If you've discovered something amazing about Perl that you just need to share with everyone, this is the right place.

This section is also used for non-question discussions about Perl, and for any discussions that are not specifically programming related. For example, if you want to share or discuss opinions on hacker culture, the job market, or Perl 6 development, this is the place. (Note, however, that discussions about the PerlMonks web site belong in PerlMonks Discussion.)

Meditations is sometimes used as a sounding-board — a place to post initial drafts of perl tutorials, code modules, book reviews, articles, quizzes, etc. — so that the author can benefit from the collective insight of the monks before publishing the finished item to its proper place (be it Tutorials, Cool Uses for Perl, Reviews, or whatever). If you do this, it is generally considered appropriate to prefix your node title with "RFC:" (for "request for comments").

User Meditations
To assume network or not
3 direct replies — Read more / Contribute
by stevieb
on Apr 11, 2016 at 18:51

    I've created a module that at first, was designed to be standalone. Since, I've updated it to make it network-capable, and it now, in one specific mode, acts as a distribution centre, commanding other systems to perform the tasks and return the results. The standard mode of single-system is still available

    I've found that now I have to manage the results from the local instance a lot differently than the remote results, so I'm effectively doing a lot of duplicate work.

    My options are: maintain the project and handle both the local results and the network results seamlessly, fork out the module and spin off a ::Standalone version that functions like the pre-network version, or assume by default that at minimum, localhost traffic will always work, and have the local procedures work over a network call to a localhost listener, even if the user doesn't want to ever use the distribution aspect of the dist.

    What are your thoughts on this? Is it ok to assume at minimum local (ie. localhost) network comms in today's world, or would you take one of the other approaches (or even one I haven't considered)?

[OT] A prediction.
10 direct replies — Read more / Contribute
by BrowserUk
on Apr 06, 2016 at 22:32

    The speed of light is not constant!
    It is, in fact, accelerating, year by year, decade by decade, century by century; but on astronomical time-scales.

    It may take ten years; it make take one hundred. Or even a thousand.

    But, it will eventually be proved that the speed of light is not a constant. (And this has nothing to do with frames of reference; or General, or Special Relativity.)

    If you set up a series of light beams, every cm(inch) across a road, 1 km(mile) long; and measured the (instantaneous) speed of a car starting from standstill and accelerating along that road to 100k(m)ph; and then viewed the data from the last 100cm(inches); it would appear (within the bounds of accuracy available) that the speed of the car was some fixed(constant) value.

    Now consider that we (human kind) have only been attempting to measure the speed of light for 300 or 400 years -- depending upon your references -- and that light has been traveling for ~13.something billion years(*); and maybe the above analogy will make sense.

    Now think about the consequences, if that is true.

    Distances -- and thus times -- of astronomical points and events -- including the age of the Universe/time since the big bang -- are no longer reliable.

    The calculations that "prove" that the Universe is expanding and will continue to expand until heat death; are unreliable. Unproven.

    The mass calculations that indicate the existence of both Dark Matter and Dark Energy are moot.

    The vast majority of current astrophysical and particle physical research are looking in the wrong place, for the wrong thing.

    Wanna join the 21st Century's version of the flat Earth society?

    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority". I knew I was on the right track :)
    In the absence of evidence, opinion is indistinguishable from prejudice.
Raspberry Pi and Perl
3 direct replies — Read more / Contribute
by marinersk
on Apr 06, 2016 at 01:33

    I'm finally entering into the world of prototype robotics. The research has been fun, even fascinating at times, but I'm at a point where getting feedback from those whose opinions I respect seems appropriate.

    I'm looking for general feedback from any Monks who have worked in that space on the values or detriments of using Perl on Raspberry Pi in this capacity.

    For a variety of reasons, I'm leaning toward using as close as possible to stock builds. A good argument for a different Linux or a different Perl is welcome, of course.

    Arguments for the Windows OS on Raspberry are also welcome, I suppose, but the argument will likely be challenged to pique my interest for long.

Philosophy for when not to support older versions of perl
6 direct replies — Read more / Contribute
by stevieb
on Mar 29, 2016 at 19:24

    As far as I recall, all of my modules will work going back to 5.8 and previous, but I'm looking for opinions for cutoff lines... ie. what is it that makes you determine when not to support older versions?

    I recently came into an issue that will force me to write three extra lines to be v5.8 compatible vs v5.10, which got me wondering how much work others will do before bumping the minimum version of perl (I'm sure requiring a module that you didn't write that uses newer features is likely a big one. Any others?).

