From arocker at Vex.Net Tue Dec 3 08:36:34 2013 From: arocker at Vex.Net (arocker at Vex.Net) Date: Tue, 3 Dec 2013 11:36:34 -0500 Subject: [tpm] Social organisation Message-ID: <53f51ade7e9d6788354997c6d94eb093.squirrel@mail.vex.net> Did anybody arrange the details for the December social meeting? From dave.s.doyle at gmail.com Tue Dec 3 11:14:38 2013 From: dave.s.doyle at gmail.com (Dave Doyle) Date: Tue, 3 Dec 2013 14:14:38 -0500 Subject: [tpm] Social organisation In-Reply-To: <53f51ade7e9d6788354997c6d94eb093.squirrel@mail.vex.net> References: <53f51ade7e9d6788354997c6d94eb093.squirrel@mail.vex.net> Message-ID: I don't think we really discussed it in detail. I'd suggest C'est What again. It's worked out well I think. -- dave.s.doyle at gmail.com On 3 December 2013 11:36, wrote: > > Did anybody arrange the details for the December social meeting? > > _______________________________________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/listinfo/toronto-pm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mlist.ats at spamgourmet.com Tue Dec 3 11:25:59 2013 From: mlist.ats at spamgourmet.com (Antonio T. Sun) Date: Tue, 3 Dec 2013 14:25:59 -0500 Subject: [tpm] IO::Socket, perl -T and insecure dependency in bind Message-ID: Hi, I have this error that I want to fix: Insecure dependency in bind while running with -T switch at /usr/lib/perl/5.14/IO/Socket.pm line 202. To me, the weirder part is not the error message itself, but how it appears. Enclosed list [1], and also available under http://pastebin.com/wqcHGfme, is the source code that invokes perl with the -T switch, and does not show the above insecure dependency issue. Now take a look at this (minor) change: $ diff -wU 1 pixelserv2 pixelserv2 --- pixelserv2 2013-12-02 20:41:46.075685600 -0500 +++ pixelserv3 2013-12-02 20:37:29.943685600 -0500 @@ -4,2 +4,4 @@ +my $conffile = "/etc/pixelserv.ip"; + my $crlf = "\015\012"; @@ -9,4 +11,8 @@ +open(my $fh, "<", $conffile) || die "can't open $conffile: $!"; +my $listento = do { local $/; <$fh> }; +close($fh) || die "can't close $conffile: $!"; + my $sock = new IO::Socket::INET( - LocalHost => '0.0.0.0', + LocalHost => $listento, LocalPort => '80', To me, the change is really minor, but the impact is huge. I now have such insecure dependency issue. Why it was OK, and now is not? How to fix it? Thanks Antonio [1] source list 1. #! /usr/bin/perl -Tw 2. 3. use IO::Socket::INET; 4. 5. my $crlf = "\015\012"; 6. my $pixel = pack( "C*", 7. qw(71 73 70 56 57 97 1 0 1 0 128 0 0 255 255 255 0 0 0 33 249 4 1 0 0 0 0 44 0 0 0 0 1 0 1 0 0 2 2 68 1 0 59) 8. ); 9. 10. my $sock = new IO::Socket::INET( 11. LocalHost => '0.0.0.0', 12. LocalPort => '80', 13. Proto => 'tcp', 14. Listen => 30, 15. Reuse => 1 16. ); 17. 18. if ( !defined($sock) ) { 19. print "error : cannot bind : $! exit\n"; 20. exit(1); 21. } 22. 23. while (my $new_sock = $sock->accept() ) { 24. while (<$new_sock>) { 25. chop; 26. chop; 27. 28. # print "$_\n"; 29. if ( $_ eq '' ) { last; } 30. } 31. print $new_sock "HTTP/1.1 200 OK$crlf"; 32. print $new_sock "Content-type: image/gif$crlf"; 33. print $new_sock "Accept-ranges: bytes$crlf"; 34. print $new_sock "Content-length: 43$crlf$crlf"; 35. print $new_sock $pixel; 36. shutdown( $new_sock, 2 ); 37. undef($new_sock); 38. } 39. 40. close($sock); 41. exit(0); -------------- next part -------------- An HTML attachment was scrubbed... URL: From talexb at gmail.com Tue Dec 3 11:33:36 2013 From: talexb at gmail.com (Alex Beamish) Date: Tue, 3 Dec 2013 14:33:36 -0500 Subject: [tpm] Social organisation In-Reply-To: References: <53f51ade7e9d6788354997c6d94eb093.squirrel@mail.vex.net> Message-ID: Yes, I think we all agreed C'est What was a great venue. Do we have a date already? With that, we can go to the venue and make sure we have a table ready. Alex On Tue, Dec 3, 2013 at 2:14 PM, Dave Doyle wrote: > I don't think we really discussed it in detail. I'd suggest C'est What > again. It's worked out well I think. > > -- > dave.s.doyle at gmail.com > > > On 3 December 2013 11:36, wrote: > >> >> Did anybody arrange the details for the December social meeting? >> >> _______________________________________________ >> toronto-pm mailing list >> toronto-pm at pm.org >> http://mail.pm.org/mailman/listinfo/toronto-pm >> > > > _______________________________________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/listinfo/toronto-pm > > -- Alex Beamish Toronto, Ontario aka talexb -------------- next part -------------- An HTML attachment was scrubbed... URL: From mattp at cpan.org Tue Dec 3 12:48:37 2013 From: mattp at cpan.org (Matthew Phillips) Date: Tue, 3 Dec 2013 15:48:37 -0500 Subject: [tpm] IO::Socket, perl -T and insecure dependency in bind In-Reply-To: References: Message-ID: Are you running taint mode (perl -T switch) intentionally? Reading from an external source (ie your conf file) is tainted data (thus the warning). See perldoc perlsec ( http://perldoc.perl.org/perlsec.html#Laundering-and-Detecting-Tainted-Data) for more information on how to deal with this. Alternatively, you can turn off taint mode. Cheers, Matt On Tue, Dec 3, 2013 at 2:25 PM, Antonio T. Sun wrote: > Hi, > > I have this error that I want to fix: > > Insecure dependency in bind while running with -T switch at > /usr/lib/perl/5.14/IO/Socket.pm line 202. > > To me, the weirder part is not the error message itself, but how it > appears. Enclosed list [1], and also available under > http://pastebin.com/wqcHGfme, is the source code that invokes perl with > the -T switch, and does not show the above insecure dependency issue. > > Now take a look at this (minor) change: > > > $ diff -wU 1 pixelserv2 pixelserv2 > --- pixelserv2 2013-12-02 20:41:46.075685600 -0500 > +++ pixelserv3 2013-12-02 20:37:29.943685600 -0500 > @@ -4,2 +4,4 @@ > > +my $conffile = "/etc/pixelserv.ip"; > + > my $crlf = "\015\012"; > @@ -9,4 +11,8 @@ > > +open(my $fh, "<", $conffile) || die "can't open $conffile: $!"; > +my $listento = do { local $/; <$fh> }; > +close($fh) || die "can't close $conffile: $!"; > + > my $sock = new IO::Socket::INET( > - LocalHost => '0.0.0.0', > + LocalHost => $listento, > LocalPort => '80', > > > To me, the change is really minor, but the impact is huge. I now have such > insecure dependency issue. > > Why it was OK, and now is not? How to fix it? > > Thanks > > Antonio > > [1] source list > > 1. #! /usr/bin/perl -Tw > 2. > 3. use IO::Socket::INET; > 4. > 5. my $crlf = "\015\012"; > 6. my $pixel = pack( "C*", > 7. qw(71 73 70 56 57 97 1 0 1 0 128 0 0 255 255 255 0 0 0 33 249 4 > 1 0 0 0 0 44 0 0 0 0 1 0 1 0 0 2 2 68 1 0 59) > 8. ); > 9. > 10. my $sock = new IO::Socket::INET( > 11. LocalHost => '0.0.0.0', > 12. LocalPort => '80', > 13. Proto => 'tcp', > 14. Listen => 30, > 15. Reuse => 1 > 16. ); > 17. > 18. if ( !defined($sock) ) { > 19. print "error : cannot bind : $! exit\n"; > 20. exit(1); > 21. } > 22. > 23. while (my $new_sock = $sock->accept() ) { > 24. while (<$new_sock>) { > 25. chop; > 26. chop; > 27. > 28. # print "$_\n"; > 29. if ( $_ eq '' ) { last; } > 30. } > 31. print $new_sock "HTTP/1.1 200 OK$crlf"; > 32. print $new_sock "Content-type: image/gif$crlf"; > 33. print $new_sock "Accept-ranges: bytes$crlf"; > 34. print $new_sock "Content-length: 43$crlf$crlf"; > 35. print $new_sock $pixel; > 36. shutdown( $new_sock, 2 ); > 37. undef($new_sock); > 38. } > 39. > 40. close($sock); > 41. exit(0); > > > > _______________________________________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/listinfo/toronto-pm > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jztam at yahoo.com Tue Dec 3 14:00:03 2013 From: jztam at yahoo.com (J Z Tam) Date: Tue, 3 Dec 2013 14:00:03 -0800 (PST) Subject: [tpm] Antonio Sun Please change your email passphrases. Message-ID: <1386108003.73555.YahooMailNeo@web120905.mail.ne1.yahoo.com> Hey Antonio, ??? I read this on the listserv admin logs. "Antonio T. Sun" has been successfully subscribed to toronto-pm. This does not bode well. /jordan -------------- next part -------------- An HTML attachment was scrubbed... URL: From tpm.ats at spamgourmet.com Wed Dec 4 07:23:15 2013 From: tpm.ats at spamgourmet.com (Antonio Sun) Date: Wed, 4 Dec 2013 10:23:15 -0500 Subject: [tpm] IO::Socket, perl -T and insecure dependency in bind Message-ID: On Tue, Dec 3, 2013 at 3:48 