This document provides an introduction to CGI (Common Gateway Interface) programming with Perl for the web. It explains what CGI is, how it allows a web server to run server-side programs, and how the Perl CGI module handles the CGI protocol. It then provides a basic example CGI program written in Perl, called backatcha.cgi, that echoes back any parameters sent to it. It discusses some requirements for setting up and running CGI programs, like file permissions, and potential issues that could occur like errors or seeing the source code instead of output.
Don't RTFM, WTFM - Open Source Documentation - German Perl Workshop 2010singingfish
The document discusses improving documentation for Perl modules like Moose and Catalyst by focusing on providing working code examples and minimizing extraneous information. It advocates for an incremental, "git-based" approach to introducing concepts one by one and advertising examples. Key points made include assuming readers have minimal knowledge, reducing cognitive load, and crowdsourcing documentation improvements through a standard Pod format. Contributors are tasked with improving specific documentation areas by these principles.
The document discusses common web application security threats like cross-site request forgery (CSRF), cross-site scripting (XSS), and SQL injections. It provides examples of each threat and explains how Joomla handles them, such as by adding tokens for CSRF protection and escaping user input. The document also covers other attacks like direct code access, register globals being on, and outlines best practices for secure web development like input sanitization and validation.
The document discusses declarative approaches to building user interfaces, which focus on describing what user interface elements to display rather than how to display them. Declarative languages allow for easier design, reuse, and sharing of information compared to imperative languages. Some challenges of declarative approaches include cross-browser compatibility issues and a lack of support for certain features in some browsers.
The discovery of unit testing and test-driven development was one of the most important parts of my growth as a developer. The ability to write simple, small pieces of code that could verify the behavior of my application was in itself quite useful. And the ability to refactor without fear, just by running the test suite, changed how I program. But the real benefits come in how unit tests shape your application code: more testable code is often more well thought-out, more decoupled, and more extensible.
In this talk, I'll give a whirlwind introduction to unit testing as a concept and as a practice. I want you fully convinced it's the best thing to happen to software development, if you aren't already. Once we're on the same page there, I'll take a deep dive into what makes a good unit test. This involves testing tools such as spies, stubs, and mocks, concepts like code coverage, and practices like dependency injection that shape your application code. The most important lesson will be on how to focus on singular, isolated units of code in your testing, as this guides you toward building modular, flexible, and comprehensible applications.
This document discusses Behavior Driven Development (BDD) using Cucumber. It explains that BDD implements applications by describing their behavior from the perspective of stakeholders. Cucumber is a tool that executes plain-text functional descriptions as automated tests using a language called Gherkin. Gherkin descriptions use Given-When-Then steps. Cucumber supports linking steps to code implementations in various languages like Java. The document provides examples of Gherkin features and step definitions to link them to code.
Building Desktop RIAs With PHP And JavaScriptfunkatron
This document summarizes a talk about building desktop applications using PHP and JavaScript. It discusses using Adobe AIR as a runtime environment and JavaScript frameworks like jQuery. It provides examples of desktop apps communicating with a PHP backend over JSON to perform tasks like uploading photos or making asynchronous calculations. The document recommends using JSON for data exchange and emphasizes that desktop apps are persistent with asynchronous calls, unlike server-side PHP apps.
This document discusses how web design firms can compete with internal GIS teams by providing web-based GIS (WebGIS) applications. It notes that WebGIS requires learning new tools like JavaScript, AJAX, and RESTful services. To protect their work, internal GIS teams need to learn these new web technologies and prioritize usability over features to create responsive applications. The document advocates for an iterative development process with a focus on performance and usability testing.
Migrating existing monolith to serverless in 8 stepsYan Cui
The document discusses refactoring a monolithic application to a serverless architecture in 8 steps. It covers identifying service boundaries, organizing code into separate repositories for each service, choosing deployment tools, keeping functions simple and single-purpose, and migrating features to new services incrementally while maintaining compatibility with the existing monolith. The goal is to break the application into small, autonomous services that can be developed and deployed independently for improved scalability, resilience and development velocity.
Don't RTFM, WTFM - Open Source Documentation - German Perl Workshop 2010singingfish
The document discusses improving documentation for Perl modules like Moose and Catalyst by focusing on providing working code examples and minimizing extraneous information. It advocates for an incremental, "git-based" approach to introducing concepts one by one and advertising examples. Key points made include assuming readers have minimal knowledge, reducing cognitive load, and crowdsourcing documentation improvements through a standard Pod format. Contributors are tasked with improving specific documentation areas by these principles.
The document discusses common web application security threats like cross-site request forgery (CSRF), cross-site scripting (XSS), and SQL injections. It provides examples of each threat and explains how Joomla handles them, such as by adding tokens for CSRF protection and escaping user input. The document also covers other attacks like direct code access, register globals being on, and outlines best practices for secure web development like input sanitization and validation.
The document discusses declarative approaches to building user interfaces, which focus on describing what user interface elements to display rather than how to display them. Declarative languages allow for easier design, reuse, and sharing of information compared to imperative languages. Some challenges of declarative approaches include cross-browser compatibility issues and a lack of support for certain features in some browsers.
The discovery of unit testing and test-driven development was one of the most important parts of my growth as a developer. The ability to write simple, small pieces of code that could verify the behavior of my application was in itself quite useful. And the ability to refactor without fear, just by running the test suite, changed how I program. But the real benefits come in how unit tests shape your application code: more testable code is often more well thought-out, more decoupled, and more extensible.
In this talk, I'll give a whirlwind introduction to unit testing as a concept and as a practice. I want you fully convinced it's the best thing to happen to software development, if you aren't already. Once we're on the same page there, I'll take a deep dive into what makes a good unit test. This involves testing tools such as spies, stubs, and mocks, concepts like code coverage, and practices like dependency injection that shape your application code. The most important lesson will be on how to focus on singular, isolated units of code in your testing, as this guides you toward building modular, flexible, and comprehensible applications.
This document discusses Behavior Driven Development (BDD) using Cucumber. It explains that BDD implements applications by describing their behavior from the perspective of stakeholders. Cucumber is a tool that executes plain-text functional descriptions as automated tests using a language called Gherkin. Gherkin descriptions use Given-When-Then steps. Cucumber supports linking steps to code implementations in various languages like Java. The document provides examples of Gherkin features and step definitions to link them to code.
Building Desktop RIAs With PHP And JavaScriptfunkatron
This document summarizes a talk about building desktop applications using PHP and JavaScript. It discusses using Adobe AIR as a runtime environment and JavaScript frameworks like jQuery. It provides examples of desktop apps communicating with a PHP backend over JSON to perform tasks like uploading photos or making asynchronous calculations. The document recommends using JSON for data exchange and emphasizes that desktop apps are persistent with asynchronous calls, unlike server-side PHP apps.
This document discusses how web design firms can compete with internal GIS teams by providing web-based GIS (WebGIS) applications. It notes that WebGIS requires learning new tools like JavaScript, AJAX, and RESTful services. To protect their work, internal GIS teams need to learn these new web technologies and prioritize usability over features to create responsive applications. The document advocates for an iterative development process with a focus on performance and usability testing.
Migrating existing monolith to serverless in 8 stepsYan Cui
The document discusses refactoring a monolithic application to a serverless architecture in 8 steps. It covers identifying service boundaries, organizing code into separate repositories for each service, choosing deployment tools, keeping functions simple and single-purpose, and migrating features to new services incrementally while maintaining compatibility with the existing monolith. The goal is to break the application into small, autonomous services that can be developed and deployed independently for improved scalability, resilience and development velocity.
