use Perl

Wellington Perl Mongers had a fun evening last week - our annual Lightning Talk meeting. As usual the talk schedule was looking pretty thin in the days leading up to the event but with a bit of encouragement people did step up and the evening went well. The talks covered a range of Perl modules; a bit on Erlang and CouchDB (thanks Lenz); mountain biking and mapping (Donovan); and Perl on the iPhone (Tobi). We even got to see the beginnings of Matt's robot army (doesn't look like we have anything to fear yet) and Srdjan gave us his sermon entitled "If statements considered harmful". I asked Matt to take some photos. The lighting wasn't great so not many came out but here's a montage.

As a group, it's clear that there's one key thing we can all do to improve our delivery - turn and face the audience. The one exception pictured is the guy speaking without slides.

Cross-posted from my blog

This Tuesday evening (Feb 10th) Wellington Perl Mongers are very pleased to welcome Jacinta Richardson and Paul Fenwick from Perl Training Australia. They're over here on vacation (as well as for Baa Camp) and have kindly offered to come along and speak at our February meeting.

As usual, the meeting will be hosted by Catalyst IT (150 Willis Street) and the start time is 6:00pm - bring a friend.

A colleague encountered an odd problem the other day. It took us a while to realise what was going on, you'll probably work it out much quicker ...

Here's a simplified version of what we were dealing with:

    use strict;
    use warnings;

    eval {
        my $obj = SomeClass->new();
        die "Code Red!\n";
    };

    if($@) {
        print "Exception caught: $@\n";
    }
    else {
        print "No exception occurred\n"
    }

We both expected it to output:

    Exception caught: Code Red!

but instead we got:

    No exception occurred

You probably worked it out straightaway but for the record, here's what was happening ...

The die statement did generate an exception and the message was stored in $@. Of course the code in the eval block stopped executing immediately but when control flow exited the block, any lexcial variables declared in the block went out of scope. In this case there was only one: $obj. What we didn't realise is that $obj's class defined a destructor method ('DESTROY'). This method is called when the object goes out of scope and apparently in our case the method wrapped something in an eval. Whatever that something was, it completed without generating an exception, so $@ ended up empty - indicating no error and overwriting the exception message that our code put there.

So, if you write a destructor method and it needs to use eval, please remember to use local($@) to restore the previous value of $@ when your routine completes.

Cross-posted from my shiny new blog

I'm visiting Australia for OSDC2008 in Sydney. It's been a pretty good conference so far and there are a few interesting talks lined up today before I jump onto a plane back to New Zealand this afternoon.

Wednesday kicked off with a fun talk from Chris Dibona which was essentially a bunch of interesting anecdotes from Google. Then I went along to see Michael Neale talk about rule based systems. It seems like a technology that should be highly applicable to my current client - but only if we rewrite their system from the ground up :-(. I'll have to think about how we could start to take advantage of this stuff in a smaller steps.

I was also fascinated by Clifford Heath's talk on semantic modelling. He presented well and clearly has put a lot of work into it. The talk followed a bottom-up sort of approach to introduce concepts that built on each other. It probably would have benefitted from a top-down bit as well. That would have given the audience more of an idea of where the talk was heading and given them a framework to hang the lower-level concepts onto.

My first talk was Wednesday afternoon and looked at the theory and practice of Test Driven Development. Unfortunately the accompanying paper was accidentally omitted from the printed conference proceedings but you can download it from my web site. I think I managed to avoid embarassing gaffes and the talk seemed to be well received.

Jacinta was up next with a good round up of Perl MVC frameworks. David Fetter did a good talk on DBI-Link in Postgres 8.4 but since we have yet to get our client up to 8.3, I think I'll defer getting too excited about that one. The lightning talks and the conference dinner went well and Anthony Baxter's dinner talk was highly entertaining.

Thursday was a quieter day for me. There weren't a lot of talks that appealed to me and a couple that I did go to were disappointing. Of course some of that may be my own fault - my head was a bit fuzzy from a late night and lots of beer. Jonathan Oxer had a couple of good talks that led me to doubt his sanity but they were very entertaining. After the lightning talks the Sydney Perl Mongers organised an outing for more beer and food on Thursday night. That was great - thanks guys.

My second talk is later today and I've got to dash off early this afternoon to catch a flight back to Wellington. Looking forward to a few of today's talks.

