Planet ChrisDolan

RFC: lethal - lexical exceptions for Perl
I've been scratching a long-time itch of mine, which is that while Perl allows me to use Fatal to get subroutines and built-ins to throw exceptions on failure, such a change was always done on a package-wide, rather than lexical (block) basis.

However with Perl 5.10 we have the ability to fix that, and I've put together a proof-of-concept module that enables exception-throwing subroutines on a lexical basis.

I'm looking for input into its naming, interface, and concept in general. Rather than filling up a blog post with it, you can read the node on PerlMonks.

After the migration, Trac started throwing No changeset X in repository. It took me a few minutes to figure out. The solution: resync Trac with the SVN db:

trac-admin /path/to/tracdb
resync

Once upon a time there was a humble front-end contributor who worked on many small XUL and Javascript features for Firefox 3 like the smooth-scrolling tab bar and prefilling the find bar with the current selection. He later took on the mountainous responsibility of GTK Widget maintainer after travelling to New Zealand for his Uni holidays, but thats another story.

Anyway, in April 2007, I^H he contributed a patch to make the toolbars auto-hide themselves when in full-screen mode. It was a long and laborious process towards code review but it is now finally in the latest Firefox 3 hourly builds, and possibly in the latest nightly build.

So why is this fullscreen so incredibly awesome? For Firefox 3 we added a new read-only boolean property called window.fullScreen that can allow web applications to know whether or not you are in fullscreen mode (technically its not "new" per se, it existed in Firefox 2 but it never gave back the correct value, I just fixed that up). This can provide really great opportunities for web apps to take advantage of the new built-in fuller fullscreen. Maybe Google Presentations could start the slide show automatically when you enter fullscreen. Or maybe video sites could adjust the video size to take up the entire screen when you enter fullscreen.

Of course, I haven't forgotten my now main duty of GTK Widget maintainer. For Thunderbird users, I managed to fix the bug where dragging an image from your file manager would paste the file:// URL as text rather than embed the image. Oh, and XUL popups now properly set hints, so if you maintain a window manager, especially one with compositing, you no longer need Firefox-specific hacks; we now correctly report whether the popup is supposed to be a menu, a tooltip, or just a utility popup like Larry.

But anyway, Beta 4 is coming out soon. Like many times before, all the cool things I make just miss the beta freeze and get checked in before said beta even comes out, which makes the betas slightly less exciting than the nightlies or hourlies. Also, I hope Ted manages to turn on Profile-Guided Optimization for Linux very soon (if he hasn't done so already).

Overall Status

Blocking Firefox 3: 206 bugs found.
Blocking Gecko 1.9: 175 bugs found.

Blockers fixed between 12:00am and 10:45pm

Bug 421412 Get rid of _adjustWidth hack. Patch by Edward Lee.

Bug 396548. Star icon in url bar autocomplete is partly or completely buried under scrollbar (covered, hidden). Patch by Edward Lee.

Bug 406373. Url bar results can be scrolled horizontally after scrolling vertically. Patch by Edward Lee.

Bug 421490. wpad may be dangerous, and it is on by default. Patch by Michael Ventnor.

Bug 415329. large toolbar buttons are vertically misaligned. Patch by Dão Gottwald.

Bug 417421. Loss of back forward buttons when switching between 1.8 and 1.9. Patch by Dão Gottwald.

Bug 405010. make column changes in places/library (session) persistent. Patch by Marco Bonardo.

Bug 416225. Change “Unfiled bookmarks” to “Unsorted Bookmarks”. Patch by Kurt (supernova_00).

Bug 409215. Closing tabs quickly in succession causes the close button to “get stuck” (Minefield 3.0pre3, browser.tabs.closeButtons = 1). Patch by Gavin Sharp.

Bug 412360. Download Manager remains empty, downloads don’t start, with this 3.0b2 downloads.sqlite. Patch by Edward Lee.

Bug 418961. “Save Page As” “Text Files” saves file but Downloads window doesn’t show completion. Patch by Edward Lee.

Bug 421058. Firefox won’t prompt to change stored passwords. Patch by Justin Dolske.

No.

GCC Dehydra allows us to do analysis passes on our existing code. In the far future it may also allow us to do optimization passes. But it does not have the ability to do code rewriting, and probably won’t gain that ability any time soon. In order to be able to do C++->C++ transformations, you have to have correct end positions for all statements/tokens, not just beginning positions. GCC does not track this information, and making it do so would be a massive undertaking.

Mozilla2 still lives in a dual world where automatic code refactoring is done using the elsa/oink toolchain, while static analysis is taking place using the GCC toolchain.

Some days before, Reuben Thomas (a known contributor to Lua community) announced the release of Nancy, "a simple web site builder" at the Lua mailing list.

For the dismay of Lua afficcionados, this release was not written in Lua.

Oh, and it's written in Perl. I thought it might be interesting to say why. The problem was not libraries (I used my pure-Lua stdlib and LuaFileSystem), but deployment on Windows (I use Linux). I had previously built an all-in-one binary for Windows using a cross-compiler. That worked fine but made it hard to debug on Windows as I couldn't just edit-run, and also broke nastily when the cross-compiler was upgraded. So, I switched to LuaBinaries. That enabled me in the end to deploy only pre-built binaries, but at the cost of having to install 2 binary packages, and then do manual fiddling to get .lua files run as commands by the Windows shell.

ActivePerl does all this for me, and I was already using some Perl scripts in the same system, so by rewriting Nancy in Perl I got down to "run the Perl installer" as being the prerequisites for running Nancy.

Nancy begun its life as Lua code (and that's the reason Reuben announced this at Lua mailing list for the last time — unless it be written in Lua again in the future).

Perl still has an edge ahead before some of the popular dynamical languages out there, which (I hope) is not going away anytime soon in the future.

Filed under: TUAW Business, Podcasts

If you haven't checked out last week's show yet, by all means grab a copy. We were joined by Craig Hockenberry and Gedeon Maheux from Iconfactory, who gave us the lowdown on the history of the company, the origins of Twitterrific, the coevolution of Twitter with the now-dominant Mac client, and the promise of the upcoming iPhone development explosion. Download direct, listen in your browser or subscribe to the TalkShoe feed in iTunes.

Speaking of iPhone... We are live tonight (Sunday 3/9) for this week's talkcast, 10 pm ET, talking about iPhone for enterprise and the SDK -- featuring a taped segment with Erica Sadun and Apollo IM developer Alex Schaefer, who couldn't make the regular Sunday night show but felt they had to say something after 72+ hours deep in the SDK.

Join me, Scott, Dave and Mike Schramm tonight for the social. Bring your own ice cream!

Continue reading Talkcast reminder, 10 pm ET tonight

Read | Permalink | Email this | Comments

Filed under: iTS

iTunes users who also happen to be fans of a goblin David Bowie, Gelflings, Skeksis, Mystics and/or Jim Henson have reason to celebrate: two of Henson's cult classic films are now available on iTunes. The Dark Crystal and Labyrinth are now available for purchase at the iTunes Store. This comes on the heels of the Farscape and Fraggle Rock iTunes releases in January.

If you've never been able to get the cry of the Skeksis or the image of a frighteningly glam Goblin King (with fantastic hair) out of your head, pop up iTunes and make some Jim Henson magic. While you're there, you can even grab the slightly watered-down musical numbers in the Labyrinth Soundtrack to go with it, as well as a copy of The Muppet Christmas Carol, just in case the kids need some lighter fare after The Dark Crystal. Can't beat that, right?

