German Perl/Raku Workshop Leipzig 2022

The workshop was held only online last year due to the pandemic, thus it was really nice to be able to see people in-person again (my first workshop/conference since GPW 2020 in Erlangen). This year I decided to ride my bike from Hannover to Leipzig, which was an interesting experience: roughly 250 km over the course of two days’ riding.

The event was held at the same hotel recommended for attendees, which made getting to the morning sessions much easier .

These are the notes I made at the talks I attended; they just for me for easy future reference, so might not be useful to a much wider audience.

Day 1 - 30.03.2022

Ovid - Corinna’s current status

• Perl also suffers from the Lisp Curse
• Corinna gives compile-time errors for any issues code might have, rather than a runtime error or (worse) no error at all. Good example: variable referenced with incorrect name
• tries to look forward beyond what Perl can do today and to focus on what Perl will be able to do in the future
• Corinna builds upon years of design development work by e.g. Stevan Little. Building upon Moose, Moxie, etc.
• Design got cleaner over time, over various iterations
• OOP isn’t as easy as one might think; trying to make a “Perlish” OOP system. Moose/Moo won’t go into core (P5P decision; Stevan and MST also don’t want them in core)
• native state, encapsulation and composition from making state a lexical variable (field).
• certain kinds of run-time errors are now compile-time errors, hence are caught earlier
• fields no longer exposed by default anymore. In Moose/Moo it’s hard not to expose state by default; Corinna solves this issue.
• methods aren’t subs anymore, so that they’re kept separate
• Corinna can be boiled down to class, role, field and method keywords
• Corinna RFC accepted on 16th Jan 2022
• accepted with caveats
  • smaller, easier to test features, one at a time
• initial parts could be implemented in Perl 5.37 dev cycle
• types will be hard to implement because this will have an effect on the entire language and this needs a lot of thought and needs to be clean with e.g. subroutine args before it can be included

Bernhard Schmalhofer - Praxisbericht: Migration der Webapp OTOBO von CGI nach PSGI

• OTOBO is an open source web-based helpdesk
• forked from OTRS
• OTOBO 10.0 runs with mpm_prefork and mod_perl under Apache with CGI scripts
• can use CGI::EMULATE::PSGI to do heavy lifting so that PSGI can get converted to CGI to keep everything working
• OTOBO 10.1 runs directly under Plack
• OTOBO was created as a fork, because OTRS was no longer continued as a community edition and the OTOBO devs wanted to create services around an Open Source product with community.

Paul Evans - On The Road to 2025

• what would it be like to write Perl in 2025?
• new Perl developments are now driven by people rather than code; there’s a Perl RFC process now
• there is now a finally in try blocks
• it’s also possible to defer code to run with a defer keyword
• there are real boolean values now: use builtin qw(true false);
• signatures are no longer experimental! Specify use v5.36; to ensure correct minimum version of Perl is used
• towards 5.38
  • various performance optimisations
  • add string operator overloads so that some operators are naturally overloaded to string objects
• towards 2025
  • continue object
  • start thinking about type systems
  • bump version number beyond 5? Yes we can, however should we?
• Perl Sterring Council
  • steers the direction of Perl, much in the way the pumpking used to

Lee Johnson - Satisfying a Twitch - Livestreaming Widgets at GivenGain

• GivenGain
  • a non-profit crowdfunding platform
  • used to be mostly CGI.pm based, now moved to Plack(?)
• 2020 happened, and we couldn’t have in-person events for e.g. fundraising
• the change that happened is that streaming took off; e.g. streaming things on Twitch
• some streams on Twitch are like modern-day Telethons
• some streamers want tools to visualise fundraising progress
• => hence created widgets to show real time updates of fundraising info
• tools available not just for livestreaming
• replaced a lot of cronjobs with RabbitMQ
  • there’s a queue for every task one wants to achieve
  • each queue can have many consumers bound to it
  • each message is consumed by one (and only one) consumer
  • allows massively parallel processing
• be careful with RabbitMQ: if run out of memory or disk space, it will stop accepting connections to protect itself

Sören Laird Sörries - Lernen mit Superkräften

• now, later in life, one can learn the things one wants to learn and can use experience from earlier to guide learning now
• motivation: needs to be managed; set long, mid and short term goals
• can gamify the process to make it more fun
• regular practice helps to create habits; once things are habits it’s much easier to continue long-term

Day 2 - 31.03.2022

Thomas Klausner - Covid Zertifikate validieren for Fun and .. Sicherheit?

• decoding EU covid certificates in Perl
• unfortunately there were sound issues so very hard to hear the talk
• there seems to be lots of information available in the QR code that one can extract. E.g. what kind of test (PCR, Antigen), whether or not one has been infected or vaccinated, when the test was done, who did it…
• used Object::Pad (Corinna test bed module) to implement a decryption and validation program
• used Vue.js for the web frontend code. One can pass a QR code either as an encoded text string to the API or use the camera to read the QR code directly

Maroš Kollár - Werda - der Geizhals Anwesenheitsmonitor

• Raku program to see who is there at Geizhals
• there are also auxiliary modules, for e.g. Mattermost, Asterisk, time tracking

