This week, we:

• Talked about some ideas for discussion at the upcoming PTS
• Discussed the current blocked state of bleadperl following the 5.39.9 release and how to unblock it
• Finished reviewing the release blocker bugs
• Discussed how MetaCPAN should better handle perl releases and permissions

These are some answers to the Week 276, Task 1, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on July 7, 2024 at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 1: Complete Day

You are given an array of integers, @hours.

Write a script to return the number of pairs that forms a complete day.

A complete day is defined as a time duration that is an exact multiple of 24 hours.

Example 1

Input: @hours = (12, 12, 30, 24, 24)
Output: 2

Pair 1: (12, 12)
Pair 2: (24, 24)

Example 2

Crypt::Passphrase

Crypt::Passphrase is a module for managing passwords. It allows you to separate policy and mechanism, meaning that the code that polices authorization doesn’t have to know anything about what algorithms are used behind the screen, and vice-versa; thus making for a cryptographically agile system.

It’s not only handling the technical details of password hashes for you but also it deals with a variety of schemes. It’s especially useful for transitioning between them.

A configuration might look like this (Koha):

日本のYAPCに参加したのは18年ぶり2度目。

イベント参加者として

• 世界一成功しているYAPCであるYAPC::Japanの運営を見習うためにボランティアで参加させてもらった。一般参加者の切符を買いますと言ったのだが、主催のkobakenさんに固辞された。神のようなお方
• YAPCという名前はやはり良い

ボランティアとして

• 朝7:30に集合だった。早めの行動をしようと7:25に着いたらほとんどのスタッフがすでに到着していた。アメリカではありえない
• メインは部屋の進行係。さらに登壇者向けの受付という重大な任務もまかされて光栄です

TPFの人間として

• 運営の方がTPFへの寄付を繰り返し呼びかけてくれて、さらに受付でも寄付コーナーを設置してくれてお礼の申しようもない https://blog.yapcjapan.org/entry/2024/02/10/100000
• もちろん、寄付をしてくださった方にも本当に感謝している

トークについて

• ボランティアをしていたのでほとんど聞いていない。あとで録画を見る
• 広島のYAPCのキーノートを誰にしてもらうかという疑問に対して、とほほさんというパーフェクトな答えを出した運営チームは偉すぎる
• 私がこのコミュニティに入る前から登壇していてまぶしい存在だったcharsbarさんとtakesakoさんのトークをまた見られてありがたかった。かるぱねるらさんが同じようなことを書いている。https://x.com/karupanerura/status/1756575196369260893
• ずっと前から有名人という点ではmalaさんのトークが聞けてよかった。タイムリーでYAPCにぴったりな内容。弾さんのトークは聞き逃した
• もちろん新しい登壇者が半分以上で、それもいいこと
• YAYAPCはYAPC以上に良かった。録画とSNS公開が禁止のトークは実に面白い
• 私のトークは過去に20分でやったものを5分に圧縮した。ボーナススライドは時間が余れば見せようかと思っていたところまったく無理だった。内容は「日本発のPerlのスローガンを提案する」だった

アメリカのカンファレンス主催側の者として

• 日本のYAPCが米国のYAPC（最近はTPRCという）より規模が大きいのは、人口が世界一の都市である東京で開催するからだというのがかつての通説だった。その後YAPC::Japanチームは東京から飛び出して他の都市でも世界一大きいなYAPCができるのだということを証明した
• YAPC::Japanがなぜこれだけ人が集められるかというというのは別記事で長い考察が必要だが、毎年来る人でも10年に一度しか来ない人でも初参加者でも楽しめるイベントであるのは事実
• スケジュール通りにトークが進行するのは素晴らしい。あれは、参加者が開始前に着席していないと無理。日本人がどうやって5分の休憩時間で遅れなく部屋を移動するのかは謎
• YAPC::Hiroshimaの広報は優秀
• YAYAPCでkobakenさんが少しだけ言っていたように、自分は客だという気持ちの入場者がいるのは残念。チケットの売り上げでは全然赤字なのがYAPCなので、一般入場者はお客様ではないのです（これは私の意見）

まとめ

• 家から広島の会場まで最短でも24時間かかるので移動は大変だったがその価値はあった
• また来たい

Just Paul and Philippe this week:

• Paul volunteers to do the 5.39.9 release. We still need people for .10 and 5.40. The .10 release will be timed around PTS - so maybe we could do something “live” at the summit?
• Mailing list was otherwise quiet so there weren’t many issues to discuss.

