Re: Perl for the Masses

As I noted in Re: Making a GUI based Win32 app from Perl script. this program does solve the "how the heck do I package a perlscript for dumb users" problem quite elegantly.

I agree 100% that this is the way to get perl recognised.

My only slight worry is that, since popfile uses a lot of powerful perl networking modules, if some sneaky person were to manage to find a backdoor into popfile you'd be looking at some extremely capable zombies. I've been spending some time thinking about how best to ensure that the code is well behaved and to verify that the version installed is genuine. I suspect an MD5 hash of the various .pl files and directories is the way to go...

Dingus

Enter any 47-digit prime number to continue.

Comment on Re: Perl for the Masses

Replies are listed 'Best First'.
Re: Re: Perl for the Masses by RMGir (Prior) on Nov 26, 2002 at 12:54 UTC
Great point about the risk of backdoors. Although I'd call it "security holes"; backdoor has malicious connotations, and there's really no reason to think the maintainer of popfile would want to do such a thing. The risk of inadvertent holes is present in a lot of the things we use. (For instance, SOAP::Lite used to have serious issues.) It doesn't hurt to remind folks of the possibility! Of course, in terms of the number of affected systems, recent security holes in IE, Mozilla, or even WindowMaker are probably going to cause more problems than popfile ever could... -- Mike	[reply]
Re: Re: Perl for the Masses by shotgunefx (Parson) on Nov 26, 2002 at 17:03 UTC
Good point. But on the other hand, I think most MS users just accept the likelyhood of these things happening. I'm not saying that it shouldn't be addressed, not by any means. Just that Windows is full of holes. -Lee "To be civilized is to deny one's nature."	[reply]
Re: Re: Perl for the Masses by theguvnor (Chaplain) on Nov 26, 2002 at 21:14 UTC
I too liked the distribution method. I suggested to Paul Graham that another script ("update.pl" perhaps?) be included in the distribution, that could connect to the POPFile download repository and automatically update the user's installed version if necessary. Perl already has all the modules that would be necessary (e.g. the MD5 digest module you mentioned) to make this happen securely, now it just needs someone capable enough to pull it off - it's a little too much for me right now, unfortunately. Jon Update: hmmm, does Digest::MD5 use C code? If so that would be at odds with the distribution philosophy of using Perl-only code (no compiler requirement)... Update II: oops... yes, credit does indeed go to John Graham-Cumming. Thanks again shotgunefx.	[reply]
Re: Re: Re: Perl for the Masses by shotgunefx (Parson) on Nov 26, 2002 at 21:29 UTC
There is a pure perl version of MD5 (Digest::Perl::MD5). As an aside, Paul Graham isn't the author. (I thought so too at first glance) Though he was the first person I saw to suggest using Bayesian filters. The author of Popfile is John Graham-Cumming. -Lee "To be civilized is to deny one's nature."	[reply]