Perl 5 and Perl 6

We have now two Perls. Perl 5, which has been around for more than 20 years just as the „Perl programming language“ and Perl 6, which has been developed for more than a decade and of which now stable versions exist.

The fact, that they are both called „Perl“ is a bit misleading. They are two different and incompatible programming languages. But they share the same community. And Perl conferences are usually covering both languages.

So this rises the question about the differences or about which of the two Perls to use.

Here are some differences:

  • Perl 5 is well established and many people know it. Perl 6 has to be learned, even if it is relatively easy to learn for someone with a Perl 5 background.
  • Perl 5 runs about three times faster than Perl 6
  • Perl 6 programs are a bit shorter than Perl 5 programs
  • Perl 6 regular expressions are even better than Perl 5’s regular expressions
  • Perl 6 is more logical than Perl 5
  • Perl 6 uses by default better numerical types
  • Perl 6 makes it easier and more natural to do object oriented programming and functional programming
  • Perl 6 has come up with a useful approach for doing multithreading.
  • Perl 5 has so many cool libraries on CPAN, Perl 6 just a few.

Links:

Share Button

Conference Talks

Referring to the Swiss Perl Workshop, it is now time to collect all the conference talks that I have given so far and that have been uploaded as video.

Share Button

Swiss Perl Workshop 2017

I have attended the Swiss Perl Workshop.
We were a group of about 40 people, one track and some very interesting talks, including by Damian Conway.
I gave a regular talk and a lightning talk myself.
The content of my talk might go into another Blog post in the future.
The Perl programming language is still interesting, and of course it was covered in both variants: Perl 5 and Perl 6.
But many of the talks were about general issues like security and architecture and just exemplified by Perl.

The Video recording of talks was optional. Here are those that have been recorded and already uploaded: Youtube: Swiss Perl Workshop

Share Button

End of Swisscom iO

The Swisscom-App iO will be discontinued on 2017-08-31. So from then on the service will no longer be available. A bit more than four years after launching the app, it is now terminated. The goal was to replace a significant part of the conventional telephony by iO and to become a relevant player in the field with competitors like WhatsApp, Viber, Facebook-Messenger, Google-Hangouts, Threema, Skype etc.

Advantages of iO were:

  • The possibility to do „breakout-calls“, which means calling regular phone numbers from iO
  • Servers in Switzerland, operations team in Switzerland
  • Communication end-to-end encrypted
  • Good support for multiple devices with one phone number
  • It was cool, looked better and…
  • ad free
  • open to use for free for everyone worldwide

Links:

Share Button

JIRA

There are many good systems for doing the bug report tickets. Good open source tools. Some people like HP-Quality-Center. But most developer teams seem to like Jira, because it is easy to use, has hosting options and good functionality and stability. Also there are ways to support modern agile development styles like Kanban and Scrum. And it comes with a nice Wiki that apparently has partly or fully replaced Word documents in most projects that I have seen over the last 10 years.

Please remember, it is pronounced [ˈdʒi.rɑː] and not [ˈdʒɑi.rɑː]. For English speakers: think of „Jeera“. For German speakers: think of „Djihra“. The word is of Japanese origin and usually it does not work to apply an assumed English pronunciation to any non-English language. English is too irregular to guess the pronunciation without knowing the word for most of us. And more irregular than most other languages.

Share Button

Shell Scripts

Shell scripts can be useful for writing small stuff like combining a few commands to pipes or doing a bit of „back ticking“. Even simple loops and if-conditions are possible. And if we want, it is almost a full programming language. A bit hard to tame, maybe, but quite a lot of stuff is possible. Those who like to know more about it may look into startup scripts of typical java software. Often a .bat and a .sh file are provided, where the right jvm is found, the classpath and the execution path and maybe some other environment are put together. In the end the .sh-file is quite a long and unreadable horror story and the .bat file is even much worse, because the cmd-language is just a lot more primitive and less capable and requires even worse hacks.

There are ways to make shell scripts more readable, which by themselves are truly admirable, but I think that route is wrong. We can learn all the Shell functionalities and understand bit by bit even more complex shell scripts, but I think for non trivial shell scripts it is time to switch to real programming languages instead. Scripting languages, of course, for example Perl, Ruby, Python or Lua. We may still execute „shell commands“, that are actually programs in /bin, /usr/bin or /usr/local/bin where they are powerful and more concise than writing purely in that programming language. But a magic for putting together a classpath is much cleaner in the Perl programming language than in pure bash (or worse cmd/bat).

