BBC analysis reckons Clacton is the most UKIP-friendly constituency int the UK. My home town :-/

Pulp – Dishes

Stealing Sheep – Noah's Days

Stealing Sheep – Noah's Days

The Killers – Romeo and Juliet

The Killers – Romeo and Juliet

Just ordered my, now traditional, signed first edition of @lloydshep's new book from @GoldsboroBooks -


@JSeymourUKIP @DouglasCarswell All your members except your existing Clacton PPC, perhaps :-)


Haha! Looks like @DouglasCarswell might have screwed up. UKIP alread have a candidate in his constituency -


I get vertigo just looking at these pictures of the @RoyalAlbertHall -


davorg created branch master at davorg/kinza

davorg created branch master at davorg/kinza

davorg created repository davorg/kinza

davorg created repository davorg/kinza

davorg pushed to master at davorg/twittelection

Dave Cross
  • Dave Cross 27f90cd
    Couple more list management utilities. Edited create_lists.

davorg pushed to master at davorg/bbc-test

Dave Cross
  • Dave Cross 108a990
    Apologise for the XML :-/

davorg pushed to master at davorg/bbc-test

Dave Cross
books read

The Long War (The Long Earth #2)

The Long War (The Long Earth #2)
author: Terry Pratchett
name: David
average rating: 3.51
book published: 2013
rating: 0
read at:
date added: 2014/08/19
shelves: currently-reading

perl hacks

Perl Usage

In my last blog post, I posted a graph showing that out of 135 companies at a recent Silicon MilkRoundabout recruitment event, only one said that they were using Perl. That has led to some interesting discussions that I’d like to address here.

I should make it clear that I wasn’t presenting my graph as evidence that Perl is dead. Of course you can’t leap to conclusions like that from what I learned at one recruitment event. I do, however, think that the situation is pretty grim.

But firstly, a few points that people made to me in response to my post.

We know that Perl isn’t used in start-ups
Yes. I think we do know that. But I don’t think we’re as worried about that as we should be. Imagine if that job fair was held fifteen years ago. Or twenty years ago. Perl used to be the language of choice for internet start-ups. What happened to change that? (I have some theories that I’ll cover in another blog post) Can this trend be reversed? (Honestly, I don’t think so – but I’m open to arguments to the contrary)

Every programmer I know uses Perl in some way
I think this might have been true fifteen years ago, but it hasn’t been the case for some time. If it’s really true that all programmers that you know still use Perl, then I think you only know a really bizarre cross-section of programmers.

All companies use Perl, but the HR department or management often don’t know
This is similar to the last point. And, again, I think it’s something that used to be true and hasn’t really been true this millennium. But there’s also the idea of Perl being the programmers “secret weapon” that the suits don’t know about. Even if it’s true (and I don’t think it is), then going underground like that is likely to be harmful to Perl’s popularity in the long term.

I think we should stop fooling ourselves here. Perl usage has been declining for over a decade. To a first level of of approximation, Perl is already a dead language.

Of course, The Perl community has spent a lot of the last few years actively denying that. I’ve been responsible for some of that drum-beating myself. But we need to accept that it’s true. For most people outside of the Perl bubble, Perl is a language that they last considered using back in the last millennium.

So, if Perl is dead, why has everyone spent the last five years demonstrating that this isn’t the case? Have they been lying to us? No, I don’t think they have. I just think that they have been looking at the wrong measures of success. Let’s look at some of the arguments I’ve seen.

CPAN is growing faster than ever
We have regular releases of Perl
Some great new features have been added to Perl
These all essentially boil down to the same argument – “Perl isn’t dead because some part of Perl (or its ecosystem) is improving”. I can’t argue with any of those facts, but do they really say anything useful about the long-term viability of the language. It’s great that Perl is constantly improving, but unless the people who are currently ignoring Perl can be persuaded to investigate these improvements, then they do little or nothing to stop Perl’s decline.

Moose might be the most powerful object system in the world. DBIx::Class might be the most flexible ORM available. Projects like these are great. But they don’t seem to be doing much to bring new people to Perl.

