Perl Archives

July 10, 2007

July 9th, 2007 - New TPF Community Relations Leader

After four years of excellent (and often thankless) work behind the scenes of pm.org, Dave Cross has decided to step down and take a well-deserved rest. Thanks, Dave!

Stepping into Dave's role is José Castro, already well-known to many in our community as cog. José will be leading a team charged with helping to establish and nurture Perl Mongers groups throughout the world.

There are already a number of projects under way, and several more in the planning stages, but José and his team want to hear from you. Any feedback or suggestions you have to offer will be greatly appreciated.

(Many thanks as well to log for generously sponsoring a portion of Jose's time throughout 2007 to work on Perl Mongers and Perl Foundation activities.)

July 10, 2007

July 9th, 2007 - A new wiki for Perl 5

The irrepressible Michael Schwern has launched a new wiki devoted to all things Perl 5, and has invited everyone to contribute:

Perl 5 needs a place to collect its community knowledge which is currently scattered around in penny packets on perl mongers sites, scads of perl.org hosts, mailing list archives, man pages and books.

This sort of thing is handled well by a wiki. Perl 5 now has one:

http://www.perlfoundation.org/perl5/

As Schwern notes, however, launching the wiki is just the beginning:

It is hungry for content. What sort of content? Any sort of Perl 5 related content. Really. Anything you think someone else might find useful that would otherwise be lost in the noise of the Internet.

One simple task you can do right now is add a module to one of the lists of Recommended CPAN Modules:

http://www.perlfoundation.org/perl5/index.cgi?recommended_cpan_modules

July 06, 2007

July 5th, 2007 - A trio of Perl 6 microgrants

Three more Perl 6 Microgrants have been awarded!

Jesse Vincent of Best Practical writes:

Flavio Glock will receive a travel microgrant to help him attend YAPC::EU and evangelize kp6 and the Perl 6 in Perl 6 effort.

Steve Pritchard will receive a microgrant to complete the RPM packaging of Parrot and Pugs for Fedora, and to submit those packages for inclusion in the official Fedora distribution. Steve will be blogging his progress at http://blog.stevecoinc.com/

Juerd Waalboer is the maintainer of feather.perl6.nl, the primary host for Pugs development. Juerd will receive a microgrant to purchase upgraded hardware for feather.

Five Perl 6 microgrants remain to be awarded, so if you've got a good idea, we want to hear about it. You can find out how to submit a proposal here:
http://www.nntp.perl.org/group/perl.perl5.porters/2007/03/msg122448.html.

July 06, 2007

June 29, 2007 - Parrot and Perl 6 wikis moved to perlfoundation.org

For a year or two now, I (Andy Lester) have hosted the Perl 6 and Parrot wikis on my home server, on a not-too-fast DSL line, at rakudo.org. They've now been moved to the wiki infrastructure at perlfoundation.org, on a dedicated box. This means much better performance, so if you've tried the wikis before and found them slow, check them out now.

The moved wiki workspaces are:

Thanks to Socialtext for the hosting.

July 06, 2007

April 7, 2007 - Phil Crow to create JDBC API for Perl 6

From Jesse Vincent and Leon Brocard:

We're pleased to announce that we've selected Phil Crow as the recipient of the second Perl 6 microgrant. Phil is the hacker behind the Java::Swing module that allows Perl programmers to put a Java Swing GUI on their application without writing any Java and he'll be using this knowledge to convert Java declarations to Perl 6. You can find details of the project he's planning in the text of his grant application:

Tim Bunce has suggested that it would be nice to have a general purpose declaration translator from Java to Perl. In particular, he is interested in leveraging this tool to create a JDBC API for Perl 6 from the Java JDBC classes and interfaces. The result would then provide a strong foundation for the Perl 6 DBI.

I propose to write that translator. It would have two pieces:

  • One would use the Java deparser (part of its standard development kit) to turn Java classes or interfaces into an internal structure
  • The other half would turn that structure into valid Perl 6. Note that it would only translate class, interface, and method declarations, not code.

Success for this project will be a working translator that generates method declarations in Perl 6 from compiled Java .class files. While all cases might not be covered, at least the final product should not die when faced with the unexpected. The generated files will be tested using the then current version of Pugs.

This project is new and has only recently been discussed in response to the call for proposals. I'm sure I will have questions to direct to various Perl 6 mailing lists as the project progresses.

Phil will be blogging about his grant progress in in his use.perl journal.

This microgrant is supported by additional sponsorship from Tim Bunce / DBI.

Please join us in wishing him the best of luck with his project. We're really looking forward to seeing the results of this work.If you're interested in submitting a Perl 6 microgrant proposal, you can find details here.

July 06, 2007

March 26, 2007 - First Perl 6 microgrant announced

From Jesse Vincent & Leon Brocard:

We're pleased to announce that we've selected Steve Peters as the recipient of the first Perl 6 microgrant. Steve has been instrumental in helping to ensure that Perl 5 has stayed incredibly portable for the past few years. Steve's starting to turn some of his attention to Parrot. You can find details of the project he's planning in the text of his grant application:

There are several problems currently with Parrot's portability, which may inhibit its adoption as a run-anywhere VM. This problem will be a major obstacle in the Perl6-to-Parrot solutions that have been proposed.

Some of these problems include:

  • Failures to successfully link a Parrot executable with gcc on Cygwin.
  • Failures to successfully link a Parrot executable with icc or suncc on Linux.
  • Failures to successfully link a Parrot executable with Borland C++ on Windows.

These are the failures I have personally experienced. I suspect there may be additional problems on other OSes and platforms as well since there seems to be very spotty coverage of HP-UX and Solaris based on results seen on the Parrot smoke report website.

Having worked with the Perl 5 core for a few years now, I have a good deal of experience in this area. I currently smoke test Perl on four different operating systems with seven different compilers. I have worked to get Intel C++ and Sun Studio compiling Perl without failures on Linux. I am also currently working with Sun in their early access program to test out their new Sun Studio 12 compilers on both Linux and Solaris.

For completion of this grant, I believe the following would be the bare minimum needed for a successful project.

  • Successful completion of a full Cygwin compile of Parrot and application of necessary patches to Parrot. Test failures should be in line with what is observed on Linux or Mac OS X. That is clean up any test failures that seem to be platform specific to Cygwin.
  • Similarly, compiling Parrot with Intel C++ and Sun Studio 12 for Linux, application of any necessary patches, and cleanup of compiler specific issues.
  • Compiling Parrot with Borland C++ on Windows with application of necessary patches to the Parrot core. Cleanup of compiler specific issues with necessary additional changes patched in the Parrot core.
  • Investigation into gmake "-j" support to allow for parallel building of Parrot.

Additional planned work:

  • Additional cleanup for other OSes including (but not limited to) NetBSD, OpenBSD, and FreeBSD.
  • Testing and cleanup for Solaris (x86 and Sparc) and HP-UX if needed. As I only have guest access for the majority of these platforms, the work is dependent on continued access to these systems. As long as I have the access, though, I plan to treat this deliverable similarly to the others.

Steve will be blogging about his grant progress in his use.perl.org journal.

Please join us in wishing him the best of luck with his project. We're really looking forward to seeing the results of this work.

