -0400, Chris Jones wrote: >> > Uri >> > Thanks again for your help. I have one question about untainting >> > then files before opening. >> > >> > Would not the split untaint the data: >> > my( $key, $value ) = split /\t/ ; >> >> No. >> >> The only ways to untaint data are to use them as keys in a hash (so $key >> is OK here, but $value is not) or to pick them out of a regular >> expression match with $1, $2, etc. >> The point of marking input data as tainted is so you can catch things >> like, >> my ($filename, $info) = split; >> system("ls $filename"); >> and have filename be "/etc/group;reboot;" or something >> >> see "perldoc perlsec" for more info. >> >> > >> > As long as there is no bad characters in the data that should untaint >> it? >> > Again the input config file contains: >> > infilename ../input >> > outfilename ../output >> > >> > If I use: >> > my $outfilename = "$confighash{outfilename}"; >> > my $modfilename = "$outfiilename".".mod"; #add the extension >> > >> > Would not $modfilename be untainted? >> no. Also watch for the two i's in outfiilename. >> >> The general principle is that data from outside your program cannot be >> trusted (whereas data from inside your program _probably_ shouldn't be >> trusted :-)) and untrusted data must never be allowed to affect the >> world outside your program. Yes, your data file might be safe, but what >> if it wasn't? How does Perl know? >> >> [...] >> > Which leads to a question about declaring variable and scope: >> > my( $key, $value ) = split /\t/ ; >> > >> > Are these two variables in scope each time through the loop? That is >> > why I declared them outside the while loop in my original version. >> >> They are in scope, yes -- but if you have >> >> while ($sun_shines) { >> my $cider = split; >> . . . >> } >> >> then there's a new $cider made each time around the loop. >> >> Hope that helps. >> >> Liam >> >> -- >> Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ >> Pictures from old books: http://fromoldbooks.org/ >> > > >> > Christopher Jones, P.Eng. > Suite 1801, 1 Yonge Street > Toronto, ON M5E1W7 > Tel. 416-203-7465 > Fax. 416-946-1005 > email cj at enersave.ca > > ______________________________**_________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/**listinfo/toronto-pm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Martin at Cleaver.org Wed Apr 11 04:47:15 2012 From: Martin at Cleaver.org (Martin Cleaver) Date: Wed, 11 Apr 2012 07:47:15 -0400 Subject: [tpm] TWiki / Foswiki coder? Message-ID: Hi all, Does anyone here have experience building extensions for the Foswiki.org or TWiki.org platforms? I have some contract work available. Please reply to Martin.Cleaver at Blendedperspectives.com Thanks! Martin. -- Martin Cleaver M.Sc. MBA Cell: 416-786-6752 Martin.Cleaver at BlendedPerspectives.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From cj at enersave.ca Wed Apr 11 04:58:33 2012 From: cj at enersave.ca (Chris Jones) Date: Wed, 11 Apr 2012 07:58:33 -0400 Subject: [tpm] Re. Tainted data In-Reply-To: References: <20120409161021.D67B411F815@xx1.develooper.com> Message-ID: <20120411115838.1471011FAAE@xx1.develooper.com> Well, I am following Pierre Trudeau's lead. It is a bilingual website, made in Canada. Ideally, the website could be multi-lingual by placing the phrases in a database instead of a flat, two language text file. At 03:47 AM 11/04/2012, Tom Legrady wrote: >I'm generally dubious of constructs like "if $language ne >'english'". (Besides, should be "lc $language") .. are you certain >there will never be another language ... Gernan .. Cree ... > >On a Hungarian keyboard from Budapest > >Tom > >On Mon, Apr 9, 2012 at 6:10 PM, Chris Jones ><cj at enersave.ca> wrote: >So to confirm: > >my $language = ; > >my $index = "index.html"; > >if( $language ne "english" ) >{ > $index = "indexo.html" >} > ># $index is now tainted and > > > ># throws and error when selected by the user > >If that summarizes my issue, it certainly explains the problems I >have been having. > >A follow on question: >Is data retrieved from a database considered tainted? The >application uses data retrieved from a mysql database. Would this >data also be considered tainted? >The program uses DBI, DBD-mysql. > > > > > >At 11:48 PM 06/04/2012, Liam R E Quin wrote: >On Fri, 2012-04-06 at 21:11 -0400, Chris Jones wrote: > > Uri > > Thanks again for your help. I have one question about untainting > > then files before opening. > > > > Would not the split untaint the data: > > my( $key, $value ) = split /\t/ ; > >No. > >The only ways to untaint data are to use them as keys in a hash (so $key >is OK here, but $value is not) or to pick them out of a regular >expression match with $1, $2, etc. >The point of marking input data as tainted is so you can catch things >like, >my ($filename, $info) = split; >system("ls $filename"); >and have filename be "/etc/group;reboot;" or something > >see "perldoc perlsec" for more info. > > > > > As long as there is no bad characters in the data that should untaint it? > > Again the input config file contains: > > infilename ../input > > outfilename ../output > > > > If I use: > > my $outfilename = "$confighash{outfilename}"; > > my $modfilename = "$outfiilename".".mod"; #add the extension > > > > Would not $modfilename be untainted? >no. Also watch for the two i's in outfiilename. > >The general principle is that data from outside your program cannot be >trusted (whereas data from inside your program _probably_ shouldn't be >trusted :-)) and untrusted data must never be allowed to affect the >world outside your program. Yes, your data file might be safe, but what >if it wasn't? How does Perl know? > >[...] > > Which leads to a question about declaring variable and scope: > > my( $key, $value ) = split /\t/ ; > > > > Are these two variables in scope each time through the loop? That is > > why I declared them outside the while loop in my original version. > >They are in scope, yes -- but if you have > >while ($sun_shines) { > my $cider = split; > . . . >} > >then there's a new $cider made each time around the loop. > >Hope that helps. > >Liam > >-- >Liam Quin - XML Activity Lead, W3C, >http://www.w3.org/People/Quin/ >Pictures from old books: http://fromoldbooks.org/ > > > >> >Christopher Jones, P.Eng. >Suite 1801, 1 Yonge Street >Toronto, ON M5E1W7 >Tel. 416-203-7465 >Fax. 416-946-1005 >email cj at enersave.ca > >_______________________________________________ >toronto-pm mailing list >toronto-pm at pm.org >http://mail.pm.org/mailman/listinfo/toronto-pm > >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: From arocker at Vex.Net Wed Apr 11 06:36:38 2012 From: arocker at Vex.Net (arocker at Vex.Net) Date: Wed, 11 Apr 2012 09:36:38 -0400 Subject: [tpm] Re. Tainted data In-Reply-To: <20120411115838.1471011FAAE@xx1.develooper.com> References: <20120409161021.D67B411F815@xx1.develooper.com> <20120411115838.1471011FAAE@xx1.develooper.com> Message-ID: <3ede71201f188fff86d95f532d298b28.squirrel@mail.vex.net> > Ideally, the website could be multi-lingual by placing the phrases in a > database instead of a flat, two language text file. > Why not load a hash? That would be practical for every known human language, (c 6,000 http://sciencenetlinks.com/science-news/science-updates/human-language/ ), let alone the subset likely to have web access, (< 100, at a guess). From stuart at morungos.com Wed Apr 11 08:01:22 2012 From: stuart at morungos.com (Stuart Watt) Date: Wed, 11 Apr 2012 11:01:22 -0400 Subject: [tpm] Re. Tainted data In-Reply-To: <3ede71201f188fff86d95f532d298b28.squirrel@mail.vex.net> References: <20120409161021.D67B411F815@xx1.develooper.com> <20120411115838.1471011FAAE@xx1.develooper.com> <3ede71201f188fff86d95f532d298b28.squirrel@mail.vex.net> Message-ID: I've done localization with Locale::Maketext, and its Locale::Maketext::Lexicon component. That takes a fair bit more work, but it uses external (non Perl) files, and allows a bit more control, including paramerized texts. The advantage: you can add additional languages by adding .po files with translations (i.e., using GNU gettext). The intent was to make it possible for non-programmers to localize systems, i.e., contracting it out. For a few locales it might not be worth it, but for large-scale internationalization it almost certainly is. All the best Stuart On 2012-04-11, at 9:36 AM, arocker at Vex.Net wrote: >> Ideally, the website could be multi-lingual by placing the phrases in a >> database instead of a flat, two language text file. >> > Why not load a hash? That would be practical for every known human > language, (c 6,000 > http://sciencenetlinks.com/science-news/science-updates/human-language/ ), > let alone the subset likely to have web access, (< 100, at a guess). > > _______________________________________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/listinfo/toronto-pm From jztam at yahoo.com Wed Apr 11 09:28:21 2012 From: jztam at yahoo.com (J Z Tam) Date: Wed, 11 Apr 2012 09:28:21 -0700 (PDT) Subject: [tpm] Fw: [pm_groups] Nordic Perl Workshop 2012 Message-ID: <1334161701.88865.YahooMailClassic@web125701.mail.ne1.yahoo.com> Forwarded as requested from the larger PM list.? /jordan --- On Wed, 4/11/12, Claes Jakobsson wrote: From: Claes Jakobsson Subject: [pm_groups] Nordic Perl Workshop 2012 To: pm_groups at pm.org Received: Wednesday, April 11, 2012, 12:12 PM Hi, please send the information below to your local groups. Thanks Claes, stockholm.pm ---- On the 4th and 5th of JUNE? the 2012 edition of Nordic Perl Workshop takes place in Stockholm, Sweden. It'll be two days of presentations, hacking, socializing and other interesting stuff around Perl5, Perl6, the community, projects and related topics. Regular attendee fee is 50 EUR and reduced fee at 25 EUR for students. Afterwards my hope is to have a hackathon and some touristy stuff for those who are interested. In order for the workshop to be great we also need interesting presentations which my hope is that you attendees will provide! Last submission date is May 6th. Thanks to Init AB who are sponsoring this year. See you in Stockholm early June! To register, submit talks or more information visit the workshop site at http://act.yapc.eu/npw2012/ /Claes Jakobsson, Stockholm Perl Mongers -- Request pm.org Technical Support via support at pm.org pm_groups mailing list pm_groups at pm.org http://mail.pm.org/mailman/listinfo/pm_groups -------------- next part -------------- An HTML attachment was scrubbed... URL: From jztam at yahoo.com Fri Apr 20 13:03:23 2012 From: jztam at yahoo.com (J Z Tam) Date: Fri, 20 Apr 2012 13:03:23 -0700 (PDT) Subject: [tpm] ideas for talks In-Reply-To: <1332354708.89917.YahooMailClassic@web125702.mail.ne1.yahoo.com> Message-ID: <1334952203.95245.YahooMailClassic@web125701.mail.ne1.yahoo.com> Following up ... since? the list is rather quiet these days: 1. Next Meeting: April 26th 2012 TOPIC: WorkFlows, IDEs, editors, etc. 1.1 Call For Presenters: Could we self-nominate for the next gathering, regarding who will lightening-talk about what?? Dont be shy.. each session only lasts a few minutes up to 15 