|
If you're new here please read PerlMonks FAQ
and Create a new user.
|
Quests
|
Monk Quips Quest
Starts at: May 01, 2023 at 08:00
Ends at: Dec 31, 2023 at 18:59
Current Status: Active
|
8 replies
|
by erzuuli
|
Esteemed Monk kcott has recently proposed an excellent idea.
heretoforthwithstanding, we invite all monks to submit ideas for new monk quips!
Your quip suggestion should include the following details:
- Intended quip location: either XP Nodelet, Chatterbox, or Monkbar (that's the page header).
- Text of quip.
- Optional: background & foreground colours. If you include these, be sure they are nicely contrasting.
.
|
poll ideas quest 2023
Starts at: Jan 01, 2023 at 00:00
Ends at: Dec 31, 2023 at 23:59
Current Status: Active
|
7 replies
|
by pollsters
|
|
|
|
|
Perl News
|
Happy advent!
on Dec 01, 2023 at 04:05
|
2 replies
|
by hippo
|
|
|
THREE new perl releases
on Nov 26, 2023 at 04:33
|
5 replies
|
by Tux
|
Today, three new perl versions have been released:
The main reason is two fixed CVE's:
- CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
- CVE-2023-47039 - Perl for Windows binary hijacking vulnerability
CVE-2023-47038 is only relevant during the use of \p in regexes. This is only a problem if you accept regular expressions from untrusted sources.
update 2023-11-29: Now that the CVE's are getting public, I could add one link.
update 2023-12-02:
|
| CVE-2023-47038 |
Write past buffer end via illegal user-defined Unicode property
This vulnerability was reported directly to the Perl security team by
Nathan Mills the.true.nathan.mills@...il.com.
A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can
cause a one-byte attacker controlled buffer overflow in a heap allocated buffer.
|
|
| CVE-2023-47039 |
Perl for Windows binary hijacking vulnerability
This vulnerability was reported to the Intel Product Security Incident Response
Team (PSIRT) by GitHub user ycdxsb https://github.com/ycdxsb/WindowsPrivilegeEscalation.
PSIRT then reported it to the Perl security team.
Perl for Windows relies on the system path environment variable to find the
shell (cmd.exe). When running an executable which uses Windows Perl interpreter,
Perl attempts to find and execute cmd.exe within the operating system. However,
due to path search order issues, Perl initially looks for cmd.exe in the current
working directory.
An attacker with limited privileges can exploit this behavior by placing cmd.exe
in locations with weak permissions, such as C:\ProgramData. By doing so, when an
administrator attempts to use this executable from these compromised locations,
arbitrary code can be executed.
|
Enjoy, Have FUN! H.Merijn
|
|
|
Supplications
|
CPAN Testers shows N/A
2 direct replies — Read more / Contribute
|
by Bod
on Dec 19, 2023 at 18:24
|
|
|
I've released an updated version of AI::Embedding - version 1.1
The CPAN documentation shows the latest version. However, CPAN Testers is showing N/A for all Perl versions, not just the ones before the minimum Perl version. This seems very strange. Have you come across this before?
Also, when I try to upgrade to the latest version, it doesn't happen
C:\Users\bod>cpanm AI::Embedding
AI::Embedding is up to date. (1.01)
I've checked that I haven't inadvertently specified a minimum Perl version that doesn't yet exist.
Any suggestions for what to check that might be causing this?
|
Path to prove
2 direct replies — Read more / Contribute
|
by Bod
on Dec 18, 2023 at 18:12
|
|
|
|
|
Partial Searches Against Multiple Wildcards
11 direct replies — Read more / Contribute
|
by p_jacobson
on Dec 17, 2023 at 17:34
|
|
|
Hello Monks. I'm building a cross reference utility in Perl and I've run into something that has me stumped. The utility is very basic, users search for an old item number and the utility returns a list of matches. The database is simple:
+-----+-----------+-----+
|rowid| old | new |
+-----+-----------+-----+
| 1 | ABFD-1234 | AAA |
| 2 | ABFD-178G | BBB |
| 3 | F2HB-9401 | AAA |
| 4 | ZDDR-00W5 | DDD |
+-----+-----------+-----+
I've implemented the ability to search anywhere in the old item number (searching for 940 returns row #3) and the ability to not enter the hyphen (searching for ABFD-1 or ABFD1 returns rows #1 and #2.) The users maintaining the utility have asked to use wildcards in the old item number. They'd like to insert an entry like this:
+-----+-----------+-----+
|rowid| old | new |
+-----+-----------+-----+
| 5 | D7*D-48*6 | EEE |
+-----+-----------+-----+
The expectation being that searching for D7RD or DD482 would return row #5. This wildcard request is what has me stumped. I haven't figured out a sensible way to implement it and I'm thinking I need new sets of eyes to lead me down the right path.
A few things that are potentially relevant: (A) the users and the maintainers are not computer people. To them, the asterisk does not mean one or more characters, it just means any single letter or number in that position. (B) the database will only contain a couple thousand rows so loading the entire database into memory is feasible. (C) the asterisk will only be the character class [A-Z0-9]
One option I've tested is to take any old item number with an asterisk and pre-generate all possible combinations. The challenge with this option is that there are old item numbers that have 5 asterisks which means creating 60 million additional entries for that one item. I've also tried building the 60 million rows in memory and searching against those but the application performance degrades as more wildcard entries are added into the database.