If you're interested in submitting a Perl 6 microgrant proposal, you can find details here.


You gave a url of : http://%20use.perl.org/~speters/journal

Should be: http://use.perl.org/~speters/journal/

contributed by will coleda on March 26, 2007 11:37 PM


Thanks Will, fixed!

contributed by Ask Bjørn Hansen on March 27, 2007 6:57 PM

June 20, 2007

Perl 6 & Parrot Essentials now available as project documentation

Allison Randal informs us that she has "...just signed an agreement with O'Reilly that assigns the full copyright in the book Perl 6 and Parrot Essentials to The Perl Foundation. The text is out-of-date, but can be updated much more rapidly than it can be rewritten from scratch." The contents of the book will soon be available via the perl.org Subversion server (svn.perl.org).

Many thanks to O'Reilly for this generous gift to the Perl community, and to the original authors for their hard work in producing the book in the first place.

May 02, 2007

May 2, 2007 - XML::RSS Cleanup Grant Completed - Final Report

I am pleased to announce that Shlomi Fish has completed his XML::RSS cleanup grant. In his own words, Shlomi has summarised the work he's done and offers his thanks to those who helped him transform XML::RSS into a high quality tool for the community:

This is a summary of a Perl Foundation XML::RSS grant, I've been doing. Its scope was for two or three months from 1 January, 2007 onwards, with a lot of work done by me before the grant application was submitted.

I've kept a journal on my work by writing entries in my use.perl.org weblog. Here are the links to them.

Before receiving the grant:

  1. XML::RSS
  2. XML::RSS Meta Bug
  3. XML::RSS Update

After receiving the grant:

  1. XML::RSS - Grant Application Was Accepted + Update
  2. "Yet Another XML-RSS

Update"http://use.perl.org/~Shlomi+Fish/journal/32121

  1. "XML::RSS Update: Full

Test Coverage"http://use.perl.org/~Shlomi+Fish/journal/32214

  1. XML::RSS Update: Refactoring

Now for some general commentary. Ask Bjørn Hansen has been doing extraordinary work taking care of the perl.org infrastructure, and also became the maintainer of the XML::RSS module. He has been very helpful in commenting on my patches and applying them, guiding me through the process, and providing feedback.

Our process in working on XML::RSS was the following:

  1. At first we did some work on reducing the number of open bugs to a minimum. This either involved correcting the code, and closing duplicate bugs or ones that were too obscure.
  2. After that and during development, we worked on expanding and extending the XML::RSS test suite. Devel-Cover by Paul Johnson was a huge help here, in locating things we did not cover yet.

We emphasised making sure the tests were meaningful, and reflected the functionality of the module.
During the testing stage, some hard-to-find bugs were fixed.

  1. After we had a 100% test coverage, we started with mercilessly refactoring the code. Many methods were extracted and encapsulated, an XML element generation code was added and eventually, each RSS version backend became its own class. Finally, the parsing was made cleaner and more robust, while overcoming some of XML::Parser's inherent shortcomings.

For now, it seems the code is squeaky clean.

All these modifications were incorporated into version 1.29_02 of XML::RSS, which is a development version. Expect them in the stable XML::RSS version 1.30 soon.

I'd like to thank Ask for his co-operation and support; Paul Johnson for writing the Devel-Cover module; the TPF people ("Curtis "Ovid Poe and others) for accepting my grant, and for guiding me through the grant process; and all the people who reported bugs or supplied feedback.

Peace, Love, Camels and web feed mangling!

It's been a pleasure working with Shlomi and I'd like to take this opportunity to wish him every success in his future projects!

May 02, 2007

May 2, 2007 - Help Wanted: SOAP::Lite

Here's my first Help Wanted entry. SOAP::Lite needs your help. Byrne Reese has posted a good assessment of the state of the SOAP::Lite. Read on for details.

To start, SOAP::Lite works. That is, it works well for easy things (it's actually the easiest out there in any language) and you can get it to work for complicated things. But it needs help and it's going to need more help in the near future. SOAP is becoming more and more important to interface between major software products. Perl excels as a glue language, but it won't be able to continue to do this if it can't talk SOAP easily. For example, one of the biggest problems right now is it can't easily generate WSDL.

In addition to solving its problems right now, it will need to be ported to Perl 6. It will be much nicer to do that if we can get a decent re-write now.

How do you help?

  • Byrne mentioned a few ways in his summary. He needs some dedicated coders.
  • Do you use SOAP and perl at work? Get your boss to let you spend time improving it.
  • I think this work would be appropriate for grant requests, either normal TPF grants or the new micro-grants. Let's break down the tasks into something manageable.

This is a big project to tackle, but one that will surely have thousands of people running your code. And if you like coding in Perl, it will increase the chance that you'll be able to keep doing so in your day job.

May 02, 2007

May 2, 2007 - Help Wanted: Perl Coding Needed

I often hear this:

"I'd get involved in Perl, but all the cool stuff is done and there's no room to make a name for myself. No one needs another DBI module..."

or even:

"All the cool kids are using (Ruby/Python/TI-994A Extended Basic) because they don't have CPAN yet and they can become the uber-programmer for the cool modules."

Well, to these I say, "Nonsense!" There is a ton of work to be done for Perl today, right now. And it's crucially important work. So whenever I come across something that I think is really important, I'm going to post it with the heading 'Help Wanted.'

Criteria: This isn't going to be stuff like, "We need someone to fix this RT ticket for this module." I'm going to try to post stuff that I feel is truly important to Perl and would be useful to many people. I'll also try to post any progress if I hear about it.

Interested? Go check out the first posting for SOAP::Lite.

March 20, 2007

March 20, 2007 - TPF and SoC 2007

A few people have raised questions about TPF's lack of involvement in this year's Google Summer of Code, wondering if TPF simply decided not to participate, or if there was more to the story. There is, and I hope this post will help answer the questions. The short version: We submitted an application to be a mentoring organization, but we weren't accepted.

The longer version starts back in 2005, when TPF was part of the first Summer of Code program. Although I wasn't directly involved in the day-to-day SoC activities, I remember how upbeat people were about the program; Google was making a huge show of support for Open Source, and we were glad to be a part of it. There was a lot of energy and excitement, and everything seemed to be going well.

Things didn't stay so positive, however. There were early mentor/student communication and coordination issues that, frankly, we just didn't deal with effectively. While these issues were eventually resolved -- mostly through the heroic efforts of Curtis Poe (a.k.a., Ovid) -- we never really overcame that poor first impression. Google was left with a pretty dim view of TPF.

It's fair to say that the only reason we were involved in the 2006 Summer of Code program at all was because Robert S, a Google employee that also was a member of TPF, served as a "proxy" for TPF. Robert asked the SoC organizers directly to allow us to participate, and offered to coordinate. Apart from Robert, there was actually very little direct TPF involvement in SoC 2006. (I certainly don't claim that this was a perfect situation, but it did give a number of students an opportunity to work on interesting projects and contribute to Perl. It's very unlikely it would've happened otherwise.)

Unfortunately, I made the mistake of assuming that the same thing would happen again this year, and I was wrong. By the time I learned that, due to other commitments, Robert wouldn't be able to serve as the TPF / SoC liaison in 2007, we were up against the deadline. I quickly assembled and submitted an application, knowing that it was unlikely to be accepted. It wasn't.

