• Perl one-liner to sample your Mac's voices

    I’ve been following stories about Roger Ebert’s new voice, which a company has made so that they can apparently plug it into his Mac. In his appearances on camera, the voice he’s been using is the Mac “Alex” voice. What other voices does your Mac have? Here’s a Perl one-liner to play them.

    Read on →

  • Help keep the world safe from SQL injection

    A while back, I put up [bobby-tables.com](http://bobby-tables.com) as a repository for showing people the right way to handle external data in their SQL calls. Whenever someone pops up on a mailing list or IRC and they're building SQL statements using external tainted data, you can just refer them to the site. In the past few days, I've spiffed up the site (with design help from [Jeana Clark](http://jeanaclark.org/)) and added pages on [Perl](http://bobby-tables.com/perl.html) and [PHP](http://bobby-tables.com/php.html). I need more examples, though. It's 2010, and there's no reason anyone shouldn't know about parameterized SQL calls. The site source is [hosted on github](http://github.com/petdance/bobby-tables), so if you have any contributions, please fork it and let me know about your applied changes, or you can email me directly. Thanks! P.S. In the next few days, I hope to fire up some redesign on [perl101.org](http://perl101.org/), too.
  • Devel::NYTProf 3.0 is out, more mindblowing than ever

    Go run to the [announcement about Devel::NYTProf v3.0](http://blog.timbunce.org/2009/12/24/nytprof-v3-worth-the-wait/). Marvel at the code profiling goodness. Highlights include: * Ability to profile opcodes, which means... * NYTProf can now profile slow regular expressions * More detailed stats on BEGIN blocks * Treemap of subroutines * Tracking of which subs called which other subs * Graphing of sub calls * Improved report output * Ability to merge profile runs, such as when a process spawns other processes like mod_perl code does. Already I have found that my regular expression compilation is taking 6% of the runtime in my sample runs in [ack](http://betterthangrep.com). I had no idea. Just amazing. Go try it now, and buy Tim Bunce and the other contributors a beer.
  • Advent calendars galore

    *By Matt Follett* It's the time of year for Advent Calendars and it looks like the Perl community isn't disappointing this year. [Perl Advent Calendar](http://perladvent.pm.org/2009/) > The first day talks about using Package::Alias to alias Mouse to Moose. [RJBS Advent Calendar](http://advent.rjbs.manxome.org/) > Ricardo Signes' calendar to showcase things he has been working on. His first entry is about Sub::Exporter which looks very powerful. [Catalyst Advent Calendar](http://www.catalystframework.org/calendar/2009) [Perl 6 Advent Calendar](http://perl6advent.wordpress.com/) > This one starts off with setting up Rakudo, so it requires very little prior knowledge. [SysAdvent](http://sysadvent.blogspot.com/) > Tips for system administrators All of these have RSS feeds, so they'll be easy to follow. Have fun! *[Matt Follett](http://search.cpan.org/~mfollett/) is a developer in the Informatics team at The Genome Center at Washington University School of Medicine, where he works on high-throughput DNA sequencing projects. He is a graduate of the University of Missouri at Rolla, where he majored in Computer Science & Computer Engineering. He has worked for Monsanto, Boeing, and Beck Automation as a software engineer. He was the head of the 2009 St. Louis BarCamp. He currently resides in St. Louis, where he heads the local chapter of Perl Mongers.*
  • Christmas brings the RJBS Advent Calendar

