Michael Peters will be giving a talk at YAPC::NA 2012 described as:
Security is important in any programming environment but programming for the web has some unique possibilities and hazards. Most web programmers have little to no training in security and lots of web development is done by people who don’t wear a full-time developer hat. Add to this the fact that bad security on a web project can have very public, very embarassing, and sometimes legal consequences.
This talk will walk through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We’ll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you’re an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.
To those who have noted that
Marpa::XS
does not come with a lexer,
I'd respond that,
in a very real sense it does --
Perl.
Perl5 is a powerful lexical analyzer.
Especially nice-looking is Wolfgang's lexer.
Wolfgang follows one of the two
main strategies for lexical analysis in
Perl:
he consumes the input using substitution
(
s/ ... / ... /
) commands.
The other strategy is to use the Perl regex search position
to track the progress of the lexical analysis.
In the search-position strategy,
your cases consist of a lot of
match commands using the
\G
anchor
and the
gc
modifier:
m/\G ... /gc
.
An excellent tutorial on this
kind of lexing,
albeit in a non-Marpa context,
can be found in
Mark Jason Dominus's book,
Higher Order Perl
For the past two days, I've been downloading Ruby conference talks from this wonderful site and watching them on my Samsung Galaxy S Wifi. I recommend all you guys to take a look too, lots and lots of videos there. I wish more Perl talks were available online and of similar recording/encoding quality, but I digress.
I am currently particularly interested in the API design talks. This one from Anthony Eden is one of the better ones: not too long, presents simple things to remember, and comes with concrete examples.
I dabbled a bit in Ruby a few years ago, but never knew that Ruby's Net::HTTP library is so whacky. I wonder why they didn't just copy the LWP interface, the way they also copied DBI's and several other Perl features. LWP has been doing the right thing since the 1990's. The more recent Ruby HTTP libraries like Typhoeus and Faraday are saner, and they mimick LWP to some significant extent. Too many "cute" names though, the slides got the Typhoeus name wrong BTW :)
A couple days ago I released Module::UseFrom and I asked Schwern for his comments since it was addressing an issue that I knew he was very familiar with.
In response to his concern that the interface is overly complicated and strays from the known use interface, I really had to examine what I was doing, why, and how best to accomplish it. Most importantly I followed his suggestion to create a separate use_if_available function (exported on request) rather than using flags to use_from.
In the end I needed tidier cleanup from a no-op use_if_available and I needed some way to inform the user whether or not the module had been loaded (without being able to tuck it into a hash). The former was accomplished by injecting a no-op subroutine to catch import parameters intended for the not-available module. The latter involved using the rarely seen dualvar to tuck the module version into the number slot of the original scalar (I thought that was rather cute).
I have released 0.02 which provides this greatly simplified interface and since I’m sure nobody jumped out to use 0.01 in a mission-critical way, I will remove it from CPAN as soon as 0.02 posts.
Special thanks to Schwern for his comments. I welcome yours if you have any.
John Napiorkowski will be giving a talk at YAPC::NA 2012 described as:
In Q4 2011 I taught an eight session class about Modern Perl, which was primarily aimed at people that are new to Perl but wanted to learn.
This is a presentation about what I learned from my students during that class. I will review what they loved as well as what they found difficult. The goal of my presentation will be to help those who want to teach Perl for fun and advocacy learn from my experience. Additionally I think that the community can really benefit from understanding what is on the minds of people new to Perl.
Wow, the new year starts with a lot of collaboration!
Today I got two IRC messages from people who added features / fixed bugs in two of my CPAN modules. Only now I had the time to take a closer look at the requests, merge them and push the new version to CPAN and github.
You can read more about the new version of App::TimeTracker in the App::TimeTracker Blog (Thanks, plu)
CPAN::Mini::FromList is a rather old dist I hacked up during the Oslo QA Hackathon, and it seems that it's still in use up there, as Salve submitted a patch that I just had to merge and than `dzil build`.
Only slightly related: A big THANK YOU is also due to the nice members of the #catalyst IRC channel, who (again) answered my question in no time.
One of the CPAN testers appears to have picked up that there's a new Test::Builder... Test::More::Prefix knew a little too much about how the old one worked, so there's a new version that handles whichever you have installed...
New Test::BDD::Cucumber
Which worries me that the new Test::BDD::Cucumber, which has loads of fixes, and now passes the core parts of the Cucumber TCK suite, may need a bit of wrangling to work with it...
Automatic generation of Cucumber from code
And if you're in the last bit interested in Cucumber, you might find my article on generating Cucumber automatically from code blocks interesting...
