Loading ...
Sorry, an error occurred while loading the content.

Explore Perl by an example

Expand Messages
  • Dieter Werner
    Hi folks, I did a Perl-Script just as an example for beginners. It s a an auction script and you can download it from
    Message 1 of 17 , Mar 22 7:09 AM
    • 0 Attachment
      Hi folks,

      I did a Perl-Script just as an example for beginners.
      It's a an auction script and you can download it from
      http://www.hotscripts.com/Detailed/29187.html

      Greetings from Germany
      Dieter Werner
    • merlyn@stonehenge.com
      ... Dieter Hi folks, Dieter I did a Perl-Script just as an example for beginners. Dieter It s a an auction script and you can download it from Dieter
      Message 2 of 17 , Mar 22 7:45 AM
      • 0 Attachment
        >>>>> "Dieter" == Dieter Werner <hdw@...> writes:

        Dieter> Hi folks,
        Dieter> I did a Perl-Script just as an example for beginners.
        Dieter> It's a an auction script and you can download it from
        Dieter> http://www.hotscripts.com/Detailed/29187.html

        While you're probably very proud about this script, and have spent
        countless hours fine tuning it, let me say initially that I was
        shocked back into the mid-90's as I was glancing through the
        distribution.

        Folks, this is a single 5000-line script with:

        - no use of packages
        - no use of objects
        - no reuse of available modules from the CPAN
        - the most important of which is: no "use CGI" on a CGI script!
        - apparently duplicated or repeititious code
        - lots of global variables (hiding a lot of hash elements in one global)
        - local instead of my
        - setting its own srand() instead of relying on modern perl to do that
        - a few scary "eval string" forms that look like they might be coaxed
        into being a huge security hole, running arbitrary code on the server
        - very little use of references

        In short, Dieter, you're about 10 years behind the curve. I was
        hoping we'd gotten rid of most of the bad code with Matt Wright
        himself pointed at nms-cgi.sf.net to replace his
        awful-but-well-publicized code.

        To the rest of you, please don't use this code.

        To dieter: before attempting a 5000-line script, please be sure you've
        both read and *understood* my two tutorial books:

        Learning Perl
        Learning Perl Objects References and Modules

        And stop learning Perl by staring at code from the mid-90s. :)

        --
        Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
        <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
        Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
        See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
      • Charles K. Clarkson
        ... [snip] Randal, will you add this as a code review to the hotscripts.com site? Perhaps a little more input by some of us would deter (pun intended :) more
        Message 3 of 17 , Mar 22 7:57 AM
        • 0 Attachment
          merlyn@... <merlyn@.... wrote:
          :
          : >>>>> "Dieter" == Dieter Werner <hdw@...> writes:
          :
          : Dieter> Hi folks,
          : Dieter> I did a Perl-Script just as an example for beginners.
          : Dieter> It's a an auction script and you can download it from
          : Dieter> http://www.hotscripts.com/Detailed/29187.html
          :
          : While you're probably very proud about this script, and have
          : spent countless hours fine tuning it, let me say initially
          : that I was shocked back into the mid-90's as I was glancing
          : through the distribution.
          :
          : Folks, this is a single 5000-line script with:
          :
          : - no use of packages
          : - no use of objects
          : - no reuse of available modules from the CPAN
          : - the most important of which is: no "use CGI" on a CGI script!
          : - apparently duplicated or repeititious code
          : - lots of global variables (hiding a lot of hash elements in
          : one global)
          : - local instead of my
          : - setting its own srand() instead of relying on modern perl to
          : do that
          : - a few scary "eval string" forms that look like they might be
          : coaxed into being a huge security hole, running arbitrary code
          : on the server
          : - very little use of references
          :
          : In short, Dieter, you're about 10 years behind the curve. I was
          : hoping we'd gotten rid of most of the bad code with Matt Wright
          : himself pointed at nms-cgi.sf.net to replace his
          : awful-but-well-publicized code.
          :
          : To the rest of you, please don't use this code.
          [snip]

          Randal, will you add this as a code review to the
          hotscripts.com site? Perhaps a little more input by some
          of us would deter (pun intended :) more people from using
          these scripts.


          Charles K. Clarkson
          --
          Mobile Homes Specialist
          254 968-8328
        • Dieter Werner
          Charles - why do you do that? Am I a member of a insulting-group? Dieter Werner
          Message 4 of 17 , Mar 22 9:35 AM
          • 0 Attachment
            Charles - why do you do that?
            Am I a member of a insulting-group?

            Dieter Werner

            --- In perl-beginner@yahoogroups.com, "Charles K. Clarkson"
            <cclarkson@h...> wrote:
            > merlyn@s... <merlyn@s... wrote:
            > :
            > : >>>>> "Dieter" == Dieter Werner <hdw@i...> writes:
            > :
            > : Dieter> Hi folks,
            > : Dieter> I did a Perl-Script just as an example for beginners.
            > : Dieter> It's a an auction script and you can download it from
            > : Dieter> http://www.hotscripts.com/Detailed/29187.html
            > :
            > : While you're probably very proud about this script, and have
            > : spent countless hours fine tuning it, let me say initially
            > : that I was shocked back into the mid-90's as I was glancing
            > : through the distribution.
            > :
            > : Folks, this is a single 5000-line script with:
            > :
            > : - no use of packages
            > : - no use of objects
            > : - no reuse of available modules from the CPAN
            > : - the most important of which is: no "use CGI" on a CGI script!
            > : - apparently duplicated or repeititious code
            > : - lots of global variables (hiding a lot of hash elements in
            > : one global)
            > : - local instead of my
            > : - setting its own srand() instead of relying on modern perl to
            > : do that
            > : - a few scary "eval string" forms that look like they might be
            > : coaxed into being a huge security hole, running arbitrary code
            > : on the server
            > : - very little use of references
            > :
            > : In short, Dieter, you're about 10 years behind the curve. I was
            > : hoping we'd gotten rid of most of the bad code with Matt Wright
            > : himself pointed at nms-cgi.sf.net to replace his
            > : awful-but-well-publicized code.
            > :
            > : To the rest of you, please don't use this code.
            > [snip]
            >
            > Randal, will you add this as a code review to the
            > hotscripts.com site? Perhaps a little more input by some
            > of us would deter (pun intended :) more people from using
            > these scripts.
            >
            >
            > Charles K. Clarkson
            > --
            > Mobile Homes Specialist
            > 254 968-8328
          • Dieter Werner
            LOL No Randal - I m not very proud about this script ... because it is just a rewrite of the well knowned EveryAuction http://www.everysoft.com but I
            Message 5 of 17 , Mar 22 9:40 AM
            • 0 Attachment
              LOL

              No Randal - I'm not 'very proud' about this script ...
              because it is just a rewrite of the well knowned 'EveryAuction'
              http://www.everysoft.com
              but I thought that a script like this could be a starting point for
              beginners!

