The same thing would have happened if braces were used like this:
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
{ goto fail; }
{ goto fail; }
Only if the braces were on a different line would we either have gotten a
detectable merge conflict, or a second goto operation that did no harm:
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) {
goto fail;
goto fail;
}
But the thesis of this blog post missed something even more important about this security flaw: WHERE WERE THE TESTS? If there was a unit test covering this function, it would have been immediately obvious that the outcome was not the same as the intention, by way of a test failing as soon as the developer ran the tests himself or an integration server ran the tests.
Win32::IsAdminUser()
to check for elevated privileges? The docs say:
Returns non zero if the account in whose security context the current process/thread is running belongs to the local group of Administrators in the built-in system domain; returns 0 if not. On Windows Vista it will only return non-zero if the process is actually running with elevated privileges. Returns undef and prints a warning if an error occurred. This function always returns 1 on Win9X.
]]>Thanks!
]]>It is not that difficut to include instructions for those who want to port their CGI scripts.
Something like
sudo cpan CGI
will do the trick ;)
I think Perl can move on and remove CGI.pm from core modules.
What it is really missing in the core, in my opinion, are IO::Socket::SSL and Plack.
Look at Node.js core, for example http://nodejs.org/api/tls.html
We need https!
Thanks for nice article.
Personally I liked this piece for avoiding one extra hash value generation under while.
]]>
while(my ($key, $value) = each %hash){...}
I hadn't thought of randomizing the deck from the start as you say with .pick(*) and then shifting cards off one at a time, but I can see how that would be more efficient, since there's probably some overhead in each .pick call, so calling it once is better than five times. Thanks!
I'll try to be more accurate about calling methods methods and not subroutines. I'm still getting used to everything being an object even though I didn't create any.
]]>Whew.
Way too many seemingly random dollar signs for me...
]]>