Following news that chinese scientists have completed a face transplant, I commented that next time China hosts the Olympics they'll be able to have a six year old singer with a good voice and a pretty face. A colleague immediately came back with "Well they'll claim she's six".

We had the August meeting of Wellington.pm this week. Sam gave us his talk on the work he did converting the Perl source code history to git. It turned out to be a rather larger undertaking than he originally imagined. Sam was preparing this talk for YAPC::Eu but unfortunately the costs of getting there have proved prohibitive so he may just have to recast the talk as a chapter in his memoirs.

Next up, Brenda gave us a quick rundown on opportunities for networking with (open source) geeks in Wellington. In a novel twist, her presentation slides were a flickr photo set.

After Brenda's talk we had a lively discussion on strategies for dealing with an inherited codebase; code formatting styles; Perl best practices; the evils of misused subroutine prototypes; and interesting home grown config file formats.

To round off the evening, I gave a 'behind the scenes' talk on last month's HackOff competition. The focus for people on the night (and after the event) has been on decoding the datafiles for each of the problems. The focus of the talk was on how I went about encoding the data to produce the question files. There is strong interest in doing it again next year which means more work for me - but at least I had fun.

I was feeling virtuous for having finally made the time to address the RT queue for XML::SAX. After resolving 7 tickets I pushed out a new release and within about an hour I'd learned from the CPAN testers that the new release doesn't work with 5.6 (yay for CPAN testers!). The thing that's puzzling me is that I can't see how it ever worked.

Having compiled up a 'fresh' copy of Perl v5.6.2, I'm now able to see what the CPAN Testers are seeing. Here's a minimal test case:

$ perl -le 'q{TEST} =~/^[\x{0041}-\x{005A}]+$/ && print q{OK}'
Invalid [] range "}-\x" before HERE mark in regex m/^[\x{0041}-\x << HERE {005A}]+$/

The same thing works as expected on 5.8. The XML::SAX::PurePerl parser makes extensive use of this syntax (character classes which include ranges of unicode characters) to match productions such as these from the XML spec. It's been that way since 2002 and apparently working (modulo a few bugs). Indeed if I go back to the code in the previous release it passes all the tests - even with regexes that look like that.

I'm going to bed and hoping this makes more sense in the morning.

A client's web site that I support has a simple feedback form which emails the form submission to a number of business users. This form has become very popular with comment spammers despite the fact that nothing submitted via the feedback form ever ends up on the web site.

On Friday I added a simple anti-spam measure and was disappointed to discover that the emails continued to roll in over the weekend. After tracing back through various logs I discovered it wasn't my script at all! When we launched a new site design 3 months ago, I took the opportunity to consolidate a number of CGI scripts into the existing mod_perl application framework. The feedback form was tweaked to point to a new form handler URL. I left the old form handler script in place to facilitate easy rollback and assumed it would do no harm since there were no forms pointing at it. Duh!

So it appears that multiple bots have cached copies of the old form handler URL and the field names it used to expect - despite the fact that the original form disappeared 3 months ago.

Rule number 1 of web security says you can't trust the input data. In particular you can't assume the form that was posted is the one you provided. Unfortunately the comment spam continued to pass all of the old handler's validation rules, so it continued to sail through to email. Of course another key rule of web security is that your web site should not expose any code/functionality that is not essential for the running of the site. I guess I'll have to say mea culpa to that one.

My 4 year old Acer laptop died the other day. It just seems to be the hard drive but I had been thinking about replacing the machine anyway. I don't have the budget for anything flash and I needed something quick(!) so I ended up getting another Acer (Aspire 5920).

The machine came pre-installed with Windows Vista so when I powered it on I was prompted to "complete the installation process". That entailed answering some questions and waiting while updates were downloaded and of course rebooting a couple of times.

I don't actually have any desire to run Windows (except maybe for portability testing) so my next step was to download and install Ubuntu Hardy. Surprisingly, downloading a 700MB ISO, installing Linux and downloading updates took less time than "completing the Windows installation process". We're getting closer to a "just works" experience. Video (with fancy compositing effects) and wireless networking worked without any fuss at all. Audio works too but strangely only through the headphone socket, not through the built-in speakers. As it happens I generally only use the headphones so making the speakers work isn't a big priority.

Before my hard drive died, I had just started putting together an 'analysis' of how the teams in the Wellington.pm HackOff event solved each of the questions. After various setbacks, I hope to return to that task in the next couple of days. After that's done I really hope to have time to look at my embarrassingly long RT queues.