I'm sure it's clear by now that I'm not happy about this situation, and I apologize for letting it happen. While it's not the end of the world, it's disappointing; SoC is a worthwhile program, with the potential for a lot of positive exposure for Perl. As difficult as TPF involvement in SoC has often been, I'd certainly still prefer that we were participating.

Looking Ahead

Fortunately, the story doesn't end here. Many of the folks that were gearing up for SoC (both within and outside of TPF) are loathe to just set that motivation aside, and are exploring alternatives. Whether these alternatives take the form of an SoC-like program, or something more appropriate to our community, is under discussion right now. (It's a discussion I encourage you to join; comments are open.)

So as unhappy as I am about all of this, I'm also hopeful that moving forward with one or more of these alternatives will result in some very positive activities in the Perl community. We'll make announcements here soon as these discussions resolve into specific plans and programs.

Thanks for reading.

Bill


Hi.

Last year I contacted Robert to participate as mentor. My project was not accepted (as expected, as it was quite academic), but I think other projects went running and with interesting results (at least the parrot related ones).

This year it is too late. Probably the best is to forget Google SoC and (if possible) suggest Perl-related projects using other mentoring organizations.

I think we should start thinking on an approach to add TPF back as a mentoring organization for 2008.

contributed by Alberto on March 20, 2007 10:32 AM


So is the title of president just nominal, and no real leadership exists?

contributed by Anonymous on March 20, 2007 4:33 PM


Hi Mr. or Ms. Anonymous Commenter,

Could Bill have been more on the ball? Sure. Could you? Yup!

Volunteer organization and all that - what comes out is roughly proportional to what comes in.

There are plenty who talk and talk and suggest and suggest and debate and debate ENDLESSLY. Preciously few who actually come and do ANYTHING AT ALL.

- ask

contributed by Ask Bjørn Hansen on March 21, 2007 12:11 AM


Ask++

TPF should try to become a mentoring organisation in SoC 2008 - definitely! As SoC is a well known event, good Perl projects can mean good publicity.

"Whether these alternatives take the form of an SoC-like program, or something more appropriate to our community, is under discussion right now. (It's a discussion I encourage you to join; comments are open.)" (Bill)

So you think about such a program just for 2007 or for the future?

I don't like the idea of a "TPF-only" program:

  • We have the Grants - that is one ability to work on interesting Perl projects. And that will compete against the other program.
  • The number of people who will notice this program is not that big.

This is a problem that lots of Perl project have. They are well-known in the Perl community but nobody outside the community knows it.

Just my 0.02 EUR

Renée

contributed by Renee on March 22, 2007 11:28 AM

February 12, 2007

February 12, 2007 - Haskell book available on wikibooks

I was checking out Wikibooks today and noticed that one of the "hot picks" is a wikibook on Haskell. Looks like it might be a good way to get your feet wet and maybe help out the Perl 6 development effort.

January 23, 2007

January 23, 2007 - Grant Updates

We have two grant updates (sort of) this time.

Adam Kennedy's "Extending PPI Towards a Refactoring Perl Editor" has no new news to report. This grant is currently stalled.

Shlomi Fish's work on "XML::RSS Cleanup", however, is going quite well. Read on for more information.

Well, I wrote two use.perl.org journal entries about XML-RSS that detail some
of my progress:

* "http://use.perl.org/~Shlomi+Fish/journal/32081"<http://use.perl.org/%7EShlomi+Fish/journal/32081>

* "http://use.perl.org/~Shlomi+Fish/journal/32121"<http://use.perl.org/%7EShlomi+Fish/journal/32121>

What's been accomplished:
-------------------------

1. Moving the data files from under examples/ to under t/data.

2. Some other build system tweaks.

3. Made all files that were left executable in the repository non-executable
as there's no reason for them to be so.

4. Added better test coverage, according to the input of Devel::Cover.

	- The as_rss_* functions now have full test coverage.

5. Fixed some bugs and made some of the code more correct.

Setbacks:
---------

* On Saturday I discovered that many pages on my homesite got link-spammed.
This is especially troubling because they are static HTML pages, which means
it involved an intrusion of some sort. Restoring everything and taking some
preventive measures occupied the majority of my non-work-related time since
then. Luckily, I've finished most of what I wanted to do in this regard, and
so I can soon return to XML-RSS.
(http://community.livejournal.com/shlomif_hsite/4145.html)

My Next Plans:
--------------

1. Further increase the test coverage of XML-RSS, until a 100% test coverage
is reached.

2. See what I can do to close the remaining bugs in the XML-RSS RT Queue.

3. Refactor the XML-RSS code and improve its quality.

Anything I can be Helped With:
------------------------------

* Nothing in particular.

December 13, 2006

December 13, 2006 - Save the date: New England Perl Workshop, March 10, 2007

This just in from the Boston Perl Mongers:

Boston.pm will be presenting the inaugural "New England Perl Workshop" at Northeastern University on Saturday, March 10th, 2007. We are following in the tradition of the Pittsburgh, London, and Nordic Perl workshops in having two tracks of talks (some short, some long), with opportunities to socialize. We're also hoping to include a
hackathon.

We hope to draw a mix of interested participants from New England and surrounding areas, as well as interested national and international attendees. We are in the process of defining the process for submitting and collecting talks as well as putting together a website at http://www.neperlworkshop.org/. Please stay tuned for more details.


The latest news is that this flopped and will not occur.

contributed by Anonymous on February 18, 2007 6:56 PM

December 03, 2006

December 3, 2006 - A trio of Perl calendars

December brings three different online calendars for the Perl community.

First, the traditional Perl Advent Calendar informs you about a snazzy module every day until the 25th, with requisite RSS feed for those of you practicing one of the three virtues this holiday season.

Next, for Catalyst users, or those who'd like to start, the Catalyst Advent Calendar brings a daily tip for those interested in this increasingly popular framework.

Finally, brian d foy has created a Perl Community calendar on Google Calendar. Follow it via XML, iCal, and HTML.


You can find this calendar also here: http://www.markthisdate.com/calendar/details.html?calendar=917 and it is downloadable to Outlook, Pdf and all other majar callendar apps.

Cheers,

Rutger

contributed by Rutger on December 4, 2006 11:06 AM

November 17, 2006

November 17, 2006 - Chicago Perl Hackathon a rousing success

The first standalone Perl Hackathon has been a rousing success, and The Perl Foundation is looking forward to sponsoring two or three each year around the country, or around the world.

From Friday November 10th to Sunday November 12th, over thirty Perl hackers converged on the Country Inn &amp; Suites in Crystal Lake, IL, a far northwest suburb of Chicago. For three days, nearly around the clock, we worked, talked, ate, and worked some more on Perl projects of all kinds. There were hackers from around the Chicago area as well as others from Oregon, California, New York, Ontario and England. Some were only around for one day, while others came in Thursday night and left Monday morning. It was a gathering that let everyone do what they wanted, when they wanted, while still getting work done.

The Parrot project had the largest population working on it. Chip Salzenberg and Jerry Gay flew in to drive the development. Friday morning, there were six hackers who were familiar with Parrot, but when it was over, eight new project members had worked on it. Bugs were fixed, design documents were created, and hackers met other hackers for the first time.