This is of course another example of the Golden Hammer anti pattern. We should balance our tool box. Not add specific tools for making any minor task a bit easier on the expense of supporting one more tool, but keep a broad range of tools that in conjunction are very powerful. For example I would retire awk and sed and use either Perl or Ruby instead. We only have to keep them around because a lot of system tools that are just there still rely on them, but for a team I would deprecate awk and sed for new scripts or even for enhancing existing scripts. Bash would be ok only for small scripts, you can invent a line number or a maximum complexity, but for very short scripts I think bash is a legitimate tool.

Switch to Perl, Perl6, Ruby or… when you encounter any of the following:

  • The scripts is getting kind of long (>= 100 lines)
  • You find yourself modularizing it with functions
  • You find yourself using non trivial perl, ruby, sed or awk within the script, for example regex-stuff
  • The script need interaction
  • The scripts needs arrays, numbers or other types
  • More than one or two trivial if-statements or loop-statements are needed
  • Database access is done by the script (SQL or NoSQL)
  • String encoding becomes relevant
  • Quoting levels become an issue

This post was inspired by a similar post on the Isoblog by Kris. And the Shell Style Guide of Google is quite good especially in limiting the area where shell scripts are acceptable.

Share Button

WLANs

We use our computers and other devices everywhere. While phones are of course equipped with a SIM card that at least part of the time allows relatively cheap internet access via the GSM-network (of course today UMTS or LTE or whatever comes next), laptops usually do not have SIM cards, even though they could. So we rely on these WLANs that we find in Cafés, gas stations, shops, hotels, camp ground, airports, train stations, trains and sometimes even in cities. While we are used to paying for our SIM cards monthly fees or even volume based fees, the question if it should cost money to use a WLAN is still open. Some years ago the WLAN cost extra in most places. The problem was, that the effort for collecting the money was by some orders of magnitude higher than the effort for actually providing the WLAN, resulting in prices that were way too high. So the normal model is now that we pay for the camping, train, flight, hotel, coffee or whatever and some very very tiny fraction of this money is used to implement the WLAN. It does not hurt the people, who do not use it, because it is so little.

Now there are some ways to get into WLANs, which we all know too well:

  1. Open WLAN: just use it
  2. Password for WLAN required
  3. „Open“ WLAN, need to confirm the conditions
  4. „Open“ WLAN, need to provide phone number or email address with some verification
  5. „Open“ WLAN, need to give username + password on some page

While (1) is of course ok from a user point of view and (2) works very well for small sites like hotels, the other approaches are somewhat problematic and fragile.

They all rely on the assumption that the device uses the DNS as is provided by DHCP from the WLAN or on an intercepting proxy. Anyway, the network is in two different states. In the first state it does not behave regularly, but going to any page with the browser will actually lead to the login page. The internet will not work in the beginning, even though at network level everything is there, just the routing or maybe the DNS or the Web-Caching are skrewed up. My phone detects such a skrewed up internet and by itself opens the „login“-page by going to www.google.com, which of course is today https://www.google.com/. It won’t work, because it leads to a fake „www.google.com“, so the https-certificate is not correct and the browser refuses to show it, unless we really ask for an exception, which I would not recommend. Knowing this, we can always overcome the problem by just surfing to any site that is still not https and that is not in the browser cache. This is going to become harder, but is still possible. Is it ugly? I would think so. Even worse, there is a time window for doing this, and sometimes the login does not really work well, so we need to try it over and over again, until it finally works or we give up and use the phone as a temporary WLAN-router, hoping it will not break out of our free Megabytes. Verifying a phone number is not too bad, because via SMS there is a channel independent from the WLAN to transmit the verification code. Do we have a phone? I guess so, people without phone are really very rare, so I would consider that ok. Why do they need this information? Should they ask for it? I do not think so… It depends of course how much we trust in our current and future democracy and in our government and company organizations constraining themselves to legal and ethical conduct. But from a purly technical point of view this kind of works. The email is kind of cute. To confirm it, we need access to our email system, which in turn already requires internet. But it happens. Just confirming „terms and conditions“ is also kind of cute, because the option of actually reading them is offered, but rarely used. And they would know it, if they just looked into their logs.

