Toby Inkster

  • Website:
  • About: I'm tobyink on CPAN, IRC and PerlMonks.
  • Commented on A (not so) simple matter of privacy
    method $do_internal () { ...; } has been supported by Zydeco for over a year. documentation....
  • Commented on Addressing CPAN vulnerabilities related to checksums
    A while back, I started providing PGP/GPG signatures for all my CPAN and BackPAN releases here. Obviously, this doesn't help with people using the CPAN client to automatically download and install packages, but might be useful if anybody wants to...
  • Commented on Monthly Report - June
    CodersRank can be crazy. My score goes up and down quite dramatically for seemingly no reason. You're often ahead of me....
  • Commented on I failed to pause before blogging
    I think the indexer probably goes through line by line to avoid slurping in the whole file....
  • Commented on I found the truth about GameStop, Qanon, the Biden adminstration, and the British Royal Family
    Aliens from Mars killed Lee Harvey Oswald to hide the truth that eating Kraft instant mac and cheese boxes causes obesity. Lee Harvey Oswald found out because they were the source of all knowledge. Aliens from the moon know the...
  • Commented on Mood Lighting
    The way I currently have it, one cycle takes about 20 minutes; it's very subtle and slow, so a video would not be especially interesting. I'll try filming a faster sequence with more contrast between the colours though....
  • Posted Mood Lighting to Toby Inkster

    The lighting in my bedroom uses Philips Hue bulbs — specifically, the coloured ones. Last night, I decided it would be nice to set the three lights in my bedroom to cycle slowly through a set of warm colours using a script.

    I didn't…

  • Commented on Perl weekly challenge 95
    Your initial function can be simplified further. sub is_palindrome_rev { $_[0] eq reverse $_[0] } Any time you have something like: if ( X ) { return true; } else { return false; } That should trigger your code smell...
  • Commented on A Static Archive of
    Also click on the "URI-duri" link from
  • Commented on A Static Archive of
    Some issues seem missing. If you look at then try clicking on the links. The first one is broken, but the others work....
  • Commented on Drawing a blank with XS
    Python: Let's make whitespace characters syntactically signicifant. Perl: Hold my beer and watch this!...
  • Commented on Perl dying? Well now I don't care
    (If it was unclear in my previous comment, the "Yes" was supposed to be alt text for the image, to be displayed if the image cannot be shown.)...
  • Commented on Perl dying? Well now I don't care
    I can understand the push back on YAML. YAML is a huge specification, way more complex than you need. There's already a cut-back broken implementation in core, adding a second cut-back broken implementation seems a bad idea, and adding a...
  • Commented on Bill & Ted's Bogus Journey
    There's a lot of variation in how CPAN testers have their machines set up, so I can't say for sure if there's any way of getting output from them which will always work, but it seems to work pretty reliably....
  • Commented on Bill & Ted's Bogus Journey
    Yeah, I've seen in quite a few distributions the first test file will print out version numbers of dependencies. CPAN Testers will usually include version numbers of dependencies as part of their report, but that will not generally include optional...
  • Commented on CY's Take on PWC#088
    Why do this? my $pre_prod = 1; # short for "previous product" Why not just call the variable $previous_product? Sure, it's a little longer, but it's not that bad, and you'd actually make the code shorter overall because you could...
  • Commented on I founded a company called Perl Research Institute, Ltd.
    Looks interesting from what Google Translate is able to show me!...
  • Posted Thank You, to Toby Inkster

    For letting me know my test coverage has increased by 0.00006%.

    (Seriously it's a pretty cool service though.…

  • Commented on Perl Weekly Challenge 085
    Ohhh, it means "to the power of". ^ is usually bitwise xor in Perl....
  • Commented on Perl Weekly Challenge 085
    Can't all non-negative integers be represented as a^b? If so, here's a Perl script to do task 2: print "1\n";...
  • Commented on Perl Weekly Challenge 084
    This: my @newlist = map { BLOCK } @oldlist; Is basically just a shortcut for: my @newlist = (); for my $item ( @oldlist ) { local $_ = $item; my @got = do { BLOCK }; push @newlist, @got;...
  • Posted Finding Squares in Matrices to Toby Inkster

    I don't usually take part in the Perl Weekly Challenge but one of this week's challenges caught my eye. I thought it could be a fun thing to attempt and decided to use Zydeco to help solve it.