Read | Permalink | Email this | Comments

Filed under: Cult of Mac

Read | Permalink | Email this | Comments

Company Name First in Microcontent?

I just now had to clean up some tables in a PostgreSQL database. The prior DBA thought that it would be good to split up tables into lx1, lx2, lx3 up to lx20. After I combined all the tables together, I needed to drop the originals. I could have written a Perl program to generate a series of drop table lx1; commands to feed into the psql command-line client, but instead I used the seq tool:

$ seq -f'drop table lx%g;' 1 20
drop table lx1;
drop table lx2;
...
drop table lx20;

If you don't have seq on your system, as on Mac OS X, you probably have jot, as in:

jot -w'drop table lx%g;' 20 1

Then again, if you just have to do it in Perl:

perl -le'print qq{drop table lx$_;} for 1..20'

but I like to use other tools than the Swiss Army Chainsaw sometimes.

LeCaddie writes "Last week German investigators raided 51 exhibitor stands at CeBIT, the German information technology fair in Hanover, looking for goods suspected of infringing patents. Some 183 police, customs officers, and prosecutors raided the fair on Wednesday and carried off 68 boxes of electronic goods and documents including cellphones, navigation devices, digital picture frames, and flat-screen monitors. Of the 51 companies raided, 24 were Chinese. Most of the patents concerned were related to devices with MP3, MP4, and DVB standard functions for digital audio and video, blank CDs, and DVD copiers, police said." In the US there are no criminal penalties associated with patents, and such a raid could not be conducted, especially in the absence of a court ruling of infringement.

Read more of this story at Slashdot.

souls writes "The folks at Wikileaks are calling for a boycott against eNom, Inc., one of the top internet domain registrars, which WikiLeaks claims is involved in systematic domain censoring. On Feb 28th eNom shut down wikileaks.info, one of the many Wikileaks mirrors held by a volunteer as a side-effect of the court proceedings around wikileaks.org. In addition, eNom was the registrar that shut off access to a Spanish travel agent who showed up on a US Treasury watch list. Wikileaks calls for a 'global boycott of eNom and its parent Demand Media, its owners, executives and their affiliated companies, interests and holdings, to make clear such behavior can and will not be tolerated within the boundaries of the Internet and its global community.'"

Read more of this story at Slashdot.

An anonymous reader writes "Despite all the emphasis on protecting Olympic copyrights in China this year, the official web site of the Beijing Olympics features a Flash game that is a blatant copy of one of the games developed at The Pencil Farm. Compare the game on the Olympic site with 'Snow Day' at The Pencil Farm."

Read more of this story at Slashdot.

So G-Archiver is a Windows app that lets you download your archived Gmail messages. It ends up that the app emails your Gmail username and password to the author. Crazy.

Just in case the power of the Firefox platform wasn't obvious already, check out the Web Slices work from Daniel Glazman and the Activities work Mike Kaply's doing.

Sun announced that they are developing a Java Virtual Machine for Apple's iPhone with the newly released Software Development Kit (SDK).

"We're going to make sure that the JVM offers the Java applications as much access to the native ...

As people delve into the details of Apple's iPhone SDK, a few interesting issues are emerging. One developer guideline that is generating some concern is from Apple's Human Interface Guidelines for iPhone:

Only one iPhone application...

http://ali.as/download/vanilla-perl-5.10.0-build-15.exe (14.4 MB) I'm happy to (FINALLY) release the new Vanilla Perl build 15. Vanilla Perl is the experimental Win32 Perl distribution with the mandate to do the absolute minimum amount of changes to the Perl core to get various features working. This latest experimental release contains most of the new tricks that will be in the upcoming April Strawberry Perl, and probably the biggest number of new features yet in a Vanilla release. XML::Parser This release comes with Expat and XML::Parser built in (since I still can't make XML::Parser install from CPAN itself and you can't upgrade it). So it should be possible to build a range of other stuff on top of it now (like PPM support, which is out of the scope of Vanilla). Win32::API Although it probably won't stay in Vanilla beyond this release, I've bundled in Win32::API out of the box. With Win32::API also comes (be necessity) with libwin32 bundled in as well (which is by far the biggest install from cpan.strawberryperl.com). With those two installed, most of the rest of the Win32:: family should install relatively easily. Relocation This release contains experimental patches for all three configuration files that contain hard-coded paths to make them capable or handling the Perl installation being shoved around. This should also be the first release usable for people interested in creating Portable Perl type distributions for flash drives, etc. Of course, this is still an .exe installer (which Portable Perl people don't want, cause it dumps crap into the registry). This particular feature WON'T be in Strawberry Perl, but it involved adding some extra capabilities in regards to tweaking installs. libwwwperl aka LWP Because I refuse to use FTP CPAN mirrors any more (HTTP being infinitely superior in every way) Vanilla now comes with LWP out of the box. This also means that the built in CPAN mirrors can be used now, intead of it falling back on the horrible FTP defaults. Righto then... So, with Vanilla 15 working, time to move on to getting a Strawberry Beta.

Read more of this story at use Perl.

Now at a CPAN mirror site near you — pmtools-1.10. Tom "spot" Callaway of Fedora Core let me know that the Fedora folks were concerned about the fact that pmtools was only licensed under the Perl 5 Artistic License (they were concerned about how well the Artistic License 1.0 would stand up in court). So, pmtools (starting with v1.10) is now dual-licensed like Perl (Artistic and GPL). (My other public Perl stuff is also dual-licensed.) I also added my copyright to pmtools, as I had not added my name to the copyright when I took it over. Off-hand, I don't recall why Tom Christiansen used only the Artistic License for pmtools. Anyone with a clue, please drop me a line. (That of course includes you, Tom.)

Read more of this story at use Perl.

MBCook sends us to the blog of one Landon Dyer, who posted an entry the other day entitled Donkey Kong and Me. It describes how he was offered at job at Atari after writing a Centipede clone and ended up programming Donkey Kong for the Atari 800. It's full of detail that will be fascinating to anyone who ever programmed assembly language that had to fit into 16K, as well as portents of what was to come at Atari. "My first officemate didn't know how to set up his computer. He didn't know anything, it appeared. He'd been hired to work on Dig Dug, and he was completely at sea. I had to teach him a lot, including how to program in assembly, how the Atari hardware worked, how to download stuff, how to debug. It was pretty bad."

Read more of this story at Slashdot.

krquet notes an InfoWorld article on Sun's plans for the iPhone. After studying Apple's newly released SDK docs for 24 hours, Sun decided it was feasible to develop a JVM, based on Java Micro Edition, for both the iPhone and the iTouch. An analyst is quoted: "I think going forward, with the SDK, it takes out of Apple's control which applications are 'right' for the iPhone." The article doesn't speculate on how Apple might to react to such a loss of control. "Apple had not shown interest in enabling Java to run on the iPhone, but Sun plans to step in and do the job itself... The free JVM would be made available via Apple's App Store marketplace for third-party applications."

Read more of this story at Slashdot.

$.99 or $1.99 is indeed low, but I think Jens Alfke may have a point. It’s not that bigger, serious apps will sell for prices that low, but smaller, simpler apps that might otherwise have been released for free might generate real money with “cup of coffee”-level prices. It’s the App Store that makes this possible.