In absence of many other pressing issues, we spent some time thinking ahead to large-scale development work that might take place in the 5.41 series. We talked about “hooks” as a potential long-term thought to making a more powerful Magic-like structure, for implementing new features, attributes, etc..

A longer version of this post, including the full timeline as we know it, is available at security.metacpan.org

Between Dec 2023 and Jan 2024, vulnerabilities in Spreadsheet::ParseExcel and Spreadsheet::ParseXLSX were reported to the CPAN Security Group (CPANSec).  This document describes the timeline and analysis of events.

CVE-2023-7101: Spreadsheet::ParseExcel arbitrary code execution vulnerability

Đình Hải Lê discovered an arbitrary code execution (ACE) vulnerability in the Perl module Spreadsheet::ParseExcel, version 0.65 and earlier.

An attacker, exploiting this vulnerability, would craft an Excel file containing malicious code encoded as a number format string, which is executed when the file is parsed by Spreadsheet::ParseExcel.  Basically, untrusted data is passed to the Perl eval function enabling arbitrary code execution. A detailed write up of the vulnerability and Proof of Concept (PoC) is available at https://github.com/haile01/perl_spreadsheet_excel_rce_poc

After three years of not organising and one successful PTS in Lyon last year, we might have become a bit complacent and forgotten how taxing organizing an event is... After a very slow preparation, we are very pleased to announce the fourteenth edition of the Perl Toolchain Summit!

In 2024, we will be meeting in Lisbon, Portugal, from Wednesday April 25 to Sunday April 28. As has become customary, participants will stay at the hotel, and work in the meeting rooms dedicated for the event.

These are some answers to the Week 255, Task 2, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on February 11, 2024, at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 2: Most Frequent Word

You are given a paragraph $p and a banned word $w.

Write a script to return the most frequent word that is not banned.

Example 1

Input: $p = "Joe hit a ball, the hit ball flew far after it was hit."
       $w = "hit"
Output: "ball"

The banned word "hit" occurs 3 times.
The other word "ball" occurs 2 times.

Example 2

Back to the usual three of us

• Further chats on allowing a subsequent use VERSION of the same value as is already prevailing

• We continued going through the bug list to tag release blockers

Get ready for a night of code, community, and culinary delights at the TPRF Sponsored Dinner during FOSDEM! 🍽️✨ Join us on Saturday, February 3rd, for a three-course feast and vibrant conversations.

📅 When: Saturday February 3rd, evening

📍 Where: Bruxelles

🎉 What's Cooking: An unforgettable evening filled with tech talks, networking, and delicious bites!

🤩 How to Join:
RSVP now by filling in this form below and secure your spot! Let's make this dinner a celebration of code and camaraderie.

Google Forms

February 08, 6pm CT ~ Houston Perl Mongers Zoom Meeting 🔗 Thu Jan 25 2024
Title: Using Perl Prototypes

When: Thur February 8th at 6:00-8:00 PM CT (+6 UTC)

Where: (virtual, see below):

https://us02web.zoom.us/j/920069702
Meeting ID: 920 069 702
Password can be found by running this statement.
perl -e 'print +(0b1000100).((3<<2)*10).(010)."\n"' # 681208
Original post:
https://houstonperlmongers.org/posts/3a99ac5b-f9f9-4409-a38c-e9ef91d972c8

These are some answers to the Week 254, Task 1, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on February 4, 2024 at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 1: Three Power

You are given a positive integer, $n.

