These are some answers to the Week 277, Task 1, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on July 14, 2024, known in France as Bastille Day, at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 1: Count Common

You are given two arrays of strings, @words1 and @words2.

Write a script to return the count of words that appears in both arrays exactly once.

Example 1

Input: @words1 = ("Perl", "is", "my", "friend")
       @words2 = ("Perl", "and", "Raku", "are", "friend")
Output: 2

The words "Perl" and "friend" appear once in each array.

Example 2

The three of us met, and:

• merged the deëxperiment PR
• agreed we should additionally discuss if the now-stable features (try, extra_paired_delimiters) should be included in the :5.40 feature bundle
• reported feedback from PPC implementors, which can be summarized as “life happened, will get back to work soon”
• continued to triage latest reported bugs and look for release blockers (Currently we have 8 potential blockers, though 2 are easy documentation fixes)

If you have been following along with the efforts to add a Science Track to the TPRC, now is the time to seriously consider submitting a peer reviewed paper. The TPRC Call for Papers has opened with information on submitting to any of the 3 tracks. Note that the science papers are submitted to the Perl Community's Science Perl website, which is linked in the TPRC's announcement.

Repost from, https://news.perlfoundation.org/post/cfp2024

You can submit your talk Ideas at https://tprc.us/talks Talk submission deadline is April 5th, Midnight UTC. Talks must be given live and in-person. If you are looking for any talk ideas, try out the conference wiki.

New this year, we are accepting submissions for a peer reviewed Science track. Those talks should be submitted at https://science.perlcommunity.org/

Visit the TPRC 2024 website at https://tprc.us/ Follow us on Twitter: @PerlConferences Like us on Facebook: The Perl Foundation (@tpf.perl) Subscribe to the mailing list: https://tprc.us/subscribe

Any questions about the Science Track should be directed to "science at perlcommunity.org" or visit us at #science on irc.perl.org.

Looking forward to seeing all the submissions!

Cheers,

Brett Estrade (OODLER)

Chairman, Science Perl Committee

Crypt::Passphrase

Crypt::Passphrase is a module for managing passwords. It allows you to separate policy and mechanism, meaning that the code that polices authorization doesn’t have to know anything about what algorithms are used behind the screen, and vice-versa; thus making for a cryptographically agile system.

It’s not only handling the technical details of password hashes for you but also it deals with a variety of schemes. It’s especially useful for transitioning between them.

A configuration might look like this (Koha):

These are some answers to the Week 276, Task 2, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on July 7, 2024 at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 2: Maximum Frequency

You are given an array of positive integers, @ints.

Write a script to return the total number of elements in the given array which have the highest frequency.

Example 1

Input: @ints = (1, 2, 2, 4, 1, 5)
Ouput: 4

The maximum frequency is 2.
The elements 1 and 2 has the maximum frequency.

Example 2

日本のYAPCに参加したのは18年ぶり2度目。

イベント参加者として

• 世界一成功しているYAPCであるYAPC::Japanの運営を見習うためにボランティアで参加させてもらった。一般参加者の切符を買いますと言ったのだが、主催のkobakenさんに固辞された。神のようなお方
• YAPCという名前はやはり良い

ボランティアとして

• 朝7:30に集合だった。早めの行動をしようと7:25に着いたらほとんどのスタッフがすでに到着していた。アメリカではありえない
• メインは部屋の進行係。さらに登壇者向けの受付という重大な任務もまかされて光栄です

TPFの人間として

• 運営の方がTPFへの寄付を繰り返し呼びかけてくれて、さらに受付でも寄付コーナーを設置してくれてお礼の申しようもない https://blog.yapcjapan.org/entry/2024/02/10/100000
• もちろん、寄付をしてくださった方にも本当に感謝している