John Siracusa:

Skilled Mac developers are uniquely positioned to be the first to market with the iPhone applications they’ve been designing in their heads since last year. They know the tools, they know the technology, they even know a lot of the APIs already, and those they don’t know look a lot like the ones they do.

http://lwn.net/Articles/272048/

Do you remember Citizens' Band radio? Though established by the Federal Communications Commission in the 1950s, CB radio didn't become an overnight sensation until the 1970s when Moore's Law brought down the cost of radios to where it was economically viable to buy them solely for the purpose of breaking speed-limit laws. President Nixon, who liked to wear a blue suit and keep a cozy fire burning in his White House hearth year round no matter what the outside temperature or impact on his (our) air conditioning bill, had decided we all should drive 55 miles per hour or less to save fuel following the energy crisis of 1973. So, being true Americans, which is to say cranky and prone to complain, we en masse set out to break this new law using as our primary tool CB radio technology to warn us where Smokey was or had recently been or whether there was an eye in the sky. Criminals bound by a criminal code, we flaunted CB license restrictions (you were supposed to use your Federally assigned call sign from that license you were also supposed to have but never got) and operated under handles like "Thunderchicken" and "Boot-licker." I was "asciiboy." CB radio sales went from zero to tens of millions of units in under two years -- the highest rate of technology adoption ever seen in the U.S. before or since. Soon there was CB lore and a CB culture. CB was everywhere. When not breaking the law with it we were using CB as a huge social network to find the cheapest gas, the best hamburger or even a date for the prom. And then, quick as it started, CB was gone, worn to the bone from overuse and abuse and left to the truckers as it should have been all along. What killed CB radio was that moment when its annoyance factor exceeded its utility -- a utility already driven down by low traffic conviction rates and the eventual understanding that if everyone were a speeder then most cops wouldn't stop anyone.

I am beginning to think that Internet social networking is another CB radio, destined to crash and burn.

Social networking has a lot of problems as both a business and a cultural phenomenon. To start with there is generally no true business model. This can vary a bit from application to application but most are vying simply for eyeballs and hoping for Google ads to pay the bills until Time Warner or News Corp make them an acquisition offer they can't refuse. That might be okay for Facebook or MySpace and maybe Linked-In, but there are more than 350 general-purpose social networks out there and I will guarantee you that no more than 5 percent of those will be still operating two years from today.

If you are a social networking entrepreneur and your operation isn't among the top 10, I'd be either looking frantically for an acquirer or turning your site into a social networking aggregator, linking to many others in exactly the way the chat networks appear to be merging while still retaining their individual identities.

Then there is the annoyance factor, which for me is rapidly accelerating as the major social networks try to establish themselves as hosts for third-party applications. This would appear to be a no-brainer tactic for the two or three social networks that are likely to survive. In fact I could argue that what is more likely to survive than most social networks are the truly compelling applications that run upon them, eventually subsuming their hosts. But in the meantime there is all this annoying crap. How many groups do you have to join, how many causes do you have to support, how many silly applications do you have to run until you come to realize that you are being included TO DEATH?

My idea for the perfect Facebook app, for example, is one I call "I've Fallen and I Can't Get Up!" It's a variation on Twitter that is activated ONLY when one participant needs other participants to call 9-1-1 on his or her behalf. Maybe it could be linked to a panic button or to your cardiac pacemaker. The perfect Facebook application, then, is one you hope you'll never have to use. This is far better than the typical Facebook app, which is overused to the point where people withdraw or simply stop noticing.

It's not that I don't see value to social networks, it's that I generally don't see ENOUGH value. Yes, keeping my address book synchronized with reality is nice, but isn't that likely to be shortly absorbed into the operating system or perhaps into networked applications like Gmail and Yahoo Mail?

This trend has happened over and over as hundreds of portals came and went, leaving a few survivors. Same for hundreds of search engines, hundreds of free e-mail services, etc., etc.

Marshall McLuhan argued that obsolete communication technologies survive as art forms. This is true, I'd say, for Morse code and movable type printing and perhaps even for your venerable Rolodex or typewriter. But it isn't yet true for CB radio, nor for most Internet technologies. Maybe they aren't old enough yet to be appreciated. In the case of CB I think range of reception limits the possible population of players to something less than an artistic critical mass.

What will likely happen to social networking is that some applications will survive on a more modest basis than now (used by the trucker equivalents), others will morph into some new Next Big Thing as their more compelling sub-applications take over, and true hard-core social networkers will jump to more advanced technologies that eliminate the riff-raff. In the meantime, 70 percent or so of most social networking functionality -- the really useful functionality -- will be sucked into the dominant portal/search/e-mail/chat/social networks like MSN and Yahoo.

This next transition will happen faster than most people realize. Part of this is because Internet product cycles have been shortening for the past several years, so each generation is shorter than the one before. This hasn't mattered much because the audience has continued to expand. And even now as Internet growth in terms of new users is slowing, that's more than made up for by the shift of advertising budgets from print and broadcast to the net. So while the growth in users is decreasing, the growth in total revenue PER user is increasing. But so is the competition, hence the shorter product cycles.

The tip-off that we're nearing the end of a cycle is the flight to quality we're seeing from some of the bigger players. At Facebook, for example, you can no longer register using an e-mail address from an anonymous mail site like Mailinator, Operamail, or Countermail. Facebook demands that you take an extra three minutes and get a Yahoo Mail or AOL mail address for example. This is clearly the company pruning its subscribers in anticipation of an acquisition in the next couple quarters. There is no other reason to do it. MySpace isn't doing it despite a very real sex offender scandal, but then MySpace has already been sold and Facebook hasn't yet.

Once Facebook has been taken and one or two others, the golden era of social networking acquisitions will be over and the entrepreneurs will be headed for that Next Big Thing.

"Breaker Port 80! Do you have your ears on?"

The release of the iPhone SDK provided a lot of answers, but has also raised a number of questions, many of which will not be answerable until the iTunes App Store launches in June 2008.

The general sentiment, however, has been quite p...

Apple has released DVD or CD Sharing Setup Update for Mac and PC.

This update installs software that enables remote disc sharing, system software restoration, and wireless migration with MacBook Air.

The Mac version require...

ericatcw writes "At its Mix08 Web development conference, Microsoft said that its Silverlight rich Internet application platform is downloaded and installed an average of 1.5 million times every day; Microsoft has a goal of 200 million installs by midyear. But Silverlight is at the beginning of a long slog towards gaining traction. Computerworld did a quick analysis of job listings at nine popular career sites and found that an average of 41 times more ads mentioned Adobe's Flash than mentioned Silverlight. As expected only 6 months after Silverlight's introduction, the number of programming books carried on Amazon.com was also heavily skewed in favor of Flash."

Read more of this story at Slashdot.

Trying to figure out the source of a method in one of our Catalyst controllers. Our controller inherited from one of our controller base classes. That, in turn, inherited from the deprecated Catalyst::Base which, in turn, does nothing but inherit from Catalyst::Controller, which inherits from three different classes. Two of those inherit from two classes each, which in turn ...

Let's see if I can figure this out our inheritance heirarchy so I can tell where that method is coming from:

Our::Controller
    Our::ControllerBase
        Catalyst::Base (deprecated passthrough)
            Catalyst::Controller
                Catalyst::Component
                    Class::Accessor::Fast
                        Class::Accessor
                    Class::Data::Inheritable
                Catalyst::AttrContainer
                    Class::Accessor::Fast
                        Class::Accessor
                    Class::Data::Inheritable
                  Class::Accessor::Fast
                      Class::Accessor
    Catalyst::Controller::REST
        Catalyst::Controller
            Catalyst::Component
                Class::Accessor::Fast
                    Class::Accessor
                Class::Data::Inheritable
            Catalyst::AttrContainer
                Class::Accessor::Fast
                    Class::Accessor
                Class::Data::Inheritable
              Class::Accessor::Fast
                  Class::Accessor

Got that?

