Note: heavy use of HTML unicode character codes here. If some of the following is garbled, I trust you'll understand.

So I have the book Programming in Haskell. So far the book seems to be fairly straightforward, except for one little hitch. Here's the start of the second paragraph of the inside front cover:

This introduction is ideal for beginners: it requires no previous programming experience and all concepts are explained from first principles with the aid of carefully chosen examples. Each chapter contains a series of exercises ...

Exercises? For beginners? Well, do beginners to programming want to read about programming or to program? Almost everyone I've ever met wants to dive in and make things which print "Hello, World" and move on from there. We want to program, so a Haskell book for beginners with exercises sounds perfect for me.

So since this is for beginners, some might be surprised to see this:

  (⨁)  = λx → (λy → x ⨁ y)
  (x⨁) = λy → x ⨁ y
  (⨁y) = λx → x ⨁ y

But the text builds up to this at that point and the above is understandable (the author's really good about this), but still, it's the sort of thing which makes many a student put down a book. However, that was merely a formalized definition of something and wasn't too bad. Here's what's too bad:

  > [ x ↑ 2 | x ← [1..5]]

The above is a list comprehension in Haskell. It will generate a list of the square of the numbers one through five. Note that this is not the mathematical notation of a comprehension. Prior to the above horror, the author clearly gives the mathematical notation:

  { x² | x ∈ {1..5} }

So the author can't use the excuse that he was showing mathematical notation. However, the keen observer might notice a small difference between them:

  > [ x ↑ 2 | x ← [1..5]]
  { x² | x ∈ {1..5} }

Hmm, what's that leading angle bracket on the Haskell version?

THIS WAS MEANT TO BE TYPED AT A HASKELL PROMPT!!!

Yes, that's right. Here's that full snippet from the book:

  > [ x ↑ 2 | x ← [1..5]]
  [1,4,9,16,25]

The author gives code that the beginning student cannot type in! There is a "symbol table" in Appendix B which has a mapping of those funky characters to what the poor student should type in, but it's not even mentioned at the beginning. New to programming? You get to guess this. I'm not making this up. Even the book's intro to the Hugs compiler has this:

  > 2 ↑ 3
  8

What on earth could convince someone writing a programming book for beginning programmers that having them type in examples they can't type in would be a good idea? The rest of the book seems fine, but this is just, wow. I'm at a loss for words. And I just gave you the easy ones to figure out. You think the beginner is going to know to type \ for λ or /= for ≠?

Haven't posted in a while. In fact, much of my time has been spent with Perl 6, the upcoming version of Perl. And it's sort of been an accident.

A long time ago I stated the Perl 6 Cookbook project and recently I took another look at it. A few people have updated it, but not many. Unfortunately, I realized that the examples wouldn't run due to documentation formatting issue, so I started updating them. In trying to get them to work, I encountered the trimming blanks example.

$string = $string.trim;
$string = trim($string);
# or more concisely:
$string .= trim;

This was a snippet of code which removes whitespace at the beginning and end of strings. I fixed the formatting issues and tried to run the code, only to discover that no one had implemented the .trim method in Perl 6. What's worse, there weren't even any "spec" tests to verify the behavior once implemented. So to make a long story short, I wrote tests for this function and submitted a patch to implement .trim in Perl 6. It's written in PIR (a sort of "object oriented" assembly language which I had to teach myself) and looks like this:

.sub 'trim' :method :multi(_)
    .local string s
    .local int start, end, temp, len
    .local int is_whitespace
    s = self
    start = 0
    end = length s
    if end == 0 goto donetrailing
  trimleading:
    is_whitespace = is_cclass .CCLASS_WHITESPACE, s, start
    unless is_whitespace goto doneleading
    inc start
    goto trimleading
  doneleading:
    temp = end
  trimtrailing:
    dec temp
    is_whitespace = is_cclass .CCLASS_WHITESPACE, s, temp
    unless is_whitespace goto donetrailing
    end = temp
    goto trimtrailing
  donetrailing:
    len = end - start
    s = substr s, start, len
    .return(s)
.end

The patch has been accepted and now I've implemented my first core Perl 6 feature. So why weren't there any tests for this? Because it turns out that .trim was never in the Perl 6 specification. Larry Wall, however, has agreed to the basic idea and it's going in the spec. After a few other issues are hammered out, I'll be extending this (probably .trim_start and .trim_end) and the spec will be updated.