What if someone liberated his Perl modules?
3 direct replies — Read more / Contribute
by perlancar
on Mar 23, 2016 at 04:57

    There is a recent event where a Node.js developer decided to unpublish all of his 250 or so modules on npmjs.org (including some very popular modules, causing large breakage) following a corporate takedown notice for one of his modules. The ensuing HN discussion thread highlights a security issue where a malicious author could upload a malicious update to a previously existing (but then unpublished) module. I'm wondering how such issue is handled in the Perl (CPAN) community.

    If someone unpublishes his module (i.e. deletes the release tarball from PAUSE), at least there's an extra step where he must also give up his primary maintainer/co-maintainer status to allow others to upload to the same package name. Well, that's not entirely correct. PAUSE allows any author to upload distribution which contains modules that occupy the same namespace as existing ones, it's just that the modules won't be indexed if the version number is older than existing indexed one or if there is insufficient permission. But once the original author makes the namespace available again, it's back to free for all: any other PAUSE author (malicious or not) can theoretically upload to the same namespace and spread malware or compromise users' systems via module update. It's easy to register a PAUSE account.

    PAUSE creates a CHECKSUMS file in author's directory, listing each release file along with its last modified time, size, MD5 and SHA256 checksums. The CHECKSUMS file is then signed by PAUSE. A CPAN client can be instructed (e.g. --verify in cpanm) to check the signature of the CHECKSUMS file.

    A couple of issues: 1) signature verification is not enabled by default in CPAN client (at least in cpanm); 2) most (all?) CPAN mirrors are ftp/http and not https, so during the first installation where the client does not have PAUSE's public key yet, a MITM attack can spoof the CHECKSUMS file as well as the release tarballs without the client being able to detect it. These issues can be fixed in the client: enable --verify by default and bundle the PAUSE public key.

    Additionally, an author can also sign his distribution using a framework like Module::Signature. This will create a SIGNATURE file in the top-level directory of the distribution which contains the checksums of the files in the distribution. The SIGNATURE is then signed using the author's PGP key. This protects the distribution from being tampered by the server (in this case, PAUSE).

    A CPAN client can then be instructed (also --verify in cpanm) to check this signature file. The 'cpansign' CLI tool distributed along with Module::Signature can also be used for this purpose. The same issue also exists: verify is not enabled by default. And another issue, code signing by author is not mandatory and as far as I know, only a small percentage of authors do this. And yet another issue, at least when I tried it, tool like 'cpansign' is not strict by default: when it fails to retrieve the required PGP public key, it stills reports "==> Signature verified OK! <=".

    A more paranoid CPAN client can also be setup to only accept a predefined set of authors' keys. This can mitigate the issue of another previously unknown PAUSE author trying to push an update to existing module.

    Client system can also protect against regular update breakage by setting up a private DarkPAN repository where each module update is first tested then pushed to this repository. Client machines then update their Perl modules from this private repository and not directly from a CPAN mirror.

    Conclusion: there are mechanisms already in place in the CPAN infrastructure to prevent the abovementioned security issue. But the problem is they are not enabled by default.

Re: Is there a place on PM outlining community policy
1 direct reply — Read more / Contribute
by stevieb
on Mar 23, 2016 at 01:43

    My rules:

    • act as I want to be treated
    • acknowledge and apologize when I've been an unwarranted asshole
    • when sharing information or giving advice, be as diligent as possible
    • always, and I mean *always* give credit where it is due
    • be honest; being a phony gets you nowhere
    • call it on people when they are wrong, while at the same time, be able to acknowledge when you were
    • stay out of bikeshed conversations, unless you're willing and able to discuss the larger scenarios
    • don't pout if you've been showed-up; research and learn from it
    • realize everyone makes mistakes... it's ok to question anyone's opinion
    • give back more than you take


Unifying namespaces of @name and $name to simplify dereferencing?
7 direct replies — Read more / Contribute
by LanX
on Mar 22, 2016 at 07:53
    This is a meditation !

    Preliminary thoughts

    As a beginner one of my biggest obstacles with Perl was the duality of the list form @arr =(1,2,3) and reference form $arr_ref = [1,2,3] of data structures (same with %hashes )

    see also Re: disadvantages of perl

    I should choose references far more often, but I'm normally too lazy to always type the dereference operator -> , that's a breach in the paradigm of "making easy things easy"!