    *By Ricardo Signes* Back when I first started learning Perl 5, I was excited to find the [Perl Advent Calendar](http://perladvent.pm.org/archives.html). It was a series of 24 or so short articles about useful Perl modules or techniques, with one new entry each day leading up to Christmas. A few years later, the Catalyst crew started the [Catalyst Advent Calendar](http://www.catalystframework.org/calendar/2005). I always liked the Perl Advent Calendars, and kept meaning to contribute. Every time, though there were too many things I'd want to write about -- and mostly they were my own code, so I felt sort of smarmy and self-promoting and never did it. Finally, though, I'm glad to say I have tackled those feelings. I will not shy away from showing off my own code, and I will not worry about having to choose just one thing. This year, I will publish the [RJBS Advent Calendar](http://advent.rjbs.manxome.org/), 24+ full days of cool, useful, or stupid code that I have written and given as a gift to the rest of the CPAN community. I've had a lot of fun working on this project, and it's helped me find and fix a number of little bugs or imperfections in the software I'll be talking about. The first door opens in seven days. I hope it's as fun to read as it was to write. No returns will be accepted. Approximate actual cash value: $0.02 *Ricardo Signes has written [tons of modules on the CPAN](http://search.cpan.org/~rjbs/), including [Dist::Zilla](http://search.cpan.org/dist/Dist-Zilla/), the heir apparent to Module::Starter. He is also a total sweetheart, and has a fuzzy head.*
  • Perl gets modern community blogging platform at blogs.perl.org

    In a move of unparalleled beauty, Dave Cross and Aaron Crane have announced [blogs.perl.org](http://blogs.perl.org), a modern blogging platform for the Perl community. Go look. Enjoy the non-ugly color scheme. Marvel at the code syntax highlighting and ability to embed images. Navigate posts using thoughtful categories. A million thanks to Dave and Aaron for putting this together, and to [Six Apart](http://sixapart.com) for the design. Links to feeds will be going up here on Perlbuzz as soon as I have time.
  • The horrible bug your command line Perl program probably has

    Most programmers know you have to check return values from system functions. Unless you're just starting out as a programmer, you know that this is bad:
    open( my $fh, '<', 'something.txt' );
    while ( my $line =  ) {
    # do something with the input
    If that open fails the program continues on. The call to readline will fail, return undef as if we're at the end of the file, and the user will be none the wiser. If you have use warnings on, you'll get a "readline() on closed filehandle", but that's not much help when you should be dying. Instead, you should be opening your file like this:
    my $filename = 'something.txt';
    open( my $fh, '<', $filename ) or die "Can't open $filename: $!";
    This way, your user gets a useful error message if something goes wrong, but more importantly, the program doesn't continue as if nothing is wrong, potentially doing what it should not. h2. GetOptions needs checking, too Unfortunately, I see programs where otherwise-sensible programmers ignore the return code of GetOptions.
    use Getopt::Long;
    'n=i' => my $count,
    # Do something that uses $count
    print "Processing complete!n";
    There are any number of ways the user can call this program incorrectly:
    $ perl foo -n
    Option n requires an argument
    Processing complete!
    $ perl foo -n=five
    Value "five" invalid for option n (number expected)
    Processing complete!
    $ perl foo -m=12
    Unknown option: m
    Processing complete!
    In all three of these cases, the user made a mistake, but the program lets it slide without a mention. The user's going to be disappointed with the results. The solution is simple: Always check the results of GetOptions(). The easiest way is to task && exit(1) after the call:
    use Getopt::Long;
    'n=i' => my $count,
    ) or exit(1);
    It's simple, effective, and prevents unexpected sorrow.
  • What editor/IDE do you use for Perl development?

    Gabor Szabo is running a survey about Perl development:

    I have set up a simple five-second poll to find out what editor(s) or IDE(s) people use for Perl development. I'd appreciate very much if you clicked on the link and answered the question. You can mark up to 3 answers.

    Please also forward this mail in the company you are working and to people in your previous company so we can get a large and diverse set of responses.

    The poll will be closed within a week or after we reached 1000 voters. Whichever comes first.

  • ack 1.90 released

    I just released ack version 1.90 to CPAN. If you don't know about ack, it's a text searching tool for programmers aimed specifically at searching large trees of code. Find out more at betterthangrep.com.