This document provides an introduction to API technical writing. It begins with definitions of APIs and their role in software development. It then discusses different types of APIs and provides demonstrations of JavaScript and REST APIs. The document outlines key components of API documentation and provides examples. It also discusses how API technical writers work with engineering teams and how to get started in the field.
CRUD APIs can be a very powerful tool. However, simply PUTing and POSTing entities can lead to anemic endpoints that lack business value. Go beyond the traditional CRUD API and provide more expressive and meaningful REST endpoints with an API crafted with a commanding paradigm.
utomation is becoming more and more important in the world of software testing, especially as more development shops move into agile or agile-like methodologies. However, for testers with no development background the idea of learning how to automate can be intimidating.My goal is simple: to demystify the subject by taking a novice tester with no coding experience through the process of writing a simple automated test using using the Cucumber framework. I will take a volunteer from the audience and transform that person from an ordinary QA professional (or whatever their occupation) into an automation engineer in one short hour.
This will be a live demonstration and we will be working without a net. No animals will be harmed during the show, but be prepared to slay your fear of coding once and for all.
django forms are becoming disconnected form the frontend as we move towards API heavy systems. We attempt to bridge the gap by delivering form definition over API, render it in the frontend dynamically using Backbone & Handlebars, provide mechanism for submitting & validating forms over API.
The way JavaScript is standardized and improved is changing this year. Learning how will help you understand why transpilers have become so popular, and why we will likely be using them for a long time.
Ember itself will need to adapt to changes in JavaScript, and we will take a look at how the existing object model might be migrated to a pure EcmaScript solution.
The document discusses best practices for front-end Django developers, including organizing templates with a base template and blocks, using template tags and filters appropriately, structuring CSS and JavaScript with namespaces, leveraging tools like HTML5 Boilerplate, Compass, Modernizr, and best practices for data handling, testing, and performance.
2019 StartIT - Boosting your performance with BlackfireMarko Mitranić
A workshop held in StartIT as part of Catena Media learning sessions.
We aim to dispel the notion that large PHP applications tend to be sluggish, resource-intensive and slow compared to what the likes of Python, Erlang or even Node can do. The issue is not with optimising PHP internals - it's the lack of proper introspection tools and getting them into our every day workflow that counts! In this workshop we will talk about our struggles with whipping PHP Applications into shape, as well as work together on some of the more interesting examples of CPU or IO drain.
The document discusses using queues to improve the scalability of PHP applications. It describes how queues allow asynchronous and distributed processing of tasks to improve performance and allow applications to handle more traffic. Specifically, it promotes using Zend Server's job queue to offload long-running tasks like payments processing so the frontend can scale independently of backend processing. Examples show building jobs that communicate with the queue to asynchronously execute tasks like payments.
Create responsive websites with Django, REST and AngularJSHannes Hapke
The document discusses 10 steps to make a Django site more responsive by adding a REST API and using AngularJS for the front-end: 1) Create an API endpoint for the Django models, 2) Set up the JavaScript environment and install AngularJS, 3) Create a static AngularJS site, 4) Use verbatim tags to avoid conflicts between Django and AngularJS variables, 5) Connect AngularJS to the API, 6) Take advantage of the Django REST Framework features, 7) Handle asynchronous data loading, 8) Add forms and POST requests, 9) Clean up settings.py, and 10) Document the API. The goal is to keep the back-end lightweight Django while building a more responsive and
Building a Single Page Application using Ember.js ... for fun and profitBen Limmer
Denver Startup Week 2015 Talk. The talk is split into two sections: conceptual reasons you might choose a framework like EmberJS where convention over configuration is preferred, and a live coding demo where we build a simple EmberJS application for our up-and-coming business, Bluth's Banana Stand.
React mit TypeScript – eine glückliche Eheinovex GmbH
In seiner Brownbag sprach inovexler Johann über die Verwendung von TypeScript in einer React-Anwendung.
Als Java-Land Immigrant mit Typisierungshintergrund, fällt es einem in der neuen JavaScript-Welt erstmal schwer auf etablierte Refactoring-Traditionen und die gute, alte Code-Literatur zu verzichten. TypeScript bringt verloren geglaubte Möglichkeiten zurück und ist auch zu React eine willkommene Bereicherung.
In diesem Vortrag wird gezeigt, wie man möglichst einfach ein React-Projekt mit TypeScript aufsetzt, einfache Typisierungsregeln etabliert und bekannte Bibliotheken integriert.
Event: Brownbag bei inovex
Speaker: Johann Böhler, inovex
Datum: 25.06.2018
Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Weitere Tech-Artikel: www.inovex.de/blog
The document summarizes the Business Process Execution Language for Web Services Version 1.1 (BPEL4WS). It defines key BPEL4WS concepts and terminology including orchestration, choreography, partner links, variables, activities, and communication patterns. It provides the structure of a BPEL4WS process and describes some core activities like receive, reply, invoke, and assign.
The document discusses ditching JQuery for vanilla JavaScript. It describes how to perform common tasks like DOM manipulation, events, and AJAX calls without JQuery. While JQuery hides browser differences and simplifies code, understanding vanilla JavaScript makes developers better. The presenter provides examples of equivalent code for querying elements, adding events, and making requests. Polyfills can add missing browser functionality. While JQuery is still useful for old browsers, vanilla JavaScript offers more control and flexibility over the long run.
This is the slides I used when I shared my humble insight on Django to the students in University of Taipei in 2016. Please feel free to correct me if there is anything wrong.
@IndeedEng: Tokens and Millicents - technical challenges in launching Indeed...indeedeng
This document provides an overview of the technical challenges in launching Indeed's job search platform around the world. It discusses how Indeed handles tokenization and indexing of jobs in different languages, including challenges with Chinese, Japanese, and Korean text. It describes Indeed's approaches to language detection, stemming, and query expansion to improve recall and relevance across many international markets. Key techniques discussed include n-gram tokenization, Unicode blocking, Bayesian classification, term expansion maps separated from indexing, and rule-based stemming. The goal is to make Indeed's search system scalable, generic, and able to support comprehensive use cases for job searching in different languages and regions globally.
A server is a computer that responds to requests from clients like web browsers. Common requests include serving web pages, uploading/downloading files, and sending email. Apache is a popular web server software that runs on 66% of websites. It is feature-rich, efficient, robust, secure, and open source. A port is a software connection between a server and client used to identify the service, like port 80 for HTTP. Servlets are Java programs that extend functionality of web servers. They have advantages over CGI scripts like improved performance from residing in memory.
Patterns and practices for building resilient serverless applications.pdfYan Cui
Lambda gives you multi-AZ out-of-the-box, but still, things can go wrong in production. There are region-wide outages, and performance degradation in services your function depends on can cause it to time out or error. And what if you're dealing with downstream systems that just aren't as scalable and can't handle the load you put on them? The bottom line is many things can go wrong and they often do at the worst of times. The goal of building resilient systems is not to prevent failures, but to build systems that can withstand these failures. In this talk, we will look at a number of practices and architectural patterns that can help you build more resilient serverless applications. Such as multi-region, active-active, employing DLQs and surge queues. We'll also see how we can use chaos experiments to help us identify failure modes before they manifest in production.
