Perl Pendant — Clean, Shiny Web Apps

My hegemon product was a fun little project for a Mason-centric site provisioning system, but it introduced some design weaknesses, primarily its complete lack of portability. Having been experimenting with Plack and related projects for a few months, I’ve decided to revamp the concepts of hegemon and create a web provisioning ‘bundle’ of Plack technologies with my own automation scripting to enable modular Plack-powered “webapps”, somewhat akin to Java or Rails.

Haven’t gotten much further out of the spec phase, hoping to write some code soon to demonstrate the feasibility and, more important, the benefit as opposed to managing them individually on a app-by-app basis.

urim - not-so-plain passwords

I’ve always hated the notion of plaintext passwords in configuration files or source code. So often on pet projects we don’t give it much thought, it’s just rationalized as simply “it needs to be somewhere.” A few times I caught myself XOR/Base64 encrypting them just so that weren’t jarring to scroll past — but even then I know the first thing someone would do should they get ahold of it would be to base-decode/xor it to see what came out.


So i came up with urim - a command line utility to generate Base64/XOR two-passwords. The key to urim was the cipher, a separate text file on the filesystem in a much less centralized place. When running the command in “encrypt” mode, it would XOR your password together with this mystical cipher and Base64 the output. When ran in “decrypt” mode, it would Base64-decode the string, and XOR it back using the same cipher to the original text.

So now I have calls in my scripting akin to:

my $passwd = `urim -d Br3sd13Gsd==`

Doing a raw decode on this will produce nothing of value. The user would have to also have to have remote shell access with the appropriate UNIX group access to get the original cipher.

Source is available for free on our gitfree repository:

git clone http://gitfree.oftenepic.com/urim.git/

Oftenepic on tumblr

That’s about the long and short of it :) Want to try out a “social network” presence versus the old fashioned “byte-and-mortar” website for displaying my project portfolio.