Untrusted Numeric Input

David Farrell's Perl.com article Validating untrusted input: numbers got me thinking, specifically about the role of \d in sanitizing input. I am not going to talk here about looks_like_number(), because the referenced article covers it.

The thing is, on any Perl recent enough to be Unicode-aware, \d matches digits, whether or not they are ASCII. This may be a problem if you are sanitizing data for numeric conversion, because typically conversion routines expect ASCII digits. There seem to me to be at least two ways to deal with this: restrict your regexp patterns to ASCII, or have the conversion routine deal with the full range of unicode digits.

Restrict Patterns to ASCII

If you truly want ASCII digits for your system, there are a number of ways to restrict a regular expression pattern to ASCII.

Use two-level validation, a.k.a. brute force

By this I simply mean explicitly validating anything that matched \d by also matching it against [:ascii:] in a second regular expression.

Use [0-9] instead of \d

(Mis) Using Perl 6 Grammars : Decompressing Zelda 3 GFX

(Mis) Using Perl 6 Grammars : Decompressing Zelda 3 GFX

Grammars combined with actions allows to parse strings and produce something from it. It's not far fetched to say that any compressed data follow a structure that is likely 'parsed' by the corresponding decompression algorithm.

So why not using Perl 6 grammar for this kind of work? Especially a compression I am familiar with.

A look into Nintendo compression

Nintendo used the same base compression format for their SNES games with some variant depending on the game. It's pretty straight forward and it's easy on the ~2Mhz of the SNES CPU.

It goes like that:

RPerl at the Austin Perl Mongers Christmas Party

The last event of 2018 for Team RPerl was the Austin.pm Christmas Party. Our beloved President (AKA "Prez"), Will the Chill, gathered all of us for pizza and Perl projects.

Throughout the evening, we discussed the possibilities for us to develop the use of Perl, promote Perl jobs and Perl projects in the Austin area.

Our main ideas include:
- Hosting Hackathons for Perl projects
- Inviting a guest speaker once a year
- Teaching free Perl classes

Among our members present that evening was Jim Choate, one of the three original Austin.pm founders, along with some of the younger generation of Perl enthusiasts. The party was about the past and future of Austin Perl Mongers, in every way.

And it wouldn't be a Christmas party without a few presents, Perl presents of course! (Thanks to Wendy & Liz for furnishing some of the Perl gifts at past YAPC/TPC conferences.)


Rakudo.js update - hunting down failing roast tests

Currently I'm working to getting rakudo.js to pass (our choosen subset of tests) in Chrome rather then on node.js.
For that I'm using the karma test runner (which should also allow testing all the other browsers easily).

The way the process works is that the Perl 6 test files get compiled to JavaScript and bundled by the parcel with everything they needs to run. The bundling includes the setting, runtime and even the whole Rakudo compiler (tests use EVAL a lot).
As as side node it turns out that for debugging purposes node bundled-everything.js emulates running in the browser very closely.

Git Repo in Shared Hosting #3 - Git::Hooks for a Secure and Clean Repo


Perl Dependency Checking

I'm working on a few projects right now, most notably one that helps me create a CPAN distribution so that I can create a Perl Lambda in the AWS environment. This has led me to some yak shaving exercises, most notably investigating how to check for Perl dependencies.

Without getting too far into the weeds on Perl Lambdas (that's another blog post in the writing), suffice it to say I need to vendor Perl modules and deploy them in the Lambda environment. I briefly looked at carton and that may solve the problem neatly, but my early dive indicated to me that another path might be a more direct shot on goal and produce a cleaner Lambda deployment methodology.

Back to the issue at hand...specifically this blog is going to discuss Perl dependency checking using these tools:


What's going on here?

What do you think the following lines print?

use feature 'say';
sub fmt { sprintf( @_[0, 1] ) }
my $num = 1_234_567_890.12_345_678_9;
say sprintf( '%.6f', $num );
say fmt( '%.6f', $num );

I think the two say lines should both print out the same value, 1234567890.123457. The first line behaves as expected, but the second does not. Does anybody have any idea on why?

Playing around with the code, I’ve figured out how to fix the issue, but I’m curious as to thoughts and explanations from the community.

p6env - Perl6 environment manager

Last year, I created yet another Perl6 environment manager, p6env. Speaking of Perl6 environment managers, I think everyone imagine rakudobrew. Yes, it is awesome.