トークについて

• ボランティアをしていたのでほとんど聞いていない。あとで録画を見る
• 広島のYAPCのキーノートを誰にしてもらうかという疑問に対して、とほほさんというパーフェクトな答えを出した運営チームは偉すぎる
• 私がこのコミュニティに入る前から登壇していてまぶしい存在だったcharsbarさんとtakesakoさんのトークをまた見られてありがたかった。かるぱねるらさんが同じようなことを書いている。https://x.com/karupanerura/status/1756575196369260893
• ずっと前から有名人という点ではmalaさんのトークが聞けてよかった。タイムリーでYAPCにぴったりな内容。弾さんのトークは聞き逃した
• もちろん新しい登壇者が半分以上で、それもいいこと
• YAYAPCはYAPC以上に良かった。録画とSNS公開が禁止のトークは実に面白い
• 私のトークは過去に20分でやったものを5分に圧縮した。ボーナススライドは時間が余れば見せようかと思っていたところまったく無理だった。内容は「日本発のPerlのスローガンを提案する」だった

アメリカのカンファレンス主催側の者として

• 日本のYAPCが米国のYAPC（最近はTPRCという）より規模が大きいのは、人口が世界一の都市である東京で開催するからだというのがかつての通説だった。その後YAPC::Japanチームは東京から飛び出して他の都市でも世界一大きいなYAPCができるのだということを証明した
• YAPC::Japanがなぜこれだけ人が集められるかというというのは別記事で長い考察が必要だが、毎年来る人でも10年に一度しか来ない人でも初参加者でも楽しめるイベントであるのは事実
• スケジュール通りにトークが進行するのは素晴らしい。あれは、参加者が開始前に着席していないと無理。日本人がどうやって5分の休憩時間で遅れなく部屋を移動するのかは謎
• YAPC::Hiroshimaの広報は優秀
• YAYAPCでkobakenさんが少しだけ言っていたように、自分は客だという気持ちの入場者がいるのは残念。チケットの売り上げでは全然赤字なのがYAPCなので、一般入場者はお客様ではないのです（これは私の意見）

まとめ

• 家から広島の会場まで最短でも24時間かかるので移動は大変だったがその価値はあった
• また来たい

A longer version of this post, including the full timeline as we know it, is available at security.metacpan.org

Between Dec 2023 and Jan 2024, vulnerabilities in Spreadsheet::ParseExcel and Spreadsheet::ParseXLSX were reported to the CPAN Security Group (CPANSec).  This document describes the timeline and analysis of events.

CVE-2023-7101: Spreadsheet::ParseExcel arbitrary code execution vulnerability

Đình Hải Lê discovered an arbitrary code execution (ACE) vulnerability in the Perl module Spreadsheet::ParseExcel, version 0.65 and earlier.

An attacker, exploiting this vulnerability, would craft an Excel file containing malicious code encoded as a number format string, which is executed when the file is parsed by Spreadsheet::ParseExcel.  Basically, untrusted data is passed to the Perl eval function enabling arbitrary code execution. A detailed write up of the vulnerability and Proof of Concept (PoC) is available at https://github.com/haile01/perl_spreadsheet_excel_rce_poc

After three years of not organising and one successful PTS in Lyon last year, we might have become a bit complacent and forgotten how taxing organizing an event is... After a very slow preparation, we are very pleased to announce the fourteenth edition of the Perl Toolchain Summit!

In 2024, we will be meeting in Lisbon, Portugal, from Wednesday April 25 to Sunday April 28. As has become customary, participants will stay at the hotel, and work in the meeting rooms dedicated for the event.

These are some answers to the Week 275, Task 2, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Task 2: Replace Digits

You are given an alphanumeric string, $str, where each character is either a letter or a digit.

Write a script to replace each digit in the given string with the value of the previous letter plus (digit) places.

Example 1

Input: $str = 'a1c1e1'
Ouput: 'abcdef'

shift('a', 1) => 'b'
shift('c', 1) => 'd'
shift('e', 1) => 'f'

Example 2

This week, the three of us:

• noted that use VERSION restrictions have had mostly positive responses
• thought that Data::Printer can’t go in core as-is, but there’s a use case for a debugging helper, some of which might be hidden in D:P’s core
• discussed adding a builtin::numify function (and the corresponding OP in core)
• quickly reviewed the PPCs currently being implemented:
  • we should ping the implementors of PPC0014 (English names) and PPC0021 (optional chaining)
  • PPC0022 (meta) has an implementation on CPAN
  • PPC0019 (qt strings) implementation is in progress, but unlikely to be done by 5.40
  • PPC0013 (overload in join) is currently stalled

Get ready for a night of code, community, and culinary delights at the TPRF Sponsored Dinner during FOSDEM! 🍽️✨ Join us on Saturday, February 3rd, for a three-course feast and vibrant conversations.