Renee Bäcker - Änderungen in Perl

• new features in Perl
• 5.34 released in 2021, 5.36 will be released this year
• experimental try/catch to replace block eval and try/catch modules on CPAN
• finally should appear in 5.36
• can now use {,n} in regexes to limit number of matches
• new octal syntax: 0o
• use v5.35 now automatically enables strict and warnings
• bareword filehandles, indirect method invocations (i.e. new Class) and multidimensional keys in hashes are now no longer allowed
• isa operator is no longer experimental
• sub signatures are no longer experimental
• defer blocks can be used to clean up things such as filehandles or database connections etc.
• one can now iterate over multiple values in an array or hash within a for loop
• real booleans now possible. Once can use isbool to check if a value is of boolean nature. Useful when operating with other languages.
• trim now exists to remove trailing/leading whitespace from strings

Salve J. Nilsen - The colleagues you didn’t know you had

• specifically your “colleagues” in the open source community
• see photos of software one uses
• one can also map relationships between people and software projects that one uses. Especially useful as a company to work out which projects the company and its products rely on.
• introduce yourself to people, visit them at conferences, etc.
• remember to be kind
• showed in talk many of the people who support a large part of the Perl community and some of the implicit colleagues one has
• look at who we depend on (focus on people) and how we depend on them
• is it possible to support them? Are they available for discussions about things they care about or things one cares about oneself
• think about which risks company cares about and how used OSS could impact risk to company
• think about how to improve the situation for the OSS that one uses
• real life issues for OSS devs are real
• stakeholders that don’t speak up don’t exist to the OSS devs
• hope is not a strategy

Max Maischein - Meine Erfahrungen als Drive-By-Modulautor

• tell stories about his episodic contributions to various modules
• e.g. one sees a typo or a bug in a module that one uses and wants to fix it
• code style should be like that already existing in a module
• a good idea: only one fix per issue; don’t make huge sweeping changes in one go
• submit additional changes in separate (and separable) patches
• module authors don’t owe you anything
• there’s an automatic patch functionality in CPAN clients: patches can be uploaded as extensions to a module on CPAN (from own CPAN account (distroprefs directory?)) can then be applied when installing the module on a client system
• important to realise that module authors and maintainers are volunteers and don’t always have time
• to take over a module, it might be necessary to contact modules@perl.org and to find out if one can take over maintenance of a module (e.g. COMAINT)

Wieland Pusch - Serienmail mit Perl, Word, Excel und PDF24

• how to use Perl to do a form of mail merge in order to send automatically generated invoices to customers

Day 3 - 01.04.2022

Renee Bäcker - OWASP Top Ten 2021

• OWASP: Open Web Application Security Project
• non-profit foundation
• OWASP top ten: ~ every 4 years publish a list of top security risks
• last edition: autumn 2021
• is a good list of what to look for in your own code
• Top Ten 2021
  • Server-Side Request Forgery
  • Security logging and monitoring failures
  • Software and data integrity failures -> can one trust code from upstream modules?
  • Identification and authentication failures
  • Vulnerable and outdated components
  • Security misconfiguration
  • Insecure design
  • Injection
  • Cryptographic failures
  • Broken access control
• wants to make a cheat sheet for Perl so that one can avoid these security issues in Perl projects
• see https://perl-security.de

Max Maischein - Offline-Spracherkennung mit Perl

• had live offline speech recognition running while he was giving the talk :-)
• was important for him that a speech recognition system works offline
• found speech recognition kit “vosk” from alphacephei (https://alphacephei.com/vosk/)
• works offline and on lightweight devices (e.g. Raspberry Pi)
• Max wrote the Perl interface to the vosk tool: https://metacpan.org/pod/Speech::Recognition::Vosk
• simple transcription is definitely possible
• for large language models, one needs a lot of RAM, so need more computing power in order to use the module and vosk

Max Maischein - Reverse Engineering von Geräten mit Perl

• reverse engineering: process of understanding how something works without having source code
• wants to write software for hardware he has without needing to be locked in to a vendor’s tools and platforms
• good idea to search for previous work others might have done
• sometimes manufacturers have manuals for the hardware which can be helpful
• one can also look at any existing software
• can even try just sending random signals to hardware; can be rather frustrating though
• wanted to reverse engineer a Loupedeck CT (console for video/audio editing)
• no Linux support; nevertheless it’s a network device
• it turned out that one could talk to device via e.g. Mojolicious
• websocket connection over USB
• supposedly has bluetooth support (unofficial)
• also reverse engineered Zhiyun wireless transmitter (an HDMI wireless transmitter)
• could look at the network interfaces on the device to see if there was an entry point
• used wireshark/tcpdump to look at network communication
• could find out that the main communication was via UDP
• replayed interactions found via wireshark by using Net::Pcap which can replay previous network interactions
• still working on the reverse engineering; has made some progress though

Tina Müller - News from the YAML world

• https://www.yaml.info for more info
• initial implementation of spec was made in pyyaml
• the Perl modules don’t adhere to the spec properly
• 1.2 solved the “Norway problem” (also affects Ontario “ON”)
• there’s now a new version: 1.2.2
• there’s now a yaml test suite
• C lib: libfyaml -> written by one of the YAML team
• reference parser is in Perl: YAML::Parser (from Ingy); quite slow atm
• other Perl parsers have better performance
• YAML::Tidy -> inspired by perltidy and yamllint
• can be used in vim directly when passing the --partial option

Next year’s event

Next year the event will be held in Frankfurt. Now to ride back home via Magdeburg.