So the Perl 6 spec is being changed and I've added a new core feature to Perl 6 all because I didn't double-check the spec when I should have. Go figure.

Also, it turns out that the test system for Perl 6 needs a lot of work. I started updating it to make it easier to test my changes, but that exposed other bugs in Perl 6. Looks like I'm going to be busy ...

This is a paste from rafb.net entitled "Differences between PHP 5.2.7 and 5.2.8" and this is a problem. Andy Lester diffed the tarballs for PHP 5.2.7 and 5.2.8 and posted the result on twitter. He also pointed out the whopping huge problem we have here.

diff -urN php-5.2.7/configure php-5.2.8/configure
--- php-5.2.7/configure	2008-12-03 10:07:36.000000000 -0600
+++ php-5.2.8/configure	2008-12-07 13:31:12.000000000 -0600
@@ -2429,7 +2429,7 @@
 
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=2
-PHP_RELEASE_VERSION=7
+PHP_RELEASE_VERSION=8
 PHP_EXTRA_VERSION=""
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr $PHP_MAJOR_VERSION \* 10000 + $PHP_MINOR_VERSION \* 100 + $PHP_RELEASE_VERSION`
diff -urN php-5.2.7/configure.in php-5.2.8/configure.in
--- php-5.2.7/configure.in	2008-12-03 09:54:02.000000000 -0600
+++ php-5.2.8/configure.in	2008-12-07 13:23:25.000000000 -0600
@@ -1,4 +1,4 @@
-## $Id: configure.in,v 1.579.2.52.2.116 2008/12/03 15:54:02 iliaa Exp $ -*- autoconf -*-
+## $Id: configure.in,v 1.579.2.52.2.119 2008/12/07 19:23:25 iliaa Exp $ -*- autoconf -*-
 dnl ## Process this file with autoconf to produce a configure script.
 
 divert(1)
@@ -41,7 +41,7 @@
 
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=2
-PHP_RELEASE_VERSION=7
+PHP_RELEASE_VERSION=8
 PHP_EXTRA_VERSION=""
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
diff -urN php-5.2.7/ext/filter/filter.c php-5.2.8/ext/filter/filter.c
--- php-5.2.7/ext/filter/filter.c	2008-11-02 16:04:40.000000000 -0600
+++ php-5.2.8/ext/filter/filter.c	2008-12-06 11:16:36.000000000 -0600
@@ -19,7 +19,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: filter.c,v 1.52.2.43 2008/11/02 22:04:40 lbarnaud Exp $ */
+/* $Id: filter.c,v 1.52.2.44 2008/12/06 17:16:36 scottmac Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -275,7 +275,7 @@
 {
 	php_info_print_table_start();
 	php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
-	php_info_print_table_row( 2, "Revision", "$Revision: 1.52.2.43 $");
+	php_info_print_table_row( 2, "Revision", "$Revision: 1.52.2.44 $");
 	php_info_print_table_end();
 
 	DISPLAY_INI_ENTRIES();
@@ -403,7 +403,7 @@
 		Z_STRLEN(new_var) = val_len;
 		Z_TYPE(new_var) = IS_STRING;
 
-		if (IF_G(default_filter) != FILTER_UNSAFE_RAW || IF_G(default_filter_flags) != 0) {
+		if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
 			zval *tmp_new_var = &new_var;
 			Z_STRVAL(new_var) = estrndup(*val, val_len);
 			INIT_PZVAL(tmp_new_var);
diff -urN php-5.2.7/main/php_version.h php-5.2.8/main/php_version.h
--- php-5.2.7/main/php_version.h	2008-12-03 09:54:03.000000000 -0600
+++ php-5.2.8/main/php_version.h	2008-12-07 13:23:26.000000000 -0600
@@ -2,7 +2,7 @@
 /* edit configure.in to change version number */
 #define PHP_MAJOR_VERSION 5
 #define PHP_MINOR_VERSION 2
-#define PHP_RELEASE_VERSION 7
+#define PHP_RELEASE_VERSION 8
 #define PHP_EXTRA_VERSION ""
-#define PHP_VERSION "5.2.7"
-#define PHP_VERSION_ID 50207
+#define PHP_VERSION "5.2.8"
+#define PHP_VERSION_ID 50208
diff -urN php-5.2.7/NEWS php-5.2.8/NEWS
--- php-5.2.7/NEWS	2008-12-03 09:54:02.000000000 -0600
+++ php-5.2.8/NEWS	2008-12-07 13:23:25.000000000 -0600
@@ -1,5 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+08 Dec 2008, PHP 5.2.8
+- Reverted bug fix #42718 that broke magic_quotes_gpc (Scott)
+
 04 Dec 2008, PHP 5.2.7
 - Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) (Ilia)
 - Updated timezone database to version 2008.9. (Derick)