              Newbies don't start programming perl by using packages and/or objects.
              I'm very sure that the use of packages and/or objects is 'overcoded'
              in case of a simple program like this.

              As for the 'eval' ...
              show me one case on which 'arbitrary code' could be executed on the
              server.

              In short, Randal
              writing a bad criticism about a program you are very fast (and very
              brutal); maybe you are too fast (and too brutal)?
              You should keep in mind that you are a member of a 'Perl-Beginners-
              Group'!!

              No hard feelings, please, but I think your contribution was a bit to
              much 'overdressed'.

              Greetings from Germany
              Dieter Werner


              --- In perl-beginner@yahoogroups.com, merlyn@s... wrote:
              > >>>>> "Dieter" == Dieter Werner <hdw@i...> writes:
              >
              > Dieter> Hi folks,
              > Dieter> I did a Perl-Script just as an example for beginners.
              > Dieter> It's a an auction script and you can download it from
              > Dieter> http://www.hotscripts.com/Detailed/29187.html
              >
              > While you're probably very proud about this script, and have spent
              > countless hours fine tuning it, let me say initially that I was
              > shocked back into the mid-90's as I was glancing through the
              > distribution.
              >
              > Folks, this is a single 5000-line script with:
              >
              > - no use of packages
              > - no use of objects
              > - no reuse of available modules from the CPAN
              > - the most important of which is: no "use CGI" on a CGI script!
              > - apparently duplicated or repeititious code
              > - lots of global variables (hiding a lot of hash elements in one
              global)
              > - local instead of my
              > - setting its own srand() instead of relying on modern perl to do
              that
              > - a few scary "eval string" forms that look like they might be
              coaxed
              > into being a huge security hole, running arbitrary code on the
              server
              > - very little use of references
              >
              > In short, Dieter, you're about 10 years behind the curve. I was
              > hoping we'd gotten rid of most of the bad code with Matt Wright
              > himself pointed at nms-cgi.sf.net to replace his
              > awful-but-well-publicized code.
              >
              > To the rest of you, please don't use this code.
              >
              > To dieter: before attempting a 5000-line script, please be sure
              you've
              > both read and *understood* my two tutorial books:
              >
              > Learning Perl
              > Learning Perl Objects References and Modules
              >
              > And stop learning Perl by staring at code from the mid-90s. :)
              >
              > --
              > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503
              777 0095
              > <merlyn@s...> <URL:http://www.stonehenge.com/merlyn/>
              > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
              > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
              training!
            • Charles K. Clarkson
              ... Why do I do what? Be specific or comment under the relevant passage. ... You proposed a CGI script from which new perl programmers should take as an
              Message 6 of 17 , Mar 22 10:23 AM
              • 0 Attachment
                Dieter Werner <hdw@...> wrote:
                :
                : Charles - why do you do that?

                Why do I do what? Be specific or comment under the
                relevant passage.


                : Am I a member of a insulting-group?

                You proposed a CGI script from which new perl programmers
                should take as an example of (we assume) good perl programming.
                Yet the code has this example of very poor perl programming.

                sub get_form_data {
                my ($data, @data);
                local $_;

                (lc $ENV{'REQUEST_METHOD'} eq 'post' and !$ENV{'QUERY_STRING'})
                ? do {
                binmode STDIN;
                read STDIN, $data, $ENV{'CONTENT_LENGTH'};

                $data =~ /Content-Disposition/i && do {
                $form{'error'} = get_data(\$data);
                undef $data;
                };
                }
                : $ENV{'QUERY_STRING'} && ($data = $ENV{'QUERY_STRING'});

                $data && do {
                foreach (split /\&/o, $data) {
                s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge;
                s/[\r\n]//og;
                @data= split /\=/o, $_, 2;
                $data[1] =~ s/\+/ /og;
                $form{$data[0]} = $data[1];
                @data = ();
                }
                };

                $form{'action'} = 'nodata' unless exists $form{'action'};
                $form{'lang'} = $config{'lang'} unless exists $form{'lang'};
                translate($form{'lang'});
                }

                Randal has every right to dissuade new programmers from using
                this code as a basis for good programming. In fact, as Perl role
                model, it is probably his duty to do so. I applaud him for swiftly
                including a condemnation of your script.

                That you believe this is acceptable, shows you had no business
                posting this as an example to new perl coders. You should have
                asked for a code review prior posting the code. No one is insulting
                you, Dieter, but your code is *not* a good example for beginners.



                Charles K. Clarkson
                --
                Mobile Homes Specialist
                254 968-8328
              • merlyn@stonehenge.com
                ... Dieter No Randal - I m not very proud about this script ... Dieter because it is just a rewrite of the well knowned EveryAuction Dieter
                Message 7 of 17 , Mar 22 11:05 AM
                • 0 Attachment
                  >>>>> "Dieter" == Dieter Werner <hdw@...> writes:

                  Dieter> No Randal - I'm not 'very proud' about this script ...
                  Dieter> because it is just a rewrite of the well knowned 'EveryAuction'
                  Dieter> http://www.everysoft.com

                  Even more a reason to give it a timely death. Almost everything
                  written in the mid-90's during the dot-com boom and Perl4 heyday is
                  worthless these days. Stopping trying to breathe life into a dead
                  horse.

                  Dieter> but I thought that a script like this could be a starting point for
                  Dieter> beginners!

                  No, it's not a good example.

                  Dieter> Newbies don't start programming perl by using packages and/or objects.

                  Newbies shouldn't start by writing 5000 line scripts either. Newbies
                  *often* start with my "Learning Perl" book, which only glances on
                  Packages and Objects, and instead focusses on what you need to know
                  for 1-100 line scripts. For scripts greater than 100 lines, "Learning
                  Perl Objects References and Modules" does indeed introduce Packages
                  (in the first chapter) and Objects (in the fifth or sixth chapter).

