Re: Running a shell command inside a cgi/perl script

2001-11-30 Thread J. J. Horner

* Kairam, Raj ([EMAIL PROTECTED]) [011130 15:10]:
> In my perl script I have a line like this.
> system( "'/usr/bin/lp -dhp4si /tmp/plotreq.txt' > /tmp/plotid.txt");
> hp4si is the destination printer.
> /tmp/plotreq.txt  is small text file to be sent to the printer.
> /tmp/plotid.txt is the output of lp command ( just one line to indicate job
> id )to be saved.
> If I run the command /usr/bin/lp -dhp4si /tmp/plotreq.txt > /tmp/plotid.txt
> it is fine as a command line.
> The same in the perl script as above, doesn't send the file to printer nor
> does it create the /tmp/plotid.txt file.
> I have tried this also and did not work.
> @lplist = ("/usr/bin/lp", "-dhp4si /tmp/plotreq.txt");
> system(@lplist);
> This is the context.
> sub search {
>   some code
>   open(REQFILE, ">/tmp/plotreq.txt") || die "sorry, could not open
> /tmp/plotreq.txt";
>   some more code to generate content for plotreq.txt
>   ..
>   close(REQFILE);
>    This is where I tried the above to send the file to the printer.
> }
> This sub is part of a cgi script that creates output for the browser. The
> browser output is OK.
> The /tmp/plotreq.txt is generated but not being sent to the printer.
> Can somebody guide me to do it right ?.
> Thanks
> Raj kairam

Have you tried to 'su -' to nobody (or whomever your server is running as)
and run the command that way?  Have you tried to run the script from the command-line
and see what that yields?

On a side note, you may want to ensure that you are using Taint for all of your CGI
scripts when they interact with the OS.


J. J. Horner

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

Description: PGP signature

Re: Doing Authorization using mod_perl from a programmers perspective

2001-11-19 Thread J. J. Horner

* Randal L. Schwartz ([EMAIL PROTECTED]) [09 11:00]:
> >>>>> "Jon" == Jon Robison <[EMAIL PROTECTED]> writes:
> Jon> Randall, you want to expound upon that?
> Barely ignoring the spelling of my name, I'll simply claim
> "it's not unique".
> Neither is IP address.  Or anything that you haven't specifically
> round-tripped to the browser.  And that doesn't stop someone from
> making another browser respond in the same way, or that browser
> respond in a different way.
> But this is obvious.  I'm confused about why I'd have to explain it. :(

I think Randal has pointed out many times, as have others, that a browser isn't
a person.  One doesn't want to authenticate browsers, one wants to authenticate
people.  Using browser specific information to authenticate a person
is not only impossible to do successfully, it is silly to try.  Using cookies is 
only a little bit less unsuccessful.

Also, please be sure to note the gotcha in the mod_perl guide that gives you 
warning that all browsers behave differently when dealing with a 401 status
code.  Be sure to take that into account.


J. J. Horner

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

Description: PGP signature

Re: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-19 Thread J. J. Horner

* Mithun Bhattacharya ([EMAIL PROTECTED]) [010919 03:40]:
> Stephen Adkins wrote:
> > Is there an easier way to safeguard against Apache prompting for
> > a password over HTTP?
> You could keep the secure areas outside the HTTP document root ?? Just a
> different DocumentRoot for HTTPS in your VirtualHost or separate
> httpd.conf.
> Mithun

Well, one solution we were looking at was using two document roots, 
and linking those directories/apps certified clean to the http docroot.

The problem with this is that we have two virtual hosts, same name, different
ports (http and https) that basically need to have the same information,
with the difference of redirecting some things to the https virtual host if
the directory/app is not certified clean by us.  This makes for a very long,
very intricate Redirect list and each time we need to add to it, we would have
to start and stop the server.  

I figured a more elegant method would be to have the webserver redirect if
an .htaccess is present.  The only way I can figure on doing this effectively
would be a mod_perl module.  So, I'm going to write one.

J. J. Horner

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

Description: PGP signature

Re: ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-18 Thread 7;J. J. Horner'

The problem with that solution is that we have 2 virtual hosts, one http, one https, 
on one
machine.  https is the only available transport outside of our network, while the http
server is available internally.

This is a production webserver, with existing information, applications, etc.  We don't
want to redesign our existing setup just to move content to a secure virtualhost when
someone wants to authenticate.  This approach allows us to keep things from the 
side very transparent.  Developers can continue to maintain and create as usual, with 
added step of a login being transferred by https method.

If I were designing a server from scratch, I would plan better, but since we are trying
to implement encrypted basic authentication after the server, sites, applications are 
in place,
we have to work around them.

With the AuthName set to one value across the server, we may be able to prevent too 
many logins.

We need to keep the same content on both virtualhosts as much as possible.

Ideas?  Comments?


* Christian Gilmore ([EMAIL PROTECTED]) [010918 11:36]:
> Putting it into the auth phase would be appropriate, but I have to wonder
> why this module is needed other than to refrain from keeping your
> configuration file clean. Your unsecure virtual host should have no auth
> statements in it if you want all auth to be on your secure virtual host...
> You'll need to have your entire session where you want the user to
> authenticate on the same virtual host, else the user will be prompted
> multiple times or you will have a security gap if you're leaving it all up
> to the service layer.
> Regards,
> Christian
> > -Original Message-
> > From: J. J. Horner [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 18, 2001 8:51 AM
> > Subject: ANNOUNCE: Starting work on Apache::RedirectUnless
> >
> >
> > I have need of a module that will redirect to https anytime
> > basic authentication is required.
> >
> > I figure the best way to do this is to step in at the authentication
> > phase, and should authentication be required and the method be http,
> > redirect to https for any and all basic authentication
> > traffic.  Perhaps
> > after this, redirect to http, if desired.
> >
> > Any comments or suggestions?
> >
> > Thanks,
> > JJ
> >
> > --
> > J. J. Horner
> > "H*","6d6174686c696e40326a6e6574776f726b732e636f6d"
> > ***
> > "H*","6a6a686f726e65724062656c6c736f7574682e6e6574"
> >
> > Freedom is an all-or-nothing proposition:  either we
> > are completely free, or we are subjects of a
> > tyrannical system.  If we lose one freedom in a
> > thousand, we become completely subjugated.
> >

J. J. Horner

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

 PGP signature

ANNOUNCE: Starting work on Apache::RedirectUnless

2001-09-18 Thread J. J. Horner

I have need of a module that will redirect to https anytime 
basic authentication is required.

I figure the best way to do this is to step in at the authentication
phase, and should authentication be required and the method be http,
redirect to https for any and all basic authentication traffic.  Perhaps
after this, redirect to http, if desired.

Any comments or suggestions?


J. J. Horner

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

 PGP signature

Auth vs Authz handler

2001-09-14 Thread J. J. Horner

I'm working on the Apache::AuthExpire module.  Considering the
difficulties of getting two browsers to behave the same way, 
I was thinking that I should probably implement a login page, 
once the initial authentication phase is finished.  Basically,
user logs in, then if no timestamp is available (stored in a file),
then the initial login also starts the timer.  If a timestamp is 
available, and the user is idle for more than 15 minutes, the user
is greeted with an html page asking for password again.

My question is this:  should I implement this as an authen handler,
which it is now, or as an authz handler, which I think would give me more

Also, how do I get something renamed or reclassified, if I decide
that I should move it from the Authen phase to the Authz phase?


J. J. Horner

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

 PGP signature

Redirecting protected file requests to https for authentication

2001-09-06 Thread J. J. Horner

I have what seems to be a uncommon request.