📅 When: Saturday February 3rd, evening

📍 Where: Bruxelles

🎉 What's Cooking: An unforgettable evening filled with tech talks, networking, and delicious bites!

🤩 How to Join:
RSVP now by filling in this form below and secure your spot! Let's make this dinner a celebration of code and camaraderie.

Google Forms

February 08, 6pm CT ~ Houston Perl Mongers Zoom Meeting 🔗 Thu Jan 25 2024
Title: Using Perl Prototypes

When: Thur February 8th at 6:00-8:00 PM CT (+6 UTC)

Where: (virtual, see below):

https://us02web.zoom.us/j/920069702
Meeting ID: 920 069 702
Password can be found by running this statement.
perl -e 'print +(0b1000100).((3<<2)*10).(010)."\n"' # 681208
Original post:
https://houstonperlmongers.org/posts/3a99ac5b-f9f9-4409-a38c-e9ef91d972c8

These are some answers to the Week 274, Task 1, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on June 23, 2024 at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 1: Goat Latin

You are given a sentence, $sentance.

Write a script to convert the given sentence to Goat Latin, a made up language similar to Pig Latin.

Rules for Goat Latin:

1) If a word begins with a vowel ("a", "e", "i", "o", "u"), append "ma" to the end of the word. 2) If a word begins with consonant i.e. not a vowel, remove first letter and append it to the end then add "ma". 3) Add letter "a" to the end of first word in the sentence, "aa" to the second word, etc etc.

Example 1

Just me and Graham this week.

• builtin::nan needs better documentation on the kind of NaN it provides.
• We discussed lots about builtin and lexical imports, and how to handle a few odd cornercases.
• Perl 5.39.7 is now out; we need to work out the schedule for the final few devel releases and the real thing in May.

2023 was a rather productive year for me on CPAN. Aided by taking some time off I managed to release a whopping 18 new modules.

Passwords

• Crypt::HSM
• Crypt::Passphrase::Argon2::AES
• Crypt::Passphrase::Argon2::HSM
• Crypt::Passphrase::Linux
• Crypt::Passphrase::Pepper::HSM
• Crypt::Passphrase::Yescrypt
• Crypt::Yescrypt
• DBIx::Class::CryptColumn
• Mojolicious::Plugin::Passphrase

Half of my new modules were related to my password framework Crypt::Passphrase. To be honest most of them are either small (± 100 LOC) glue two or three other pieces of code together. And then there was Crypt::HSM, a PKCS11 interface (to use cryptographic hardware without exposing cryptographic keys) that was probably more work (2600 LOC of XS) than the others combined.

Most of this was with the aim to add peppering support to Crypt::Passphrase, a subject extensive enough that I should probably dedicate a separate blogpost to it.

I missed last year but in 2024 I'm doing a dev release of Perl again. This time it is version 5.39.7.
And again, you can watch it live on Saturday 20th of January on Twitch.

These are some answers to the Week 273, Task 2, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on June 16, 2024 at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 2: B After A

You are given a string, $str.

Write a script to return true if there is at least one b, and no a appears after the first b.

Example 1

Input: $str = "aabb"
Output: true

Example 2

Input: $str = "abab"
Output: false

Example 3

Input: $str = "aaa"
Output: false

• We’ll chase up current implementors of outstanding PPCs to see what progress is
• Reviewed the new bugs since last review. One new potential blocker - 22121
• Reviewed a first draft of a “Perl Roadmap” presentation that might be given at PTS

Well, not actually wrong, just slow. But the exaggeration makes a punchier headline, you’ll admit.

This comes up when an interface takes a pattern to match things against. Sometimes you have some reason to want this match to always fail, so you want to pass a pattern which will never match. The customary way of doing this is to pass qr/(?!)/. There is a problem with that, though.

I’m not talking here about the fact that if possible, you really don’t want to pass an actual qr object. We’ve already covered that. It was a surprising enough discovery that I’ll take this opportunity to signal-boost that while we’re here, but this article is not about that.

We are happy to announce that Geizhals Preisvergleich supports the German Perl Workshop in 2024!