CPANdeps and cpXXXan scheduled downtime

CPANdeps and cpXXXan will be unavailable for some of the evening of the 28th of May, for a data centre move.

Meta-testing

A year and a bit ago I wrote about measuring the coverage not of the code I was testing but of my tests, and how doing so had helped me find some problems. Today I dived further down that rabbit-hole.

As I mentioned then, we ran all our tests under Jenkins. Because we're testing quite a complex application, which needs configuration data, databases and so on, we've got a wrapper script that sets up all that jibber-jabber, runs the tests, and then tears down the temporary databases and stu…

CPANdeps pass/fail display now working again

Some months ago the way that third parties got access to the CPAN-testers results database changed. Instead of just downloading a SQLite database, there is now an API. This is good. It means that to get all the new reports since your last query, for example, you only need to transfer a few reports across the network instead of downloading all 40 million-odd records every time.

The change was well-publicised in advance, with a fairly long deprecation cycle. But I just never had the tuits to make the changes I needed, and so eventually that part of CPANdeps just stopped updating. It was…

Bugs in the compiler

After I posted my previous blog entry a couple of things were pointed out to me, to do with my fourth point about ignoring warnings.

It turns out that unreachable code doesn't necessarily produce warnings from Apple-ish compilers like I expected it to. It turns out that in gcc the -Wunreachable-code option doesn't do anything. It's only there because it used to do something but that functionality was removed because it didn't work very well. In Clang, -Wunreachable-code is functional, …

Lessons to learn from Apple

Apple's most recent iOS software update which fixes a horrible security flaw has been all over the interwebs recently. This is yet another post about it. Here's the buggy code:
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
{
OSStatus err;
...

if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((e…