Salve J. Nilsen

• Website: code.foo.no/
• About: Someone in Oslo, Norway

Recent Actions

• Commented on 575 Pull Requests in Three Weeks: What Happens When AI Meets CPAN Maintenance
  False positives are _really_ scary, when one allows an unknown third party in - especially if this third party is untrusted I meant "False negatives", of course. (oops)...
• Commented on 575 Pull Requests in Three Weeks: What Happens When AI Meets CPAN Maintenance
  Not sure what you mean here. It's when the LLM is (purposefully) trained to accept a pattern of text as good, when it is in fact bad. e.g. Let's say you're training a special model for detecting security issues, but...
• Commented on 575 Pull Requests in Three Weeks: What Happens When AI Meets CPAN Maintenance
  This is very interesting, and I hope it leads somewhere positive. What are your thoughts on addressing the problem of "trained ignorance" in LLMs? False negatives when looking for security issues can be pretty nasty, I think. Maybe if one...
• Posted A FOSS Ecosystem Checklist for the Benefit of Maintainer Sustainability to Salve J. Nilsen
  1. Maintainers̵…
• Commented on Assert Your Environment
  Yeah, this is good stuff. Would you be ok with presenting it at the Perl conference in Helsinki in August? :-) https://PerlKohaCon.fi...
• Commented on Proposal for Perl Foundation Memberships
  I completely agree with Dean about not having membership (including corporate partnerships) is a wasted opportunity, and I would LOVE to see YAS' bylaws be changed to open to this revenue source. And to those of you who say "But...
• Posted A FIXIT-dive into an old CPAN module to Salve J. Nilsen

  Let’s have a thought experiment. Assume there is an Open Source-licensed Perl module published on CPAN that you care about, and that hasn’t had any updates in a very long time - what are your options?

  In this blog post, I’ll take a dive into this problem, and use the Geo:…

• Posted A Perl Toolchain Summit 2018 organiser's report to Salve J. Nilsen

  The 2018 edition of the Perl Toolchain Summit is over! I’ve posted my report from it on my own blog.

• Posted Perl Toolchain Summit 2018: Oslo, Norway to Salve J. Nilsen

  Every year we bring together the lead developers of the Perl and CPAN toolchain! This event was previously known as the QA Hackathon, but in 2016 it became the Perl Toolchain Summit (PTS) to more accurately reflect the scope and purpose.

  This is an event where pressing issues around Perl&#…

• Commented on Python is The New "Write-Only, Linenoise" Language
  Now, now, let's not go about bashing the pythonistas! They have still a gem of a language, perfectly cromulent for many things and with a long future in front of them! ;)...
• Commented on Fluent interfaces in Perl 6
  How would you write Martin Fowler's JMock example (which you linked to) in Perl 6?...
• Commented on We are all Perl's ambassadors...
  Ooh, correction to myself; CPANRatings is on github! https://github.com/perlorg/perlweb/tree/master/lib/CPANRatings :D...
• Commented on We are all Perl's ambassadors...
  One obvious way to improve the situation is by letting CPANratings "time out", so old (and presumably fixed) comments get a reduced visibility. I think cpanratings.perl.org can be made into a much better resource than it is today, but this...
• Posted CPAN Day 2014 in Oslo to Salve J. Nilsen

  Oslo Perl Mongers are organizing a CPAN Day event! \o/

  Tomorrow (Saturday August 16th 2014), we’ll be hanging out at the Hackeriet (Norwegian for “The Hackery”) hackerspace, helping anyone dropping by with CPAN and Perl issues they may h…

• Commented on The 2013 White Camels
  Well done and kudos to the deserving winners! :D...
• Commented on YAPC::Asia Tokyo 2013 is over
  Whoa, that's impressive. You guys rock! :)...
• Commented on Once More Unto The Breach
  Thanks for taking another stab at this, Stevan. :)...
• Commented on Unicode is 20++ years old and still a problem
  Maybe the guy who wrote the software hasn't bumped into your usage pattern? If you want to make him/her aware of what you found, try filing a bug report (with a failing test, if possible :). Also, it might be...
• Commented on When to create a branch in Git?
  Also, "git rebase -i " ftw. :) It's *very* nice to be able to reorganize and squash several related commits to one. Makes the commit history so much easier to manage....

Comment Threads

• Grinnz commented on 575 Pull Requests in Three Weeks: What Happens When AI Meets CPAN Maintenance

  I'm not sure where you got this idea. CPAN Testers covers whatever individual testers decide to cover, which certainly includes downstream deps of trial releases. But more importantly: how would it hurt?

• Dean commented on 575 Pull Requests in Three Weeks: What Happens When AI Meets CPAN Maintenance

  Having some mechanism to determine downstream breakage would be a net win with our without coding agents.

  It would be even more helpful with an automated mechanism to communicate changes to downstream authors.

  As far as I can tell, other languages are now pinning everything and using bots to move the pins when tests pass. This has the major upside of each project itself opting-in to tracking upstream changes - not just being blasted with automated break notifications from some system they haven't decided to care about (or even know about).

  Pros and cons - but a proble…

• Tom Wyant commented on 575 Pull Requests in Three Weeks: What Happens When AI Meets CPAN Maintenance

  I don't know how development releases would help you. I do know that just because one of my modules passes all tests on my box does not mean it will pass everywhere. If the problem is truly only downstream failures, maybe development releases wouldn't help.

  But maybe what this means is that we need more testing infrastructure -- something analogous to "Blead Breaks CPAN," but for CPAN itself, not perl.

• Robert Rothenberg commented on 575 Pull Requests in Three Weeks: What Happens When AI Meets CPAN Maintenance

  I have a lot of concerns about using LLMs.

  The sheer volume of code changes they can submit seems overwhelming. That's a lot to review, and it seems that bugs can slip through. I've seen some daft changes show up in codebases due to AI.

  There has also been some research in poisoning LLMs so that can insert security holes in code, not to mention years of badly-written/insecure code posted online that they have been trained on.

  There are also some serious legal and ethical concerns about using them:

  Do the PRs contain code snippets from other code with incompat…

• Todd Rinaldo commented on 575 Pull Requests in Three Weeks: What Happens When AI Meets CPAN Maintenance

  > I do know that just because one of my modules passes all tests on my box does not mean it will pass everywhere.

  One of the critical pieces we learned about rapid development was assuring a complex CI workflow. If you review one of the actions for XML-Parser at https://github.com/cpan-authors/XML-Parser/actions/runs/24453321541, you'll see we test, all versions of perl, with/without LWP, 3 downstream packages, fedora, macos, ubuntu, and 3 flavors of bsd. There are minor things we cannot get without c…