Larry Wall on Software Patents

At about 1:30 into the video…

Reports from OSCON 2013

Guess who and guess what? That’s right it’s Marcus once again, at OSCON 2013, the open source convention held annually in Portland, Oregon. There is no other gathering where you can find such a diversity of computer language and tooling expertise. To say that the open source world has a richer, more collaborative programming community than the commercial world isn’t just an understatement: it’s the very definition.

So, thanks once again to the University of New Hampshire for sponsoring this trip. I will try to return the favor by continuing to write software which will not require expensive licenses, be poorly interoperable, or tied to the whims of a single corporate overlord.

That said, let’s convey some actual information…

My first two days will look like this:

Monday morning – yet another introductory git session. I know. I take these all the time and still use Subversion. So shoot me. This talk is delivered by a github instructor. They evangelize quite well for git, as they should, and teach it very well too.

Monday afternoon – Optimizing Your Perl Development by Damian Conway. Can’t *wait* to see Damian again. This session has a good chance of being the highlight of my week.

Tuesday morning – Web Accessibility for the 21st Century. I am wondering, what year will “…for the 21st Century” stop seeming forward-looking? 2020? 2050? Is there a rule about this?

Tuesday afternoon – Backbone Workshop. Backbone is a Javascript framework to facilitate the writing of a fatter client in the browser while avoiding typical Javascript pain points.

Day 1

Getting Started with Git

I’m spending much of this session aping the exercises to ‘git’ some practice.  See what I did there?  Anyhow, that’s why I’m not writing much about this session, but here is a tiny detail about git (vs. SVN):

Ignoring files in SVN is done via the svn:ignore ‘property’; in git, you create a .gitignore file, which git looks at to know what to ignore. Add and commit .gitignore itself as well. I’m not sure which approach to prefer, but there they are.

This is perhaps my third stint in a beginner’s git class.

Damian Conway’s Development Talk

Neat new tool from Damian called ‘polyperl’, which, in conjunction with Perlbrew, allows you to designate *exactly* which version of Perl your program is running, using the normal ‘env’ on the shebang. It look like:

#!/usr/bin/env polyperl
use 5.012;

Note that ‘use 5.012;’ *without* polyperl in the shebang would only ensure that the *minimum* version you run will be 5.12. Specifying the actual version, no greater and no lesser? Polyperl! Someday Perl will have this natively, but live for today people, and use the Perl and nothing but the very Perl you want.

[skipping a bunch of vim tricks and plugins here...]

Recommendation: Method::Signatures. Damian prefers it over Params::Validate. I’ll have to check to see if it can be used without dying on validation failures (checked: it appears it can). I should probably mention what these modules do. They help you validate that the variables being passed to a subroutine are correct in number, type, etc.

Recommendation #2: Getopt::Euclid as a replacement for Getopt::Long (or any of the other 3,000 modules for writing CLIs on CPAN). This is one of Damian’s own. Cool thing about Getopt::Euclid? The way you define the incoming parameters is to *write the POD documentation* for your CLI. That’s right! Getopt::Euclid reads your POD and uses it as the interface declaration. Gorgeous. Can’t get away without documenting *that* now can you?

And now, I am laughing inside. Damian has his CPAN build/test/release process completely automated. I’ve done the same general type of work to release/deploy my own code to UNH production environments in a scripted, less error prone way. It’s pretty clear that years of reading and listening to Damian have affected me. I am now just as crazy as he is, if only 1/100th as clever.

Day 2

Web Accessibility

It’s now Tuesday morning and I’m in the web accessibility session mentioned above. One point that is being hammered home from the start: there is no standard that’s a silver bullet for accessibility. Many ‘official’ accessibility guidelines, even if met to the letter, don’t *actually* address the problems that users are having in accessing and understanding the content on your websites.

Also, a website which is accessible in one way, for a certain disability, is often totally at odds for being accessible to another disability. Those things are depressing, but they are the truth. If you’re designing, or redesigning, for accessibility, the best approach is to use real assistive technology tools.

NVDA for Windows (a screen reader for the blind) is particularly useful in that as a sighted person, you can turn off the audio and simply have the reader log the text that it *would* read in a separate window. This shows you the ‘flow’ of your page from a screen reader’s point of view, without the constant screen reading chatter. Screen readers are intensely annoying if you don’t absolutely need them.

One useful piece of advice: use page headings, but not to excess. Here we are talking about the h1, h2 etc. HTML elements. Use them as intended as a general outline for your content, but don’t overdue them for design purposes or whatnot. A screen reader user will be using these to hop around to the different logical sections of your content.

A website highly recommended by the speakers: WebAIM.

Another key approach to accessibility testing is mouseless navigation. Stick to the keyboard and you’ll get a much better idea of how the elements flow on your pages. Use the ‘tabindex’ attribute to fix such flow issues.

Coming under severe criticism here: carousels and privileged links…

Carousels: carousels are rotating or self-changing images or content. These are apparently hell on accessibility, for an obvious reason: elements of the page are moving around on their own. We commit this sin on unh.edu itself, despite the very nice design. Perhaps we have something in place to mitigate this for those using assistive technologies? The experts here say to avoid them wholesale. Hey, I didn’t realize it either.

Privileged links: links that, when clicked on, do not grant access to the resources behind them (even with login). A typical message would be “you do not have permission to access this resource” or similar. Repeat offender? Sharepoint. I’ve always despised this. The geniuses at Microsoft probably call these ‘teasers’ or something. Don’t tease me, thanks.

Backbone.js

Backbone.js is an MVC (Model-View-Controller) Javascript framework.  There are approximately eight thousand of these coming out every week these days (slight exaggeration).  Aside from separation of concerns via the MVC approach, Backbone.js and other similar JS frameworks focus on moving state management to the client side.  This means getting away from the request/response model that even AJAX employs.  Instead, the client says ‘Saved!’, and *then* sends the data to the server.

I know.  Sounds dangerous.  But there are ways of handling errors with this approach.  The whole goal is raising the perceived performance of an app.  Milliseconds matter, which the speaker supports which such figures as: if Amazon pages load just 100ms slower than usual, they lose 1% of sales.  That’s compelling.

Another thing Backbone.js brings to Javascript programming is better scoping, which is absent in JS.  By default, you are generally searching the entire DOM (think: an entire webpage) for an HTML element that you’d like to work with.  This narrowing of scope means selectors are greatly simplified and you get further separation of concerns.

The speaker seems to be assuming that we studied for this or something.  The exercises are like Go!  … with no ‘Ready… Set…’.  I think the majority of folks here spend 90% of their time writing Javascript on similar frameworks already.  With about 10% of my time allotted for Javascript, I’d need to move a bit more slowly until I get comfy.  (Let me take a moment to express my envious hatred for natural polyglots who see new syntax and immediately parse it effortlessly. I hate you.  I’ve always had to work for it.)

Yeah… he’s literally explaining the exercise *after* we’re suppose to have finished it.  What?  I’m not psychic, man!

Still, it’s a good talk, and I’m picking up the spirit of things.  I can see that somewhere down the road, I’ll likely be using of the 8,000 JS MVC frameworks.

Note: things like Backbone.js work at a slightly different layer of abstraction as jQuery, which is *also* called a Javascript framework.  In fact, Backbone.js works in conjunction with jQuery.  jQuery provides better looking code to write JS in, while something like Backbone.js helps wrangle the overall structure of a large client-side application.  That’s a gross over-simplification, but… gross and simple are two things I do well.  :)

Day 3

The convention proper really starts on Day 3, today, with some relaxing keynote talks attended by all.  There are a couple thousand people here, ballpark.

