Tim Bunce
- Website: blog.timbunce.org
- About: This is not me.
Recent Actions
-
Commented on Automatic variable highlighting in vim
Damian Conway has implemented a typically awesome plugin for automatic variable highlighting (and more): https://github.com/thoughtstream/Damian-Conway-s-Vim-Setup/blob/master/plugin/trackperlvars.vim...
-
Commented on Do not use each
I wonder if there's some way to make the each op warn if the iterator isn't where it's expected to be....
-
Commented on Patch known perlcore ptr problems
For the record, since the post has been edited now so the comments can't be seen in context, the original post said: For sysadmins: Please do not install 5.14.3, still avoid 5.16 at all. For downstream packagers: Please do not...
-
Commented on Patch known perlcore ptr problems
@parv, there is a perl5-security-report mailing list (as described in http://perldoc.perl.org/perlsec.html) staffed by experienced people who deal with evaluating potential security concerns and, if appropriate, creating advisories and working with downstream packagers. It seems that there is disagreement on the...
-
Commented on ElasticSearch::AnyEvent pre-release available on github
Did anything come of this?...
Recent Actions from Tim Bunce
Comment Threads
-
Clinton Gormley commented on
ElasticSearch::AnyEvent pre-release available on github
Yes, we have two async backends:
AnyEvent::HTTP - https://metacpan.org/module/ElasticSearch::Transport::AEHTTP
libcurl - https://metacpan.org/module/ElasticSearch::Transport::AECurl
Just install these modules and use "transport" to choose your backend:
$e = ElasticSearch->new(
transport=>'aehttp'
);
However, Elastic::Model doesn't have async support yet - s… -
Reini Urban commented on
Patch known perlcore ptr problems
There was no drama in this announcement. It was IMHO a helpful community service with an easy way to apply the patches and keep your production perls safer.
I haven't said that they are dramatic security problems with the buffer overflows.
use-after-free as most common security problem in IT is certainly exploitable, and as I said on the security list even the simple buffer overflows can help with exploits. Esp. in connection with the other known problems, which p5p… -
Reini Urban commented on
Patch known perlcore ptr problems
Thanks Tim for the comment with the revisions.
I still stand to the recommendation against 5.16 at all. The reasons were posted on p5p, without any reaction. \0 in names are unprotected and exploitable. The whole new GV api with len is wrong. There can be no \0 in names and there should be none.
-
E. Choroba commented on
Do not use each
Unfortunately,
globis similarly broken:
perl -E 'for my $x (qw(* )) { print "$x: ", scalar glob($x), "\n"}'
-
E. Choroba commented on
Do not use each
Sorry, should have been:
perl -E 'for my $x (qw(* < >)) { print "$x: ", scalar glob($x), "\n"}'
Responses to Comments from Tim Bunce
About blogs.perl.org
blogs.perl.org is a common blogging platform for the Perl community. Written in Perl with a graphic design donated by Six Apart, Ltd.
