Last Monday, I presented my solutions to the Natas server-side security war games at NSLUG. Afterwards, I spent some time to clean up my code, and I’ve now published it to CPAN as Hack::Natas, which comes with modules and scripts to solve level 15 and 16 in an automated way, plus walkthroughs for all the levels up to 17 written in Markdown (those are almost the same as my blog posts, so you’re not missing out by looking at only one or the other).
Introducing Hack::Natas
Introducing Noose: just enough OO to hang yourself
Moose led to Mouse led to Moo led to Mo led finally to M, which gives you the least object-orientation possible, which is none at all. I quipped that Perl desperately needed a new OO module called Noose – just enough object orientation to hang yourself.
Permanent link for post:
/post/introducing-noose-just-enough-oo-to-hang-yourself/
Posted: Feb 7, 2013
Tags:
Posted: Feb 7, 2013
Tags:
SSL security in HTTP::Tiny
I was asked to add SSL support to a client library, while also moving from home-grown manual HTTP code to a proper module. HTTP::Tiny was ideal because it is pure-Perl, a core module since 5.14 (so it’ll be maintained), and it’s just one .pm file, making it easy to ship.
An application server that supported SSL was provided for testing purposes, but the SSL certificate didn’t match the hostname – HTTP::Tiny correctly rejected connections. I needed to be able to control the settings sent to the underlying IO::Socket::SSL object used for the encrypted connection so I could turn off security features for testing. As I worked on that, David Golden offered invaluable feedback, which greatly improved the design of the features added to HTTP::Tiny.
As of 0.018, HTTP::Tiny is more configurable, and has a simple interface for easily making SSL connections more secure.
Dist::Zilla::Plugin::Twitter gets an OAuth update
My pluginbundle for Dist::Zilla includes, among other things, the Twitter plugin so I can brag on Twitter every time I release a module. Mysteriously, it broke one day. Looking at the code, I realized that it was sending my username and password to authenticate. I remember being uneasy with that at the time I set it up, but I quickly forgot, and continued along blithely. OAuth is an authorization standard that allows users to avoid giving their username & password to a potentially-untrusted application. Using OAuth has been requested since 2011, and the 401 Unauthorized error I got indicates that now it is mandatory for Twitter.
David Golden offered to let me maintain the module, and I’m a sucker, so… :D
Permanent link for post:
/post/distzillaplugintwitter-gets-an-oauth-update/
Posted: Apr 2, 2012
Tags:
Posted: Apr 2, 2012
Tags:
Introducing utf8::all
Perl programmers are probably all aware of the utf8 pragma, which turns on UTF-8 in your source code. This is actually a stumbling block for new programmers, who might think that utf8 makes your filehandles use UTF-8 by default, or automagically turns incoming data into UTF-8, and ensures outgoing data is all UTF-8 as well. Sadly, that’s not the case.
However, one of the great things about perl5i is that it turns on Unicode. All of it.
How do you watch CPAN modules of interest?
This post is really a request for advice. I’m sure there must be a solution out there, I just haven’t found it yet.
Imagine you have a module that pulls in a bunch of prerequisites. You want to watch those prerequisites (and maybe all the way down the the dependency tree) for test failures. Maybe you also want to be notified of new releases. You might even want to try extracting the most recent section of the changelog.