Patterns and practices for building resilient serverless applicationsYan Cui
Lambda gives you multi-AZ out-of-the-box, but still, things can go wrong in production. There are region-wide outages, and performance degradation in services your function depends on can cause it to time out or error. And what if you're dealing with downstream systems that just aren't as scalable and can't handle the load you put on them? The bottom line is many things can go wrong and they often do at the worst of times. The goal of building resilient systems is not to prevent failures, but to build systems that can withstand these failures. In this talk, we will look at a number of practices and architectural patterns that can help you build more resilient serverless applications. Such as multi-region, active-active, employing DLQs and surge queues. We'll also see how we can use chaos experiments to help us identify failure modes before they manifest in production
This document provides guidance on patient positioning for neurosurgery. It discusses general principles of balancing surgical access and patient safety. Key points include:
- Positioning is a shared responsibility of surgeon and anesthesiologist and requires maintaining monitors and oxygenation when positions change.
- Head positioning requires special attention to avoid restricting blood flow and maintain venous drainage. The head can typically be rotated 45 degrees but more may require shoulder support.
- Body positions include supine, lateral, prone, and variations like reverse Trendelenburg. Each position has benefits for surgical access but also risks from restricting blood flow that must be monitored and addressed.
Five Q is a web design and internet marketing firm that works with mission-focused organizations. They have a team of experts with experience in ministries. Five Q focuses on collaboration and building partnerships with clients to understand their organizations and create strategic web solutions that further their missions and produce results, as demonstrated by returning clients.
This document provides an introduction to API technical writing. It begins with definitions of APIs and their role in software development. It then discusses different types of APIs and provides demonstrations of JavaScript and REST APIs. The document outlines key components of API documentation and provides examples. It also discusses how API technical writers work with engineering teams and how to get started in the field.
CRUD APIs can be a very powerful tool. However, simply PUTing and POSTing entities can lead to anemic endpoints that lack business value. Go beyond the traditional CRUD API and provide more expressive and meaningful REST endpoints with an API crafted with a commanding paradigm.
utomation is becoming more and more important in the world of software testing, especially as more development shops move into agile or agile-like methodologies. However, for testers with no development background the idea of learning how to automate can be intimidating.My goal is simple: to demystify the subject by taking a novice tester with no coding experience through the process of writing a simple automated test using using the Cucumber framework. I will take a volunteer from the audience and transform that person from an ordinary QA professional (or whatever their occupation) into an automation engineer in one short hour.
This will be a live demonstration and we will be working without a net. No animals will be harmed during the show, but be prepared to slay your fear of coding once and for all.
django forms are becoming disconnected form the frontend as we move towards API heavy systems. We attempt to bridge the gap by delivering form definition over API, render it in the frontend dynamically using Backbone & Handlebars, provide mechanism for submitting & validating forms over API.
The way JavaScript is standardized and improved is changing this year. Learning how will help you understand why transpilers have become so popular, and why we will likely be using them for a long time.
Ember itself will need to adapt to changes in JavaScript, and we will take a look at how the existing object model might be migrated to a pure EcmaScript solution.
The document discusses best practices for front-end Django developers, including organizing templates with a base template and blocks, using template tags and filters appropriately, structuring CSS and JavaScript with namespaces, leveraging tools like HTML5 Boilerplate, Compass, Modernizr, and best practices for data handling, testing, and performance.
2019 StartIT - Boosting your performance with BlackfireMarko Mitranić
A workshop held in StartIT as part of Catena Media learning sessions.
We aim to dispel the notion that large PHP applications tend to be sluggish, resource-intensive and slow compared to what the likes of Python, Erlang or even Node can do. The issue is not with optimising PHP internals - it's the lack of proper introspection tools and getting them into our every day workflow that counts! In this workshop we will talk about our struggles with whipping PHP Applications into shape, as well as work together on some of the more interesting examples of CPU or IO drain.
The document discusses using queues to improve the scalability of PHP applications. It describes how queues allow asynchronous and distributed processing of tasks to improve performance and allow applications to handle more traffic. Specifically, it promotes using Zend Server's job queue to offload long-running tasks like payments processing so the frontend can scale independently of backend processing. Examples show building jobs that communicate with the queue to asynchronously execute tasks like payments.
Create responsive websites with Django, REST and AngularJSHannes Hapke
The document discusses 10 steps to make a Django site more responsive by adding a REST API and using AngularJS for the front-end: 1) Create an API endpoint for the Django models, 2) Set up the JavaScript environment and install AngularJS, 3) Create a static AngularJS site, 4) Use verbatim tags to avoid conflicts between Django and AngularJS variables, 5) Connect AngularJS to the API, 6) Take advantage of the Django REST Framework features, 7) Handle asynchronous data loading, 8) Add forms and POST requests, 9) Clean up settings.py, and 10) Document the API. The goal is to keep the back-end lightweight Django while building a more responsive and
Building a Single Page Application using Ember.js ... for fun and profitBen Limmer
Denver Startup Week 2015 Talk. The talk is split into two sections: conceptual reasons you might choose a framework like EmberJS where convention over configuration is preferred, and a live coding demo where we build a simple EmberJS application for our up-and-coming business, Bluth's Banana Stand.
React mit TypeScript – eine glückliche Eheinovex GmbH
In seiner Brownbag sprach inovexler Johann über die Verwendung von TypeScript in einer React-Anwendung.
Als Java-Land Immigrant mit Typisierungshintergrund, fällt es einem in der neuen JavaScript-Welt erstmal schwer auf etablierte Refactoring-Traditionen und die gute, alte Code-Literatur zu verzichten. TypeScript bringt verloren geglaubte Möglichkeiten zurück und ist auch zu React eine willkommene Bereicherung.
In diesem Vortrag wird gezeigt, wie man möglichst einfach ein React-Projekt mit TypeScript aufsetzt, einfache Typisierungsregeln etabliert und bekannte Bibliotheken integriert.
Event: Brownbag bei inovex
Speaker: Johann Böhler, inovex
Datum: 25.06.2018
Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Weitere Tech-Artikel: www.inovex.de/blog
The document summarizes the Business Process Execution Language for Web Services Version 1.1 (BPEL4WS). It defines key BPEL4WS concepts and terminology including orchestration, choreography, partner links, variables, activities, and communication patterns. It provides the structure of a BPEL4WS process and describes some core activities like receive, reply, invoke, and assign.
The document discusses ditching JQuery for vanilla JavaScript. It describes how to perform common tasks like DOM manipulation, events, and AJAX calls without JQuery. While JQuery hides browser differences and simplifies code, understanding vanilla JavaScript makes developers better. The presenter provides examples of equivalent code for querying elements, adding events, and making requests. Polyfills can add missing browser functionality. While JQuery is still useful for old browsers, vanilla JavaScript offers more control and flexibility over the long run.
This is the slides I used when I shared my humble insight on Django to the students in University of Taipei in 2016. Please feel free to correct me if there is anything wrong.
@IndeedEng: Tokens and Millicents - technical challenges in launching Indeed...indeedeng
This document provides an overview of the technical challenges in launching Indeed's job search platform around the world. It discusses how Indeed handles tokenization and indexing of jobs in different languages, including challenges with Chinese, Japanese, and Korean text. It describes Indeed's approaches to language detection, stemming, and query expansion to improve recall and relevance across many international markets. Key techniques discussed include n-gram tokenization, Unicode blocking, Bayesian classification, term expansion maps separated from indexing, and rule-based stemming. The goal is to make Indeed's search system scalable, generic, and able to support comprehensive use cases for job searching in different languages and regions globally.
