This week in PSC (175) | 2025-01-09

Three of us again. Aristotle had limited time, Philippe and Graham stayed longer.

Add a security policy to your distributions

Adding a SECURITY or SECURITY.md file to your Perl distributions will let people know:

  1. How to contact the maintainers if they find a security issue with your software
  2. What software will be supported for security issues

The contact point is very important for modules that have been around for a long time and have had several authors over the years. When there is a long list of maintainers, it's not clear who to contact.

You don't want people reporting security vulnerabilities in public on the RT or GitHub issues for your project, nor do you want a post on IRC, Reddit or social media about it.

If your software is on GitHub, you can set up private vulnerability reporting. GitLab has a similar system.

Otherwise, a single email address is acceptable. An alias that forwards to all of the maintainers or at the very least, a single maintainer who has agreed to that role will work.

Good File Structure

I know, thinking about where to put what in a code file sounds lame to most artisan hero's that fly by intuition, but I find it actually helpful. Here my article about it on dev.to and you can tell its written with Perl in mind. I just wanted to publish outside to reach more people and maybe even bring some in.

Updated Wikis: Debian V 1.05, Mojolicious V 1.02, Perl 1.21

Simplest is if you go to my homepage and follow the links to my Debian and Perl pages.

Note: The Debian and Mojolicious updates are minor, but a lot of changes are in the Perl wiki.

This week in PSC (174) | 2025-01-02

Just Aristotle and Graham for our first meeting of the new year. Not much progress since the last one due to Christmas, New Year’s, sickness, and other personal circumstances. We discussed our framing of the version bump, the timeline for a decision, and the fact that constraints push us toward a dummy .0 third version component as the simplest way forward.

[P5P posting of this summary]

Please keep your information up-to-date

Some end of year reminders for CPAN Authors:

Do all of your modules have up-to-date contact information? If not, please release new versions with an updated email address in the AUTHOR section.

(And while you're at it, why not add a security policy to your distribution, so that people know how and where to report a security issue with your module.)

If you have a cpan.org email alias, does it forward to the correct email address?

And most importantly, if you are taking time away from maintaining Perl modules, please add ADOPTME or NEEDHELP as co-maintainers to mark your modules as available.

Thanks, and best wishes for 2025.

Foswiki 2.1.9 is released

We are delighted to announce the new release, which includes 57 significant bug fixes compared to the previous 2.1.8 version. This update addresses a range of important issues and enhances the overall stability and performance.

FoswikisLatest_8.png

More details at https://blog.foswiki.org/Blog/Foswiki219IsReleased

PCC Winter '24 Follow-Up - Summer PCC Dates Announced!

coffee2_e836892a-6431-40cf-aebf-d0b4eea57547-2852573895.png

Next PCC: July 3-4, 2025 in Austin, Texas USA

See entire the post to learn about our future plans, in perpetuity.

The very first Perl Community Conference was a tremendous success thanks to everyone of you authors and speakers. Many thanks to PCC Co-Organizer Will "The Chill" Braswell, our friends at the Diogenes Hackerspace (in Austin, Texas), and all the participants both online and in person! We'll be following up soon about posting the videos. The next stage will be editing and publishing Issue #2 of the Science Perl Journal. The schedule from the Winter'24 PCC should be a clue about some of its contents. We have discussed offering a "Letters to the Editor" section to address feedback from friends and foes alike. More on this will be announced in future posts.

Future Plans in Perpetuity

Objective Decisions

Prioritisation of Panic

Let me start off by asking the folk on this platform one question. Imagine a scenario that you had lost something important with multiple potential negative consequences. For instance losing a bunch of keys including your car keys, your house keys, your changing room locker keys and a USB stick. What would be the greatest cause for alarm? I suspect that while there may be many possible answers aligned with each individual’s life priorities, the real men in this group know that the most feared is the reaction following the revelation to the wife. For while any calamitous occurrence may be approached objectively, with rationality, reflection and hopefully recovery, this particularly troublesome phase involves heightened emotions, reactivating Mrs Saif’s indelible memories of my many past failings. Objectivity, while desirable in principle, has to deal with such a tainted history.

London Perl & Raku Workshop 2025 + 2024 Feedback

Do you want LPW to happen again in 2025? Then you need to make it happen. You need to start thinking about this now. After Lee's closing talk, which detailed how organisation of the 2024 workshop worked and effectively put out a call for organisers for the future, a small number of attendees hinted they would be able to help out in one way or another. For that we are grateful.

However there is no core organising team yet for 2025. Someone, ideally two or three people, need to step up and explicitly say "we are going to organise LPW 2025". If you need help around any of this then we (the 2024 organisers) can guide you. The TPRF have also said they would like to explore how to support LPW 2025 and welcome potential organisers to join the monthly community meeting to discuss this.

