twitter

It's great being in the middle of the Indian Ocean. But the internet connectivity is rubbish!

twitter

Cheeky little duty-free purchase. Happy Christmas me :-) http://t.co/fcgBJ5oIKM

twitter

Every single episode of Star Trek (there are apparently 695 of them!) ranked - http://t.co/ZAN6fsjLLK

last.fm

David Bowie – Under Pressure (2011 Remastered Version)

http://www.last.fm/music/David+Bowie
last.fm

R.E.M. – Swan Swan H

http://www.last.fm/music/R.E.M.
last.fm

Inspiral Carpets – Joe

http://www.last.fm/music/Inspiral+Carpets
last.fm

Ani DiFranco – Little Plastic Castle

http://www.last.fm/music/Ani+DiFranco
last.fm

Ani DiFranco – Little Plastic Castle

http://www.last.fm/music/Ani+DiFranco
twitter

Leaving work for the last time this year!

twitter

In response to my recent blog post, @briandfoy_perl also posted some interesting thoughts about Perl recruitment - http://t.co/BDJifdimtL

github

davorg pushed to master at davorg/dap-perl

Dave Cross
github

davorg pushed to master at davorg/dap-perl

Dave Cross
  • Dave Cross eb4ce4d
    Remove reference to main.pl
github

davorg opened pull request devassistant/dap-perl#2

davorg opened pull request devassistant/dap-perl#2
Dave Cross
Moved MyClass.pm into lib directory. Turned main.pl into a test.
1 commit with 27 additions and 17 deletions
github

davorg pushed to master at davorg/dap-perl

Dave Cross
  • Dave Cross d766562
    Moved MyClass.pm into lib directory. Turned main.pl into a test.
books read

Jump Start Bootstrap

Jump Start Bootstrap
author: Syed Fazle Rahman
name: David
average rating: 3.43
book published: 2014
rating: 0
read at:
date added: 2014/12/16
shelves: currently-reading
review:

github

davorg opened pull request devassistant/dap-perl#1

davorg opened pull request devassistant/dap-perl#1
Dave Cross
Changed to look more like current Perl OO practices.
1 commit with 55 additions and 55 deletions
perl hacks

Slideshare Stats

For many years (since the end of 2007, apparently) I’ve been uploading the slides from my talks and training courses to Slideshare.

This morning I got an email from them, telling me that they had made their analytics pages freely available. I don’t know if this is a permanent change or a special offer, but the link (which will only work for logged in users) is http://www.slideshare.net/insight.

There’s a lot of information there and I look forward into digging into it in a lot more detail. But I thought it would be interesting to share the list of my top ten most popular slide decks.

Title Views
Introduction to Perl – Day 1 71722
LPW: Beginners Perl 50935
Modern Web Development with Perl 33034
Modern Perl for Non-Perl Programmers 27376
Matt’s PSGI Archive 24341
Introduction to Web Programming with Perl 22544
Introduction to Perl – Day 2 20489
Introduction to Modern Perl 17709
Introducing Modern Perl 13871
Modern Core Perl 11337

A lot of those course are aimed at people who are starting Perl from scratch. I guess it’s true that there are plenty of people out there who still want to learn Perl.

The post Slideshare Stats appeared first on Perl Hacks.

perl hacks

Dev Assistant

A couple of days ago, I updated to my laptop to Fedora 21. One of the new features was an application called DevAssistant which claimed that:

It does not matter if you only recently discovered the world of software development, or if you have been coding for two decades, there’s always something DevAssistant can do to make your life easier.

I thought it was worth investigating – particularly when I saw that it had support for Perl.

Starting the GUI and pressing the Perl button gives me two options: “Basic Class” and “Dancer”. I chose the “Basic Class” option. That gave me an dialogue box where I could give my new project a name. I chose “MyClass” (it’s only an example!) This created a directory called MyClass in my home directory and put two files in that directory. Here are the contents of those two files.