On the off chance that you're a Multiple Inheritance fanboy, I don't think I'm going to say anything right now. I'm on the verge of profanity. MI is a tool of last resort (no, I'm not saying it's always the wrong answer). Today there are so many excellent alternatives that you really have no excuse for using MI other than "I don't like change".

The CFP for YAPC::NA 2008 officially ends on March 15th, so get your submissions in soon. Though we actually have had an amazing number of pre-deadline submissions (typically the last few days are when the floodgates open), we could still use some more. There are spots open for talks ranging from 20 minute overviews to longer 90 minute sessions. This year, we are also doing hands-on workshops in the conference center computer lab. Any projects that want to try to recruit some new hackers should sign up for hosting one of these informal learning sessions.

Read more of this story at use Perl.

http://lwn.net/Articles/271240/

Net::HTTPServer does not handle large responses. To enable this support by breaking up large responses, change the _send function within: if (ref($data) eq "") { ...

to: if (ref($data) eq "") { if (length($data) > 1024) { my @data_chunks = unpack "a1024" x ((length($data)/1024)-1) . "a*", $data; foreach my $chunk (@data_chunks) { $self->_debug("SEND","_send: $chunk"); return unless defined($self->_send_data($sock,$chunk)); } } else { $self->_debug("SEND","_send: $data"); return unless defined($self->_send_data($sock,$data)); } }

See also: Regexp::Common::Email::Address.

The organizers of Flourish are of course looking for attendees for their conference, but they are also looking for something else... top-notch Perl web developers. They are having a web programming showdown using a variety of languages and frameworks. Perl is on the list, but is currently under-represented. They are looking to invite the best-of-the-best in each language, preferably people who are noted contributors to the particular language or platform that they'll be developing in. Because of this demanding criteria, they are willing to talk about helping out with travel, etc. Please contact me, Josh McAdams (joshua dot mcadams at gmail dot com) if you are interested.

If you didn't think think IE 8's "activities" were a derivative of Mozilla's microformats work then check out Mike Kapley's add-on.

Six months ago I had to set up a Linksys Access Point (WAP54G) as a wireless repeater in my house, to get the wireless signal from my Wireless-G Broadband Router (WRT54G) to reach the attic. It was a painful process, and the main reason it was painful was trying to get the correct value on the repeater for the setting labelled "Remote Access Point's LAN MAC Address". This is how it knows where to send all the relayed traffic to.

How hard can this be? You go to your WRT54G router, click "Status", and there it is: a field labelled "MAC Address". Just copy that in, right? However, that's the MAC address for the wired side. So, despite the fact that the field is labelled "LAN MAC address", if you enter the MAC address the router uses on the LAN, nothing works! It's not the "LAN MAC Address" at all - it's precisely the other one, the MAC address from the Status/Wireless subtab. Doh! A "Breathtaking UI" award to Linksys, I think.

(This is a bit geeky, but I also want to document it to try and avoid anyone else having to suffer through this.)

Adam Kaplan has released a cool new profiling tool, Devel::NYTProf. It's apparently taken the formatting beauty of Devel::Cover, the code test coverage tool, and used it to identify hotspots in your code. The results are beautiful: Overview and module-level detail. There's also a report writer that provides CSV output and lets you create your own output in your own format.

I ran into a divide-by-zero error that I patched in my local copy, but other than that the results seem good. I look forward to whatever other improvements come. I'm also glad it's been released with the support of the New York Times.

In January, Shelray did a post about a San Francisco man suing a Catholic Hospital in Daly City for refusing to give him a sex change operation. Well apparently the hospital caved under the pressure of a court order according to an EWTN feed from CWN. This is most unfortunate but I suppose that it is encouraging that they resisted to start with. However, what is problematic is that the hospital is said to have released the following statement: “We regret any confusion that may have come from th

Macenstein percolates a rumor that Apple is preparing a final update to Mac OS 10.4 "Tiger", bringing the system version to 10.4.12.

We have it on good authority (meaning this is a rumor, and “good authority” could mean anything) that...

As I previously threatened, I’ve gone ahead and created a “Microplanet” for Irish twitterers, similar to Portland’s Pulse of PDX — an aggregator of the “stream of consciousness” that comes out of our local Twitter community: IrishPulse.

Here’s what you can do:

Add yourself: if you’re an Irish Twitter user, follow the user ‘irishpulse’. This will add you to the sources list.

Publicise it: feel free to pass on the URL to other Irish Twitter users, and blog about it.

Read it: bookmark and take a look now and again!

In terms of implementation, it’s just a (slightly patched) copy of Venus and a perl script using Net::Twitter to generate an OPML file of the Twitter followers. Here’s the source. I’d love to see more “Pulse” sites using this…

More companies are showing their support for open source projects, and I couldn't be happier about it.

Those of you following Ovid's blog on use.perl.org, or reading his code improvements in the perl-qa mailing list, should give thanks to the BBC for supporting his Perl work. It's not all philanthropic, of course, since the BBC wants good tools for themselves, but I love that they're letting Ovid hitch his stories to the BBC wagon. That helps give Perl some credence in the eyes of open source skeptics.

Now, as you readers of Mechanix know, Devel::NYTProf is the hot new profiler in town. Not only is the New York Times allowing code to be released, it turns out there's a blog, open.blogs.nytimes.com, where Adam Kaplan announced the module. I love that a company that's not (exactly) in the software business is blogging about their open source software work. Let's hope it's a light in the darkness that others will lend their illumination to as well.

This may well turn out to be another oops. Sometimes when I screw around with the mail system, it's a big win, and sometimes it's a big lose. I don't know yet how this will turn out.

Since I moved house, I have all sorts of internet-related problems that I didn't have before. I used to do business with a small ISP, and I ran my own web server, my own mail service, and so on. When something was wrong, or I needed them to do something, I called or emailed and they did it. Everything was fine.

Since moving, my ISP is Verizon. I have great respect for Verizon as a provider of telephone services. They have been doing it for over a hundred years, and they are good at it. Maybe in a hundred years they will be good at providing computer network services too. Maybe it will take less than a hundred years. But I'm not as young as I once was, and whenever that glorious day comes, I don't suppose I'll be around to see it.

One of the unexpected problems that arose when I switched ISPs was that Verizon helpfully blocks incoming access to port 80. I had moved my blog to outside hosting anyway, because the blog was consuming too much bandwidth, so I moved the other plover.com web services to the same place. There are still some things that don't work, but I'm dealing with them as I have time.

Another problem was that a lot of sites now rejected my SMTP connections. My address was in a different netblock. A Verizon DSL netblock. Remote SMTP servers assume that anybody who is dumb enough to sign up with Verizon is also too dumb to run their own MTA. So any mail coming from a DSL connection in Verizonland must be spam, probably generated by some Trojan software on some infected Windows box.

The solution here (short of getting rid of Verizon) is to relay the mail through Verizon's SMTP relay service. mail.plover.com sends to outgoing.verizon.net, and let outgoing.verizon.net forward the mail to its final destination. Fine.

But but but.

If my machine sends more than X messages per Y time, outgoing.verizon.net will assume that mail.plover.com has been taken over by a Trojan spam generator, and cut off access. All outgoing mail will be rejected with a permanent failure.

