Celebrity nude scandal, on security, an analogy

Though I won’t say they aren’t victims of a crime… What the victims did is fundamentally the equivalent of using skeleton keys in the modern day. What apple did or rather didn’t do, is prevent that. Apple could have used a tool like cracklib, and said at the time of password creation, this is too short, this is not random enough, we are refusing to allow you to put this skeleton key lock on your front door. Read more →

Java Privacy, broken by design

It is worth noting that none of the following arguments apply to anything using the keyword static which makes things more procedural (or in some cases functional, than Object Oriented. The suggestion in Java is to give the least required permission, but this, in my humble opinion, violates the Open-Closed Principle. Java has four privacy levels. Giving something the least permission required to function is fine in a Security context, privacy in programming however is simply there to discourage developers from doing stupid things. Read more →

Two Hundred Posts

My blog is 6 years old and 200 posts, and over 120k hits, Probably my first interesting post is when decided I was switching to git from svn, and it’s not very interesting, and I think much more poorly written than I write things now. Since then I’ve re-skinned the blog to new templates at least twice. I now list books that I recommend on the right side of my blog, and I’ve ensured that all content is clearly licensed under the creative commons. Read more →

REST, ROA, and HATEOAS often leads to bad webservice design

This is not to say that they are bad, but I find that all too frequently the resulting API’s are poorly designed due to forgetting one thing, RPC (Remote Procedure Call) is expensive. Now by RPC, I do not mean custom messaging formats such as SOAP, or XML-RPC, I mean calling a method on a remote server. Do not think that just because you are using HTTP as the message format with something like XML or JSON, that calling GET /resource, is significantly all that different from calling get_resource in a SOAP call. Read more →

Matching Hex characters in a Regex

I’ve noticed a common problem with regular expressions and Hex Characters, so I thought I’d blog about it. The most common way to regex a UUID, or SHA1 or some other hex encoded binary value is this (and I’ve seen this in Perl libraries and StackOverflow answers). [a-f0-9] or [A-F0-9] Neither of these are correct as Hex is case insensitive and both of these regex’s are. Hex is most commonly lowercase (unless you’re Data::UUID), but that’s an aesthetic, not a requirement. Read more →

The ShareDir Problem

Some of you may have noticed a while back that converted Pod::Spell to the use of File::ShareDir::ProjectDistDir instead of keeping the wordlist in Pod::Wordlist::__DATA__. This move was made in conjunction with making Pod::Wordlist an Object, and in preparation for a time when you’ll be able to specify your own wordlist file. It was also made so that non technical contributors could more easily update the wordlist without going near anything that looked like code. Read more →

Advent, good idea, but problematic execution

So advent is 24 days of high quality tutorials, and it’s great, and ++ too all the people who make articles. But I’ve got a problem… it never shows up in my feed that I read in Feedly (formerly read in Google reader). This is compounded by the fact that there are many advents, each with there own yearly feed… so each year I have to poke around at the various projects to see if they’re doing advent, and if so to subscribe to the feed. Read more →

Would You Miss Autoderef in 5.20? solutions in search of a problem

This is a response to Chromatics blog post Would You Miss Autoderef in 5.20?, because I can’t ever get comments to work on his MT for something like a year (500, or some blogger openid incompat). In all honesty I don’t find either particularly interesting. I’ve too often been targeting 5.8 or 5.10 for syntax… @{ $foo } is really the most I’ve ever needed,@$foo is nicer, but beyond that don’t need it. Read more →