Hello dear community,

Being our venerable halls quiet nowadays I propose this meditation to share ideas of programs, modules and everything you want we have no time enough to develop them further.

In my world ideas have no copyright and should instead circulate freely as there is the chance they are grasped by an enlightened soul who can squeeze the best from them.

Even more: there are amateur programmers with nice ideas and professional ones with few ones. It is not something to complain about, we are different brains with different skills, inclinations and.. free hours :)

I'd like to see at least some demo code for these ideas with the goal well explained as any possible path of implematation or critical parts, not just: /I'll save the world with a oneliner/.

We can use a tag for these post like [NTF] (No Time For) and post them in reply at this post or as new Meditation.

I'll start with a first one if are ok with this ..nice perl idea :)

L*

There are no rules, there are no thumbs..
Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.

Replies are listed 'Best First'.
Re: [NTF] Paranoic.pm to check md5 of loaded modules
by Discipulus (Canon) on Sep 07, 2023 at 11:28 UTC
    ..so the first [NTF] born from a chatboard idea discussed among bliako, Corion and me about..

    Goal

    ..checking the md5 checksum of every module loaded.

    A possible solution and tools for

    Probably checking the md5 of every path in @INC would be easier and faster (using tar you can also check permissions) but checking every module is more granular, allows to specify a white/black list and is funnier :)

    Basically as explained in require documentation prior to 5.37.7 we can use the hook putting a sub inside @INC like in: unshift @INC, sub { my ($coderef, $filename) = @_; ... } (and is the easier case ;) to have something done just before paths are searched for the requiered module. It is a trick I forgot.

    In perldelta for v5.38.0 there is the new %{^HOOK} API and actually require__before and require__after are available: nice and fun!

    Problems

    How to store the file containing the md5 checksum to check against? It should be protected to be useful. My idea (uniplemented) is that Paranoic.pm brings up a password request as first thing to decipher a protected md5-checksums.txt file, or a SQLite db.

    The Paranoic.pm module needs to use some module to run, so these are checked AFTER they are loaded and this can be a security hole in paranoic world.

    The @INC array can be maliciously modified by other modules so should be saved soon and used to scan for file to load (not implemented, olny my @original_INC = @INC; in my code). Probably the module should check the existence of the file using @original_INC and do it returning the value and then populate %INC ..just to be very paranoic :) My traverse_INC sub is almost empty.

    The nice starts with HOOKs and this part is totally unimplemented.

    Code

    Paranoic.pm has a bounch of subs and a big BEGIN block. After the initial check I check brutally $^V ge '5.38.0' to spot which hook to use.

    Read more... (5 kB)

    The md5-check.txt is a simple file

    Read more... (2 kB)

    ..and the script is simple as:

    use strict;
use warnings;
use List::Util;

    [download]

    ..finally the command invocation is: perl -I. -MParanoic script.pl to be paranoic as soon as possbile.

    Demo

    For a month the demo will be available at the nice PerlBanjo website. The checksum are correct only for the 5.36.1 version, so you'll see errors (have to be die in the code) for 5.38

    Here the output for future reference:

    BEFORE any hook I will check md5 of already loaded module:
  OK Exporter.pm at /usr/local/lib/perl5/5.36.1/Exporter.pm has the ex
+pected md5: 9ac6b836ee45f6e08e5c8a84cee5e619
  OK warnings.pm at /usr/local/lib/perl5/5.36.1/warnings.pm has the ex
+pected md5: 7167a8489aafb9faddbbe48c6480f47c
  WHITELIST for Paranoic.pm at Paranoic.pm [f929845aba01aa4bf162a15cc2
+54c123]
  OK strict.pm at /usr/local/lib/perl5/5.36.1/strict.pm has the expect
+ed md5: 31b6105d6dc1cde54154291b86c8b285
  OK Cwd.pm at /usr/local/lib/perl5/5.36.1/x86_64-linux/Cwd.pm has the
+ expected md5: 8f620379a0649ad32f14f1ce50b88bc0
  OK Digest/base.pm at /usr/local/lib/perl5/5.36.1/Digest/base.pm has 
+the expected md5: b5de2696c583dfec247af39b45288735
  OK constant.pm at /usr/local/lib/perl5/5.36.1/constant.pm has the ex
+pected md5: 56cde6eba0f667ab56196613df3933c1
  OK File/Spec/Unix.pm at /usr/local/lib/perl5/5.36.1/x86_64-linux/Fil
+e/Spec/Unix.pm has the expected md5: bf252d457a243d20eabbd91292fcf3f4
  OK Digest/MD5.pm at /usr/local/lib/perl5/5.36.1/x86_64-linux/Digest/
+MD5.pm has the expected md5: d75a3d708ce93ad8d99fcbdefa2c8429
  OK File/Spec.pm at /usr/local/lib/perl5/5.36.1/x86_64-linux/File/Spe
+c.pm has the expected md5: 7be482dda6bd364dd65e286b24cd8691
  OK warnings/register.pm at /usr/local/lib/perl5/5.36.1/warnings/regi
+ster.pm has the expected md5: 2d8f6ce093a2176b982c0e12c0194b3b
  OK XSLoader.pm at /usr/local/lib/perl5/5.36.1/XSLoader.pm has the ex
+pected md5: 74a2550b5b0731996c0c825930003013

AFTER I will use some hook to check md5 of modules loaded by the calli
+ng program
====> Perl v5.36.1 using @INC
Paranoic.pm here..
Paranoically considering [List/Util.pm]

    [download]

    The 5.38.0 output is different in the final part: 

    AFTER I will use some hook to check md5 of modules loaded by the calli
+ng program
====> Perl v5.38.0 using $^HOOK
Paranoic.pm here..
    SKIP [strict.pm] already processed
    SKIP [warnings.pm] already processed
Paranoically considering [List/Util.pm]
    SKIP [strict.pm] already processed
    SKIP [warnings.pm] already processed
    SKIP [strict.pm] already processed
    SKIP [Exporter.pm] already processed
    SKIP [XSLoader.pm] already processed

    [download]

    Conclusion

    Have fun developping this Perl idea and share your progress!