Here are pros and cons of p6env:

  • Pros
    • p6env is one of the env family (rbenv, plenv, pyenv, etc.). So if you’re already familiar with them, you can use p6env even without any explanation.
    • You can easily write plugins for p6env. See, for example, https://github.com/skaji/p6env-update.
    • It can install rakudo-star distributions by default.
  • Cons
    • It does not support Windows.

Since I created p6env, I have been using it and like it. I hope you try it.

How to install p6env

Here, we assume you use bash as your default shell. If you use different shells, please read README at github instead.

RPerl in Paris - Part II

Hello everyone, and Happy New Year!

Previously, on "RPerl Around The World", the team was in Paris for a meeting with the Paris Perl Mongers, and then left for the London Perl Workshop.

We are now back in Paris for another meeting at the FPH building (Fondation pour le Progrès de l'Homme). Every Thursday, the FPH hosts a Linux technical meeting, providing a place for programmers to work on their various projects. Thanks to Emmanuel Seyman, we got to meet two of the Linux programmers, Stéphane Gigandet and Pierre Slamich. They work on a collaborative open source Perl project called Open Food Facts.

Open Food Facts is a food products database. It is a non-profit project meant to give as much information as possible to consumers regarding the food products they buy. The project was launched in 2012 by Stéphane Gigandet. You can learn all about it here: https://world.openfoodfacts.org/

This Paris meeting was an opportunity for us to learn about what Open Food Facts does, and for them to learn about RPerl and its possible use with their database platform.


See you next year at 36c3!

Visitors of the 35th Chaos Communication Congress had a great time between Christmas and new year's eve and you're invited to be part of it next year at the 36th congress. As everybody seems to be pleased with the venue it will probably be from December 27th to 30th again in Leipzig, Germany.

Watch the recordings of this year's talks at media.ccc.de.

We were half a dozen Perl folks just saying hello at the assembly or making our space their home over all four days. Also there were many visitors who shared their past experiences with Perl (many good ones) or were eager to learn about Perl5 or Perl6.


In the picture you can see:

  • two tired but welcoming Perl hackers:-)
  • Camelia toys, education material and stickers for visitors
  • indispensable utilities for data travelers like a towel
  • in the background: light installations like the one from our friendly neighbors from Ruby-town

Is there anything wrong with this benchmark?

Class::Method::Modifiers versus $self->SUPER.

The exec summary is:

$ dumbbench perl test1.pl 
cmd: Ran 21 iterations (1 outliers).
cmd: Rounded run time per iteration: 2.0408e-02 +/- 3.6e-05 (0.2%)
$ dumbbench perl test2.pl 
cmd: Ran 22 iterations (2 outliers).
cmd: Rounded run time per iteration: 1.5050e-02 +/- 6.9e-05 (0.5%)

So Class::Method::Modifiers seems 30% faster. I'm guessing that this is the result of not having the subroutine overhead call on every invocation. Am I right? How does this work?

Top 15 Achievements in the year 2018

1) German Perl Workshop 2018

For the first time ever, I attended any Perl Workshop other than London Perl Workshop. I submitted 2 talks for the event and they both were accepted. I attended 2 days of the 3-days event and met so many great personality in one place. I made many friends for life. It would be unfair to name them here. They know who I am talking about.

2) Perl Weekly Newsletter

I joined the elite panel of co-editors of The Perl Weekly newsletter. I am proud to edit 17 editions in the year 2018.

3) Completed 1 year of daily uploads to CPAN.

Although I have done it earlier and went on to go over 1000+ days non-stop, still crossing 1 year mark was a big achievement after re-starting from zero due to the break in continuity, I blame on my holiday trip to India.

4) Perl.com

Skeleton Week: perl based status page

The nice folk at Fastmail have published their status webpage application "towncrier" as foss on github. See it running in on their actual status page (link fixed).

It is written in Perl, using Dancer, uses Template Toolkit, and has a REST api interface. It uses SQLite for storage, so for better or worse its quick to install and get running.

Unfortunately the documentation is close to non-existent, though the README file describes how to get it running via carton. The application is small so you'll be reading the source a little bit :)

Still, having a play with towncrier and seeing if it could feasibly replace some paid $tatuspage is a nice little one day project for skeleton week.


Next stable DBD::SQLite will be released at the end of December

DBD::SQLite 1.61_04 (with SQLite 3.26.0) is a release candidate of the next stable DBD::SQLite. This release has a security fix for FTS users who allow arbitrary SQL statements from users for some reasons (usually because of a SQL injection vulnerability). I'll only wait for a week this time to gather CPAN testers' reports. So please test this with your applications, especially if you use FTS feature.