I need to write a module, or find a way, that will step in at the Authentication
phase, or rather before, determine that a password is required, return a response
that redirects to the https mode for the request, then allows authentication.

I'm doing this so that no clear text passwords pass the network and so that 
any page that doesn't require authentication can still be handled using our 
port 80 virtualhost.


http://devmachine/no_authen/ - stays port 80
https://devmachine/no_authen/ - stays port 443
http://devmachine/authen/ - redirects to 443
https://devmachine/authen/ - stays port 443 and sends 401

Any ideas?  I've seen a few that are close (Apache::AuthenURL, for instance), and
they could be changed to do what I need, but if there isn't a way already done
for specifically this, I might do it.

Comments?  How about a name for this, should it be necessary to right it?


J. J. Horner

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

 PGP signature

Re: Looking for a new distro

2001-01-13 Thread J. J. Horner

* Jamie Krasnoo ([EMAIL PROTECTED]) [010113 17:20]:
> Ok, I've had it with RH 7.0. Too many problems. What Linux distro are some
> of you using with Apache 1.3.14 and mod perl 1.24_01?
> Jamie

I use Redhat 6.2.  I put 7.0 on my laptop, and it worked okay, but I only do perl
on my laptop.  If I were to code C (not very often), it would be on a 6.2 box.

I haven't looked into the egcs issue with RedHat 7.0, but I know RedHat issued an


J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Re: Debugging information sent to browser

2001-01-12 Thread J. J. Horner

* Todd Finney ([EMAIL PROTECTED]) [010112 13:00]:
> At 12:07 PM 1/12/01, Blue Lang wrote:
> >On Fri, 12 Jan 2001, J. J. Horner wrote:
> > > I'm also toying with the idea of allowing each script 
> > to have a DEBUG=1
> > > option enabled in a handler so that as long as it is 
> > the script owner,
> > > verified by uid, trying to set the DEBUG=1 parameter in 
> > a URL, the full
> > > debug information is sent to a browser
> >
> >Erm.. I'm not sure how you're going to verify the uid of a 
> >remote user,
> >unless you mean mapping an IP to each cgi-wrapped UID.
> I don't see how you'd do it based on uid, either, but you 
> could certainly do something based upon REMOTE_ADDR.

Why do you think it would be hard to return AUTH_REQUIRED if the 
DEBUG=1 param is in the URL?  Granted, the browser issues involved won't
make it the best solution, but no worse than passwords are already.  Someone
would have to be using a machine where a valid uid/passwd are in browser cache,
or someone would have to know a valid uid/password.

My guess is that if I can get it to return AUTH_REQUIRED if DEBUG=1,
then display the debugging information once the 401 is settled, this may
be a useful handler.

My main worry is how I'm going to produce the best debugging information
without requiring scripts to be rewritten.  As it is, CF displays debugging
information based on IP.  I can mimic the code from cgiwrap to find what I 
would like to send, and I can probably find a way to send the best debugging 
and error reporting to the debugging uid's browser.

Sorry, I'm going to take this off list now.

If you are interested in discussing this, send to my email.


J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Re: Debugging information sent to browser

2001-01-12 Thread J. J. Horner

* Blue Lang ([EMAIL PROTECTED]) [010112 12:08]:
> On Fri, 12 Jan 2001, J. J. Horner wrote:
> > I'm also toying with the idea of allowing each script to have a DEBUG=1
> > option enabled in a handler so that as long as it is the script owner,
> > verified by uid, trying to set the DEBUG=1 parameter in a URL, the full
> > debug information is sent to a browser
> Erm.. I'm not sure how you're going to verify the uid of a remote user,
> unless you mean mapping an IP to each cgi-wrapped UID.
> Either way, you've got a lot of moving targets. I might hijack the custom
> error page handler in Apache and send a default error page unless the
> remote user is somehow authenticated.. But I don't think remote uid or IP
> are gonna be reliable.

Well, I was hoping that once the DEBUG=1 option is set, I could force a
login by returning AUTH_REQUIRED, and if the authenticated uid matches the uid 
in the file ownership, the debugging information is sent.  If not, the user 
gets a standard 401 message.

But as I envision it now, I'd have to add something to the URL parser that looks
for DEBUG=1, and if present, sends to the special handler which does magic and
runs an strace on the script, or something.  I haven't fleshed out all of the details, 
but I'd like something similar to what Cold Fusion offers in its debugging options, 
and what cgiwrapd offers with its cgiwrapd setup.

I'm just thinking right now.


J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Debugging information sent to browser

2001-01-12 Thread J. J. Horner

Is something available to allow debugging information to be sent
to a browser based on the UID of the user or IP address of the

We use cgiwrap (and consequently, cgiwrapd) to help secure our server
and I like the option of using cgiwrapd when a problem is encountered. 

Is it advisable to write a perl module to provide this kind of   
debugging information?  Is something already written?
I'm also toying with the idea of allowing each script to have a DEBUG=1
option enabled in a handler so that as long as it is the script owner,
verified by uid, trying to set the DEBUG=1 parameter in a URL, the full
debug information is sent to a browser

Any hints, tips, or concerns?


J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Re: Need Some Help

2001-01-12 Thread J. J. Horner

* G.W. Haywood ([EMAIL PROTECTED]) [010112 10:10]:
> Hi there,
> On Fri, 12 Jan 2001, Perry Edward  (tsp2emp) wrote:
> > I have looked though every thing I could fine but what docs are you
> > referring to ?
> .../mod_perl/README
> .../mod_perl/INSTALL*
> .../mod_perl/SUPPORT
> and of course the Eagle Book - this is my (old) copy, there's a later
> edition which I recommend you get instead.

There is a second edition already?  This book hasn't been out 2 years yet.

You guys are quick!!


J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Re: [OT] Availability of Jobs -- was Re: [SOLICITATION] Programmer available for contracting..

2001-01-11 Thread J. J. Horner

* Michael Bacarella ([EMAIL PROTECTED]) [010111 10:32]:
> > Is this an odd time of year for many contractors where the contract ends 
> > around the holiday season? Or is this starting to be a symptom of dotcoms 
> > going bust and the development market starting to level out?
> I'm actually happily employed doing mod_perl (among things). I just
> wouldn't mind some extra income as well as an opportunity to meet
> new people.
> *shrug*
> -- 
> Michael Bacarella <[EMAIL PROTECTED]>
> Technical Staff / New York Connect.Net, Ltd
> Daytime Phone: (212) 581-2831

Yeah, who wouldn't mind some extra cash.  For instance:

My wife got mad at me for not wearing my wedding ring a few days in a row.
It has just slipped my mind, but she was a little hot over it.  
"How do you expect women to know your married if you don't wear the ring?", she asked.
"Honey," I replied," I'll just open my wallet.  They'll see the moths making a winter 
and know immediately that I'm married."

That didn't help matters much.  Imagine that.

J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Re: Strange log entry, Apache child messed up afterwards

2001-01-08 Thread J. J. Horner

* Gerd Kortemeyer ([EMAIL PROTECTED]) [010105 19:20]:
> Hi,
> Did anybody ever see a message like this in the error log after an "internal
> server error"?
>  [error] Undefined subroutine &Apache::lonhomework::handler called at /dev/null
> line 65535.
> No further entries.

Here is good, maybe:
Here is also good, maybe (the sequel):
I hear this may also be good (the next generation):

If all else fails, this may be good (generations):
I don't know, but it could help (the obligatory "We are all broke and can't handle our 
money, so we need more work"

If none of this helps, try Stallone, he makes more sequels.

