New numbers to serve as a reminder than more than 1 in 3 users are NOT using Internet Explorer at this point. And climbing.

As a coda to Cyber Security Month in October, UNH IT (like the ring of that?) will be hosting a Web Security Jam on November 18th at 2pm (at an undisclosed location)… a bring-your-own-jelly gathering of developers, sys admins and anyone else interested in modern web security topics. As always, we learn fastest and best from each other.

UNH faculty and staff are welcome and are asked to email me for an invitation. That’s right, please use that link and invite yourself by mailing me. We’d like to know how many people plan to show up and I also want the chance to personally harass you into also presenting. We would love you to share any tiny nugget of wisdom you have on keeping websites and applications secure. We also want to make sure you are a UNH employee to attend this sensitive event, at which you’ll be frisked. Kidding on the frisking.

We will however announce the location of this event by mail to those of you who invite yourselves. Please let me know if you have any questions. Last year we heard about SQL injection, cross-site scripting, security-focused code reviews and other topics. Let’s see where it goes this year.

Some 6 years ago, I left my job as a UNIX application admin at a Major Insurance Provider. I had spent some years there policing development, test and production environments for large groups of programmers, build managers, quality assurance engineers, and users. The platforms were AIX and Solaris, but that’s irrelevant.

A good portion of that time was Hell.

It turns out that living in a busy intersection of computers and power users is like being a traffic cop without a uniform. Half of these people will run you over by accident and the other half will run you over on purpose. They all know enough to be dangerous and many of them know far more than the cops. And they all have the purest of intentions, not to mention deadlines to meet.

Recently I was assigned WordPress admin duties here and set up test and production environments for our designers and editors. Somewhere along the way I forgot how challenging it can be to support power users in their quest to make increasingly cool stuff while not breaking things. I’m even quoted in an email somewhere boasting how ‘darn easy’ WordPress is to administrate. Silly boy! That may be true when you run a single environment blog site, but not so much when you have a creative team trying out various themes and plugins, FTPing everything but the kitchen sink to the servers, and generally exercising their Freedom to Compute across multiple environments. Who can blame them? That’s the job of a creative team.

Without a formal quality assurance department here (hope that’s not a shop secret), admins also become testers and de facto change managers on top of being command line jocks (or on the Windows side, find-the-well-hidden-checkbox jocks). This is a lot to shoulder. Managers here juggle such a number of initiatives and services that they need to operate at a higher level much of the time, and trust their teams… teams which are far leaner than in larger IT shops.

Change management is all about environmental protection. Keep production as sacred as possible without killing productivity. Provide enough freedom in development and test environments not to shackle designers and developers. Keep everyone in the ecosystem informed and happy. Everything old is new again for me, and although I am having occasional flashbacks to Hell, at least I have a small notion of how to stay above the flames.

But ‘darn easy’ it isn’t, and never was.

Chapter 1 of my adventure with the Remedy team is already proving fun…

My first task is to provide a report to Jim Sabol on CSC turnaround times, in terms of business hours, on Remedy cases that often span days… and the need to exclude after-hours, weekends, holidays and other office-closed days in the tally of hours. Bryan had tackled this problem at one point in VB, but a reusable Perl solution was desirable for both Remedy reporting and other applications that need to be business-day-aware (such as our SLA ‘Contracts’ app).

As usual I didn’t regret asking Paul Sand if he had ever needed a similar solution and he pointed me to the awesome Date::Manip module on CPAN. This module can be given a config file wherein you define the hours of your organization’s work day, holidays and other office-closed days, etc., after which much of the heavy lifting of getting deltas (time differences between two given dates) is done for you.

As a means of including an always-fresh UNH specific config file in a distribution, I created the config file and a UNH::Cal package and committed them to Subversion. The UNH::Cal package itself is somewhat superfluous, as Date::Manip could be called directly, but by wrapping it in UNH::Cal I can make calls that are (perhaps more verbose than bare Date::Manip function calls, but) to me, self-documenting:

$date = UNH::Cal::Date_NextWorkDay($date,$off [,$time]);

I included some POD documentation for this little wrapper module called UNH::Cal.

Feedback welcome!