PM, Matthew Phillips - mattp at cpan.org wrote: Are you running taint mode (perl -T switch) intentionally? > That was someone else's code I just inherited, with that -T switch. I looked at perlrun but still wasn't sure what that switch is for. > Reading from an external source (ie your conf file) is tainted data (thus > the warning). See perldoc perlsec ( > http://perldoc.perl.org/perlsec.html#Laundering-and-Detecting-Tainted-Data) for more information on how to deal with this. Alternatively, you can > turn off taint mode. > Thanks for the info, now I know what that switch is for and why, and most importantly, how to untainted it: 1. if ($data =~ /^([-\@\w.]+)$/) { 2. $data = $1; # $data now untainted 3. } else { 4. die "Bad data in '$data'" ; # log this somewhere 5. } Thanks again. -------------- next part -------------- An HTML attachment was scrubbed... URL: From arocker at Vex.Net Wed Dec 4 09:26:56 2013 From: arocker at Vex.Net (arocker at Vex.Net) Date: Wed, 4 Dec 2013 12:26:56 -0500 Subject: [tpm] Who needs shotguns.... Message-ID: To bring down Amazon drones, when you have Perl? http://www.theregister.co.uk/2013/12/04/amazons_nonexistent_drone_delivery_army_already_pwned/ From jbl at jbldata.com Wed Dec 4 20:03:09 2013 From: jbl at jbldata.com (J. Bobby Lopez) Date: Wed, 4 Dec 2013 23:03:09 -0500 Subject: [tpm] Fwd: Sr. Application Developer - contract #21192 In-Reply-To: <11F15AAE76F3402091359E8478AEBA83@E6500CG> References: <11F15AAE76F3402091359E8478AEBA83@E6500CG> Message-ID: I know many of you are multi-talented, and a short term contract (to start) might be right up your alley. Contact Carlos if interested. ---------- Forwarded message ---------- From: Carlos Goncalves Date: Wed, Nov 27, 2013 at 8:05 PM Subject: Sr. Application Developer - contract #21192 To: bobby.lopez at gmail.com Hi Bobby, Know of anyone for this contract at RBC CM? Sr. Application Developer - contract #21192 The project is developing a dashboard which allows the company to visualize its application portfolio and plan the future roadmaps. The dashboard integrates with many sources of information and enriches the each applications record with data about what the application does, who works on it and how it relates to other applications. The application is built using a modern toolset and is targeted at modern web browsers. Due to the small team size, the work will be varied, ranging from front end graph visualization through to server-side data manipulation code. Opportunities to interact with the teams throughout Capital Markets will provide an excellent way for those new to the industry to gain a broad understanding. Experience: - Must have experience with JavaScript, core java development, Tomcat server, Web Services. - Individual must have exp. with both front and back end development (50/50 workload). - Agile, scrum environment, exp. with integration. - Excellent communication skills (constant communication with London/ Toronto teams), be able to converse /liaison with the users. - Results driven, be able to work independently . - Back-end using MongoDB but not required. - Knowledge of modern Javascript frameworks advantageous (e.g. AngularJS, underscore, backbone, d3or similar). - Banking, financial exp. nice to have but not mandatory. Team environment: - Small team. - reporting to Sr. Lead in Toronto. - 2-3 step interview process; 1st round with Sr. Lead (phone screen), 2nd round in-person, will be required to write a code test. This is a contract, 3 months to start. Possible renewal. Location is downtown Toronto near TTC / GO. Market Rate. If you, or perhaps someone you know, is interested in this job, please contact Carlos with a new resume, details of experience, availability and salary expectations. Feel free to pass this email to other who may be interested. Thank you, Carlos Goncalves C. G. Consulting Group Inc. Tel: 1 (905) 753-8400 Fax: 1 (416) 977-2727 Email: carlos at cgconsultinggroup.com www.cgconsultinggroup.com ----------------------------------------------------------- THIS MESSAGE IS FOR THE ADDRESSED PERSON ONLY. INTRODUCTION OF A CANDIDATE BY EMAILED OR FAXED RESUME IS CONSIDERED REPRESENTATION. OUR FEE IS DUE & PAYABLE WHEN A CANDIDATE IS SUBSEQUENTLY HIRED BY YOUR FIRM, A SUBSIDIARY OR DIVISION OR ANY OTHER FIRM YOU REFER OUR CANDIDATE TO WITHIN A TWELVE (12) MONTH PERIOD. This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2658 bytes Desc: not available URL: From tpm.ats at spamgourmet.com Thu Dec 5 15:31:32 2013 From: tpm.ats at spamgourmet.com (Antonio Sun) Date: Thu, 5 Dec 2013 18:31:32 -0500 Subject: [tpm] Increase the file/match cache size Message-ID: Hi, I have a script that works on xml content: xml_output | perl -n000e 's,(?