Allison Randal on how open source is more than code

Allison Randal has some insights from her Twitter stream today about how open source is more than just a way to create and share code.

Open source isn’t just a licensing/business strategy, it’s a better way of producing software and a better way of training developers. The driving principle of the academic model is to make students fail. The bell curve rules, if all students pass something is ‘wrong’. The driving principle of open source is to help each developer reach their own greatest potential. Good developers are good for the project.

Perlbuzz news roundup for 2010-05-28

These links are collected from the
Perlbuzz Twitter feed.
If you have suggestions for news bits, please mail me at
andy@perlbuzz.com.

How to shuffle a list in Perl

If you’ve got a list of things in Perl, and you want them in random order, don’t try to make up a way to do it yourself. Use the shuffle function in the List::Util module. Say you want a list of files from a directory:

use List::Util qw( shuffle );
my @files = glob( '*' );
@files = grep { -f } @files;
@files = shuffle @files;

Of course you can combine that into one expression:

use List::Util qw( shuffle );
my @files = shuffle grep { -f } glob( '*' );

Or from the command line:

perl -MList::Util=shuffle -le'print for shuffle grep {-f} glob("*")'

Don’t worry that List::Util is a module, because it’s a core module that’s been included with Perl since 5.7.3

$ corelist List::Util
List::Util was first released with perl 5.007003

The shuffle function is extremely simple, and how here’s a little [article that explains why it works](http://eli.thegreenplace.net/2010/05/28/the-intuition-behind-fisher-yates-shuffling/).

Handling multiple SSH keys in your SSH config

I’ve been frustrated lately trying to juggle multiple SSH keys on various servers I’m on. If I’ve got one set up to the Subversion server at work, then I can’t authenticate with github. If I let github be the server that I have a private key for, then I’m entering a password whenever I do an “svn up” on the work server.
I played with ssh-agent, but that seemed to require starting up a process every time I logged in, and I couldn’t get it running in my .bashrc, and it required manually adding keys.
And then I stumbled across [this article](http://www.ibm.com/developerworks/aix/library/au-spunixpower.html) that introduced me to the IdentityFile argument. Now I have this in my ~/.ssh/config and all is well with the world.

Host github.com
HostName github.com
IdentityFile ~/.ssh/github_rsa
User petdance

To InformationWeek re: static code analysis

*Sent to editor of DrDobbs/InformationWeek*
I enjoy Sid Sidner’s [article on static code analysis tools](http://www.drdobbs.com/tools/224600102), but was surprised to see two big omissions, especially as they may provide a low-cost point of entry to the organization just starting to look at static analysis.
First, [PC-Lint](http://www.gimpel.com/) is a relatively low-cost tool that does a fine job of C/C++ analysis. It’s been around for years, and has found many C bugs in my code back in the early 90s. I’ve also been using the open source [Splint](http://splint.org/), for years on the [Perl 5](http://www.perl.org/) and [Parrot](http://parrot.org/) open source projects. Although Splint’s not nearly as complete a package as Coverity’s Scan product (Coverity runs Scan on dozens of open source projects for free as a service to the community), it’s a great introduction to the power of static code analysis tools. I also suggest readers check the [“List of tools for static code analysis” page](http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis) on Wikipedia.
Second, one crucial point missed is how any tool is going to require tuning. Splint will generate hundreds of errors in each source file on its first run on your code, since nobody in the real world is as pedantic as the tool is. Each organization will have to decide which policies are worth following, and which are just noise.
Finally, static code analysis isn’t strictly for C++ and Java. Many dynamic languages have similar tools. For example, [Perl::Critic](http://perlcritic.com) is a fantastic tool for analysis of Perl code, as well as an extensible framework that lets each organization create custom policies to fit its own development practices.