                  Dieter> I'm very sure that the use of packages and/or objects is 'overcoded'
                  Dieter> in case of a simple program like this.

                  Absolutely disagree here. You have no testing code either, and I
                  forgot to mention that. It's crazy in this day-and-age to write 5000
                  lines of code without having something that tests the subroutines and
                  modules and object interfaces. How would any ever *maintain* that
                  code?

                  Dieter> As for the 'eval' ...
                  Dieter> show me one case on which 'arbitrary code' could be executed on the
                  Dieter> server.

                  Why would there be *any* eval-string in this program? Sure,
                  eval-block for catch-throw exception handling. But *every* appearance
                  of eval-string is suspect. I threw away the code, so I can't point
                  out the specific places, but it's stuff like this:

                  eval $data_taken_from_a_form_field

                  that is INCREDIBLY suspect. Even if the form data is provided from a
                  pop-up menu or a hidden field, it can still be altered client-side,
                  making it imperative to check that data before it gets used. I saw
                  none of that.

                  Just grep through that program, noting every use of eval that is not
                  immediately followed by an open brace. EVERY ONE OF THOSE is an
                  eval-string. Even *one* in this program would be too many.

                  Please, there is lots of literature on Perl CGI security. Don't make
                  me retype it all here. In fact, you have a responsibility as someone
                  providing examples to newbies to have *already* *studied* such
                  literature. Again, I think you're falling short here.

                  Even worse, suppose a server got 0wn3d by running your code. Do you
                  have enough lawyers to defend yourself in court? Are you prepared to
                  do so? In fact, now that I've pointed out the potential security hole
                  to you, you can no longer claim neglect. You are now liable for
                  knowingly providing bad code. I suggest you remove your program
                  immediately to prevent further tort exposure, especially since our
                  correspondence here is a matter of public record now.

                  Dieter> In short, Randal
                  Dieter> writing a bad criticism about a program you are very fast (and very
                  Dieter> brutal); maybe you are too fast (and too brutal)?
                  Dieter> You should keep in mind that you are a member of a 'Perl-Beginners-
                  Dieter> Group'!!

                  Not according to the other respondants. I do believe you are in the
                  minority here, not that being in the majority matters to me at all.

                  Dieter> No hard feelings, please, but I think your contribution was a bit to
                  Dieter> much 'overdressed'.

                  No hard feelings either, but I think you should stay away from
                  providing bad examples for beginners. Apparently, you are unable to
                  self-censor. And by your followup, it's clear that you think you know
                  more than you actually do, which also scares me a bit.

                  --
                  Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
                  <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
                  Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                  See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
                • Fortuno, Adam
                  Dieter, As a beginner, I appreciate you re point: # Newbies don t start programming perl by using packages and/or objects. # I m very sure that the use of
                  Message 8 of 17 , Mar 22 11:12 AM
                  • 0 Attachment
                    Dieter,

                    As a beginner, I appreciate you're point:

                    # Newbies don't start programming perl by using packages and/or objects.
                    # I'm very sure that the use of packages and/or objects is 'overcoded'
                    # in case of a simple program like this

                    In spoken English, most children don't use proper grammar, but it doesn't
                    mean we give our children books written in improper English. New users
                    especially need to be exposed to good coding practices, which (as Randal and
                    Charles noted) are lacking in the script you suggested.

                    Randal was horribly brutal! Give a thought to what you did. You came to a
                    new user forum and said, "Hey! Here is this code I wrote. Go ahead and use
                    it." Problem is it's in poor form. Perhaps if you want to do this again
                    supply the code and ask for feedback.

                    As a beginner, I always think twice before providing a suggestion because of
                    a note where Randal put his foot in my a$$. The lesson learned is if you're
                    going to give bad advice don't give it. If you're going to promote poor
                    code, don't promote it.

                    Regards,
                    Adam

                    -----Original Message-----
                    From: Dieter Werner [mailto:hdw@...]
                    Sent: Monday, March 22, 2004 12:40 PM
                    To: perl-beginner@yahoogroups.com
                    Subject: Re: [PBML] Explore Perl by an example


                    LOL

                    No Randal - I'm not 'very proud' about this script ...
                    because it is just a rewrite of the well knowned 'EveryAuction'
                    http://www.everysoft.com
                    but I thought that a script like this could be a starting point for
                    beginners!

                    Newbies don't start programming perl by using packages and/or objects.
                    I'm very sure that the use of packages and/or objects is 'overcoded'
                    in case of a simple program like this.

                    As for the 'eval' ...
                    show me one case on which 'arbitrary code' could be executed on the
                    server.

                    In short, Randal
                    writing a bad criticism about a program you are very fast (and very
                    brutal); maybe you are too fast (and too brutal)?
                    You should keep in mind that you are a member of a 'Perl-Beginners-
                    Group'!!

                    No hard feelings, please, but I think your contribution was a bit to
                    much 'overdressed'.

                    Greetings from Germany
                    Dieter Werner


                    --- In perl-beginner@yahoogroups.com, merlyn@s... wrote:
                    > >>>>> "Dieter" == Dieter Werner <hdw@i...> writes:
                    >
                    > Dieter> Hi folks,
                    > Dieter> I did a Perl-Script just as an example for beginners.
                    > Dieter> It's a an auction script and you can download it from
                    > Dieter> http://www.hotscripts.com/Detailed/29187.html
                    >
                    > While you're probably very proud about this script, and have spent
                    > countless hours fine tuning it, let me say initially that I was
                    > shocked back into the mid-90's as I was glancing through the
                    > distribution.
                    >
                    > Folks, this is a single 5000-line script with:
                    >
                    > - no use of packages
                    > - no use of objects
                    > - no reuse of available modules from the CPAN
                    > - the most important of which is: no "use CGI" on a CGI script!
                    > - apparently duplicated or repeititious code
                    > - lots of global variables (hiding a lot of hash elements in one
                    global)
                    > - local instead of my
                    > - setting its own srand() instead of relying on modern perl to do
                    that
                    > - a few scary "eval string" forms that look like they might be
                    coaxed
                    > into being a huge security hole, running arbitrary code on the
                    server
                    > - very little use of references
                    >
                    > In short, Dieter, you're about 10 years behind the curve. I was
                    > hoping we'd gotten rid of most of the bad code with Matt Wright
                    > himself pointed at nms-cgi.sf.net to replace his
                    > awful-but-well-publicized code.
                    >
                    > To the rest of you, please don't use this code.
                    >
                    > To dieter: before attempting a 5000-line script, please be sure
                    you've
                    > both read and *understood* my two tutorial books:
                    >
                    > Learning Perl
                    > Learning Perl Objects References and Modules
                    >
                    > And stop learning Perl by staring at code from the mid-90s. :)
                    >
                    > --
                    > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503
                    777 0095
                    > <merlyn@s...> <URL:http://www.stonehenge.com/merlyn/>
                    > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                    > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
                    training!