    L*

    There are no rules, there are no thumbs..
    Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.
[reply]
[d/l]
[select]

      MD5 is a pretty old hash format and hasn't been considered especially secure for about a decade.

      Module::Signature switched to SHA256 about five years ago, so switching to that too might be a good idea. Especially as this means that any recent CPAN distributions packaged with Module::Signature in mind will include a SIGNATURE file (an example!) GPG-signed by the author, listing the SHA256 hashes for every file in the distribution including all modules.

      Hire me at Toby Ink Ltd or Join my OnlyFans
[reply]
      Intercepting DynaLoader::dl_load_file(...) to verify the binary bits of XS modules would make this a lot more robust. I'd be more worried about a virus or something being written to inject code in a lib/dll than into a pure Perl module anyway. 
      BEGIN {
    require DynaLoader;
    # no strict 'refs';
    no warnings 'redefine';
    my $keep = \&DynaLoader::dl_load_file;
    *DynaLoader::dl_load_file = sub {
        my ( $path, $flags ) = @_;
        warn "We should check '$path' here";
        &$keep(@_);
    };
}

# Random XS based core modules
use Cwd;
use Fcntl;
use Digest::MD5;

      [download]
      I guess you'll need to think about FFI loaded libraries eventually.
[reply]
[d/l]
[select]
Re: [NTF] Nice Perl ideas I have no time for
by stevieb (Canon) on Oct 13, 2023 at 06:44 UTC

    When I started in Perl, sometime around 2000, I did so trying to automate system administration tasks. Shortly after, I started falling in love. Then I was on a hunt for things to build, just for fun. I'm sure I asked "what can I do" to the old time greats, where the response was often "find distributions, fix bugs, write patches" (where that advice was a Godsend actually in the long run).

    I think every budding developer goes through a period where they try to imagine what they want to dream up.

    Now, there's no hardware I can't conquer, no API I can't wrap, no challenge that's too big to put effort into. With that said...

    a Perl idea that I have no time for is one that can dream up new ideas for people like me in my earliest years while I was looking for them.

[reply]
      These days there's a convention on GitHub of "good first issue" as a label. It would be a Simple Matter of Programming(tm) to:
      • scan every distro on MetaCPAN
      • extract its issue-tracker
      • filter only the GitHub ones
      • listing the "good first issue"-labelled issues for each.
      If one did steps 1-3, one could then feed that list of tracker URLs into a GraphQL query to the GitHub API to do step 4. That would then provide a list of things first-timers could help with. That would also be very useful for the annual PR challenge.
[reply]
Re: [NTF] Nice Perl ideas I have no time for
by misc (Friar) on Oct 11, 2023 at 11:38 UTC
    There are mainly two ideas, it doesn't seem I'll have the time..
    Both imho good, but.

    Write a script to get completely selfbundled perl scripts.
    I do know par packer, and so on, but I think about having the perl interpreter installed at the target,
    and just put the script with all used modules included at the target.
    Yet I copied all used modules by hand into one file, what is .. tedious :(

    The other one, a text user interface library. Which is usable, and portable.
    Curses is incoherent, quite often the different curses interfaces are missing something, and so on.
    Perhaps starting with a really simple C interface, like tbox.
    Having all other things implemented in perl, in an object oriented manner.
    The things out there I found are either not finished, or not that nice to use.
    Would be wonderful, but I'm faced with other problems, so..
[reply]

      Your first idea sounds very much like App::FatPacker. Perhaps that's all you need?

      🦛

[reply]
        .. :o perhaps. ;)
        Thanks a lot, somehow I didn't find this.

        About the second idea, here's the TO I did write some 16 years ago.
        console editor
[reply]
Re: [NTF] Nice Perl ideas I have no time for
by harangzsolt33 (Deacon) on May 17, 2024 at 00:22 UTC
    I have ideas, but they have all been done before such as inflate/deflate algorithm, avif, webp encoder/decoder in pure perl, an ftp file uploader in perl, a simple price database in perl, a text-mode text editor in perl, a midnight commander-like program in pure perl, a perl hex editor, a perl image viewer, and many other tools....

    Edit: This evening I decided to throw together a little image viewer. In the past month or so, I have been experimenting with Linux, so this is my first real attempt at writing a "BIG" Linux program. Lol This Perl program displays an image using yad and HTML and JavaScript... I set it as the default picture viewer for myself, but it's kind of slow right now, because either yad is slow or the Perl program itself is slow. Well, actually I suspect it is slow because it tries to find all the pictures in the working directory before it opens the window, so if you have hundreds of pictures, it will be even slower. The program itself is a .pl file. Can be downloaded from here: http://wzsn.net/perl/imgview.txt It displays the image size in bytes, pixels, last modified date. And it allows you to set it as default background with one click if you're using LXQT desktop. I'm no linux expert. I have only been using Linux since April of this year, so I'm very new at this. This program works on my Sparky Linux. I don't know if it will work on other Linux distros as well. In order to run, you will need: Perl, yad, webkit, find, lazpaint, pcmanfm-qt, and who knows what. Here's a screenshot : http://wzsn.net/perl/imgview.jpg I call it "IMAGINE Image Viewer." And it's freeware.

[reply]

Back to Meditations