• Most of PDL::VectorValued has now been incorporated into PDL::Primitive
• Bugfixes including the t_rot one in 683514, and to MatrixOps::inv, conv2d and MatrixOps::identity
• inflateN added
• allow [o] on OtherPars, which helps towards PDL::OpenCV

The IRC channel (#pdl on irc.perl.org) is a great virtual place to come and ask questions, or just watch the GitHub messages flow by.

Please give the new PDL a try and report problems.

It seems that summer 2023 might be again a summer for a Perl conference, in Helsinki: https://intro.perlkohacon.fi, and a Google document with some facts!

One of the requirements for the SRE at Google:

- Experience programming in one or more of the following languages: C, C++, Java, Python, Go, Perl, or Ruby.

I'm happy to announce/invite you (well, the German/close to Frankfurt part of "you") to the Frankfurt Perl Workshop, a small one-day workshop without schedule, and mostly about Perl:

Hallo zusammen,

am Sonntag, dem 06. November 2022 veranstalten wir wieder den Frankfurter Perl Workshop. Der Workshop findet wie 2019 im Haus der Jugend statt.

Wir treffen uns ab 10 Uhr zu Vorträgen, gerne über Perl. Das Programm liegt nicht fest, aber Vorankündigungen sind gerne willkommen! Ich habe hoffentlich ein oder zwei Themen, die ich vortragen kann.

Für Kaffee und Stückchen ist gesorgt, mittags gehen wir wahrscheinlich Pizza essen.

Datum: 06.11.2022

Uhrzeit: ab 10 Uhr

Ort: Haus der Jugend, Deutschherrenufer, Frankfurt

Dave Cross has written a fairly brief article explaining what's been going on with Perl development and releases in recent years, highlighting compatibility and new features.

You can check it out at https://stackoverflow.blog/2022/09/08/this-is-not-your-grandfathers-perl/.

No new info there - it is interesting only because it purports to be positive for perl, is published on SO, and showed up on my Google news feed.

The author seems to have somewhat dated knowledge of perl and no knowledge of raku.

TPF is calling for volunteers to assist with the administration of rt.cpan.org, specifically to help with keeping it free from spam. If you have the necessary time, skill and inclination please consider supporting this.

=== UPDATE

TPC 2022 in Houston

1. Raku -Ofun for Everyone - Daniel Sockwell
2. People still use Perl? - Ruth Halloway
3. Introducing Perl Data Types - Will Braswell
4. TPF Summer Activities 2013-2023 - Makoto Nozaki & Stéphane Gigandet
5. Taming the Unicode Beast - Felipe Gasper
6. Stealing an idea from Perl, and bringing it back improved! - Evan Carroll
7. Don't fear map and grep (lightning talk) - Mark Gardner
8. A Nailgun for Raku - Daniel Sockwell
9. Open Source, Self Hosted Password Management with Bitwarden + Vaultwarden - Daniel Sockwell
10. Util::H2O is pretty cool (Lightning Talk) - B. Estrade
11. Bundling Code with FFI::Platypus (Lightning Talk) - Graham Ollis
12. Fast perceptual image hashing with Perl - Dimitrios Kechagias
13. Modern Approaches to Ancient Perls - Brian Kelly
14. Corinna Status, 2022 - Curtis Poe
15. Perl T20 - The last minute challenges saved by perl - Sangeetha Vijayam
16. Raku for Beginnners - Bruce Gray
17. Three Ways to Make Wrong Code Look Wrong (er) - Daniel Sockwell
18. Why Do Programmers Love Rust? - Dave Rolsky
19. The Perl Navigator: Code Intelligence for any Editor - Brian Scannell
20. Database Dance: DBIx::Class and Dancer2 treachery to increase web app performance - Ruth Halloway
21. Content Audit and Gap Analysis of Perl's Core Documentation - Khawar Latif Khan
22. Introduction to OpenMP for Perl Programmers - Brett Estrade
23. State of the Art: Perl and Multithreading via OpenMP - Brett Estrade
24. The Database Dance - DBIX and Dancer treachery to increase performance - Ruth Holloway
25. People Still Use Perl? - Twenty Years of Making a Living with a Dead Language - Ruth Holloway
26. Lemons to Lemonade - Matthew O. Persico
27. GraphQL in Perl - a basic intro
28. Mastering English in Perl - Makoto Nozaki
29. What A.I. Fears Most - Tristan Wallace
30. IPv4 subnetting for humans - Teddy Vandenberg
31. Perl Updates - Bruce Gray
32. Captive Camel - Restricted Shells - William E Little Jr.
33. CLI Tools I Use - Dave Rolsky
34. Dispatches from Raku - Daniel Sockwell
35. Ancient Code (in Raku) - Matthew Stuckwisch
36. SQL::Abstract - Caveat Emptor - Dimitrios Kechagias
37. Containerization in Perl - Evan Carroll
38. Perl|Raku compared with _____________ - Daniel Sockwell
39. Perl objects: "differently right"
40. Thank you - Ruth Holloway
41. The NEXT steps to simplify EVERY::LAST class you write with mro - Steven Lembark
42. Juggling Patterns in Perl - William N. Braswell Jr.
43. Supercharging Perl - Daina Pettit
44. Make a module for you and others: creation and submission to Fez - Matthew Stuckwisch
45. Playing nice with others using the new COERCE protocol - Matthew Stuckwisch

UPDATE

Sorry the feed to generate this list is incomplete, does anyone know how to get an accurate one?

update

generated complete list by grabbing JSON data from playlist.

During the last days, we reviewed and cut the video recordings. The recordings are now available on the media platform of the CCC:

https://media.ccc.de/c/gpw2022

Some of the presentations are not yet published - we need to work on the video some more..