So what happens if someone sends a message to one of the 500-subscriber email lists that I host here? mail.plover.com generates 500 outgoing messages, sends the first hundred or so through Verizon. Then Verizon cuts off my mail service. The mailing list detects 400 bounce messages, and unsubscribes 400 subscribers. If any mail comes in for another mailing list before Verizon lifts my ban, every outgoing message will bounce and every subscriber will be unsubscribed.

One solution is to get a better mail provider. Lorrie has an Earthlink account that comes with outbound mail relay service. But they do the same thing for the same reason. My Dreamhost subscription comes with an outbound mail relay service. But they do the same thing for the same reason. My Pobox.com account comes with an unlimited outbound mail relay service. But they require SASL authentication. If there's SASL patch for qmail, I haven't been able to find it. I could implement it myself, I suppose, but I don't wanna.

So far there are at least five solutions that are on the "eh, maybe, if I have to" list:

• Get a non-suck ISP
• Find a better mail relay service
• Hack SASL into qmail and send mail through Pobox.com
• Do some skanky thing with serialmail
• Get rid of qmail in favor of postfix, which presumably supports SASL

(Yeah, I know the Postfix weenies in the audience are shaking their heads sadly and wondering when the scales will fall from my eyes. They show up at my door every Sunday morning in their starched white shirts and their pictures of DJB with horns and a pointy tail...)

It also occurred to me in the shower this morning that the old ISP might be willing to sell me mail relaying and nothing else, for a small fee. That might be worth pursuing. It's gotta be easier than turning qmail-remote into a SASL mail client.

The serialmail thing is worth a couple of sentences, because there's an autoresponder on the qmail-users mailing-list that replies with "Use serialmail. This is discussed in the archives." whenever someone says the word "throttle". The serialmail suite, also written by Daniel J. Bernstein, takes a maildir-format directory and posts every message in it to some remote server, one message at a time. Say you want to run qmail on your laptop. Then you arrange to have qmail deliver all its mail into a maildir, and then when your laptop is connected to the network, you run serialmail, and it delivers the mail from the maildir to your mail relay host. serialmail is good for some throttling problems. You can run serialmail under control of a daemon that will cut off its network connection after it has written a certain amount of data, for example. But there seems to be no easy way to do what I want with serialmail, because it always wants to deliver all the messages from the maildir, and I want it to deliver one message.

There have been some people on the qmail-users mailing-list asking for something close to what I want, and sometimes the answer was "qmail was designed to deliver mail as quickly and efficiently as possible, so it won't do what you want." This is a variation of "Our software doesn't do what you want, so I'll tell you that you shouldn't want to do it." That's another rant for another day. Anyway, I shouldn't badmouth qmail-users mailing-list, because the archives did get me what I wanted. It's only a stopgap solution, and it might turn out to be a big mistake, but so far it seems okay, and so at last I am coming to the point of this article.

I hacked qmail to support outbound message rate throttling. Following a suggestion of Richard Lyons from the qmail-users mailing-list, it was much easier to do than I had initially thought.

Here's how it works. Whenever qmail wants to try to deliver a message to a remote address, it runs a program called qmail-remote. qmail-remote is responsible for looking up the MX records for the host, contacting the right server, conducting the SMTP conversation, and returning a status code back to the main component. Rather than hacking directly on qmail-remote, I've replaced it with a wrapper. The real qmail-remote is now in qmail-remote-real. The qmail-remote program is now written in Perl. It maintains a log file recording the times at which the last few messages were sent. When it runs, it reads the log file, and a policy file that says how quickly it is allowed to send messages. If it is okay to send another message, the Perl program appends the current time to the log file and invokes the real qmail-remote. Otherwise, it sleeps for a while and checks again.

The program is not strictly correct. It has some race conditions. Suppose the policy limits qmail to sending 8 messages per minute. Suppose 7 messages have been sent in the last minute. Then six instances of qmail-remote might all run at once, decide that it is OK to send a message, and send one. Then 13 messages have been sent in the last minute, which exceeds the policy limit. So far this has not been much of a problem. It's happened twice in the last few hours that the system sent 9 messages in a minute instead of 8. If it worries me too much, I can tell qmail to run only one qmail-remote at a time, instead of 10. On a normal qmail system, qmail speeds up outbound delivery by running multiple qmail-remote processes concurrently. On my crippled system, speeding up outbound delivery is just what I'm trying to avoid. Running at most one qmail-remote at a time will cure all race conditions. If I were doing the project over, I think I'd take out all the file locking and such, and just run one qmail-remote. But I didn't think of it in time, and for now I think I'll live with the race conditions and see what happens.

So let's see? What else is interesting about this program? I made at least one error, and almost made at least one more.

The almost-error was this: The original design for the program was something like:

1. do
   • lock the history file, read it, and unlock it
   until it's time to send a message
2. lock the history file, update it, and unlock it
3. send the message

This is a classic mistake in writing programs that run concurrently and update a file. The problem is that process A update the file after process B reads but before B updates it. Then B's update will destroy A's.

One way to fix this is to have the processes append to the history file, but never remove anything from it. That is clearly not a sustainable strategy. Someone must remove expired entries from the history file.

Another fix is to have the read and the update in the same critical section:

1. lock the history file
2. do
   • read the history file
   until it's time to send a message
3. update the history file and unlock it
4. send the message

But that loop could take a long time, during which no other qmail-remote process can make progress. I had decided that I wanted to try to retain the concurrency, and so I wasn't willing to accept this.

Cleaning the history file could be done by a separate process that periodically locks the file and rewrites it. But instead, I have the qmail-remote processes to it on the fly:

1. do
   • lock the history file, read it, and unlock it
   until it's time to send a message
2. lock the history file, read it, update it, and unlock it
3. send the message

I'm happy that I didn't actually make this mistake. I only thought about it.

Here's a mistake that I did make. This is the block of code that sleeps until it's time to send the message:

          while (@last >= $msgs) {
            my $oldest = $last[0];
            my $age = time() - $oldest;
            my $zzz = $time - $age + int(rand(3));
            $zzz = 1 if $zzz  1;
       #    Log("Sleeping for $zzz secs");
            sleep $zzz;
            shift @last while $last[0] < time() - $time;
            load_policy();
          }

The throttling policy is expressed by two numbers, $msgs and $time, and the program tries to send no more than $msgs messages per $time seconds. The @last array contains a list of Unix epoch timestamps of the times at which the messages of the last $time seconds were sent. So the loop condition checks to see if fewer than $msgs messages were sent in the last $time seconds. If not, the program continues immediately, possibly posting its message. (It rereads the history file first, in case some other messages have been posted while it was asleep.)

Otherwise the program will sleep for a while. The first three lines in the loop calculate how long to sleep for. It sleeps until the time the oldest message in the history will fall off the queue, possibly plus a second or two. Then the crucial line:

            shift @last while $last[0] < time() - $time;

which discards the expired items from the history. Finally, the call to load_policy() checks to see if the policy has changed, and the loop repeats if necessary.

The bug is in this crucial line. if @last becomes empty, this line turns into an infinite busy-loop. It should have been:

            shift @last while @last && $last[0] < time() - $time;

Whoops. I noticed this this morning when my system's load was around 12, and eight or nine qmail-remote processes were collectively eating 100% of the CPU. I would have noticed sooner, but outbound deliveries hadn't come to a complete halt yet.

