Tried posting this on Reddit instead, but there seem to be some issues with code insert there, so here it is properly:
Although Benchmark::DKbench is a good overall indicator for generic CPU performance for comparing different systems (especially when it comes to Perl software), the best benchmark is always your own code. Hence, the module now lets you incorporate your own custom benchmarks. You can either have them run together with the default benchmarks, or run only your own set, just taking advantage of the framework (reports, multi-threading, monotonic precision timing, configurable repeats with averages/stdev, calculation of thread scaling etc). Here's an example where I run a couple of custom benchmarks on their own with Benchmark::DKbench:
We were back from the PTS in Lisbon, and had a shorter meeting than usual, during which we mostly discussed the last remaining release blockers for 5.40.
These are some answers to the Week 267, Task 2, of the Perl Weekly Challenge organized by Mohammad S. Anwar.
Spoiler Alert: This weekly challenge deadline is due in a few days from now (on May 5, 2024 at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.
Task 2: Line Count
You are given a string, $str, and a 26-items array @widths containing the width of each character from a to z.
Write a script to find out the number of lines and the width of the last line needed to display the given string, assuming you can only fit 100 width units on a line.
Example 1
I just got back from the Perl Toolchain Summit 2024 in Lisbon Portugal!
Thank you to Grant Street Group for sponsoring my attendance at the event! Grant Street Group is an amazing place to work, and GSG is hiring! Contact me on irc.perl.org (Exodist) if you would like a referral.
This year I took a little side trip before the PTS to explore Lisbon with my wife. It is an amazing city, with a lot of history. I highly recommend visiting it and exploring the castles, palaces, and archaeological sights!
My goal for the PTS was to polish up Yath 2.0 and get it out the door. Spoiler alert: I did not achieve this goal, though I did make good progress. Instead several other things occurred that were even better as far as achieving things that require collaboration go!
Test2/Test2::Suite updates
The London Perl & Raku Workshop (LPW) will take place this year on Saturday 26th October and you are encouraged to submit your talk proposals now. We have already had 30 registrations for the workshop so we anticipate a good turnout this year.
We welcome proposals relating to Perl 5, Raku, other languages, and supporting technologies. We may even have space for a couple of talks entirely tangential as we are close to finalising the venue (very central London) and should have room for two tracks.
Talks may be long (40mins), short (20 mins), or very short (aka lightning, 5 mins) but we would prefer talks to be on the shorter side and will likely prioritise 20min talks. We would also be pleased to accept proposals for tutorials and discussions. The deadline for submissions is 30th September.
We would really like to have more first time speakers. If you’d like help with a talk proposal, and/or the talk itself, let us know - we’ve got people happy to be your talk buddy!
Following on from The bad days
We made the decision that our problems in Kubernetes were exactly the sort of thing that should not be distractions to the project. We had been trying to save costs when we choose Hetzner for hosting... especially as we did not know where our ElasticSearch cluster (needing 3x32Gig of ram) was going to live. The great news is last week ElasticSeach agreed to host this for us, which really is a game changer.
With this in mind, we reviewed hosting again... Digital Ocean (DO) provides a fully managed Kubernetes control plane, with high availability load balancer, Postgres Database integration and storage options e.g. we can focus on deploying to it and not managing it.
These are some answers to the Week 267, Task 1, of the Perl Weekly Challenge organized by Mohammad S. Anwar.
Spoiler Alert: This weekly challenge deadline is due in a few days from now (on May 5, 2024 at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.
Task 1: Product Sign
You are given an array of @ints.
Write a script to find the sign of product of all integers in the given array. The sign is 1 if the product is positive, -1 if the product is negative and 0 if product is zero.
Example 1
Input: @ints = (-1, -2, -3, -4, 3, 2, 1)
Output: 1
The product -1 x -2 x -3 x -4 x 3 x 2 x 1 => 144 > 0
Example 2
This meeting was done in person at the Perl Toolchain Summit 2024.
- Reviewed game plan for (hopefully) last development release, to be done tomorrow, as well as the stable v5.40 release.
- Reviewed recent issues and PRs to possibly address before next releases.
- Reviewed remaining release blockers for v5.40, and planned how to address them.
- Discussed communication between PSC and P5P and how to improve it.
Hey All,
Yes, we're back we'd like to announce this year's LPW:
https://act.yapc.eu/lpw2024/
WHEN: TBC, most likely Saturday 26th October 2024
WHERE: TBC
Please register and submit talks early - it gives us a better idea of numbers. The date is tentative, depending on the venue, but we'd like to aim for the 26th October 2024.
This will be the 20th anniversary of LPW (in terms of years, not number of events). We might try to do something special...
The venue search is currently in progress. The 2019 venue has turned into a boarding school so we can't use that any more due to safeguarding issues. We don't want to go back to the University of Westminster so we are searching for a venue.
Following on from day 1
Joel and I spent some more time working out disk provisioning and then decided to upgrade the nodes in the cluster... this is where the problems started...
I shutdown a node to resize it... and the site went down, no healthy backends was then displayed to all users by Fastly (our CDN) for any content that wasn't in their cache. This is not meant to happen!
We also couldn't connect to Argo (web UI for Kuberneties deployment and a view on the K8's API status) or even the kubectl command line tool.
