I’m assuming that by now you’ve probably heard of Let’s Encrypt.
If you haven’t, they are a brand new Certificate Authority that issues SSL certificates for free via an automated system!
There has to be a catch right?
Well kinda, but it’s a small one.
The certificate is only valid for 90 days.
They mention two reasons for this in a blog post: to encourage automation and to contain the damage of a compromised cert.
If you need to renew every 90 days, you don’t want to be doing that by hand right?
By encouraging automation, they can effectively force you to investigate how to make security easier for yourself over the long term.
You may have read the famous Ten Immutable Laws Of Security but the related Ten Immutable Laws of Security Administration tells us in Law #2 that
Security only works if the secure way also happens to be the easy way
Once you have automated your SSL cert generation then the easy way will be the standard way.
As last year I was unable to post every month about the Pull Request Challenge assignments, I decided that this year I would try to post updates every three months.
So, for the first month, I got WebInject. The PR was not huge. Just a contribution to add a README file to the distribution. As the author did not want to update the README and the POD, the PR was changed in order to generate the README from the POD. This PR was then merged. Yay, first month complete.
So lucky for me a client decided to pay me to refactor some of their very old code. Refactoring can be fun, but if you have a 20 year old business critical codebase where the team has forgotten or don't know how stuff works and it absolutely has to not break, then you have some challenges and quite a lot of potential for loss of face.
This particular job was to refactor a single large, excessively complex subroutine into something that was testable and that a relatively naive programmer could reason about. And there were no tests.
tl;dr: this blog post is relatively involved, but scroll down to the bottom to see some neat abuse of git as a data analysis assistant.
Perl's copious documentation is one of the things that keeps me using it. But
this is not an unalloyed benefit; actually finding something, unless you have
a pretty good idea where to start looking, can be like finding the proverbial
needle in a haystack.
Fortunately, we have Joshua ben Jore's perldoc-search,
which will find anything you can specify as a regular expression, and that
Perl itself can find.
Unfortunately, this can sometimes be a bit too much. I generally have several Perl
kits unpacked in my home directory (well, subdirectories of it). Since by
default file-find does a File::Find::find on
@INC, and since by default @INC contains my current
directory, then if I issue a file-find in my home directory, the
entire tree gets searched, and every unpacked kit can produce a hit.
It turns out there is a surely-unsupported but nonintrusive way to exclude
the current directory from the search. Instead of running
perldoc-search directly, run it as
It’s 2016, but the CPAN Pull Request Challenge continues. Motivated by my 100% in 2015, I subscribed to the second year, as well. Unfortunately, I didn’t have time to blog about my January PR, but it would have been more about Git than Perl, anyway.
My March assignment was Plack::Middleware::ReverseProxyPath. I noticed the module had several testers’ failures, and looking at the matrix I noticed Perl 5.8.8 was all red in both Linux and Darwin, so I decided to have a look at that.
The meeting first night was in a large beer bar in the centre of Nuremberg.
We went back to the Best Western to find a certain exPumpkin already resident in the bar.
Despite several of the well named Bitburgers we managed to arrive at the
conference venue on time the following morning. Since my knowledge of German was
limited to a C grade 'O' Level last century my review talks will be mostly
limited to English talks. Apologies in advance to those giving German talks
(not unreasonable considering the country). Hopefully other blog posts will
cover these.
Masak spoke about the dialectic between planning (like physics) and chaos (like
biology) in software development.
Tobias gave a good beginners guide to Perl 6 in German and I was able to follow
most of the slides since I knew more Perl 6 than German and even learnt a thing
or two.
20 years ago, I really wanted the chat2.pl domain name, to commemorate the one piece of code I ever contributed to the core. I even wrote the .pl administrators, and got no response.
This is a silly post. I am going to show you a contrived example of Perl code that is emulating what 8-bit assembler code does to loop through a 16-bit value. Why?
I have an ongoing researching project involving the Atari 2600 Video Console System, which has a MOS 6502 microcontroller at its heart. Assembler is not my native tongue and it helps to unpack these squirrelly bits into Perl to verify my understanding.
In a larger sense, though, seeing other ways to implement common tasks is salutary. If nothing else, you may appreciate how much lift you get from using higher level languages.
ZipRecruiter.com is a website where job seekers can find jobs all over the world, and employers can list their open positions. Not only will those positions be listed on ZipRecruiter.com, they will be pushed to more than one hundred job boards and social networks. Job seekers get free email alerts with postings that are tailor-made for their skill set and location.
This post is a follow-up to MacPorts openssl versus Perl. That post told of a problem with a recent MacPorts openssl upgrade, and gave a workaround.
The right thing to do, however, is to use the current openssl. That involves finding all Perl modules that use openssl and re-installing them.
To do this, I wrote a small Perl script that traversed @INC looking for binary files. It spawned the file command to determine whether they were Mach-O files. If they were, otool -L was used to determine whether they actually linked to openssl. The script requires Perl 5.10, but uses only core modules. The file and otool commands come with Mac OS X, at least with OS 10.11 El Capitan. The script itself is available as a GitHub gist.
In my case all I found was Net::SSLeay. So I took my MacPorts openssl back to the current version using the same commands detailed in the previous post to do the downgrade, and then did the following in the cpan client:
cpan> test Net::SSLeay
cpan> # to make sure it passes
cpan> force install Net::SSLeay
cpan> # forced because it is already installed
Those two tricks are especially useful when refactoring big codebase from Perl 5 to Perl 6. Such process may take weeks or even a months, and you will encounter two cases:
1. Some features are still in Perl 5, some are fully refactored to Perl 6. So you want to run separate Perl 5 and Perl 6 test files on single prove command. Prove is not very smart. It does not peek into test files to use correct interpreter (Perl 5 is assumed) and it does not recognize ".t6" extension some people use. But there is a solution. First create your test files.
originally wanted to make a small history about GPTrixie, but it will probably be boring and you can probably look at the commit history to have an idea of how it evolved. Instead, we will see how to rewrite my Gumbo binding using GPTrixie.
What is Gumbo?
Gumbo is a standalone C99 library that parse HTML5. It's heavily tested and it's project endorsed by google. Gumbo on github
What is GPTrixie?
GPTrixie is a tool that extracts definitions from a C header to transform them into their perl6 NativeCall counterpart. This definition is partially false since it actually extract the C definition from a XML file produced by GCCXML. C parsing is something a compiler like clang or GCC are more likely to do a better job than me with my poor compiler knowledge. Anyways you can find it at GPTrixie on github or just install it with panda install App::GPTrixie
We're delighted to announce that ZipRecruiter has decided to sponsor 