Every single time I try to implement file uploads via the web, I forget the ‘enctype’ attribute that needs to be in the form tag in the HTML:

<form enctype="multipart/form-data" method="post" action="/path_to/my_script">

If you forget that like I do, your server side program will receive the filepath information from the ‘file’ input on the form…

<input type="file" name="attachment">

… but it won’t receive the file data itself. I struggle with this every time, thinking something is wrong with the code on server, until it dawns on me. I’m really just writing it here in hopes I never, ever forget again.

To complicate matters, Perl’s CGI module accepts the parameter from the form…

my $attachment = $cgiobject->param('attachment');

…with both values, the file path and the file data itself, stuffed into the same variable (here called $attachment), which coughs you up the file path when used in scalar context…

# prints the local filepath the file was uploaded from
print $attachment;

…and the file data when used in a filehandle context. Here is the piece where I save the file data to a directory on server:

open (UPLOADFILE, "> attachments/$final_filename") or die "$!";
binmode UPLOADFILE;
while(<$attachment>) {
     print UPLOADFILE;
}

Notice we are still just referencing that same $attachment variable which was grabbed from the CGI input. This is hard to wrap your head around at first and frankly I’m not even sure how this magic is accomplished. A scalar variable with two values depending on context is whacky, but it does work.

Notes from Yet Another Perl Conference:: North America, in Pittsburgh.

3:03 pm: Lightning talks have concluded. Some closing words at this point from various folks and organizers, and feedback from attendees. It seems the 8am sessions were poorly attended, so next year they’ll likely start at 9am. Good call.

Well, it’s mostly a wrap. Thanks for reading.

2:35 pm: Matt Trout is pushing Perl evangelism via blogging about it. Rousing lighting talk. Consider it done, Matt.

2:29 pm: Todd Olson is talking about the value of sunshine and supplementing with vitamin D3 if you live in the northern hemisphere. He’s addressed his own deficiencies in this way. Nothing to do with Perl but I have the urge to get out of this dark auditorium and into the sun.

2:18 pm: a slide of Joe Camel, cigarette hanging from the side of his mouth, with the word “Perl” underneath. Next slide: “Hook ‘em while they’re young.” Hilarious. This guy is evangelizing Perl over verbose languages like Java, especially in regards to introducing young people to programming.

2:11 pm: now a plea from one of the p5p (Perl 5 Porters) guys to submit documentation and other patches, which he will handle and protect the pumpkings from. Obviously there’s some stovepiping in the community but it doesn’t seem all that bad.

1:58 pm: there’s a guy talking about programming a serial device over telnet, to which he has attached an LED which is now blinking whatever he chooses to type in Morse code. Cute. I’d love to do hardware stuff.

1:30 pm: Yes, the lighting talks are going way too fast for me to cover. There was just an interesting one about Perl support in vim. It’s funny when the 1-minute bell rings and the speakers start to stutter through the last 60 seconds.

12:51pm: The afternoon will close out the conference with lightning talks. This would translate into lightning typing if I didn’t feel groggy from lunch. Results may vary.

11:25 am: Actually the Enlightened Perl thing appears to be more about pure evangelism for Perl in the business community.

11:09 am: now for a talk about Enlightened Perl, a new organization concerned once again, I assume, with promoting Perl best practices.

10:46 am: now a sort of fluffy talk on how the speaker uses Perl to manage a large newsletter. This is the sort of talk that makes me think that I should maybe give a talk.

10:37 am: ok, covered the most basic saving and retrieving data from an object stuff. I suppose I could do this by hand or maybe I should look into DBIx::Class after all. I’m just not *needing* objects that badly in systems of the size I write. Does anyone want to convince me otherwise?

10:32 am: Leonard is somehow avoiding talking about OO thus far.

10:22 am: now a session on OO Perl with Leonard Miller, one of the Frozen Perl people.

10:11 am: Duh. What I was missing was that the monitoring service is for their own application servers which you are presumably already using to host your stuff. Cloud. Right. I’m back.

10:02 am: Robin Darby is from Amazon and showing us CloudWatch which seems to be a system performance monitoring service. There are Perl modules you can use to pull the data. Seems like a lot of work when there are things like Nagios. I might be missing something.

9:54 am: waiting patiently for the session called “Perl: Cloud Glue?”.

9:37 am: I am in a session on YAML. It’s a data-centric markup language, that doesn’t really have markup. It’s sort of the Python of markup languages.

Notes from Yet Another Perl Conference:: North America, in Pittsburgh.