mins. Jordan:? emacs and cperl-mode Perhaps we have an alpha geek for some of these: vi,?? komodo,? padre,? visual??,? perl ;-) /jordan --- On Wed, 3/21/12, J Z Tam wrote: From: J Z Tam Subject: Re: [tpm] ideas for talks To: toronto-pm at pm.org, "Olaf Alders" Received: Wednesday, March 21, 2012, 2:31 PM 1. @olaf congrats on the metaAcceptance.? woo hoo ;-) 2. IIRC, my brain is like a seive, last month, we were collectively chatting about "workflows"? as a? lightning talk series. So, perhaps we can come up with a standardized source file(s) so that there are more eurekas, when we see the other guy do it waay cool.? File I/O, regexps, revision control, shell outs, etc. For now, let's just shout out what you would like to see performed in each person's workflow...? and we'll crowdsource our source tree later. Suggestions; 2.1? how to wget/install:? vi,? *vim,? *emacs,? komodo*,? padre,? eclipse+EPIC,? kate, gEdit, yetAnotherPerlEditor, etc.? Once we have the first round of presenters/IDEs? we can install what we each want to test drive, when the guru is presenting. Versioning matters!? so please send URIs and notes. 2.2? what the cool kids are hacking for their IDE's --- On Wed, 3/21/12, Olaf Alders wrote: From: Olaf Alders Subject: [tpm] ideas for talks To: toronto-pm at pm.org Received: Wednesday, March 21, 2012, 1:43 PM I just wanted to throw out some ideas for talks over the coming months. First off, my YAPC talk has been accepted: http://act.yapcna.org/2012/talk/139? It's a 20 minute introduction to the MetaCPAN API.? The meeting in May would be a great time for me to test drive the talk.? April works too, if May is booked solid.? ;) Secondly, if anyone knows their way around tmux, I personally would benefit from some kind of demonstration on that. (No, I did not RTFM) Thirdly, in general some kind of a tools night would be great.? I'm finding out about really great stuff just by looking over someone's shoulder.? A lot of times they tell me they've been using it for years, but they never thought to share it with me.? So, getting people to talk about how they use vim, solarized, screen, tmux, komodo, etc and demonstrating that on the projector would be something very helpful, I think. Olaf -- Olaf Alders olaf at vilerichard.com http://vilerichard.com -- folk rock http://twitter.com/vilerichard http://cdbaby.com/cd/vilerichard _______________________________________________ toronto-pm mailing list toronto-pm at pm.org http://mail.pm.org/mailman/listinfo/toronto-pm -----Inline Attachment Follows----- _______________________________________________ toronto-pm mailing list toronto-pm at pm.org http://mail.pm.org/mailman/listinfo/toronto-pm -------------- next part -------------- An HTML attachment was scrubbed... URL: From olaf at vilerichard.com Fri Apr 20 13:24:59 2012 From: olaf at vilerichard.com (Olaf Alders) Date: Fri, 20 Apr 2012 16:24:59 -0400 Subject: [tpm] ideas for talks In-Reply-To: <1334952203.95245.YahooMailClassic@web125701.mail.ne1.yahoo.com> References: <1334952203.95245.YahooMailClassic@web125701.mail.ne1.yahoo.com> Message-ID: <832023AB-C0C5-4EEE-8C31-16F8CDD89080@vilerichard.com> On 2012-04-20, at 4:03 PM, J Z Tam wrote: > Following up ... since the list is rather quiet these days: > 1. Next Meeting: April 26th 2012 > TOPIC: WorkFlows, IDEs, editors, etc. Works for me! > > 1.1 Call For Presenters: > Could we self-nominate for the next gathering, regarding who will lightening-talk about what? Dont be shy.. each session only lasts a few minutes up to 15 mins. > > Jordan: emacs and cperl-mode Olaf: divvy, tree, homebrew > > Perhaps we have an alpha geek for some of these: > vi, komodo, padre, visual??, perl ;-) Let me add tmux to this list :) Olaf -- Olaf Alders olaf at vilerichard.com http://vilerichard.com -- folk rock http://twitter.com/vilerichard http://cdbaby.com/cd/vilerichard From mattp at cpan.org Fri Apr 20 14:04:22 2012 From: mattp at cpan.org (Matthew Phillips) Date: Fri, 20 Apr 2012 17:04:22 -0400 Subject: [tpm] ideas for talks In-Reply-To: References: <1334952203.95245.YahooMailClassic@web125701.mail.ne1.yahoo.com> <832023AB-C0C5-4EEE-8C31-16F8CDD89080@vilerichard.com> Message-ID: I can probably put some words together on my workflow : dwm, vim (favorite plugins, how I manage them), vimperator. On Fri, Apr 20, 2012 at 5:03 PM, Matthew Phillips wrote: > I can probably put some words together on my workflow : dwm, vim (favorite > plugins, how I manage them), vimperator. > > > On Fri, Apr 20, 2012 at 4:24 PM, Olaf Alders wrote: > >> >> On 2012-04-20, at 4:03 PM, J Z Tam wrote: >> >> > Following up ... since the list is rather quiet these days: >> > 1. Next Meeting: April 26th 2012 >> > TOPIC: WorkFlows, IDEs, editors, etc. >> >> Works for me! >> >> > >> > 1.1 Call For Presenters: >> > Could we self-nominate for the next gathering, regarding who will >> lightening-talk about what? Dont be shy.. each session only lasts a few >> minutes up to 15 mins. >> > >> > Jordan: emacs and cperl-mode >> >> Olaf: divvy, tree, homebrew >> >> > >> > Perhaps we have an alpha geek for some of these: >> > vi, komodo, padre, visual??, perl ;-) >> >> Let me add tmux to this list :) >> >> Olaf >> >> -- >> Olaf Alders >> olaf at vilerichard.com >> >> http://vilerichard.com -- folk rock >> http://twitter.com/vilerichard >> http://cdbaby.com/cd/vilerichard >> >> >> >> >> _______________________________________________ >> toronto-pm mailing list >> toronto-pm at pm.org >> http://mail.pm.org/mailman/listinfo/toronto-pm >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cj at enersave.ca Fri Apr 20 14:26:57 2012 From: cj at enersave.ca (Chris Jones) Date: Fri, 20 Apr 2012 17:26:57 -0400 Subject: [tpm] Re. Tainted data In-Reply-To: <3ede71201f188fff86d95f532d298b28.squirrel@mail.vex.net> References: <20120409161021.D67B411F815@xx1.develooper.com> <20120411115838.1471011FAAE@xx1.develooper.com> <3ede71201f188fff86d95f532d298b28.squirrel@mail.vex.net> Message-ID: <20120420212703.A6B2311D681@xx1.develooper.com> The hash idea interesting and directly applicable. The only issue would be finding someone to translate all the current English/French phrases into the various languages. At the moment, the hash has 393 phrases in English and French. There must be an automated phrase generator somewhere on the web? At 09:36 AM 11/04/2012, arocker at Vex.Net wrote: > > Ideally, the website could be multi-lingual by placing the phrases in a > > database instead of a flat, two language text file. > > >Why not load a hash? That would be practical for every known human >language, (c 6,000 >http://sciencenetlinks.com/science-news/science-updates/human-language/ ), >let alone the subset likely to have web access, (< 100, at a guess). >> Christopher Jones, P.Eng. Suite 1801, 1 Yonge Street Toronto, ON M5E1W7 Tel. 416-203-7465 Fax. 416-946-1005 email cj at enersave.ca From mphillips34 at gmail.com Fri Apr 20 14:03:29 2012 From: mphillips34 at gmail.com (Matthew Phillips) Date: Fri, 20 Apr 2012 17:03:29 -0400 Subject: [tpm] ideas for talks In-Reply-To: <832023AB-C0C5-4EEE-8C31-16F8CDD89080@vilerichard.com> References: <1334952203.95245.YahooMailClassic@web125701.mail.ne1.yahoo.com> <832023AB-C0C5-4EEE-8C31-16F8CDD89080@vilerichard.com> Message-ID: I can probably put some words together on my workflow : dwm, vim (favorite plugins, how I manage them), vimperator. On Fri, Apr 20, 2012 at 4:24 PM, Olaf Alders wrote: > > On 