This isn't directly perl-related, but it's a good reminder that as the bus-factor of our projects dwindle down to 0, the danger of a dependency attack goes up.
The story is still unfolding, and I've just been reading it from the HN post
In this case, it appears that the maintainer of xz-utils, who has been maintaining it since 2009 and mentioned online that they don't really have the capacity for it anymore finally had a motivated helper show up to assist with the work 2.5 years ago. That motivated helper now appears to either be a long-con state actor, or a compromised account.
liblzma is used by libsystemd. Redhat and Debian patch ssh to use libsystemd. The startup code of libxz detects when it is loaded into sshd during initialization and replaces a core auth function of sshd with its own copy. The malicious code comes from compressed compiled code within one of the libxz unit test files that gets sneakily injected into the build during the ./configure script. The person who discovered it only found it due to valgrind errors and a slower startup time for ssh, which are mistakes a more sophisticated attacker might not have made.
Oh, and of course the question on everyone's mind, you're probably not affected yet because the latest liblzma is only used in pre-release distros right now. But check if you have xz 5.6 or later. However, the author has been contributing to xz for 2.5 years so who knows if this is the first attack or not...
submitted by /u/nrdvana
[link] [comments]
Libdeflate compression library
Changes for 0.08 - 2024-03-30
- Check compiler when installing and exit if version is too low
- Include a missing file
Sah schemas related to ArrayData
Changes for 0.005 - 2024-02-16
- Rename module/dist Sah-Schema{s,Bundle}-ArrayData following rename of Sah-Schema{s,Bundle} (for visual clarity and consistency with naming of other bundles).
Interface to the Qhull convex hull, Delauny triangulation, Voronoi diagram software suite
Changes for 0.06 - 2024-03-29T17:56:08-04:00
- BUG FIX
automate the Chrome browser
Changes for 0.73 - 2024-03-29
- Tests should not hang when run as root now
- Sandbox is automatically disabled when running as root
Multi column file system explorer
Changes for 0.01 - 2024-03-01T10:42:59Z
- original version; created by h2xs 1.23 with options -X Tk::FileBrowser
Hi all,
I have most difficulties to make my LWP::UserAgent to use TLS 1.2/1.3
I tried :
my $ua = new LWP::UserAgent( 'ssl_opts' => { SSL_version => 'TLSv12:!SSLv2:!SSLv3:!TLSv1:!TLSv11', } );
but no success .....
also tried :
$ENV{https_version}=3;
perl v5.32 is not that old, I am very surprised I can't establish connecting to TLS 1.2/1.3 server
Is it a known problem with openSSL version used to compile v5.32 ? if so, can I upgrade the SSL libs only ? or is there an option to pass on to force TLS 1.2/1.3 ?
Windows 10 - strawberry v5.32.1 MSWin32-x64-multi-thread
Thank you very much !
submitted by /u/lowpowerdesign
[link] [comments]
Read environment variables from .env file
Changes for 0.012 - 2024-03-29T18:05:10+02:00
- Fix lib and test code to use Cwd::abs_path with File::Spec->catdir|catfile.
Class for conversion between percent number to star visualization
Changes for 0.03 - 2024-03-29T16:01:21+01:00
- Add missing dot in doc.
- Improve doc for constructor.
- Move bugtracker to Github.
- Move valid tests to top.
- Rewrite check of error to Mo::utils.
I have a bunch of YAML config files (using YAML::XS) which are multidimensional, and the values can be HASH, ARRAY, or SCALAR. Right now, I have a kind of a template YAML that defines the layout that someone can use as a reference to write a config file. The keys and layout are the same, except instead of having values it has two keys: 1) required (boolean) and 2) type (ARRAY, HASH, STR, etc). What I would like is for a sub to just verify the tree and spit out an error on which key is the problem, but I'm getting kind of lost on trying to loop both trees together.
Here is a small example from a part of a YAML config.
split: level: 3 filter: directories: delete: - \/main.assets$ keep: - S2589004224001688 files: keep: - issue.xml - main.xml - main.pdf
And here is a small example from the YAML config template that someone uses as a reference.
split: required: True type: HASH group: required: False type: HASH by: required: True type: STR count: required: True type: STR level: required: True type: INT filter: required: False type: HASH directories: required: False type: HASH delete: required: False type: ARRAY keep: required: False type: ARRAY files: required: False type: HASH delete: required: False type: ARRAY keep: required: False type: ARRAY
submitted by /u/sirhalos
[link] [comments]
A Latemp Utility Module.