There are more YAPCs and Perl Workshops every year
Perl Mongers groups are starting all the time
We get dozens of people to our meetings every month
These arguments all boil down to “the Perl community is growing”. Again, I can’t argue with those facts (well, to be honest, I think the rate of Perl Monger group creation has slowed over the last ten years) but, again, I don’t think they prove what their proponents think they prove.

There is a difference between the Perl community and Perl programmers. Everywhere that I work, I find people who I already know from the community. But I always find far more people who I don’t know because they aren’t at all engaged with the Perl community. And I think it’s that large, untapped, number of non-community Perl programmers who make up the increased numbers of people attending meetings or conferences. This means that we are getting better at bringing our colleagues along to meetings. It doesn’t mean that more people are using Perl.

The number of Perl jobs is rising
Our company can never find enough Perl programmers
We just started a major new project using Perl
Most of the companies who use Perl continue to use Perl. That’s not really news. And some of those companies have grown really big and therefore need lots of Perl programmers to maintain and enhance their Perl programs. And that’s great. But it’s not really evidence of a grow in Perl usage.

Not all the companies who have historically used Perl continue to do so. Over the last five years I know of at least four big Perl-using companies in London who have started to move away from it for new development.

And one reason why people are always looking for Perl programmers is because many programmers have chosen to move away from Perl. I know plenty of people who were regulars at London Perl Mongers meetings ten to fifteen years ago but who haven’t written a line of Perl for over five years. This means, of course, that there is more work to go round those of us who are left. I could probably go through to my retirement maintaining existing Perl codebases. Those of you who are younger than me might not be so lucky.


So, to summarise, people who say that Perl is thriving point to three things – technical advances in Perl, the vibrant Perl community and the number of unfilled Perl jobs that always seem to be around. All of these things are great and are, of course, necessary for a living and growing language.

But they aren’t sufficient. You also need people outside of the community to take notice. And that’s not happening.

Ask yourself three questions.

  1. When did you last read a book on general programming techniques that contained examples written in Perl?
  2. When did you last read documentation for a web site’s API that included examples written in Perl?
  3. When did you last hear of a company using Perl that you didn’t previously know about?

This is why I published that graph a couple of weeks ago. Looking at that data, it really hit home to me just how badly we’re doing.

I have a couple of theories about why most of the world started ignoring Perl. I’ll get to those in my next blog posts. But, annoyingly, I don’t have any good ideas about how we might reverse the situation.

To be honest, currently my best advice (and the course I’ll be taking) is “brush up your Javascript”.


The post Perl Usage appeared first on Perl Hacks.

perl hacks

Programming Language Usage

Back in May, I spent an afternoon at Silicon MilkRoundabout. Silicon MilkRoundabout is a recruitment fair for techies. It’s specifically aimed at people who want to work for start-ups around the Old Street area (although they aren’t particularly stringent about sticking to that – for example, the BBC were there).

We were given a booklet containing details of all of the companies who were recruiting. Those details usually included information about the tech stack that the companies used.

Over the weekend, I went through that booklet and listed the programming languages mentioned by the companies. The results speak for themselves.

There were 135 companies at the event. About twenty of them unhelpfully listed their tech stack as “ask us for details”.

Here’s the graph:Usage of Programming Languages by Companies at Silicon MilkRoundabout

Usage of Programming Languages by Companies at Silicon MilkRoundabout

I’ll obviously have some more to say about this over the next few days. But I wanted to get the raw data out there as soon as possible.

The post Programming Language Usage appeared first on Perl Hacks.

perl hacks

Github, Travis-CI and Perl

Last night we held a London Perl Mongers Technical Meeting. It was organised by Sue Spence and the venue was sponsored by Rick Deller of Eligo.

Much fun was had and much knowledge was imparted. Alex Balhatchet spoke about Test::Kit. Andrew Solomon talked about training people in Perl. Thomas Klausner introduced OX and AngularJS. And Mike Francis talked about using Web::Simple and Web::Machine to build a REST interface to a database – only to be told that Tim Bunce had just released a module that solved all of his problems.

Oh, and I wittered on a bit about using Perl with Github and Travis-CI. The slides are below.

Github, Travis-CI and Perl from Dave Cross

Thanks to everyone for organising, speaking or just coming along.

