We agree with the general idea of an improved PRNG, so we encourage Scott to continue working on the PR to get it into a polished state ready for merge
TLS in core still remains a goal for the next release cycle. Crypt::OpenSSL3 might now be in a complete enough state to support a minimal viable product “https” client to be built on top of it, that could be used by an in-core CPAN client
Now that I am retired, I have a bit more time for personal projects. One project dear to my heart would be to demonstrate strong features of Perl for programmers from other backgrounds. So I'm planning a https://dev.to/ series on "beautiful Perl features", comparing various aspects of Perl with similar features in Java, Python or Javascript.
There are many points to discuss, ranging from small details like flexibility of quote delimiters or the mere simplicity of allowing a final comma in a list, to much more fundamental features like lexical scoping and dynamic scoping.
Since I'm not a native english speaker, and since my knowledge of Java and Python is mostly theoretical, I would appreciate help if some of you would volunteer for spending some time in proofreading the projected posts. Just send an email to my CPAN account if you feel like participating.
I've heard this for years, well since I started. You probably have too. And honestly? For a long time, I didn't have a great rebuttal. Sure, Perl's fast enough for most things, it's well known for text processing, glueing code and quick scripts. But when it came to object heavy code, the critics have a point.
We are happy to announce that Otobo also is part of our event!
Die Rother OSS GmbH ist Source Code Owner und Maintainer der Service Management-Plattform OTOBO.
Gemeinsam mit der Community entwickeln wir OTOBO kontinuierlich weiter und sorgen dafür, dass das Tool zu 100 % Open Source bleibt.
Unsere Kunden unterstützen wir mit partnerschaftlicher Beratung, Training, Entwicklung, Support und Managed Services.
https://otobo.io/de/unternehmen/karriere/
I've released a new version of SBOM::CycloneDX with support for the OWASP CycloneDX 1.7 specification (ECMA-424).
This release includes the new elements introduced in 1.7, with a focus on:
Enhancements to Cryptography Bill of Materials (CBOM)
Citations: references and sources for evidence/metadata
Intellectual Property Transparency: references to associated patents (number, jurisdiction, link, assignee) for compliance / due diligence needs
New experimental "SBOM::CycloneDX::Lite" interface:
A lightweight module designed to generate BOMs with a simpler API, using the most common CycloneDX properties.
Examples included in the distribution (use them as a starting point to build your own applications/tools that generate BOM files):
"x509-to-cbom" : generates a CBOM from an X.509 certificate
"rpm-to-sbom" : generates a SBOM from installed RPM packages (on RHEL-based)
The goal of this module is to help the Perl community generate BOM files more easily, improving security and compliance across the ecosystem and making the software supply chain more transparent.
It’s built for environments where time, attention, and continuity are scarce. Checks are plain Perl scripts, the server is a single-file Mojolicious::Lite web app, and each host runs a small single-file client that reports back. There’s a short tutorial that gets someone productive in about 30 minutes.
Thank you, Mojolicious!
MIT licensed; currently tested on Debian- and Fedora-like systems.
vitroconnect implementiert Schnittstellen und Geschäftsprozesse für eine Reihe von marktführenden Unternehmen über die eigene Brokerage Plattform. Darüber hinaus können auch frei konfigurierbare White Label Bündelprodukte geliefert werden. Seit 2011 ist vitroconnect mit seinen Kund:innen aus der Telekommunikation gewachsen: Auf der vitroconnect Plattform werden aktuell über 100 Partner verwaltet. vitroconnect ist die größte netzunabhängige Brokerage-Plattform für TK-Breitbandanschlüsse in Deutschland.
We discussed the recent p5p thread about the proposed class :abstract attribute. Paul wants to write that because it’s a simple addition on current code and avoids design complications about roles. Aristotle doesn’t wish to introduce a new special-purpose feature now that will become redundant when a more general one is available later and wondered whether it can be introduced as roles that currently only support a small subset of features. No call has been made.
The class discussions also extended to looking at the meta module and API, and the common idea between the two that it would be useful to get more people to use them and discuss future ideas. We would like people to step forward here.