Write a script to return true if the given integer is a power of three otherwise return false.

Example 1

Input: $n = 27
Output: true

27 = 3 ^ 3

Example 2

• working out a timeline of what should go in to 5.39.8, 5.39.9, and what to defer to 5.41
• draft tests+docs received from Martijn Lievaart (“M4”) for a logical xor (^^) operator
• the responses saying no to adding Data::Printer in core that it doesn’t seem like it would be popular
• some potential new sprintf format templates:
  • a float template that produces the shortest string that represents the exact float (similar to what Math::Ryu does),
  • a %q to access B::perlstring/quotemeta or something similar
• the realisation that, some months ago, Mark Gardner had volunteered to work on the SSL-in-core project, and we haven’t heard from them since.

2023 was a rather productive year for me on CPAN. Aided by taking some time off I managed to release a whopping 18 new modules.

Passwords

• Crypt::HSM
• Crypt::Passphrase::Argon2::AES
• Crypt::Passphrase::Argon2::HSM
• Crypt::Passphrase::Linux
• Crypt::Passphrase::Pepper::HSM
• Crypt::Passphrase::Yescrypt
• Crypt::Yescrypt
• DBIx::Class::CryptColumn
• Mojolicious::Plugin::Passphrase

Half of my new modules were related to my password framework Crypt::Passphrase. To be honest most of them are either small (± 100 LOC) glue two or three other pieces of code together. And then there was Crypt::HSM, a PKCS11 interface (to use cryptographic hardware without exposing cryptographic keys) that was probably more work (2600 LOC of XS) than the others combined.

Most of this was with the aim to add peppering support to Crypt::Passphrase, a subject extensive enough that I should probably dedicate a separate blogpost to it.

I missed last year but in 2024 I'm doing a dev release of Perl again. This time it is version 5.39.7.
And again, you can watch it live on Saturday 20th of January on Twitch.

These are some answers to the Week 275, Task 2, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Task 2: Replace Digits

You are given an alphanumeric string, $str, where each character is either a letter or a digit.

Write a script to replace each digit in the given string with the value of the previous letter plus (digit) places.

Example 1

Input: $str = 'a1c1e1'
Ouput: 'abcdef'

shift('a', 1) => 'b'
shift('c', 1) => 'd'
shift('e', 1) => 'f'

Example 2

Happy New Year!

This week, we discussed some recent mailing-list threads:

• meta experiments continue. They should probably provoke some kind of runtime warning about being experimental, but exact details need discussion
• Ovid requests to write another PPC about value constraint checks. We don’t object as such, but would remind that a specification alone does not guarantee an implementation and we’re still busy implementing the previous big idea (class)

Well, not actually wrong, just slow. But the exaggeration makes a punchier headline, you’ll admit.

This comes up when an interface takes a pattern to match things against. Sometimes you have some reason to want this match to always fail, so you want to pass a pattern which will never match. The customary way of doing this is to pass qr/(?!)/. There is a problem with that, though.

I’m not talking here about the fact that if possible, you really don’t want to pass an actual qr object. We’ve already covered that. It was a surprising enough discovery that I’ll take this opportunity to signal-boost that while we’re here, but this article is not about that.

We are happy to announce that Geizhals Preisvergleich supports the German Perl Workshop in 2024!

These are some answers to the Week 274, Task 1, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on June 23, 2024 at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 1: Goat Latin

You are given a sentence, $sentance.

Write a script to convert the given sentence to Goat Latin, a made up language similar to Pig Latin.

Rules for Goat Latin:

1) If a word begins with a vowel ("a", "e", "i", "o", "u"), append "ma" to the end of the word. 2) If a word begins with consonant i.e. not a vowel, remove first letter and append it to the end then add "ma". 3) Add letter "a" to the end of first word in the sentence, "aa" to the second word, etc etc.

Example 1