user-pic

David Oswald

  • About: daoswald [a@t] gmail [d0_t] com
  • Commented on Salt Lake Perl Mongers welcome Damian Conway, August 1st
    We just obtained permission to record and post. I'll follow-up here with a link when it's available....
  • Posted Salt Lake Perl Mongers welcome Damian Conway, August 1st to David Oswald

    Salt Lake Perl Mongers, with help from Bluehost, and Utah Open Source are pleased to announce a special presentation by Damian Conway:

    Tempor…

  • Commented on A call to action for CPAN authors
    I think I understand that position. But what does it profit us? We're here now, it's not going away. However, we've all benefited from the labor and intellectual capital represented by CPAN. And I'm sure we have people in the...
  • Posted A call to action for CPAN authors to David Oswald

    CPAN authors should look at the smoke tests for their modules to ensure that they're passing on Perl 5.18. The hash randomization change (and a few others) has bitten many a module that may currently be relying on undefined hash behavior. If you haven't checked your modules recently,…

  • Commented on A call to Salt Lake City prospective Perl Mongers
    The Salt Lake Perl Mongers website is now online. It's sparse, but at least provides a useful link to share when promoting the group: http://saltlake.pm.org...
  • Commented on A call to Salt Lake City prospective Perl Mongers
    To Doran and Matt (and anyone else reading along: The old emailing list has been revived: saltlake-pm@pm.org List subscription info is at http://mail.pm.org/mailman/listinfo/saltlake-pm The website will follow. Also there's a Facebook page: https://www.facebook.com/groups/515481075169254/ (Salt Lake City Perl Mongers) I've had...
  • Posted A call to Salt Lake City prospective Perl Mongers to David Oswald

    I have enjoyed actively participating in the Los Angeles Perl Mongers and Thousand Oaks Perl Mongers groups, but recently relocated to Salt Lake City, UT. So, what stands between Salt Lake City and a Perl Mongers group? You (you know who you are). Anyone interested in…

  • Posted Bytes::Random::Secure -- A no-fuss CSPRNG. to David Oswald

    There are a lot of contributions on CPAN that fill one niche or another with respect to pseudo-randomness generation. What is hard to find is a solution that provides cryptographically secure pseudo random number generation, reliable and strong seeding, a light-weight dependency chain, and cross…

  • Commented on A Simple Mojolicious/DBI Example
    This is a nice, simple example. Howoever, I think that any application written as an example of using DBI with Mojolicious should provide the good example of database connection management. Eventually that connection is going to be dropped....
  • Posted Creating a Perl web application on dotCloud to David Oswald

    I've been working on a project for a client that is being hosted on dotCloud. And as part of the process I have spent a good deal of time familiarizing myself with this PaaS provider. My experiences thus far have been quite positive. I've found dotCloud to…

Subscribe to feed Recent Actions from David Oswald

  • bigfoot commented on A call to action for CPAN authors

    I'm not sure I would have been so sarcastic, however the posting had me asking a similar question.

    I hope a change that breaks so many CPAN modules was vetted by the community before it was promulgated (my guess is it was). I am not as plugged into such cutting edge versions like 5.18 of Perl as I tend to use the most stable version include in standard distros.

    Hopefully, the first comment will tease out some discussion of the broader question regarding how such changes are decided upon and what benefit they provide the community when clearly there will be many people unable…

  • Chisel commented on A call to action for CPAN authors

    I believe the 'breaking change' was for security reasons; to prevent an horrific DoS situation that had been discovered recently.

    As I understand it, getting hash data back in a predictable order is a bug that people have learned to rely on - but still a bug.

    Hash-based tests really ought to be using "cmp_deeply($foo, bag(...))" or "sort keys %hash" idioms.

    This change revealed bugs in test-suites; yes many of us fell into the same trap, but I'd argue that is *is* the module author's responsibility to fix the bug in their code that's been masked by the bug in perl's h…

  • Chisel commented on A call to action for CPAN authors

    "Entries are returned in an apparently random order. The actual random order is subject to change in future versions of perl, but it is guaranteed to be in the same order as either the keys or values function would produce on the same (unmodified) hash"

    Perl 5.8.9 documentation, Dec 2008.
    (http://perldoc.perl.org/5.8.9/functions/each.html)

  • Steffen Mueller commented on A call to action for CPAN authors

    @James: We only broke modules that were already subtly broken. In certain circumstances, Perl would actually change the order of the hash contents (rehashing due to collisions or hash growth) and two hashes with the same content could actually have differing hash orders. It's just that it was rare and lurking to make your mission critical software fail in mysterious ways in the most unfortunate moment. You're welcome.

    On top of that, we had a one-liner that could make any unpatched Perl consume a virtually infinite amount of RAM. This was through an HTTP request if the process on the…

  • john napiorkowski commented on A call to action for CPAN authors

    I'm not sure what the confusion here is...

    AFAIK this change has been spoken about for quite a while, at least a year that I can recall. Beta and RC releases have been out with this change, and if you are a CPAN author you've likely already been getting reports about the broken test cases for months. So I can't really think its fair to jump in at such a late moment and complain about the 'decision making process'.

    A slightly backwards incompatible change was made that made already broken code slightly more obviously broken in order to fix a monumental security issue. Thi…

Subscribe to feed Responses to Comments from David Oswald

About blogs.perl.org

blogs.perl.org is a common blogging platform for the Perl community. Written in Perl and offering the modern features you’ve come to expect in blog platforms, the site is run by Dave Cross and Aaron Crane, with a design donated by Six Apart, Ltd.