main.pl

#!/usr/bin/perl

#use strict;
use warnings;

use POSIX qw(strftime);

use myClass;

my $myClass = new myClass( "Holiday", "Baker Street", "Sherlock Holmes");
my $tm = strftime "%m/%d/%Y", localtime;
$myClass->enterBookedDate($tm);

print ("The hotel name is ". $myClass->getHotelName() . "\n");
print ("The hotel street is ". $myClass->getStreet() . "\n");
print ("The hotel is booked on the name ". $myClass->getGuestName() . "\n");
print ("Accomodation starts at " . $myClass->getBookedDate() . "\n");

myClass.pm

package myClass;

use strict;
use warnings;

sub new {
    my $class = shift;
    my $self = {
        _hotelName => shift,
        _street => shift,
        _name => shift,
        _date => undef
    };
    bless $self, $class;
    return $self;
}

sub enterBookedDate {
    my ($self) = shift;
    my $date = shift;
    $self->{_date} = $date;
}

sub getHotelName {
    my $self = shift;
    return $self->{_hotelName};
}

sub getStreet {
    my $self = shift;
    return $self->{_street};
}

sub getGuestName {
    my $self = shift;
    return $self->{_name};
}

sub getBookedDate {
    my $self = shift;
    return $self->{_date};
}

1;

It’s great, of course, that the project wants to support Perl. I think that we should do everything we can to help them. But it’s clear to me that they don’t have anyone on the team who knows anything about modern Perl practices.

So who wants to volunteer to help them?

Update: So it turns out that the dev team are really responsive to pull requests :-)

The post Dev Assistant appeared first on Perl Hacks.

perl hacks

Perl Recruitment Thoughts

Not many weeks go by when I don’t hear of another Perl-using company that has been evaluating alternative technologies. In most cases, it’s not because they think that Perl is a bad language to use. The most common reason I hear is that it is becoming harder and harder to find good Perl programmers.

On Quora I recently saw a question asking what job opportunities were like for Perl programmers. This is how I answered:

Right now is a good time to be a Perl programmer. Perl is losing mindshare. Very few new Perl programmers are arriving on the scene and quite a lot of former Perl programmers have moved away from the language to what they see as more lucrative, enjoyable or saleable languages.

But there are still a lot of companies with a lot of Perl code. That all needs to be maintained and enhanced. And many of those companies continue to write new projects in Perl too.

All of which means that it’s a seller’s market for good Perl skills. That won’t last forever, of course. To be honest, I’d be surprised if it lasts for more than five or ten years (well, unless Perl 6 takes off quickly). But it’ll do me for the next few years at least.

I’m putting a positive spin on it, but it’s getting to be a real problem. More programmers abandon Perl, that makes it harder to find good Perl programmers, which makes it more likely that companies will abandon Perl, which leads to fewer Perl jobs and more programmers decide to abandon Perl. It’s a vicious circle.

I’m not sure how we get to the root of that problem, but do have some suggestions for on particular area. A client recently asked my for suggestions on how they can improve their hit rate for recruiting good Perl programmers. My suggestions all revolved about making your company better known in the Perl community (because that’s where many of the better Perl programmers are).

I know that many of the Perl-using companies already know this. But in the interests of levelling the playing field, I thought was worth sharing some of my suggestions.

Perl Mongers Social Meetings

Do you have a local Perl Mongers group? If so, they almost certainly have monthly social meetings. And in many cases they will welcome a company that puts a few quid behind the bar for drinks at one of those meetings. For smaller groups (and there are many smaller groups) you might even offer to buy them dinner.

It’s worth contacting them before doing this. Just turning up and flashing your money around might be seen as rude. And some groups might object to this kind of commercialisation. But it’s always worth asking.

Perl Mongers Technical Meeting

Some Perl Mongers groups have technical meetings (either instead of or as well as social meetings). In this case, instead of meeting in a pub (or bar or restaurant), they’ll meet in the offices of a friendly local company and some of the members will give presentations to the group. Many groups struggle to find venues for these kinds of meetings. Why not offer your office? And perhaps throw in some pizza and beer.

Perl Workshop

The next step up from technical meetings is Perl workshops. Many Perl Mongers groups organise annual one-day workshops. There can be many talks taking place across a number of tracks over the course of (usually) a day. The organisers often like to make these events free (mainly, it seems, because charging for stuff like this adds a whole new layer of complexity). But it’s not free to put on these events so they rely heavily on sponsors. Can you help pay for the venue? Or the printing? Or the catering? Different events will have different opportunities available. Contact the organisers.

YAPC

Workshops are national and (usually) one-day events. YAPC are international conferences that span many days. They have all the same requirements, but bigger. So they need more money. And, of course, sponsors can be at the conference telling potential employees just how wonderful it is to work for them.