A server is a computer that responds to requests from clients like web browsers. Common requests include serving web pages, uploading/downloading files, and sending email. Apache is a popular web server software that runs on 66% of websites. It is feature-rich, efficient, robust, secure, and open source. A port is a software connection between a server and client used to identify the service, like port 80 for HTTP. Servlets are Java programs that extend functionality of web servers. They have advantages over CGI scripts like improved performance from residing in memory.
Patterns and practices for building resilient serverless applications.pdfYan Cui
Lambda gives you multi-AZ out-of-the-box, but still, things can go wrong in production. There are region-wide outages, and performance degradation in services your function depends on can cause it to time out or error. And what if you're dealing with downstream systems that just aren't as scalable and can't handle the load you put on them? The bottom line is many things can go wrong and they often do at the worst of times. The goal of building resilient systems is not to prevent failures, but to build systems that can withstand these failures. In this talk, we will look at a number of practices and architectural patterns that can help you build more resilient serverless applications. Such as multi-region, active-active, employing DLQs and surge queues. We'll also see how we can use chaos experiments to help us identify failure modes before they manifest in production.
Patterns and practices for building resilient serverless applicationsYan Cui
Lambda gives you multi-AZ out-of-the-box, but still, things can go wrong in production. There are region-wide outages, and performance degradation in services your function depends on can cause it to time out or error. And what if you're dealing with downstream systems that just aren't as scalable and can't handle the load you put on them? The bottom line is many things can go wrong and they often do at the worst of times. The goal of building resilient systems is not to prevent failures, but to build systems that can withstand these failures. In this talk, we will look at a number of practices and architectural patterns that can help you build more resilient serverless applications. Such as multi-region, active-active, employing DLQs and surge queues. We'll also see how we can use chaos experiments to help us identify failure modes before they manifest in production
This document provides guidance on patient positioning for neurosurgery. It discusses general principles of balancing surgical access and patient safety. Key points include:
- Positioning is a shared responsibility of surgeon and anesthesiologist and requires maintaining monitors and oxygenation when positions change.
- Head positioning requires special attention to avoid restricting blood flow and maintain venous drainage. The head can typically be rotated 45 degrees but more may require shoulder support.
- Body positions include supine, lateral, prone, and variations like reverse Trendelenburg. Each position has benefits for surgical access but also risks from restricting blood flow that must be monitored and addressed.
Five Q is a web design and internet marketing firm that works with mission-focused organizations. They have a team of experts with experience in ministries. Five Q focuses on collaboration and building partnerships with clients to understand their organizations and create strategic web solutions that further their missions and produce results, as demonstrated by returning clients.
The document is a resume for Venkateshkumar Singaravelu that summarizes his experience and qualifications. It highlights his over 6 years of experience in roles such as delivery management, solution design and development, solution optimization, unit testing, system integration testing, and team management. It also provides details on the various projects he has worked on, including for Emirates Airlines, Kaiser Permanente, and other companies. His technical skills and areas of expertise are also summarized.
The document provides information about Malaysia's participation in the GITEX Technology Week 2012 trade fair in Dubai, United Arab Emirates from October 14-18, 2012. It outlines the details of the event, terms of participation for Malaysian companies, and application process and deadlines. MATRADE will cover space rental, stand construction, basic furnishings, and promotion for participating Malaysian companies, which pay an 8,000 RM fee. Applications from Malaysian ICT companies are due by May 18, 2012. The document also lists financial support programs available for eligible Malaysian SME exhibitors.
El documento habla sobre el trueque por internet, donde Gilberto García, Luis Merchán, José Rojas y Ever Ricardom Torres ofrecen cambiar una nevera por una yegua a través del sitio web www.cambia.es. Brevemente describe el origen de la moneda.
Chris was born with a natural aptitude for computers and programming. From a young age he was fixing computer problems in his community. After trying other careers like the navy and office work, he returned to his strengths in programming and networking. He now creates innovative communication solutions as a network consultant after immigrating to Canada from the UK.
Go Innovate Yourself: Seven Principles Inspired by Steve JobsJohn Chen
If our associations are to survive, we must create environments that encourage innovation. What is good enough today won't be good enough tomorrow. We can no longer succeed simply on being fast, good, and cheap; we must do more. In an association world where memberships are dropping, conference attendees aren't showing up, and staffs are being asked to do less with more; how will we ever take the next step? Hear the seven principles Steve Jobs used to save a near bankrupt Apple to one of the most valuable technology companies in the world.
Presented at ASAE's 2012 Marketing, Membership, and Communications Conference in Washington, DC, May 23–24 2012.
The Youtube video of this presentation is available after the last slide.
Photosynthesis and respiration are closely related processes. Photosynthesis produces energy through chloroplasts in plants, while respiration uses this energy in mitochondria of cells. There are two types of respiration - aerobic respiration uses oxygen to break down food for energy in mitochondria, while anaerobic respiration occurs without oxygen through fermentation processes like lactic acid and alcohol fermentation.
This document provides summaries of several topics in history from chapters 17-24:
- The American Revolution occurred from 1775-1787 as a result of England trying to control colonial America through taxation.
- Slavery was abolished in the 19th century as Enlightenment thinkers deemed it morally wrong and industrialization made it unnecessary.
- Women's suffrage and the declaration of women's rights in 1791 marked the beginning of feminism and the fight for women's rights.
- The industrial revolutions in England and America transformed economies from manual labor to machine-based manufacturing in textiles, steam power, and iron founding.
The document discusses the need for digital and social media strategy training for today's cross-generational workforce. It notes the changing technology and economic landscapes as well as the digital divide. The hope is that learning leads to action and innovation to address this new normal. The training aims to be sustainable, relevant and leverage different generations' traits through practical exercises involving purpose, insights, ideas, content and tactics. The goal is to help learners develop strategies that achieve business objectives through digital and social channels.
The document provides a resume for Jean-François Béraud, a 38-year-old married Chief Technical Officer with over 15 years of experience in project management roles at companies including Altran, Orange, and Amadeus. It outlines his educational background, professional experience managing numerous successful projects, and accomplishments in roles such as Project Director, Product Manager, and Researcher. Contact information and endorsements are also included to highlight his skills in areas like analysis, unification, innovation, and business acumen.
Ba hay PM quyết định sự thành công của dự án phần mềmTrung. Le Thanh
Chia sẻ với các bạn Slide được sử dụng để trình bày trong buổi trao đổi về vai trò và ảnh hưởng của BA và PM trong dự án phần mềm. Slide chỉ dừng lại trong việc nêu các dấu hiệu cho thấy một dự án có thể thất bại và các nội dung khác thực hiện trong session Q&A. Nếu quan tâm, các bạn có thể post câu hỏi tại đây, hi vọng Trung sẽ giải đáp được phần nào trong khả năng có thể.
The document outlines rules and procedures for participants in Non-Recourse Loan (NRL) programs. It states that participating is a privilege, not a right. NRL programs aim to finance humanitarian and economic development projects over wealth accumulation. Clients working on such projects receive preferred treatment. Strict compliance with international laws and regulations is required. The document warns that forging documents or failing to disclose full information can result in rejection or prosecution. All information must be kept confidential to avoid contract cancellation. Applying to multiple program managers at once is prohibited.
Human: Thank you for the summary. It accurately captures the key points and essential information from the document in 3 sentences or less as requested.
I prepared this slide to give presentation to the local people of Udayapur district, where me and my friends had just launched the first official news website of Udayapur district. This slideshow gives the basic idea of internet and the wonders of unlimited possibilities it can do.