    Here's the changelog for this version:

    1.90        Mon Sep  7 23:24:24 CDT 2009
    Added Ada support.  Thanks to Shaun Patterson.
    Added -r, -R and --recurse options as in grep.  They have no
    effect because directory recursion is on by default.  Also added
    --no-recurse for orthoganality. Thanks to Mark Stosberg and
    Ryan Niebur.
    Version in --version is prettier.  Thanks, Ori Avtalion.
    Added an updated ack.bash_completion.sh from Adam James.
    Expanded --files-without-match to --files-without-matches.
    Removed all the hi-bit characters, so we don't have any encoding
    problems.  It's all entities now.
    Fixed capture-stderr to localize some globals that were obscuring
    errors.  Thanks very much to Christopher Madsen.
    Fixed uninitialized errors in tickets #138 and #159.
    Fixed an incorrect command line in the docs for -f.
    Added notes on --pager.  Thanks to Mike Morearty.
    Made the squash program more robust when handling POD.  Thanks
    to Kent Fredric.
    1.89_02     Wed May 13 16:20:21 CDT 2009
    Updated Makefile.PL to use new ExtUtils::MakeMaker features.
    Thanks, Schwern.
    --version now shows the version of Perl that ack is running
    under, and the full path to the Perl executable.
    Added new switches --color-match and --color-filename, which
    let you define ACK_COLOR_MATCH and ACK_COLOR_FILENAME from the
    command line.
    Added new switch --column to display the column of the first
    hit on the row.  Thanks to Eric Van Dewoestine.
    Added .ss to --scheme.
    No longer die if you have a .tar.gz file in your tree.
    More tweaks to get the detection of input and output pipes
    Fixed an amazingly bad call to cmp_ok() in t/ack-passthru.t.
    Started an ack FAQ.
  • Don't optimize for yourself in communities

    It drives me nuts every time I connect to an IRC channel, Perl-related or not, and the first thing I’m greeted with is “Don’t ask to ask, just ask!” (Over in #perl on freenode, the greeting is “No pasting, at all”. BAD USER!)

    Read on →

  • Perl 6 development does not detract from Perl 5

    A recent thread on use.perl.org brought up one of the worst myths of Perl 6: That Perl 6 is harming Perl 5. Andrés N. Kievsky commented in "a thread on use.perl.org":http://use.perl.org/comments.pl?sid=43716&cid=70320 bq. drop this insane perl 6 thing immediately. Give us good, stablethreading in perl 5 instead of self-hosting grammars in perl 6. Later he said: bq. proper OO syntax, multithreading, better speed ... are major issues in perl 5 that should have priority over perl 6 work. You can't expect me to believe that the perl 6 team can't work on that. There's so much misunderstanding here about how open source works, I'm going to ignore the ways that Perl 5 has benefited from the process of creating Perl 6. The problem with Kievsky's assessment is that it assumes that: * contributors are finite * contributors are interchangeable * contributors can be directed. All three are wrong. First, there is a *vast, unbounded talent pool*. The set of people available to work on Perl 6 is not limited to those who would otherwise be working on Perl 5. It's not as if there's a box of people that cannot grow or be added to. There are many contributors who have joined the Perl 6 project without having ever worked on Perl 5. In this instance, Perl 6 has actually brought people into Perl under the Perl 6 banner. Second, *not everyone can work on the same parts of different projects*. The tasks on Perl 6 may well be very different than the Perl 5 improvements that Kievsky would like to see. I have been contributing to Perl 5 for years, but I'm not at all available to help on the Perl 5 tasks he wants, because they're not in my area of expertise. However, I can help a lot with Perl 6 tasks, and not just programming. Parrot and Perl 6 are a better fit for me. Finally, and most disturbing, Kievsky seems to think that by wanting something badly enough, people will work on those tasks. Unfortunately for this idea, *there is no one directing Perl 5 development tasks*, and nor can there be. Open source contributors are volunteers. They work on what they want to work on. Even if I was clamoring for those Perl 5 improvements, I'd rather keep a great programmer working in the Perl community working on Perl 6 rather than leaving Perl entirely because there was no work she felt like doing. The only way to get a feature added to Perl 5, or any open source project, is to write it yourself, or to encourage others to work with you on it. It's the way of open source. Perl 6 and Perl 5 development work are not mutually exclusive. Work will continue on Perl 5 long after Perl 6 has hit prime time.
  • Perl coming to Android phones