                    Unsubscribing info is here:
                    http://help.yahoo.com/help/us/groups/groups-32.html
                    Yahoo! Groups Links
                  • franki
                    Yup, The first thing I learned from being on this list... If a script won t run with use strict; on.. then you should fix it. second thing, if a CGI script
                    Message 9 of 17 , Mar 22 11:24 AM
                    • 0 Attachment
                      Yup,

                      The first thing I learned from being on this list...

                      If a script won't run with 'use strict;' on..
                      then you should fix it.

                      second thing, if a CGI script is on the net.. and it can't use taint mode,
                      then you should fix it. (in fact I make any perl script I use, CGI or
                      otherwise run
                      in taint mode.)

                      third thing.. never trust anything provided by a user.. anything at all..

                      forth thing, if it cant run with "warnings" and "diagnostics" turned on
                      without filling up your error log.
                      then you should fix it, or not show anyone. :-)

                      I owe this list heaps, its the reason my servers don't have a bunch of
                      users on them that I've never heard of.
                      I was already paranoid, this list just gave me a couple more reasons as
                      to "why".

                      rgds

                      Franki




                      merlyn@... wrote:

                      >>>>>>"Dieter" == Dieter Werner <hdw@...> writes:
                      >
                      >
                      > Dieter> No Randal - I'm not 'very proud' about this script ...
                      > Dieter> because it is just a rewrite of the well knowned 'EveryAuction'
                      > Dieter> http://www.everysoft.com
                      >
                      > Even more a reason to give it a timely death. Almost everything
                      > written in the mid-90's during the dot-com boom and Perl4 heyday is
                      > worthless these days. Stopping trying to breathe life into a dead
                      > horse.
                      >
                      > Dieter> but I thought that a script like this could be a starting point for
                      > Dieter> beginners!
                      >
                      > No, it's not a good example.
                      >
                      > Dieter> Newbies don't start programming perl by using packages and/or objects.
                      >
                      > Newbies shouldn't start by writing 5000 line scripts either. Newbies
                      > *often* start with my "Learning Perl" book, which only glances on
                      > Packages and Objects, and instead focusses on what you need to know
                      > for 1-100 line scripts. For scripts greater than 100 lines, "Learning
                      > Perl Objects References and Modules" does indeed introduce Packages
                      > (in the first chapter) and Objects (in the fifth or sixth chapter).
                      >
                      > Dieter> I'm very sure that the use of packages and/or objects is 'overcoded'
                      > Dieter> in case of a simple program like this.
                      >
                      > Absolutely disagree here. You have no testing code either, and I
                      > forgot to mention that. It's crazy in this day-and-age to write 5000
                      > lines of code without having something that tests the subroutines and
                      > modules and object interfaces. How would any ever *maintain* that
                      > code?
                      >
                      > Dieter> As for the 'eval' ...
                      > Dieter> show me one case on which 'arbitrary code' could be executed on the
                      > Dieter> server.
                      >
                      > Why would there be *any* eval-string in this program? Sure,
                      > eval-block for catch-throw exception handling. But *every* appearance
                      > of eval-string is suspect. I threw away the code, so I can't point
                      > out the specific places, but it's stuff like this:
                      >
                      > eval $data_taken_from_a_form_field
                      >
                      > that is INCREDIBLY suspect. Even if the form data is provided from a
                      > pop-up menu or a hidden field, it can still be altered client-side,
                      > making it imperative to check that data before it gets used. I saw
                      > none of that.
                      >
                      > Just grep through that program, noting every use of eval that is not
                      > immediately followed by an open brace. EVERY ONE OF THOSE is an
                      > eval-string. Even *one* in this program would be too many.
                      >
                      > Please, there is lots of literature on Perl CGI security. Don't make
                      > me retype it all here. In fact, you have a responsibility as someone
                      > providing examples to newbies to have *already* *studied* such
                      > literature. Again, I think you're falling short here.
                      >
                      > Even worse, suppose a server got 0wn3d by running your code. Do you
                      > have enough lawyers to defend yourself in court? Are you prepared to
                      > do so? In fact, now that I've pointed out the potential security hole
                      > to you, you can no longer claim neglect. You are now liable for
                      > knowingly providing bad code. I suggest you remove your program
                      > immediately to prevent further tort exposure, especially since our
                      > correspondence here is a matter of public record now.
                      >
                      > Dieter> In short, Randal
                      > Dieter> writing a bad criticism about a program you are very fast (and very
                      > Dieter> brutal); maybe you are too fast (and too brutal)?
                      > Dieter> You should keep in mind that you are a member of a 'Perl-Beginners-
                      > Dieter> Group'!!
                      >
                      > Not according to the other respondants. I do believe you are in the
                      > minority here, not that being in the majority matters to me at all.
                      >
                      > Dieter> No hard feelings, please, but I think your contribution was a bit to
                      > Dieter> much 'overdressed'.
                      >
                      > No hard feelings either, but I think you should stay away from
                      > providing bad examples for beginners. Apparently, you are unable to
                      > self-censor. And by your followup, it's clear that you think you know
                      > more than you actually do, which also scares me a bit.
                      >


                      --
                      rgds


                      Frank Hauptle (aka Franki)

                      For free scripts, online webmaster tools, HTML, XHTML, Perl & PHP
                      tutorials and stuff, visit:
                      http://htmlfixit.com Free web developer resources.

