News for April 2012

SSL security in HTTP::Tiny

I was asked to add SSL support to a client library, while also moving from home-grown manual HTTP code to a proper module. HTTP::Tiny was ideal because it is pure-Perl, a core module since 5.14 (so it'll be maintained), and it's just one .pm file, making it easy to ship.

An application server that supported SSL was provided for testing purposes, but the SSL certificate didn't match the hostname - HTTP::Tiny correctly rejected connections. I needed to be able to control the settings sent to the underlying IO::Socket::SSL object used for the encrypted connection so I could turn off security features for testing. As I worked on that, David Golden offered invaluable feedback, which greatly improved the design of the features added to HTTP::Tiny.

As of 0.018, HTTP::Tiny is more configurable, and has a simple interface for easily making SSL connections more secure. (more…)

Wherein I realize the bliss of writing init scripts with Daemon::Control

Init scripts are annoying little things - almost entirely boilerplate. Here's how I learned to stop struggling, and love Daemon::Control to control my daemons.

The module really is as simple as the synopsis - you describe the daemon, have it write an init script (which actually just runs your Daemon::Control script) for you, then update-rc.d and you're golden. It really is that simple. (more…)

A pastebin with almost no user interface

I've always favoured pastebins that let you bin a paste and nothing more - p.defau.lt and sprunge.us spring to mind. I've made a Perl almost-clone of sprunge.us:

http://p.hashbang.ca now runs WWW::Hashbang::Pastebin, a simple pastebin written with Dancer and DBIx::Class that does nothing but store your text and show it back to you. The only feature beyond that is if you append a +, you'll get line numbering (no syntax highlighting). You can use an anchor to jump to any line (click the line number), and the number for that line will be highlighted.

To interact with the pastebin, just POST with paste content in p and get the URL back in the X-Pastebin-URL HTTP header (and in the body, so curl-ing will Just Work):

curl -F 'p=<-' http://p.hashbang.ca < /var/log/syslog
http://p.hashbang.ca/U

Or, use the Perl client, which provides a command-line tool to do the same thing (and also fetch paste content, given an ID).

Dist::Zilla::Plugin::Twitter gets an OAuth update

My pluginbundle for Dist::Zilla includes, among other things, the Twitter plugin so I can brag on Twitter every time I release a module. Mysteriously, it broke one day. Looking at the code, I realized that it was sending my username and password to authenticate. I remember being uneasy with that at the time I set it up, but I quickly forgot, and continued along blithely. OAuth is an authorization standard that allows users to avoid giving their username & password to a potentially-untrusted application. Using OAuth has been requested since 2011, and the 401 Unauthorized error I got indicates that now it is mandatory for Twitter.

David Golden offered to let me maintain the module, and I'm a sucker, so... :D (more…)