As explained in a blog entry about the PHP 5.3.7 release, there was a major regression in PHP where they broke a security fix with something called "magic_quotes_gpc". Basically, it's a deprecated feature in PHP, but it helps to prevent against something called SQL injection attacks. These attacks are trivial to execute and are very serious. PHP has long been notorious for security holes, but re-opening an old security hole was so serious that PHP pulled this release and released it with the change above.

Notice anything interesting about that diff? Anything missing, perhaps?

CAN WE HAVE SOME FRIGGIN' TESTS, PLEASE? You re-open an old, serious security hole in one of the most popular programming languages, a hole you re-opened because you evidently don't have tests for it in the first place, and now you close it but don't write any tests? Have you learned nothing? Aargh!

I have some code that I've put out there without complete test coverage, but I mark this code as "experimental" or "alpha". And it's certainly not something which is a core technology that underpins much of the Web.

You ever wish you could fire open-source programmers? The next time your crappy bulletin board software breaks, remember this post.

Got an annoying little problem. I wrote the following Greasemonkey script. What this does, when I go out to the Web site use.perl.org is ignore one particularly obnoxious user by simply erasing his comments.

// ==UserScript==
// @name           ignore.use.perl
// @namespace      http://publius-ovidius.livejournal.com/
// @description    Hide Annoying Users
// @include        http://use.perl.org/*
// ==/UserScript==

(function() {
    var user = 'some_user_name';
    var href = '//use.perl.org/~'+user+'/';

    var divs = document.evaluate(
        "//div[@class='full']/div/div[@class='details']/a[@href='"+href+"']",
        document,
        null,
        XPathResult.ORDERED_NODE_SNAPSHOT_TYPE,
        null
    );

    for ( var i=0; i < divs.snapshotLength; i++ ) {
        var node       = divs.snapshotItem(i).parentNode.parentNode.parentNode;
        node.innerHTML = '<p><strong>Ignoring '+user+' via GreaseMonkey</strong></p>';
    }
})();

In other words, until they restructure use.perl, I will never have to see that user's comments again. However, the code is annoying the heck out of me. I had to write:

        var node       = divs.snapshotItem(i).parentNode.parentNode.parentNode;

That's because of how the XPath is written:

        "//div[@class='full']/div/div[@class='details']/a[@href='"+href+"']",

Because I have to descend several levels deep into the node structure, I have to keep calling parentNode to walk back up the tree. With Perl regular expressions, we have 'positive look ahead assertions'. These allow me to match text which is followed by some other text, but ignore that other text for purposes of capturing data. If I had that with XPath, I could say "match any top level node followed by other nodes, but ignore those other nodes. Then I wouldn't have that awful series of parentNode calls. Is this possible in XPath?

Does your primary code base have a test suite?

If you answered "no" to the above question, please explain why (150 chars)

How many tests are in the largest test suite you work with?

How long does the aforementioned test suite take to run?

What percentage of your code is covered (rounding down)?

Do all tests pass?

If you answered "no" to the above question, what percentage of your tests fail?

What is the primary language the test suite is in?

What test framework the test suite is based on? (e.g. Perl is probably Test::Harness and Java is often jUnit)

USER := $(shell whoami)

ifeq ($(USER), root)
    MESSAGE = "Okay."
else
    MESSAGE = "What? Make it yourself."
endif

NOECHO = @

me ::
    - $(NOECHO) echo $(MESSAGE)

a ::
    - $(NOECHO) echo

sandwich ::
    - $(NOECHO) echo

You know, I really, really get annoyed at developers who don't even have a basic knowledge of security yet make their applications available to everyone. "Available to everyone" frequently means "web pages".