The post Github, Travis-CI and Perl appeared first on Perl Hacks.

perl hacks

London Perl Workshop

The London Perl Workshop 2014 has been announced. It will be at the University of Westminster (the usual location) on Saturday 8th November. That’s a few weeks earlier in the year than it usually is.

The theme for this year is “The Internet of Things”.

You can find out more about the workshop, register and propose talks at the web site. Hope to see many of you there.

Many thanks (as always) to Mark Keating for organising the workshop.

The post London Perl Workshop appeared first on Perl Hacks.


Github, Travis-CI and Perl

A quick introduction to using Github and Travis-CI to test Perl projects

First Direct Update

Earlier in the week I talked about my concerns with First Direct’s new password policy. I got an email from them about this, but it really wasn’t very reassuring.

But I kept digging. And on Thursday I got a bit more information from “^GD” on the @firstdirecthelp twitter account. It still doesn’t answer all of my questions, but I think we’re a lot closer to the truth. Here’s what I was told.

The obvious question that this raises is why, then, do they limit the length of the passwords. I asked and got this (three-tweet) reply.

To which, I replied

And got the response

I thought that “as a business we are satisfied” rather missed the point. And told them so.

I got no response to that. And @brunns got no response when he tried to push them for more details about how the passwords are stored.

So, to summarise what we know.

I haven ‘t really been reassured by this interaction with First Direct. I felt that the first customer support agent I talked to tried to fob me off with glib truisms, but “^GD” tried to actually get answers to my questions – although his obvious lack of knowledge in this area meant that I didn’t really get the detailed answers that I wanted.

I’m not sure that there’s anything to be achieved by pushing this any further.

The post First Direct Update appeared first on Davblog.


First Direct Passwords

I’ve been a happy customer of First Direct since a month or so after they opened, almost twenty-five years ago.

One of the things I really liked about them was that they hadn’t followed other banks down the route of insisting that you carried a new code-generating dongle around so that you can log into their online banking. But, of course, it was only a matter of time before that changed.

A couple of weeks ago I got a message from them telling me that Secure Key was on its way. And yesterday when I logged on to my account I was prompted to choose the flavour of secure key that I wanted to use. To be fair to them they have chosen a particularly non-intrusive implementation. Each customer gets three options:

  1. The traditional small dongle to carry around with you
  2. An extension to their smartphone app
  3. No secure key at all

If you choose the final option then you only get restricted (basically read-only) access to your account through their web site. And if you choose one of the first two options, you can always log on without  the secure key and get the same restricted access.

I chose the smartphone option. I already use their Android app and I pretty much always have my phone with me.

Usually when you log on to First Direct’s online banking you’re asked for three random characters from your password. Under the new system, that changes. I now need to log on to my smartphone app and that will give me a code to input into the web site. But to get into the smartphone app, I don’t use the old three character login. No, I needed to set up a new Digital Secure Password – which I can use for all of my interactions in this brave new world.

And that’s where I think First Direct have slipped up a bit.

When they asked my for my new password, they told me that it needed to be between 6 and 10 characters long.

Those of you with any knowledge of computer security will understand why that worries me. For those who don’t, here’s a brief explanation.

Somewhere in First Direct’s systems is a database that stores details of their customers. There will be a table containing users which has a row of data for each person who logs in to the service. That row will contain information like the users name, login name, email address and (crucially) password. So when someone tries to log in the system find the right row of data (based on the login name) and compares the password in that row with the password that has been entered on the login screen. If the two match then the person is let into the system.

Whenever you have a database table, you have to worry about what would happen if someone managed to get hold of the contents of that table. Clearly it would be a disaster if someone got hold of this table of user data – as they would then have access to the usernames and passwords of all of the bank’s users.

So, to prevent this being a problem, most rational database administrators will encrypt any passwords stored in database tables. And they will encrypt them in such a way that it is impossible (ok, that’s overstating the case a bit – but certainly really really difficult) to decrypt the data to get the passwords back. They will probably use something called a “one-way hash” to do this (if you’re wondering how you check a password when it’s encrypted like this then I explain that here).

And these one-way hashes have an interesting property. No matter how long the input string is, the hashed value you get out at the other end is the same length. For example, if you’re using a hashing algorithm called MD5, every hash you get out will be thirty-two characters long.