First there was a neuroscience/AI guy who actually got me excited about the state of brain research for a few minutes.  Next up, a Facebook honcho.  No matter how much I may resent Facebook and distrust the current look of ‘social’, it can’t be denied that Facebook is a more modern company than, say, Microsoft or Oracle, in its disposition towards open source.

If you are reading this and remain a bit unsure about the open source approach, let me take a moment to explain why a company like Facebook would open some of its coding projects to the world.  Wouldn’t this reveal trade secrets and squander the intellectual property value they’ve created?  Not really, as it turns out.  The code they are open sourcing is attacking difficult problems such as the scaling of big data storage and delivery.  These problems are nowhere *near* perfectly solved.  By open sourcing these code projects, Facebook can attract meaningful contributions from other interested companies like Intel and Broadcom.  This collaboration raises all boats without diluting the core competencies of each company.

What’s even cooler about open source is that *even little guys like me* have access to that work.  Had I more entrepreneurial spirit, I could fuel a startup on the very code running some of Facebook’s systems today.  I could contribute my own R&D back to the project.

That’s how it works.  You might also check out this amazing open source effort for another perspective on the kinds of problems open source can help us all to solve together.

Back to the keynotes… just saw an incredibly futuristic demo of a flying drone being controlled by open source Clojure code.  This drone hovered as well as any Hollywood robot has ever hovered, could recognize images, stream video, recognize faces… you name it.  Audible “wows” in the audience, one of which was mine.

Final keynote (after a good one from In Bloom, who are here to open source their work) is Mark Shuttleworth, founder of Ubuntu.  He’s talking about Ubuntu’s one-OS (very Windows 8ish) approach to unifying user experience across all types of devices.  But of course, on Linux.  Now he’s talking about Juju, a tool for deploying and connecting various software infrastructure elements (think MySQL, Cassandra, MongoDB, WordPress, etc… whatever your cocktail may be).  Pretty amazing level of automation.

Shuttleworth just called Mac OS X (perhaps the primary Ubuntu competitor, if you think about it) “the gilded cage”.  Great line.  But gilded it remains, by comparison, for the time being…  and they know it.  He was in the process of announcing Juju for Mac OS X.

The first focused session of my day is about Asterisk, an open source PBX.  Asterisk has been around for quite some time and is very mature.  Although we are invested in Avaya at UNH, I myself can definitely benefit from any PBX-related knowledge, as a non-PBX-expert in the Telecom group.  It’s possible we could add Asterisk as a sort of sister system connected to the main PBX, to offer discrete features that we are otherwise unable to provide (or unable to provide cost effectively).  It does call queuing!  Neat.

I once wrote a CDR reporting app on top of Asterisk, almost ten years ago now.  It was not open sourced by the company I worked for.  Looking around, there is so much more available out there now.

The speaker is recommending Wireshark’s advanced VOIP diagnostic features.  Never realized Wireshark had stuff as specific as this.  Also ‘ngrep’, for ‘network grep’, a sort of filtering tool for tcpdumps similar to some of Wireshark’s functionality.  Now ‘sipp’ which is a SIP performance testing tool.  Now ‘sipsack’ for generating specialized SIP packets for troubleshooting purposes.  It’s good to know these tools are out there in case I’m ever asked to work on this stuff, which is always possible.

Of all new PBXs deployed in North America today, 16-18% of them are Asterisk.  One guy in the audience suggests it’s closer to 35%.  The FAA is looking at it as a possible solution to connect control towers.

Next up, a session on running on your company’s internal applications using open source practices.  We are collaborating more and more across IT units at UNH, as the desire for better interconnected systems grows.  The speaker begins with how to deal with the necessary communication overhead involved in working together.  Some key concepts are transparency (work in the open, make your code source examinable across organizational units, govern projects in the open), quality (code reviews, good testing), community (points of contact outside your primary team).  This latter point she illustrates can lead to good people staying longer at a company, having connections across business units.

The central concept is “internally open source”.  Yes, please!  We would gain ridiculous efficiencies if we did this, I think.  Silos are full of nothing but corn.  :P   I am sure we have countless shared needs that would be opportunities to work smarter, not harder.  A small DevOps swat team could do wonders in this area if we could dedicate the resources.  The speaker is expounding on that very thing: a core team which “owns” (think of ownership loosely) all centralized code for an organization.

Note that the above is not geared towards homogenizing our various codebases.  Different coding standards and technology choices can be applied on a project by project basis.  We can continue to pursue diverse approaches while doing this.  It’s important to preserve the evolutionary advantage of using diverse technologies while centralizing certain efforts.  <– Yes, this is a challenging balance to achieve, but the first step is to be mindful of it.

Belly full of lunch now, the next session for me is Randal Schwartz’s Half My Life With Perl.  My four planned afternoon sessions are in fact all on the Perl track.  That is part of what’s great about OSCON: you can fill your own schedule with talks most pertinent to your work or interests.  As always there is a strong contingency here for Perl.  After all, OSCON started off as just The Perl Conference way back when.

This autobiographical talk from Randal is a bit unusual as these talks go, but, very interesting to us Perl folk.  Perl has a few more years of history behind it than most of the projects here.

Next up: Start Contributing to Perl, It’s Easy!  This is a good overview from a relatively (2007) new Perl community member.  I have a grand total of 1 patch accepted on CPAN, but that’s one more than I did last year at this time.

I am pumped for the next session: Carton: Manage CPAN Dependencies Without The Mess.  Carton is a tool I am hoping to use within the next year in conjunction with Perlbrew, cpanminus aka cpanm (also written by the speaker), and Damian’s polyperl, mentioned way up above.  Armed with all these goodies I hope to create my first set of discrete Perl stacks on the same box, each running their own chosen version of Perl core, and its own CPAN module dependencies right down to the module versions.  This panacea has eluded me for some time, but luckily Miyagawa is hard at work to make my life better.

“Dependencies are part of the app.”  Yup!

Note to self: run ‘carton check’ as part of the IX::update() routine, and if there are installations to perform, run ‘carton install –deployment’ or ‘carton install –cached –deployment’.  This is going to be like butter!  Mmmmmm.

Day 4

First session for me is: Evolutionary Architecture and Emergent Design, which sounds fancy.  He has an interesting graph up showing the relative complexity (complexity-per-line) of a code base over time.  Add features tends to increase complexity, refactoring (paying off the technical debt) lowers it.  He makes some good arguments for component-based architecture and against over-engineering early in a project.  A high level talk but engaging.

Next up, Dealing With Multiple Types of Input in HTML5 and Javascript Code.  A good reminder to start using the HTML5 input types that touch browsers will offer different keyboard options for: ‘email’, ‘tel’, ‘url’, etc.  But the talk focuses on ‘pointer events’ which are vary much like mouse events except you can get fine-grained control over touch, pen or mouse inputs specifically, for instance, tweaking game play dynamics in an HTML5 game based on the type of input being used.  There are also ways to test for touch pressure and the orientation of the device.  So this is the basically the next generation of event handlers which account for the new generation of input devices.

Belly full of lunch, I will now be hearing about The Perl Renaissance from Paul Fenwick.  Paul is a fun Australian who can often be seen in a funny hat.  He is reminding us of some great tools such as cpanm, perlbrew, and Dist::Zilla (for CPAN authors).  Now some talk of Moose and Moo, and another positive word this conference for Method::Signatures.  Now a reminder about a feature available as of Perl 5.10: named captures from regular expressions (a good description of these can be found here).  This frees you from having to use ordinality in capturing string matches from regexes.

And now for Ricardo’s (the Perl Pumpking) update on Perl 5.  This is really the Perl 5.18 changes update I saw last month, some of which I covered in my Reports on YAPC::NA 2013.  Can’t wait to get my stack upgraded.  But, one step at a time.