    Theoretical approach

    let's suppose we had a feature called use feature "autoref" (not sure about the best name)

    and defining my @name would automatically involve defining my $name = \@name and vice versa (same with %hashes ).

    This could simplify notation a lot.

    I not only rarely have collisions between those namespaces, I actively avoid them (like using plural for array names).


    Are there any pitfalls I didn't think of regarding this hypothetical feature?

    Cheers Rolf
    (addicted to the Perl Programming Language and ☆☆☆☆ :)
    Je suis Charlie!

In praise of the PM community
1 direct reply — Read more / Contribute
by nysus
on Mar 11, 2016 at 12:04

    As a programming hobbyist, I feel compelled to drop a note to all my fellow monks on the tremendous resource that is this website. While PM is not the cutting edge website it was when I first joined fifteen years ago, no technology can ever replace the cooperative spirit and commitment to the craft demonstrated here by the Monks. Not only have a I gotten invaluable advice here on PM about Perl, I've also received a great education on what is possible when people come together to help each other. This is an amazing community and that is why Perl will always be near and dear to my heart.

    Thank you to all Monks and Long Live Perl!

    $PM = "Perl Monk's";
    $MCF = "Most Clueless Friar Abbot Bishop Pontiff Deacon";
    $nysus = $PM . $MCF;
    Click here if you love Perl Monks

How good IDE should syntax-check ( compile with perl -c ) perl code?
3 direct replies — Read more / Contribute
by vsespb
on Mar 10, 2016 at 05:47

    Is that correct that IDE should:

    Let's discuss. Purpose of this question is to submit it to (some) Perl IDE/editor maintainers as feature request/bug report (well, I am going to submit it only to one, my favourite IDE, but you can do it for your IDE/editor)
Mind the meta!
3 direct replies — Read more / Contribute
by Anonymous Monk
on Mar 01, 2016 at 11:08

    I was a little surprised that in a recent thread no one seemed to flinch at code that was essentially the equivalent of $logged_in = $expect_pass=~/$FORM{pass}/i;.

    If you happen to be wondering "Why is that bad?" - Because $FORM{pass} most likely comes from an HTML form (or at the very least could contain user input), and its contents will be interpolated into and interpreted as a regular expression, leaving the user free to input ".*", which of course matches anything, and so the user is always logged in!

    One solution is to use /\Q$FORM{pass}\E/, which causes characters that would normally be special in a regular expression to be escaped - see quotemeta. In addition, the regex should probably be anchored, to prevent partial matches: /^\Q$FORM{pass}\E$/. Of course, in this example the much easier solution is to just use $expect_pass eq $FORM{pass} instead of a regex!

    I feel like \Q...\E is forgotten too often when interpolating variables into regexes, and it seems to be often overlooked here on PerlMonks when people post code like the above. In fact, I see it forgotten often enough that I think instead \Q...\E should be everyone's default thought when interpolating variables into regular expressions, only to be left off when one has a good reason to (like dynamically building regexes - but of course doing that with unchecked user input is dangerous!).

    So please, mind the meta(characters) and remember \Q...\E!

It's so easy to become complacent.
3 direct replies — Read more / Contribute
by BrowserUk
on Feb 22, 2016 at 11:03

    For the last few weeks I've been forced into using Lua, because it is the embedded language in the simulation software I'm using.

    I've had brief causes to use it a few times in the past for simple things; but this time I'm having to make far more extensive forays into it. And it has highlighted just how spoilt I've been using Perl for most of my scripting needs for the last 13 years. Even just the trivial things, like the fact that Perl detects and reports syntax and even some semantic errors, up front when the script is first loaded.

    Having just had a Lua script run for almost 5 days before trapping out at the eleventh hour with an utterly trivial and inconsequential typo, I've once again had my respect for Perl (5) renewed by the experience.

    Which makes the current state of the community all the more depressing.

    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority". I knew I was on the right track :)
    In the absence of evidence, opinion is indistinguishable from prejudice.
Humane Tasking Initiative / FlowgencyTM
2 direct replies — Read more / Contribute
by flowdy
on Feb 20, 2016 at 08:11

    There is a plenty of software tools of that kind to be discovered online. Either free or for charge, implemented as a webservice or installed locally, command line or graphical, large enterprise-scale project management or simple todo listers for individual use. Lots and lots of stuff like that.

    Because my mid-of-scale, yet another but the better ;) project is written in Perl, I advertise it here in the PerlMonks community. Learn more, and if you are interested, be welcome to test the online demo installation at my Humane Tasking Initiative site. Or read on, clone or fork my FlowgencyTM code repository at GitHub.

    Contributions, questions and comments are welcome. Please understand that the tool must remain far from supporting staff performance monitoring. Technically, it can easily be abused like that, like a kitchen knife can be abused for murder. This is why I envision the software project be embedded in an initiative, and why local usage with full own data souvereignty is focussed in development.

    To those who find that concept of time overhead I recommend TaskWarrior instead. Between that project and mine can be found a remarkable number of similarities, no wonder because TaskWarrior is my primary source of inspiration. I guess admittingly that the development of Taskwarrior is more stable than the development of FlowgencyTM (by the way, this is a working title subject to change in the future), because I am the initiator and main developer, the only one as yet, whose full-time job deserves priority.

Autoload versus auto-generating accessors
6 direct replies — Read more / Contribute
by goldenblue
on Feb 11, 2016 at 10:54

    after reading through PerlMonks Sections I decided this post should go here...

    I have been using Autoload extensively for my getters and setters, and refrained from "auto-writing" them, basically because I didn't like how it looked in the code.

    I also stumbled across some code that uses a baseclass with a makeattr-method it uses as "initializer", to write these accessors, which I also find pretty cool...

    Now I was wondering, which method do others prefer?

    So I would like to open a discussion:

      what are the advantages and drawbacks of each method, or do you see a third alternative? And which do you prefer?

    Maybe someone with a higher level would like to make this into a poll?

CSV headers. Feedback wanted
4 direct replies — Read more / Contribute
by Tux
on Feb 10, 2016 at 08:18

    Given small CSV data files or big(ger) CSV data files with a filter so that all of the data fits into memory, the Text::CSV_XS' csv function will most likely accomodate the common usage:

    use Text::CSV_XS qw( csv ); my $aoa = csv (in => "file.csv");

    This function also supports the common attributes for new:

    my $aoa = csv (in => "file.csv", sep_char => ";");

    or even with shortcuts and aliasses:

    my $aoa = csv (in => "file.csv", sep => ";");

    If there is lots to process inside each row, not all rows would fit into memory, or the callback structure and options for csv will obscure the code, reverting to the low level interface is the only way to go:

    use autodie; use Text::CSV_XS; my $csv = Text::CSV_XS->new ( binary => 1, auto_diag => 1, sep_char => ";", }); open my $fh, "<", "file.csv"; while (my $row = $csv->getline ($fh)) { # do something with the row } close $fh;

    Quite often a CSV data source has got one header line that holds the column names, which is easy to ask for in the csv funtion:

    # Default: return a list of lists (rows) my $aoa = csv (in => "file.csv"); # Using the header line: return a list of hashes (records) my $aoh = csv (in => "file.csv", headers => "auto");

    Or in low-level

    open my $fh, "<", "file.csv"; my @hdr = @{$csv->getline ($fh)}; $csv->column_names (@hdr); while (my $row = $csv->getline_hr ($fh)) { ...

    This week I was confronted with a set of CSV files where the separator character was changing based on the content of the file. Oh, the horror! If the CSV file was expected to contain amounts, the program that did the export chose to use a ; separator and in other cases it used the default ,. IMHO the person that decided to do this should be fired without even blinking the eye.

    This implied that on opening the CSV data stream, I - as a consumer - had to know in advance what this specific file would be like. Which made me come up with a new thought:

    "If a CSV stream is supposed to have a header line that definess the column names, it is (very) unlikely that the column names will contain unpleasant characters like embedded newlines, semi-colons, or comma's. Remember, these are column names, not data rows. Not that it is prohibited to have header fields that have comma's or other non-word characters, but let us assume that it is uncommon enough to warrant support for easy of use."

    So I wanted to convert this:

    open my $fh, "<", "file.csv"; my @hdr = @{$csv->getline ($fh)}; $csv->column_names (@hdr); while (my $row = $csv->getline_hr ($fh)) {

    where the $csv instance has to know what the separator is, to

    open my $fh, "<", "file.csv"; my @hdr = $csv->header ($fh); $csv->column_names (@hdr); while (my $row = $csv->getline_hr ($fh)) {

    which will do the same, but also detect and set the separator.

    where the new header method will read the first line of the already opened stream, detect the separator based on a default list of allowed separators, use the detected sparator to set sep_char for given $csv instance and use it to parse the line and return the result as a list.