Changes for 0.12.0 - 2024-03-29
- Deprecate.
- Add deprecation note.
Audit CPAN distributions for known vulnerabilities
Changes for 20240329.002 - 2024-03-29T12:08:01Z
- Data update for 2024-03-29
create diffs between HTTP requests
Changes for 0.06 - 2024-03-29
- Use "stable" instead of "experimental"
Some fun with chatgpt (note that you can get the same information with a rudimentary search across various research databases followed by statistical analysis of the tags)
When reading the chat bot response note that
legacy systems include many/most of the research tools in many fields many of the legacy systems are heavily dependent on bash for gluing their individual components many of these legacy systems include a noninsignificant amount for web programming Python / R etc just glue over code written in C and Fortran, ie they just provide an API
Prompt: can you suggest a few application areas for perl as glue in scientific component based software engineering?
Perl can be effectively used as "glue" in scientific component-based software engineering due to its strong text manipulation capabilities, mature ecosystem, and ability to interface with various systems and languages. Here are a few application areas where Perl can excel as a glue language:
1. Bioinformatics Pipelines
Perl has been traditionally strong in bioinformatics, where it is used to connect different software components for tasks like DNA sequence analysis, protein structure prediction, and genetic data processing. It can orchestrate workflows that involve calling various tools, parsing their output, and preparing it for the next step in the analysis pipeline.
2. Data Transformation and Integration
In scientific computing, there is often a need to transform data between different formats or integrate data from various sources. Perl can serve as a glue language to script these transformations and integrations, handling formats like CSV, JSON, XML, and proprietary binary formats commonly used in scientific instruments.
3. System Administration for Research Computing
Perl can automate and manage tasks in research computing environments, such as scheduling jobs on a compute cluster, monitoring resource usage, and managing file systems. It can glue together various system components, ensuring they work seamlessly to support scientific computation.
4. Legacy Scientific Software Integration
Many scientific research fields have legacy software components written in Perl or that provide Perl interfaces. Perl can be used to integrate these components with newer systems, preserving the value of previous investments in software development.
5. Automated Reporting and Visualization
Perl can be used to generate automated reports and visualizations from scientific data. By gluing together data extraction, analysis, and reporting tools, Perl scripts can produce regular, up-to-date reports or visualizations of ongoing scientific research or experiments.
Limitations to Consider
While Perl is useful in these areas, it's essential to consider its limitations. The ecosystem around Perl, particularly in scientific computing, may not be as vibrant as it once was, with many new developments occurring in other languages like Python. Therefore, while Perl remains a powerful tool for certain tasks, its role in new scientific software projects might be more limited compared to its peak usage times.
In conclusion, Perl's role as glue in scientific component-based software engineering is well established, particularly in areas where text processing and legacy system integration are paramount. However, the choice to use Perl should be balanced with considerations about the current and future needs of the project, as well as the availability of skills and community support.
submitted by /u/ReplacementSlight413
[link] [comments]
Class library for rapid development
Changes for 1.215 - 2024-03-28
- Quiq::Confluence::Client
- Quiq::Database::Connection
- Quiq::Hash
- Quiq::Path
- Quiq::PhotoStorage
- Quiq::Url
Simplified abstracted chained DBI subclass
Changes for 1.15 - 2024-03-28T12:26:27-07:00
- Carp SQL parsing errors
- Ignore reserved words SQL parse errors when not specifying an explicit dialect
- Add abstract() method
- Move parsed query cache to the connection object (instead of global)
Generate complete SQL from Perl data structures
Changes for 1.09 - 2024-03-28T12:22:27-07:00
- Slightly better handling of columns in get()
Tied objects
Changes for 0.11 - 2024-03-28
- Ensure any passed index takes precedents over the auto generated index
create diffs between HTTP requests
Changes for 0.05 - 2024-03-28
- We use the postderef feature also in tests
- Use features of URI in a backwards compatible way
TPRC/Science Track Submission Dates and Deadlines Coming Fast!