Day 5

Thank goodness they schedule Friday to break earlier in the afternoon, because after 5 days of conferencing I really am shot. But today does have my most anticipated session, the Damian Conway Channel. He has a new module called Running::Commentary which is a nice way to write scripts that have lots of system commands. I could see using this for something like Oracle database backup scripting. Lexical::Failure is a way to give your module users a choice of return types upon failure, rather than imposing an undef, a die, or anything. Lexical::Hints is an advanced way to implement debug statements, which could even be code references. Lingua::EN::Grammarian is a fairly ambitious attempt to find grammar (not spelling… grammar) mistakes in English text.  He’s got it plugged into vim.  Wow!

Next up: BASH As A Modern Programming Language from an eBay guy.  He is explaining why eBay selected BASH to write a utility to set up user environments to run their specialized web framework (surprise!  eBay has a custom web framework).  Reason #1 is portability as expected, BASH being the default shell in all major OSes except Windows, which can run it via Cygwin… so no problem there either.  As a shell, it easily calls other binaries (perhaps even the runtime of other languages) and all languages have a way to call back out to the shell.  This talk is reminding me how badly I want to avoid ever trying any serious programming in BASH.  Gosh, what a clunky and confusing language.  Tip of the hat to Mario Malizia who has worked wonders with BASH in the creation of CMU (ECG’s venerable Code Management Utility).

My final session of the conference is on Secure Open Source Development, from a Red Hat guy.  This is a high-level discussion of how to communicate about security issues proactively (before release) in the open source development cycle.  Red Hat in particular has a huge challenge because they are pulling hundreds of projects from various communities into their releases.  He makes the fairly obvious point that things like static code analysis (programs that analyze code for security) are the future of the field.  These tools exist in the present but are far from perfect; manual audits remain necessary.  Unsurprisingly, security hasn’t become a whole lot easier in 2013 than it was in 2012.

Well, that concludes my visit to OSCON this year.  As usual the week flew by.  The hardest part was paying attention to each session while dying to try out something I’d learned in the previous one.  So now I’m taking a little time to play around with cpanm/perlbrew/polyperl/local::lib before lunch and perhaps a dip in the hotel.  Life is good!

If you read this far, congratulations, you’re a nerd.  If you’re *that* interested in this stuff then I hope you’ll consider going to OSCON yourself next year.

Reports from YAPC::NA 2013

Here I am again at YAPC (Yet Another Perl Conference), which I pledge to blog, as always, to the extent allowed by my attention span. I arrived here in Austin, Texas yesterday. The birds here are loud and aggressive, and the weather is nice.

YAPC::NA 2013

If you’d prefer not to read my drivel and instead eaves drop on the conference itself, check out the live feeds.

Day 1

The keynote speaker this morning is reviewing 25 years of Perl, the last 15 of which I’ve been along for the ride. Time flies. I am currently forgiving myself for writing my own web framework in Perl, being reminded that Catalyst (probably the leading Perl framework today) was only three years old and not particularly mature when I was looking for such a solution.

First focused talk: Bruce Gray, “Exception to Rule“, about… yup, exceptions, in lieue of returned errors, for error handling. He’s talking about the frustration of a module throwing ‘die’, and of course, the utility of ‘eval’. The bottom line is however that the Perl 5 core still does not boast a consistent error handling approach.

“It is almost always better to die than to give the wrong information.” (which includes silent failure)

Another recommendation for autodie (wraps all core IO keywords to return exceptions rather than whatever they do natively) as well as Try::Tiny (for more advanced handling).

When writing a module however, it should be the user’s (higher-level programmer’s) choice as to what style of error handling to use, and for this Damian Conway will be revealing a Lexical::Failure module which module authors will be able to use to offer this choice to users. Apparently this will be introduced at OSCON.

Next up, John Anderson on how to Automate Yo Self. First he offers a common suggestion to manage your home directory and shell config with source control. He’s also written a few tools such as App::GitGot, for help managing multiple git repositories. These are some fairly specific tools which I won’t list out here. Lastly he recommended tuning your text editor to save you time.

After lunch, I am listening to Curtis Poe on his new module Test::Class:Moose. I’m not a Moose user yet (translation: I don’t always use objects in Perl, but when I do, I don’t use Moose. Stay thirsty, my procedural friends.). However, I am very likely to encounter Moose in the future, so this might come in handy. People have been using Test::Class to test Moose, but this new module irons out a lot of the cruft and edge cases when just using Test::Class.

Now, Bill Humphries on Perl Meets Modern Web UI. He’s demonstrating the idea of a ‘single page website’, which means, after an initial full page load, the rest of the calls are AJAX. I’ve never really done this… I use AJAX opportunistically when it makes sense… and to be honest I don’t think the pros of ‘singe page website’ architecture quite outweigh the cons (I realize I am omitting most of both here since I can’t type that fast). The one compelling reason he did provide was for situations where you want to offload much of the work to the client, because your server (example: cPanel in shared hosting environments) has limited resources and needs to use them sparingly.

Time to finish off the day with Larry Wall’s keynote, which he has entitled “Stranger Than Fact”. Good quote: “We’re not only stranger than we imagine. We’re stranger than we can imagine.” Larry is the creator of Perl.

One thing I didn’t imagine was that Larry would announce he has prostate cancer. Here’s hoping he makes it out of this ok. There is much love in the room for this man. This is the cult of TIMTOWTDI (“There Is More Than One Way To Do It”), the cult of personal freedom in computing, and he is inarguably our leader. He spoke of his cancer, of programming language design, of the emerging codes of conduct at tech conferences. None have articulated my feelings about this latter better than Larry, who contrasted Law (the codes) with Grace. Have a big soul, he says (I paraphrase)… big enough that they can grind away as much as they want and you’ve still got more. That’s Grace.

I’ve rarely, if ever, encountered a person with such interdisciplinary reach in his worldview, someone not only with a deep technical mastery, but the ability to connect this with philosophy, cosmology, spirituality. Pfft, you say, I’ve seen that in a TED talk. No, you haven’t. Larry pulls this off with a down to earth humility that’ll make you feel both unworthy and totally welcome at the same time. All I can say is, long live the King! Long live Larry Wall and Perl.

Okay… there were also lightning talks after Larry. I’m no lightning typist, so, I give you this single highlight:

“Sufficiently encapsulated ugly is indistinguishable from beautiful.” -Matt Trout

Day 2

To start off the second day, I am in a session called Hack Your Mac With Perl by Walt Mankowski. First we are covering the OS X concept of ‘services’, which govern inter-application communication. These are not to be confused with Windows services– different mechanism entirely. First, download an app called ThisService which aids in the service creation. I can see myself using this. In the end, you get: a Perl script that is key-bindable to process highlighted text. Nice.

Getting rid of services is tricky; try something called ‘Service Scrubber’ for this.

Next he is talking about ‘FSEvents’. This is what tracks changing files/directories for apps like Spotlight and Time Macine. For this we use a module called Mac::FSEvents. Triggering a Perl script when something in the filesystem changes (an ‘upload this’ directory, for instance); I could see myself using this someday too. Nice talk.

Now it’s time for Tim Bunce’s talk about Profiling Memory Usage (in Perl). This is a highly technical session. I’m no expert on Perl internals but I like to hang around and pretend I know what’s up. Tim has written a module called Devel::SizeMe. Wow. He’s actually doing graph visualizations of nested data structures and the memory allocated for each element of each array, hash key/value pairs, etc. Also subroutines! Dizzying levels of detail here. It’s amazing to visualize the amount of memory/pointers that are set up by the interpeter even for a Perl process that does exactly nothing.