Perl::Critic also had a big showing. Chris Dolan and yours truly met with Michael Wolf and James Keenan to create new policies and hash out design decisions as we pushed to the version 1.0 release of this crucial tool.

On Saturday night, Ken Krugler of the code search engine krugle.com gave a demo of the site, and heard feedback about how krugle.com can help serve the Perl community better. I'm excited about outside companies working to help Perl while helping themselves. Most important, Krugler sponsored the night's Chicago deep dish pizza to feed the hungry hacking throng.

Smaller projects got attention as well. Pete Krawczyk and I worked on projects like ack, File::Next and HTML::Tree, since most of our time was spent running around getting people to public transportation, getting snacks, ordering Chinese food, and making sure everything ran smoothly. For more details on who was there, and what we worked on, see the Hackathon Chicago wiki at http://rakudo.org/hackathon-chicago/.

The one question everyone asked was, "When's the next one?" The Perl Foundation is currently working on ideas, plans, budgets and sponsorship for making more hackathons happens, but we need people to host and organize them. A hackathon is an ideal way for a Perl Mongers group to host an event, but with much easier requirements than hosting YAPC (Yet Another Perl Conference). If you or your Perl Mongers group would be interested in hosting a hackathon, please email me at andy@perl.org.

November 17, 2006

November 17, 2006 - Perl's taint checking to the rescue

I read today in the November 15th issue of Software Development Times (an actual paper publication!) that buffer overflows are no longer the most common update security problem reported by CVE (cve.mitre.org).

The three most common types of security vulnerabilities in 2005 were cross-site scripting (16.0%), SQL injection (12.9%) and buffer overflows (9.8%). So far in 2005, buffer overflows has lost the #3 place to PHP remote includes.

The good news is that Perl has long had capabilities in the language and its most common libraries that effectively shut down many of these attacks.

It's not surprising that buffer overflows are on the way out. Perl programmers have long been able to not worry about buffer overflows. Dynamic strings mean no buffer overruns. Fortunately, all the new dynamic languages like Ruby, Python and PHP have dynamic strings as well, leaving only C and C++ programmers having to worry about the size of their malloc buffers.

Where Perl shines in web security is with its built-in "taint mode". When taint mode is enabled, all data from an external source, such as from a web input form, is assumed to be untrusted and tainted. If a user types in her name, the resulting string is marked internally as tainted. Most of the time, this effect is invisible.


print "Hello, $name, glad to see you.\n";

Perl will print out the the user's name, because no matter what $name is, it doesn't present a security risk. However, consider this common rookie programmer mistake.


$dbh = ... code to make a database connection ...;
$dbh-&gt;do( "insert into visitors (name) values ('$name')" );

That works fine for values of $name like "Bob Smith", but consider a string like:


'); drop table visitors;

Your SQL expands out into


insert into visitors (name) values (''); drop table visitors;')

That results in three statements, separated by semicolons: One inserts an empty value in the "visitors" table, the second deletes the "visitors" table, and the third a syntax error. The effect is that one well-crafted string from a miscreant means you've lost your data table. The possibilities are endless.

Taint mode to the rescue!

With Perl's taint mode, and DBI's TaintIn attribute enabled, SQL injection attacks can't happen. Perl's DBI module sees the tainted data, since any data created from tainted data is also tainted, and refuses to execute the command. In effect, DBI says "You don't know that the SQL command you're passing me is trustworthy, so I won't run it."

Of course, DBI handles the safe way of doing SQL calls, using placeholders:


$sth = $dbh-&gt;prepare( "insert into visitors (name) values (?)" );
$sth-&gt;execute( $name );

The data is passed to DBI, but entirely separately from the command. The command is not created using tainted data, so is safe for DBI to execute.

SQL injection prevention is just the beginning of the value of taint mode to Perl programmers. Tainted data also can't be used for executing system commands or reading source code, as in the PHP remote include exploits. For a more thorough discussion of how taint mode works, and why you want it on in every web program you write, see the perlsec documentation for Perl with perldoc perlsec, or online at http://perldoc.perl.org/perlsec.html

I hope that other dynamic languages continue to borrow Perl's features and add explicit taint-mode checking to their bags of tricks. Modern web development demands it.


"With Perl's taint mode, and DBI's TaintIn attribute enabled, SQL injection attacks can't happen."

This isn't true. Taint checking does not prevent this. It simply doesn't allow it with tainted data. The user can still untaint data incorrectly, and SQL injection attacks can still happen.

contributed by Anonymous on February 18, 2007 6:54 PM

September 27, 2006

September 27, 2006 - Thanks Nick

This week the Perl community lost one of its long time contributors, Nick Ing-Simmons, who died of a heart attack on Monday September 25th 2006.

Nick joined the Perl community in the early days of Perl 5. He consistently contributed to the perl5-porters mailing list and later became pumpkin for 5.003_02 where he added the initial implementation of the PerlIO layer.

Nick is probably best known for his work on the Tk and Encode modules. Tk was initially born out of frustration that perl didn't have a native GUI at the time. Nick tirelessly developed Tk for over a decade. Tk often influenced the development of the perl internals through its aggressive use of XS.

Nick was an intelligent person with a willingness to share his knowledge to help others and one who had a great passion about everything he did.

Our deepest condolences go out to his long time partner, Medi, and all those close to him.

The Perl community owes a lot to Nick so I am sure many will join us in saying

"Thanks Nick"


This is indeed a great loss for the community. Nick was a really classy guy who always turned whatever he was working on into something positive for others. He leaves a lot of goodwill in his wake.

-Ken

contributed by Ken Williams on September 28, 2006 4:29 AM


Too many good people are dying these days. God bless you Nick, may you rest in peace and eternal happiness. :(

contributed by Ollie on September 29, 2006 6:27 PM


When I was working with Perl/Tk, I came across Nick's comments on mailing lists frequently. His death is a loss for our community, a real tragedy. May Nick rest in peace.

contributed by Colin on September 30, 2006 6:00 AM


Dear citizens of the "programming republic of Perl",
it is with deep shock and dismayal that I just read about the death of the father of Perl::Tk. It was his Tk that saved my day(s) in that it gave me an employment just when I direly was in need of one...
I'm too sad to find anything more to say...
Steffen Beyer (Mr. Date::Calc, Bit::Vector, Data::Locations etc.)

contributed by Steffen Beyer on October 7, 2006 7:19 AM


I am a happy user of Nick's software, which makes my everyday working life easier - and no doubt Nick's work had the same effect for countless other programmers around the world. To my dismay, I learned about his death today over a bug report that he will never receive. Which just goes to demonstrate that we best understand the value of people and the contribution they bring to the world once it is too late to express gratitude. Shame on me, I make a living on free software as if it was a commodity, yet people like Nick are not usually part of my prayers. Now they will, at chapter "thanksgiving".

I am a non-native english speaker and I may not be able to express my mood as poetically as the previous poster, but this does not make my condolences to Medi and relatives any less sincere.

contributed by Dominique Quatravaux on October 26, 2006 10:56 AM


Mr Simmons contribution to the perl community was incredible.

