Leo Lapworth

Mar 042013
 

The following message concerns a hash-related flaw in perl 5

This issue affects all production versions of perl from 5.8.2 to 5.16.x. It does not affect the upcoming perl 5.18.

In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash.  This mechanism has made perl robust against attacks that have been demonstrated against other systems.

Research by Yves Orton has recently uncovered a flaw in the rehashing code which can result in pathological behavior.  This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys.

Because using user-provided strings as hash keys is a very common operation, we urge users of perl to update their perl executable as soon as possible.

Updates to address this issue have been pushed to maint-5.8, maint-5.10maint-5.12, maint-5.14, and maint-5.16 branches today, perl 5.14.4 and 5.16.3 will be released soon, including these fixes. There is no plan to make a new release of any other version.

Vendors* were informed of this problem two weeks ago and are expected to be shipping updates today (or otherwise very soon).

bleadperl is not affected.

This issue has been assigned the identifier CVE-2013-1667.

Nov 062012
 

The Perl Foundation are attempting to participate in the Google Code In this year and as always time is short. They need tasks added here:

http://wiki.enlightenedperl.org/gci2012/tasks

In the next 48 hours (and most definately before midnight Friday). More information can be found here:

http://wiki.enlightenedperl.org/gci2012

Thanks in advance

Oct 112012
 

TWiki.org, a leading provider of enterprise collaboration and wiki application development platform, announced the general availability of TWiki-5.1.2 Community Release.

TWiki® is an open source enterprise wiki written in Perl.

You can read the Press Release or Blog post about version 5.1.2 for more information.

Or just download it and give it a try.

 

Aug 122012
 

Strawberry Perl 5.16.1.1 is available at http://strawberryperl.com

(all editions: MSI, ZIP, PortableZIP for both: 32/64bit MS Windows)

More details in Release Notes:
http://strawberryperl.com/release-notes/5.16.1.1-32bit.html (recommended for most situations)
http://strawberryperl.com/release-notes/5.16.1.1-64bit.html

Strawberry Perl is a perl environment for MS Windows containing all you need to run and develop perl applications. It is designed to be as close as possible to perl environment on UNIX systems.

Aug 022012
 

O’Reilly are having a 50% off Perl Ebooks sale for one week.

Discount code WKPER5

Deal expires August 9, 2012 at 11:59pm PT

This includes the new Intermediate Perl, 2nd Edition.

See full list of Books

Jun 182012
 

The 2012 Perl White Camel awards were announced at YAPC::NA this week, congratulations to the well deserved recipients…

Perl Community: Renee Bäcker

Renee Bäcker is at the heart of the German Perl community. He publishes $foo Magazine, a sponsor of this conference, is a leader in the German Perl monger community, and is organizing this year’s YAPC::EU in Frankfurt (although he was already short-listed for this award before we knew that).

Perl User Groups: Jim Keenan

Jim Keenan has been a quiet but effective Perl influence. For years he led Perl Seminar New York, a technical complement to NY.pm‘s social focus. He volunteers to help at many hackathons, gently advises new events, and was instrumental in bringing together separate Perl groups
within New York City.

Perl Conferences: Breno G. de Oliveira

Breno G. de Oliveira, or just “garu”, is a social connector in the Brasilian Perl community as well as the PerlSDL community. Active in Rio.pm, he was also the organizer of YAPC::Brasil 2011 in Rio de Janeiro. He has contributed to the PerlSDL book. With a little help, he wants to unite the global Perl community by visiting every YAPC he can and helping other people to travel to Brasil to meet Perl programmers they might not otherwise interact with.

Jun 132012
 

For those of you who aren’t able to attend YAPC::NA in person, this year’s organizers set up live streams of the conference. You can use the conference schedule to find which talks you want to see and then stream the room you are interested in. The rooms are:

You’ll need Microsoft Silverlight, Adobe Flash, or Apple Quicktime to be able to view these streams.

The streams will go live at 9am US Central time on June 13th.

May 212012
 

Ricardo Signes announced that Perl 5.16.0 is now available.

You can find a full list of changes in the file “perldelta.pod“.

Perl 5.16.0 represents approximately 12 months of development since Perl 5.14.0 and contains approximately 590,000 lines of changes across 2,500 files from 139 authors.

Perl continues to flourish into its third decade thanks to a vibrant community of users and developers.

Mar 312012
 

MetaCPAN have announced the Winning Entry to their Logo competition.

Congratulations to Raul Matei who came up with the design which can now be see on the MetaCPAN site.

MetaCPAN is a free, open search engine for CPAN, which is an ever growing archive of code and documentation for the Perl programming language.

Mar 082012
 

CPAN Testers announced that on the 22nd February 2012 they reached the 20 millionth test report.

CPAN Testers test every module released to CPAN, on many different platforms and different versions of Perl.

CPAN Testers has had over 1,000 testers contribute to this figure, with their new API they are now receiving nearly 1 million reports every month and expect to reach 30 million reports by the end of the Year.

Further stats can be found on their Interesting Stats page.