Now Liz is presenting an overview of offshoot projects across Perl history entitled Perl’s Diaspora. This covers Parrot, Perl 6, Rakudo, various VM projects targeting both Perl 5 and Perl 6, etc. Most of this is not worth recounting here despite being a great summary of the many and varied Herculean efforts by some of the smartest members of this community. If you have an interest in this stuff, you have probably already been following it.

Next up: Unicode Best Practices, a talk from Nick Patch. Unicode is notoriously difficult to work with, but you’ll have to if your applications need to be internationalized. Perl has some of the best unicode support among programming languages. First off, put use utf8 at the top of your program, which will indicate that your source code itself will use the utf8 encoding. This frees you from having to use escape sequences and external reference tables. This is perhaps how I ought to approach a problem we have at UNH with our SOAP services; XML loves to barf on invalid characters and much of the data we’re shucking is user inputted.

Note: with utf8 on, don’t use

\d
in regular expressions, use
[0-9]
if you’re really only looking to match on standard ‘western’ digits. Because yes, even digits look different in many languages.

The properties matcher,

\p
or non-matcher
\P
can be used to match or not-match ASCII like so:
\p{ASCII}
Super useful, there.
\p{L}
stands for letter, and there are a number of incredibly useful properties matches (such as for currency symbols etc.).

Although internationalization is obviously a challenging aspect of programming, I really hope I get to tackle it at some point. Breaking down language barriers and unwinding that whole Tower of Babel (Babble? heh.) thing just seems like a noble application of labor. Babble on! (Babylon?)

After my first (I know! I’m sheltered…) meal at an Ethiopian restaurant (yummy) with a couple fellow hackers, I am now at Auditing Open Source Perl Code for Security by John Lightsey. Not seeing any code yet–so far, this is high-level “how to plan a security audit”. Now he has moved on to, once you have discovered a security vulnerability in a piece of open source code, what are the various options for disclosure (or less ethical options involving non-disclosure). So, this is more of a community management talk than a technical talk.

Wait, no… now he’s showing some of the vulnerability reports he’s given to CPAN module authors, some fixed, some not. Glad to see I’m not using any of the unpatched modules.

Now Karen Pauley will give an update on what The Perl Foundation has been up to in the past year. This was mostly a review of grant applications and money distribution, which I won’t recount, but various Perl efforts are always open to donations. Considering the extensive use of Perl in our systems, I would love to see UNH consider throwing a few bucks in this direction.

Onward we go… now listening to the ever-entertaining Matt Trout on Architecture Automation, One Alligator at Once. The thrust of this talk is how, when hired to consult on a codebase that needs an overhaul, and especially when all knowledge of said codebase has left the building, what investigations should you apply to learn about what in heck you’re dealing with? Dist::Surveyor is a notable mention here, which will tell you as best it can what your entire module dependency list is.

Finally, today’s keynote from Stevan Little is Perl – The Detroit of Scripting Languages. His main point is that when the Perl 6 design and implementation process began in 2000, Perl 5 development stalled. This is largely due to a not-entirely-wrongheaded commitment to preserving backward compatibility. But that can make it pretty tough to move forward, too.

Day 3

I’m starting off my third conference day with A Date With Perl (great title), a talk from Dave Rolsky who maintains the DateTime suite of modules. I saw Dave speak at YAPC::NA 2007 on this topic as well; the guy deserves a Presidential Medal of Honor for doing this work. When you realize that not only are there leap years, but leap seconds, and when you are told that there is an ‘EST’ time zone in both North America and Australia, and knowing that time zone and daylight savings time changes are at the discretion of politicians… you start to get an appreciation for Dave Rolsky. Don’t try to do datetime calculations by yourself, EVER, use a library like DateTime.pm, so you can get the benefit of all the hard work that’s been done for you.

And by the way, date and time related edge cases listed above are just the tip of the iceberg. There are hundreds if not thousands of weird exceptions to the rules that govern when. Don’t go it alone.

Dave’s jokes are hilarious; too bad it’s so early for a lot of the people here. These deserve more laughs.

Side note: I am sure a lot of people at this conference hold degrees and advanced degrees in computer science, but I haven’t actually spoken to one yet. Dave was a music major, I’ve been chumming around with a guy (about twice as smart as me) who never went to college, met another guy who majored in theatre like I did, etc. I love this field. I do work for a University, but clearly even UNH acknowledges it needs more IT help than it can find in credentialed applicants.

Next up: Unit-test CGI Scripts with mod_perl2 via Plack by Nathan Gray. I sorely need to understand Plack better, as it likely has a future in my stack. Unfortunately this talk is addressing using Plack for testing existing CGI scripts, and is not enlightening me in the ways that I need.

Now Sawyer X is speaking on Asynchronous Programming FTW (“For The Win”). This is a talk about event loops, although forking and threading are similar options for parallel processing. Sawyer X prefers the AnyEvent module (there are many choices) for handling event loops, due to its slim interface (as opposed to POE, which requires more lines of code to do the same thing). Hmmm… there is also an AnyEvent::XMLRPC which I could possibly use. I’ve never really considered that my XMLRPC services could be blocking, but of course they do. They’re just so darn fast in general that haven’t seen the need to optimize them. And I still won’t…. but I might add some benchmarking code to the services themselves to see if they ever block for as long as a second or half-second, in which case, AnyEvent::XMLRPC could come to the rescue for me. Because let’s face it: calls from to a service from different clients are going to be asynchronous by definition.

The next session for me is Inside Bokete: Tips of making web applications with Mojolicious and other components by Yusuke Wada who has traveled here form Yokohama, Japan. Mojolicious has views and controllers, but no object model (didn’t know this. My own web framework is similar in this way). He prefers DBIx::Skinny over DBIx::Class, since in Mojo you get to choose if and how to add your ORM (Object Relational Model). He also uses Carton, which is still labeled as experimental, but many of us are so desperate for a method of pinning down CPAN module versions in our applications that we just might experiment. He also uses an interesting deploy-from-git module that is very like the work I’ve been doing to deploy from Subversion. Good talk, funny guy. You have to respect all the people here for whom English is not a first language. Coding is challenging enough, imagine if all the keywords, documentation, etc. was not in English.

After lunch, Ricardo Signes, the current Perl 5 pumpking, is bringing us up to date on the language; his talk is entitled Perl 5: Postcards from the Edge. Something soon to come in a Perl 5 release sounds like a great idea: lexical subroutines. In other words, you can do

my sub foo {}
or
our sub foo {}
and scope the availability of your subroutines. Forgive me if I’ve gotten this wrong, because I’m no Java guy, but I believe this is roughly the feature you get with
public
vs.
private
vs.
protected
etc., when you are defining a Java class. Please feel to correct me in the comments because it’s likely these things are not 100% analogous.

Now Joe Axford is giving his Notes From A Newbie. It’s always impressive when a newbie looks to be about 20 years my senior… learning is a lifelong pursuit! What a positive and energetic dude. I aspire.

Now I’ve somewhat accidentally landed in Perl 6 Debugger Highlights, from Jonathan Worthington, which will likely be several meters over my head. But that’s ok. Just by looking up to try and see these things, I tend to get a little smarter. [... much interactive debugging on Perl 6 with jokes I wish I understood from Larry and Patrick in between ...] These guys are smoking my neurons. Yowza.

Day 4 and Day 5

I will not be blogging days 4 and 5, as I am in a class entitled Web and Mobile Development Using Perl, HTML5, CSS3, and JavaScript, taught by Gabor Szabo.

jQuery is(), not(), and ! is()

jQuery lovers: this little distinction got me this morning, even though I should know it already. I’d explain it here, but the linked article does a fine job.