3:37 pm: for some reason they are running two sessions instead of three right now, meaning they are both standing room only. The guy talking about social networks is beating around the bush. Your reporter grows tired…

3:09 pm: now a talk about legacy apps. Unfortunately I am having trouble understanding the speaker, which seems almost an apt metaphor for trying to understand the code in inherited legacy apps.

2:36 pm: all in all a pretty balanced, though bawdy, talk by Matt Trout. My final impression is that Perl 5 is reaching a critical mass and we need Perl 6 sooner than later, at least if the quest for good standards is to reach any kind of fulfillment.

2:20 pm: he’s pushing Catalyst (another web application framework) now. Ah… it’s his project. It all makes sense now.

2:17 pm: now he is dissing on CGI::Application and how the plugins are a bit of a “free for all”.

2:07 pm: another meme kicked off in “The Mythical Man-Month”: Second-System Effect.

2:04 pm: Matt Trout is giving a pretty funny and philosophical talk.

1:57 pm: now attending a session entitled “Catching a ::STD” which is a pun on the Perl 6 standards doc (well actually a module) maintained by Larry.

1:51 pm: Recession alert: there are some very talented unemployed people here.

1:49 pm: I’m probably crusty or resistant, but, it seems like POE and Moose are sledgehammers for finishing nails as far as what I am needing. These things were designed with large systems in mind.

1:21 pm: now attending a session on POE::Filters.

11:31 am: second recommendation for Devel::NYTProf this conference. I think I might check this out. Project was started by the New York Times and is now maintained by Tim Bunce.

11:26 am: this is turning into a Moose session.

11:19 am: now a talk about XML::Toolkit.

11:02 am: Jim makes the point that you can’t program the office workflow without support from above. Grassroots workflow efforts don’t work. I’ve found that to be true as well– adoption needs to be forced for certain applications to work.

10:50 am: not sure that Workflow.pm is for me, I’d probably just roll my own. None of these scenarios are tough to code on their own, IMHO. Maybe I’m missing something.

10:36 am: finally, code!

10:34 am: still no code. This guy is obviously smart and coping as well as he can in some hellish corporate sweatshop. Code though? He’s probably been told not to show code in presentations by his business people.

10:26 am: Jim Brandt is being descriptive about business workflows but I want to see the code.

10:18 am: The email talk is over; onto a talk about business process management with Workflow.pm. This will either be eye opening or completely off base.

10:14 am: I wonder if I will remember this presentation after being burned by email two or three more times and finally take this guy’s advice.

10:10 am: now he’s selling me on Email::MIME::Kit. We’ll see, I guess. I am about to open the email can of worms again on the SSR application.

10:05 am: starting to fear that I shouldn’t be using Email::Send. Ricardo is selling me on Email::Sender.

9:57 am: Ricardo Signes is talking about his on and off romance with handling email as a Perl programmer. Now he is mentioning some of the common modules that are used.

9:54 am: just got out of chromatic’s standing-room-only talk on “Modern Perl”, which is an effort to make Perl 5 the best it can be. They added another talk on the topic due to the interest.

Notes from Yet Another Perl Conference:: North America, in Pittsburgh.

5:29 pm: The last session I was to attend was the least interesting (to me) of the day, and since it was standing room only, I bailed for the hotel. I was burnt anyhow. Good day though.

4:08 pm: It’s tempting to try and get mod_perl6 running on the Perl 6 server we have at UNH. I might wait though considering I have other things depending on Apache on that server– and if that ain’t broke… no need to fix it.

3:51 pm: Now it’s Jeff Horwitz on mod_perl6.

3:31 pm: Patrick’s back at it with specifics on how to contribute directly to the Rakudo Perl 6 implementation. Many Perl 6 functions are written in Perl 6 but may require optimization if they turn out slow. This seems like dressing in front of a mirror.

2:47 pm: Patrick is done with the regexes talk. Now for a break and to decide whether to stick with Patrick for the afternoon, or check out a session on command-line Perl. I’m tempted to stay with Patrick.

2:37 pm: Is this stuff happening in other languages? It seems like these new features are fast approaching the high level on which the brain itself works. So much of the work is done for you. How can a language be rated on how high-level it is compared to others?

2:22 pm: Perl 6 regexes are subroutines and can be named. They can also be used in other regexes. And by the way since I can’t type the examples as fast as I’m being shown them, Patrick’s slides will be available here soon.

