home.social
Sign in Create account

"Mutant Rob" Robert Rothenberg

@[email protected]
View on fosstodon.org →
  1. "Mutant Rob" Robert Rothenberg @[email protected] ·

    I've uploaded a prototype module for generating and parsing metadata about software #AI and automation policies, based on ideas from the #Perl Toolchain Summit in April.

    The idea is to have machine-readavle information about how code is generated, what kind of automated contributions are handled are allowed, and what kind of automation the maintainers of a project use.

    There's a draft spec at github.com/CPAN-Security/cpan- but it's already out-of-sync with the Perl code.

    Ideas and feedback would be appreciated.

    metacpan.org/release/RRWO/Dist

    #CPAN

    #ai #perl #cpan
  2. "Mutant Rob" Robert Rothenberg @[email protected] ·

    @barubary @offseq

    Nope. Perl's built-in rand is seeded by 32-bits. The size of the internal state doesn't matter.

    By making several requests to get session IDs, one can deduce the internal state of rand.

    The multiplier does nothing to improve the security. Ultimately rand is just based in 32-bits.

    #perl #cpan #cve

    #perl #cpan #cve
  3. "Mutant Rob" Robert Rothenberg @[email protected] ·

    Require coconut be labelled as an #allergen on food packaging - #Petitions

    petition.parliament.uk/petitio

    #allergen #petitions
  4. "Mutant Rob" Robert Rothenberg @[email protected] ·

    "575 Pull Requests in Three Weeks: What Happens When #AI Meets #CPAN Maintenance"

    This is an interesting read, including the comments.

    blogs.perl.org/users/todd_rina

    #Perl #LLM #Claude

    #ai #cpan #perl #llm #claude
  5. "Mutant Rob" Robert Rothenberg @[email protected] ·

    I've uploaded a new #Perl Critic policy that checks code for naive random data generation from a hash over not-so-randonm sources like rand(), system time, pid such as

    md5_hex( rand . time . $$ . ++$counter )

    This anti-pattern is used in many places, and has been the reason for several CVEs.

    metacpan.org/release/RRWO/Perl

    #CPAN #security

    As a scholarly aside, I am curious as to who first came up this anti-pattern.

    #perl #cpan #security
  6. "Mutant Rob" Robert Rothenberg @[email protected] ·

    MetaCPAN @metacpan now displays security advisories when you are viewing a module with advisories.

    #Perl #CPAN #security #infosec #CVE @cpansec

    #perl #cpan #security #infosec #cve
  7. "Mutant Rob" Robert Rothenberg @[email protected] ·

    I've released a new version of the #Perl module Hash::Util::Merge to #CPAN.

    This module lets you merge hashes by applying a function to each value per key.

    This version allows you to merge an arbitrary number of hashes

    metacpan.org/release/RRWO/Hash

    #perl #cpan
  8. "Mutant Rob" Robert Rothenberg @[email protected] ·

    I've released a new version of Dist-Zilla-Plugin-UsefulReadme to #CPAN.

    This is a #perl #dzil plugin for generating a README with just the useful bits of the module POD.

    This latest version adds a minor option to disable adding prerequisites (mainly for bootstrapping itself) and tweaks some tests.

    metacpan.org/release/RRWO/Dist

    #cpan #perl #dzil
  9. "Mutant Rob" Robert Rothenberg @[email protected] ·

    Today's stupid #webdev trick:

    I'm using #ApacheHTTPD web server with #ServerSideIncludes, and needed to set a response header.

    The solution was to set a variable in the .shtml file, e.g.

    <!--#set var="OVERRIDE" value="1" -->

    and in the server configuration add

    Header set My-Header "new-value" env=OVERRIDE

    #webdev #apachehttpd #serversideincludes #set