Therefore, if you’re using a hashing algorithm to protect your users’ passwords, it doesn’t matter how long the password is. Because the hashed version will always be the same length. You should therefore encourage your users to make their passwords as long as they want. You shouldn’t be imposing artificial length restrictions on them.

And that’s why people who know about computer security will have all shared my concerns when I said that First Direct imposed a length restriction on these new passwords. The most common reason for a maximum length on a password is that the company is storing passwords as plain text in the database. With all the attendant problems that will cause if someone gets hold of the data.

I’m not saying for sure that First Direct are doing that. I’m just saying that it’s a possibility and one that is very worrying. If that’s not the case I’d like to know what other reason they have for limiting the password’s length like this.

I’ve send them a message asking for clarification. I’ll update this post with any response that I get.

Update (17 July): I got a reply from First Direct. This is what they said.

Thank you for your message dated 16-Jul-2014 regarding the security of your password for your Digital Secure Key.

Ensuring the security of our systems is, and will continue to be, our number one priority.

All the details that are sent to and from the system are encrypted using high encryption levels. As long as you keep your password secret, we can assure you that the system is secure. As you will appreciate, we cannot provide further details about the security measures used by Internet Banking, as we must protect the integrity of the system.

Our customers also have a responsibility to ensure that they protect their computers by following our common-sense recommendations.  Further information can be found by selecting ‘security’ from the bottom menu on our website,

Please let us know if you have any further questions, and we’ll be happy to discuss.

Which isn’t very helpful and doesn’t address my question. I’ve tried explaining it to them again.

The post First Direct Passwords appeared first on Davblog.

perl hacks

London Perl Mongers Meeting

I thought you might be interested in a couple of events that the London Perl Mongers have coming up in the next couple of months.

Technical Meeting

24th July 2014, Conway Hall
Currently, four talks have been announced.

Meetup event / Facebook event / Lanyrd event


20th September 2014, London Hackspace
This is a new experiment for us. Do you want to hang out with some Perl Mongers and hack on one of your current projects? Or do you want to find a Perl project to hack on? Then come and join us at the London Hackspace in September.

Meetup event / Facebook event / Lanyrd event

Hope to see you at one or both of these event.

The post London Perl Mongers Meeting appeared first on Perl Hacks.


Object-Oriented Programming with Perl and Moose


Database Programming with Perl and DBIx::Class

books read

The Complete Works of H.P. Lovecraft

The Complete Works of H.P. Lovecraft
author: H.P. Lovecraft
name: David
average rating: 4.31
book published: 2011
rating: 0
read at:
date added: 2014/06/12
shelves: currently-reading


Sky Broadband Update

It’s probably time for an update on my Sky Broadband situation.

I last wrote about Sky on 16th April. That was the date of their second failed attempt to connect me to their broadband. It was the date that I decided to cancel my order and go elsewhere.

First the good news. I was considering alternative providers. I called Virgin Media and they told me that I could have a 50 Mb fibre connection for an extra £2 a month over what I already paid them for my TV and phone package. And, as a bonus, they could do it within a week – still five days earlier than Sky had scheduled their third attempt at connecting me. I ordered it, they came round on the promised day and everything works fine. Very happy with them.

This then left me trying to cancel my Sky order. This was slightly complicated by the fact that Sky had successfully connected my phone line[1] and also the fact that this phone line is used for monitoring my ADT burglar alarm. I didn’t want to cancel the phone line until ADT had moved the alarm monitoring to the Virgin Media line. I explained all this to Sky and  they seemed to understand.

A chap called Andy in Sky’s customer service took it upon himself to take on the project. He took to phoning me weekly to ask me what was going on with ADT. To be honest, I got a bit lazy and it took me a while to get in touch with them.

Then my hand was forced. In the middle of May, some error lights on the burglar alarm started flashing. I called ADT to see what the problem was and they told me that it looked like the phone line was dead. I plugged a phone into the line and was able to confirm this. The phone line had been disconnected – despite my explicit instructions about not doing that until I asked for it.

I was a bit stuck. Calling Sky’s customer support from a non-Sky phone line is very expensive. And the only Sky line I had was dead. I tried their online chat facility, but the people you get on that are absolutely useless. Luckily Andy was due to call me for a progress update the following day, so I decided to wait for that.

When Andy called, I asked why they have disconnected the phone. He said that they hadn’t. He ran a few line checks and discovered a fault on the line. He offered to send an engineer to fix it. I told him not to bother and to go ahead with the cancellation. He told me that there was some problem with their systems that prevented him cancelling the contract right away but that he had reported the bug and would let me know when it was fixed.

Time passed.

Earlier this week, I wondered idly what was going on so I sent them an email asking for a progress report. A woman called and told me that my records said that someone (Andy, I assume) had been checking into my account daily and leaving notes explaining why he still couldn’t close the account.

The following day, I got a call from Andy (I’m sure it was pure coincidence that this was the day after I had chased them). He told me that the bug had been fixed and asked me to confirm that I still wanted to cancel the account. I told him that I did and he started the process. He warned me that I wold receive a few automated emails.

Within half an hour I got the first email, telling me that my services would be cancelled on Thursday 6th June. Hooray. But that wasn’t the end of the story.

The following day, I got another (presumably automatic email) offering me twelve months of free line rental if I changed my mind. Then I got the same message by text. And today I’ve got a missed call from a number which Google tells me is Sky’s customer retention department. They certainly seem keen to keep me. It’s a shame they didn’t put so much effort in back in April when they might have been able to salvage something from the disaster.

Oh, and I’ve received a bill. They want to charge me a month’s line rental for the phone line. A phone line that only ever really existed to serve a broadband connection that they weren’t able to provide. A phone line that I’ve used to make one call – the call to Sky customer services on 16th April when I first told them to cancel my order.

I’ve cancelled the old Be Broadband direct debit that they were planning to use to take the money. I’m amazed that they wouldn’t just waive those charges.

So, two months on I’m still (to some extent) a Sky customer. But the end is (hopefully) in sight.

Oh, and throughout all of this, the  @SkyHelpTeam Twitter account has been a source of much amusement. They reply to every mention, but haven’t got a clue what is going on. They use a social media customer tracker called Lithium. But they must have it configured wrong because each conversation starts with them knowing no history of this problem at all. And, having watched the product video, that’s exactly what Lithium is for.

Throughout this hold affair all of Sky customer service people (with about two exceptions) have shown themselves to be rubbish at their job.

[1] You’ll have noticed, no doubt, that we had to phone lines. The home phone (along with our TV) has been provided by Virgin Media for years. I also had another phone line for the broadband. I had this on a separate contract because it had been paid for through the limited company that I use for contracting.

The post Sky Broadband Update appeared first on Davblog.


National Rail Travel Alert

This is the text of a National Rail travel alert email that I received this morning.

Problems have been reported which may affect your journey between Balham (BAL) and Shepherd’s Bush (SPB)

More details of this disruption can be found here:

To see how this disruption affects your journey and to get alternative options planned for you, please use the Online Journey Planner

Alternatively, for up to date information for your station, use the Live Departure Boards.

Prefer to get in touch by phone? Call TrainTracker on 0871 200 49 50 (10p per min, mobiles higher) or text your journey details to 84950 to use TrainTracker Text

You can manage your alerts by visiting:

Don’t forget, you can also follow us on Twitter or Find us on Facebook for the latest rail travel news

Please do not reply to this email as it is sent from an unmonitored address. If you need to contact us, you can do so here:

Can you spot the obvious idiocy here?

It’s an HTML email. That’s obvious from the links that appear in it. Links to things like the Online Journey Planner and the Live Departure Boards. But there are a couple of links that are written as plain text URLs – ones that you can’t just click on. And one of them is the most important link in the email – the link to the full information about the problems.

In order to read whatever is on the other end of that link, you’d need to copy it and paste it into the location bar in your browser. That’s simple enough, of course, on a desktop computer. But surely one of the important use cases for these alerts is people standing on a platform trying to work out what’s going on with their train – in which case they’d almost certainly be using a smartphone. And copy and paste isn’t the easiest of things to do on a smartphone.

Someone in the National Rail Travel Alerts department is more than a little confused about how URLs in email work.

The post National Rail Travel Alert appeared first on Davblog.





Feed Subscribe

Powered by Perlanet