A rather unique feature of Perl is Taint Mode. If the Perl interpreter is running with Taint Mode enabled, it treats all user input as insecure and refuses to do certain dangerous operations with it. All command line arguments, environment variables, locale information, file input, and the results of certain system calls are considered user input, any command that invokes another process, modifies files, directories or processes is considered dangerous. In addition to that, environment variables and the current working directory are not referred to when loading modules, and directories that are not absolute or writeable by other users are disallowed in the PATH environment variable. Any attempt to use tainted data in the situations outlined above results in immediate termination of the Perl program. The only way to get around this is to untaint the data, which can be done by matching it against regular expressions describing the acceptable values.

Note that Taint Mode can only encourage programmers to include validation of user input in order to prevent security problems: It forces the programmer to write some validation code, but to make those checks effective remains the developer's responsibility.

Also note that Taint Mode is a mechanism to protect your program from causing damage when given unexpected input. It is not a mechanism that makes it safe to run untrusted programs. That problem is addressed by the Safe module, Perl's way of sandboxing code.

Flight information  	22 Jan 2006 20:10 JST 	

Arrival
Airline 	NORTHWEST
From 	SHANGHAI

1 flight is matched as the result of search.

Planned 	Expected 	Airline 	Flight  From  		Status 	Flight Time Aircraft
13:20		19:58		NORTHWEST 	NW26	SHANGHAI 	ARRIVED	02:45		747-400

Kitty spend the afternoon vomiting into strategic locations throughout the apartment. I can only hope that I have found everything, but at least she seems to be done for now. The good news is that this is most likely not related to yet another health issue (she is still on her liver-friendly diet). She apparently only tried (successfully) to rid herself of one of Cissy's elastic hair bands. Why she would have eaten that in the first place remains a mystery, though.

I have not read any of the wildly popular Harry Potter books so far, but after watching the Goblet of Fire I just needed to know what happens next. The first thing that struck me in the bookstore is that the later volumes are much thicker than the earlier ones. The next thing that becomes quickly apparent is that as Harry grows older, the story picks up steam and also becomes much darker and more serious. Order of the Phoenix, just like Goblet of Fire, ends with a wizardry showdown between He-Who-Must-Not-Be-Named and the good guys, that leaves one of the good guys dead (and this time it is a major character) and the reader wanting to immediately dig into the next book.

So in addition to being able to enjoy following the speculations as to who will be cast to play the new characters in the upcoming movie, I am now in the same situation as with Wheel of Time: Two more books to go, only one of them written yet.

This week saw the release of the Mac version of Google Earth. It apparently uses more recent satellite images than Google Local: The latter shows only an empty lot where our house stands now, whereas you can see it in Google Earth next to the soccer field.

Please send me your longitudes and latitudes, so that I can place my virtual pins all over the globe.

Update: Placemark.

I am the maintainer for a Perl database abstraction module, that automatically creates the necessary SQL to access stored procedures. Testing code that interacts with a database can be tricky. You need to have instances of all the supported database products available. You need to set up the connection passwords for the test suite. Certain tests may depend on the database being in a certain state, so you need to put it in that state. Basically you want to have complete control over the database for the purpose of running your tests without risking to damage any important data that may be stored in there. And of course, the tests should still be able to run automated, for example as part of the CPAN install process.

Enter DBD::Mock. It is a fake database driver that just accepts and records all the commands you throw at it. You can also prep it with mock data that it should return. After running a transaction using DBD::Mock (instead of the regular database driver), you can check the logs it collects and verify that the SQL your code has issued came out as expected. Obviously, you cannot check how a real database would have reacted to it, but testing the database is not your job anyway: You should only really be concerned that your SQL is correct (which you have to verify in some other way). There are certainly cases where you need to do the whole real-world round-trip, but for an SQL-generating module such as mine, DBD::Mock already takes you a long way.

Too long. Seeing that the film contains an entire Jurassic Park in its middle segment, that could have been shortened a little, I suppose. Of course, the dinosaur stampede and the fight against the three tyrannosauri (?)

PLURALS

A question frequently asked of palaeontologists is how to form the plural of a species. If an author is writing about a pack of 15 Tyrannosaurus rex individuals, for example, he wants to know whether to refer to them as tyrannosauri, tyrannosauruses, or some other form of plural. The correct answer is "none of the above," as when referring to taxa there are no plurals.

Taxa are singular entities. There is only one Amniota, one Reptilia, one Dinosauria, and so on. This extends to the species level: there is only one Tyrannosaurus rex, for example. Each individual of the species Tyrannosaurus rex is a specimen of the taxon; the individual is not, strictly speaking, the taxon itself.

When referring to several individuals that belong to a specific taxon, the writer must refer to the taxon in the singular and the individuals in the plural. A correct way for the writer, in the example above, to refer to his pack of 15 Tyrannosaurus rex individuals might be "... a pack of 15 specimens of Tyrannosaurus rex..." or "... the pack, comprised of 15 Tyrannosaurus rex individuals..."

It is perfectly acceptable, however, to form plurals of vernacular names. A writer might use the vernacular reptile, dinosaur or tyrannosaur to refer to a single specimen of Reptilia, Dinosauria or Tyrannosaurus. The writer may use the vernacular plurals reptiles, dinosaurs or tyrannosaurs to refer to more than one individual of Reptilia, Dinosauria or Tyrannosaurus.

Jeff Poling, Dinosauria Writer's Guide

... tyrannosaurs has to stay.

And hopefully, animal rights activists would prevent the tragic ending if the whole thing happens again in modern times.

Did you know that King Kong is played by Andy Serkis, who also played Gollum in the Lord of the Rings (in both cases hidden behind the massive use of computer-generated imagery), and that he went to Rwanda to prepare for the role?

7 points

With approximately 150 hotels and ryokans, Isawa Onsen is the biggest hot spring resort in Yamanashi, the prefecture to Tokyo's west. It is also home to seven temples to the Seven Gods of Fortune, which we (Cissy, Jing, Ted, Kanshi, and myself) visited today. We walked the whole way (much to the amazement of Japanese travelers, who did this pilgrimage by car), thus walked the whole day (it took about six hours), but it was well worth the effort, as I could add seven stamps to my collection, all of them with the coveted January 1st date. The first stamp is especially great: The priest at the Ebisu Temple was in such a good mood that he augmented his calligraphy with a smiley. I was also given mandarin oranges, beans, candy, tea, and a ball pen.

After that was onsen, of course, and the hotel we went to even had a free New Year show (a performance by four Chinese acrobats).