Addendum: is it still worth using a JS abstraction library like jQuery? Yes.

Help! I’m on OS X and My Mouse Won’t Work!

I am writing this post in hopes that the next poor Google searcher… if they can search at all… finds the solution quicker than I did. Sure, it only took me about a half hour, but that’s a lifetime these days.

So my mouse stops working on the MacBook Pro. Oh, I can move it around alright. I can move it around all day and night. I just can’t frakking click. The left-click won’t work but the right-click (I have a two button Bluetooth mouse) will. It’s amazing how quickly one realizes that Right Click isn’t fit to iron Left Click’s pants in the morning, when Left Click isn’t working.

OK. This is just something wrong with that Bluetooth mouse, right? So I try the trackpad. Same behavior… I can move that cursor around wherever I like, but clicking is futile. If you think this won’t make a grown man cry, you weren’t in my basement tonight.

Luckily, my keyboard still worked. So with a little ALT-TAB I could get into my browser, tab around to the location field (thanks Chrome!) and do a Google search on this shiz.

Lots of talk about Bluetooth devices… Bluetooth devices in the next room, Bluetooth devices in the work bag, Bluetooth devices leaning up against stuff with their buttons getting pushed.

Makes sense. So I turn off the power on my Bluetooth mouse. No difference. I yank the USB piece that talks to Bluetooth mouse. No difference… trackpad still produces barren clicks. So I yank every peripheral I have connected…. firewire hard drives, USB hub, audio system, second display. NO DIFFERENCE. A ZOMBIE IS LIVING IN MY MAC AND FEEDING ON ITS LEFT CLICK LIKE BRAINS.

The solution I finally arrived at after more searching, thank you keyboard I love you, was to disable Bluetooth entirely at the command line. This is the same thing as unchecking ‘On’ in System Preferences -> Bluetooth, but trying doing THAT with Left Click pacing the picket line.

COMMAND-SPACE got me into Spotlight, where I typed “Terminal”, arrowed down and hit ENTER. Now at the command line, I typed:

sudo defaults write /Library/Preferences/com.apple.Bluetooth “ControllerPowerState” -bool FALSE

That turned Bluetooth OFF… sort of. That turns the preference off, but to kill any existing Bluetooth connections dead, a little more magic is required:

sudo killall -SIGHUP blued

And with that: my trackpad was restored to normal. I’m pretty happy with my trackpad at this very moment, but I’m sure I’ll start using Bluetooth devices again… with the above experience in the back of my mind.

Q: How Many Developers Does It Take To Screw In A Light Bulb?

A: However many are needed to program the new Philips iOS SDK for light bulbs…

Happy Birthday, Perl

The Perl programming language turns 25 today. Little did I know when I was 12 years old that I would learn a language being birthed at that moment, and pursue a career in speaking it.

Here is a tribute to / history of Perl’s first 25 years.

Long live!

Reports from OSCON 2012

Day 1

git

It is Monday morning, and I am attending a(nother) tutorial on git (Get Better at Git). I am fully convinced that git is a better tool than Subversion at this point; I am also convinced it’s harder to fully understand and use. How these things can both be true speaks to the complexity of managing source code. It’s pretty clear that in a highly collaborative project, git is the way to go. That isn’t to say there aren’t thousands of projects using Subversion successfully, but, mastery of git would certainly reduce the pain in reaching the same success.

But mastery of git takes time. Fluency takes time. It occurs to me that the quickest path to fluency is immersion, and taking one or two classes on git does not immersion make. I do long, at times, to work in a hardcore dev shop to become fluent in git… just as I long, yet more often, to live in Quebec City or Paris and become fluent in French.

Moose

My Monday afternoon session is on Moose, the most popular set of modules that extends Perl’s object support. As with git, I won’t write all my technical notes here… I’m just going to soak it in. Immerse myself as it were for the three hours I’ll have.

Okay I lied. I am already sort of liking Moose. When defining an object, you can label its attributes (think ‘values’) as ‘ro’ (read-only) or ‘rw’ (guess), make any of them required, and strongly type them. This is really fantastic. Honestly, I am often fairly lazy on the server side when it comes to validation, having already done the work on the client end in Javascript to try and assure the right values come in. But the client side is not completely in a developer’s controlling hands, so, it cannot be relied upon. Granted, Moose will crash your program if your constraints are violated, but I’d rather crash in such event than enter into an unexpected state.

I’m tempted to rejigger my Remedy and Pinnacle modules to use Moose, but I sort of hope I can get away with Moose::Lite. Performance won’t be much of an issue running atop FastCGI, but the dependency tree for Moose proper is massive, and I don’t want to acquire that much baggage quite yet.

But dang, Moose is neat. I love the concept of ‘advise’. This is a kind of flow control in object land. You can define what happens ‘before’ or ‘after’ a method is run, or even wrap a method with ‘around’ if you need access to its internals. The best analogy I can make is probably applicable to object orientation in general… it’s like stuffing your money deeper in your pocket so it has less chance of falling out. Substitue ‘logic’ for ‘money’.

When you have a class that inherits from more than one, it is called ‘diamond’ or ‘multiple inheritance’. It’s dodgy and error prone. Moose solves this with the concept of ‘roles’. I’m trying to wrap my mind around this, but it seems as though a role is a kind of validation for the relationship between classes. Ah: it enables horizontal code reuse (roles and classes) rather than strictly vertical (classes and sub-classes). Apparently, using roles in Moose is far more common than subclassing at all.

Moose finally broke my mind this afternoon. Much of this I’d need to work with to begin to understand.

Day 2

Modern Perl

Tuesday morning and I am pleased to be attending New Features of the Modern Perls by Damian Conway. Damian’s talks are worth the price of admission in themselves and everything else is gravy.

Something I did not know: when upgrading from 5.8, any XS modules you use need to be recompiled for any new version of Perl you move to. Damian is making a plea for Perl developers to upgrade, commenting that the Perl community will only be supporting the latest release and the previous two releases… meaning, security updates only for older versions of Perl. This means if you encounter an obscure, non-security related bug in an older version of Perl, it may not get fixed, and more importantly, module authors will be requiring more recent versions of Perl and the CPAN will move past you. He recommends targeting 5.14 at this time.

Interestingly, to preserve backward compatibility, you must enable new features explicitly in Perl versions starting with 5.10. This is to prevent new keywords from accidentally clashing with user subroutine names. But if you’re ready to move forward, you can enable all features in addition to requiring a minimum version of Perl simply with:

use v5.14

Now he’s making me want to upgrade just to use say (which is print with an implicit newline). Also, smartmatching (the new ~~ operator) is brilliant, a feature Damian invented for Perl. Another double-character operator added to recent Perls is //, the defined-or operator, which is better for setting default values (as below) than using ||, because || tests for true/false, not defined-ness.

my $number = $number // 42;

The above case would assign $number a value of 0 if it had started off that way, whereas using || would have seen a 0 as false and assigned $number the 42.

Damian on Moose: “It annoys me just enough so that I don’t want to use it.” Now, he also has a lot to say in favor of Moose, but mostly complains of the startup time and isn’t crazy about the declaration syntax.

Another very cool feature in recent Perls is named captures out of regexes… numbered captures are too easy to get wrong. Think using named parameters to pass to subroutines instead of an order-dependent array. It’s just better.

jQuery Mobile

My Tuesday afternoon session is on jQuery Mobile. It’s safe to assume that I’ll be building some mobile apps in the coming decade, and this is one of my likely tools. If I remain at the University during that time, jQuery Mobile is a *more* likely platform than native applications targeted to iOS, Android or some other emerging mobile OS. That is, unless successful alum donate a native apps development budget. But that wouldn’t be the best use of money, would it?

