Book Reviews

The following book reviews are the copyright of their respective authors and no part should be reproduced without the express permission of the author. Publishers and Authors of the books reviewed may reproduce the whole or extracts of a review for their book. To request copyright permission please email webmaster@birmingham.pm.org.

All the reviews herein are the opinions of the reviewer and are not necessarily the views of Birmingham Perl Mongers and its members. If you feel a review or comment has been made in error, please contact webmaster@birmingham.pm.org to rectify the situation.

Perl Books

Static Link: http://birmingham.pm.org/reviews/53

 
Wicked Cool Perl Scripts
Title:Wicked Cool Perl Scripts
Author(s):Steve Oualline
ISBN:1593270623
Publisher:O'Reilly Media
Reviewer:Jon Allen

OK, let's start with the obvious. The title.

"Wicked Cool Perl Scripts"

Yes, that's right. "Wicked Cool". I can only assume that this is in some way meant to appeal to "the kids" but in reality it comes across like an invitation to watch your parents dance to Blink 182. And yes, that's about as far away from "Wicked Cool" as you can get.

But it's the content that matters, and despite the title, "Wicked Cool Perl Scripts" does look like it might be quite a good book. Unlike most tutorials which teach the reader one language feature at a time, this book presents useful scripts in their entirety and then walks through the code, highlighting the important aspects of each script. I really like the idea of this, it has the potential to be much more inspirational than teaching from a reference book.

While reading through "Wicked Cool Perl Scripts" though, I got quite confused as to who exactly the book was aimed at. The introduction states that a working knowledge of Perl and CPAN is expected, i.e. the reader will already know how to install modules and navigate the Perl documentation. But then some of the scripts, particularly in the "CGI Programs" chapter are so simple as to be trivial. The "Errata Submission Form" script is just another FormMail.pl, and so even fails to satisfy the author's own definition of "cool" (i.e. to "solve a difficult problem").

Look at the state of web development today. Take Google Maps or GMail as an example, tools which blur the definition between a website and an application. They are cool. Show me how to use Perl frameworks such as OpenThought and Catalyst to do something similar and yes, that would be cool. But calling a "Guest Book" script for a website "Cool" in 2006 is distinctly behind the times.

Aside from this, "Wicked Cool Perl Scripts" would almost make it as a useful beginners book if the actual quality of the code was good enough to learn from. Unfortunately, several of the scripts contain fundamental errors and even some serious security holes.

The "Visitor Counter" script displays a graphical website hit counter, as was much beloved by "personal home page" authors in the 1990s. But the fact that this script is presented with no form of file locking, or any acknowledgement of the race condition that this causes leaves me with serious doubts as to general quality of code presented throughout the book.

It doesn't take long to find another red flag, this time in a simple intrusion detection script. The aim is to lock out hackers from a web server by updating the machine's routing table, and while the author does admit that the approach is limited, I would still expect the code to be robust. However the "/sbin/route" command is invoked by the Perl code

system("/sbin/route add $who reject");

which means that the full command line will be passed to the shell for processing - so if the $who variable contained ";rm -rf / " or some other malicious data then the system is wide open to attack, noting of course that in order to run the "/sbin/route" command anyway the script will need to be running as the root user.

The code should have been written as

system('/sbin/route','add',$who,'reject');

in order to avoid the shell and protect against manipulation of the $who variable. It is all the more ironic that this script is designed to prevent hacking attempts and yet can offer hackers an easier way in!

So as you can probably guess, there is no way that I can recommend "Wicked Cool Perl Scripts", even as a resource for beginners. It was a good idea that has unfortunately suffered badly from poor execution.