Tk is an incredible Perl Module...It's one of the best modules that I have ever seen in the Perl community.

How fantastic applications with incredible GUIs can be developed using Tk....and thanks to Mr Simmons.

I hope that someone else continues keeping, maintaning and updating his great baby...Tk

My condolences to his family and our great perl community

contributed by daniel mazzini on November 16, 2006 5:35 PM

September 18, 2006

September 18, 2006 - Take back your modules

Mark Stosberg wrote a great article on perlmonks called ""Take Back Your Modules about the responsibilities module users have for the modules they use.

September 05, 2006

September 5, 2006 - Perl 5 powering Web 2.0

John Wang has a great blog entry titled Perl 5 Powering Web 2.0 that points at all the web apps out there that are done in good ol' Perl 5.

You don't have to have Rails to do amazing things with the web. You want frameworks, we got frameworks!

August 23, 2006

August 23, 2006 - Ponie has been put out to pasture

(This is re-posted from a general announcement made by Jesse Vincent, Perl 6 Project Manager. -- Andy Lester, Perl Foundation PR)

Over the past several years, one key aspect of the migration plan to Perl 6 has been the Ponie project, a fusion of the Perl 5 runtime with Parrot. Sponsored by Fotango, Artur Bergman and Nicholas Clark did a heroic job cleaning up Perl's internals to make it possible to replace some components of Perl 5 with Parrot, one piece at a time, while still keeping the core of the Perl 5 runtime intact with 100% bug-for-bug compatibility. Along the way, Nicholas ported several significant Perl core improvements from Ponie back to the Perl 5.9 tree.

Ponie never really became a community project. All significant work was done as part of Fotango's sponsorship. When it had good momentum and sponsored developers, it needed a number of Parrot features that weren't yet available. At this point, Ponie has not been in active development for almost half a year and it's my unhappy duty to declare the project dead.

Norman Nunley is currently working to do a final extraction of unharvested improvements from the Ponie code before we put it out to pasture. Lots of good came out of Ponie, just not the good things we expected.

A number of very talented hackers are currently exploring multiple strategies to enable most Perl 5 code to run seamlessly along side Perl 6 in Parrot. Folks have already demonstrated a proof-of-concept Parrot VM embedded in the Perl 5 runtime. Work is underway on a Perl 5 to Perl 6 translator and the existing Perl 6 compiler on Parrot is the proof of concept for a similar implementation of a "regularized" Perl 5. At this point, it wouldn't be reasonable to bless any one right way forward but each of these techniques (and possibly others) could play a part in whatever "5 on 6" scheme we end up with. No matter what happens, we're committed to making your Perl 5 code play well with new Perl 6 code.

August 22, 2006

August 22, 2006 - TPF RFC

TPF's been a busy little foundation lately. Interesting things are taking shape, and you'll be seeing announcements about some of them very soon. Be sure to stay tuned.

Much of this progress is a result of the excellent feedback we've received from the community. (It's not always pleasant feedback, but it's useful all the same.) But we're a greedy bunch, and making progress just makes us want to make more.

That means we need to continue to hear from you. Do you know what TPF does, and what it supports? What can we do to keep you better informed? Perhaps most importantly, what else do you want us to do, or to do more often?

We've got lots of ideas, but limited resources. It's critical that we know what you need most. How can we serve you, our community, more effectively?


The harsh impression I have of TPF, is that it is opaque where it should be transparent. That it is influenced by a cliquey inner circle. It communicates poorly outside that circle, and that grant recipients tend to be awarded to friends of the inner circle.

These are the impressions I have either built for myself, gathered from other local perl mongers, or seen expressed in forums and/or mailing lists.

I do believe things have been getting better. Possibly they are better still, but I don't take much time out of my days to track TPF goings on. I have noticed the addition of the blog and occassionally wander over to check it out.

The best thing I think TPF could do, would be to make publicly accessible unedited archives of all correspondence, meeting minutes and IRC logs. I.e., no private mailing lists, etc.

I do know that TPF is significantly staffed through volunteer efforts. But I would recommend that TPF get a couple prominant programmers from the Eastern hemisphere on board like Audrey Tang and Tatsuhiko Miyagawa. And at least 1 or 2 prominant outsiders. Sam Ruby or one of the other-than-perl6 developers currently working on pugs or parrot.

It'd be nice if people who fund TPF played a role in some decision making process. Such as voting on awards and grant recipients. In the past I have contributed over $2000 to TPF. I am sure that the money was well spent supporting Damian Conway. But the lack of communication and the fact that there was no two-way discussion of how I wished my contributions to be spent have left me without the desire to renew funding.

contributed by Garrett Goebel on August 23, 2006 3:53 PM


I think the most important thing for TPF to focus on is the continued development of Perl 6, which is pretty obvious. But I would love to see TPF fund or help organize a better PR machine.

We need some notable Perl hackers and large users of Perl ( Amazon, Ticketmaster, Slashdot, etc. ) to promote Perl more. Mentioning it in trade press, conferences, etc. Talking about how not only is Perl not dead, but it is vibrant, alive, and getting better every day. I'm not talking about a few warm fuzzies posted on Perlmonks for our own community, it needs to be told to the programmers and suits outside the Perl community.

The computer industry as a whole needs to hear more about Perl, in non-Perl related sites, magazines, etc.

I think as a community we do a great job of taking care of the technology, we need to focus a bit more on the marketing.

contributed by Frank Wiles on August 23, 2006 10:05 PM


I've said this before, but let me repeat for the larger audience.

The best and coolest updates and reports are the talks you guys give at conferences.

If at all possible, as soon as possible, can I suggest you get a copy of your talk from YAPC::NA, and post it for all to see.

That is all :)

contributed by Adam Kennedy on August 23, 2006 11:00 PM


Why be coy about the exciting stuff coming up? You want to know what the community would like you to do but you don't tell the community what you are doing.

contributed by Anonymous on August 24, 2006 3:50 PM


I know Perl 6 is the elephant in the living room so I won't say anything about that. Here are two specific, reasonably easy things that I think the TPF should do:

1.1) Highlight Community (Perl Mongers) Activity: Perl Mongers is one of the great strengths of Perl. What other language has a community that can come together and put together events like YAPC which are low cost enough for programmers that aren't sponsored by a company. However, if you look at the pm.org, perl.org and perlfoundation.org websites, it's hard to get a feel for how much activity there is in the Perl Mongers. The PHP.net homepage ( http://www.php.net/ ) has events as its entire right hand column. It would be nice for at least perl.org and pm.org to list upcoming YAPC and PM events. Many PM groups have monthly meetings. Listing the meetings as they are about to happen can show the Perl community is alive and well, highlighting which PMs are active. It may also encourage various PM groups to design nicer websites like the London ( http://london.pm.org/ ) and Madison ( http://www.madmongers.org/ ) PM websites. At YAPC::NA 2006, it was mentioned people should subscribe to various PM mailing lists and help out. Highlighting PM meetings on perl.org can be a way for TPF to generate more visibility for the PMs.

