user-pic

Belden

  • Commented on Please build this for me, yesterday!
    Is this harder than finding all of your desired asset files on disk: find /var/www -name '*.css' -o -name '*.png' -print | perl -pe 's,/var/www,,' > /tmp/my-assets And then grepping across your codebase for each of those files, recording which...
  • Commented on Prototype changes across Perl release boundaries
    I updated the implementation so it does take advantage of the (+) now :)...
  • Commented on Prototype changes across Perl release boundaries
    I'm not unaware of Module::Implementation. I didn't really care for the interface for this particular problem; I can shoehorn the module to do what I want: use strict; use warnings; package Hash::MostUtils::leach; use Module::Implementation; BEGIN { my $implementation; my %available...
  • Commented on Prototype changes across Perl release boundaries
    Oh, that's a fair question. It's an artifact of how I developed leach - first on a higher version of Perl, where the prototype was reported as +, and then fixing for a lower version of Perl. I must not...
  • Posted Prototype changes across Perl release boundaries to Belden

    At a previous employer, one of the things I ran into from time to time was the need to get the keys of a hash back out in the same order they were provided. Yes, Tie::IxHash exists to solve this problem: but it always felt like a heavy-weight…

  • Commented on Unicode and Passwords
    It's worth knowing that binmode($fh, ':encoding(UTF-8)') blows away $@. However, not all encoding layers for binmode() blow away $@. foreach my $layer (':raw', ':utf8', ':encoding(UTF-8)', ':encoding(utf8)') { eval { die $layer . "\n" }; binmode STDOUT, $layer; if ($@) {...
Subscribe to feed Recent Actions from Belden

  • Nick Patch commented on Unicode and Passwords

    NFKD or NFKC can be useful if you want very lenient comparisons, but I'd stick with NFD or NFC for password comparisons so as not to turn a strong password into a weak one. If normalization forms weren't used on passwords, it could potentially be a problem for a user travelling in another country who can't log in because the foreign keyboard mapping uses the same canonical character at a different code point.

  • Abigail commented on Unicode and Passwords

    One thing to consider is, what are your costs? Has anyone done research to find out whether allowing Unicode passwords results in an increase of customer service calls, because people are having problems? You may think passwords become more secure because of the increased key space, what if someone picks a password with a "smart-quote" (U+2019), when creating an account using his PC (not really realizing he's using "smart-quotes"). Then, later, while travelling, he tries to log in to your service using a mobile device, but the keyboard on that device has regular quotes (U+0027) handy, and…

  • Leon Timmermans commented on Unicode and Passwords
    One final note: don't use binmode STDOUT, ':utf8';. You see that a lot in example code, but it's wrong. It merely sets the layer as utf8 but doesn't validate it. See this perlmonks post for a proof of concept exploit. Whenever you see ':utf8', it's probably a bug and you should change it to ':encoding(UTF-8)'.

    Actually, it's only a problem when used for input. For output it doesn't really matter (if your output is invalid UTF-8 already, you've got bigger problems to worry about).

  • Toby Inkster commented on Prototype changes across Perl release boundaries

    Seems Module::Implementation could have been used rather than writing provide.pm.

    Module::Implementation is already used by Class::Load, Package::Stash and B::Hooks::EndOfScope (and thus indirectly by Moose, Catalyst, namespace::clean, App::Cmd, etc) so many people will already have it installed.

  • Aristotle commented on Prototype changes across Perl release boundaries

    Uh.

    use 5.012;
    my @hashlike = (1..10); my @collected;
    while (my ($k, $v) = each @hashlike) { push @collected, $k, $v; }

    No code necessary.

Subscribe to feed Responses to Comments from Belden

About blogs.perl.org

blogs.perl.org is a common blogging platform for the Perl community. Written in Perl and offering the modern features you’ve come to expect in blog platforms, the site is run by Dave Cross and Aaron Crane, with a design donated by Six Apart, Ltd.