sudo su -
curl http://download.opensuse.org/repositories/home:/fengshuo:/zeromq/CentOS_CentOS-6/home:fengshuo:zeromq.repo > /etc/yum.repos.d/fengshuo.repo
yum check-update
yum install zeromq zeromq-devel
cpanm ZMQ::LibZMQ3
export PERL_ZMQ_BACKEND=”ZMQ::LibZMQ3″
cpanm ZMQ
How long would it take to create the simplest of Twitter clients and make it do something useful ?
About 10 minutes – thanks to excellent twitter api documentation,
Perl, and the Net::Twitter module from CPAN.
Registering the Client
Provided you already have a Twitter account, go to the registration page, login, and fill out a short form.
For brevity, I’m going to use the single access token type of authentication.
After registering the app, we’ll be provided with consumer_key and consumer_secret, needed to authenticate the client with Twitter API.
Twitter and OAuth
Twitter now uses OAuth authentication mechanism, therefore apart for the two keys above,we’ll need to also get the access_token and access_token_secret keys. We’ll obtain them when we run the application the first time.
Write some code
And we have a simple shiny twitter client 
doing more : i.e. getting recent twits from our account
More detailed documentation can be found at dev.twitter.com/doc.
Get started on this page.
Many thanks to the authors of Net::Twitter for this module.
I started working on a small webapp with a friend of mine and decided to use something new this time to get acquainted with the new fancy things people have been coming up in the Perl community.
I’ve heard quite a lot of good stuff about the Dancer Web framework, and decided to give it a try.
One of the first tasks, was to provide a simple API, with a call to return some products for particular merchants.
I decided I’ll stay open minded with regards to the format of the data returned, and that I’ll use DBIx::Class to retrieve it from our SQLite database.
Here’s the rough implementation:
the output was quite nice, too :
JSON:
curl -H 'Accept-Type: application/json' --form-string product_name=XXXXX http://localhost:3000/products/get_merchants_for_product
{"merchants":[{"name":"merchant1","product_price":"0.1"},{"name":"merchant2","product_price":"0.2"},]}
Changing the Accept-Type header to ‘text/xml’ or ‘text/x-yaml’ would return the data in the desired format.
Sweet 
There’s a good article in the Dancer Advent calendar that describes how to build a simple REST API more extensively.
The additional dependencies I wen’t for were Dancer::Plugin::DBIC for handling my connection with db via DBIx::Class and Dancer::Serializer::Mutable, responsible for serializing my output.
… since I noticed the database replication was broken on my private server, turns out it’s been 7 months now.
like always, the abundant resources on mysql replication were available here and ( a very short and helpful reference ) here.
Definitely need to find some more motivation for private projects…
While at $work, doing some basic date math, I’ve stumbled across some weirdness, that could not be explained by simply looking at the code I’ve written at that time.
I had something like this going on in one of the Mason’s <%init> hells </%init>
my $date_to_be = DateTime->now->add( days => 14 );
my $date_now = DateTime->now;
my $duration = $date_to_be - $date_now;
say $duration->days;
# said : 0
Now, I was expecting to get 14 days out of this, but it turns out that DateTime does some nifty calculations when I request from it to return $duration->days(). 14 days is always 2 weeks, since I I’d always be getting $duration->days == 0, $duration->weeks == 2.
Hence, note to self: RTFM and never ever assume stuff!
Half an hour well wasted.
1. App::cpanminus
App::cpanminus is a small replacement for it’s bigger siblings CPAN and CPANPLUS – already very popular Perl module installation applications. It might not be providing this many options but it allows you to have a very robust, not so resource hungry alternative for the former two. It proves irreplacable when you’re forced to install the whole chain of modules on small spec VPSs or perhaps some mobile devices ?
Usually it boils down to one little command:
cpanm Some::Module::Name
and it’ll test and install it for you. It also spares you the tedium of configuring the default settings when running it the first time.
2. App::cpanoutdated
Another smart little tool that allows you to quickly examine every Perl module installed on your system and check wiht CPAN, whether there’s a newer version available. The very useful `cpan-outdated –compare-changes` option prints out the diff of CHANGES file if available.
It proves very useful with combination of cpanm.
To upgrade every module on your system from CPAN, simply type:
cpan-outdated | xargs cpanm
You probably don’t want to do it on your production servers without some prior QA but perhaps just running the cpan-outdated on one of them will urge you to stay more up to date with development of modules you’re using every day. ( Lots of lines appearing in STDOUT are very typical on production servers
This on is relatively new on CPAN but it’s very simple in use – it’s sole purpose is to uninstall the module from your system.
Simple pm-uninstall DateTime will definitely make Captain Hook happy
4. Module::Util and it’s pm_which
What version of Moose do I happen to be running on my box ?
pm_which -V Moose tells you exactly what you want.
I guess it’s a bit simpler than perl -MMoose -e ‘print $Moose::VERSION’
These and many others make my usual perl modules maintenance life way easier, though I’m under the impression that many sysadmins who usually do that kind of job on many servers aren’t aware of them, hence this blog post ….