I’ve been following the jQuery projects (core, jQueryUI, and now jQuery Mobile) pretty closely for the past few years, and now load core and UI by default in my webstuff. Bring mobile into the mix is the logical next step. I already have an idea of the app I want to write… but have a ton of backend work to complete before I get proper access to the data I need. I suppose that shouldn’t stop me from prototyping the front end… in my free time (stop laughing).

Day 3

Day 3 begins the shorter sessions of the conference proper, following the keynotes. They had the mayor this year, who proclaimed Portland an ‘open source city’, and who made some funny jokes. There were some other semi-inspiring appearances amongst the keynotes, but as I decided to watch instead of type, I don’t have the time to relay these now.

Perl 5 Today, Tomorrow and Christmas is the first session I am attending this morning. Ricardo Signes is the current Perl 5 project lead (Pumpking), so you might call him a reliable source on the subject. He was also the guy who presented on Moose a couple days ago.

This is mostly a talk about the challenges in managing the Perl project, most of which (surprise!) are human in nature. Apparently the p5p (Perl 5 Porters) mailing list is a great place to get into an argument but not always a great place for a Pumpking to spend his days. There is a lot of talk at these conferences about ‘getting along’ in open source communities. Now he’s making an analogy I’ve often thought of, that of software coming about via ‘intelligent evolution’… a mix between intelligent design and evolution.

Next up, Programming In The Future, a look at how the craft might evolve in the next 25 years through the lens of how Perl has evolved over the past 25. This turned out to be a nit of a meandering talk, but included an interesting history of the most significant moments in Perl history, 1987 to present. It’s hard to imagine you couldn’t write a Perl module until 1994. Now he’s talking about parallel and functional programming, two somewhat advanced programming tasks that people seem to imagine becoming easier in the future, and some examples of how we do these things in Perl today.

Another yummy lunch, this one thanks to Google, and now I am in Test Driven UI Development. This is a very challenging endeavor. This talk centers on a toolset from the Java/Groovy world, but which could be applied to other platforms. I must say though: I cannot watch much of this test-driven development stuff without being secretly glad I don’t do it. I just seems like another codebase to maintain, which itself would always be breaking, perhaps saving me an error here or there, but which would in general dilute my productivity. It is interesting to see the speaker write the test before he writes the HTML for a simple form, though, complete with human readable comments… all very nice documentation. The notion of ‘testable code’ is about being able to select the elements in the DOM that you need to test, so, jQuery-like, you may be adding ids, but in this case, perhaps only to select them in the test suite. Dear me. The speaker discourages uses CSS classes as selectors in your test suite, because you may have front end developers mucking with class names. He mentions testing AJAX can be tricky, which I would have guessed, but that you can access return methods with jQuery and similar in order to check success in many cases.

To finish off the day, I’m attending The Conway Channel, another Damian Conway talk. Entertaining as expected, and I immediately went to play with IO::Prompter and Lingua::EN::Inflect, two of the modules he has updated this year. However IO::Prompter required Perl 5.10+, so… heck, why have I been putting off trying Perlbrew so I can run any version of Perl that I want? Now building and compiling 5.14.2. :)

Day 4

Thursday morning and I had been planning to attend this EFF session, but it was full. So I walked around the Expo Hall, checked out the booths, grabbed some stickers and pens, that kind of stuff.

Next up is the long awaited Taming Perl Regexes, another Damian Conway talk, in which he will is launching a tool called ‘rxrx’ that he had hinted at in the video he sent to YAPC::NA. It’s an incredible debugger for regular expressions, installable from CPAN as Regexp::Debugger. I will try to post a short screen cap of this tool at work once I get it installed.

I’m starting my afternoon with Advanced MySQL Replication Architectures, presented by some Oracle guys. So far this is high-level view of different replication architectures; I was hoping for a little how-to with some commands. Oh well, sometimes you hit a session that isn’t what you’re looking for.

Next up is Cooking Perl with Chef, which I have high hopes for. Having used Perlbrew for the first time today, I am feeling bold about tossing Perl itself around. Here are the problems and their solutions as presented:

  • application-specific Perl: Perlbrew
  • application-specific @INC Path: local::lib
  • versioned application code: git, SVN, etc.
  • versioned module dependencies: Carton
  • automate the previous four: Chef (scripted using Ruby)

Chef usually requires a server of its own, but if you want to save on that overhead and only have a handful of nodes to deploy to, you can use Chef Solo. Still, I think Chef would be the last piece I’d add to this puzzle, if at all, considering that I already have a scripted deployment routine that is beginning to pull all the same levers and push the same buttons. But adding Perlbrew and Carton (which leverages local::lib) are musts. Hopefully I’ll be deploying with those within a year. We’ll see!

These last session I am attending today is What Every Web Developer Should Know About Database Optimization. This was largely review for me, but I did get a reminder that occasionally JOIN order could be important, and oddly enough, yet another warning about ORMs. Object Relational Mappers can be hell on your database, especially if you don’t give the proper cues, similar to how you’d optimize SQL, just not directly. Explain to me why I want to use an ORM, again? (I know, I know…)

At 7pm (PST of course) is Larry Wall’s State of the Onion address, the official update on Perl’s present and future, but I’m whupped.

Day 5

I skipped the keynotes this morning in favor of a long breakfast. This last day is a half day of sessions.

The first for me is another database session: Optimizing MySQL Configuration. Thus far we’re getting a list of optimizations not to try. The

mysqltuner
utility sounds worth trying out. Here’s an interesting recommendation: set skip_name_resolve to 1 and don’t use hostnames in GRANTs. It makes sense that skipping name lookups would increase performance a tad, but, it also increases your administrative overhead in maintaining IP addresses in GRANTs, since IPs change more often than names. Now we are going over the million and one configuration variables available to change in MySQL, many of which are MyISAM or InnoDB dependent (this had me detouring to a storage engine comparison since I have been using MyISAM all this time).

I don’t think I’d like to be the steward of a large database that was always needing tuning. It seems so fiddly.

Next up, some attention to the front end of things after dwelling on the back end for while: Designing HTML5 Components. Okay, this was not what I expected at all. He is using a Java framework called Vaadin (the Finnish word for ‘reindeer’) and the goal is apparently to create reusable web components. This is really yet another web framework, this one from Java land, and by reusable he means, reusable in this particular framework’s ecosystem. You write in Java, and it compiles some Javascript for each of your target browsers. Pretty slick, but you’ve got to go ‘all in’ to get the bennies.

The last session I am attending this OSCON is Instantly Better Vim. Another Damian Conway talk, a longer version of which I’ve previously attended, but let’s face it… I still haven’t adopted most of the Vim tricks he taught me the first time, and I could use a refresher.

Wow… by the end of this conference, word has gotten around about Damian’s talks. He is just too entertaining to miss. They had to get a second room and pull out the wall to accomodate his final talk. And as usual he sent me away wanting to try some Vim tricks right away.

Well, that was my OSCON 2012. As usual, a very well organized event, chock full of learning and networking opportunities, jobs for those that want them, and generalized geeky inspiration. I often find myself back in the hotel room coding, or tucked away somewhere in the conference hall, slowly exploring some of the new ideas I’ve been exposed to. Thanks to UNH for my funding.

Reports from YAPC::NA 2012

Since 2007, I have followed the Perl community to Houston, Pittsburgh, Asheville NC, and today: Madison, WI. This is YAPC::NA, Yet Another Perl Conference, North America, and as usual I will try my best to “live blog” it for posterity.

