blogs.perl.org

Re-creating the vulnerability CVE-2025-40927 in an isolated docker container. Please check out the link for more information:
https://theweeklychallenge.org/blog/cve-2025-40927

All three of us attended, but with Aristotle and Paul short on time. So this was a short meeting. We discussed some administrivia and reviewed the left-over todo list from the previous PSC.

[P5P posting of this summary]

Get them at the usual place...

At the latest German Perl Workshop I held a 40 min beginner- to mid level talk about Raku (slides). It was about the habits of Perl programmers that turn contra productive with this new language. This article is a summarizing recapitulation of the pitfalls minus the intro about the history of Raku, the zef ecosystem and some general knowledge - for all those who could not attend or don't speak German.

You know how many languages have a "pipe" operator, either ready or in the making? Like PHP, here, for example: https://laravel-news.com/the-pipe-operator-is-coming-to-php-85

Well, Perl v5.42 (almost) has that too! Check these examples:

$ perl -E 'say "Alexander"->&CORE::substr(1, 3);'
lex

$ perl -E 'say ","->&CORE::join(qw/ 10 20 30 /);'
10,20,30

I believe this would work with any user defined or imported subroutine too, instead of the core functions (there you get to omit the "CORE::").

The transition meeting to the new PSC proved a bit tricky to schedule to get everyone from both the old and new PSC in attendance, but eventually we succeeded: Aristotle, Graham, Leon, Paul, and Philippe all participated.

• We discussed our structure for PSC meetings and our learnings about it from last cycle. We briefly introduced Leon to it and went over the onboarding checklist.
• We discussed roadmap items from the last cycle that did not get done, such as getting TLS in core. No decisions were taken as they will be for the new PSC to make.

[P5P posting of this summary]

Caching in Perl using memcached.
Please check out the link for more information:
https://theweeklychallenge.org/blog/caching-using-memcached

I don't know everyone who is involved in maintaining MetaCPAN and I don't know all the details of the performance related issues that have been an ongoing challenge (I believe they have been related to relentless bots?).

In any case, this last week MetaCPAN seems to have been running flawlessly!

So rather than burying a thanks note in a github issue, I wanted to put a public thanks here to all the volunteers and sponsors that keep MetaCPAN (and CPAN) running.

The CFP is closed, but in order to attend the PCC virtually, please follow this link, https://www.meetup.com/austin-perl-mongers/events/305855419/.

We are asking for a $30 donation at sign-up, but you may email science@perlcommunity.org to inquire about a discounted or free code we have for non-profits and those in between jobs.

To sign up for our low-volume email list to get information about upcoming events, click here.

All three of us attended.

• The release is imminent while Chris Williams, who usually releases Module::CoreList, is temporarily absent. We were not all sure whether this would require any additional coordination. Phillipe had sent mail to clarify the situation. We concluded that there is no issue because CoreList is an outlier: it is not upstream-CPAN but neither is it upstream-blead, while nevertheless being maintained in core. A lagging CPAN release won’t be a problem, even though that’s not the usual sequence. In the event, Chris responded to the mail with assurance that he is available enough anyway.
• We coordinated further about the release, which is coming up the following week.
• Release blocker triage this week ended as it began: with no blockers.

[P5P posting of this summary]

Reproduce the vulnerability CVE-2025-40909 in an isolated Docker container running Perl v5.34.0.

I had the pleasure of attending The Perl & Raku Conference (TPRC) 2025 in Greenville, SC as a volunteer. As always, opinions are my own.

The Conference

The conference went quite well. Unfortunately, a major weather event disrupted flights across the US, particularly around Atlanta, causing travel issues for some attendees and speakers. This led to a few talk cancellations.

We adopted it by consolidating the two talk tracks into one. There was still a diverse range of topics, and judging by the audience reactions, some of the talks were very well received.

The conference was attended by 40-50 people.