We have PR #24059 to implement the retraction of the deprecation of being able to call undefined import methods (and the reinstatement of a default-enabled warning for that case), thanks to haarg. We are keen to get it merged so we will provide feedback soon.
The maint-votes process came up. We pondered whether we can conceive of something less obscure and will post to the list about this.
(I make no apologies for the ChatGPT images in my recent blog posts, by the way. No artists are missing out on being paid: I wasn’t going to hire an artist to illustrate these blog posts which will be read by like three people.)
A while back, I wrote MooseX::XSAccessor which you can add to Moose classes to inspect your attributes and try to replace the accessors with faster XS-based ones. Now I’ve done the same for constructors (new) and destructors (DESTROY) with MooseX::XSConstructor.
There are probably still bugs, but initial benchmarks look promising:
An Analysis of The Perl and Raku Foundation's 2024 Finances
In October 2024, I published an article analyzing the financial situation of The Perl and Raku Foundation (TPRF). Since then, I have left the board, and my life is now largely unrelated to Perl. I no longer have insight into TPRF's internal decision-making but I got a few suggestions to continue, so this article again analyzes TPRF's finances using publicly available data for the 2024 calendar year. There is an unavoidable delay between when nonprofit tax returns are filed and when they become public.
Executive Summary
Assets at end of 2023: $200,215
Revenue in 2024: $86,845
Expenses in 2024: $188,037
Assets at end of 2024: $101,525
Despite a strong increase in donations, TPRF spent more than twice its revenue in 2024, resulting in a $98,690 loss and a halving of its assets.
When I first introduced Marlin, it seemed the only OO framework which could beat its constructor in speed was the one generated by the new Perl core class keyword. Which seems fair, as that’s implemented in C and is tightly integrated with the Perl interpreter. However, I’m pleased to say that Marlin’s constructors are now faster.
(Though also I forgot to include Mouse in previous benchmarks, so I’ve rectified that now.)
DBIx::Class::Async module just leveled up. Thanks to sharp-eyed users who spotted what I missed — sometimes the best features come from the community, not the creator. Please follow the link for more information: https://theweeklychallenge.org/blog/dbix-class-async-update
There are two issues with event loop coding, related to the need to maintain an asynchronous, non-blocking style.
It's harder to write and maintain than linear, blocking code.
Despite all the asynchronous behaviour, it's still single threaded.
You can break out of the async/non-blocking mode by forking, of course, but it's not a lightweight operation and creates the risk of orphaned processes even if most of the IPC work is hidden by a good library.
Wouldn't it be nice if you could simply write subs in the plain old linear, blocking style and then call them asynchronously, letting them run in parallel to your main thread until they're ready, no forking required? After all, you're probably already using some kind of async result mechanism like callbacks, or promises, or AnyEvent condition variables, or Future objects to manage existing async behaviour. Wouldn't it be nice if you could just call a sub and deal with it using one of those mechanisms instead of the usual synchronous behaviour?
Foswiki 2.1.10 can now be downloaded - landing right before Christmas, a full year since the last version dropped. Please be advised that this release includes several security fixes that require your attention. We would like to express our gratitude to Evgeny Kopytin of Positive Technologies for conducting a thorough audit of Foswiki and providing a comprehensive vulnerability report. Despite adhering closely to our security procedures, we were unable to obtain a response from the CVE Assignment Team regarding the allocation of official CVE-IDs. It is for this reason that the new security alerts covered by the 2.1.10er release had to be documented with a "CVE-2025-Unassigned" tag, since no better option was available.
In my previous post, in February, I announced the overhaul of the MailBox software. The MailBox suite of distributions implement automatic email handling processes. I started development back in 1999, so it had aged a bit. And I can now proudly tell you that the work has been completed!
As you may have experienced yourself: software ages. It's not directly that it does not work anymore, however your own opinion about programming, the features of the language and libraries you use, and the source specifications keep on changing. Basic maintenance picks some of the low-hanging fruits as refreshment, but you usually stay away from major rewrites. Well, the marvelous NLnet Foundation helped me to realize just that!