If you've ever heard of SQL injection, you know that any URL which allows its data to be injected directly into an SQL query is a security hole waiting to be exploited. So consider the basic structure of an SQL SELECT statement:

SELECT [something] FROM [table or tables] WHERE [some condition]

So any URL which has that basic structure potentially has a massive security hole allowing you to search their database and possibly cause plenty of damage. So how would you find those URLs? Enter Google Hacking. Google allows you to add a inurl: term to your query. Whatever you include with that term should be included in the URL. So what you're looking for is any URL which has select, from and where (the %3A is the encoding for a colon ':' character):

inurl:select inurl:from inurl:where

Now as it turns out, that returns a lot of questions about SQL queries in addition to URLs which execute queries. So to make it easier to find our target, let's look for anything which embeds 'cgi' in their URL:

inurl:cgi inurl:select inurl:from inurl:where

Bingo. Lots and lots of hackable Web sites. These people keep me employed.

Update: while playing around with this, I stumbled across the following URL (deliberately not made clickable):

http://140.127.211.214/cgi-bin/nlrdf_publ/update.pl?sql=UPDATE%20language%20set%20valid_from=**********%20where%20id=246

Inspired by the latest horror at the Daily WTF

If you're not a Perl geek into testing, this won't make sense to you. I've posted this here for them to see since I can control the formatting here.

Here's the output from the latest version of my TAPx::Parser software, a testing tool designed to replace Test::Harness and the prove utility bundled with it.

work $ runtests -lcq
t/00-load..................ok     
t/cp_demo_lib..............ok   
t/cp_lib...................ok     
t/db_connection............ok   
t/dh_password..............ok   
t/dh_server................Failed 1/61 tests
t/domain_lib...............ok     
t/datacentre_install.......ok     
t/install_sql..............ok     
t/general_lib..............ok     
t/order_lib................ok       
t/platform_utils...........ok   
t/pod-coverage.............ok     
t/pod......................ok     
t/reset_vars...............ok     
t/rpc_action...............ok   
t/rpc_dedserver............ok     
t/server_stock_manager.....ok     
t/sql_stripper.............ok     
t/template_tree_process....ok     
t/test_class_tests.........Failed 2/186 tests
        (less 1 skipped test: 183 okay)

Test Summary Report
-------------------
t/dh_server.t                 (Wstat: 256 Tests: 61 Failed: 1)
  Failed tests:  52
t/pod-coverage.t              (Wstat: 0 Tests: 42 Failed: 0)
  Tests skipped: 3, 8, 34, 37
t/test_class_tests.t          (Wstat: 512 Tests: 186 Failed: 2)
  Failed tests:  2, 5
  Tests skipped: 3
Files=21, Tests=859, 32 wallclock secs (12.82 cusr +  2.90 csys = 15.72 CPU)

So I started writing a post about my "fantasy" Christmas list. One idea was the idea of buying a bottle of cheap whiskey and a pack of fags for the elderly mother of my long long adopted brother and sister. However, my present list got offensive enough that it offended even me! So I'll just say that after wrapping a few presents for family members, I am having a thoroughly pleasant evening drinking rum and Coke and working on Perl 6. All I can say is that Perl 6 rocks!

  # P12 (**) Decode a run-length encoded list.
  #
  #     Given a run-length code list generated as specified in problem P11.
  #     Construct its uncompressed version.
 
  sub decode(*@list) returns Array {
      gather {
          for @list -> $elem {
              take $elem.isa(Array) ?? $elem[1] xx $elem[0] !! item $elem;
          }
      }
  }
  decode( [4, "a"], "b", [2, "c"], [2, "a"], "d", [4, "e"] ).perl.say;

And if you don't think I'm totally cool, just check out my "current music".

In other news, why the hell do I feel so guilty for not doing more to promote Perl 6?

Some of you may have heard of the infamous Black Perl poem. This poem, written for Perl 3, appeared on April Fools day, 1990 on Usenet and was purportedly from Larry Wall, though as I recall, the headers were forged. However, it's for such an older version of Perl that it hasn't been able to compile for years. So I tweaked it. It still doesn't do anything, but it compiles.