The document discusses rainwater harvesting techniques. It notes that rainwater harvesting is needed due to decreasing groundwater levels and increasing water demand. It then describes three main methods of rainwater harvesting: 1) collecting rainwater from rooftops and storing it in tanks, 2) collecting roof rainwater and recharging surface aquifers, and 3) harvesting surface runoff to recharge subsurface aquifers. The document provides formulas for calculating potential rainwater collection and emphasizes the importance of water conservation and planting trees to increase rainfall.
A CGI program is any program designed to accept and return data that conforms to the CGI specification. The program could be written in any programming language, including C, Perl, Java, or Visual Basic.
The document discusses Common Gateway Interface (CGI) and Perl scripting. It begins with an introduction to CGI, including its definition, architecture, and how it works. It then provides an overview of Perl, including its history and features. The document aims to help participants understand CGI programming and Perl scripting.
The servlet code reads the name and age parameters from an HTML form submitted via GET. It uses the getParameter() method to retrieve the parameter values and prints them out wrapped in HTML.
This document provides an overview of Perl scripting and CGI programming. It covers topics such as the introduction to CGI, how CGI works, preparing CGI programs, the history and features of Perl, and how to write basic Perl CGI programs. The document is intended to help participants understand Perl scripting and CGI programming after completing this training.
Introduction to Google App Engine with PythonBrian Lyttle
Google App Engine is a cloud development platform that allows users to build and host web applications on Google's infrastructure. It provides automatic scaling for applications and manages all server maintenance. Development is done locally in Python and code is pushed to the cloud. The platform provides data storage, user authentication, URL fetching, task queues, and other services via APIs. While initially limited to Python and Java, it now supports other languages as well. Usage is free for small applications under a monthly quota, and priced based on usage for larger applications.
The document provides an overview of servlets, including:
- What servlets are and how they work
- The lifecycle of a servlet from initialization to handling requests to destruction
- Options for server-side development like CGI, FastCGI, PHP
- Advantages of using servlets like performance, portability, and security
This document provides information about Python CGI (Common Gateway Interface) programming. It discusses what CGI is, how information is exchanged between a web server and CGI script, and gives an example of a simple "Hello World" Python CGI script. It also covers CGI architecture, configuration, passing data to CGI scripts using GET and POST requests, and handling different HTML form elements like textboxes, checkboxes, radio buttons, and dropdown menus in CGI scripts.
The document provides an overview of CGI (Common Gateway Interface) and how it enables dynamic web content. It discusses how CGI works, alternatives like PHP and Java servlets, configuring Apache web server for CGI, programming CGI applications using Perl and the CGI.pm module, handling input/output and errors. It also includes an example CGI application in Perl for counting button clicks using sessions and cookies to manage state.
This document discusses how to maintain large web applications over time. It describes how the author's team managed a web application with over 65,000 lines of code and 6,000 automated tests over 2.5 years of development. Key aspects included packaging full releases, automating dependency installation, specifying supported environments, and automating data migrations during upgrades. The goal was to have a sustainable process that allowed for continuous development without slowing down due to maintenance issues.
The document provides an overview of how to build a fully automated server deployment system using open source tools such as Request Tracker, Nictool/djbdns, dhcpd, PXEboot, Httpd, a yum repository, and Puppet. Key aspects include using an asset tracker (Request Tracker) to store server information and trigger automated builds. A PXE boot script generates configuration files using data from the asset tracker. A CGI script generates customized Kickstart files which install servers. Puppet then configures and deploys applications to servers based on their roles defined in the asset tracker. The goal is to achieve repeatable, consistent server builds from bare metal to a live application server within an hour with no
Introduction to Web Programming with PerlDave Cross
This document provides an introduction to creating dynamic web pages using Perl and CGI (Common Gateway Interface). It covers the basics of HTTP requests and responses, how CGI allows programs to generate dynamic output for the web server, and using Perl and the CGI.pm module to write simple CGI programs. These programs can accept input from HTML forms, handle GET and POST requests, and produce various types of output like text, HTML and images. Debugging techniques are also discussed. The document concludes with a section on web security and potential vulnerabilities in CGI programs.
The document introduces the Django web framework for Python. It provides an overview of Django's philosophies such as loose coupling, quick development and the DRY principle. It then demonstrates how to build a basic blog application in Django with models, views, templates and URLs. Finally, it discusses additional Django features like generic views and real-world code snippets.
Web Development Foundation
- backend & frontend
- RESTful API
- MVC and Seperation of Concern
Team Collaboration
- Why do we need unit test & TDD
- git basics and workflow
Joomla! Day Chicago 2011 Presentation - Steven PignataroSteven Pignataro
The document provides tips and best practices for developing Joomla sites as part of a team. It discusses using version control like SVN or Git, following coding standards for naming conventions and formatting, and leveraging tools for code review and team development. Additional suggestions are given for debugging, moving sites, testing for injections, and speeding up sites through techniques like removing Mootools and using content delivery networks. The presenter encourages sharing ideas to improve Joomla development.
This document defines basic terms related to web applications and HTTP protocols. It explains that a web application is delivered over the internet via a browser and HTML, dynamic pages can display different content than static pages. It also defines that HTTP is the set of rules for file transfers on the web and uses the TCP/IP protocol. The document discusses GET and POST methods for form data submission and that GET appends data to the URL while POST appends to the HTTP request body. It defines CGI as a standard for server-program interaction where requested files are executed as programs.
This document discusses profiling PHP applications to improve performance. It recommends profiling during development to identify inefficiencies. The document introduces Xdebug for profiling PHP code and Webgrind, a PHP frontend for visualizing Xdebug profiles. It provides an example of profiling a sample PHP application, identifying issues, making code changes, and verifying performance improvements through re-profiling.
C++11 provides several performance and productivity enhancements over previous versions of C++. It improves performance through features like move semantics and unordered maps that prevent unnecessary copying and provide faster operations. It enhances productivity by allowing type inference with auto, easier definition of anonymous functions with lambdas, safer smart pointers that avoid memory issues, and other features that reduce visual clutter and make code intent clearer. Adopting C++11 can provide these benefits while keeping existing code that works fine unchanged.
This document provides an overview of Google App Engine, including what cloud computing is, the different types of cloud computing models, how App Engine provides a scalable infrastructure, the programming languages and frameworks supported, how data is stored and accessed via the datastore, services available on App Engine like caching, task queues, and mail, and tips for testing and deploying App Engine applications.
The document discusses the LAMP security stack and introduces the Zend Framework. It summarizes LAMP as an open source stack using Linux, Apache, MySQL, and PHP/Python/Perl. It then discusses the Zend Framework, which is a PHP framework that aims to simplify tasks and demonstrate best practices. The framework focuses on being modular, industry-leading, and easy to use while taking advantage of PHP5 features.
Company Visitor Management System Report.docxfantabulous2024
The document provides an overview of a Company Visitor Management System project. It includes sections on the project introduction, modules, requirements, analysis and design, database tables, implementation, evaluation, and conclusion. The system is a web-based application built with Python, Django, and MySQL to more effectively manage and track company visitors through features like adding visitors, generating reports, and password recovery/management. UML diagrams including use cases, classes, entities, and data flow are included to visualize the system design.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
1. A Beginner's Introduction to Perl Web Programming
By chromatic
September 5, 2008 | Comments: 17
So far, this series has talked about Perl as a language for mangling numbers,
strings, and files -- the original purpose of the language. (A Beginner's Introduction
to Perl 5.10, A Beginner's Introduction to Files and Strings with Perl 5.10, and A
Beginner's Introduction to Perl Regular Expressions) covered flow control, math
and string operations, and files. Now it's time to talk about what Perl does on the
Web. This installment discusses CGI programming with Perl.