  • Commented on Perl Weekly Challenge 084
    Parsing the input matrix can be made a lot simpler. my @matrix = map [/([01])/g], grep /[01]/, <$fh>;...
  • Commented on Adventures in Perl
    Welcome to the site! Sometimes if you want to eke out the last drop of performance from Perl, it can mean sacrificing readability, so looking at code from contests that reward performance, brevity, etc can give a bad impression of...
  • Commented on Perl Weekly Challenge 81: Frequency Sort
    This is why I like the list util modules.
  • Commented on Week #080: Smallest Positive Number & Count Candies
    perl -MZ -E'my @N = (1,8,-1); $_ = 1; while () { match($_, \@N) ? ++$_ : (say,last) }'...
  • Posted Applying Operators to Coderefs to Toby Inkster

    In algebra, there's this pretty funky concept:

    (f+g)(x) = f(x) + g(x)

    And I was thinking if $f and $g were coderefs, what could ="prettyp…

  • Commented on Where do you like bugs reported?
    The reason I like is because it has incredibly flexible reporting on issues. Like I have my RT dashboard set to show six sections: Ten most recently updated new/open issues across all my distributions Ten most recently updated patched/stalled...
  • Commented on A meta issue for modules: bug tracking
    Easy peasy....
  • Commented on A meta issue for modules: bug tracking
    Oh nice. I swear it used to disable pull requests when you disabled issues. Now I need to figure out how to use the API to loop through all my repos and disable the issue tracker....
Subscribe to feed Recent Actions from Toby Inkster

  • Aristotle commented on Addressing CPAN vulnerabilities related to checksums

    Yes – if authors signed their distributions themselves, this would verify the origin of the bits all the way to the source, rather than just up to PAUSE, which would be a worthwhile increase in trust. The only problem is the usual web of trust question: if the point is not to have to trust PAUSE then you can’t source authors’ keys from PAUSE, so where do you get them?

  • Robert Rothenberg commented on Addressing CPAN vulnerabilities related to checksums

    PAUSE signatures means that you trust that this is what was uploaded to PAUSE. But it's possible that a malicious person stole an author's credentials to upload something.

    Author signatures means that you trust that the author has approved this code.

    There's always the possibility that a malicious person has stolen PAUSE credentials *and* an author's key-signing credentials. It's not foolproof.

    As an added safety, we could add a scheme for multiple signatures to be added. So another person can review code and submit their signature to PAUSE somehow.

  • Neil Bowers commented on Addressing CPAN vulnerabilities related to checksums

    Thanks Jim - now fixed.

  • Neil Bowers commented on Addressing CPAN vulnerabilities related to checksums
    If the mirror is trustworthy and so is the connection to it, does verification of the PAUSE-signed CHECKSUMS serve any remaining purpose?

    Marginal benefit, I'd say. It's an additional check that you're getting the expected file.

    I've heard anecdotally that the checksums once identified a case where an rsync had been interrupted and result in a truncated file.

  • nhorne commented on Addressing CPAN vulnerabilities related to checksums

    I have a local mirror which downloads from, so it's trusted. I then mount the mirror using NFS, so the entry in for urllist starts with "file://foo/bar". Even though I know it's trusted I still get:

    Warning: checksum file '/mnt/CPAN/authors/id/G/GB/GBARR/CHECKSUMS' not conforming.

    The cksum does not contain the key 'cpan_path' for 'CPAN-DistnameInfo-0.12.tar.gz'.
    Proceed nonetheless? [no]

    How can I handle this scenario?

Subscribe to feed Responses to Comments from Toby Inkster

About is a common blogging platform for the Perl community. Written in Perl with a graphic design donated by Six Apart, Ltd.