Again, thanks to our speakers, our sponsors and everybody else for the great conference. Next year we'll hopefully meet again in Frankfurt am Main in person!

Howdy!

I've been working on the development of a Prospectus for the TPF as a way of communicating all the good work that TPF is doing to support Perl, and you can read all about it here. There were lots of people who worked on this, and I'm really thrilled with the way it turned out.

PS I'll be at TPRC in Houston next week -- maybe I'll see some of you there. :)

• Badflag propagation is much more automatic, as well as fixing a long-standing bug in it if type-conversion of a parameter happened - see https://github.com/moocow-the-bovine/PDL-CCS/pull/5 for more
• PDL::Dataflow doc brought up to date
• PDL::IO::STL added to read 3D-printable items from e.g. Thingiverse
• PDL::Graphics::TriD::trigrid3d completed from a 2000-era prototype which can display the above or other “indexed face-set” type content
• A long-standing bug that affected Windows with parallel processing has been fixed (see 11116094 for more - thanks marioroy for the report!)
• PDL::Image2D::crop added (see 11143251 for more)

• Restructure the TriD stuff so there is a consistent API between OpenGL and X3D/VRML - see 11143037 for more
• fix more open GitHub issues
• add event-handling hooks for ndarrays - see PDL::Dataflow for more
• finish the independent C interface for making PDL usable from e.g. Python - see https://github.com/PDLPorters/pdl/issues/358 for more
• “loop fusion” techniques to maximise locality of computation, minimising data’s trips through the “straw” between CPU and main RAM
• use OpenCL or other means to also utilise GPUs if available - see https://github.com/PDLPorters/pdl/issues/349 for more on this and the above

Please give the new release a try and report problems.

I've probably missed some stuff so please have a nose around and open issues on https://github.com/PDLPorters/pdlporters.github.com/issues or use the “Website issues” link in the sidebar (which links to that) - or reply on here!

As usual, please give the new website a try and report problems.

• TriD::GL now more resilient and exceptions don't leave GL broken
• Bugfixes including to NiceSlice
• demo 3d now shows off a 3D Earth (with accurate shading), and also a 3D molecule-like graph evolving over time
• The pdl struct now has room for a single value (or if not complex long double, several values of smaller datatypes), avoiding extra memory-management for small ndarrays – but you don’t need to recompile installed modules

The IRC channel (#pdl on irc.perl.org) is a great virtual place to come and ask questions, or just watch the GitHub messages flow by.

Please give the new PDL a try and report problems.

• Much broader testing of the wrapper functions e.g. msolve, with many fixes
• A number of memory-management and other bugs are fixed, helped by the above
• Those wrapper functions now work in a natural way with “native complex” numbers, so long as you don’t load PDL::Complex at all – they still work with PDL::Complex if you do load it

I’m strongly considering actually removing PDL::Complex support from PDL::LinearAlgebra, because it does add a fair bit of quite awkward code. Please express an opinion if you have one! It won’t be immediate because I’d want to lift out some of Greg’s nice patching of PDL::Complex into main-PDL’s PDL::Complex, and I haven’t done that yet.

Future ideas:

• Use Devel::CheckLib to ensure LAPACK is installed
• Be more available on Windows by using a still-to-be-created Alien::LAPACK
• Use ExtUtils::F77 to better detect trailing “_” on routine names, and use the technique from PDL::Slatec/Minuit to wrap that
• Make a somewhat-visual demo of this linear algebra stuff using the new plugin-based demo system – ideas welcome!

As usual, please give the new release a try and report problems.

Dear fellow Perl developers,

zlib, the compression library (also known as libz, deflate, compress on various systems) has a major flaw. While the bug is 17 years old, it only got attention in the last few days and weeks.

It even has a backdated CVE, because the bug was discovered years ago, but not fixed: CVE-2018-25032

See also: https://zlib.net/

It is known that this can cause at least denial-of-service attacks, but RCE (remote code execution) is not entirely out of the cards to my knowledge.

I have done a casual grep through my local CPAN mirror (yay for local mirrors!), which has given me a list of potentially vulnerable modules. There are over 90 of them. Yes, there are probably a few false negatives and a few false positive, as i didn't have time to go over each distribution in detail.

Please check your CPAN distributions for any use of zlib.c, libz.c, deflate.c, compress.c and similar variants and update as necessary. If at all possible, i would also recommend to switch to either the zlib provided by the operating system or at least coordinate with other CPAN authors to reduce the number of static copies of the zlib libraries spread all over CPAN modules.

The basic problem with distributing your own copy of a library like that is simple: Instead of it getting automatically updated with security fixes by the operating system or distribution vendor, it is up to YOU to track the library and provide security updates for your CPAN distributions. And you have to get the users to somehow not only update the operating system, you also have to get them to update their installed perl modules. While providing your own copies of C libraries is convenient, provides safety against incompatibilities with locally installed libraries and so on, in case of a security problem this can place a lot of extra burdens on the end user of your code. They suddenly have to go through every installed perl module, plus all the other non-perl programs to make their system secure again.

Perl isn't the only software environment that has this problem. Many other things also maintain local copies of these kinds of "simple but essential" libraries in their source code control. The list of potentially vulnerable programs is quite impressive. So far, i've seen mention (but have not confirmed it myself) of Chromium, Firefox, ImageMagick, Gimp, VLC, the Linux kernel among quite a few other programs. This stems from the fact the zlib/the deflate algorithm is used in, for example, the HTTP protocol and PNG image files.

Because the number of modules NOT using the zlib library installed with the operating system but instead using a static/local copy of the C-Files, a security problem like this (or worse) can take a long time to fix. It is up to all of us to work together and reduce the number of copies of potentially vulnerable code.

Thanks in advance for your help in solving this security problem.

Sincerely,

Rene "cavac" Schickbauer