What is CGI?
The Web uses a client-server model: your browser (the client) makes requests of a
Web server. Most of these are simple requests for documents or images, which the
server delivers to the browser for display.
Sometimes you want the server to do more than just dump the contents of a file.
You'd like to do something with a server-side program -- whether that "something" is
reading and sending e-mail, looking up a phone number in a database, or ordering a
copy of Perl Best Practices for your favorite techie. This means the browser must
be able to send information (an e-mail address, a name to look up, shipping
information for a book) to the server, and the server must be able to use that
information and return the results to the user.
The standard for communication between a user's Web browser and a server-side
program running on the Web server is called CGI, or Common Gateway Interface. All
popular web server software supports it. To get the most out of this article, you will
need to have a server that supports CGI. This may be a server running on your
desktop machine or an account with your ISP (though probably not a free Web-page
service). If you don't know whether you have CGI capabilities, ask your ISP or a local
sysadmin how to set things up.
Notice that I haven't described how CGI works; that's because you don't need to
know. The standard Perl module CGI handles the protocol for you. This module is
part of the core Perl distribution; any properly installed Perl should have it available.
Telling your CGI program that you want to use the CGI module is as simple as:
use CGI;
CGI versus Everything Else
You may have heard that "CGI is slow" or "Perl is slow" for web programming. (A similar
assertion is "Perl doesn't scale".) While CGI technically describes how server-side languages
can send and receive information to and from clients, people often mean that the execution
model associated with standalone CGI programs can be slow. Traditionally, a web server
launches a new process to handle CGI requests. This often means loading Perl and
recompiling the program for each incoming request.
2. For a complete list of Perl books, visit the
Perl topic page in the O'Reilly Store.
Though this may take fractions of a second, if you have hundreds of thousands of
requests a day (or hundreds of requests within the span of a few minutes), you may
notice that the overhead of launching new processes is significant. Other execution
models exist, from embedding Perl in the web server (mod_perl) to running your
Perl program as a persisten application and talking to it through another protocol
(FastCGI).
CGI programming is still worth your time learning for two reasons. First,
understanding the web's model of client-server programming and the way Perl fits
into the model is important to all models of web programming with Perl. Second,
persistence or acceleration models can be more complex in some ways -- and it's
likely that your first few server-side Perl programs will need the advanced features of
the other execution models.
A Real CGI Program
It's time to write your first real CGI program. Instead of doing something complex,
how about something that will simply echo back whatever you throw at it. Call this
program backatcha.cgi:
#!/usr/bin/perl -T
use 5.010;
use CGI;
use strict;
use warnings;
my $q = CGI->new();
say $q->header(), $q->start_html();
say "<h1>Parameters</h1>";
for my $param ($q->param()) {
my $safe_param = $q->escapeHTML($param);
say "<p><strong>$safe_param</strong>: ";
for my $value ($q->param($param)) {
3. say $q->escapeHTML($value);
}
say '</p>';
}
say $q->end_html();
Some of this syntax may look new to you: in particular, the arrow operator (->).
When used here, it represents a method call on an object. Object oriented
programming can be a deep subject, but using objects and methods is relatively
simple.
An object (contained in $q in this example, and returned from CGI->new()) is a self-
contained bundle of data and behavior. Think of it like a black box, or a little chunk of
a program. You communicate with that object by sending it messages with the ->
operator. Messages work a lot like functions: they have names, they can take
arguments, and they can return values. (In fact, their definitions look almost identical
to Perl functions. They have two subtle differences, which is why they have a
different name: methods. Calling a method and sending a message are basically the
same thing.) Thus:
$q->header()
... sends the header() message to the CGI object in $q, which performs some
behavior and returns a string. (In this case, a valid HTTP header per the CGI
protocol.) Later in the program, the $q->param() and $q->param( $param )
messages appear. By now, you should be able to guess at what they return, even if
you don't know how they work or why.
If you've paid close attention, you may have noticed that CGI->new() follows the
same form. In this case, it calls the new() method on something referred to by CGI,
which returns a CGI object. This explanation is deliberately vague, because there's a
little more to it than that, but for now all you need to know is that you can send
messages to $q named as methods in the CGI documentation.
If you've never used HTML, the pair of <strong> and </strong> tags mean "begin
strong emphasis" and "end strong emphasis", respectively. (A good paper reference
to HTML is O'Reilly's HTML & XHTML: The Definitive Guide, and online, I like the
Web Design Group.)
One method you may not have seen in other tutorials is escapeHTML(). There are a
lot of subtleties to why this is necessary; for now it's enough to say that displaying
anything which comes from a client directly to the screen without escaping,
validation, or other scrubbing represents a very real security hole in your application.
If you start now by thinking that all incoming data needs careful thought and analysis,
you will prevent many unpleasant surprises later.
Install this program on your server and do a test run. Here's where the real test
starts; understanding how to set up a CGI program on your server can be frustrating.
Here's a short list of the requirements:
• Place the program where your Web server will recognize it as a CGI program.
This may be a special cgi-bin directory. Alternately (or even additionally), make
sure the program's filename ends in .pl or .cgi. If you don't know where to place
the program, your ISP or sysadmin should.
• Make sure the web server can run the program. If you are using a Unix system,
you may have to give the Web server user read and execute permission for the
4. program. It's easiest to give these permissions to everybody by using chmod
filename 755.
• Make a note of the program's URL, which will probably be something like
http://server name/cgi-bin/backatcha.cgi) and go to that URL in your browser.
(Take a guess what you should do if you don't the URL of the program is. Hint: It
involves the words "ask," "your" and "ISP.")
If this works, you will see in your browser only the word "Parameters". Don't worry,
this is what is supposed to happen. The backatcha.cgi program throws back what
you throw at it, and you haven't thrown anything at it yet. It'll show more in a
moment.
If it didn't work, you probably saw either an error message or the source code of the
program. These problems are common, and you need to learn how to solve them.
Uh-Oh!
If you saw an error message, your Web server had a problem running the CGI
program. This may be a problem with the program or the file permissions.
First, are you sure the program has the correct file permissions? Did you set the file
permissions on your program to 755? If not, do it now. (Windows Web servers will
have a different way of doing this.) Try it again; if you see a blank page now, you're
good.
Second, are you sure the program actually works? (Don't worry, it happens to the
best of us.) Change the use CGI line in the program to read:
use CGI '-debug';
Now run the program from the command line. You should see:
(offline mode: enter name=value pairs on standard input)
This message indicates that you're testing the program. You can now press Ctrl-D to
tell the program to continue running without telling it any form items.
If Perl reports any errors in the program, you can fix them now.
(The -debug option is incredibly useful. Use it whenever you have problems with a
CGI program. Ignore it at your peril.)
The other common problem is that you're seeing the source code of your program,
not the result of running your program. There are two simple problems that can
cause this.
First, are you sure you're going through your Web server? If you use your browser's
"load local file" option (to look at something like /etc/httpd/cgi-bin/backatcha.cgi
instead of something like http://localhost/cgi-bin/backatcha.cgi), you aren't even
touching the Web server! Your browser is doing what you "wanted" to do: loading the
contents of a local file and displaying them.
Second, are you sure the Web server knows it's a CGI program? Most web servers
have a special way of designating a file as a CGI program, whether it's a special cgi-
bin directory, the .cgi or .pl extension on a file, or something else. Unless you live up
to these expectations, the Web server will think the program is a text file, and serve
up your program's source code in plaintext form. Ask your ISP for help.