The Perl Foundation

The Perl Foundation are the organisation that promotes Perl, holds various Perl trademarks and hosts many Perl web sites. They issue grants for people to work on various Perl-related projects. They never have enough money. They love companies who donate money to them as thanks for the benefit that Perl brings. How much you donate is up to you, but as a guide, most announcements seem to be in the $10,000 range.

In each of these cases, the idea is really to show the Perl community how much you value Perl by helping various Perl organisations to organise events that raise people’s awareness of Perl. Everyone wins. The sponsors get seen as good people to work for and the events themselves demonstrate that modern Perl is still a great language.

So the next time someone in your company asks how they can find good Perl people, consider a different approach. Can you embed your company in the conciousness of the Perl community and make yourselves look more attractive to some of the best Perl programmers in the world?

The post Perl Recruitment Thoughts appeared first on Perl Hacks.

cpan

Tie-Hash-Cannabinol-1.11

=êå{^žÈ¨ú+r·š¶)à…«!zËaj×è®­¶§‚
perl hacks

LPW & Perl Web Book

Return to the Kingdom of the Blind from Dave Cross

Last Saturday was the London Perl Workshop. As always, it was a great day with a fabulous selection of talks. As always, I’m desperately waiting for the videos to appear so that I can see the talks that I was forced to miss because of clashes.

I spoke a couple of times. In the morning I ran a two-hour training course entitled “Perl in the Internet of Things”. The slides are up on Slideshare.

And, towards the end of the day I gave a lightning talk called “Return to the Kingdom of the Blind. It was a sequel to the similarly-named lightning talk I gave a couple of times last year. This year I particularly concentrated on the fact that so many people seem to cling to the idea of using CGI to write web applications when there are so many better technologies available.

I decided that part of the problem is that there are no modern Perl web development books and people are still picking up books that are fifteen years old. At the end of the talk I announced that I was planning to put that right and that I was planning to write a new book on Perl web development that would be available in time for the next London Perl Workshop.

The project has a web site, a Github repo and a Twitter feed. I hope that things will start to happen over the next couple of weeks.

Wish me luck.

The post LPW & Perl Web Book appeared first on Perl Hacks.

slideshare

Perl in the Internet of Things


My training course from the 2014 London Perl Workshop
slideshare

Return to the Kingdom of the Blind


A talk from the London Perl Workshop 2014
perl hacks

Upcoming Training

I have a few training courses coming up in the next few weeks which I thought you might be interested in.

Firstly, the London Perl Workshop is on 8th November. I’ll be giving a two hour talk on “Perl in the Internet of Things“. As always, the workshop is free, but please register on the site and star my talk if you’re planning on attending.

Then the week after I’m running two two-day courses in conjunction with FLOSS UK. On Tuesday 11th and Wednesday 12th it’s “Intermediate Perl” and on Thursday 13th and Friday 14th it’s “Advanced Perl Techniques”. Full details and a booking for are on the FLOSS UK web site.

Note: If you’re interested in the FLOSS UK courses, then please don’t pay the eye-watering non-member price (£720!) Simply join FLOSS UK (which costs £42) and then pay the member price of £399.

Hope to see you at one of this courses.

The post Upcoming Training appeared first on Perl Hacks.

cpan

Array-Compare-2.11

=êå{^žÈ¨ú+r‰©j¸§ªëk+
cpan

Array-Compare-2.10

=êå{^žÈ¨ú+r‰©j¸§ªëk+
cpan

WWW-Shorten-3.06

"{^­öœzÚD»!¢»^ž)à²+^
slideshare

Github, Travis-CI and Perl


A quick introduction to using Github and Travis-CI to test Perl projects
davblog

First Direct Update

Earlier in the week I talked about my concerns with First Direct’s new password policy. I got an email from them about this, but it really wasn’t very reassuring.

But I kept digging. And on Thursday I got a bit more information from “^GD” on the @firstdirecthelp twitter account. It still doesn’t answer all of my questions, but I think we’re a lot closer to the truth. Here’s what I was told.

The obvious question that this raises is why, then, do they limit the length of the passwords. I asked and got this (three-tweet) reply.

To which, I replied

And got the response

I thought that “as a business we are satisfied” rather missed the point. And told them so.

I got no response to that. And @brunns got no response when he tried to push them for more details about how the passwords are stored.

So, to summarise what we know.

I haven ‘t really been reassured by this interaction with First Direct. I felt that the first customer support agent I talked to tried to fob me off with glib truisms, but “^GD” tried to actually get answers to my questions – although his obvious lack of knowledge in this area meant that I didn’t really get the detailed answers that I wanted.