Incidentally, there's another potential problem here arising from the concurrency. A process will complete the sleep loop in at most $time+3 seconds. But then it will go back and reread the history file, and it may have to repeat the loop. This could go on indefinitely if the system is busy. I can't think of a good way to fix this without getting rid of the concurrent qmail-remote processes.

Here's the code. I hereby place it in the public domain. It was written between 1 AM and 3 AM last night, so don't expect too much.

The Acid 3 Test has been officially released. The test has been in development for some time, with much of that development happening in the open.

The Acid 3 test is far more complex than the Acid 2 test. It covers a wider range of standards and consists of many more individual tests. Browsers have to render a sequence of boxes that display dynamically in a stairstep pattern. For every cluster of tests passed successfully, the boxes will fill in with a color, which signifies that all of the tests covered by that block have passed.

If you run Acid 3 on the shipping versions of current browsers (Firefox 2, Safari 3, Opera 9, IE7), you’ll see that they all score quite low. For example Safari 3 scores a 39/100. This percentage score is a bit misleading however. The situation with all four browser engines really isn’t that bad.

You can think of the Acid 3 test as consisting of 100 individual test suites. In order for a browser engine to claim one of these precious 100 points, it has to pass a whole battery of tests around a specific standard. In other words it’s like the browser is being asked to take 100 separate exams and score an A+ on each test in order to get any credit at all.

The reality is that all of the browsers are doing much better than their scores would have you believe, since the engines are often passing a majority of the subtests and experiencing minor failures that cost them the point for that section.

Shipping Safari scores a 39/100 with some significant rendering errors. We’ve been working hard since the test surfaced and are pleased to report that we’ve entered the “A” range on the test with a score of 90/100.

So what did we fix to gain so many points?

Bug 17064 has all the details, but here are the highlights.

Support for CSS3 Selectors
We added support for all of the remaining CSS3 selectors. These include selectors like nth-child, nth-of-type, last-child, last-of-type, etc. These selectors were already implemented in KHTML, and the KHTML developers had even kindly provided patches for us in the relevant WebKit bugs. Therefore it was a simple matter of taking those patches, updating them to the WebKit codebase, and then merging them in. A big thanks to the KHTML developers for their hard work in this area.

Parsing Bugs
WebKit had a number of minor parsing bugs that Acid 3 targeted. The boxes did not render properly because of an obscure parsing bug that the test exploited (thanks, Hixie). In addition a number of other parsing bugs kept us from completely passing individual tests. We have updated our parser to be much closer to the HTML5-specified parsing rules.

WebKit has also never parsed DOCTYPEs before. I re-wrote WebKit’s DOCTYPE parsing to match the HTML5 specification, and so now if you put a DOCTYPE into your page it will be present in the DOM. In addition many bugs centered around proper mode resolution (quirks vs. strict) have now been fixed. You can document.write a DOCTYPE for example in a new document and have the correct mode be selected.

SVG
Acid3 has many SVG tests. We’ve been hard at work making these tests pass. In particular SVG font support and other aspects of the SVG DOM have been tested. Many of the remaining 10 points are SVG failures. We’ll be working on SVG animation in order to pass the last few SVG tests.

DOM
Acid3 tests a lot of DOM level 2 features, like traversal and ranges. It particularly focuses on the “liveness” of objects, e.g., making sure everything updates properly when you dynamically change a document by adding/removing nodes. Most of our failures in this area had to do with not behaving properly in the presence of these dynamic changes (even though we tended to pass the more static tests).

Now that we’re closing in on 100%, we’ll be blogging about each fix as it happens, so that you can follow our progress from the blog.

John Gruber:

I do think the IE team deserves credit for having floating the idea for opt-in version targeting rather than just going ahead and implementing it.

Err, “floated the idea?” I thought what I read was an announcement of fait accompli. At no time did it strike me as though Microsoft left the issue open-ended. That they subsequently revoked their proclaimed decision came out of left field; would this have been the case if what they first did was in fact merely “floating the idea?”

I’m glad that someone inside Microsoft apparently somehow managed to overrule someone else (whoever the people involved are), but I can find no way to interpret Microsoft’s initial course of action as commendable.

Furthermore, the question Eric Meyer asked is still open: even though Microsoft reneged on the most objectionable part of the announcement, the fact that IE 8 will have three rendering modes, including a frozen-in-time one with all its implications for competitors, still stands.

http://lwn.net/Articles/271762/

A few days ago, I was writing a code (namely the Path-Classy dist) and stared at the code that produced the file size in raw bytes or "humanized" (28300 or 28K).

sub _format_size {
  my ($sz, $opt) = @_;

  my $format = $opt->{format};
  if ( $format eq 'h' ) {
    require Numbers::Bytes::Human;
    return Number::Bytes::Human->new->format( $sz );
  }
  else { # raw bytes
    return $sz;
  }
}

Of course, loading Number::Bytes::Human and creating a instance every time $f->size({ format => 'h' }) was invoked seemed overkill. But saving the N::B::H into a class/instance variable seemed overkill too: it has nothing to do with Path::Classy (which are Path::Class ) objects but for that instant relationship to format a file property, size.

Hey, that's a chance to use memoization, splitting the formatter creation into a function and then memoizing it (so that we don't need to create a [reusable] object with the same capabilities over and over), we come to this code.

use Memoize;

sub _size_formatter {
  require Number::Bytes::Human;
  return Number::Bytes::Human->new;
}
memoize('_size_formatter');

sub _format_size {
  my ($sz, $opt) = @_;

  my $format = $opt->{format};
  if ( $format eq 'h' ) {
    return _size_formatter->format( $sz );
  ...

That looked elegant to me. To make it even more tight (and to require yet another CPAN module ;-) ), using Attribute::Memoize seemed right. It avoids the need to repeat the function name in the memoize call and it anticipated the wrapping up of the sub to BEGIN time (a free bonus of Attribute::Handlers in the backstage).

use Attribute::Memoize;

sub _size_formatter :Memoize {
  require Number::Bytes::Human;
  return Number::Bytes::Human->new;
}

That's it! Efficient code, localized behavior, no need for extra variables. Will people understand that for maintenance? I hope so.

I've had pretty much all the basic modules I need for a while now, which has put a damper on my release rate. No bad thing, since when you are looking after 100+ you tend to end up doing a lot more maintenance and feature additions than new coding.

I'm by and large completely happy coding Perl on Unix now.

Unfortunately, as I start to do more coding on Windows (in this case, funky Perl::Dist internals magic) I find myself back in the past a bit.

Win32::File, for example, is a horrible piece of API ugliness. It's all CamelCase and return-by-param and bit fields. Ugh...

So here I am again writing simple usability wrappers about code that does the right thing but makes you feel dirty while doing it.

Win32::File::Object is a wrapper around Win32::File, which is basically only a thin Perl/XS wrapper around the raw C API.

So now if you have some code that needs to remove a readonly flag, you can just go...

Win32::File::Object->new('file.txt', 'autowrite')->readonly(0);


The only downside of this module is that my release code can't deal with Windows code, so I'm stuck with an absolutely tortuous release process.

And given the state of Win32:: I've got a feeling this won't be the first Win32:: module I'm going to be forced to write to feel like a human being when I'm coding on Win32.

Dropping vowels to shorten names is a terrible practice. Quick, someone give me an idea what $hdnchgdsp means, an Actual Variable from some Bad Code I'm working on today.

It's not just variables names, either. Filenames often need to be shortened, but dropping vowels is not the way to do it. You're left with unpronounceable names that are annoying to type.