1.2) Highlight Perl-based apps that can be used outside the Perl community (Plagger): Many people tend to use the best tool for the job, regardless of language. Many Perl-based apps are old and written with an old-school Perl style. Promoting modern Perl-based apps for all types of users can help improve Perl's reputation. One such app is Plagger, Tatsuhiko Miyagawa's RSS/Atom feed aggregator. Right now, TPF runs 3 Planet sites with the Python-based Planet software. All three sites say "powered by Python" and/or "powered by planetplanet" ( http://planet.perl.org/ , http://planetsix.perlfoundation.org/ and http://planet.parrotcode.org/ ). If you go to the Planet site ( http://www.planetplanet.org ) you will see a list of many (non-Python) sites that use the Python-based Planet software. By promoting Plagger, the Perl community can get more (Perl and non-Perl) users using a modern Perl app. Planet Catalyst ( http://planet.catalystframework.org/ ) runs on Plagger. By moving the 3 TPF-maintained Planet sites to Plagger, Plagger will have a base of users which it can use to try and attract non-Perl users. I've used Plagger and Planet and Plagger is by far the better architected product. Introducing people to Plagger will also introduce them to modern, OO, plugin-based Perl architecture.

As for marketing, I think the following would be useful:

2.1) More Discussion of "Modern" Perl Programming: One perception problem Perl has is that many people think they already know what Perl is about and that it's not maintainable for large projects. Many of these people are familiar with old-school Perl programming and apps developed with that style. While there are some large-scale Perl users many of them are from the early days of the Internet when other alternatives were not as well developed. It may be more interesting to highlight some of the more recent Perl success stories such as del.icio.us, editgrid.com, iusethis.com and hiveminder.com. More discussion of modern Perl tools and techniques such as Catalyst, Jifty, Moose, Plagger, PAR and POE may also help overcome Perl's perception problem before Perl 6 arrives.

I think the Community Events sidebar and move to Plagger should be done. There are other things that can be done but I think those two are important to do. I'll post more after I see some traction either on these and/or the other "interesting things."

PS: I haven't been able to reach Bill Odom's email address listed at: "&gt;http://www.perlfoundation.org/contacts.html

contributed by John Wang on August 25, 2006 3:02 AM


John Wang said I haven't been able to reach Bill Odom's email address listed at: http://www.perlfoundation.org/contacts.html

Hmm. Perhaps MT's spam filters aren't the only ones working overtime.

The Contacts page should reference my new TPF address anyway, so use it instead: bill dot odom at perlfoundation dot org.

contributed by Bill Odom on August 29, 2006 10:13 PM


Adam Kennedy said: If at all possible, as soon as possible, can I suggest you get a copy of your talk from YAPC::NA, and post it for all to see.

Duly noted. Again. :-)

But yes, I agree. If getting the video (or at least a transcript) continues to be a problem for much longer, I'll be posting a roughly-equivalent essay version here soon.

contributed by Bill Odom on August 29, 2006 11:55 PM


Anonymous said: Why be coy about the exciting stuff coming up?

I wasn't trying to be coy, and I apologize if it seemed that way. We just want to emphasize results over promises. Real accomplishments count for so much more than the grandest of plans (especially considering TPF's less-than-stellar reputation).

contributed by Bill Odom on August 30, 2006 1:21 AM

May 21, 2006

May 21, 2006 - Nicholas Clark's "Improve Perl 5" Grant Completed

I was going to announce Nicholas Clark's progress on his Improve Perl 5 when I announced this quarter's grant votes. However, the summary below (including the TODO information) isn't quite accurate. It was sent to me on May 11th, and as of a May 20th email to me, I'm informed that even Nicholas' TODO items have been accomplished, along with documentation of user pragmata. His grant appears to be finished and a great success. Many thanks Nicholas!

  • The UTF-8 caching code is merged to 5.8.x
  • The constant folding changes are merged to 5.8.x, and have been adapted to use the "flexible exceptions" system there.
  • Merijn and Nicholas have solved the Configure merge.
  • Making the lexical pragma implementation fully threadsafe turned out to be opening a can of worms. It's done now.
  • The merge-able parts of the save_re_context code are now merged to 5.8.x. The structure on the save stack are duplicated by the threads clone code.
  • The @INC source filter work has been done, and merged to 5.8.x
  • The pack "W" changes have been merged to 5.8.x (but not 'W' itself)
  • The code for magic and localisation has been checked, and merged to 5.8.x
  • I've audited all the code for UTF-8 and overloaded stringification bugs, found and fixed quite a few.

Todo:

  • The work on taint, UTF-8 and TK hasn't been started yet.
  • The fixes for UTF-8 and overloading haven't been merged to 5.8.x yet.
  • The relocatable INC changes have not yet been merged to 5.8.x.
  • We're not sure how to handle packlists when everything is relocatable, or even if a good solution solution exists.

May 17, 2006

May 17, 2006 - perl6-users mailing list

Between Parrot and Pugs, Perl 6 is slowly but surely getting to a state where it's actually usable.

We created the first mailing list for "Perl6 users". Eventually most of the regular perl mailing lists will be for both Perl 5 and Perl 6 users, but for now it makes sense to have a list specifically for users of Perl 6 (useres as opposed to implementors).

Subscribe by sending a mail to perl6-users-subscribe@perl.org.

April 21, 2006

April 21, 2006 - Artistic License 2.0 public review

Allison posted the Artistic License 2.0 public review announcement to use.perl.org today.

Part of the Perl 6 RFC process in 2000 identified the need to update the
Artistic License (RFCs 211 and 346). From 2000-2001, a group of interested Perl users on the perl6-licenses mailing list worked on a first draft of an updated Artistic License. In 2003, The Perl Foundation started an extensive review process with independent legal counsel and with a representative sample of companies and organizations who use and distribute Perl. We're starting the final stage now: a public review open to all.

The goal of the license update is to preserve Larry Wall's original intent, while making the meaning clearer both to lawyers and to users. We've also added a Contributor License Agreement to document the relationship between contributors, users, and TPF. You'll find the latest drafts of the Artistic 2.0 and the Contributor License Agreement in the legal section of the TPF website.

If you have any questions or comments, or just want to follow the conversation, please subscribe to the mailing list by sending a message to artistic2-subscribe {at} perl {dot} org.

After 5 years of work, we're excited to reach this point. Thanks to everyone who contributed along the way!

April 13, 2006

April 13, 2006 - "Improve Perl 5" status report

Here's the latest status update for Nicholas Clark's Improve Perl 5 grant. As usual, he's gotten quite a bit done.