Main Room

The Venue

The event was hosted at a Holiday Inn Express in Greenville, which turned out to be an excellent choice. The hotel was clean, recently renovated (following flood repairs last year), and very reasonably priced: $139 + tax per night for a suite. The staff were quite friendly and accommodating. It also proved to be a great low-cost venue for hosting a conference - more on that below.

I had created the library in C as part of a bigger project to create a multithreaded and hardware (GPU, and soon TPU) accelerated library to manipulate fingerprints for text. At some point, I figured one can have fun vibe coding the interface to Perl. The first post in the series just dropped ; it provides the background, rationale, the prompt and the first output by Claude 3.7. Subsequent posts will critique the solution and document subsequent interactions with the chatbot.
Part 2 will be about the alienfile (a task that botched by the LLM). Suggestions for subsequent prompts welcome ; as I said this is a project whose C backend (except the TPU part) is nearly complete, so I am just having fun with the Perl part.

Only Graham and Philippe attended. We coordinated with Aristotle via chat.

We only met to discuss the mailing-list moderation and immediate actions
(which resolved to sending an email to them moderators, and another one
to the list).

We also talked about moderation in general, and got some ideas to discuss
with the next PSC.

[P5P posting of this summary]

Caching with Redis/Valkey using Perl.
Please check out the link for more information:
https://theweeklychallenge.org/blog/caching-in-perl

Paper and talk submissions will be accepted until July 01, 2025 18:59 CDT

• https://www.papercall.io/perlcommunity
• https://www.papercall.io/cfps/6270/submissions/new

In particular I'd like to invite anyone who regrets not submitting a talk to the TPRC or who has gotten bit by the speaking bug. You are welcome to give your talk remotely.

Remember! Click Continue Reading to see all the text.

I am selling my villa unit and downsizing, probably in a month or so.
There may be a period when I am off-line.
In Australia villa unit means (usually) a stand-alone building in a small block of units.
I have 2-bedroom unit and am moving into a retirement (Yikes!) village to a 1-bedroom unit.
The are various reasons but one is this month I turned 75, much to my amazement and horror.
I still live independently, drive, have 2 miniature dogs, manage my own medicine, etc. So - all good ATM.
And yes, I am still programming. I more-or-less monthly release https://savage.net.au/misc/Perl.Wiki.html,
my curated compendium of Perl module, and I am slowly automating the creation of this wiki.
The next step will be to output the wiki as a jsTree (https://www.jstree.com/),
but moving - as you might know - consumes a lot of time.....

The Dancer Core Team is excitedly preparing a major release of Dancer2, 2.0.0. In advance of this, I'd like to give you all a preview of what to expect:

• A handful of bug fixes

• Customizable scrubber/censor engine (when dumping errors, etc. - a long requested feature)

• Remove Template::Tiny fork from core (Template::Tiny support remains, but ether graciously merged our customizations into Template::Tiny)

• Remove Dancer2::Template::Simple from the core of Dancer2

• New documentation, courtesy of a TPRF grant

• Removal of deprecated code (according to our deprecation policy)

• Official support for Perl 5.22 and newer

The following features are possible, but not likely for 2.0.0 (but maybe soon thereafter):

• Bring your own config engine (TOML, JSON, etc.)

• Using Throwable to produce errors

I'm estimating a release in the next 2-4 weeks. There are still a few bikesheds to paint, cats to herd, and yaks to shave.

If you have questions or feedback, we'd love to hear from you! Until then, keep Dancing, then Dance a little happier! :)

Jason/CromeDome

Comparative analysis of Storable and Sereal using Perl.
Please check out the link for more information:
https://theweeklychallenge.org/blog/serialisation-in-perl

Graham couldn’t make it, so only Aristotle and Philippe this week.

• We discussed the structure of the feature.pm documentation and how unfeatures should be covered. Philippe has provided a first patch which extends the description of each unfeature with a note stating from which feature bundle onward it is disabled.
• Relesae blocker triage continues. The meeting began without any unresolved blockers and ended the same way.
• Philippe plans to ship 5.42.0-RC1 as soon as the last missing perldelta entries are in.

[P5P posting of this summary]