                      Please sign our petition to encourage notebook manufacturers to offer
                      video card upgrades just like desktops.
                      http://www.petitiononline.com/inspiron/petition.html
                    • merlyn@stonehenge.com
                      ... Brad Next time, do one of two things. Ask this list to review your Brad code, or checkout the code-review-ladder mailing list which is Brad dedicated
                      Message 10 of 17 , Mar 22 11:41 AM
                      • 0 Attachment
                        >>>>> "Brad" == Brad Lhotsky <brad@...> writes:

                        Brad> Next time, do one of two things. Ask this list to review your
                        Brad> code, or checkout the code-review-ladder mailing list which is
                        Brad> dedicated to this kind of thing.

                        Also note that I have stated many times publicly that I am willing to
                        give *any* code a once-over before public posting, free of charge,
                        time-permitting. That bulleted list would have come back to Dieter in
                        private, instead of being associated with his name in a googleable
                        sorta way for the rest of his life.

                        I encourage both of:

                        - posting code for review
                        - posting code for beginners to emulate

                        Just not at the same time, please. :)

                        --
                        Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
                        <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
                        Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                        See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
                      • Brad Lhotsky
                        Beginner s may not start by using packages and objects, but that is a very big problem. There is NO reason to encourage people to copy and paste the query
                        Message 11 of 17 , Mar 22 11:43 AM
                        • 0 Attachment
                          Beginner's may not start by using packages and objects, but that is a
                          very big problem. There is NO reason to encourage people to copy and
                          paste the query string/post field code that you've included as part of
                          this script. Additionally, 5000 lines is not a starting point for a
                          beginner.

                          Randal's comments are not overdressed. The whole reason he's on this
                          list is to encourage new perl programmers to do the right thing. The
                          code that you've submitted is insecure, unmaintainable, and sits in
                          direct opposition to the methods Perl's own documentation suggests
                          coding.

                          We want new perl programmer's to feel welcome here, and we do a lot to
                          encourage the proper use of the language. We are insulted that you
                          would submit this on the grounds that it doesn't "use CGI" alone. We've
                          been trying to establish 'use strict;' and 'use CGI;' as a starting
                          point for all beginners and are continually underminded by the
                          propogation of this subroutine that WILL NOT DIE.

                          Again, we're not upset that you coded this. That's fine, you've gotten
                          a lot of feedback about how to fix things. What bothers us is that you
                          submitted this as a beginner's tutorial and someone may actually begin
                          programming using something like this. What's worse, one of us might
                          work with that person now, or be forced to maintain their code at some
                          point in the future. I've had to maintain the perl of some very
                          brilliant people that looked very similar to this, and bottom line, it
                          was a complete nightmare. Please, before you post something as a
                          "beginner's guide to perl" make sure you've atleast read the
                          documentation that's provided with the language and maybe even follow
                          the community or research the mailing list you post to.

                          We'll always be here to help anyone who asks.

                          Next time, do one of two things. Ask this list to review your code, or
                          checkout the code-review-ladder mailing list which is dedicated to this
                          kind of thing.

                          Check out perldoc perl, perldoc perlstyle, perldoc perlvar, perldoc CGI
                          for more interesting things.

                          On Mon, Mar 22, 2004 at 05:40:10PM -0000, Dieter Werner wrote:

                          > LOL
                          >
                          > No Randal - I'm not 'very proud' about this script ...
                          > because it is just a rewrite of the well knowned 'EveryAuction'
                          > http://www.everysoft.com
                          > but I thought that a script like this could be a starting point for
                          > beginners!
                          >
                          > Newbies don't start programming perl by using packages and/or objects.
                          > I'm very sure that the use of packages and/or objects is 'overcoded'
                          > in case of a simple program like this.
                          >
                          > As for the 'eval' ...
                          > show me one case on which 'arbitrary code' could be executed on the
                          > server.
                          >
                          > In short, Randal
                          > writing a bad criticism about a program you are very fast (and very
                          > brutal); maybe you are too fast (and too brutal)?
                          > You should keep in mind that you are a member of a 'Perl-Beginners-
                          > Group'!!
                          >
                          > No hard feelings, please, but I think your contribution was a bit to
                          > much 'overdressed'.
                          >
                          > Greetings from Germany
                          > Dieter Werner
                          >
                          >
                          > --- In perl-beginner@yahoogroups.com, merlyn@s... wrote:
                          > > >>>>> "Dieter" == Dieter Werner <hdw@i...> writes:
                          > >
                          > > Dieter> Hi folks,
                          > > Dieter> I did a Perl-Script just as an example for beginners.
                          > > Dieter> It's a an auction script and you can download it from
                          > > Dieter> http://www.hotscripts.com/Detailed/29187.html
                          > >
                          > > While you're probably very proud about this script, and have spent
                          > > countless hours fine tuning it, let me say initially that I was
                          > > shocked back into the mid-90's as I was glancing through the
                          > > distribution.
                          > >
                          > > Folks, this is a single 5000-line script with:
                          > >
                          > > - no use of packages
                          > > - no use of objects
                          > > - no reuse of available modules from the CPAN
                          > > - the most important of which is: no "use CGI" on a CGI script!
                          > > - apparently duplicated or repeititious code
                          > > - lots of global variables (hiding a lot of hash elements in one
                          > global)
                          > > - local instead of my
                          > > - setting its own srand() instead of relying on modern perl to do
                          > that
                          > > - a few scary "eval string" forms that look like they might be
                          > coaxed
                          > > into being a huge security hole, running arbitrary code on the
                          > server
                          > > - very little use of references
                          > >
                          > > In short, Dieter, you're about 10 years behind the curve. I was
                          > > hoping we'd gotten rid of most of the bad code with Matt Wright
                          > > himself pointed at nms-cgi.sf.net to replace his
                          > > awful-but-well-publicized code.
                          > >
                          > > To the rest of you, please don't use this code.
                          > >
                          > > To dieter: before attempting a 5000-line script, please be sure
                          > you've
                          > > both read and *understood* my two tutorial books:
                          > >
                          > > Learning Perl
                          > > Learning Perl Objects References and Modules
                          > >
                          > > And stop learning Perl by staring at code from the mid-90s. :)
                          > >
                          > > --
                          > > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503
                          > 777 0095
                          > > <merlyn@s...> <URL:http://www.stonehenge.com/merlyn/>
                          > > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                          > > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
                          > training!
                          >
                          >
                          >
                          > Unsubscribing info is here: http://help.yahoo.com/help/us/groups/groups-32.html
                          > Yahoo! Groups Links
                          >
                          >
                          >
                          >
                          >

                          --
                          Brad Lhotsky <brad@...>
                        • Paul Archer
                          ... At the risk of asking an RTFM question, here, is there a good tutorial for writing testing code out there? And at what point (complexity and/or number of
                          Message 12 of 17 , Mar 22 11:55 AM
                          • 0 Attachment
                            11:05am, merlyn@... wrote:

                            > Absolutely disagree here. You have no testing code either, and I
                            > forgot to mention that. It's crazy in this day-and-age to write 5000
                            > lines of code without having something that tests the subroutines and
                            > modules and object interfaces. How would any ever *maintain* that
                            > code?
                            >
                            At the risk of asking an RTFM question, here, is there a good tutorial for
                            writing testing code out there?
                            And at what point (complexity and/or number of lines) is it generally worth
                            it to write the test code?

                            TIA,

                            Paul



                            ---------------------------
                            404 Error - Item Not Found
                            <haiku>
                            You step in the stream,
                            but the water has moved on.
                            That page is not here.
                            </haiku>
                            ---------------------------
                          • merlyn@stonehenge.com
                            ... Paul At the risk of asking an RTFM question, here, is there a good tutorial for Paul writing testing code out there? Google for Test::More tutorial and
                            Message 13 of 17 , Mar 22 12:06 PM
                            • 0 Attachment
                              >>>>> "Paul" == Paul Archer <tigger@...> writes:

                              Paul> At the risk of asking an RTFM question, here, is there a good tutorial for
                              Paul> writing testing code out there?

                              Google for

                              Test::More tutorial

                              and you'll find plenty of links. Also "perldoc Test::Tutorial" for
                              your on-disk version of the core.

                              Paul> And at what point (complexity and/or number of lines) is it
                              Paul> generally worth it to write the test code?

                              Generally, as soon as you start modularizing... creating groups of
                              related subroutines and perhaps objects. That's probably good to do
                              at about 200-300 lines, or else you'll go batty trying to "debug" any
                              change.

                              --
                              Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
                              <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
                              Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                              See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
                            • Dieter Werner
                              Dear Randal L. Schwartz, this is no longer a joke now! Either you haven t read the script(s) or you are not honest. First of all ... I m not a newbie (although
                              Message 14 of 17 , Mar 22 1:33 PM
                              • 0 Attachment
                                Dear Randal L. Schwartz,

                                this is no longer a joke now!
                                Either you haven't read the script(s) or you are not honest.

                                First of all ...
                                I'm not a newbie (although you called me so) and so I'm very able
                                to 'write' and to 'maintain' a script of just 5,000 lines; each
                                subroutine is a function, therefore it is very easy to test.
                                I'm a programmer since about 30 years now (coding Perl since 1996)
                                Yes - you are right; I didn't read your books - but some books
                                written by Larry Wall, Tom Christiansen, Lincoln D. Stein, Mike
                                Schilli (and so on) are the base of my Perl knowledge (be sure: the
                                content of the books has been understood by me).

                                The 'eval-functions' you mentioned ...
                                doesn't use any FORM data; each kind of INPUT is created by the
                                script and so the $data_taken_from_form_field are nothing else
                                as 'internal' values.
                                The Client-User cannot launch his own data and cannot manipulate the
                                created data; on the other hand: either the 'eval' ist just a
                                container for an 'require' or it is just a container for
                                an 'Comparison of conditions' - so the code is very safe.
                                Either you prove that your statement about this is right or you have
                                to take it back (and declare an official excuse); otherwise you
                                should have enough lawyers to defend yourself in court.

                                As for your followup ...
                                it's clear that you think you can draw-down the code of everyone -
                                just because you are the Guru Randal; that's what also scares me a
                                bit.
                                Maybe you should try to 'read' and to 'understand' what you read
                                (yes, 5,000 lines are a long way of understanding - but you did it in
                                46 minutes !!Congratulations!!).

                                Greetings from Germany
                                Dieter Werner

                                --- In perl-beginner@yahoogroups.com, merlyn@s... wrote:
                                > >>>>> "Dieter" == Dieter Werner <hdw@i...> writes:
                                >
                                > Dieter> No Randal - I'm not 'very proud' about this script ...
                                > Dieter> because it is just a rewrite of the well
                                knowned 'EveryAuction'
                                > Dieter> http://www.everysoft.com
                                >
                                > Even more a reason to give it a timely death. Almost everything
                                > written in the mid-90's during the dot-com boom and Perl4 heyday is
                                > worthless these days. Stopping trying to breathe life into a dead
                                > horse.
                                >
                                > Dieter> but I thought that a script like this could be a starting
                                point for
                                > Dieter> beginners!
                                >
                                > No, it's not a good example.
                                >
                                > Dieter> Newbies don't start programming perl by using packages
                                and/or objects.
                                >
                                > Newbies shouldn't start by writing 5000 line scripts either.
                                Newbies
                                > *often* start with my "Learning Perl" book, which only glances on
                                > Packages and Objects, and instead focusses on what you need to know
                                > for 1-100 line scripts. For scripts greater than 100
                                lines, "Learning
                                > Perl Objects References and Modules" does indeed introduce Packages
                                > (in the first chapter) and Objects (in the fifth or sixth chapter).
                                >
                                > Dieter> I'm very sure that the use of packages and/or objects
                                is 'overcoded'
                                > Dieter> in case of a simple program like this.
                                >
                                > Absolutely disagree here. You have no testing code either, and I
                                > forgot to mention that. It's crazy in this day-and-age to write
                                5000
                                > lines of code without having something that tests the subroutines
                                and
                                > modules and object interfaces. How would any ever *maintain* that
                                > code?
                                >
                                > Dieter> As for the 'eval' ...
                                > Dieter> show me one case on which 'arbitrary code' could be
                                executed on the
                                > Dieter> server.
                                >
                                > Why would there be *any* eval-string in this program? Sure,
                                > eval-block for catch-throw exception handling. But *every*
                                appearance
                                > of eval-string is suspect. I threw away the code, so I can't point
                                > out the specific places, but it's stuff like this:
                                >
                                > eval $data_taken_from_a_form_field
                                >
                                > that is INCREDIBLY suspect. Even if the form data is provided from
                                a
                                > pop-up menu or a hidden field, it can still be altered client-side,
                                > making it imperative to check that data before it gets used. I saw
                                > none of that.
                                >
                                > Just grep through that program, noting every use of eval that is not
                                > immediately followed by an open brace. EVERY ONE OF THOSE is an
                                > eval-string. Even *one* in this program would be too many.
                                >
                                > Please, there is lots of literature on Perl CGI security. Don't
                                make
                                > me retype it all here. In fact, you have a responsibility as
                                someone
                                > providing examples to newbies to have *already* *studied* such
                                > literature. Again, I think you're falling short here.
                                >
                                > Even worse, suppose a server got 0wn3d by running your code. Do you
                                > have enough lawyers to defend yourself in court? Are you prepared
                                to
                                > do so? In fact, now that I've pointed out the potential security
                                hole
                                > to you, you can no longer claim neglect. You are now liable for
                                > knowingly providing bad code. I suggest you remove your program
                                > immediately to prevent further tort exposure, especially since our
                                > correspondence here is a matter of public record now.
                                >
                                > Dieter> In short, Randal
                                > Dieter> writing a bad criticism about a program you are very fast
                                (and very
                                > Dieter> brutal); maybe you are too fast (and too brutal)?
                                > Dieter> You should keep in mind that you are a member of a 'Perl-
                                Beginners-
                                > Dieter> Group'!!
                                >
                                > Not according to the other respondants. I do believe you are in the
                                > minority here, not that being in the majority matters to me at all.
                                >
                                > Dieter> No hard feelings, please, but I think your contribution was
                                a bit to
                                > Dieter> much 'overdressed'.
                                >
                                > No hard feelings either, but I think you should stay away from
                                > providing bad examples for beginners. Apparently, you are unable to
                                > self-censor. And by your followup, it's clear that you think you
                                know
                                > more than you actually do, which also scares me a bit.
                                >
                                > --
                                > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503
                                777 0095
                                > <merlyn@s...> <URL:http://www.stonehenge.com/merlyn/>
                                > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                                > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
                                training!
                              • Dieter Werner
                                You are very right in a lot of things, but nobody will bring me to the use of this monster cgi.pm when I have to maintain a big number of clients (at the
                                Message 15 of 17 , Mar 22 2:54 PM
                                • 0 Attachment
                                  You are very right in a lot of things, but nobody will bring me to
                                  the use of this 'monster' cgi.pm when I have to maintain a big number
                                  of clients (at the same time) and to take care of the CPU resources.