Easy to use REPL with existing lexical support and DWIM tab completion.
Changes for 0.16
- 2024-03-28
- No longer expanding escaped variable in quotes.
Perl wrapper for the ldns DNS library.
Changes for 4.0.1 - 2024-03-28
- Fixes
A system for running Zonemaster tests asynchronously through an RPC-API
Changes for v11.1.1 - 2024-03-28
- Fixes
simple OBS API calls
Changes for 0.1.2 - 2024-03-27
- added Net::OBS::LWP::UserAgent with 'mirror' method
- multiple configuration parameters for Net::OBS::SigAuth
Colored echo command using ANSI terminal sequence
Changes for 1.08 - 2024-03-28T09:56:23Z
- use charnames ':loose', which requires perl 5.16
The Perl and Raku Conference (formerly known as YAPC::NA) is going strong! This year, we are celebrating 25 years, our silver anniversary, in the Silver State, Nevada! The main conference will be in Las Vegas on June 25-27, but there will be hackathons and possibly classes on the day before and the day after the conference (June 24th and 28th), so please consider joining us for the whole week!
The backbone of this conference has always been our tracks of "traditional" talks by community members and what we have come to call the "Hallway Track" the informal exchange of ideas and camaraderie that sparks new projects and fuels collaboration.
This year, we are pleased also to host the presentation of Papers and Posters accepted by the Science Perl Journal!
Registration is open, so your ticket can now be purchased.
Talk submissions are still open, and we are seeking proposals on a wide variety of subjects. This includes language features, personal projects, applications like Koha, and anything that may be of general interest to Perl and Raku programmers. (We had juggling and origami in the past. Fun!)
- Talks can be 20 minutes or 50 minutes. Please submit through PaperCall.
- Papers and Posters follow the guidelines of the Science Perl Journal. Links to both are also on https://tprc.us.
Speakers who are approved for a talk, paper, or poster will receive a free ticket to the event. The submission deadline is April 5th at 8pm EST, so please send us your submissions soon!
We are planning some special activities during the conference to celebrate our rich 25-year history.
Go now to https://tprc.us/ to check out what is planned and to book a room (see link to Alexis Park Resort under "Location"). Rooms start at only $75 per night, so it’s worth booking early!
The best way to register for the conference is at https://tprc2024.sched.com/tickets
Thanks, TPRC Admins
submitted by /u/nahthanxx
[link] [comments]
The Perl and Raku Conference 2024 in Las Vegas Schedule
Check out the schedule for The Perl and Raku Conference 2024 in Las Vegastprc2024.sched.com
Read environment variables from .env file
Changes for 0.011 - 2024-03-27T22:13:20+02:00
- Allow reading files recursively.
create diffs between HTTP requests
Changes for 0.04 - 2024-03-27
- We use the postderef feature
Perl Weekly Challenge 262: Count Equal Divisible
https://blogs.perl.org/users/laurent_r/2024/03/perl-weekly-challenge-262-count-equal-divisible.html
create OpenAPI documentation of your application
Changes for 1.0.2 - 2024-03-27
- BUG FIXES
Tags helper for gradient evaluation.
Changes for 0.03 - 2024-03-27T17:18:08+01:00
- API Change: Change 'height' and 'width' parameters to CSS unit.
- Remove obsolete module use in test.
- Remove usage of Tags::Output::Raw.
- Rename example files to better names.
- Update Module::Install to 1.21 version.
- Update copyright years.
Multidimensional binning & histogramming
Changes for 0.028 - 2024-03-27T15:55:32+00:00
- update requirement to Test::PDL 0.20 which handles badvals correctly
Tags helper for CPAN::Changes object.
Changes for 0.03 - 2024-03-27T16:29:45+01:00
- Add test of constructor.
- Fix minimal dependency to Tags::HTML.
Does anybody know what happened with the package Catalyst::Plugin::FormValidator, why it was removed from cpan?
submitted by /u/ruzhnikov
[link] [comments]
SPVM Language
Changes for 0.989094 - 2023-03-26
- Internal Changes
- Bug Fix
- Incompatible Changes
module for checking taint peculiarities on some CPAN testers
Changes for 0.0.3