BEFOREHAND: close door, each window & exit; wait until time.
     open spellbook, study, select it, confess, tell, deny;
write it, print the hex while each watches,
     reverse "its length", write again;
     kill spiders, pop them, chop, split, kill them.
          unlink arms, shift, wait & listen (listening, wait),
sort the flock (then, warn "the goats". kill "the sheep");
     kill them, dump qualms, shift moralities,
     values aside, each one;
          die sheep, die, reverse system
          you accept (reject, respect);
next step,
     kill next sacrifice, each sacrifice,
     wait, redo ritual until "all the spirits are pleased";
     do it ("as they say").
do it(*everyone***must***participate***in***forbidden**s*e*x*).
return last victim; package body;
     exit crypt (time, times & "half a time") & close it,
     select (quickly) & warn next victim;
AFTERWORDS: tell nobody.
     wait, wait until time;
     wait until next year, next decade;
          sleep, sleep, die yourself and
          rest at last

And from a friend of mine, Sparky, for whom I wound up rewriting this because of a couple of misconceptions of his (email reprinted with permission):

I was at a dive bar tonight. They had a poetry reading, open mic. and allowed non-original poetry.

I got on the net and looked up Black Perl.

I read the version at http://internet.ls-la.net/comppoems/black-perl.html. (with full attribution of course)

BROUGHT DOWN THE HOUSE!

Before the read I asked, "Show of hands, how many here are computer programmers?". No hands went up. Then, "How many people here have heard of the programming language 'perl'?". A couple of cheers from the crowd.

I then told the crowd, "perl stands for 'Practical Extraction and Report Language', or, as those who actually program in the language call it, 'Pathologically Eclectic Rubbish Lister'"

After explaining that the following poem was written by the creator of perl, I explained, "This poem is NOT written in English. It is written in the programming language 'perl' ", and read.

It won two awards, Best Nonoriginal Poem, and Best Poem of the night. I won Best Presentation. Kudo's to Larry, he made me look good. ;-)

After the reading I was approached by a person who said that the peom couldn't possibly compile. I invited him to download perl from ActiveState and download a copy of the poem written for the version of perl that he downloaded and test it for himself. He told me, 'That was a great poem and poems do not compile'. Then came the Zen moment, I said. 'That poem is not a poem'. From one atheist to another, I swear to GOD that is what I said!

He is probably still blinking. ;-)

Yes folks, I take requests. Thank you very much. I'll be here all week and don't forget to tip your waitresses.

retrofire thought it would be interesting to see superimposed graphs of Bush and Blair approval ratings, so I threw one together. The data are taken from the links provided in that post.

Full disclosure on assumptions made in the graph, since "news" organizations don't typically give this: the line for Blair (the lower, green one) is much smoother than Bush's line simply because I didn't have enough data. Also, note that the approval swings appear greater than they actually are because if the graph was fully from 0% to 100%, the lines would be smoother and you'd lose detail. Also, if the poll was taken over several days, I simply took the last date. You should also check back to the original sources to understand how the approval questions were phrased. I took a bit of liberty with them to make them fit together, but I don't think the graph is too far off.

If anyone can point me to quality, longer-term data for these two, I'd be happy to see if I can put it together similar to this chart.

Update: you might notice that the graph looks different. That's because someone spotted a bug in the date handling. I've fixed the bug and updated the graph.

I know a few Perl programmers read this blog and on the off chance that they read this and don't see it elsewhere ...

It's that time again! If you have an idea for doing some work for the Perl community and you think it's worthy of a grant, please send your grant entry to tpf-proposals@perl-foundation.org. Grant applications must be in by the last day of July and we will be awarding the grants at the beginning of September.

First, please read about how to submit a grant. Read that carefully as grants are often rejected if they don't meet the criteria. For example, if you want to submit improvements to a well-known project but there's no evidence that you have at least tried to work with the maintainers of that project, the grant will likely not be approved. You can also read through our rules of operation for a better idea of thee grant process.

    <input name="price" type="hidden" value="40">

On the off chance that any Perl folk read this journal instead of my technical journal and are interested in Class::CGI, you can join the mailing list to help contribute to its design and to ask questions about its use.