2:17 pm: old and busted: =~. New hotness: ~~.

2:02 pm: on to regular expressions with Patrick.

1:52 am: starting to think Perl 6 should be classified as a performance enhancing drug for programmers. I can’t believe how terse and powerful this stuff is. They should call it Perl 7, it’s got that much more.

1:47 pm: passing parameters to Perl 6 subroutines is going to be heaven. Named parameters are optional by default but may be made to be required with an exclamation point in the subroutine signature. Yummy.

1:36 pm: Patrick Michaud is giving us a Perl 6 101. Sigils are *part* of the variable names in Perl 6. Ruby-like method syntax is really helping a lot of statements to become more concise.

11:32 am: Lunchtime. The part of the conference intended not to bust my brain has officially ended. No more keynotes.

11:30 am: Yaakov is talking about how to get involved in the Perl community.

11:20 am: Jerry Gay is reiterating the promise of using different languages within the same process on the Parrot VM.

11:13 am: Larry’s keynote, which consisted entirely of showing us Perl 6 error messages, is over. Parrot guys next.

11:09 am: old and busted: <STDIN>. New hotness: $*IN.lines

11:07 am: ’strict’ is on by default in Perl 6.

10:45 am: In Perl 6, ‘comb’ is just like ’split’, except you say what you want, not what you don’t want.

10:37 am: Larry Wall is talking about Perl 6 error messages and why it’s hard to read programmers’ minds. And how the need for sane error messages feeds into language design and vice versa.

10:30 am approx: opening keynote by Richard Dice of The Perl Foundation was mostly about budget, grants, etc. There was also a mention of how active the European and Russian Perl communities are, and a new Perl org in Japan.

This blog is now running WordPress 2.8. WordPress is on fire right now, I am seeing requests for it from everywhere. I’ve been using it for my own personal blog since 2005; I ought to upgrade that one too, one of these centuries (!).

I’m adding RSS widgets to our sidebar so we can pull in relevant geek content. Please let me know if there’s a feed you’d like to see displayed here.

Perl is used extensively at UNH in both research and operational settings, as either the proverbial ‘glue’ between systems, or as a platform for full-blown applications… and anything in between. That is, Perl 5 is used almost everywhere here… the version first released in 1994 and steadily improved upon ever since. The latest release of Perl 5 is version 5.10.0 from late 2007.

The next major iteration of Perl is version 6, a complete rethinking of the language with many syntax changes, design improvements and new features. Perl developers worldwide have been anticipating the new version for nearly a decade now, and finally we can start to play with this new and intriguing animal.

I’ve installed a Perl 6 compiler (”Rakudo“) on connie.unh.edu and have begun playing around a bit. Rakudo runs on the Parrot virtual machine. For several years now, I have been stalking the Perl 6 and Parrot development teams (at YAPC::NA 2007 in Houston, at OSCON 2008 in Portland, OR… and this year again at YAPC::NA 2009 in Pittsburgh next month) and have attended numerous exciting talks on Perl 6/Parrot by the minds who are making it all happen. I can tell you first hand that these folks are a mighty impressive bunch, and I have no problem continuing to bet my career and good name on the work that this wing of the open source community is doing.

I’ll be keeping the Rakudo and Parrot releases in sync as development continues on both… the perl6 executable is linked to from a common location for convenience:

delgreco@connie[~]: which perl6
/usr/local/bin/perl6

Perl 6 is very different from Perl 5 but also very much the same from a design philosophy perspective. Take “Hello, World!” for an example:

#!/usr/local/bin/perl6
say “Hello, World!”;

As opposed to the more familiar Perl 5 way:

#!/usr/bin/perl
print “Hello, World!\n”;

Not many language revisions actually change the way you’d write a “Hello, World!”, but clearly Larry Wall, creator of Perl and leader of the Perl 6 designers, still values terse expression in Perl.

If you’d like to join me in getting my feet wet with Perl 6, drop me a line and I’ll setup a shell account for you on ‘connie’. It’s also quite easy to install Perl 6 yourself on a UNIX-like system, although it does require both git (to pull the latest Rakudo) and svn (to update from the Parrot repository).

Perl 6 may not yet be ready for use with production systems, but it’s close enough to start getting cozy with.