Posts Tagged ‘release’

Introducing Hack::Natas

Last Monday, I presented my solutions to the Natas server-side security war games at NSLUG. Afterwards, I spent some time to clean up my code, and I've now published it to CPAN as Hack::Natas, which comes with modules and scripts to solve level 15 and 16 in an automated way, plus walkthroughs for all the levels up to 17 written in Markdown (those are almost the same as my blog posts, so you're not missing out by looking at only one or the other).

Introducing mvr: like mv, but clever

I wanted to move a large number of files from one directory to another, but the target directory already had many of the filenames already used. This is a common enough problem -- digital cameras use DSC#, video downloaders often append numbers to get a unique filename, and so on. In both those examples, the sequence restarts if you empty the program's work directory. So, you'll end up with DSC0001.jpg every time you empty your camera's memory card. If you're trying to move such files into a single directory, you'll get conflicts every time.

Instead of manually renaming the files before transferring them, I wrote a simple script to give each file a unique name in the destination directory.

Introducing Noose: just enough OO to hang yourself

Moose led to Mouse led to Moo led to Mo led finally to M, which gives you the least object-orientation possible, which is none at all. I quipped that Perl desperately needed a new OO module called Noose - just enough object orientation to hang yourself. (more…)

Planning a Content-Security-Policy with Dancer

The same-origin policy is a fundamental part of the security infrastructure of the web. It prevents a web site's scripts from accessing and interacting with scripts used on other sites. This helps keep your data safe because if your bank's website gives you some data, it can only be accessed by your bank's website, and not by scripts from other websites.

That's a nice theory, it'd be a shame if some evidence happened to it.

In the real world, attackers have found ways to get around the same-origin policy to gain access to data they're not supposed to be able to access. For example, a web programmer might mistakenly include some user-provided input verbatim in the HTML of a webpage -- perhaps a username. Well, if your username is <script type="text/javascript" src=""></script>, then how is the web browser supposed to know if that was intentionally put in the HTML of the page? Same-origin policies are insufficient in the face of programmer error. Enter Content Security Policy.

Introducing File::Symlink::Atomic

In Tips & tricks from my 4 months at Pythian, I showed how to give a symlink a new target atomically. I wasn't aware of any module to encapsulate that, so I quickly put together File::Symlink::Atomic.

This module is useful because it eliminates the need to know how to do this safely - simply

use File::Symlink::Atomic

and you get a drop-in replacement for CORE::symlink. It creates a temporary symlink (using File::Temp to get a unique pathname) pointing to your new target, then moves it into place with a rename call. On POSIX systems, the rename system call guarantees atomicity.

I put it on PrePAN to get some advice. I have no clue what that'll do on any non-POSIX systems that have symlinks (if the OS doesn't do symlinks, I can't help you). Is a rename call universally atomic? If not, how can I detect those platforms, and provide that atomic guarantee some other way?

I didn't get any feedback, so I chose to simply release the module. It's now on CPAN. Enjoy!

WordPress theme for

In the past month, a number of people have asked about the theme for this blog. I was particularly flattered that someone even asked where I bought it.

It is just a customized version of Joey Robinson's Minimalist theme. My aim was to keep the same design principles - fast-loading, minimalism, readability - but update it to have a more modern look. One major goal was to have a truly great font via [ccie]@font-face[/ccie] on modern browsers, so I used the Junction font from The League of Movable Type. They're an awesome group of free font designers - you should check out their other fonts too!

I also rewrote the javascript with jQuery, because mootools is ugh.

The new theme is called, unsurprisingly, "Hashbang" - and is now available on Github. Enjoy!

A pastebin with almost no user interface

I've always favoured pastebins that let you bin a paste and nothing more - and spring to mind. I've made a Perl almost-clone of now runs WWW::Hashbang::Pastebin, a simple pastebin written with Dancer and DBIx::Class that does nothing but store your text and show it back to you. The only feature beyond that is if you append a +, you'll get line numbering (no syntax highlighting). You can use an anchor to jump to any line (click the line number), and the number for that line will be highlighted.

To interact with the pastebin, just POST with paste content in p and get the URL back in the X-Pastebin-URL HTTP header (and in the body, so curl-ing will Just Work):

curl -F 'p=<-' < /var/log/syslog

Or, use the Perl client, which provides a command-line tool to do the same thing (and also fetch paste content, given an ID).

Introducing utf8::all

Perl programmers are probably all aware of the utf8 pragma, which turns on UTF-8 in your source code. This is actually a stumbling block for new programmers, who might think that utf8 makes your filehandles use UTF-8 by default, or automagically turns incoming data into UTF-8, and ensures outgoing data is all UTF-8 as well. Sadly, that's not the case.

However, one of the great things about perl5i is that it turns on Unicode. All of it. (more…)

CLI Perl syntax highlighter

Last night, someone posed a problem in #perl-help. They wanted to have syntax highlighting in their shell for Perl code. I immediately suggested that they use Pygments - I knew about it because I'd used it before, and I had experimented with the command line tool. But I was surprised there wasn't already a Perl solution.