2012-04-20, at 4:03 PM, J Z Tam wrote: > > > Following up ... since the list is rather quiet these days: > > 1. Next Meeting: April 26th 2012 > > TOPIC: WorkFlows, IDEs, editors, etc. > > Works for me! > > > > > 1.1 Call For Presenters: > > Could we self-nominate for the next gathering, regarding who will > lightening-talk about what? Dont be shy.. each session only lasts a few > minutes up to 15 mins. > > > > Jordan: emacs and cperl-mode > > Olaf: divvy, tree, homebrew > > > > > Perhaps we have an alpha geek for some of these: > > vi, komodo, padre, visual??, perl ;-) > > Let me add tmux to this list :) > > Olaf > > -- > Olaf Alders > olaf at vilerichard.com > > http://vilerichard.com -- folk rock > http://twitter.com/vilerichard > http://cdbaby.com/cd/vilerichard > > > > > _______________________________________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/listinfo/toronto-pm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jztam at yahoo.com Wed Apr 25 14:23:48 2012 From: jztam at yahoo.com (J Z Tam) Date: Wed, 25 Apr 2012 14:23:48 -0700 (PDT) Subject: [tpm] Tommorrow's Meeting: Roster of Speakers/Topics for Workflows and IDE's In-Reply-To: Message-ID: <1335389028.45296.YahooMailClassic@web125705.mail.ne1.yahoo.com> Dear mongeren, ? Here is the latest roster that we are going with ... please self-qualify and add yourself to the list as you please.? Thanks.? ROOM:? "C"?????????????? Thanks Alan TOPIC:? WorkFlows, IDEs, editors, etc: Jordan.Tam:??? ??????? emacs and cperl-mode Matthew.Phillips:???? dwm, vim (favorite plugins, how I manage them), vimperator. Olaf.Alders:??? ???????? divvy, tree, homebrew Dear Mike.S, ? Please update PROD website (to.pm.org) Dear Matt.P ?? Please update QA website (torontopm-torontopm.dotcloud.com/meetings/) Thanks to all in advance.? See you Thursday. -------------- next part -------------- An HTML attachment was scrubbed... URL: From indy at indigostar.com Sat Apr 28 04:29:44 2012 From: indy at indigostar.com (Indy Singh) Date: Sat, 28 Apr 2012 07:29:44 -0400 Subject: [tpm] How determine the real directory path In-Reply-To: <1335389028.45296.YahooMailClassic@web125705.mail.ne1.yahoo.com> References: <1335389028.45296.YahooMailClassic@web125705.mail.ne1.yahoo.com> Message-ID: Hello all, I want to copy files from one directory to another where the directory paths are something like: /a/b/c to /x/y/z I need to detect if the two directory paths are identical after symbolic links are resolved, in order to skip the file copy. Using File::Copy::copy sets $! to ?No such file or directory? Using cp from a shell prompt gives an error like: cp: `/a/b/c/foo.txt' and `/x/y/z/foo.txt' are the same file Anyone have an idea how to resolve this? Indy Singh IndigoSTAR Software -- www.indigostar.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From fulko.hew at gmail.com Sat Apr 28 05:59:09 2012 From: fulko.hew at gmail.com (Fulko Hew) Date: Sat, 28 Apr 2012 08:59:09 -0400 Subject: [tpm] How determine the real directory path In-Reply-To: References: <1335389028.45296.YahooMailClassic@web125705.mail.ne1.yahoo.com> Message-ID: On Sat, Apr 28, 2012 at 7:29 AM, Indy Singh wrote: > Hello all, > > I want to copy files from one directory to another where the directory > paths are something like: > /a/b/c to /x/y/z > > I need to detect if the two directory paths are identical after symbolic > links are resolved, in order to skip the file copy. > > Using File::Copy::copy sets $! to ?No such file or directory? > > Using cp from a shell prompt gives an error like: > cp: `/a/b/c/foo.txt' and `/x/y/z/foo.txt' are the same file > Anyone have an idea how to resolve this? > Can you use stat() to get the inodes of both directories to see if they