J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Re: Mod_perl tutorials

2000-12-13 Thread J. J. Horner

On Wed, Dec 13, 2000 at 11:08:44AM -0700, Nathan Torkington wrote:
> J. J. Horner writes:
> > What is the story on these tutorials?  Is it something you can
> > distribute, or did most of it come off of the top your head?
> Tutorials seems like a deadend for effort.  I've had zero (0)
> responses to my offer of my "Introduction to mod_perl" tutorial.

I'm interested.  Send me a link, or tell me more information.

If it is going to cost me, it will have to wait until after Christmas.
My Christmas budge was depleted when I bought a new laptop, a new server, 
and a french horn.

J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Mod_perl tutorials

2000-12-13 Thread J. J. Horner


I was looking around Stas' site and found a discussion in which you 
stated that you taught some underlings about mod_perl in 2 five hour sessions.

What is the story on these tutorials?  Is it something you can distribute, or 
did most of it come off of the top your head?


J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

 PGP signature

Re: mod_perl training (was Re: Certification)

2000-12-11 Thread J. J. Horner

On Sun, Dec 10, 2000 at 06:13:13PM +0800, Gunther Birznieks wrote:
> It sounds to me like you have hit the nail on the head. Perhaps what is 
> needed in terms of recouping costs for a mod_perl hands-on development 
> course and/or online course is the open source/collaborative approach.
This seems to be a good solution to this problem.  Instead of 
one person sucking up the costs of developing these courses, we could
get a group together to do this.  Sounds good to me.

> I would be willing to donate my time to write and initially test the 
> exercises to the slides that are taught for the days. If a couple people 
> were to donate their time to writing the slides based on an outline 
> produced by Stas and Randal.

So would I.  I'm more than willing to proof read, test, and be a guinea pig.

> We could host it on sourceforge as the modperltraining project. Sourceforge 
> could also host the mailing list.
> Then regardless of if Randal would then be willing to take the course 
> material and beta test it as a class he offers (eg maybe giving the course 
> itself would not be profitable for him), we ourselves could be giving this 
> course all over the world in beta-test Perl Monger groups.

Yet another good idea.  We all love open-source, and collaborative efforts, so 
let's create a good set of training materials, and then let people teach this
material in their own neighborhoods.  

> I know there are still issues such as getting people of the same level of 
> expertise in the same room and mod_perl not being a "core" technology, but 
> I think mod_perl can be taught assuming similar requirements as the PROM 
> class you offer as an initial thought? mod_perl doesn't require all of 
> PROM, but probably about a day of it would be integrated to bring people up 
> to speed on the basics?

You lost me here.  I'm not sure what "core" technology means.  I always thought
it would be relatively easy for an experienced teacher to develop a coherent, 
reliable course for mod_perl, as long as some requirements are met (able to program
perl and able to configure and administer an apache server).  Once those guidelines
are met, discussing the Apache API, going into detail on each of the response phases,
and going through examples and exercises, would flow somewhat unfettered.

1.  the Apache server life cycle
2.  the request loop
3.  Discussion of the API for each phase of the loop with examples
4.  Exercises

This would take about 3 (maybe 4) days with someone who meets the pre-reqs.  1 for the 
intro and terminology
1 long day to discuss the APIs for each phase (maybe two), and 1 day to go over
exercises and have some "lab" work.

This is just a rough estimate, and if someone thinks I've lost my coconuts let me know.
Getting someone up to speed on mod_perl (not Apache::* modules, but the perl API to 
shouldn't take too long.  I'd say about 1-1.5 hours for each stop in the request loop. 
hours to teach someone the guts of Apache, including terminology and the real base 
stuff, and 8-10 hours to go over exercises, and develop skeleton handlers.

We are looking at about 30 hours of hard, hard work.  They don't call some training 
"boot camps" for nothing.

Again, feedback is good.  Just make it constructive.  Calling me a "moronic putz" 
isn't helpful, 
but saying "Hey, Moronic Putz, you underestimate " is good.

> helping with this project, please email me privately. If I get enough 
> people willing to contribute (at least 5), I'll set up the sourceforge 
> project to start the ball rolling Oh yeah, did I say I didn't mind donating 
> my admin time as well to this experiment. :)

Count me in.  I'll be willing to guinea pig stuff and give feedback, as well
as do research and help out more experienced teachers.

> Later,
> Gunther

J. J. Horner 
Apache, Perl, mod_perl, Web security, Linux

Re: mod_perl training (was Re: Certification)

2000-12-08 Thread J. J. Horner

On Thu, Dec 07, 2000 at 11:06:02PM -0800, Randal L. Schwartz wrote:
> I can't figure out where the "start" and "finish" are with mod_perl
> that would make sense for 80 to 400 people.  It's not core techology,
> like the llama.  We target the llama as how you would want ANY perl
> hacker to spend their first 30 hours.  But what 20-30 hours are
> *common* for any mod_perl hacker?  And what do you do for pre-reqs?

In my opinion, two essential prereqs are:
1.  Strong knowledge of perl.
2.  Strong knowledge of Apache webserver configuration and administration.

I say this because I didn't know that so many people though mod_perl was 
just Apache::Registry or HTML::Mason, or Axkit, or whatever.  I always
though of mod_perl as the PERL API TO APACHE!  That, in my opinion, should
be the center of attention in a training program.  Teaching about the 
API hooks to the different response phases, showing examples of different
interactions with the phases, and working through exercises where a student
learns most of the nooks-n-crannies of the API.  One can't learn all of this
unless one knows Apache configuration, administration, and operation well, and
one will be completely lost unless one knows perl.

I don't want to be hired as an HTML::Mason programmer, no matter how cool the
module is.  I want to be a mod_perl programmer so I can write custom stuff
for a company that has specific guidelines and needs.  If a company can take
something already written and use it, they won't hire a mod_perl programmer.

Am I right?
> Training is a tough business.  I've been damn lucky, and moderately
> skilled to have had the privilege to train thousands of satisfied
> customers, and sell hundreds of thousands of book.  And I'd love to
> see more mod_perl hackers out there.  But it's gotta make sense to me
> financially before I commit resources to it.  I'm a small business.  I
> can't absorb training at a loss for very long.
> Hope that helps you see what you need to tell me to get me to do this.
> (nudge nudge)

I'd start off with an intro course available for pay over the web.  I'm 
not qualified for this, but you are about as qualified as anyone.  I'd be 
more than happy to provide feedback and give my oh-so-insignificant opinions.

I'd wait to see what the response is on the intro.

I'll be honest with you.  I can NOT travel to do training.  I can't afford it, nor
can I take the time to do it.  I'm not likely to find a company who will send me 
somewhere so I can do it.  That is why online training is so important and appealing 
to me.

I'd pay to take an online course (read this, and do exercises, and then get feedback, 
then get a neat little certificate from merlyn).

I just now feel somewhat comfortable putting mod_perl in my signature.  I don't use 
Apache::Registry very much.  But I do write phase specific stuff.

J. J. Horner

Apache, Perl, mod_perl, Web security, Linux

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RFC: mod_perl advocacy project resurrection

2000-12-07 Thread J. J. Horner

On Thu, Dec 07, 2000 at 07:56:09AM -0700, Nathan Torkington wrote:
> J. J. Horner writes:
> > I'd be interested in something like this.
> Certification is a quagmire.  If it's done well, it takes a lot of
> work by the certification authority, and that makes it expensive for
> those certified.  If it's done poorly, it's useless and is just a
> moneymaker for the certification authority.
I see your point.  I was just thinking that creating a program would
give some public credibility to the mod_perl community, which would then
allow an entrance point into the community, which would increase numbers, 
which would increase message coverage, which would increase usage, which
would increase word-of-mouth, which would give credibility, etc, etc.

