I’m assuming that by now you’ve probably heard of Let’s Encrypt.
If you haven’t, they are a brand new Certificate Authority that issues SSL certificates for free via an automated system!
There has to be a catch right?
Well kinda, but it’s a small one.
The certificate is only valid for 90 days.
They mention two reasons for this in a blog post: to encourage automation and to contain the damage of a compromised cert.
If you need to renew every 90 days, you don’t want to be doing that by hand right?
By encouraging automation, they can effectively force you to investigate how to make security easier for yourself over the long term.
You may have read the famous Ten Immutable Laws Of Security but the related Ten Immutable Laws of Security Administration tells us in Law #2 that
Security only works if the secure way also happens to be the easy way
Once you have automated your SSL cert generation then the easy way will be the standard way.
As last year I was unable to post every month about the Pull Request Challenge assignments, I decided that this year I would try to post updates every three months.
So, for the first month, I got WebInject. The PR was not huge. Just a contribution to add a README file to the distribution. As the author did not want to update the README and the POD, the PR was changed in order to generate the README from the POD. This PR was then merged. Yay, first month complete.
Recently keep playing with TDD and swat I have created a small web framework based on Kelp and swat.
The essential features of this framework named Spek are:
By kd
on
March 17, 2016 6:43 AM
So lucky for me a client decided to pay me to refactor some of their very old code. Refactoring can be fun, but if you have a 20 year old business critical codebase where the team has forgotten or don't know how stuff works and it absolutely has to not break, then you have some challenges and quite a lot of potential for loss of face.
This particular job was to refactor a single large, excessively complex subroutine into something that was testable and that a relatively naive programmer could reason about. And there were no tests.
tl;dr: this blog post is relatively involved, but scroll down to the bottom to see some neat abuse of git as a data analysis assistant.
Perl's copious documentation is one of the things that keeps me using it. But
this is not an unalloyed benefit; actually finding something, unless you have
a pretty good idea where to start looking, can be like finding the proverbial
needle in a haystack.
Fortunately, we have Joshua ben Jore's perldoc-search,
which will find anything you can specify as a regular expression, and that
Perl itself can find.
Unfortunately, this can sometimes be a bit too much. I generally have several Perl
kits unpacked in my home directory (well, subdirectories of it). Since by
default file-find does a File::Find::find on
@INC, and since by default @INC contains my current
directory, then if I issue a file-find in my home directory, the
entire tree gets searched, and every unpacked kit can produce a hit.
It turns out there is a surely-unsupported but nonintrusive way to exclude
the current directory from the search. Instead of running
perldoc-search directly, run it as
perl -T -S perldoc-search
It’s 2016, but the CPAN Pull Request Challenge continues. Motivated by my 100% in 2015, I subscribed to the second year, as well. Unfortunately, I didn’t have time to blog about my January PR, but it would have been more about Git than Perl, anyway.
My March assignment was Plack::Middleware::ReverseProxyPath. I noticed the module had several testers’ failures, and looking at the matrix I noticed Perl 5.8.8 was all red in both Linux and Darwin, so I decided to have a look at that.
One morning I wake up and see a pull request from a person I don't know on a project I haven't touched in years. Yup, it's a random contributor!
The meeting first night was in a large beer bar in the centre of Nuremberg.
We went back to the Best Western to find a certain exPumpkin already resident in the bar.
Despite several of the well named Bitburgers we managed to arrive at the
conference venue on time the following morning. Since my knowledge of German was
limited to a C grade 'O' Level last century my review talks will be mostly
limited to English talks. Apologies in advance to those giving German talks
(not unreasonable considering the country). Hopefully other blog posts will
cover these.
Masak spoke about the dialectic between planning (like physics) and chaos (like
biology) in software development.
http://masak.org/carl/gpw-2016-domain-modeling/talk.pdf
Tobias gave a good beginners guide to Perl 6 in German and I was able to follow
most of the slides since I knew more Perl 6 than German and even learnt a thing
or two.