are the same? -------------- next part -------------- An HTML attachment was scrubbed... URL: From indy at indigostar.com Sat Apr 28 07:46:41 2012 From: indy at indigostar.com (Indy Singh) Date: Sat, 28 Apr 2012 10:46:41 -0400 Subject: [tpm] How determine the real directory path In-Reply-To: References: <1335389028.45296.YahooMailClassic@web125705.mail.ne1.yahoo.com> Message-ID: <9561A373847E4D93822B09C6F8D90EB5@indy> Thanks, that worked. Indy Singh IndigoSTAR Software -- www.indigostar.com From: Fulko Hew Sent: Saturday, April 28, 2012 8:59 AM To: Indy Singh Cc: toronto-pm at pm.org Subject: Re: [tpm] How determine the real directory path On Sat, Apr 28, 2012 at 7:29 AM, Indy Singh wrote: Hello all, I want to copy files from one directory to another where the directory paths are something like: /a/b/c to /x/y/z I need to detect if the two directory paths are identical after symbolic links are resolved, in order to skip the file copy. Using File::Copy::copy sets $! to ?No such file or directory? Using cp from a shell prompt gives an error like: cp: `/a/b/c/foo.txt' and `/x/y/z/foo.txt' are the same file Anyone have an idea how to resolve this? Can you use stat() to get the inodes of both directories to see if they are the same? -------------- next part -------------- An HTML attachment was scrubbed... URL: From antoniosun at lavabit.com Sun Apr 29 07:29:58 2012 From: antoniosun at lavabit.com (Antonio Sun) Date: Sun, 29 Apr 2012 10:29:58 -0400 Subject: [tpm] How determine the real directory path In-Reply-To: <9561A373847E4D93822B09C6F8D90EB5@indy> References: <1335389028.45296.YahooMailClassic@web125705.mail.ne1.yahoo.com> <9561A373847E4D93822B09C6F8D90EB5@indy> Message-ID: Instead of retrieving and comparing the inodes yourself, try this: use Cwd; Cwd::realpath /a/b/c and check if it is the same as Cwd::realpath /x/y/z HTH Antonio On Sat, Apr 28, 2012 at 10:46 AM, Indy Singh wrote: > Thanks, that worked. > > Indy Singh > IndigoSTAR Software -- www.indigostar.com > > *From:* Fulko Hew > *Sent:* Saturday, April 28, 2012 8:59 AM > *To:* Indy Singh > *Cc:* toronto-pm at pm.org > *Subject:* Re: [tpm] How determine the real directory path > > > > On Sat, Apr 28, 2012 at 7:29 AM, Indy Singh wrote: > >> Hello all, >> >> I want to copy files from one directory to another where the directory >> paths are something like: >> /a/b/c to /x/y/z >> >> I need to detect if the two directory paths are identical after symbolic >> links are resolved, in order to skip the file copy. >> >> Using File::Copy::copy sets $! to ?No such file or directory? >> >> Using cp from a shell prompt gives an error like: >> cp: `/a/b/c/foo.txt' and `/x/y/z/foo.txt' are the same file >> Anyone have an idea how to resolve this? >> > > Can you use stat() to get the inodes of both directories to see if they > are the same? > > > > _______________________________________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/listinfo/toronto-pm > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From liam at w3.org Sat Apr 28 07:58:38 2012 From: liam at w3.org (Liam R E Quin) Date: Sat, 28 Apr 2012 10:58:38 -0400 Subject: [tpm] How determine the real directory path In-Reply-To: References: <1335389028.45296.YahooMailClassic@web125705.mail.ne1.yahoo.com> Message-ID: <1335625118.5292.1.camel@localhost.localdomain> On Sat, 2012-04-28 at 08:59 -0400, Fulko Hew wrote: > Can you use stat() to get the inodes of both directories to see if they are > the same? Make sure the files are on th same file system, of course -- inodes are only unique within a single file system. Liam -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Pictures from old books: http://fromoldbooks.org/ The barefoot programmer