Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^4: 5.18.0 is available NOW!

by BrowserUk (Patriarch)
on May 19, 2013 at 14:24 UTC ( [id://1034217]=note: print w/replies, xml ) Need Help??


in reply to Re^3: 5.18.0 is available NOW!
in thread 5.18.0 is available NOW!

That is not the problem; the response to that is.

When considering a breaking change, I was taught to ask three questions:

  1. Is the breakage actually necessary?

    Is the thing being 'fixed' actually manifesting itself in production code.

    Has any real-world occurrence of the ACA actually been witnessed or reported?

  2. If so, can the breakage be limited in scope?

    Either by limiting the total breakage; or by selectively applying the breaking fix only when required.

    Could the 'fix' have been limited to (say) only when taint was enabled?

  3. Is the breaking 'fix' the *ONLY* solution to the problem?

    Not the first. Not the best. Not the least effort or least worst; but the ONLY?

    Is it necessary to randomise all hashes differently?

    Wouldn't picking the same random hash initialisation, for all hashes for any given run, have been just as effective at stopping real-world exploits in the wild?

Replies are listed 'Best First'.
PERL_PERTURB_KEYS
by dolmen (Beadle) on May 20, 2013 at 14:31 UTC
    Check the documentation on PERL_PERTURB_KEYS in perldelta: PERL_PERTURB_KEYS=0 will restore the previous behavior. This should help you to find bugs related to hash randomization.
[reply]
[d/l]
[select]
Re^5: 5.18.0 is available NOW!
by Anonymous Monk on May 20, 2013 at 20:36 UTC
    1. Yes. Yes. Yes
    2. No. No. No.
    3. Only is irrelevant. Only is irrelevant. Yes. No.
[reply]

      Where is the proof of concept code? (Without it, this is nothing more that idle speculation that has cost a lot of people a lot of time and effort.)

      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
        where is your patch to provide an alternate?
[reply]

      Wrong on every count. And posting anonymously proves it.

      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]

In Section Perl News

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1034217]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (5)
As of 2024-04-23 21:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found