  • Completed "Reblessing references interacts badly with overloading" For blead I've moved the flag for "overloading" from the reference to the referent, which logically is where it should always have been. This isn't binary compatible, so isn't a viable solution for 5.8.x. For that, the flag stays in the same (wrong) place, and I've added a scan routine to find all other references to the same referent and change their flags. The scan is only triggered if the overloading state changes and more than one reference exists, so is unlikely to be triggered except in the conditions where this bug was biting.
  • Completed a rewrite of the UTF-8 caching code. The code itself can be disabled at runtime, in case future bugs are found in it. The cache now stores information more efficiently, and the code uses information the cache in a couple of circumstances where previously it uses a brute-force scan.
  • Checked that IPv6 support in the core is complete, and that all changes made by the KAME project have not been lost. Most of the work of the KAME project has been incorporated into the Socket6 module on CPAN. The rest is in or superceded by the IO::INET6 module on CPAN.
  • Investigated why the changes to $0 broke PAR, resolved the problem, and integrated them to 5.8.x
  • Integrated the changes to the regexp engine code that fix bug 3038 to 5.8.x
  • Wrapped constant folding in an exception handler, and if folding throws an exception (such as attempting to evaluate 0/0) abort folding and retain the current optree, rather than aborting the whole program.
  • Changed Configure to allow specifying include paths relative to the perl binary. This allows a run-time relocatable perl distribution to be built for Unix. H Merijn Brand merged my changes back into the metaconfig units from which Configure is built. He reports that this was the most complex job he's had to do since he took over the metaconfig job around Perl 5.8.0, taking most of a weekend. I am most grateful to him for volunteering his time on this.
  • Provided the infrastructure to implement lexical pragamas. In the end it turned out not to be possible to use Robin's existing work on %^H - instead lexical pragma state is saved in a new structure attached to the optree, and retrieved via caller.
  • Converted the save_re_context() code to write a single block of data onto the save stack, rather than many small writes. I've rearranged the interpreter structure in blead so that the regular expression variables are stored in the same structure, so saves and restores are now block copies.

What's still on the to do list...

  • The UTF-8 caching code is yet to be merged to 5.8.x
  • The constant folding changes are yet to be merged to 5.8.x, or adapted to use the "flexible exceptions" system there.
  • Merijn's merge and regeneration of Configure has broken the relocatable include code. Specifically two shell variables are not being set, and I've not yet been able to work out why. This code has not yet been merged to 5.8.x We're not sure how to handle packlists when everything is relocatable.
  • I'm not confident that the lexical pragma implementation as-is is fully threadsafe, even though it passes all tests. With ithreads the optrees are shared between threads, and I think some minor changes are going to be needed to work properly as a shared structure.
  • The merge-able parts of the save_re_context code is not merged to 5.8.x yet. The structure on the save stack isn't duplicated by the threads clone code yet, and there may be other things still to finish.
  • The tasks relating to the @INC source filter, the pack "W" changes, magic and localisation, UTF-8 and overloaded stringification, and taint, UTF-8 and TK haven't been started yet.

December 18, 2005

December 18, 2005 - Ponie in transition

Ponie is the project name for Perl 5.12, a bridge between Perl 5 and Perl 6. Ponie will bring Perl 5 to Parrot, the virtual machine at the heart of Perl 6. A project of this size and complexity takes plenty of talent, and plenty of support, to complete. The first phase of the project has come to an end, and a new one is beginning.

In July of 2003, as Ponie was announced, Fotango generously committed two years to the Ponie project. Fotango has delivered that and more, donating the time and considerable talent of Artur Bergman and, more recently, Nicholas Clark, to the effort. Because of their work, Ponie has a solid foundation as the project moves forward. The Perl Foundation is grateful for their support.

But Ponie is a huge, complex project, and there's a lot left to do. With Fotango wrapping up its commitment, and Nick already extremely busy serving as pumpking for Perl 5.8, there's simply not enough time for him to devote to Ponie. That means we need new people to step forward and contribute to the project.

Jesse Vincent, project manager for Perl 6, and Nick have put out a call for a new pumpking. The Ponie pumpking needs to manage the route we take to get the Ponie source code from where it is now to its eventual goal: a Perl 5 runtime fully integrated with the Parrot virtual machine. For details about their search for the leader for the next phase of Ponie development, see their full Call For Pumpking.


Oops. There's a small error in there which I failed to spot in the draft, so blame me. Ponie isn't (necessarly) going to be 5.12, at least not the one and only 5.12 release. The hope was that it would be so good that there wouldn't need to be a 5.12 "classic" release (ie a 5.12 with the current Perl 5 VM), but I believe that all the Perl 5 Porters were assuming that in reality a classic 5.12 would still happen.

contributed by Nicholas Clark on July 4, 2006 6:28 PM

December 15, 2005

December 15, 2005 - Patches fix sprintf buffer overflow

The Perl community has released a fix to the sprintf function that was recently discovered to have a buffer overflow in very specific cases. All Perl users should consider updating immediately.

Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on the machine. This was discovered in the context of a design problem with the Webmin administration package that allowed a malicious user to pass unchecked data into sprintf. A related fix for Sys::Syslog has already been released.

The Perl 5 Porters team have solved this sprintf overflow problem, and have released a set of patches, specific to four different versions of Perl.

  • For Perl 5.8.0

ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.0.patch

  • For Perl 5.8.1 and 5.8.2

ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.2.patch

  • For Perl 5.8.3

ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.3.patch

  • For Perl 5.8.4 through 5.8.7

ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.7.patch

While this specific patch fixes a buffer overflow, and thus prevents malicious code execution, programmers must still be careful. Patched or not, sprintf can still be used as the basis of a denial-of-service attack. It will create huge, memory-eating blocks of data if passed malicious format strings from an attacker. It's best if no unchecked data from outside sources get passed to sprintf, either directly or through a function such as syslog.

For further information, or information about The Perl Foundation, please email pr at perlfoundation.org.


When can we expect a patch for windows 2003?

contributed by Nitin on April 21, 2006 2:40 PM


The patches are already available on the CPAN if you build from source. If you're using ActiveState's builds, that's something to direct to ActiveState.

contributed by Andy Lester on April 21, 2006 7:58 PM

December 15, 2005

December 15, 2005 - Volunteers needed: Mailing list support for the perl.org lists

If you have been wondering how you can help out, here is one way. :-)

A quick introduction:

If you don't know me, I am looking after many of the perl.org services with Robert Spier. When I started I helped look after the majordomo system it was running on then. Soon after I moved the lists and the websites we hosted to a computer under my desk at ValueClick where I did work back then. Later Perl.org got moved to a better server and installed in the ValueClick colocation facility where it stayed for ~4 years.

A few years ago Ticketmaster helped us get our own rack at the wonderful IX2 facility and our own bandwidth from Internap. We know have a full rack of old servers. The mailing list server is one of the 1U Dell servers near the bottom of the rack (donated by ShopZilla). We actually have the rack next to this one too now, but it's almost empty. Robert and I are planning to go and spend a day there around christmas and install some new (old) stuff in the empty rack and do some re-organizing. We post updates on that sort of thing in the Perl NOC Log occasionally.

Anyway, now go back to read about helping us with the list-owner emails

December 13, 2005

December 13, 2005 - Updated Perl modules alleviate Webmin security flaw

The Perl community has updated the core module Sys::Syslog to help alleviate a security hole in the Webmin web administration package. All Webmin users should update immediately to the updated version of Sys::Syslog.

Dyad Security released a security advisory explaining how arbitrary, untrusted data can get passed by Webmin into Perl's Sys::Syslog module as a sprintf format string. This allows an attack to create arbitrarily large strings, overwhelming server resources and causing a denial of service.

However, Dyad Security's other security advisory, detailing an integer overflow bug in Perl's sprintf, meant that the Webmin bug could potentially mean arbitrary code execution with the permissions of the web server process, not just a denial of service.

