blogs.perl.org

Re-creating the vulnerability CVE-2025-40927 in an isolated docker container. Please check out the link for more information:
https://theweeklychallenge.org/blog/cve-2025-40927

Prepare yourselves, the Call for Participation for the December PCC will be happening soon!

DOIs:

DOIs like permanent redirects for publications and research assets. They are managed through organizations like Crossref and are assigned at Arxiv.org, for example. They are not fee, and infact require a relatively large financial investment.

Now that we have our ISSN for Issue #1, https://doi.org/10.63971/spj.2024v01 now works! Each article now has a beautiful, permanent DOI that redirects to it's own URL at science.perlcommunity.org.

Current DOIs:

• https://doi.org/10.63971/spj.2024v01a03
• https://doi.org/10.63971/spj.2024v01a04
• https://doi.org/10.63971/spj.2024v01a05
• https://doi.org/10.63971/spj.2024v01a06
• https://doi.org/10.63971/spj.2024v01a08
• https://doi.org/10.63971/spj.2024v01a10
• https://doi.org/10.63971/spj.2024v01a11
• https://doi.org/10.63971/spj.2024v01a13

Upcoming Content and Events:

The next few months are going to be very prolific for us. Starting very soon, we are going to begin:

Remember to click 'Continue Reading' or whatever.

You can download Perl Wiki V 1.29.

And you can play with the jsTree version V 1.00.

Also the corresponding Perl module is on CPAN as:
CPAN::MetaCurator V 1.00.
This converts the JSON file exported from Perl.Wiki into a HTML/jsTree managed version.

All three of us attended.

• We reviewed the perldelta entry for the CVE-2025-40909 patch, which has so far been blocking the security point releases. We reasoned out previous tentatively assumed necessary improvements to the text and ended up rejecting them and concluding that the text is perfectly adequate. The point releases can now go ahead.
• Philippe reported on the experience with the release process and thoughts on how to improve it and the release guide. Main takeways are that it would be useful to have a single source of truth for the version of Perl (e.g. for buildtoc) and that what we think of as the release process is really a procedure for performing a state transition on the repository, where the repository constitutes the input to makerel, and the state transition aims to trigger the correct change in the output of makerel.
• We initiated transition to next PSC and discussed preparations for passing on an agenda for continuity.

[P5P posting of this summary]

Caching in Perl using memcached.
Please check out the link for more information:
https://theweeklychallenge.org/blog/caching-using-memcached

At the latest German Perl Workshop I held a 40 min beginner- to mid level talk about Raku (slides). It was about the habits of Perl programmers that turn contra productive with this new language. This article is a summarizing recapitulation of the pitfalls minus the intro about the history of Raku, the zef ecosystem and some general knowledge - for all those who could not attend or don't speak German.

You know how many languages have a "pipe" operator, either ready or in the making? Like PHP, here, for example: https://laravel-news.com/the-pipe-operator-is-coming-to-php-85

Well, Perl v5.42 (almost) has that too! Check these examples:

$ perl -E 'say "Alexander"->&CORE::substr(1, 3);'
lex

$ perl -E 'say ","->&CORE::join(qw/ 10 20 30 /);'
10,20,30

I believe this would work with any user defined or imported subroutine too, instead of the core functions (there you get to omit the "CORE::").

I don't know everyone who is involved in maintaining MetaCPAN and I don't know all the details of the performance related issues that have been an ongoing challenge (I believe they have been related to relentless bots?).

In any case, this last week MetaCPAN seems to have been running flawlessly!

So rather than burying a thanks note in a github issue, I wanted to put a public thanks here to all the volunteers and sponsors that keep MetaCPAN (and CPAN) running.

Reproduce the vulnerability CVE-2025-40909 in an isolated Docker container running Perl v5.34.0.

The CFP is closed, but in order to attend the PCC virtually, please follow this link, https://www.meetup.com/austin-perl-mongers/events/305855419/.

We are asking for a $30 donation at sign-up, but you may email science@perlcommunity.org to inquire about a discounted or free code we have for non-profits and those in between jobs.

To sign up for our low-volume email list to get information about upcoming events, click here.

All three of us attended.

• The release is imminent while Chris Williams, who usually releases Module::CoreList, is temporarily absent. We were not all sure whether this would require any additional coordination. Phillipe had sent mail to clarify the situation. We concluded that there is no issue because CoreList is an outlier: it is not upstream-CPAN but neither is it upstream-blead, while nevertheless being maintained in core. A lagging CPAN release won’t be a problem, even though that’s not the usual sequence. In the event, Chris responded to the mail with assurance that he is available enough anyway.
• We coordinated further about the release, which is coming up the following week.
• Release blocker triage this week ended as it began: with no blockers.

