Belden

• Website: twitter.com/belden
• About: Mediocre on a good day.

Recent Actions

• Commented on git-refresh: Automatically rebase current branch onto master
  Being able to specify a different base branch name than 'master' might be handy....
• Commented on Prototype changes across Perl release boundaries
  I updated the implementation so it does take advantage of the (+) now :)...
• Commented on Prototype changes across Perl release boundaries
  I'm not unaware of Module::Implementation. I didn't really care for the interface for this particular problem; I can shoehorn the module to do what I want: use strict; use warnings; package Hash::MostUtils::leach; use Module::Implementation; BEGIN { my $implementation; my %available...
• Commented on Prototype changes across Perl release boundaries
  Oh, that's a fair question. It's an artifact of how I developed leach - first on a higher version of Perl, where the prototype was reported as +, and then fixing for a lower version of Perl. I must not...
• Posted Prototype changes across Perl release boundaries to Belden

  At a previous employer, one of the things I ran into from time to time was the need to get the keys of a hash back out in the same order they were provided. Yes, Tie::IxHash exists to solve this problem: but it always felt like a heavy-weight…

• Commented on Unicode and Passwords
  It's worth knowing that binmode($fh, ':encoding(UTF-8)') blows away $@. However, not all encoding layers for binmode() blow away $@. foreach my $layer (':raw', ':utf8', ':encoding(UTF-8)', ':encoding(utf8)') { eval { die $layer . "\n" }; binmode STDOUT, $layer; if ($@) {...

Comment Threads

• Nova Patch commented on Unicode and Passwords

  NFKD or NFKC can be useful if you want very lenient comparisons, but I'd stick with NFD or NFC for password comparisons so as not to turn a strong password into a weak one. If normalization forms weren't used on passwords, it could potentially be a problem for a user travelling in another country who can't log in because the foreign keyboard mapping uses the same canonical character at a different code point.

• Abigail commented on Unicode and Passwords

  One thing to consider is, what are your costs? Has anyone done research to find out whether allowing Unicode passwords results in an increase of customer service calls, because people are having problems? You may think passwords become more secure because of the increased key space, what if someone picks a password with a "smart-quote" (U+2019), when creating an account using his PC (not really realizing he's using "smart-quotes"). Then, later, while travelling, he tries to log in to your service using a mobile device, but the keyboard on that device has regular quotes (U+0027) handy, and…

• Leon Timmermans commented on Unicode and Passwords

  One final note: don't use binmode STDOUT, ':utf8';. You see that a lot in example code, but it's wrong. It merely sets the layer as utf8 but doesn't validate it. See this perlmonks post for a proof of concept exploit. Whenever you see ':utf8', it's probably a bug and you should change it to ':encoding(UTF-8)'.

  Actually, it's only a problem when used for input. For output it doesn't really matter (if your output is invalid UTF-8 already, you've got bigger problems to worry about).

• Toby Inkster commented on Prototype changes across Perl release boundaries

  Seems Module::Implementation could have been used rather than writing provide.pm.

  Module::Implementation is already used by Class::Load, Package::Stash and B::Hooks::EndOfScope (and thus indirectly by Moose, Catalyst, namespace::clean, App::Cmd, etc) so many people will already have it installed.

• Aristotle commented on Prototype changes across Perl release boundaries

  Uh.

  use 5.012;
  
  my @hashlike = (1..10);
  my @collected;
  
  while (my ($k, $v) = each @hashlike) {
      push @collected, $k, $v;
  }

  No code necessary.