This year, though, there is a yet higher res option available to you: the entire event will be live streamed. Rock on. There’s no substitue for being here, but the streams should be a close second.

UPDATE (6/25): They are now posting the presentation videos, in retrospect, on YouTube.

The first two days of the conference are ‘hackathon’ days; those working on open source projects together presumably do this, while others take the opportunity to socialize, work on work-work, and genrally begin to get their geek on in the company of like-minded free software folk.

Below the break, live-ish blogging. No auto-refresh; that’s on you. :)

You may also enjoy a few pictures I took of scenes I saw in Madison.

a scene from Madison, WI
——-
Day 3 (regular sessions)

9:11pm: The conference is now over, but I just had great Hibachi at a Japanese restaurant on Madison’s State Street, complete with preparation performance and fire. Best meal I’ve had in recent memory.

5:11pm: Larry Time was a question and answer session, which turned out to be just as rewarding as a prepared speech. Larry is brilliant in a very interdisciplinary way… which may be redundant, considering brilliance might be something about integrating disparate ideas. But it strikes me that Larry Wall’s approach to designing Perl has been integral to its success, in that, he made it capable of great things while maintaining an easy, unintimidating on-ramp for newbies. This was evident in one his responses to a computer science guy, whose question I won’t embarrass myself by paraphrasing.

Following Larry was Damian Conway, who sent a prepared video in his absence. He is working on an amazing tool called rxrx (regular expression diagnostics– the name itself is genius) which actually shows you, visually, Perl’s thinking process as it attempts to match a string you provide with a regex you provide. This is nothing short of magick, and he hopes to release it by OSCON next month.

3:24pm: At long last… it’s Larry Time.

2:24pm: Time for Web Security 101. Please don’t be totally scared; I do know a little about the subject. But if you’re doing this stuff professionally, you can never attend too many ’101′ sessions on security. A tidbit you might have missed just may be shared.

I am going to bullet point these tidbits today, as many as I can keep up with:

  • whitelist inputs, don’t blacklist
  • no easy solutions. Security is everywhere.
  • Perl has an excellent security track record, but know your tools. PHP, really, does not. (conference bias? not really)
  • FILE::SPEC->no_upwards($path) to scrub input to be used for system commands. Nice. Taint mode won’t catch this on its own, it’ll just force you to have a look at the inputs in question. This one is going on the to-do.
  • Bind variables to prevent SQL injections. Check.
  • Interesting, you cannot leverage bind variables with LIMIT (a MySQL-ism), but since LIMIT value must be a number, this is be easy enough to sanitize on your own.
  • Wow. Paul Fenwick just picked out a potential security exploit in a code example, involving the possibility of a list coming in from CGI as opposed to a single value on a param. I bow now.
  • Now, XSS. Escape HTML characters on output, but not necessarily when storing it. Never output user-entered event handling, etc.
  • CSRF. Block important actions that don’t come from HTTP-REFERER that is you. Not always possible because sometimes you actually wan to support remote actions. You can also use per-user-request tokens which can help block CSRF attacks, but there is a tradeoff on how long these should be valid for.
  • DOS. Denyhosts and such at the host level, but stopping DOS at the network level is more effective.
  • DDOS. There are appliances as well as services that can help detect distributed denial of service, because this is hard. The services will often be aware of known botnets, which can be handy.
  • Buffer overflows. Use vetted, open software if it is written in C. Write your own C at your own peril, if it is internet exposed.
  • Salted hashes and rainbow tables. LinkedIN, we’re looking at you. Crypt::PBKDF2 does automatic salting and multiple iterations. That’s going on the to-do. A bit of discussion on the pain in converting to new encryption, considering you can’t revere engineer even your older, weaker hashes.
  • Avoid leaking information through error messages (especially in production). Bill Costa handles this nicely in a module of his that I use. Thanks Bill.

Great security war story was just told, about using mod_rewrite to reflect DDOS attacks back on the attackers.

Talk is over. Well worth attending. I got two to-do’s out of this. Worth the price of the conference alone.

1:38pm: I am now in The Lacuna Expanse. Well, not literally, because that is in a galaxy far, far away. How cool is this. A massive, multiplayer game written in Perl. They have a web client, a desktop client, an iPhone client, and a command line client. Said ‘wow’ yet?

Without sharing everything we learned about the stack this game is built on, I have to observe: games are among the more impressive technological achievements in programming. Really. Most completely wipe the floor with any business app I’ve ever seen. I guess (coding) time flies when you’re having (even more) fun.

11:30am: Next up, Baby XS To Get You Started. XS is the way to write a Perl module that is actually much faster C code. CSV_XS, mentioned below, is one of these. This is interesting because, within XS, you are not locked into pure C. You can leverage many of Perl’s niceties, you just have to use the ‘perlguts’ functions, which are not by the same names as Perl’s userspace keyword functions, but provide that same support.

XS is definitely advanced stuff, but if your journeys in Devel::NYTProf reveal a bottleneck that is Perl itself, converting that code to XS may be an option to speed things up. Inline::C actually loads XS support and dynamically links it, so you throw around C code in your scripts at will, should you be so incline… of course, in that case, you are not building a module, you’re writing one-offs.

11:10am: I am currently attending Refactoring Perl Code. He begins with the risk/benefit analysis of doing so, and the importance of a test suite if you are refactoring a large codebase. The perils of global replace are now being mentioned, such as when changing variable names.

9:55am: Now: Introduction to Performance Tuning Perl Web Applications. This could prove interesting, since my only true adventures in performance tuning involved implementing FastCGI and rewriting some narsty SQL statements. Yes, that’s ‘narsty’, as ‘nasty’ does no justice to some of the sub-selects I have attempted.

As might be expected, Devel::NYTProf has a big place in this talk, as this module has been “the only game in town” for some years now. I don’t use it yet, because I mostly support *relatively* low traffic, internally used applications.

The speaker got a good chuckle out of the crowd with this one: “Now that you have this awesome Perl profiling tool… ” Next slide: IT’S PROBABLY YOUR DATABASE. Oh so true. SQL can be narsty. He recommends pt-query-advisor for MySQL, part of the Percona toolkit. He is also mentioning having to escape your ORM (object-relational mapper) in many cases, due to performance issues, which I’m sure I have mentioned before is one of my reasons for still having avoided ORMs.

DBI tip: for large numbers of inserts and updates, managing your db commits can speed you up immensely. That is, if things like LOAD_INFILE or CSV_XS aren’t options. Those will always be faster.

He is now addressing caching, which will make your code more complex, because you have to track your data dependencies and invalidate portions of the cache in order to pick up changes… lordy lord, please don’t let performance issues ever lead me down this path. If they do however, the speaker is recommending the CHI module from CPAN to help manage this stuff.

Now, the requisite mentions of the persistent daemon environments: FastCGI, mod_perl, and Plack. Implementing FastCGI was definitely of the best decisions I ever made. Snappety snap snap page loads. Yum. I can still remember my initial joy over whatever X-Mas break I did that on.

“A boatload of RAM hides a multitude of sins.” SSDs, too. Of course, you need to know where your bottleneck is in order to throw the right hardware at it.

9:00am: After falling off the blogging wagon yesterday, here I am again to report on the final day of what has been (yet!) another great Perl conference.

First up this morning: Utils Are Your Friends. The ‘Util’ family of modules is one of the oldest, comprised of things that weren’t in Perl core… some of the ‘one more thing’ features. Perl core since 5.10 actually does contain features previously only support by Util modules, but Util still does many things that core does not.

Some extended discussion of inside-out classes now. Apparently Scalar::Util provides the tools to make this more possible. Using inside-out classes has something to do with a module author wanting to better protect the data stored in an object. The concept was invented (in Perl) by DBI author Tim Bunce.