    As this came to me as common practice, before you parse the rest of your CSV, I came up with a local method (not (yet) in Text::CSV_XS) that does this for me:

    sub Text::CSV_XS::header { my ($csv, $fh, $seps) = @_; my $hdr = lc <$fh> or return; foreach my $sep (@{$seps || [ ";", "," ]}) { index $hdr, $sep < 0 and next; $csv->sep_char ($sep); last; } open my $h, "<", \$hdr; my $row = $csv->getline ($h); close $h; @{$row // []}; } # Text::CSV_XS::header

    it even has some documentation :)

    =head2 $csv->header ($fh) Return the CSV header and set C<sep_char>. my @hdr = $csv->header ($fh); my @hdr = $csv->header ($fh, [ ";", ",", "|", "\t" ]); Assuming that the file opened for parsing has a header, and the header does not contain problematic characters like embedded newlines, read the first line from the open handle, auto-detect whether the header separates the column names with a character from the allowed separator list. That list defaults to C<[ ";", "," ]> and can be overruled with an optional second argument. If any of the allowed separators matches (checks are done in order), set C<sep_char> to that sequence for the current CSV_XS instance and use it to parse the first line and return it as an array where all fields are mapped to lower case: my $csv = Text::CSV_XS->new ({ binary => 1, auto_diag => 1 }); open my $fh, "<:encoding(iso-8859-1)", "file.csv"; my @hdr = $csv->header ($fh) or die "file.csv has no header line\n"; # $csv now has the correct sep_char while (my $row = $csv->getline ($fh)) { ... }

    After two days of intensive use, I thought this might be useful to add to Text::CSV_XS so we all can profit, but I want to get it right from the start, so I ask for feedback (already got some from our local PM group)

    Let the bikeshedding commence ...

    • Is this functionality useful enough to add at all
    • is $csv->header a useful method name (remember we also have low level methods to deal with hashes, like $csv->column_names)
    • Is the proposed API sufficient
    • Do you see any shortcomings

    Things I envision in this function is to also auto-detect encoding when the line includes a BOM and set it to the stream using binmode or have some option to allow this new method to not only return the headers, but use them to set the column names:

    #--- my $data = "foo,bar\r\n1,baz\r\n"; open my $fh, "<", \$data; my @hdr = $csv->header ($fh); # ("foo", "bar") while (my $row = $csv->getline ($fh)) { # $row = [ "1", "baz" ] #--- my $data = "foo;bar\r\n1;baz\r\n"; open my $fh, "<", \$data; my @hdr = $csv->header ($fh); # ("foo", "bar") $csv->column_names (@hdr); while (my $row = $csv->getline_hr ($fh)) { # $row = { foo => "1", bar => "baz" } #--- my $data = "foo|bar\r\n1|baz\r\n"; open my $fh, "<", \$data; $csv->column_names ($csv->header ($fh, [ ";", ",", "|" ])); while (my $row = $csv->getline_hr ($fh)) { # $row = { foo => "1", bar => "baz" }

    Enjoy, Have FUN! H.Merijn
How to ask better questions using Test::More and sample data
1 direct reply — Read more / Contribute
by neilwatson
on Feb 08, 2016 at 15:24

    I encourage wisdom seekers to present sample data and use Test::More in the example code of their question. Let's look at some examples.

    How do I make the regex match?

    #!/usr/bin/perl use strict; use warnings; use Test::More; my $data = "Some string here"; my $regex = qr/ fancy regex here /mxis; like( $data, $regex, "Matching my regex" ); done_testing;

    Your code fails, but readers can read this code and run it and make changes that will make it pass.

    Why does my sub return an error?

    #!/usr/bin/perl use strict; use warnings; use Test::More; sub mysub { return; } ok( mysub(), "Should return true" ); done_testing;

    Presenting larger sample data as if you were reading a file line by line.

    Use __DATA__.

    #!/usr/bin/perl use strict; use warnings; use Test::More; my $wanted_matches = 2; my $actual_matches = 0; my $regex = qr/ fancy regex here /mxis; while ( my $line = <DATA> ) { chomp $line; if ( $line =~ $regex ){ $actual_matches++; } } ok( $wanted_matches == $actual_matches, "Correct number of matches" ); done_testing; __DATA__ line one..... line two..... .... line ten.....

    Neil Watson

Add your Meditation
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.