Joel Berger will give a talk at YAPC::NA 2012 described as:
I am no expert in XS, nor am I am expert in C, but events conspired to force me to learn. What I found is that while XS can be used as a language all its own, it can also look and feel very much like C.
In this talk I will present a minimal subset of XS needed to get started. I will present some “easy” idioms and rules-of-thumb to keep XS from becoming overwhelming. Best of all, its still real XS, so you can add all the full-power XS you want later!
If you would like to learn enough to start a small XS project, come see this talk.
Because people keep asking for it, I asked Wrox if it was OK to share the table of contents and they said "sure!".
Please note that this is in flux. Chapters 1 through 7 are written, along with most of Chapter 8. Everything after that is very much subject to change (which is why the TOC isn't even formatted for those chapters). Also, you'll note the lack of Unicode. That was going to be in Chapter 7, but I've moved it to Chapter 9 and haven't update the table of contents yet.
For some weeks I now have my Perl benchmarking ready.
It is a whole little infrastructure, based on Tapper and Codespeed, an own not regularly updated CPAN mirror (to keep dependencies stable), and a dedicated benchmark machine.
The second server (perl64.org: 6 core AMD Opteron 4180, Debian/Squeeze)
is dedicated to only run benchmarks, without any disruption from email, web,
or other services. I also took care of disabling all OS features that typically lead to deviation, like ASLR and Core Performance Boost.
We will be having a Perl Foundation Party at YAPC::NA 2012 this year. At the banquet we’ll hand out clubbing shirts. They light up and animate like the image above. That will be your ticket to get into the party.
The party itself will be hosted a few blocks away at a nightclub called Segredo. If you show up wearing the shirt we’ll let you in to the VIP lounge where you can get your first few drinks for free!
This party is being sponsored by a donor who would like to remain nameless. However, they’d like to encourage you to give generously to the Perl Foundation.
So what do you do when you need to load a module from a string? Do you do eval "require $module"? Well as many of you may have read, that is How (not) to Load a Module. This mechanism is unsafe in certain situations, but sadly there hasn’t been a good answer for it.
What do you do when you want to load a module only if it is installed, or only if it is of a certain version or higher (without dieing). Of course there are eval ways around that too, but could they be easier?
This post announces Module::UseFrom, which lets you do all of these things. But it gets better! All of these actions are done using the much safer bareword form of use, accomplishes this at compile time, and does it without any evals[1]!
It does all this using Devel::Declare to inspect a package variable in your module and inject a bareword use statement. This means that it avoid most (all?) of the problems Schwern’s post (above); if it fails to create the right statement, perl (yes lowercase) dies on the use Bareword::Module statement.
Jason May will give a talk at YAPC::NA 2012 described as:
This talk will introduce common ways of using Perl to have processes communicate to each other. It will cover things like how to communicate between parent/child processes and between completely separate processes, whether it is on the same host or a different one. It will also cover libraries and tools that facilitate building and testing these aspects, such as Reflex, AnyEvent, and netcat.
Common examples that are applicable to each aspect of the talk will be discussed, such as coordinating processing information in parallel, working with job queues, and establishing gateways. Demonstrations, useful references, and caveats will be provided along the way.
The "Learning Perl, 6th edition" book review had the distinction of being iProgrammer's most popular review of 2011, between more than 250 reviews on a vast variety of subjects with thousands of reads each, but the Perl review reached top spot with 10,800 reads (figure untill 29/12/2011)
The benefit is that it exposed the language to a wide audience, since the site appeals to a general programming public from C# to Javascript, therefore I do hope that it managed to attract "new blood" and/or converts !
Our silence regarding the progress and especially
the venue location and conference dates is owed to the restrictions of
the planned venue which explicitly forbids mentioning the date and
place before the contract is signed by both parties.
We didn't keep up with the post frequency after the first blog posts,
but as the contract should be signed at the start of January 2012, you
should see more frequent updates from us again. We can't promise to compete with the excellent communication of YAPC::NA 2012 though.
We wish you a good start in 2012 and hope to see you in Frankfurt!
I read Schwern’s post How (not) To Load a Module just as I was wanting to dynamically load different Module::Build subclasses for different OSes. It struck me just as odd as it seems to for everyone that use-ing a module from a string should be so hard.
In my spare time, I have been working on some use problems using Devel::Declare and it gives some intersting hope here. Preliminarily I am calling it UseX::Declare but hopefully someone will come up with something better. Basically it provides a function called use_from which acts like:
use UseX::Declare;
BEGIN {
our $var = 'Net::FTP';
}
use_from $var;
Through the magic of Devel::Declare, the parser sees:
