anielsen

RHEL and perl

2010-10-11T17:52:01Z

At Jobindex we use Red Hat Enterprise Linux. The OS is very stable and we feel that Red Hat is doing a lot of good stuff for Linux and OSS in general.

When it comes to perl the current version RHEL ships with version 5.8.8 which causes a bit frustration however. Some CPAN modules won't install and it seems like the people who writes modules for CPAN don't really care about our (good) old perl verison.

At YAPC::EU several of the speakers recommended installing perl ourselves instead relying on the OS version.

We have now decided to follow this recommendation. At the same time we will also start using git to manage perl and the installed modules to keep the versions in testing and production in sync. This way we wil also avoid messing with RPM packages.

So now I am looking forward to getting my hands on perl 5.12.2 :)

I hate the param method from CGI

2010-08-18T13:34:43Z

Scalar and list content is a nice and advanced feature of perl. Sometimes I think it's a bit too smart for us who use perl.

In our code we have a lot of method calls like this

$obj->foo( name1 => $value, name2 => bar() );

We do a lot of web stuff and often we like to pass the user input to a method like this:

$obj->foo( name1 => $value, name2 => $cgi->param("inputkey") );

This code is bad! It should be

$obj->foo( name1 => $value, name2 => scalar($cgi->param("inputkey")) );

This is because the call to param is in list content. The bug is nasty because it often has security implications. The user can give multiple parameters to the web-script and then overwrite the parameters to the foo method.

This is an example:

$obj->foo( is_superuser =>0, name => $query->param("name") );

The user is able to call foo in superuser mode if he calls the script with the querystring

?name=Anders&name=is_superuser&name=1

So who is too blame for this mess? The programmer? Well we have some very bright people and they made this mistake many times in the past. When many people make the same mistake many times it could be argued that it isn't only their fault. Should we blame perl? Maybe the context feature is just too advanced. We could however also blame the CGI module for having a crappy interface. Or blame the perl community for allowing CGI to be such an important module.

What I learned at YAPC::EU 2010

2010-08-09T08:04:15Z

This is a small list of stuff I learned at YAPC::EU 2010 in Pisa.

I can blog here at blogs.perl.org
I need to look at Try::Tiny. It's supposed to be (exceptionally) good at handling exceptions
The WWW::Mechanize::Firefox talk by Max Maischein should have been a bit longer. Max said he used RT for support questions and bug reports
The bars in Pisa close early and without any warning
People compile and install their own perl instead of using the version that comes with the OS
A lot of people use FastCGI instead of mod_perl. FastCGI has a X-Sendfile feature
I need to take a look at AnyEvent http://search.cpan.org/dist/AnyEvent/
I need to take a look at CPAN Minus (cpanm)
I need to take a look at Varnish http://varnish-cache.org/ for ESI and caching
I need to take a look at Splunk http://www.splunk.com/ for log handling
I need to take a look at MogileFS http://code.google.com/p/mogilefs/
Task::Kensho http://search.cpan.org/~apeiron/Task-Kensho/ contains a number of modules which are recommended by mst and other CPAN/perl celebs
Norweigan has a direct connection from Copenhagen to Pisa
Gitalist is a better web front end to git http://www.gitalist.com/
The food in Pisa is excellent
Perlbrew sounds like an interesting project