Failing that LPW will be going on an indefinite hiatus again.

Cosmoshop supports the German Perl/Raku-Workshop

We are happy to announce that CosmoShop supports the German Perl/Raku-Workshop.

CosmoShop is the largest pure Perl based shop system.

Since 1997, we have been implementing sophisticated and individual eCommerce projects in the B2B sector with our specially developed store software. We are the central point of contact for the entire spectrum.

This Week! Perl Community Conference, Winter 2024 - Schedule Posted

pcc w24.png

Happy birthday Perl!

The Perl Community Conference is a hybrid in-person-and-online event held on December 18th from 10:30a-4:00p CST, Perl's 37th birthday, featuring talks from the world's top Perl programmers and community members. Topics include artificial intelligence, bioinformatics, web applications, chemometrics, genetics, data science, high performance computing, ethics, and much more!

Wide character (U+XXXX) in substitution (s///)

There is a “use locale” somewhere in the code you are running.

PPI Signatures Trial Release - Feedback Requested

SYNOPSIS

I have just released a trial version of PPI that includes the first shot at support for Perl signatures. After installing it, you can access this feature in the following ways.

For users of perlcritic and other PPI consumers:

  • include use 5.035; or higher in your code
  • include use feature 'signatures'; in your code
  • include a known signatures-enable strictures modules from CPAN in your code, e.g. Mojolicious::Lite, Modern::Perl
  • if you enable signatures via a custom strictures module, declare it via %ENV: PPI_CUSTOM_FEATURE_INCLUDES='{MyStrict=>{signatures=>1}}' perlcritic Work.pm

For consumers of PPI, in addition to the above:

  • enable recognition of custom parsing feature modules via: PPI::Document->new( custom_feature_includes => ... )
  • enable the custom parsing feature for the entire document via: PPI::Document->new( feature_mods => ... )
  • enable complex parsing of calls to module includes via: PPI::Document->new( custom_feature_include_cb => ... )
  • query enabled features via ::Element->presumed_features

In a similar way as signatures, the core try feature is also recognized.

TODO

Live-streaming Perl 5.41.7 development release

I skipped 2023 but in 2024 I'm actually doing two dev releases of Perl again. This time it is version 5.41.7.
And again, you can watch it live on Friday 20th of December on Twitch.

Multiple Inheritance vs Role

https://theweeklychallenge.org/blog/mi-vs-role

I wish Mojo::UserAgent could be made to not visit private IPs

Someone wanting to make a social media site (such as a Mastodon server & web client for example) will want to allow its users to post URLs, for which previews will be shown in their posts.

These posts will be visited by a UserAgent, but there is the risk that a private IP (disguised as a FQDN hostname that resolves to it) will be in the URL's host, and that might cause security issues.

I could use LWP::ParanoidAgent, but then I'd have to fork a process to make the whole thing async, like a good Mojolicious site will be, and too many processes running can be a problem. Also I'd be missing on the many Roles that exist for Mojo::Useragent.

So I opened this issue on Mojolicious's github wishing for a solution.

London Perl & Raku Workshop 2024: Recordings & Thoughts

Recordings of all talks from this year's London Perl & Raku Workshop are now available on YouTube: https://www.youtube.com/playlist?list=PLxNdCz2kBhVlzbVFcjwY6GkQf4zBhvwFn.

The sound quality of the recordings is not fantastic. We had some sort of issue that I've tried to fix in post. However, the auto generated captions by YouTube tend to be pretty good these days, so enable those if you have any problems understanding the speaker.

I go into the details a bit more about this in a personal blog post about the event, and how much effort is involved in trying to create the recordings, amongst other things.

Thanks to this year's sponsors, without whom LPW would not have happened:

Perl Weekly Challenge 293: Similar Dominoes

These are some answers to the Week 293, Task 1, of the Perl Weekly Challenge organized by Mohammad S. Anwar.

Spoiler Alert: This weekly challenge deadline is due in a few days from now (on November 3, 2024, at 23:59). This blog post provides some solutions to this challenge. Please don’t read on if you intend to complete the challenge on your own.

Task 1:

You are given a list of dominoes, @dominoes.

Write a script to return the number of dominoes that are similar to any other domino.

$dominoes[i] = [a, b] and $dominoes[j] = [c, d] are same if either (a = c and b = d) or (a = d and b = c).

Example 1

Input: @dominoes = ([1, 3], [3, 1], [2, 4], [6, 8])
Output: 2

Similar Dominoes: $dominoes[0], $dominoes[1]

Example 2

LPW 2024

I was one of the organisers of the London Perl and Raku Workshop 2024, which happened last weekend. I've written about my own personal experience of this conference over on my personal blog.

About blogs.perl.org

blogs.perl.org is a common blogging platform for the Perl community. Written in Perl with a graphic design donated by Six Apart, Ltd.