I’m not sure that there’s anything to be achieved by pushing this any further.

The post First Direct Update appeared first on Davblog.

davblog

First Direct Passwords

I’ve been a happy customer of First Direct since a month or so after they opened, almost twenty-five years ago.

One of the things I really liked about them was that they hadn’t followed other banks down the route of insisting that you carried a new code-generating dongle around so that you can log into their online banking. But, of course, it was only a matter of time before that changed.

A couple of weeks ago I got a message from them telling me that Secure Key was on its way. And yesterday when I logged on to my account I was prompted to choose the flavour of secure key that I wanted to use. To be fair to them they have chosen a particularly non-intrusive implementation. Each customer gets three options:

  1. The traditional small dongle to carry around with you
  2. An extension to their smartphone app
  3. No secure key at all

If you choose the final option then you only get restricted (basically read-only) access to your account through their web site. And if you choose one of the first two options, you can always log on without  the secure key and get the same restricted access.

I chose the smartphone option. I already use their Android app and I pretty much always have my phone with me.

Usually when you log on to First Direct’s online banking you’re asked for three random characters from your password. Under the new system, that changes. I now need to log on to my smartphone app and that will give me a code to input into the web site. But to get into the smartphone app, I don’t use the old three character login. No, I needed to set up a new Digital Secure Password – which I can use for all of my interactions in this brave new world.

And that’s where I think First Direct have slipped up a bit.

When they asked my for my new password, they told me that it needed to be between 6 and 10 characters long.

Those of you with any knowledge of computer security will understand why that worries me. For those who don’t, here’s a brief explanation.

Somewhere in First Direct’s systems is a database that stores details of their customers. There will be a table containing users which has a row of data for each person who logs in to the service. That row will contain information like the users name, login name, email address and (crucially) password. So when someone tries to log in the system find the right row of data (based on the login name) and compares the password in that row with the password that has been entered on the login screen. If the two match then the person is let into the system.

Whenever you have a database table, you have to worry about what would happen if someone managed to get hold of the contents of that table. Clearly it would be a disaster if someone got hold of this table of user data – as they would then have access to the usernames and passwords of all of the bank’s users.

So, to prevent this being a problem, most rational database administrators will encrypt any passwords stored in database tables. And they will encrypt them in such a way that it is impossible (ok, that’s overstating the case a bit – but certainly really really difficult) to decrypt the data to get the passwords back. They will probably use something called a “one-way hash” to do this (if you’re wondering how you check a password when it’s encrypted like this then I explain that here).

And these one-way hashes have an interesting property. No matter how long the input string is, the hashed value you get out at the other end is the same length. For example, if you’re using a hashing algorithm called MD5, every hash you get out will be thirty-two characters long.

Therefore, if you’re using a hashing algorithm to protect your users’ passwords, it doesn’t matter how long the password is. Because the hashed version will always be the same length. You should therefore encourage your users to make their passwords as long as they want. You shouldn’t be imposing artificial length restrictions on them.

And that’s why people who know about computer security will have all shared my concerns when I said that First Direct imposed a length restriction on these new passwords. The most common reason for a maximum length on a password is that the company is storing passwords as plain text in the database. With all the attendant problems that will cause if someone gets hold of the data.

I’m not saying for sure that First Direct are doing that. I’m just saying that it’s a possibility and one that is very worrying. If that’s not the case I’d like to know what other reason they have for limiting the password’s length like this.

I’ve send them a message asking for clarification. I’ll update this post with any response that I get.

Update (17 July): I got a reply from First Direct. This is what they said.

Thank you for your message dated 16-Jul-2014 regarding the security of your password for your Digital Secure Key.

Ensuring the security of our systems is, and will continue to be, our number one priority.

All the details that are sent to and from the system are encrypted using high encryption levels. As long as you keep your password secret, we can assure you that the system is secure. As you will appreciate, we cannot provide further details about the security measures used by Internet Banking, as we must protect the integrity of the system.

Our customers also have a responsibility to ensure that they protect their computers by following our common-sense recommendations.  Further information can be found by selecting ‘security’ from the bottom menu on our website, www.firstdirect.com

Please let us know if you have any further questions, and we’ll be happy to discuss.

Which isn’t very helpful and doesn’t address my question. I’ve tried explaining it to them again.

The post First Direct Passwords appeared first on Davblog.

sources

Feed Subscribe
OPML OPML

Powered by Perlanet