The key to effective abbreviation is not removal of letters from the middle of the words, but from the end. Sometimes, it doesn't make sense to shorten a word at all, like "post". If you have a file that is supposed to "post audit transactions", call it "post-aud-trans" or "post-aud-trx", not "pst_adt_trns".

Jott is a really neat service that lets you Do Stuff via your cell phone. The default Stuff you can do is "send email and SMS" and "setup a reminder." There's also a very simple API for writing your own applications (called Jott Links). It works something like this:

1. you call the toll-free Jott number
2. you speak the name of the Jott Link you've set up
3. you speak a message
4. Jott issues a web request with data including your id and the message
5. the service does something and replies to Jott
6. Jott sends you a reply

There are Jott Links for Twitter and other things that I don't care about. There isn't one for Hiveminder. Zak Greant made a video demonstrating Hiveminder and Jott together, which has Jott send mail to the task-by-email interface of Hiveminder. This isn't bad at all, but it puts all kinds of crap into your task, because Jott sends pretty chatty email.

I wrote a Jott Link service in about ten minutes (much of which was test time, waiting for Jott to transcribe my messages). It uses CGI.pm and Net::Hiveminder to create a very concise task. I need to add more features to it, but I'm in no rush. I am secretly hoping that the guys at Best Practical will write a much better version, complete with a user setup link, so that everyone can use their link, rather than running his own, each on a different server.

Here's my code:

#!/usr/bin/perl
use strict;
use warnings;
BEGIN { $ENV{HOME} = '/home/rjbs' }
use CGI qw(:standard);
use Net::Hiveminder;

my ($pw, $key) = `cat /home/rjbs/.hiveminder`;
chomp($pw, $key);

my $hm = Net::Hiveminder->new(
  email    => 'user@example.com',
  password => $pw,
);

my $user_key = url_param('userKey');
my $message  = url_param('message');

die unless lc $user_key eq lc $key;
$hm->create_task("$message\n via Jott.com");

print "Content-type: text/plain\n\nCreated.";

Obviously, this is a horrible hack. Still, it means I can open my phone, hold down 5, and dictate todo items right into Hiveminder.

There are a lot of little problems with Jott, some of which strike me as significant usability issues, but they're all very fixable, and I look forward to seeing them fixed. I'll write more about them later. Here's the one that irked me the most last night: Jott says that to write a Jott Link, you should expect an HTTP POST. You do, in fact, get a POST, but all of the data is in the URL query string, not in the content of the request. Huh?

Well, whatever. All their problems are fixable, and the service looks like it will be great.

I've just uploaded the new Test::Aggregate. The only change is that it sets the $ENV{TEST_AGGREGATE} variable to true (for VMS users: and explicitly deletes it in an END block). This allows you to do this:

die "Cannot use $0 in aggregated tests"
  if $ENV{TEST_AGGREGATE};

Blew a chunk of time yesterday trying to debug why the aggregated tests were failing. Now I can add that to some code to ensure that I'll know immediately next time.

So I've been playing with IMAP lately, processing a folder of emails to process. It has been kind of interesting (to say the least).

Those of you who follow my CPAN uploads know I created Net::IMAP::Simple::NB, which is a subclass of Net::IMAP::Simple but using non-blocking I/O. The idea for that originally was to create a webmail system for AxKit2, but it was also fun learning how IMAP works.

There are some really interesting corner issues in IMAP that surprise me. For example an IMAP server is expected to be able to parse MIME messages, and be able to provide different components of the body as requested. This seems odd to me as frankly this should be a client task - surely this slows IMAP servers down? Also when you ask for the body structure it maps it in a very odd manner - though perhaps its useful for clients - there seems to be a lot of structure data there that isn't useful. There are some other odd choices too, like dates are provided as "DD-MON-YYYY" rather than the more ISO compliant "YYYY-MM-DD" format, and email addresses are provided pre-parsed, which means if your IMAP server gets it wrong you're screwed (though I guess that isn't too common).

On the other hand there are some nice things too, like IMAP provides most of its data in an S-expressions-like format, which is quite easy to parse in perl. The RFC is also not as horrible as I had once thought, so decoding various things is reasonably easy. On the other hand, it seems Net::IMAP::Simple is a bit too simplistic, in that it doesn't parse the output formats properly, and honestly doesn't have enough methods in it (I've added 8 methods just for my one simple app).

I'll have to consider contacting the author about patches. Though I'm unsure right now if I want to have too much to do with it in the long term.

A couple of weeks ago, WebSense posted this article with details of a spammer’s attack on Google’s CAPTCHA puzzle, using web services running on two centralized servers:

[…] It is observed that two separate hosts active on same domain are contacted during the entire process. These two hosts work collaboratively during the CAPTCHA break process. […]

Why [use 2 hosts]? Because of variations included in the Google CAPTCHA image, chances are that host 1 may fail breaking the code. Hence, the spammers have a backup or second CAPTCHA-learning host 2 that tries to learn and break the CAPTCHA code. However, it is possible that spammers also use these two hosts to check the efficiency and accuracy of both hosts involved in breaking one CAPTCHA code at a time, with the ultimate goal of having a successful CAPTCHA breaking process.

To be specific, host 1 has a similar concept that was used to attack Live mail CAPTCHA. This involved extracting an image from a victim’s machine in the form of a bitmap file, bearing BM.. file headers and breaking the code. Host 2 uses an entirely different concept wherein the CAPTCHA image is broken into segments and then sent as a portable image / graphic file bearing PV..X file headers as requests. […]

While it doesn’t say as such, some have read the post to mean that Google’s CAPTCHA has been solved algorithmically. I’m pretty sure this isn’t the case. Here’s why.

Firstly, the FAQ text that appears on “host 1″ (thanks Alex for the improved translation!):

FAQ

If you cannot recognize the image or if it doesn’t load (a black or empty image gets displayed), just press Enter.

Whatever happens, do not enter random characters!!!

If there is a delay in loading images, exit from your account, refresh the page, and log in again.

The system was tested in the following browsers: Internet Explorer Mozilla Firefox

Before each payment, recognized images are checked by the admin. We pay only for correctly recognized images!!!

Payment is made once per 24 hours. The minimum payment amount is $3. To request payment, send your request to the admin by ICQ. If the admin is free, your request will be processed within 10-15 minutes, and if he is busy, it will be processed as soon as possible.

If you have any problems (questions), ICQ the admin.

That reads to me a lot like instructions to human “CAPTCHA farmers”, working as a distributed team via a web interface.

Secondly, take a look at the timestamps in this packet trace:

The interesting point is that there’s a 40-second gap between the invocation on “Captcha breaking host 1″ and the invocation on “Captcha breaking host 2″. There is then a short gap of 5 seconds before the invocations occur on the Gmail websites.

Here’s my theory: “host 1″ is a web service gateway, proxying for a farm of human CAPTCHA solvers. “host 2″, however, is an algorithm-driven server, with no humans involved. A human may take 40 seconds to solve a CAPTCHA, but pure code should be a lot speedier.

Interesting to note that they’re running both systems in parallel, on the same data. By doing this, the attackers can

1. collect training data for a machine-learning algorithm (this is implied by the ‘do not enter random characters!’ warning from the FAQ — they don’t want useless training data)

2. collect test cases for test-driven development of improvements to the algorithm

3. measure success/failure rates of their algorithms, “live”, as the attack progresses

Worth noting this, too:

Observation*: On average, only 1 in every 5 CAPTCHA breaking requests are successfully including both algorithms used by the bot, approximating a success rate of 20%. The second algorithm (segmentation) has very poor performance that sometimes totally fails and returns garbage or incorrect answers.

