API Design and the Recent IP Address Module Issues

Earlier this week, I wrote about security issues in Perl IP address distros. I started thinking about why these issues showed up in so many distros, which got me thinking about how an API can make these types of problems harder or easier. Specifically, I’d like to talk about Data::Validate::IP. Let’s look at two functions exported by this module, is_ipv4 and is_private_ipv4. On the surface, these sure look like they’re the same general thing.

Security Issues in Perl IP Address distros

Edit on 2021-03-29 21:40(ish) UTC: Added Net-Subnet (appears unaffected) and reordered the details to match the list at the top of the post. Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected). Edit on 2021-03-30 15:40(ish) UTC: Added Net-CIDR (some functions are affected). Edit on 2021-03-31 01:05(ish) UTC: Added Net-IPv4Addr (affected). Edit on 2021-04-05 01:21(ish) UTC: Net-CIDR-Lite 0.22 contains a remediation. Edit on 2021-04-05 19:30(ish) UTC: Net-IPAddress-Util 5.000 contains a remediation.

Down the Golang nil Rabbit Hole

Edit 2021-03-30: Jeremy Mikkola wrote about some closely related topics back in 2017. Edit 2021-03-31: Chris Siebenmann wrote a response to this post that explains exactly how interface values that are nil are typed. It’s more complicated than I thought! I’m not sure I have another Rust & Postgres blog post in me right now, so let’s learn something about Go instead. Recently I decided I wanted to add a --unique flag to omegasort.

Writing a Postgres SQL Pretty Printer in Rust: Part 1.5

Last week I wrote the first post in this series, where I introduced the project and wrote about generating Rust code for the parsed Postgres AST. I also wrote about the need for wrapper enums in the generated code, but I don’t think I went into enough detail, based on questions and discussions I had after I shared that post in /r/rust. So this week I will go into more detail on exactly why I had to do this.

Writing a Postgres SQL Pretty Printer in Rust: Part 1

This is the first of a planned series of blog posts about my pg-pretty project. I’ll cover some things I’ve learned about Rust and Postgres SQL, as well as some things I still don’t know. Series Links Part 1: Introduction to the project and generating Rust with Perl Part 1.5: More about enum wrappers and Serde’s externally tagged enum representation Why? I really, really, really, really cannot stand unformatted code, or a mishmash of code styles throughout a codebase.

2020 Predictions Reviewed

Last year in May I made some predictions. Now it’s time to find out how I did! Summary The summary is I was wrong. A lot. This should be no surprise. First, let’s take a look at my overall accuracy: The source data for this chart is a spreadsheet I made for my 2020 predictions. Overall, this should be fairly understandable but there’s one nuance that needs some explaining. In order to make the chart simpler, I converted any prediction for less than 50% to its inverse and graphed that.

What I did on my winter vacation

TLDR: Helped my father move. Then I shaved all the yaks. Fur everywhere. Very messy. Because of the way holidays at ActiveState work, it’s very economical in terms of vacation days to take the last two weeks of the year off (Christmas and New year’s weeks). I had a fair bit of vacation left, so I decided to take the first week of the new year off as well, for a total of three weeks of vacation.

My New Rube Goldberg Machine

My last post was about my local COVID tracker tool. While it worked well, I found having to re-run the report.pl script every time I wanted an update annoying. Plus, I wanted to share this on Facebook, but I have non-technical friends who would not be able to run it for themselves. So I decided to put up a hosted version, but I challenged myself. I wanted it to run entirely on someone else’s machines.

My Local COVID Stats Tracker

For many months now, I’ve been following the COVID stats in the Star Tribune, the local Minneapolis newspaper. There’s a lot of interesting info there, but it’s not really useful for reaching conclusions about the safety of various activities. The problem is that the data is either for the wrong-sized area or I can’t group together the bits I care about. Most of the stats are state-wide. But I don’t care about the whole state.

The ActiveState Platform and Perl 5.32

Note: Technically, this post qualifies as paid promotion, because I work for ActiveState. But I volunteered to write about our new Platform and put it on my personal blog because I think what we’re doing is really cool and might be of interest to the Perl community at large. TLDR We have an entirely new system that supports Windows and Linux (macOS coming soon), providing you binary builds of the Perl core, Perl distros, and supporting C/C++ libraries1.