This release also introduces "sqlite_defensive" option, to disallow dangerous SQLite features such as updating "sqlite_master" table.

PGVersion: a class to manage PostgreSQL Version (strings) within a Perl 6 Program

As you probably already know, PostgreSQL has changed its versioning number scheme from a `major.major.minor` approach to a concise `major.minor` one. Both are simple enought to be evaluated with a regular expression, but I found myself wrinting the same logic over and over, so I decided to write a minimal class to do the job for me and provide several information.

Oh, and this is Perl 6 (that I'm still learning!).

The idea is to have something like the following working:

use Fluca1978::Utils::PostgreSQL::PGVersion;

for <10.1 11beta1 11.1 9.6.5 6.11> {
my $v = PGVersion.new: :version-string( $_ );
say "PostgreSQL version is $v";
say "or for short { $v.gist }";
say "and if you want a detailed version:\n{ $v.Str( True ) }";
say "URL to download: { $v.http-download-url }";
say '~~~~' x 10;

The class allows you to check the info, get the URL for the download, compare two different versions to see which one is newer, see if it is a beta, and so on.
Read more on this blog post.

Monthly Report - December

Skeleton Week: Nopaste with mojopaste

The nopaste utility from the venerable ETHER is a terrific addition to your standard deployment. Installation is trivial with:

cpanm App::Nopaste

This simple utility makes it trivial to send text data to your pastebin-like service of choice. The core distribution includes a half dozen services, and divers others have been published by other authors on the CPAN. Chances are your favorite is already supported - if not then you've found yourself a skeleton week project.

List what's available on the system already with:

nopaste --list

With a fresh install from the CPAN, there are a few public services that will work without any log in. One such service is the Debian paste service. Let's paste some random lipsum text as an example (this should be fairly platform agnostic):

curl -s -X POST https://lipsum.com/feed/json |\
jq -r '.feed.lipsum' |\
nopaste --services Debian

Hiya peeps!

We're looking for more talk submissions for the DC-Baltimore Perl Workshop (April 6, 2019, Silver Spring, MD)! Submit by Jan 31 (OR SOONER) at http://bit.ly/dcbpw-cfp and learn more at https://dcbpw.org/dcbpw2019/.

The DC-Baltimore Perl Workshop is a 1-day, 2-track conference (Saturday, April 6). The attendees are Perl Programmers and enthusiasts, interested in the latest technology and techniques -- Beginner, Advanced, Bizarre... all of the things!

Example talk topics:

  • How regexes work
  • Debugging techniques
  • Art & Code
  • Unicode!
  • Perl5! Perl6! (Perl...4?)
  • Agile project planning
  • Porting Perl to my Roomba
  • GraphQL ... how does THAT work?!
  • Dockerize / Kubernetesifying Things

You are welcome to submit more than one talk. We will accept submissions until January 31. That will then give us time to share the schedule with attendees!

If your talk is accepted and confirmed by you, we will send you a special invitation link to free registration as a speaker.

Email further questions to dcbpw-organizers@googlegroups.com, and learn more at our website, https://dcbpw.org/dcbpw2019/

Update: Perl Mongers 🐫🦋 at 35th Chaos Communication Congress

This is a follow-up to the previous blog post Perl[56] on the 35c3.

The Perl community will be officially present on the 35th Chaos Communication Congress! We have several well known developers on site and registered a space dedicated to Perl for everyone to visit—at this event it's called an assembly and our's is named Perl Mongers 🐫🦋 (including the cute Unicode symbols).

You've got a ticket but can't attend? Some of our folks didn't receive a ticket and would love to jump in. Please contact us!

You're going there? Of course visit our assembly yourself, maybe take a seat or store your belongings at our tables. Don't forget to wear your Perl t-shirts and bring other swag!

You need accommodation? I still have beds in private flats available while all hotels seem to be sold out! Please contact me via IRC or e-mail at dboehmer@cpan.org.

We share information and organize via IRC and an Etherpad session. You can chat with us and find the link to the Etherpad at #35c3 on irc.perl.org (Webchat via Mibbit).

See you soon in Leipzig

SPVM Document beta 1.0

I start to write SPVM Document beta 1.0 by Japanese.

SPVM Doument beta 1.0(Japanese)

About blogs.perl.org

blogs.perl.org is a common blogging platform for the Perl community. Written in Perl and offering the modern features you’ve come to expect in blog platforms, the site is hosted by Dave Cross and Aaron Crane, with a design donated by Six Apart, Ltd.