So their algorithm is unreliable, and hasn’t yet caught up with the human farmers. Good news for Google — and for the CAPTCHA farmers of Romania ;)

The Perl Foundation needs new blood. Jim Brandt writes:

Have you ever wanted to get involved in The Perl Foundation, but didn't know how? Well, now's your chance. I'm pleased to announce open self-nominations for the following TPF roles:

• Steering Committee Chair
• Conferences Committee Chair
• Public Relations

You can follow the links above to read descriptions of each of the positions. If you think you're a good fit for one or more of them, send me an email at cbrandt at perlfoundation dot org. I'll then invite you to a dedicated wiki we have set up just for the election.

Once you join the wiki, you'll set up a page to post all of your experience and answer the questions provided in each section above. The wiki is private, but you'll be able to see the other candidate pages, and they'll see yours.

The deadline to get all of your information in is midnight next Tuesday, March 11. Our committees elect their members, so the Conferences Committee will be voting on the CC chair and the Steering Committee will vote on the chair and PR positions. After we have a chance to look over everyone's information, we vote and select our newest members.

You only have a week, so don't wait too long. I look forward to hearing from you.

Karen Pauley is stepping up to run for Steering Committee chair, so how about you? Maybe that's a spot you'd like to work on, or maybe public relations is more up your alley. This is your chance to help lead TPF lead Perl and Perl development.

Astute followers of TPF will note that the PR spot is open, a spot that I once held. Yes, I am no longer doing PR for TPF. I've done that job for a while, and now I'm moving on to do other things, not least of which is this little news called perlbuzz.com.

Net::HTTPServer also enables client side certificate checking by default without any built in interface to change this.

I've added an option to new() to set this on the fly, but as a workaround see line 825 of HTTPServer.pm and change SSL_verify_mode to desired setting:

0x00 - no verification 0x01 - verify peer certificate 0x02 - fail verification if no peer certificate exists; ignored for clients 0x04 - verify client once

for more details on these options see: http://search.cpan.org/~sullr/IO-Socket-SSL-1.13/SSL.pm

Guess it's another case of all animals being equal, some are more equal than others. Phooey! Daly City, CA, Mar 4, 2008 / 04:19 am (CNA).- A Catholic hospital that refused to allow its facilities to be used for breast implant surgery on a man that had undergone a sex-change operation will now allow the procedure, the California Catholic Daily reports. In 2006 a doctor told Charlene Hastings, 57, that Seton Medical Center in Daly City would not allow him to perform breast-enhancement surgery on

eldavojohn writes "Over concerns for lack of an anti-phishing mechanism for Safari, Paypal is telling its Mac users to use another browser. An author from Ars Technica reveals that he has been using Camino and has fallen victim to a Paypal related phishing scam via e-mail so this story must hit home for him. 'Currently the Apple browser does not alert users to sites that could be phishing for your info, and it lacks support for Extended Validation. PayPal is, of course, a popular site among phishers in their neverending search for personal information, user IDs, and passwords. While it's not entirely fair singling out Safari (other Mac browsers like Camino also lack this support), it is perhaps at least a helpful reminder of the threat.'"

Read more of this story at Slashdot.

Today, Best Practical announced IMAP access to Hiveminder. It's way cool, and I'm sure I'll end up making a lot of improvement to my mutt configuration tools to make the most of it. You can check out their blog post or documentation for more information, but basically you point your IMAP client at Hiveminder and you can see your todo list. You can drop new tasks (in the form of email from elsewhere) into inbound folders and you can move existing tasks into other folders to cause them to become hidden or complete. There's a bit more to it, but that's the gist.

My IMAP client of choice is OfflineIMAP, as I've said many times before. It's the easiest way for me to use mutt with IMAP, whether online or off. Unfortunately, it has a really stupid bug. Every message in an IMAP account has a unique id (the UID), which is useful for doing synchronization. It lets you figure out that you've moved a message from one place to another in your offline store. OfflineIMAP doesn't seem to keep the same UID on messages that have moved from one folder to another, which made it impossible to use the IMAP interface to mark a message done or hidden.

As usual, the guys at Hiveminder were quick to sort this out, making their correct software cope with my twitchy software.

Now, the folders in which Hiveminder presents your tasks are (I am told) great for users of GUI MUAs, where they form a nice hierarchy of folders that you can drill down through. Here's a summary of the folder layout:

Actions
  Completed
  Hide for
    Days..
      01 day
      (..more..)
    Months..
      01 month
      (..more..)
  Take
Braindump mailboxes
  []
Groups
  pep
    All tasks
    Everyone else's tasks
    Up for grabs
Help
News

Here's what they look like as directories:

Actions/Completed
Actions/Hide for/Days../01 day
Actions/Hide for/Months../01 month
Actions/Take
Braindump mailboxes/[]
Groups/pep
Groups/pep/All tasks
Groups/pep/Everyone else's tasks
Groups/pep/Up for grabs
Help
News

The amount of typing needed to move things around between these folders is a drag. Fortunately, OfflineIMAP makes it really simple to map Hiveminder's IMAP folders into a nice, shallow, easy to type hierarchy. With my OfflineIMAP configuration, it looks like this:

./braindump
./braindump.[]
./done
./groups
./groups.pep
./groups.pep.all
. /groups.pep.avail
./groups.pep.others
./help
./hide.1d
./hide.1m
./inbox
. /take

I need to do a bit of work to make WhichConfig check $0 (or something) to notice that I want to use Hiveminder, rather than the "normal" mail available to it. Even without having done that, the IMAP interface is pretty fantastic. I see a lot of weird Maildir tricks in my future. Until I have some to publish, here's my OfflineIMAP configuration for use with Hiveminder:

.offlineimap :

[general]
pythonfile = ~/.offlineimap/helper.py

[Account hiveminder]
localrepository = hiveminder_maildir
remoterepository = hiveminder_imap

[Repository hiveminder_imap]
type = IMAP
remotehost = hiveminder.com
ssl = yes
remoteuser = user@example.com
remotepass = PASSWORD

nametrans    = lambda foldername: hm_nametrans(foldername)
folderfilter = lambda foldername: hm_folderfilter(foldername)

[Repository hiveminder_maildir]
type = Maildir
localfolders = ~/Mailhive

This relies on a few Python functions stored in another file:

helper.py :

import re

hide_re = re.compile('^Actions/Hide')
spec_re = re.compile('(?P<n>\d\d) (?P<units>days?|months?)$')

def hm_folderfilter(folder):
  if folder in ('Actions', 'Groups'): return False

  if hide_re.search(folder) and not spec_re.search(folder): return False

  return True

def hm_nametrans(folder):
  if folder == 'Actions/Completed': return 'done'
  if folder == 'Actions/Take': return 'take'
  if folder == 'Actions/Take': return 'take'

  folder = re.compile('Braindump mailboxes').sub('braindump', folder)

  if hide_re.search(folder):
    spec  = spec_re.search(folder)
    n     = int(spec.group('n'))
    units = spec.group('units')

    return 'hide/%s%s' % (n, units[0:1])

  if re.compile('^Groups').search(folder):
    folder = re.compile('All tasks').sub('all', folder)
    folder = re.compile('Up for grabs').sub('avail', folder)
    folder = re.compile("Everyone else's tasks").sub('others', fo