                                  Please, nevermore write publically that my code is insecure - or just
                                  prove it!

                                  There is a demo running at
                                  http://www.everyscript.de/eAuction.html
                                  everybody is allowed to hack this program in order to prove how
                                  insecure it is!

                                  The script I posted wasn't thought as an example of common Perl
                                  scripting.
                                  But the code is containing a lot of solutions a beginner maybe could
                                  use as an example (I thought).

                                  Sorry for the trouble I caused - I will step into the background now.

                                  Greetings
                                  Dieter Werner


                                  --- In perl-beginner@yahoogroups.com, Brad Lhotsky <brad@d...> wrote:
                                  > Beginner's may not start by using packages and objects, but that is
                                  a
                                  > very big problem. There is NO reason to encourage people to copy
                                  and
                                  > paste the query string/post field code that you've included as part
                                  of
                                  > this script. Additionally, 5000 lines is not a starting point for a
                                  > beginner.
                                  >
                                  > Randal's comments are not overdressed. The whole reason he's on
                                  this
                                  > list is to encourage new perl programmers to do the right thing.
                                  The
                                  > code that you've submitted is insecure, unmaintainable, and sits in
                                  > direct opposition to the methods Perl's own documentation suggests
                                  > coding.
                                  >
                                  > We want new perl programmer's to feel welcome here, and we do a lot
                                  to
                                  > encourage the proper use of the language. We are insulted that you
                                  > would submit this on the grounds that it doesn't "use CGI" alone.
                                  We've
                                  > been trying to establish 'use strict;' and 'use CGI;' as a starting
                                  > point for all beginners and are continually underminded by the
                                  > propogation of this subroutine that WILL NOT DIE.
                                  >
                                  > Again, we're not upset that you coded this. That's fine, you've
                                  gotten
                                  > a lot of feedback about how to fix things. What bothers us is that
                                  you
                                  > submitted this as a beginner's tutorial and someone may actually
                                  begin
                                  > programming using something like this. What's worse, one of us
                                  might
                                  > work with that person now, or be forced to maintain their code at
                                  some
                                  > point in the future. I've had to maintain the perl of some very
                                  > brilliant people that looked very similar to this, and bottom line,
                                  it
                                  > was a complete nightmare. Please, before you post something as a
                                  > "beginner's guide to perl" make sure you've atleast read the
                                  > documentation that's provided with the language and maybe even
                                  follow
                                  > the community or research the mailing list you post to.
                                  >
                                  > We'll always be here to help anyone who asks.
                                  >
                                  > Next time, do one of two things. Ask this list to review your
                                  code, or
                                  > checkout the code-review-ladder mailing list which is dedicated to
                                  this
                                  > kind of thing.
                                  >
                                  > Check out perldoc perl, perldoc perlstyle, perldoc perlvar, perldoc
                                  CGI
                                  > for more interesting things.
                                  >
                                  > On Mon, Mar 22, 2004 at 05:40:10PM -0000, Dieter Werner wrote:
                                  >
                                  > > LOL
                                  > >
                                  > > No Randal - I'm not 'very proud' about this script ...
                                  > > because it is just a rewrite of the well knowned 'EveryAuction'
                                  > > http://www.everysoft.com
                                  > > but I thought that a script like this could be a starting point
                                  for
                                  > > beginners!
                                  > >
                                  > > Newbies don't start programming perl by using packages and/or
                                  objects.
                                  > > I'm very sure that the use of packages and/or objects
                                  is 'overcoded'
                                  > > in case of a simple program like this.
                                  > >
                                  > > As for the 'eval' ...
                                  > > show me one case on which 'arbitrary code' could be executed on
                                  the
                                  > > server.
                                  > >
                                  > > In short, Randal
                                  > > writing a bad criticism about a program you are very fast (and
                                  very
                                  > > brutal); maybe you are too fast (and too brutal)?
                                  > > You should keep in mind that you are a member of a 'Perl-
                                  Beginners-
                                  > > Group'!!
                                  > >
                                  > > No hard feelings, please, but I think your contribution was a bit
                                  to
                                  > > much 'overdressed'.
                                  > >
                                  > > Greetings from Germany
                                  > > Dieter Werner
                                  > >
                                  > >
                                  > > --- In perl-beginner@yahoogroups.com, merlyn@s... wrote:
                                  > > > >>>>> "Dieter" == Dieter Werner <hdw@i...> writes:
                                  > > >
                                  > > > Dieter> Hi folks,
                                  > > > Dieter> I did a Perl-Script just as an example for beginners.
                                  > > > Dieter> It's a an auction script and you can download it from
                                  > > > Dieter> http://www.hotscripts.com/Detailed/29187.html
                                  > > >
                                  > > > While you're probably very proud about this script, and have
                                  spent
                                  > > > countless hours fine tuning it, let me say initially that I was
                                  > > > shocked back into the mid-90's as I was glancing through the
                                  > > > distribution.
                                  > > >
                                  > > > Folks, this is a single 5000-line script with:
                                  > > >
                                  > > > - no use of packages
                                  > > > - no use of objects