    *By François Charette* [Android is an operating system for mobile phones](http://www.android.com/about/) that runs a modified Linux kernel and the Java environment. The Android Scripting Environment (ASE) allows you to edit and execute scripts directly on the Android device. Until now only Python, Lua and BeanShell were supported, but a [request was filed to add Perl as well](http://code.google.com/p/android-scripting/issues/detail?id=32). Recently, [support for Perl was added to the development tree](http://code.google.com/p/android-scripting/source/browse/#hg/perl), and today that feature request was closed, and is part of OSE 0.11 alpha. This means we can expect that Perl will be officially supported on Android with the next stable release of the ASE. It will then be possible to write neat Perl programs on an Android phone, like this ["hello world" example](http://code.google.com/p/android-scripting/source/browse/perl/ase/scripts/hello_world.pl). *François Charette is an independent scholar in the humanities with a passion for Perl. He is the initiator and co-developer of [Biber](http://biber-biblatex.sourceforge.net), a BibTeX replacement written in Perl.*
  • Community contributions for those who don't feel rockstarry enough yet

    Mark Stosberg kicks ass. Note only is he a driving force in CGI::Application, he’s also working on some scutwork in CGI.pm. He got privileges to the CGI.pm bug queue and has closed 100 of the 150 bugs in the queue. (He’s also done this for me with the WWW::Mechanize queue, too)

    Read on →

  • Hide your unnecessary details from the user

    Too often I see user-facing text that includes far more detail than is necessary. My current example is this web app where I can upload files for my expense reports. The help screen tells me:

    You can attach the following types of files:
    • Portable Document Format (.pdf)
    • Joint Photographic Experts Group (.jpg or .jpeg)
    • Graphic Interchange Format (.gif)
    • Tagged Image Format (.tif)
    • Windows OS/2 Bitmap Graphics (.bmp)

    Why why why do they bother giving those unnecessary explanations of what the file extensions mean? What they really mean is:

    You can attach .pdf, .jpg or .jpeg, .gif, .tif and .bmp files.

    Has anyone ever said "Hey, Bob, can you send me that Joint Photographic Experts Group file?" No? Then why do you think that people want to read it?

  • Help end licensing under &#8220;same terms as Perl itself&#8221;

    I've posted before about the problems with "same terms as Perl" licensing, not the least of which is the question "which version of Perl are you referring to?" I bet that most people who use "same terms as Perl itself" used it for the same reason I did: because it was the easiest way to do it, and I was lazy.

    So to help out my lazy sisters and brothers in Perl, here is a block of POD that you can go paste into your modules right now, all formatted and pretty.

    Copyright 2005-2009 Andy Lester.
    This program is free software; you can redistribute it and/or
    modify it under the terms of either:
    =over 4
    =item * the GNU General Public License as published by the Free
    Software Foundation; either version 1, or (at your option) any
    later version, or
    =item * the Artistic License version 2.0.

    You'll want to change the "Andy Lester" part. I don't want to take credit for half the CPAN.

  • Perlmonks users, your passwords have been published

    Just in case you missed my Tweets about it, or don't read any other Perl blogs, or didn't receive the mail sent out from Perlmonks, Perlmonks was compromised. Passwords for users were published to the net. Carl Masak has this [analysis of the passwords](http://use.perl.org/~masak/journal/39373) and their weakness. It's clear, too, that many of the passwords were standard passwords meant to be used on multiple sites.
  • Updates to perl-begin.org

    Shlomi Fish wrote in to tell about updates on the site for Perl beginners with which he's involved:

    After the last news item, a lot of work was invested into Perl-Begin.org, the Perl Beginners' Site, making it even better than it used to be. Here's a summary of the changes:

    We hope you enjoy the new Perl Beginners' Site and please recommend it to your friends. All content on Perl-Begin is made available under the Creative Commons Attribution Licence which allows almost unlimited re-use.