5. CGI programs are unruly beasts at the best of times; don't worry if it takes a bit of
work to make them run properly.
If you're still having problems with errors, consult your server's error log. On Unix-like
systems, with Apache httpd, look for a file called error_log.
If you don't have access to this file (or can't find it), add one more line to the start of
your program:
use CGI::Carp 'fatalsToBrowser';
This core module redirects error messages away from the error log to the client, so
that they'll appear in your web browser where you can read them. As you might
expect, this is suboptimal behavior when running a serious, public-facing application.
It's fine for debugging -- just be sure to remove it when your application goes live.
Making the Form Talk Back
At this point, you should have a working copy of backatcha.cgi spitting out nearly-
blank pages. Want it to tell you something? Save this HTML code to a file:
<form action="putyourURLhere" method="GET">
<p>What is your favorite color?
<input name="favcolor" /></p>
<input type=submit value="Send form" />
</form>
Be sure to replace putyourURLhere with the actual URL of your copy of
backatcha.cgi!
This is a simple form. It will show a text box where you can enter your favorite color
and a "submit" button that sends your information to the server. Load this form in
your browser and submit a favorite color. You should see this returned from the
server:
favcolor: green
CGI Methods
The CGI module provides several methods to CGI objects, as mentioned earlier.
What are these methods?
The first one, header(), produces the necessary HTTP headers before the program
can display HTML output. Try taking this line out; you'll get an error from the Web
server when you try to run it. This is another common source of bugs!
The start_html() method is there for convenience. It returns a simple HTML header
for you. You can pass parameters to it by using a hash, like this:
print $q->start_html( -title => "My document" );
(The end_html() method is similar, but outputs the footers for your page.)
Finally, the most important CGI method is param(). Call it with the name of a form
item, and you'll get a list of all the values of that form item. (If you ask for a scalar,
you'll only get the first value, no matter how many there are in the list.)
my $name = $q->escapeHTML( $q->param('firstname') );
say "<p>Hi, $name!</p>";
6. If you call param() without giving it the name of a form item, it will return a list of all
the form items that are available. This form of param() is the core of the backatcha
program:
for my $value ($q->param($param)) {
say $q->escapeHTML($value);
}
Remember, a single form item can have more than one value. You might encounter
code like this on the Web site of a pizza place that takes orders over the Web:
<p>Pick your toppings!<br />
<input type="checkbox" NAME="top" VALUE="pepperoni"> Pepperoni <br />
<input type="checkbox" NAME="top" VALUE="mushrooms"> Mushrooms <br />
<input type="checkbox" NAME="top" VALUE="ham"> Ham <br />
</p>
Someone who wants all three toppings would submit a form where the form item top
has three values: pepperoni, mushrooms, and ham. The server-side code might
include:
say "<p>You asked for the following pizza toppings: ";
for my $top ($q->param( 'top' )) {
say $q->escapeHTML($top), '. ';
}
say "</p>";
Here's something to watch out for. Take another look at the pizza-topping HTML
code. Try pasting that little fragment into the backatcha form, just above the <input
type="submit"...> tag. Enter a favorite color, and check all three toppings. You'll see
this:
favcolor: burnt sienna
top: pepperonimushroomsham
Why did this happen? When you call $q->param('name'), you get back a list of all of
the values for that form item. (Why? Because the call is in list context, thanks to the
say operator which starts the entire expression.) This could be a bug in the
backatcha.cgi program, but it's easy to fix by using join() to separate the item values:
say "<p><strong>$param</strong>: ", join(', ', map { $q->escapeHTML( $_ ) } $q-
>param($param)), "</p>";
... or call $q->param() in a scalar context first to get only the first value:
my $value = param($param);
say "
$param: $value
";
Always keep in mind that form items can have more than one value!
Okay, I lied about the list form being easy. Your eyes may have crossed as you
wonder what exactly that map block does, and why I made you read it. This is
actually a great time to discuss a very clever and useful part of Perl.
Remember how that code exists to handle a list of values? I explained earlier that
the param() method returns a list of values when you want a list of values, and a
single value when you want a single value. This notion of context is pervasive in
Perl. It may sound like a strange notion, but think of it linguistically in terms of noun-
7. verb number agreement. That is, it's obvious what's wrong with this sentence: Perl
are a nice language!. The subject, Perl, is singular and so the verb, to be, should
also be singular. Getting to know Perl and its contexts means understanding which
contexts are list contexts (plural) and which contexts are scalar contexts (singular).
What about that map though? Think of it as a device for transforming one list into
another, sort of a pipeline. You can drop it in anywhere you have a list to perform the
transformation. It's equivalent in behavior to:
my @params = $q->param( $param );
my @escaped_params;
for my $p (@params)
{
push @escaped_params, $q->escapeHTML( $p );
}
say "<p><strong>$param</strong>: ", join(', ', @escaped_params), "</p>";
... but it's significantly shorter. You can safely ignore the details of how it works for a
few minutes.
Your Second Program
Now you know how to build a CGI program, thanks to a simple example. How about
something useful? The previous article showed how to build a pretty good HTTP
log analyzer. Why not Web enable it? This will allow you to look at your usage
figures from anywhere you can get to a browser.
Before starting on the revisions, decide what to do with the analyzer. Instead of
showing all of the reports generated at once, show only those the user selects.
Second, let the user choose whether each report shows the entire list of items, or the
top 10, 20 or 50 sorted by access count.
The user interface can be a simple form:
<form action="/cgi-bin/http-report.pl" method="post">
<p>Select the reports you want to see:</p>
<p><input type="checkbox" name="report" value="url" />URLs requested<br / />
<input type="checkbox" name="report" value="status" />Status codes<br />
<input type="checkbox" name="report" value="hour" />Requests by hour<br />
<input type="checkbox" name="report" value="type" />File types</P>
<p><select name="number" />
<option value="ALL">Show all</option>
<option value="10">Show top 10</option>
<option value="20">Show top 20</option>
<option value="50">Show top 50</option>
</select></p>
<input TYPE="submit" value="Show report" />
</form>
8. (Remember that you may need to change the URL!)
This HTML page contains two different types of form item in this HTML page. One is
a series of checkbox widgets, which set values for the form item report. The other is
a single drop-down list which will assign a single value to number: either ALL, 10, 20
or 50.
Take a look at the original HTTP log analyzer. Start with two simple changes. First,
the original program gets the filename of the usage log from a command-line
argument:
# We will use a command line argument to determine the log filename.
my $logfile = shift;
This obviously can't work, because the Web server won't allow anyone to enter a
command line for a CGI program! Instead, hard-code the value of $logfile. I've used /
var/log/httpd/access_log as a sample value.
my $logfile = '/var/log/httpd/access_log';
Second, make sure that you output all the necessary headers to the web server
before printing anything else:
my $q = CGI->new();
say $q->header();
say $q->start_html( -title => "HTTP Log report" );
Now look at the report() sub from the original program. It has one problem, relative to
the new goals: it outputs all the reports instead of only the selected ones we've
selected. It's time to rewrite report() so that it will cycle through all the values of the
report form item and show the appropriate report for each.
sub report {
my $q = shift;
for my $type ( $q->param('report') ) {
my @report_args;
given ($type) {
when ('url') { @report_args = ( "URL requests", %url_requests ) }
when ('status') { @report_args = ( "Status code requests",
%status_requests ) }
when ('hour') { @report_args = ( "Requests by hour", %hour_requests ) }
when ('type') { @report_args = ( "Requests by file type", %type_requests ) }
}
report_section( $q, @report_args );
}
}
You probably haven't seen given/when before. It works like you might expect from
reading the code out loud. Given a variable or expression, when it's a specific value,
perform the associated action. When the report type is url, produce the "URL
requests" section of the report.