The release of the updated Sys::Syslog handles the specific coding problem presented by Webmin, and perhaps other packages, of passing format strings to the syslog() function when the programer does not realize that syslog() acts as a proxy for sprintf. The new syslog() function now notes the special case of only passing one message parameter, and does what the programmer intended: treats the parameter as a single message string and does not call sprintf.

The other issue, with the sprintf integer overflow, is still being worked on. Fixes have been made, and patches for older versions of Perl are being created. The Perl 5 Porters are taking the time to make sure that the patches work for as many existing Perl 5 installations as possible. Watch news.perlfoundation.org for information on the patches as they become available.

Further queries may be sent to pr at perlfoundation.org.

December 09, 2005

December 9, 2005 - The role of the president

If you've read through the first few posts here on the brand-new TPF blog (and you really should; they're good), you've learned at least a little about what we do and how we do it, and about some of the folks involved. It's a busy bunch of people, volunteering their not-so-copious free time to work on TPF tasks.

So what's the president do?

Well, I've spent these first few weeks helping to put people, processes, and tools in place for us to do a better job fulfilling TPF's mission:

The Perl Foundation is dedicated to the advancement of the Perl programming language through open discussion, collaboration, design, and code.

Of course, much of my "help" has consisted of me asking others to do the real heavy lifting. Many of the items in Richard's earlier summary of activities are a result of me poking and prodding, asking questions, and, well, generally being a pest. Thankfully, I'm surrounded by people that are really, really good at the heavy lifting, and at dealing with my pestering.

As we get more of the fundamentals in place, my role will shift to setting goals and direction, and toward executing specific projects in line with those goals. You can see evidence of this already; this blog, for example, is a step toward better and more frequent communication. The reporting that Richard mentioned in the previous post will provide greater transparency and accountability. You'll soon see more activity around outreach and promotion. Sure, these are just initial steps, but they're important, and there are more to come.

In preparation for the goals-and-direction side of things, I'm spending a stupefying amount of time on the phone, in IM, and in e-mail. (I thought I couldn't possibly deal with any more e-mail. Turns out I was wrong. Heh.) I'm talking with lots of people, both inside TPF and otherwise, to learn how TPF can use its resources to best serve the community.

As I said in a recent e-mail to the TPF Steering Committee list...

There are as many worthwhile things to do as we have time and energy to do them.

The interesting -- and difficult -- part is determining where to focus that time and energy, and how best to execute once we've made that determination. These are also areas where we most want the community's input and involvement, so don't hesitate to let us know what you're thinking.


i just came cross this post on perlmonks
"&gt;http://www.perlmonks.org/?node_id=514562

i guess someone from TPF can give some attention to

'perlmonks fund' as perlmonks people never get the fund donated thr tpf

'require of donation receipt" by saberworks

btw, the comments box in the form is so small. are you guys trying to limit the comment size? ;-)

my appology at last as i don't know where i can post this.

contributed by Qiang on December 11, 2005 6:37 PM


Kurt DeMaagd (TPF treasurer) has posted a follow-up in the Perlmonks thread, answering some of the questions raised there:

"&gt;http://www.perlmonks.org/?node_id=517563

I'll also send a note to the right people about the donation receipt. Like nearly everything else, that process is in the middle of being overhauled, too.

As for where to ask questions like this, you can always send a note to the "pr" address at perlfoundation.org, and the question will be forwarded to the person or people best able to respond.

Thanks for the comment, and the heads-up.

contributed by Bill Odom on December 19, 2005 8:04 AM

December 06, 2005

December 6, 2005 - Announcing the Perl Foundation Blog

The Perl Foundation was established in December 2001, but is a mystery to many people. Today we announce The Perl Foundation Blog at blog.perlfoundation.org (also available as Atom and RSS).

Perl Foundation News is the place to read updates on what members of the Foundation's working groups are working on and for other project-related announcements. Where before a working group member might post an update to his use.perl journal, or a meditation on perlmonks.org, from today those updates and more will be appearing on the Perl Foundation Blog.

The Perl Foundation's work includes:

  • sponsoring the YAPC conferences and supporting their organizers
  • managing grants for Perl-related projects
  • working with outside groups, as on Google's Summer Of Code project
  • putting a public face on the work of the Perl community
  • providing technical infrastructure for web hosting and Subversion repositories
  • supporting and coordinating volunteer efforts

Now you can get information about these activities.

Comments are enabled, allowing you to give feedback directly to our working group members. Talk directly to us and tell us what we're doing right or wrong. Ask us questions and we'll do our best to answer. We love comments and want to hear your views.

We're well aware of the problems of the past. We know that communications have been weak. We're working hard for the trust of the Perl community, and creating the Perl Foundation Blog is a crucial step as we work to earn that trust.

Whether you want to participate in helping make the Perl community even better, or interested in what's going on, we hope that blog.perlfoundation.org helps.


So, is it "blog.perlfoundation.org" or "news.perlfoundation.org?"

contributed by Anonymous on December 6, 2005 8:47 PM


Hi Anonymous Poster,

Both, for now. :-) Eventually we'll likely move all the news items from the TPF website to the weblog infrastructure.

- ask

contributed by Ask Bjørn Hansen on December 6, 2005 9:00 PM


You mentioned the noc.perl.org folks who manage the various *.perl.org domains. Could you explain how one goes about getting one of those (with or without hosting) for a Perl project?

Phil Crow

contributed by Phil Crow on December 6, 2005 9:07 PM


I originally posted this on Perlmonks, but was asked to post it here:
Personally, I wouldn't mind seeing some news about this Perl 6 I've been hearing so much about. I haven't seen an update to the "This week in Perl 6" here since October (though feel free to tell me if I'm not looking hard enough or if I'm looking in the wrong place). Also, I wouldn't mind such summaries being more high level. I don't follow the goings on of the Perl 6 community, so many of the comments in those posts are lost on me. A short list of "here's what we've worked on, we've got this much to go" would be appreciated by at least by this monk. :)

contributed by Ben Thul on December 6, 2005 9:24 PM


Hi Ben,

The "This week in Perl 6" are posted regularly on dev.perl.org, "&gt;http://dev.perl.org/perl6/list-summaries/.

I'll try to find out why they are not being posted to perl.com.

- ask

contributed by Ask Bjørn Hansen on December 6, 2005 10:04 PM


yes, could we have a, maybe groklaw style' bit with links to latest Parrot, Perl6, and P5P blog entries and weekly summaries.

contributed by Aaron 'Teejay' Trevena on December 7, 2005 11:15 AM


Ask:

I take it you are talking about are the news at www.perlfoundation.org. But which address will the weblog live at? It is currently available at both news.perlfoundation.org as well as blog.perlfoundation.org.

contributed by Aristotle Pagaltzis on December 7, 2005 1:35 PM


Aristotle,

Both addresses will keep working, so use whichever one you prefer. :-)

- ask

contributed by Ask Bjørn Hansen on December 7, 2005 10:32 PM


I just fixed Perl.com to display the summary links again. Sorry about the confusion!

contributed by chromatic on December 8, 2005 11:37 PM

perl Category

This page contains an archive of all entries posted to The Perl Foundation in the Perl category. They are listed from newest to oldest.

Many more entries can be found on the main index page or by looking through the archives.

Powered by
Socialtext