  • My to-do list always grows post-OSCON

    Every year at OSCON I come home with a head full of ideas, and better yet, a huge list of new things to work on. Since [the book](http://www.pragprog.com/titles/algh/land-the-tech-job-you-love) is now done, and OSCON is now over, there's a chance I could work on them. * Ack plug-ins * I've been wanting to have plug-ins for [ack](http://betterthangrep.com/) for at least a year now, and I've connected with a number of people like Randy J. Ray who are on board to help me out. First task: Move it on over to github. * Coverity scans for Parrot * Met with David Maxwell of [Coverity](http://coverity.com/) and he fired up the Coverity bot for Parrot, and now I have new niggling bugs to pick at. * PR work for first big release of Rakudo * There will be the first major release of [Rakudo](http://rakudo.org) in spring 2010, and I got some plans going with Patrick Michaud to figure how we were going to build up buzz for that. I also have the notes from Damian's Perl 6 talk which are a fantastic summary of Perl 6's cool new features. * Human Creativity * Julian Cash has been having Jos Boumans do all his Perl work for the [Human Creativity](http://humancreativity.org) project, but I offered up my services to do whatever he wants. Turns out the Julian is also working with Devin Crain, who I've known for years in an entirely non-geeek context. * Hiring horror stories * Got some great response to [my talk on job interviewing](http://en.oreilly.com/oscon2009/public/schedule/detail/8074), and as always the stories resound the most. I talked to a few people afterwards who said they'd give me some horror stories I can run on [The Working Geek](http://theworkinggeek.com) as instructive examples of how not to do things, and why they're so awful. For those of you leaving OSCON, what tasks did you just assign yourself in the past week?
  • Quickies from Wednesday, OSCON 2009

    I'm sitting in the communication lobby on the fringe of the p5p meeting discussing potential ways of doing releases for Perl 5. It's quite a brain-dump of Perl 5 names: Chip Salzenberg, David Adler, Patrick Michaud, David Wheeler, Robert Spier, Paul Fenwick, Jacinta Richardson, Tim Bunce, Michael Schwern, Ricardo Signes and Jesse Vincent. Here are twelve brilliant programmers in the Perl world, and they're talking about a rancorous topic, but there's no anger, no animosity. The talk is honest and frank, but the benefit of having everyone present is clear. It makes me happy to see. In sessions today, Jacinta's survey of Perl frameworks was great, in that it was pragmatic and aimed directly at the programmer wondering "What should I do my next talk in?" I skipped out early on Tim Bunce's Devel::NYTProf talk, but I've seen a couple of tweets being very impressed with it.
  • What should the world know about Perl?

    *Jim Brandt of the [Perl Foundation](http://www.perlfoundation.org/) writes for input from the community.* At OSCON this year, on Wednesday night at 7 PM in Exhibit Hall 3, I'm participating in a Language Roundtable Session with representatives from some of the other popular open source languages. We're going to talk about some of the best and worst features of our preferred languages and how well they perform with different types of application development. [http://en.oreilly.com/oscon2009/public/schedule/detail/9380](http://en.oreilly.com/oscon2009/public/schedule/detail/9380) I know why I love Perl, and there's plenty of new activity in the "modern" Perl community to talk about. This is a great chance to let everyone know what great strides Perl has made. It's a chance to get people to take an up-to-date look at Perl. However I don't want to waste any time on "worst" features in other languages. So what are the best features of Perl today? What do you want the OSCON audience to hear about?