                                  > > > - no reuse of available modules from the CPAN
                                  > > > - the most important of which is: no "use CGI" on a CGI script!
                                  > > > - apparently duplicated or repeititious code
                                  > > > - lots of global variables (hiding a lot of hash elements in
                                  one
                                  > > global)
                                  > > > - local instead of my
                                  > > > - setting its own srand() instead of relying on modern perl to
                                  do
                                  > > that
                                  > > > - a few scary "eval string" forms that look like they might be
                                  > > coaxed
                                  > > > into being a huge security hole, running arbitrary code on
                                  the
                                  > > server
                                  > > > - very little use of references
                                  > > >
                                  > > > In short, Dieter, you're about 10 years behind the curve. I was
                                  > > > hoping we'd gotten rid of most of the bad code with Matt Wright
                                  > > > himself pointed at nms-cgi.sf.net to replace his
                                  > > > awful-but-well-publicized code.
                                  > > >
                                  > > > To the rest of you, please don't use this code.
                                  > > >
                                  > > > To dieter: before attempting a 5000-line script, please be sure
                                  > > you've
                                  > > > both read and *understood* my two tutorial books:
                                  > > >
                                  > > > Learning Perl
                                  > > > Learning Perl Objects References and Modules
                                  > > >
                                  > > > And stop learning Perl by staring at code from the mid-90s. :)
                                  > > >
                                  > > > --
                                  > > > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1
                                  503
                                  > > 777 0095
                                  > > > <merlyn@s...> <URL:http://www.stonehenge.com/merlyn/>
                                  > > > Perl/Unix/security consulting, Technical writing, Comedy, etc.
                                  etc.
                                  > > > See PerlTraining.Stonehenge.com for onsite and open-enrollment
                                  Perl
                                  > > training!
                                  > >
                                  > >
                                  > >
                                  > > Unsubscribing info is here:
                                  http://help.yahoo.com/help/us/groups/groups-32.html
                                  > > Yahoo! Groups Links
                                  > >
                                  > >
                                  > >
                                  > >
                                  > >
                                  >
                                  > --
                                  > Brad Lhotsky <brad@d...>
                                • Jenda Krynicky
                                  From: Dieter Werner ... CGI.pm is not as big memory hog as it may seem. Most of the code is not compiled if not used. If you still think
                                  Message 16 of 17 , Mar 23 4:06 PM
                                  • 0 Attachment
                                    From: "Dieter Werner" <hdw@...>
                                    > You are very right in a lot of things, but nobody will bring me to the
                                    > use of this 'monster' cgi.pm when I have to maintain a big number of
                                    > clients (at the same time) and to take care of the CPU resources.

                                    CGI.pm is not as big memory hog as it may seem. Most of the code is
                                    not compiled if not used. If you still think it's too big try
                                    CGI::Lite.

                                    > Please, nevermore write publically that my code is insecure - or just
                                    > prove it!
                                    >
                                    > There is a demo running at
                                    > http://www.everyscript.de/eAuction.html
                                    > everybody is allowed to hack this program in order to prove how
                                    > insecure it is!

                                    Your app doesn't seem to be in that a great shape anymore.
                                    I guess you'll find some files missing.
                                    I did not expect that the app will hang then though. All I wanted to
                                    do was to delete the data about the items.


                                    You are right that the eval""s in your code are safe. (At least I do
                                    believe they are.)

                                    You forgot to check other things though. Ever tried this?

                                    my $filename = "some_file.exe\0"
                                    open OUT, "> $filename.txt" or die "can't create: $!\n";

                                    Too bad ...

                                    Jenda
                                    P.S.: Now at last I can call myself a hacker in the media meaning.
                                    But you can't say you did not ask for it.
                                    ===== Jenda@... === http://Jenda.Krynicky.cz =====
                                    When it comes to wine, women and song, wizards are allowed
                                    to get drunk and croon as much as they like.
                                    -- Terry Pratchett in Sourcery
                                  • Jenda Krynicky
                                    From: Fortuno, Adam ... I would kind of agree about the code, but I disagree about the advice. How do you know it s bad? And even if
                                    Message 17 of 17 , Mar 23 4:06 PM
                                    • 0 Attachment
                                      From: "Fortuno, Adam" <fortunoa@...>
                                      > As a beginner, I always think twice before providing a suggestion
                                      > because of a note where Randal put his foot in my a$$. The lesson
                                      > learned is if you're going to give bad advice don't give it. If you're
                                      > going to promote poor code, don't promote it.
                                      >
                                      > Regards,
                                      > Adam

                                      I would kind of agree about the code, but I disagree about the
                                      advice. How do you know it's bad? And even if it is, do you know why?

                                      Giving someone a bad advice in private might be bad, but over here if
                                      you do give one, someone will surely correct you and (usualy) point
                                      out why was it bad. And even those that neither asked nor replied may
                                      profit.

                                      You just should not be attached to your advice and you should not
                                      take it personaly is someone says it was wrong. It was the advice
                                      what was bad, not you.

                                      Jenda

                                      ===== Jenda@... === http://Jenda.Krynicky.cz =====
                                      When it comes to wine, women and song, wizards are allowed
                                      to get drunk and croon as much as they like.
                                      -- Terry Pratchett in Sourcery
                                    Your message has been successfully submitted and would be delivered to recipients shortly.