Starting the node backup (after having upgraded) and all came back. We quickly realised that everything was using Round Robin DNS to all 3 node IP's. There was ` Traefik ` setup but it was tied to those IPs and something was not happy. We then looked at alternative tooling and thought it might be worth using rke2 instead of k3s as the underlying flavour of K8s as this would give us a little more flexibility.
I just received an E-Mail purporting to be from the PAUSE Team, claiming a compromise of a server. It was written with some thought, referencing the account name of someone well known and trusted in our community. On closer inspection however, it was merely an attempt to phish PAUSE usernames and passwords via a supposed alternative login server.
I'm sure many of us are old enough and experienced enough to detect and ignore this type of attack. But in case you aren't (welcome!) or if you are feeling a bit out of practice, then please remember to only log in via the official PAUSE entry point.
The deadline for talk and paper submissions to the 2024 TPRC has been Officially extended through April 20th for both the regular Perl and Raku tracks; and also the Science Track.
Update for the Science Track submissions, we have a small, but solid set of submissions and are expecting a few more. The Science Perl Committee is committed to helping anyone submitting a serious entry to succeed. If you're hesitating at all because you're afraid of getting rejected, please be reassured we want as many people to be part of this inaugural Science Track, as possible.
Please note, acceptable topics DO include white papers discussing implementation details of the Perl or Raku interpreters, experimental language features, implementations, benchmarks, etc.
I personally and strongly encourage you to submit an abstract to the Science Track. And if you don't want to write a paper, I strongly encourage you to submit a regular conference talk.
Brett Estrade (OODLER)
- Maintainers and authors are found everywhere throughout our dependency trees. This includes the authors of the tooling others use for maintaining, building, testing, writing and running the infrastructure they depend on. Even maintainers depend on other maintainers.
- Maintainers’ mental health and well-being is also a dependency.
- So is their outlook on the sustainability of their projects, both in personal, technical, systemic and economic respects.
This means that personal, technical, systemic and economic well-being in the end are all actual and real dependencies* for the businesses that rely on these people and their projects.*
What can an ecosystem provide to make the lives of these maintainers easier in this regard?
…continued
What is it good for?
If you’ve never worked with MooX::Role::Parameterized or MooseX::Role::Parameterized, you might wonder what is a parameterized role at all?
Roles are used when you need to share behaviour among several classes that don’t have to be related by inheritance. Normally, a role just adds a bunch of methods to the class that consumes it (there’s more, you can for example specify which other methods the role expects to already exist).
A parameterized role makes it possible to provide parameters for the consumed role. This way, you can adjust the behaviour for each consuming class.
Talk submissions are still open, and we are seeking proposals on a wide variety of subjects. This includes language features, personal projects, applications like Koha, and anything that may be of general interest to Perl and Raku programmers.
To submit an abstract, please see the authoritative Science Perl CFP or for a standard talk visit the familiar Papercall site.
Please note it is our (the Science Perl Editorial Subcommittee) goal to be able to accept as many perl+science papers and posters as possible, as such our editorial process is designed to be very friendly.
Science Track Deadlines (initial submission is same date/time as the standard talk tracks):
- Abstract submission deadline: April 5th, 2024 (23:59:59 UTC)
- Abstract acceptance emails sent: April 15th, 2024
- Draft full paper due: May 15th, 2024
- Draft full paper feedback emails sent: May 31, 2024
- Final full paper due: June 7th, 2024
- Final papers approved: June 15th, 2024
PLEASE SPREAD THE WORD!
Thank you and I am looking forward to some very good things to see in Vegas, baby!
Brett Estrade (OODLER)
I attended YAPC::Hiroshima 2024 in Japan.
A few people asked me about the distinctions between YAPC::Japan and other Perl events worldwide, prompting me to write below. Before delving into the specifics, I must preface that my experience is primarily rooted in YAPC::Hiroshima 2024, the only YAPC::Japan event I attended. It's important to say that comparing Perl events across different regions isn't about establishing superiority or inferiority; organizing conferences requires considerable resources and effort irrespective of location. Each conference has its unique approach and metrics for success. The observations I offer are purely subjective and reflect my personal views.
Size
Crypt::Passphrase
Crypt::Passphrase is a module for managing passwords. It allows you to separate policy and mechanism, meaning that the code that polices authorization doesn’t have to know anything about what algorithms are used behind the screen, and vice-versa; thus making for a cryptographically agile system.
It’s not only handling the technical details of password hashes for you but also it deals with a variety of schemes. It’s especially useful for transitioning between them.
A configuration might look like this (Koha):
A longer version of this post, including the full timeline as we know it, is available at security.metacpan.org
Between Dec 2023 and Jan 2024, vulnerabilities in Spreadsheet::ParseExcel and Spreadsheet::ParseXLSX were reported to the CPAN Security Group (CPANSec). This document describes the timeline and analysis of events.
CVE-2023-7101: Spreadsheet::ParseExcel arbitrary code execution vulnerability
Đình Hải Lê discovered an arbitrary code execution (ACE) vulnerability in the Perl module Spreadsheet::ParseExcel, version 0.65 and earlier.
An attacker, exploiting this vulnerability, would craft an Excel file containing malicious code encoded as a number format string, which is executed when the file is parsed by Spreadsheet::ParseExcel. Basically, untrusted data is passed to the Perl eval function enabling arbitrary code execution.
A detailed write up of the vulnerability and Proof of Concept (PoC) is available at
https://github.com/haile01/perl_spreadsheet_excel_rce_poc
