Re: npm, PyPi overtake CPAN
On 24 May 2013, at 01:31, Paul Makepeace wrote: > I'm sure there's plenty of caveats etc but the gradients is probably what's > most interesting here; CPAN is relatively static compared with, well, all > the others. How about the caveat of utility? Whilst npm has a reasonable SNR and gems has so many modules that there are enough useful ones hidden there, pypi is mostly full of crap and not useful when you want to achieve something. That said, egg basket makes it remarkably easy to host your own mini-pypi server for darkpan you've generated
Re: npm, PyPi overtake CPAN
On 24 May 2013 05:43, Aaron Trevena wrote: > On 24 May 2013 01:31, Paul Makepeace wrote: >> http://modulecounts.com/ >> >> ... with Rubygems screaming ahead since overtaking CPAN a couple of years >> ago. And the hugeness of Maven Central. >> > I had a deeper look at thisin a bit more depth before I got snowed > under at work > http://blogs.perl.org/users/hashbangperl/2013/03/comparing-apples-and-oranges---rubygems-vs-cpan-part-2.html A couple of things worth mentioning are firstly that several issues mentioned in that blog and elsewhere are being addressed http://www.dagolden.com/index.php/2098/the-annotated-lancaster-consensus/ and also if you look at rubygems uploads it's an astonishingly high proportion of undocumented version 0.001 abandonware. A. -- Aaron J Trevena, BSc Hons http://www.aarontrevena.co.uk LAMP System Integration, Development and Consulting
Re: npm, PyPi overtake CPAN
On 24 May 2013 01:31, Paul Makepeace wrote: > http://modulecounts.com/ > > ... with Rubygems screaming ahead since overtaking CPAN a couple of years > ago. And the hugeness of Maven Central. > > I'm sure there's plenty of caveats etc but the gradients is probably what's > most interesting here; CPAN is relatively static compared with, well, all > the others. I had a deeper look at thisin a bit more depth before I got snowed under at work http://blogs.perl.org/users/hashbangperl/2013/03/comparing-apples-and-oranges---rubygems-vs-cpan-part-2.html - I'll try and finish writing it up in some upcoming time I have sitting in airports next month. A -- Aaron J Trevena, BSc Hons http://www.aarontrevena.co.uk LAMP System Integration, Development and Consulting
npm, PyPi overtake CPAN
http://modulecounts.com/ ... with Rubygems screaming ahead since overtaking CPAN a couple of years ago. And the hugeness of Maven Central. I'm sure there's plenty of caveats etc but the gradients is probably what's most interesting here; CPAN is relatively static compared with, well, all the others.
Re: Quarantining crap HTML?
On 05/22/2013 07:53 PM, David Dorward wrote: On 22 May 2013, at 16:29, DAVID HODGKINSON wrote: On 21 May 2013, at 13:14, Philip Skinner wrote: You can specify the content of an iframe using a javascript call in the src: Upon sleeping on it, this was the direction I was headed in. The problem is the HTML is user-generated and we know where that leads. If I were using that approach, I'd host the HTML on a different domain (to use the Same Origin Policy to protect my site against JS attacks from the HTML) and cover it with anti-evil HTTP headers (to stop people including frame buster scripts). http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-00 (Not that that would be the first approach I'd consider, I'd tend towards parsing the HTML, running it through a whitelist to determine what attributes were acceptable or not and then spitting out something valid and non-evil though.) Plus remember to set a restrictive P3P policy on the domain/subdomain hosting that stuff.