> I think that certification is only really meaningful when you have too
> many applicants and need to give the employers a sense of how good the
> applicants are.  That's the Cisco and Microsoft model, even though
> MCSE is a joke.  I don't see a surfeit of mod_perl programmers.  If
> anything, a stark shortage.
I could see a use for certification for when we have too few.  If we convert
the few uncertified to certified, then get the acronym (CMPP??) known, this
could be a way to identify the mod_perl community and provide press coverage.

> I'd rather see us find some way to churn out perl and mod_perl
> programmers.  For instance, release a beginner class on Perl and
> mod_perl and have local Perlmongers lead classes.  I have my slides
> from the University of Perl, which I'd contribute to such an effort
> (they're pretty closely based around the Eagle book, and some of the
> details should be replaced with sections on Mason et al.).
The mod_perl book is a very valued reference book for me.  I rarely
leave home without it, so to speak.  

I do see your point, and you are probably right.  I feel we are in a chicken-egg
situation here:  we need people, so we need coverage and media, so we can get people.

I hate seeing very worthy technologies die in favor of less worthy, yet more hyped 
technologies.  We need to beat them at their own game, it seems.

J. J. Horner
System has been up: 3 days, 10:14.

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RFC: mod_perl advocacy project resurrection

2000-12-07 Thread J. J. Horner

On Thu, Dec 07, 2000 at 03:58:48PM +0100, Stas Bekman wrote:
> > By the way, does mod_perl have a "board of directors"?  If there was a 
> > mod_perl consortium backing mod_perl (Merlyn, Lincoln, Doug,  Stas
> > etc) formally, I'm sure we could get some pretty serious notice.
> Yes, it's called Project Management Committee (pmc) and currently the
> members are Doug, Eric Cholet, Ask and me. This committee is a part of the
> Apache Software Foundation (ASF) group, which has pmc for every project
> hosted under ASF umbrella.

So, if we were to look for a mod_perl certification, shouldn't this group
of fine, upstanding people be the ones to design it, and have merlyn administer
it through his site, or maybe this group could form a subcommittee to 
do the dirty work (grading, signing certificates, keeping track of certificate
numbers, setting up mailing lists, etc).

I truly believe that what worked for M$ could work for us.  M$ proved that the
key to getting any technology accepted, no matter how inferior, was to create
a group of people who could advocate, administer, and sell the technology.

We have a great thing here.  If we could get a cert that makes people, perhaps 
in stages, submit handlers for all of the applicable Apache response phases, as
well as create content handlers that perform database connections, add neat headers, 
footers, and graphics, and create theme handlers, etc, we could certify a 
group of dedicated, knowledgeable salesmen, programmers, hackers, etc.

If I'm way off base, please let me know.  I'm spending considerable brain power
on this idea and if I'm wasting it, I need to know.  I don't have much spare brain
power and I could use it to try to figure out my wife . . .

J. J. Horner
System has been up: 3 days, 10:14.

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RFC: mod_perl advocacy project resurrection

2000-12-07 Thread J. J. Horner

On Wed, Dec 06, 2000 at 01:22:26PM -0800, Randal L. Schwartz wrote:
> >>>>> "Gunther" == Gunther Birznieks <[EMAIL PROTECTED]> writes:
> Gunther> This is exactly why someone experienced in training (ie
> Gunther> Randal/StoneHenge) would hopefully be the ones to take the
> Gunther> torch on this. If there's anyone I would trust a
> Gunther> certification from, it would be them.
> We've considered the certification route from time to time, but other
> than being a money maker for us (which isn't all that bad of a deal :-),
> I'm still not entirely convinced that the community of *ours*
> would demand certification in any distinguishing way.
> I mean, until I can demonstrate that people with certs are likely to
> get hired faster or make more money, what's the point?  As it is now,
> good mod_perl people are hard enough to find that the jobseeker
> already has the advantage.
> I'm very open to being convinced otherwise though.

I'd be interested in something like this.  For a low price ($50-$100),
I'd take a list of activities from your website, complete the activities,
submit my code back to you, and let you grade me, and then send me some
form of certificate saying "Certified mod_perl hacker" with Stonehenge
and the famous merlyn signing it.

If we could get Doug and Lincoln to sign off on the list of activities, 
the certification couldn't get more genuine than that.

Having one of the great perl hackers, the creator of mod_perl, and a
few other luminaries endorse the program would be a boon.

By the way, does mod_perl have a "board of directors"?  If there was a 
mod_perl consortium backing mod_perl (Merlyn, Lincoln, Doug,  Stas
etc) formally, I'm sure we could get some pretty serious notice.

How many technologies have the actual creator as part of the certification
process?  It could only help.

Even if someone open books the exercises, the certification would still be valid.
How many times are you forced to write something without reference of any kind?

Just my $0.02.

If I forgot to add kudos to any one individual, I apologize.  I don't mean to 
leave anyone out.

J. J. Horner

"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin

"The tree of liberty must be watered periodically with the 
blood of tyrants and patriots alike. ... Resistance to tyrants
is obedience to God."
- Thomas Jefferson

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [entirely OT :o] Version 0.3? [Was: mod_perl advocacy project resurrection]

2000-12-06 Thread J. J. Horner

On Wed, Dec 06, 2000 at 11:14:46AM -0800, Paul wrote:
> --- Perrin Harkins <[EMAIL PROTECTED]> wrote:
> > > you don't have to spend time re-integrating Apache::Session and
> > > Apache::DBI and Apache::WipeMyAss with each new project.
> >
> > I think Apache::WipeMyAss auto-configures as of 0.3. 
> Where can *I* get that upgrade? =o)

I think you will need to install Apache::KissMyRedEye to make that module work.

J. J. Horner

"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin

"The tree of liberty must be watered periodically with the 
blood of tyrants and patriots alike. ... Resistance to tyrants
is obedience to God."
- Thomas Jefferson

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: mod_perl advocacy project resurrection

2000-12-05 Thread J. J. Horner

On Tue, Dec 05, 2000 at 11:34:49AM -0800, brian moseley wrote:
> people won't use the software if you don't give them a
> compelling reason. mod_perl and the higher layer systems
> that use it are not as easy to configure or program as php,
> and they have a lot less support from external software
> vendors or relevance inside engineering shops than java. we
> are being squeezed from both ends.
> i had lunch with doug and jon swartz not too long ago,
> talking about the possibility of starting a web application
> infrastructure company based on mod_perl and mason. when we
> got down to it, the fundamental question was: why not just
> use java? and we couldn't find any answer other than "i like
> perl better". and that's not a reasonable business
> justification.
> at some point we're going to run out of hobbyists and others
> who /can/ justify using mod_perl-based technologies because
> they like perl better.

As sad as this makes me, it has a ring of truth.  The only reason 
I use mod_perl is to do things that require an Apache module, and 
I don't feel like using C.  I know the performance increase for
mod_perl scripts is amazing, but the learning curve doesn't justify

Perhaps if someone makes a mod_perl based embedded scheme like
Cold Fusion or PHP, that has some special hooks into Apache
for performance that the other solutions don't offer. . .

Honestly, though, I didn't believe the strength of mod_perl
rested on the Mason type modules.  I thought the strength of 
mod_perl was having a perl/Apache API.  Having an easy way to
interact with Apache using everyone's favorite language was 
what sold me on Apache.