[P5P posting of this summary]

I had the pleasure of attending The Perl & Raku Conference (TPRC) 2025 in Greenville, SC as a volunteer. As always, opinions are my own.

The Conference

The conference went quite well. Unfortunately, a major weather event disrupted flights across the US, particularly around Atlanta, causing travel issues for some attendees and speakers. This led to a few talk cancellations.

We adopted it by consolidating the two talk tracks into one. There was still a diverse range of topics, and judging by the audience reactions, some of the talks were very well received.

The conference was attended by 40-50 people.

Main Room

The Venue

The event was hosted at a Holiday Inn Express in Greenville, which turned out to be an excellent choice. The hotel was clean, recently renovated (following flood repairs last year), and very reasonably priced: $139 + tax per night for a suite. The staff were quite friendly and accommodating. It also proved to be a great low-cost venue for hosting a conference - more on that below.

Caching with Redis/Valkey using Perl.
Please check out the link for more information:
https://theweeklychallenge.org/blog/caching-in-perl

I had created the library in C as part of a bigger project to create a multithreaded and hardware (GPU, and soon TPU) accelerated library to manipulate fingerprints for text. At some point, I figured one can have fun vibe coding the interface to Perl. The first post in the series just dropped ; it provides the background, rationale, the prompt and the first output by Claude 3.7. Subsequent posts will critique the solution and document subsequent interactions with the chatbot.
Part 2 will be about the alienfile (a task that botched by the LLM). Suggestions for subsequent prompts welcome ; as I said this is a project whose C backend (except the TPU part) is nearly complete, so I am just having fun with the Perl part.

Paper and talk submissions will be accepted until July 01, 2025 18:59 CDT

• https://www.papercall.io/perlcommunity
• https://www.papercall.io/cfps/6270/submissions/new

In particular I'd like to invite anyone who regrets not submitting a talk to the TPRC or who has gotten bit by the speaking bug. You are welcome to give your talk remotely.

Graham couldn’t make it, so only Aristotle and Philippe this week.

• We discussed the structure of the feature.pm documentation and how unfeatures should be covered. Philippe has provided a first patch which extends the description of each unfeature with a note stating from which feature bundle onward it is disabled.
• Relesae blocker triage continues. The meeting began without any unresolved blockers and ended the same way.
• Philippe plans to ship 5.42.0-RC1 as soon as the last missing perldelta entries are in.

[P5P posting of this summary]

Comparative analysis of Storable and Sereal using Perl.
Please check out the link for more information:
https://theweeklychallenge.org/blog/serialisation-in-perl

Remember! Click Continue Reading to see all the text.

I am selling my villa unit and downsizing, probably in a month or so.
There may be a period when I am off-line.
In Australia villa unit means (usually) a stand-alone building in a small block of units.
I have 2-bedroom unit and am moving into a retirement (Yikes!) village to a 1-bedroom unit.
The are various reasons but one is this month I turned 75, much to my amazement and horror.
I still live independently, drive, have 2 miniature dogs, manage my own medicine, etc. So - all good ATM.
And yes, I am still programming. I more-or-less monthly release https://savage.net.au/misc/Perl.Wiki.html,
my curated compendium of Perl module, and I am slowly automating the creation of this wiki.
The next step will be to output the wiki as a jsTree (https://www.jstree.com/),
but moving - as you might know - consumes a lot of time.....

The Dancer Core Team is excitedly preparing a major release of Dancer2, 2.0.0. In advance of this, I'd like to give you all a preview of what to expect:

• A handful of bug fixes

• Customizable scrubber/censor engine (when dumping errors, etc. - a long requested feature)

• Remove Template::Tiny fork from core (Template::Tiny support remains, but ether graciously merged our customizations into Template::Tiny)

• Remove Dancer2::Template::Simple from the core of Dancer2

• New documentation, courtesy of a TPRF grant

• Removal of deprecated code (according to our deprecation policy)

• Official support for Perl 5.22 and newer

The following features are possible, but not likely for 2.0.0 (but maybe soon thereafter):

• Bring your own config engine (TOML, JSON, etc.)

• Using Throwable to produce errors

I'm estimating a release in the next 2-4 weeks. There are still a few bikesheds to paint, cats to herd, and yaks to shave.

If you have questions or feedback, we'd love to hear from you! Until then, keep Dancing, then Dance a little happier! :)

Jason/CromeDome

In the past, it took two years to merge my first PAUSE on Plack branch into the master and three years to merge the next PAUSE on Mojolicious (actually, two years to deploy and another year to merge). Now the question was: how long would it take to merge the next big thing, multifactor authentication for PAUSE? Two years, three years, or maybe four years this time? I already had a two-year-old draft branch and initially wished to merge it this year. However, things went differently.