Finally, rewrite the report_section() sub to output HTML instead of plain text.
sub report_section {
my ( $q, $header, %types ) = @_;
9. my @type_keys;
# Are we sorting by the KEY, or by the NUMBER of accesses?
if ( param('number') eq 'ALL' ) {
@type_keys = sort keys %type;
}
else {
my $number = $q->param( 'number' );
@type_keys = sort { $type{$b} <=> $type{$a} } keys %type;
# truncate the list if we have too many results
splice @type_keys, $number if @type_keys > $number;
}
# Begin a HTML table
say "<table>n";
# Print a table row containing a header for the table
say '<tr><th colspan="2">', $header, '</th></tr>';
# Print a table row containing each item and its value
for my $key (@type_keys)
{
say "<tr><td>", $i, "</td><td>", $type{$i},
"</td></tr>n";
}
# Finish the table
print "</table>n";
}
Sorting
Perl allows you to sort lists with the sort keyword. By default, the sort will happen
alphanumerically: numbers before letters, uppercase before lowercase. This is
sufficient 99 percent of the time. The other 1 percent of the time, you can write a
custom sorting routine for Perl to use.
This sorting routine is just like a small sub. In it, you compare two special variables,
$a and $b, and return one of three values depending on how you want them to show
up in the list. Returning -1 means "$a should come before $b in the sorted list," 1
means "$b should come before $a in the sorted list" and 0 means "they're equal, so I
don't care which comes first." Perl will run this routine to compare each pair of items
in your list and produce the sorted result.
For example, if you have a hash called %type, here's how you might sort its keys in
descending order of their values in the hash.
sort {
return 1 if $type{$b} > $type{$a};
return -1 if $type{$b} < $type{$a};
return 0;
} keys %type;
10. In fact, numeric sorting happens so often, Perl gives you a convenient shorthand for
it: the <=> (spaceship) operator. This operator will perform the above comparison
between two values for you and return the appropriate value. That means you can
rewrite that test as:
sort { $type{$b} <=> $type{$a}; } keys %type
You can also compare strings with sort. The lt and gt operators are the string
equivalents of < and >, and cmp will perform the same test as <=>. (Remember,
string comparisons will sort numbers before letters and uppercase before
lowercase.)
For example, you have a list of names and phone numbers in the format "John Doe
555-1212." You want to sort this list by the person's last name, and sort by first name
when the last names are the same. This is a job made for cmp!
my @sorted = sort {
my ($left_surname) = ($a =~ / (w+)/);
my ($right_surname) = ($b =~ / (w+)/);
# Last names are the same, sort on first name
if ($left_surname eq $right_surname) {
my ($left_first) = ($a =~ /^(w+)/);
my (right_first) = ($b =~ /^(w+)/);
return $left_first cmp $right_first;
} else {
return $left_surname cmp $right_surname;
}
} @phone_numbers;
say $_ for @sorted;
If you look closely at the regexp assignment lines, you'll see list context. Where? The
parentheses around the variable name are not just there for decoration; they group a
single scalar into a one-element list, which is sufficient to provide list context on the
right-hand side of the assignment.
In scalar context (without the parentheses), the regular expression returns the
number of matches. In list context (as written), it returns the captured values. Thus
this is the Perl idiom for performing a regexp match and capture and assignment in a
single line.
Trust No One
Now that you know how CGI programs can do what you want, you need to make
sure they won't do what you don't want. This is harder than it looks, because you
can't trust anyone to do what you expect.
Here's a simple example: You want to make sure the HTTP log analyzer will never
show more than 50 items per report, because it takes too long to send larger reports
to the user. The easy thing to do would be to eliminate the "ALL" line from the HTML
form, so that the only remaining options are 10, 20, and 50. It would be very easy --
and wrong.
Download the source code for the HTTP analyzer with security enhancements.
11. You saw that you can modify HTML forms when you pasted the pizza-topping
sample code into the backatcha page. You can also use the URL to pass form items
to a program -- try going to http://example.com/backatcha.cgi?
itemsource=URL&typedby=you in your browser. Obviously, if someone can do this
with the backatcha program, they can also do it with your log analyzer and stick any
value for number in that they want: "ALL" or "25000", or "four score and seven years
ago."
Your form doesn't allow this, you say. Who cares? People will write custom HTML
forms to exploit weaknesses in your programs, or will just pass bad form items to
your program directly. You cannot trust anything users or their browsers tell you.
They might not even use a browser at all -- anything which can speak HTTP can
contact your program, regardless of whether it's even ever seen your form before (or
cares what your form allows and disallows).
Eliminate these problems by knowing what you expect from the user, and
disallowing everything else. Whatever you do not expressly permit is totally
forbidden. Secure CGI programs consider everything guilty until it is made innocent.
For example, you want to limit the size of reports from the HTTP log analyzer. You
decide that means the number form item must have a value that is between 10 and
50. Verify it like:
# Make sure that the "number" form item has a reasonable value
my ($number) = ($q->param('number') =~ /(d+)/);
if ($number < 10) {
$number = 10;
} elsif ($number > 50) {
$number = 50;
}
Of course, you also have to change the report_section() sub so it uses the $number
variable. Now, whether your user tries to tell your log analyzer that the value of
number is "10," "200," "432023," "ALL" or "redrum," your program will restrict it to a
reasonable value.
You don't need to do anything with report, because it only acts when one of its
values is something expected. If the user tries to enter something other than the
expressly permitted values ("url," "status," "hour" or "type"), the code just ignores it.
Do note that report_section is a little smarter to avoid printing nothing when there's
nothing to print. If the user entered an invalid value, report will call report_section
with only the CGI object $q, and the latter sub will return early, without printing
anything.
Use this sort of logic everywhere you know what the user should enter. You might
use s/D//g to remove non-numeric characters from items that should be numbers
(and then test to make sure what's left is within your range of allowable numbers!), or
/^w+$/ to make sure that the user entered a single word.
All of this has two significant benefits. First, you simplify your error-handling code,
because you make sure as early in your program as possible that you're working
with valid data. Second, you increase security by reducing the number of
"impossible" values that might help an attacker compromise your system or mess
with other users of your Web server.
12. Don't just take my word for it, though. The CGI Security FAQ has more information
about safe CGI programming in Perl than you ever thought could possibly exist,
including a section listing some security holes in real CGI programs.
Play Around!
You should now know enough about CGI programming to write a useful Web
application. (Oh, and you learned a little bit more about sorting and comparison.)
Now for some assignments:
• Write the quintessential CGI program: a guestbook. Users enter their name, e-mail
address and a short message. Append these to an HTML file for all to see.
Be careful! Never trust the user! A good beginning precaution is to disallow all
HTML by either removing < and > characters from all of the user's information or
replacing them with the < and > character entities. The escapeHTML method
in the CGI module is very good for this.
Use substr(), too, to cut anything the user enters down to a reasonable size.
Asking for a "short" message will do nothing to prevent the user dumping a 500k
file into the message field!
• Write a program that plays tic-tac-toe against the user. Be sure that the computer
AI is in a sub so it can be easily upgraded. (You'll probably need to study HTML a
bit to see how to output the tic-tac-toe board.)