J. J. Horner

"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin

"The tree of liberty must be watered periodically with the 
blood of tyrants and patriots alike. ... Resistance to tyrants
is obedience to God."
- Thomas Jefferson

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RFC: mod_perl advocacy project resurrection

2000-12-05 Thread J. J. Horner

On Tue, Dec 05, 2000 at 11:20:49AM -0800, brian moseley wrote:
> On Tue, 5 Dec 2000, Nathan Torkington wrote:
> > I picture only 10% of people who build web sites ever
> > needing to use mod_perl directly.  I think they're more
> > likely to use the systems that are built *in* mod_perl,
> > like Mason, AxKit, and so on.  If there's a with a lot
> > of information about building web sites with those
> > systems, then you'll make people happy.
> amen! mod_perl is for gearheads. higher layer software is
> for people who want to achieve a business goal, or even just
> make a personal site. we have a wealth of gearhead-oriented
> information, but almost nothing that would convince my php
> friends to make the switch to perl or help them migrate a
> site.
I'd be more than happy to act as a test case for someone wanting
to do an article on any of these tool kits.  I can provide a server,
and some some feedback from a new toolkit user perspective.

Let me know what kind of tasks you need me to do and evaluate, and
I'll do it.

I can't write an article, as my writing skills are barely good
enough for a college writing course, but I'll do research and 
provide technical information.

J. J. Horner

"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin

"The tree of liberty must be watered periodically with the 
blood of tyrants and patriots alike. ... Resistance to tyrants
is obedience to God."
- Thomas Jefferson

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RFC: mod_perl advocacy project resurrection

2000-12-05 Thread J. J. Horner

On Tue, Dec 05, 2000 at 11:46:38PM +0800, Gunther Birznieks wrote:
> Maybe Randal's company (which I *think* specializes in training among other 
> things) could help in that area -- the idea of mod_perl certification is 
> more intriguing I think than just plain perl certification.

Now this is something I would like.  I am not big on certs (I don't have a single
one), but if I were to get one, this would be it.  I like mod_perl, and although
I have only really started writing one public mod_perl module (anyone remember
Apache-AuthExpire?  Didn't think so, browser differences killed it), and I've
written numerous custom stuff for work (sorry can't go into detail), I'm light
on content handlers.  I'm more backend, since I am not the most creative knife
in the box.

If I could get certified with mod_perl from [merlyn] and have the certification
jive with the creators, it would help me considerably when I market myself as 
a hired-gun mod_perl coder.

And we all remember the M$ scheme of an army of papered drones chanting "Microsoft
is great!".  We all now that it sold M$ software more than the software really did.

If we can get an elite force of mod_perl hackers on the scene to spread the gospel,
we would see a big boon to mod_perl press and support.

Just my unlearned $0.02.

J. J. Horner

"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin

"The tree of liberty must be watered periodically with the 
blood of tyrants and patriots alike. ... Resistance to tyrants
is obedience to God."
- Thomas Jefferson

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cgi script vs mod_perl script

2000-11-29 Thread J. J. Horner

I have a script that uses some hash magic to set some variables.  It works well in 
normal mode, but
when I put it in my /perl directory, it stops working well.

The full script is included.  In the script, I set up a hash of variables->subroutines
so that when someone sets a variable, it calles a specific subroutine using

It doesn't seem to work.

Any ideas?

J. J. Horner

"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin

"The tree of liberty must be watered periodically with the 
blood of tyrants and patriots alike. ... Resistance to tyrants
is obedience to God."
- Thomas Jefferson

#!/usr/bin/perl -wT

use strict;
use CGI qw(:all);
#use LWP::Simple;
use Apache::Registry;
use lib "/data/2jnetworks/lib";
require '';

my $header_file = content("/data/2jnetworks/htdocs/header");
my $footer_file = content("/data/2jnetworks/htdocs/footer");
my $q = new CGI;

my %hash = (
Index   =>  \&Index,
Home=>  \&Index,
Services => \&Index,
ContactUs =>\&Index,
Links   =>  \&Index
my ($title,$backcolor,$textcolor,$welcome_message,$body_message);
my $value = $q->param('page') || "Index";
print $q->  header(),
start_html( -title=>"2J Network Services, Inc.",
print $header_file;
print $q->
print $footer_file;
print $q->  end_html();
print "\n";

sub Index {
$title = "2J Network Solutions";
$backcolor ="white";
$textcolor = "black";
$welcome_message = "Welcome!!";
$body_message = "Future home of 2JNetwork Solutions.";


sub Weather {
$title = "Local Weather";
$backcolor = "white";
$textcolor = "black";
$welcome_message = "Current Local Weather from";
$body_message = get_weather();

sub Plan {
$title = "Jon's Plan";
$backcolor = "white";
$textcolor = "black";
$welcome_message = "These are the things I have on my drawing board:";
$body_message = content("/data/home/jhorner/.plan");

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

This is so cool.

2000-11-29 Thread J. J. Horner

I've written mod_perl handlers for a few different phases, but I've never 
really worried about speed increases for plain content.

I recently migrated from a cgi script in my cgi-bin that handles content
to a Apache::Registry script that does the same thing.  On my
puny 150MHz Pentium, 96MBytes RAM machine, I was getting about 4.5
requests answered per second with a normal cgi script.  After moving
it to Apache::Registry and moving into the /perl/ directory, I can 
easily get 13-18 requests answered per second.  

That isn't too bad.  Once I get this translated into a complete
mod_perl handler, I will probably see an enormous increase.

Thanks for listening.

J. J. Horner

"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin

"The tree of liberty must be watered periodically with the 
blood of tyrants and patriots alike. ... Resistance to tyrants
is obedience to God."
- Thomas Jefferson

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: PerlAuthenHandler and browsers

2000-06-22 Thread J. J. Horner

On Wed, 21 Jun 2000, Geoffrey Young wrote:

> > On Wed, 21 Jun 2000, Blue wrote:
> > 
> > > On Wed, 21 Jun 2000, J. J. Horner wrote:
> > >  
> you might want to check out Apache::TicketAccess and the example of ticket
> based access in the eagle book if you decide move to form based verification
> - a simple solution is spelled out pretty clearly there...

Unfortunately, I won't have access to a database server for this.  I'm
going to have to use a form for second authentication and timekeeping.

If anyone has any suggestions, let me know.  I'll just be over here trying
to roll my own method.

J. J. Horner
Apache, Perl, Unix, Linux

Re: PerlAuthenHandler and browsers

2000-06-21 Thread J. J. Horner

On Wed, 21 Jun 2000, Blue wrote:

> On Wed, 21 Jun 2000, J. J. Horner wrote:
> > For that reason, my handler can't rely on browsers to behave during the
> > Authentication phase.  I am going to have to find a way to force a user to
> > input his password into the browser not using standard HTTP response
> > codes.
> Could you elaborate on that a little more, please?

When a browser is sent a 401 response code, it checks its password cache
for a password for that REALM, and , if found, sends it.  If it isn't
found, it requests one from the user.  IE 4.x never wants to ask the user
for that, if it has one in its cache, even if the server sends a 401
response back again.  It appears to keep trying a few times.

Under netscape, if I want a browser to pop another dialogue box (say a
user has a valid password/uid pair, but I'm trying to force him to input
it again), I can send back the 401 error and if the user doesn't cancel
out, everything is fine.  If the user cancels the dialogue, goes somewhere
else, and then comes back, he can get it without submitting a username and
password again.

What I will have to do, I guess, will be to write a mod_perl handler to
allow a CGI script to step in at the Authentication phase, request the
users password again, in an html form, check that password against the
password returned with $r->get_basic_auth_pw and if the check returns
true, send back the document originally requested.