All of them delivered to you free of charge on CPAN.
On July 29th, the first usable version of Rakudo Star ( the Perl6 implementation on Parrot ) has been released.
Obviously the previous versions have been usable in some ways as well – the whole project follows the cycle of monthly releases, and many language features have been gradually added with each iteration.
The difference I can see with this one is the increase community response – there’s far more e-mails floating on the perl6 mailing list and apparently the #perl6 IRC channel hosts many more visitors.
This is a very positive aspect of the whole project – I bet the core Rakudo developers are very pleased with the progress and feedback provided by the community.
Well done to everybody involved in the project!
I personaly can’t wait to get some free time to get my hands dirty and write a few first modules in v6. Hopefully I’ll have more free time on my sleeve soon.
SQL injection attacks are amongst the most common and most dangerous attacks used to exploit the web applications. The reason is simple: The clever SQL injection attack might allow the bad guys to insert a third party content to blogs and forums, and enables them to retrieve the confidential information
using little more than the ordinary web browser. In most of the causes the fault lies with the developers who don’t bother ( or don’t have the time ) to properly validate the user input gathered from website forms and API calls.
If you’re developing an web 2.0 application you’re most probably linking it with the underlying SQL database in order to interactively store and retrieve the website content. Now you might have a thousand reasons for skipping the proper validation of the data, it could either be your boss rushing you and demanding to complete the project before the unrealistic deadline, you might not be aware of the threads or leaving it for the post-release cleanup that is supposed to happen soon but eventually will not get implemented at all due to the change of plans.
However, if you do care about the proper implementation you’re pretty much forced to write your custom routines to handle all the causes. Of course, in different languages there’s different libraries to help you achieving the task but a certain amount of work is still left to be done and even though you might be as meticulous as you possibly can, you could still end up with incomplete validation process. There’s a few reasons for this and probably the most significant one here is the fact that there’s a lot you have to know about different attacks and new exploitation techniques are discovered on a daily basis.
Phew! Yes, you might think it’s all truisms as many people claim that there are no perfectly save systems/applications and every new way of preventing intruders from accessing your data will eventually get circumvented by the clever hackers. I guess, the biggest problem with validating your data is that you pretty much have to do some work on it with every project you’re working on, and even after having created an appropriate library to do the job ( or taking one from the Net) you might still have to bug fix and maintain it. The other problem with the libraries might be that the maintainer might decide to ditch the project due to lack of time or interest and you could end up being left on your own on bug fixing the library that your “old app” is still using. If you’re requiring some extra ( and instant security ) or are getting slightly paranoid ( just like I am ), you might want to take a look at the GreenSQL project.
What is GreenSQL?
GreenSQL is a database proxy that supports both MySQL and PostgreSQL. The way it works resembles a little the way the SpamAssassin does. All the SQL queries that your application is invoking on the database, go first to this proxy server that validates and evaluates them. It’s got the typical for SpamAssassin black- and whitelists, it has the ‘learning’ mode that allows it to effectively recognise the normal database queries from the malicious SQL. It can also block the administrative commands that are usually not required by the web application to function such as DROP TABLE or DROP DATABASE. On top of that there’s a friendly web interface that will help you fine tuning and amending the white/blacklists and other options.
If you think you could do with some extra security this might be one of the options for you to consider. Compared with the code improvements to your app, it takes significantly less time to set up and run. Obviously, It’d be very silly indeed to encourage people to ditch their app based user input validation and solely rely on GreenSQL or the likes, but it is a very helpful addition to the effort of preventing unprivileged access to your data.
Performance
Nothing’s perfect – according to the tests made by the GreenSQL folks, the performance might drop by 2-12%, however this shouldn’t have any impact on most of he web applications out there ( small and medium ). You can find more information on this subject over here.
GreenSQL is an open source effort and is being released under the GPL license.
The current version is 1.2.2-17.1, and overall GreenSQL was downloaded over
30k times since the project started.
The GreenSQL documentation is available here.
10 days ago Google has finally released it’s Chrome web browser – a version for the GNU/Linux operating system.
Even though it’s only a beta version, it’s quite reliable, for the past day I’ve browsed using it and it hasn’t failed me so far
The original beta release post is here
Download Google Chrome.
The gogo6.com has officially launched it’s new social networking site. How does this differ from other social network sites that are out there ?
Well, gogonet is topic orientated and associated people interested in the IPv6 protocol and it’s way through all the hoops that are required to make it a real Internet standard. The goal – to popularize and encourage people to use the IPv6 protocol and eventually see it to be the backbone of the Internet.
The background
The current IPv4 pool is running out. This means that fewer not allocated IPv4 pools are left and Internet service provides have to use complicated NAT and Masquarade techniques to overcome this shortcoming. What it really means is that some servers will not be accessible directly but the traffic to them will have to be routed through in order to make them visible to the world.
Finding out more
The transcript from a very good discussion panel from March 05, 2008, that took place in the Googleplex is available on YouTube :
The gogonet’s website is here http://gogonet.gogo6.com/