blogs.perl.org

Happy Friday, this is my first hand experience with AWS Bedrock.
Please check out the link for more information:
https://theweeklychallenge.org/blog/aws-bedrock

All three of us attended.

• Release blocker triage continues. Several more blockers have been resolved. We identified no blockers among new tickets but did consider #23346 and may ship it even if we do not consider it a blocker.
• We discussed some feedback regarding the fix for CVE-2025-40909 and requested that the patch be amended. A perldelta entry is also missing before we can ship the security releases.
• We discussed who will do then stable release and when. RC1 will be published by Philippe Bruhat on June 20th.
• We went over the scalar-context pair constructor proposal. Changing the fat arrow in general is out of the question and we don’t think any other proposal is likely to work.
• We went over the 2-arg open proposal. It seems mostly trivial to do and worthwhile as well, but the real complexity is in the implicit open done by readline. We will outline our thoughts on the thread.

[P5P posting of this summary]

This post is adapted from my notes and recollection of the welcome speech I gave on the morning of Thursday May 1st, 2025, just before the initial stand-up.

This post is brought to you by Booking.com, the Diamond sponsor for the Perl Toolchain Summit 2025.

Booking.com is proud to sponsor the 2025 Perl Toolchain Summit as Perl continues to be a vital piece of our technology stack. We continue to rely on the Perl platform and tooling to serve millions of customers every day, helping them experience the world. Other than our interest in the evolution and modernization of the platform and tooling, the PTS is also a great opportunity to connect with the larger community and share learnings about how other companies and projects are tackling the challenges of working with Perl at scale (talking about both in systems and teams scalability), and how Perl fits an ever-changing and diverse technological landscape in other organizations.

You can learn more about Booking.com at the end of this article.

Continue with the blog series, in this post, I am talking about AWS KMS Encryption.
Please check out the link for more information:
https://theweeklychallenge.org/blog/aws-kms-encryption

We were all present.

• The status of smartmatch came up. It is in a weird position where it used to be part of the language, then was retroactively declared an experiment, then deprecated and slated for removal, and now it’s no longer being removed – in fact we’ve added a feature for it, and not an experimental one either. The bottom line is that it’s not deprecated any more and not experimental either, but is now just a negative feature like indirect and multidimensional: it’s a mistake we made that will remain part of older language versions but will not be included in future feature bundles.
• Release blocker triage continues as ever. Quite a few new issues came in recently, of which we identified two issues and one pull request as blockers. One of the issues and the PR pertain to the documentation of the status of smartmatch; we expect that there may be more inconsistencies in the documentation which will need to be ironed out.

[P5P posting of this summary]

So, what exactly is a Readonly variable in Perl? A readonly variable is one that, once assigned a value, cannot be changed. Any attempt to modify it will trigger a runtime error. This mechanism enforces immutability, ensuring that critical values remain untouched and are protected from accidental or unauthorised alterations.

I was inspired by Daniel Stenberg's recent article Detecting malicious Unicode to write Test::MixedScripts, which tests Perl source code and other text files for unexpected Unicode scripts.

Why should you care about this?

There are Unicode characters in different scripts (alphabets) that look similar and are easily confused.

A malicious person could replace a domain name or other important token with one that looks correct, for is associated with a host or other resource that they control.

Consider the two domain names, "оnе.example.com" and "one.example.com". They look indistinguishable in many fonts, but the first one has Cyrillic letters.

Confusing Unicode might be added to your codebase through a malicious patch submission or pull request. Or it could be added as text from an email or web page that you copied and pasted into your code.

The module is easy to use, and defaults to testing for Latin and Common characters:

AWS S3 Encryption isn't as complex as I thought initially. I had fun playing with it. You can give it a try too. Please check out the link below for more information.
https://theweeklychallenge.org/blog/aws-s3-encryption

This extended meeting took place between the three of us in person over several days at the PTS 2025 in the beautiful city of Leipzig.

Over the past year, I’ve been self-studying XS and have now decided to share my learning journey through a series of blog posts. This eighth post introduces you to Perl regular expressions in XS.

Returning from the 27th installment of the German Perl or Perl/Raku Workshop, this time in Munich, I'd like to share some impressions.

Re-creating CVE-2024-56406 using docker container with affected Perl versions.
Please check out the link below for more information.
https://theweeklychallenge.org/blog/cve-2024-56406

A week ago I attended the 2025 PTS. For me it was a different PTS than the previous ones.

Firstly because it was my first PTS without Abe Timmerman. He was a regular in both the PTS (as maintainer of Test::Smoke), and of the Amsterdam Perl Mongers. In fact the last time I saw him was on our flight back to Amsterdam after the PTS in Lisbon last year. He was greatly missed.

Secondly, because of a question that Book asked at the very beginning of the PTS: how often we had been to the PTS before. I was one of the few who had attended more than 10 of them. Combined with the fact that several other regular attendees couldn't make it that meant that this PTS I spent more time than ever on helping others with various issues.

This is a hybrid (in-person and virtual) conference being held in Austin, TX on July 3rd-4th.

Did you miss your chance to speak or have wish to speak at the only available Perl Science Track (and get published in the Science Perl Journal)? Or maybe you just can't get enough Perl this summer??? Submit here ... or get more information on the PCC, including registration, special event registration, and donation links click here. For questions you may email us at science@perlcommunity.org or find us in the Perl Applications & Algorithms discord server.

The following lengths will be accepted for publication and presentation:

• Science Perl Track: Full length paper (10-36 pages, 50 minute speaker slot)
• Science Perl Track: Short paper (2-9 pages, 20 minute speaker slot)
• Science Perl Track: Extended Abstract (1 page, 5 minute lightning talk slot)
• Normal Perl Track (45 minute speaker slot, no paper required)

You may ask, where is the Winter SPJ or videos? We are working on them, promise! (it's a lot of work as some of you know. See also on Perlmonks and r/perlcommunity.

Perl Toolchain Summit 2025, my first time, thanks to the organisers.
Here is my event report: https://theweeklychallenge.org/blog/pts-2025

A Futility Closet post references a Perl "poem" over two decades old. I remember chuckling at it when it first appeared. Although it was published "anonymously", I'm pretty sure I know who wrote it. :)

Over the past year, I’ve been self-studying XS and have now decided to share my learning journey through a series of blog posts. This sixth post introduces you to subroutine invocation in XS.

Just Aristotle and Graham this week.

• This week CVE-2025-40909 was assigned, for an issue we were already tracking (GH #23010). We coordinated during the week to get a fix merged (GH #23019) before 5.41.13. Thanks to Vincent Lefèvre for the report and Leon Timmermans for the fix. During the meeting we discussed getting out security releases for this soon.
• We caught up on release blocker triage. We are tentatively all clear: all previously identified release blockers are now resolved, and there were no new blockers in recent issues and pull requests – except possibly a 32-bit Windows build issue we are not yet certain about. We are keeping an eye on that.

[P5P posting of this summary]