I am trying to find a way to spawn a subrequest so that the user can click
a link, get the "Please verify password" page, then go on to what he

Does this clear it up?

J. J. Horner
Apache, Perl, Unix, Linux

PerlAuthenHandler and browsers

2000-06-21 Thread J. J. Horner

After working with 4 different types of browsers and the
PerlAuthenHandler, I am really unimpressed with browser makers.  

There are so many ways to convince browsers to resend a username password

For that reason, my handler can't rely on browsers to behave during the
Authentication phase.  I am going to have to find a way to force a user to
input his password into the browser not using standard HTTP response

What is a reliable way to return a CGI script, and doing something with
that response, before returning the page requested by the user?


J. J. Horner
Apache, Perl, Unix, Linux

Crazy browser issues

2000-06-21 Thread J. J. Horner


I'm working on a PerlAuthenHandler that returns AUTH_REQUIRED unless a
file is less than a certain number of seconds old.

I've noticed a problem:

In Netscape (and probably IE), if a handler returns AUTH_REQUIRED, the  
user can just hit 'Ok' on the password dialogue without typing in a  
password and the browser will resend the original information again.  
If the password in cache is still valid, it will
reauthenticate without prompting the user again.  This can't be
cool.  I've found that I have to make sure that the $sent_pw in 

my ($res, $sent_pw) = $r->get_basic_auth_pw;

isn't null or 0.

Also, IE doesn't always give a user the password dialog when given an
AUTH_REQUIRED response.  If IE sends a username/password because of an
AUTH_REQUIRED response, and gets an AUTH_REQUIRED response in return, it
will resend the information again, this makes it really difficult to deal
with different browsers during the Authentication phase.

Any ideas or comments?
J. J. Horner
Apache, Perl, Unix, Linux


2000-06-14 Thread J. J. Horner

Apache::TimeOut has become Apache::AuthExpire.

Please critique at

I appreciate your help.

Any comments are welcome, including name issues, etc.

J. J. Horner
Apache, Perl, Unix, Linux

Apache::TimeOut module

2000-06-14 Thread J. J. Horner

I wrote a module, now available in very beta form, to provide timeouts to
.htaccess protected directories.  Please download from:

and give me feedback.  I hope to submit this to CPAN soon, if warranted.


J. J. Horner
Apache, Perl, Unix, Linux

handlers on CPAN

2000-06-13 Thread J. J. Horner

 do handlers belong on CPAN?


J. J. Horner
Apache, Perl, Unix, Linux

Re: Help writting a module for Apache.

2000-06-12 Thread J. J. Horner

On Mon, 29 May 2000, Ariel Manzur wrote:

> I need Apache to do this: always ask for basic authentication, and then
> accept any conbination of username/password as correct, and set an
> enviroment variable with the password sent on the request, so I can
> retrieve that on a CGI script, and do the real authentication there.
> I couldn't find a way to do that with the 'standard' apache modules, so I
> have to write one, and I have some questions:
> - is that any module that alredy does that? :)
> - Can anyone point me to a "real life" example, or guide, on how to write
> and install a module using mod_perl? I use perl a lot, but I could find
> "easy" documentation on how to write modules (I don't want to read a _huge_
> man page for this simple task)

What is wrong with using the skeleton in Chapter 6 of the Eagle book
(Example 6-6)?

J. J. Horner
Apache, Perl, Unix, Linux

Re: mod_perl: Configuration info at run-time

2000-06-12 Thread J. J. Horner

On Mon, 12 Jun 2000, Richard L. Goerwitz wrote:

> It's not obvious to me how one might get a list of VirtualHosts that are
> configured for the current server instance (at run-time, e.g., from in-
> side a Perl module).
> Is there some canonical way to do this?

I would guess that you could do a DNS lookup on your webserver IPs and get
all the CNAMEs associated with it.  But this is just a thought.


J. J. Horner
Apache, Perl, Unix, Linux

Re: Any tips or hints?

2000-06-11 Thread J. Horner

Rob Tanner wrote:
> I am perhaps seriously missing your point.  The stuff in chapter 8 is
> mainly about httpd.conf -- custom config directives for you module and
> using perl to configure apache.  There's nothing really there about
> .htaccess.  If you are planning to use PerlSetVar directives in .htaccess,
> there's nothing special you need to do other than read their value.  On pp
> 455-456, check the description of dir_config().  From what your describing
> below, you don't need to make custom directives, and anyway, PerSetVar and
> custom directives are two entirely different things.  You simply use them,
> you don't define them in Makefile.PL.

Perhaps I've misread something.  I was trying to make my module,
Apache::TimeOut, usable on CPAN.  I wrote this module to provide
configurable timeouts for certain web pages.  I am just trying to
find a way to put this is in the CPAN archive.  Any good links on
making the Makefile.PL, the documentation, and the .tar.gz file
needed to list this on CPAN?


J. J. Horner
System has been up: 4 days.

Any tips or hints?

2000-06-09 Thread J. Horner

I'm working with Chapter 8 of the Eagle book to make an automatic
installer for my new module.

This isn't quite the easiest thing in the book.

I have a module that will need 3 parameters set via .htaccess

$DEBUG = 0 or 1 (off or on)
$time_limit = number of seconds before a user is timed out
$max_limit = default maximum inactive time before timeout.

To set them in the .htaccess file, I think I want to use
something like the following:

PerlSetVar TimeOut 'debug => 1, TIME_LIMIT => 900, MAX_LIMIT =>

I think I will need something like this in my main module file:

sub TimeOut () {
my ($cfg, $parms, $option, $setting) = @_;
$cfg->{TimeOut}{$option} = $setting;

And to use these, I will need to do something like:

my %mappings = ();
if(my $cfg = Apache::ModuleConfig->get($r)) {
%mappings = %{ $cfg->{TimeOut} } if $cfg->{TimeOut};

And call them like so:

my $DEBUG = $mappings{'debug'};
my $time_limit = $mappings{'TIME_LIMIT'};
my $max_limit = $mappings{'MAX_LIMIT'};

And in the main configuration file, call:

PerlModule Apache::TimeOut

In my Makefile.PL, I think I should do this:

my @directives = (
{ name  => 'TimeOut',
  errmsg => 'an option (debug, TIME_LIMIT, MAX_LIMIT) and
  args_how => 'TAKE2',
  reg_override => 'OR_AUTHCFG'

I know I've done a lot of talking, but can someone tell me if
I've messed something up?


J. J. Horner
System has been up: 2 days.

[OT] Great book!

2000-05-09 Thread J. J. Horner

Well, in an effort to improve my effectiveness when coding perl, I bought 

"Effective Perl Programming" by Hall w/ Schwartz.

I must say, I am enjoying this book.  It appears to be one of the few tech
books that I can read front to back and be engaged from start to
finish.  I bought it Sunday, and I'm already half way through.  I may have
to go through again to cement the concepts, but the text is informative,
the concepts are enlightening, and the code examples are as relevant as
I've seen in any book on programming.

I give this book 4 1/2 'J's out of 5.

J. J. Horner
Apache, Perl, Unix, Linux

Re: how to rewrite to a POST

2000-04-27 Thread J. J. Horner

On Thu, 27 Apr 2000, Ken Y. Clark wrote:

> On Wed, 26 Apr 2000, David Hajoglou wrote:
> > so, is it possible to take a GET request and rewrite the uri into a POST
> > request and if so how?
> i'm not sure if that's really necessary.  you could just put the GET args
> into $r->pnotes, perhaps like so:
> sub handler {
> my $r = shift;
> return DECLINED unless $r->is_main();
> my $apr= Apache::Request->new($r);
> my @params = $apr->param;
> my %args   = ();
> $args{$_}  = $apr->param($_) for @params;
> $r->pnotes('args', %args);
> return OK;
> }

In my situation, we sometimes have developers who try to send uids and
passwords across using a get.  This puts uids and passwords in the
logfile.  Is there a way to rewrite the GET to a POST before logging so as
to remove the uid/password data pairs?


J. J. Horner
Apache, Perl, Unix, Linux

Re: in configs

2000-04-19 Thread J. J. Horner

On Wed, 19 Apr 2000, w trillich wrote:

> having seen the possibilities from
> /usr/share/doc/libapache-mod-perl/examples/perl_sections.txt
> (schwartz's neat virtual host setup) i thought i'd give it
> a whirl.

I don't have this.  Can someone point me to a link, or maybe send it via

J. J. Horner

Re: Newbie help - mod_perl use

2000-04-10 Thread J. Horner

On Mon, 10 Apr 2000, Ron Beck wrote:

> What does the following do for you...
> SetHandler perl-script
> PerlHandler Apache::Registry
> Options ExecCGI
> The "Porting CGI Scripts" recommended including this in my httpd.conf
> file.  I assumed it was so I didn't have to put all my scripts into a
> single directory.  Is this not correct?

No, that should work.  Did you run any benchmarks against your server
before implementing mod_perl, and after to see if it does any good?

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 9 days.

Re: [OT] anchoring regexp

2000-04-10 Thread J. Horner

On Mon, 10 Apr 2000, Devin Ben-Hur wrote:

> $ diff first anchored
> 1c1
> < sub first {
> ---
> > sub anchored {
> 9a10
> > my $request = join(" ",$method,$uri);
> The only difference between your two benchmark subroutines are their
> names, and that the anchored one also composes your $request variable. 
> Of course anchored will take a little longer -- it has one extra
> statement.

Sorry, it is a Monday.  I attached the right file.

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 9 days.

#!/usr/bin/perl -w
# This script is used to benchmark various algorithms for checking the log file. 
# It uses the Benchmark module and some sloppy coding.

use Benchmark;

my @internals = 

sub first {
my $i;
my @fields = ("","","","","","GET","/","HTTP/1.0","404","");
my $source = $fields[0];
$fields[5] =~ s/\"//;
$fields[7] =~ s/\"//;
my $method = $fields[5];
my $uri = $fields[6];
my $protocol = $fields[7];
my $status = $fields[$#fields-1];
for ($i = 0; $i <= $#internals ; $i++) {
if ($source =~ /$internals[$i]/) {

sub anchored {
my $i;
my @fields = ("","","","","","GET","/","HTTP/1.0","404","");
my $source = $fields[0];
$fields[5] =~ s/\"//;
$fields[7] =~ s/\"//;
my $method = $fields[5];
my $uri = $fields[6];
my $protocol = $fields[7];
my $status = $fields[$#fields-1];
for ($i = 0; $i <= $#internals ; $i++) {
if ($source =~ /^$internals[$i]/) {

timethese(5000, { first => 'first()',anchored => 'anchored()',  });

Re: [OT] anchoring regexp

2000-04-10 Thread J. Horner

On Mon, 10 Apr 2000, Jason Simms wrote:

> I have a question first, then some insight as to why you may be having the 
> problem...  First, is this Knoxville, TN?  I lived there for 17 years of my 
> life, and only recently (1.5 years ago) moved up to New York City.  I left 
> due to lack of businesses in Knoxville using Linux / UNIX and Perl, along 
> with other more advanced Web technologies.  I can say the market for 
> hardcore UNIX / perl (what I do) is much stronger up here than down htere, 
> but I am always interested in the possibility of moving back down there with 
> my skills.
> As to your problem, I doubt people can be of much assistance (though we'll 
> see) without seeing the regex and sample data.  Perhaps if you resent that??
> In any case, good luck.  And perhaps, stay in touch, or put me on a mailing 
> list, or something.  Thanks!

Well, there isn't really anything in Knoxville, but Oak Ridge is pretty

You have a good point.  Sorry about the lack of code.

Here is my analyzer_benchmark script that will show you the code.

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 9 days.

#!/usr/bin/perl -w
# This script is used to benchmark various algorithms for checking the log file. 
# It uses the Benchmark module and some sloppy coding.

use Benchmark;

my @internals = 

sub first {
my $i;
my @fields = ("134.167","","","","","GET","/","HTTP/1.0","404","");
my $source = $fields[0];
$fields[5] =~ s/\"//;
$fields[7] =~ s/\"//;
my $method = $fields[5];
my $uri = $fields[6];
my $protocol = $fields[7];
my $status = $fields[$#fields-1];
for ($i = 0; $i <= $#internals ; $i++) {
if ($internals[$i] =~ /$source/) {

sub anchored {
my $i;
my @fields = ("134.167","","","","","GET","/","HTTP/1.0","404","");
my $source = $fields[0];
$fields[5] =~ s/\"//;
$fields[7] =~ s/\"//;
my $method = $fields[5];
my $uri = $fields[6];
my $protocol = $fields[7];
my $request = join(" ",$method,$uri);
my $status = $fields[$#fields-1];
for ($i = 0; $i <= $#internals ; $i++) {
if ($internals[$i] =~ /$source/) {

timethese(5000, { first => 'first()',anchored => 'anchored()',  });

[OT] anchoring regexp

2000-04-10 Thread J. Horner

I bought a new book this weekend:  the wolf book.  I'm enjoying it.  I
came from an engineering background, so anything that gives comp sci
theory is good.

I read in the book, and I've always suspected, that anchoring regular
expressions will speed them up.  I'm finding that after 5000 iterations,
the unanchored is slightly faster (about 1/10th of a second).

This isn't a significant problem, but when checking http logs that are
10 lines long for 18 different machines, it will add up to a few

Can anyone give me a clue as to why this isn't true?

By the way, with each book I buy from O'Reilly on Perl (starting with the
Schwartz Bible), I learn more and more.  I'm really pleased with the
books.  Thanks to all the authors who are reading (Randal, Doug, Lincoln,
et al).

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 9 days.


2000-04-06 Thread J. Horner

Is the mailing list down?

2000/04/06 13:14 (GMT -05:00)

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 5 days.

which handler?!?

2000-04-05 Thread J. Horner

I'm finally writing the web server intrusion system that I've planned for
months.  I have the skeleton for the URI comparing handler, but I'm a
little unclear where it should really go.

A handler is written to compare the URI against a source of known web
server issues to alert the administrator to hacking attempts.  Should the
handler be installed at the PerlPostReadRequestHandler phase or the
PerlTransHandler phase.  The Eagle book says something like:

"It is called once per transaction and is intended to allow modules to
step in and perform special processing on the incoming data", which is
what I want, but it goes on to say, "However, because there's no way for
modules to step in and actually contribute to the parsing of the HTTP
header, this phase is more often  used just as a convenient place to do
processing that must occur once per transaction."  

Is this last sentence not the negation that I read it to be?  It seems to
me that it is telling me that I really can't write a handler to actually
do something useful on the incoming request header.  

If I put the hander in at PerlTransHandler, it seems that I would
interfere unnecessarily at the translation phase.  I just want a place to
put it where it can take the request, run a regexp against a list of known
issues to check for a match, then, if we return a false, go on with the
parsing and file mapping.

Ideas?  Doug?  Lincoln?  Can I get some clarification?

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 4 days.

Re: Server-Side Include isn't workin' :(

2000-03-31 Thread J. Horner

On Fri, 31 Mar 2000, Sam Carleton wrote:

> I have followed the example in "Writing Apache Modules in Perl and C".
> The module Apache::ESSI is working fine for a virtual site (development
> site), but it does not work for the main (non-virutal) site.  Here a bit
> of my httpd.conf:

Perhaps I'm missing something, but could you post the whole thing?  If you
want, just reply to me.

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 9 days.

Re: [RFC] holding a mod_perl conference

2000-03-31 Thread J. Horner

On Fri, 31 Mar 2000, Vivek Khera wrote:

> >>>>> "Z" == Zeppelin   writes:
> Z> If you spend a week a year in Vegas over a couple of consecutive years,
> Z> you'll rapidly become an expert at "How to attend a conference in Vegas."
> Good point.  Let's move the conferences to Grand Cayman, then, since I
> just spent a week familiarizing myself with it ;-)  And the weather
> there is excellent...

We could always do it in KNoxville/Oak Ridge.  There is a pretty decent
high-tech support system here with all of the DoE projects, ORNL, etc.
The city is not so big as to lose people, but big enough that there is a
wealth of hotels, conference centers, eating places, etc.  And I'll
volunteer to show everyone the sites (a barn, some cows, a big barn, etc).

I hear there is a plan to move some heavy fiber optics here to ramp up for
a major technology center for the east. . .

Who knows?

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 9 days.

Re: [RFC] holding a mod_perl conference

2000-03-31 Thread J. Horner

On Fri, 31 Mar 2000, Bill Jones wrote:

> How about calling it 'WebDev Scripting Conference' ?

That doesn't mean it is a server-side centric conference.  Under that
title, JavaScript and ActiveX fit.

> Cover these key technologies:  mod_perl, php, expect (tcl-lets),
> python (these four primarily) - then maybe some smaller side tracks
> with general perl, basic java, etc.  We wouldn't want the main
> corporate sponsors clouding the conference theme with 'what else'
> are they were doing - other than what this conference was about...

I agree.  The big names (Sun, Microsoft, whoever) could really crowd the
issues with stuff like new Windows Scripting hosts, or Solaris' ability
with Javascript, or even a Win2krap banner.

> I feel this would a great idea, especially since the Apache
> conference struck me as being attended by a lot of
> more advanced users than I expected, for one, and they were
> asking a few questions the conference speakers either couldn't
> answer or choose not to answer.  I feel a more direct technology
> oriented conference covering a main track of Server-side
> Scripting and application development dynamics.

If all things were equal, I would want just a 1 week session in some hotel
somewhere with Stein, MacEachern, Schwartz, or Wall in a kind of
beer-pizza coding session binge.  Get about 50 or so together with a
big screen, some computers, and a few web servers and let us choose from
some projects ("Developing handlers for the life cycle stages for custom
webserver design", or "Using mod_perl to create a more secure web server",
etc).  Those are the kind of things I'm interested in.  I want real world
examples focused on things in which I am interested.  I don't want a "3
lines to 'Hello World'" feel.  In short, I want in depth coverage of
mod_perl.  I couldn't attend the ApacheCon, but I think I can convince my
boss to pay for this one.

> I myself would be interested in some 'boot cap' courses in
> scripting combat design - in the trenches - how to take a
> CGI-based application and effectively and quickly transform it
> into a mod_cgi based application; something covering more concrete
> real world designs and pitfalls, plus maybe a porting shop session where
> people (attendees) can bring in their "I have this, it's a CGI, but I would
> like it to be a mo_perl centric application..."

I agree.  The shops are an interesting idea.  One on one with some good
minds always fits the bill.

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 8 days.

[OT] I apologize

2000-03-30 Thread J. Horner

I apologize for the "me too" message.

I didn't expect a Spanish Inquisition. . . . 

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 8 days.

Re: [RFC] holding a mod_perl conference

2000-03-30 Thread J. Horner

On Thu, 30 Mar 2000, Stas Bekman wrote:

> First of all, why holding yet another conference, the answer is
> simple, we want mod_perl to be in the center of the event and not a
> side project. Think about Perl Conference -- mod_perl is just a little 
> part of the Apache track. Think about ApacheCon -- mod_perl is again
> just a drop in a ocean. 
> The rest are full tracks dedicated for each technology, so if I want
> to learn mod_perl I'd spend all the days listening to mod_perl
> speakers so when the conference is over I'll go back with a bag full
> of tricks and a very good push to get me going when I'll start coding
> myself. Having a dedicated track will allow to provide all the
> information that generally being skipped due to the lack of time.

I like the idea of mod_perl being the center of attention.  There are
aspects of mod_perl in which I am very weak.  I'm wondering if this will
fit the bill, though.

In this scenario, we will have a conference with only partial interest in
mod_perl.  With all of these other technologies, we will be able to bring
in funding and support from some big names (possibly Sun, Allaire, etc),
but we still only have a small piece of the pie.  We will have, in effect,
a cluster of conferences.  Also, we will need space for each and every
faction attending (a mod_perl conference room, a Cold Fusion conference
room, a Java area, etc).

Is this feasible?  Will this solve the problem?  I don't imagine a large
amount of cooperation from competing vendors.


J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 8 days.

Re: [admin] NO HTML posts please!

2000-03-30 Thread J. Horner

On Thu, 30 Mar 2000, Sam Carleton wrote:

> Stas Bekman wrote:
> > Folks, please refrain from posting in HTML.
> >
> > Some of us use email clients that post and read email in the old good text
> > mode. When I don't have enough time on my hands I delete such emails since
> > I cannot read them right away. Probably others too.
> >
> > Please don't tell me to get more _sophisticated_ email client, my pine
> > does everything for me. HTML should NOT be used for posting emails.
> And then there are those of us that do have sophisticated email clients that
> simply don't care for HTML posting.  I agree 100%, keep it simple, keep it
> Sam

And then there are those of us who use pine who think HTML in email is
overkill.  If your words don't convey your message, what makes you think
that blinking text or bold text conveys it better?

J. J. Horner
Linux, Apache, Perl, Unix, Stronghold
System has been up: 8 days.

benchmarking mod_perl

2000-02-03 Thread J. Horner

I'm sorry if this has been asked, but I haven't seen the answer.

After you wonderful people pointed me in the right direction for making
mod_perl with Stronghold, I'm now the proud parent of a mod_perl enabled
stronghold server.  How to I let my new baby stretch her wings?  What good
benchmarks are available?


J. Horner
1:30pm up 9 days, 4:20, 3 users, load average: 0.00, 0.00, 0.00

mod_perl with Stronghold

2000-02-02 Thread J. Horner

I searched the archives, but no mention of this.  Does anyone have any
experience with mod_perl and Stronghold?


J. Horner
10:00am up 8 days, 1:38, 6 users, load average: 0.04, 0.03, 0.00

PerlRequire problems

2000-02-01 Thread J. Horner

I just recompiled Apache with mod_perl support.  I followed the
directions, had no errors, and made no brain farts.

The PerlRequire directive isn't valid!  Any ideas?

mod_perl version = 1.21
perl version = 5.00503
Apache version = 1.3.11
OS = Redhat Linux version 6.1 on P-150 w/ 48 MBytes RAM.

The httpd executable is larger, and I moved it by hand to the
/usr/local/apache/bin directory.  How do I test to make sure that mod_perl
is working right?  'make test' skipped a few tests, but all were


J. Horner
2:05pm up 7 days, 5:43, 4 users, load average: 0.00, 0.11, 0.23