<=">)(.*?)(?=),something_lese,eg; print' It works if the content within the StringHttpBody tag fall within certain size. However when it is big, my script will fail. I'm wondering how can I increase such file/match cache size to hold larger content? Can I set it to some super crazy size? Some of such content can be as big as over 280K in size. Ever possible? Thanks Antonio From Henry.Baragar at Instantiated.Ca Fri Dec 6 09:43:10 2013 From: Henry.Baragar at Instantiated.Ca (Henry Baragar) Date: Fri, 06 Dec 2013 12:43:10 -0500 Subject: [tpm] Larry Wall in a crossword puzzle! Message-ID: <52A20CAE.5020901@Instantiated.Ca> Hello everyone, Checkout clue 65 in the crossword puzzle printed at http://thephoenix.com/Boston/recroom/156611-magazine-racket/. Regards, Henry -- Henry Baragar Instantiated Software Inc. http://www.instantiated.ca -------------- next part -------------- A non-text attachment was scrubbed... Name: Henry_Baragar.vcf Type: text/x-vcard Size: 159 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4279 bytes Desc: S/MIME Cryptographic Signature URL: From talexb at gmail.com Tue Dec 10 06:54:18 2013 From: talexb at gmail.com (Alex Beamish) Date: Tue, 10 Dec 2013 09:54:18 -0500 Subject: [tpm] Remote work opportunity Message-ID: Hi folks, My employer Sitesell is still looking for Perl developers -- the company's in Montreal, but all of the developers and sysadmins work remotely. They have a large Catalyst application, have lots of tests, use PostgreSQL .. and the deal is that they ship new employees a MacBook Pro and stay in touch using Skype. The listing that explains much more is here on jobs.perl: http://jobs.perl.org/job/18026 Let me know off-line if you have any questions -- or hit me up at the December social. (Do we have a date for that yet?) Cheers, Alex PS Full disclosure: Yes, If you list me as a referrer, I get a small bonus. :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From talexb at gmail.com Thu Dec 19 06:11:41 2013 From: talexb at gmail.com (Alex Beamish) Date: Thu, 19 Dec 2013 09:11:41 -0500 Subject: [tpm] December Social? Message-ID: Hi folks, I don't remember hearing about a date for the December social, and it's now Kinda Late. Have I been so buried in work that it went by without me knowing? I would have thought the last Thursday before Christmas would have been suitable .. well, that's .. today, or rather, tonight. Thoughts? Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From dave.s.doyle at gmail.com Thu Dec 19 20:17:05 2013 From: dave.s.doyle at gmail.com (Dave Doyle) Date: Thu, 19 Dec 2013 23:17:05 -0500 Subject: [tpm] December Social? In-Reply-To: References: Message-ID: I'm in and out of the city like nuts until just after Christmas so I don't know what's going on. The to.pm.org website lists boxing day which doesn't seem like a good idea. Can someone step up for this? I would suggest that Friday evening, Dec 27 would be a better idea. -- dave.s.doyle at gmail.com On 19 December 2013 09:11, Alex Beamish wrote: > Hi folks, > > I don't remember hearing about a date for the December social, and it's > now Kinda Late. > > Have I been so buried in work that it went by without me knowing? > > I would have thought the last Thursday before Christmas would have been > suitable .. well, that's .. today, or rather, tonight. > > Thoughts? > > Alex > > > _______________________________________________ > toronto-pm mailing list > toronto-pm at pm.org > http://mail.pm.org/mailman/listinfo/toronto-pm > > -------------- next part -------------- An HTML attachment was scrubbed... URL: