Re: [ANNOUNCE] London Perl Mongers Technical Meeting 12th April 2010

[David Alban]

ray charles doing eleanor rigby...  i know there are things in life
that would surprise me more.  i just can't think of them right now.

On Sun, Mar 28, 2010 at 2:52 AM, Andy Armstrong  wrote:
> For the record the Ray Charles version of Eleanor Rigby is the bestest and 
> I'm sure Piers is at least as good as Ray Charles, right?

-- 
Live in a world of your own, but always welcome visitors.

Re: Perl and OWASP

[Tomas Doran]

On 28 Mar 2010, at 16:55, Nicholas Bamber wrote:
I am puzzled as to why there has hitherto been so little contact  
between perl and OWASP.


I was at the first OWASP conference in London.

I used to attend their meets regularly, however in recent times  
they've been arranged in either the far west or the far east of  
London, and to start at 6pm. Given I finish work at 6pm, it's just not  
been practical for me to be able to get there.


Is anybody out there interested in volunteering some of their coding  
and code reviewing efforts into improving the security of perl based  
web applications in a more systematic way?


Yes. But then, I put quite a lot of my free time and code reviewing  
efforts into improving perl based web applications in a systematic way  
anyway. :_)


I have tried kicking things off with this page: http://www.owasp.org/index.php/Perl 
 . I look forward to hearing from you guys.


I'd certainly be prepared to volunteer some of my time contributing  
to, or reviewing code for perl based web security efforts, and I'm  
certainly happy to do everything in my power (which isn't very much -  
pretty much yelling 'well volunteered' at people) to get the Catalyst  
community.


Cheers
t0m

Re: Perl and OWASP

[Jacqui Caren-home]

James Laver wrote:
What is actually required is to systematically audit each library for 
potential pitfalls and see what the system as a larger entity 
potentially opens up in them. And all that could take some time.


Code reviews are seriously hard work but well worth it.

We used to run code review sessions when I worked at Cray (a LONG time ago)
and it changed how we developed and tested code. I remember the IBM team
reviewing 100 lines of assember and find over 100 issues that needed resolution
- they were actually happy and bought us cakes :-)

The nice bit was it was seen as a way to improve things and for people
to learn from others. Other parts of the company liked the idea they
copied it and it started being used in both software and hardware reviews.

The side effect that programmers taught each other about pitfalls (and 
shortcuts)
was an unforseen advantage.

We were lucky in that we a team of some of the best professional testers
working with our dev team. They drove the code review and ensured it worked.

I no longer have the documentation but the rules were pretty simple.
small team - each member looks for specific issues. Constructive
cirticism. Limited code to review. Limited time and very very short
review meetings. No redesigns etc.

I just wish I had the free time to do this again.

Re: Perl and OWASP

[James Laver]

On Sun, Mar 28, 2010 at 04:55:37PM +0100, Nicholas Bamber wrote:
>
> I am puzzled as to why there has hitherto been so little contact between  
> perl and OWASP. Is anybody out there interested in volunteering some of  
> their coding and code reviewing efforts into improving the security of  
> perl based web applications in a more systematic way? I have tried  
> kicking things off with this page: http://www.owasp.org/index.php/Perl .  
> I look forward to hearing from you guys.

I've got some things in the pipeline regarding it, though they're taking 
a back seat at the minute.

Part of the problem is the complexity of things and the number of 
libraries people use developing web apps. And catalyst is an extremely 
complicated beast to top all of that off.

What is actually required is to systematically audit each library for 
potential pitfalls and see what the system as a larger entity 
potentially opens up in them. And all that could take some time.

--James

Perl and OWASP

[Nicholas Bamber]

I have not managed to make it to any London Perl Monger events since 
joining the mailing list a month or two back. I hope to remedy that when 
people stop marrying at times that inconvenience my life. However I 
reckon that should not stop posting this now.


I recently came across the OWASP  project:

   The Open Web Application Security Project (OWASP) is a 501c3
   not-for-profit worldwide charitable organization focused on
   improving the security of application software. Our mission is to
   make application security visible, so that people and organizations
   can make informed decisions about true application security risks.
   Everyone is free to participate in OWASP and all of our materials
   are available under a free and open software license.

I am puzzled as to why there has hitherto been so little contact between 
perl and OWASP. Is anybody out there interested in volunteering some of 
their coding and code reviewing efforts into improving the security of 
perl based web applications in a more systematic way? I have tried 
kicking things off with this page: http://www.owasp.org/index.php/Perl . 
I look forward to hearing from you guys.


Nicholas

Re: [ANNOUNCE] London Perl Mongers Technical Meeting 12th April 2010

[Andy Armstrong]

On 27 Mar 2010, at 21:58, Mike Whitaker wrote:
> Ah, look at all the london Perlers x 2

[snip]

Applause! I like that.

For the record the Ray Charles version of Eleanor Rigby is the bestest and I'm 
sure Piers is at least as good as Ray Charles, right?

-- 
Andy Armstrong, Hexten

Re: [ANNOUNCE] London Perl Mongers Technical Meeting 12th April 2010

[Ruud H.G. van Tol]

Luis Motta Campos wrote:

Dave Cross wrote:

On 03/27/2010 08:13 AM, Uri Guttman wrote:



and paul and i share the same birthday. not sure what that means.

I expect you'll find it's a coincidence :-)


As a mathematician I must say coincidences have really low probability
of happening...


So how odd is it to find a colloquial coincidence in a scientific statement?

--
Ruud