Wow: This does not work (in all cases):

# check for number
if ( $var =~ m/^\d+/ ) {

… there is actually a Scalar::Util function to do this for you in a more reliable and way more readable way:

# really check for a number, in all exotic cases (avoiding 'false' positives)
if ( looks_like_number($var) ) {

There is also ‘set_prototype’ which allows you to override a sub’s prototype. The speaker calls into question if prototypes are even a good idea. Being able to override them makes the idea seem worse. But I’m going to admit right here that I still don’t completely grasp the pros and cons of this. I have yet to use prototypes myself.

a scene from Madison, WI

Day 2 (regular sessions)

6:10pm: Blogging lapsed today, as I lapsed into some work that needed to be done. See you tomorrow.

11:50am: Okay, it was entirely review. But that’s ok, since I can barely focus my eyes at this point. Time for a much needed lunch break.

11:23am: And now, Intro To Writing Perl Documentation. I already know me some POD (Perl’s ‘Plain Old Documentation’ markup), but this won’t be entirely review.

11:11am: PhoneGap is a nice cross-platform, HTML5 platform. Not quite as fast or feature-complete as native development, but pretty good. This is almost certainly the way I’d go. I’d never have time for native mobile app development in my current role. Neat little demo of using an Android API key and a small Perl script to send an alert to the phone. Android and iOS do this quite similarly, we are told.

11:00am: Next up, Perl, Mobile App. Glue. Despite being smartphone-free myself, I’d love to mess with mobile apps and increase the joy of others. The Perl is essentially for web services, regarding phone apps. Perl will only run on jailbroken phones.

“PHP is Perl’s ugly, fat sister”. Ouch! (May be worth pointing out that ‘fat’ is not used spuriously, but refers to a rather bloated function namespace in the PHP language.)

He’s lapsing a bit into mobile app marketing right now.

10:57am: git will definitely be a commitment to learn, and is a fairly big paradigm shift from centralized version control systems like Subversion (SVN). Great talk though… I am certainly closer to Grokville than I was before. Maybe I can spend some time on #git IRC and hitchhike into town.

10:18am: It was a late one at the club last night, so the man snoring loudly in this git presentation will be forgiven. :)

8:57am: Git: a brief introduction is the first session I will be attending this morning. As an SVN user, I am already behind the times. Still, I’ve met quite a few folks still on SVN here. As Randal commented last night however, “those who swear by SVN, swear at SVN”. True, true.

I’ll be trying pretty hard to absorb the information at this talk, similar to yesterday’s CPAN talk, so I’m not sure how much will be written here about it.

a scene from Madison, WI

Day 1 (regular sessions)

4:26pm: CPAN session done. That was quite a brain dump, and I mostly kept up. Am I an expert CPAN uploader yet? Not quite. But this is a great head start. I thanked Brian for the session and told him it really ought to be standard at every Perl conference. Facility with CPAN is definitely a barrier to entry for contributing.

2:31pm: Brian d Foy is now giving a hands-on CPAN authors class. I may not be blogging this much, but doing what he says instead.

1:33pm: Lunch has been had, after which I got caught up in work-work for a bit. This is pretty common for programmers here, as the world doesn’t stop for conferences.

So, I am coming in late to 29 Ways To Get Started In open Source Today. The speaker, Andy Lester, the speaker, has written quite a bit on this topic, on his blog. He is also the author of ack among other things, and the maintainer of Perlbuzz blog. He preaches how low the bar to open source contribution is, including simply submitting bug reports, doing translations, adding to existing bug reports, closing tickets, and the like.

11:31am: I am now at a session entitled The Perl from Ipanema. I am here as an Antonio Carlos Jobim fan. Only partially kidding, there. And no, I am not intentionally avoiding the more technical sessions, it’s just happening that way so far.

I’ve long noticed that Latin America is huge on open source adoption and contribution. Brasil (do English speakers really need to use a ‘z’?) is no exception. It’s the 5th largest country in the world, and the 6th biggest economy (and rising).

And now, to Perl. The language’s usage growth in Brasil has mirrored its growth elsewhere… originally a tool reached for primarily by sysadmins, and a strong presence in biochemical research. There are 13 Perl Monger groups in the country now, and growing (3 new groups this year).

‘Only’ 24% of Brasilians in IT speak any English at all, and that’s often very little. Spoken language can certainly be a barrier when trying to work in a common computer language. The speaker’s English is impeccable though.

They give free courses in Perl at universities in Brasil. Not sure how common this is, but as a fellow American pointed out, we don’t do that here.

11:02am: Next up: There’s More Than One Way To Run A Project: The Apache Way. This talk relates to some of the points in the keynote, specifically that dictatorship is not the only way. The Apache Software Foundation actually shepherds many more projects than just the Apache web server. They take of legal issues, project trademarks, marketing, project governance, and the like. In short, the Apache Foundation provides at least one model for how to effectively run a large open source effort.

Amongst all Apache Foundation-governed projects (current count, 102), the average contribution rate is about 1 commit (to version control) every 4 minutes. Pretty impressive activity there. Subversion itself is an Apache project.

Companies and organizations may donate, but they may not join. Every member of the Apache Software Foundation is an individual.

10:33am: The first session I am attending is Get More Out Of Your Meetings. This is a collection of suggestions for keeping meetings swift and productive… running them almost like lightning talks (30-60 seconds per team lead, timed, for a daily update meeting). Cancel if you need to, don’t be shy. Don’t be late. Most of the suggestions seem obvious, yet, they bear reminding. I think we all continue to waste quite a bit of time at meetings.

9:29am: Now Michael Schwern, with the keynote. He takes the podium to the tune of the Star Wars theme. He’s focusing on the gender gap in the Perl community, and in open source. Other gaps, too… but gender being perhaps the most obvious. He suggests that there are more ‘Michaels’ here than women. Funny, but likely true. He’s doing a pretty good job of alternating the seriousness of the topic with jokes. He’s now comparing Kirk and Picard, and how the world has changed between generations of Star Trek. There is rarely a second to forget that we are at a geek conference here. :)

“Perl has become an aristocracy.” CPAN module maintenance is done by dictators, who pass the baton to the next dictators. Schwern prefers a meritocracy, despite being one of those dictators. Picards (meetings, collaboration, merit) are better than Kirks (mavericks).

I hope some folks are live streaming this. I can do it no justice. Schwern is funny, on point and brilliant. Handles metaphor deftly.

9:23am: Now Karen Pauley, Perl Foundation President.

“There are very few people in the world capable of working on the Perl 5 core.” I’d believe that. That’s a lot of C. That’s a lot of backward compatibility.

9:17am: Beer on the roof of the Pyle Center tonight, sponsored by Linode. Game Night and MST3K-style Movies tomorrow, sponsored by Cpanel.

9:05am: We’re getting started. Time to thank some sponsors (more than ever it seems?). JT Smith tells us that YAPC::NA has sold out this year, as YAPC::Asia does every year, apparently. There are 446 people here. I again have YAPC staff-shirt envy, as it is a mix of the Grateful Dead / Perl Onion logo.

They have cool raffles going this year, to raise money for The Perl Foundation. I put in $5 for a chance at ‘Lunch with Larry (Wall)’. Wish me luck!

a scene from Madison, WI

Website Accessibility

Paul Irish tends to say smart things; he does it again when considering web content accessibility.

As he concludes, accessibility shouldn’t be an opt-in proposition, it should be opt-out, if anything. Browsers should have better accessibility built in; wouldn’t the world be a better place if accessible renderings were more often the default?

Panorama theme by Themocracy