Do you have any suggestions for perl-ish ways to tackle this? I don't really need code examples, just ideas that would be performant.
|
Share data bless hash of parent package with childs packages
2 direct replies — Read more / Contribute
|
by Thenothing
on Dec 17, 2023 at 07:20
|
|
|
Hi everyone I hope you're doing fine, first I want to say this is crosspost: https://stackoverflow.com/questions/77557869/central-constructor-share-data-bless-hash-between-packages
I will tried to explain better here and find a solution to this problem, and I hope to learn something new.
I want to have access the latest data of parent constructor in all childs packages in $self.
why I want to do this:
In the constructor, I call external packages so I assigned the result to the hash reference constructor, inside child package I need that data and others config values of parent.
Possible solution:
I found a solution with rebless, and with this code, but I need to create variable and I have to call $self->{data}->{key} I want to avoid that .
I wish I can call just like this $self->{key} inside child package without rebless.
Here a full working example, but have to call $self->{data}->{key}:
package Father;
my $store_data = { };
sub new {
my $class = shift;
return bless { data => $store_data }, $class;
}
1;
package Daughter;
use parent qw(Father);
sub status {
my $self = shift;
$self->{data}->{news} = 'bad';
return $self;
}
sub other {
my $self = shift;
return $self;
}
1;
package Son;
use parent qw(Father);
sub set {
my $self = shift;
$self->{data}->{news} = 'good';
return $self;
}
1;
use Daughter;
use Son;
my $self = Daughter->new()->status;
print Dumper($self);
$self = Son->new()->set;
print Dumper($self);
$self = Daughter->new()->other;
print Dumper($self);
$VAR1 = bless( {
'data' => {
'news' => 'bad'
}
}, 'Daughter' );
$VAR1 = bless( {
'data' => {
'news' => 'good'
}
}, 'Son' );
$VAR1 = bless( {
'data' => {
'news' => 'good'
}
}, 'Daughter' );
do you have some suggestions ?
|
How should I tell DBD::SQLite to use a newer binary?
1 direct reply — Read more / Contribute
|
by Cody Fendant
on Dec 14, 2023 at 23:57
|
|
|
I have DBD::SQLite installed.
It's using /usr/bin/sqlite3 which is old, and I'd like it to use /opt/bin/sqlite3 which is much newer.
How do I get it to use the newer binary? Reinstall, presumably? I can't see anything obvious by looking through the Makefile or other files in the distribution which would show me how it finds, or chooses, a particular path.
|
|
|
Meditations
|
What is the right amount of onboarding?
3 direct replies — Read more / Contribute
|
by talexb
on Dec 19, 2023 at 23:30
|
|
|
In my last post (Re^2: Are blessings a new thing?), I talked about Asking Too Many Questions, something I've done at various jobs I've had. Specifically, when I land at a new job, I like to get a little better grounding on What The Business Does To Earn Money (good to know), as well as something about the technical stack, and how the software's organized. I don't apologize for that -- that's how I like to work.
When I started at a desktop publishing software company (in 1987), the CTO was able to draw me a diagram with the various modules on it, showing how the data flowed between them -- and that all made sense. The fact that these modules were actually individual .com files compiled by Turbo Pascal and jury-rigged to run together as a single GEM application was a little scary, but it worked.
I've also worked at a place where the software running things was over a hundred Catalyst modules, and I was left to my own devices to Figure it All Out; there was no overview, no roadmap. To my mind, this is the wrong approach. If you have a code-base of thousands of files and no documentation, are you surprised there are questions?
When a new developer is hired, you want to give them the best possible opportunity to become productive as soon as possible. It also helps if the team that they're going to a) has helpful people who b) have the time and c) the ability to do this orientation. That probably involves finding a couple of basic parts of the system, and walking through how things look in the database, in the code, and from a Support point of view. (Here's how we store information about widgets, here's the code where we figure out what kind of widget's required, and here's how customer service can look up a customer's widget order.)
After asking all of those questions, I do give back, though -- when I had Co-op students at a recent job, I was happy to explain how things worked in the company's software, and talked about the business model, the database layout, how the release management worked, what support did, how we dealt with the flow of information from our partners, and even got a chance to talk about software craftsmanship, from the point of view of a veteran (ugh, I guess that's me).
The right amount of onboarding is when the new developer can look at a ticket, understand what needs to be done, know where to go in order to start developing and testing a solution, and finally present a useful PR to the team. So onboarding is education -- and everyone knows that in software development, education is continuous.
And Asking Questions should be OK!
Alex / talexb / Toronto
Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.
|
|
|
PerlMonks Discussions
|
Confusing Category
2 direct replies — Read more / Contribute
|
by choroba
on Dec 18, 2023 at 08:23
|
|
|
This is probably a consequence of the transition from Categorized Q&As to Illuminations:
How do I find what directory the perl script is running from? is blessed and tagged as "gui programming", but I'm not sure that's the correct tag for the question.
I don't contest the blessing, just the tag.
map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
|
Are blessings a new thing?
4 direct replies — Read more / Contribute
|
by talexb
on Dec 16, 2023 at 20:28
|
|
|
(Dec 14, 2023 at 16:38 EST) erzuuli has blessed XS Modules - why and when? by Bod!
I may have missed this, but I saw three posts that were 'blessed' by people in the Notices section of the side panel. Is this new? What does it mean?
Alex / talexb / Toronto
Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.
|
|
|
|