So I would really love to just use the internet and I would really love to rely on people using the internet to behave legally and ethically without going through long terms and conditions. Maybe those who provide the internet need these, to ensure that they do not have to pay for fallacies of their internet users, but making them pay is not really a good idea. A criminal offense is the fault of a criminal and not of those who provide some common infrastructure for communication that is in no way specific to criminal activity. Actually those who are somewhat skilled in criminal activities also know their ways to hide their identity when using some WLAN.

The last one is kind of tricky. It does have some justification, because it allows for more fine granular access. But it still uses somewhat broken mechanisms by providing a broken internet to log in and then the working internet. I think it would be better to extend the WLAN standard to provide for a username+password-login instead of only using a password for the WLAN.

Btw., I recommend to assume that the WLAN is not safe and always run a firewall against the WLAN and do delicate access to other systems via the WLAN using a vpn like OpenVPN or of course encrypted variants of common internet protocols like ssh, https etc. The older WLAN encryption standard was just a joke. The current one is kind of ok but I prefer not to trust it. Since we use our devices in all kinds of WLANs anyway, trusting some WLANs and not trusting others is just too much risk in terms of misconfiguration. And as soon as we are accessible via the internet, the attackers are already there and scanning ports and some common URLs. If they are in the WLAN or not, I do not want to rely on them not being there…

Share Button

Do it yourself..

We often observe that something that needed help by an employee is now done by ourselves. Our automobile-affine friends have to fill in gasoline themselves since the seventies in Germany and now even the payment is often done with cards, so that there is no human on site, but only video surveillance, I assume. In Italy it is hard to buy a map, because the shops that usually sell them in gas stations have become very rare and other shops do not sell maps either. This maybe another „do it yourself“, because we use our phone as a map and the printed map has become obsolete or at least less important. Depending on the roaming costs this can be more expensive, but it is there and helps us find where we are on the map and even finding our way…

In some shops we can scan the stuff that we bought ourselves. In some shops in England this is actually the only way that is available. For small purchases I do that myself, because waiting in the line takes longer, but for a larger number of items I would think that the professional is still faster, if the lines are not excessively long. Btw. Aldi, which is a company that runs their shops very efficiently and offers good prices in turn does not seen to use this at all, but they rather trained their employees to be efficient when scanning and to do other work in the shop when there are less people queuing.

Some countries have abolished all the post offices or at least the majority of them, but the service is covered by other shops that are there for something else and cover the postal service by their employees. This helps retaining some presence in thinly populated areas, but it becomes a problem for non trivial requests. They exist in the postal service and it becomes painful when the employees do not have the skills to help. We start using our phone and try to find it out ourselves, which may or may not help.

Airports and airlines encourage to do the check-in via app or internet, which can be a good thing because dealing with this process is annoying, but still faster than waiting in the line. The question remains why so few counters are open.. Baggage drop can also be automated, which works well with standard sized luggage. If we have a kg too much, a human might let us get away with it, but I doubt that a machine is responsive to a smile and a short explanation, if not accompanied by payment. And „oversize“ luggage will always require assistance.

A similar issue arises with railroad tickets. The majority of them can be bought via internet, the app or the vending machine. This has been somewhat improved. In Germany it is possible to find a phone number and reach a human for more difficult tickets. Then we just need to identify with a credit card or with a rail pass on any vending machine to print the tickets, even tickets which we would never have been able to buy ourselves on the vending machine, either because they do not appear in the menus, or because they are too hard to find. Or because the risk of buying a more expensive ticket is too big. In Switzerland a mechanism that was meant primarily for handicapped people who are buying there tickets allows for a VoIP-connection from the vending machine to a call center or to call a number, to get help for the buying process. This is primarily for helping to actually use the machine, which can be useful or at least eliminate some of the panic from situations where we need to get the ticket before our train leaves, if the time is not too short (German Blog about this on the official blog of the SBB). I would like to add that the Swiss ticket vending machines are more user friendly. Now of course we are encouraged to move away from the vending machine and to use the mobile app or print the tickets via the internet. This lets us do work ourselves that was formerly done by an employee, but maybe still saves us time in most of the cases.

When there is still a ticket office with professional railroad employees within reach, this can be ok, but it can become hard if the ticket vending office is run by another shop with their employees like some post office replacements or if there is no human at all within reach. Buying the ticket on the train has become more difficult to impossible as well.

But some of us have maybe heard that in the old days a phone call implied calling some operator and having the operator connect the phone call. This was still available as an option not too many years ago, at least in the time before the mobile phones came up. And it was actually used in the United States, mostly to create calls that were charged to the callee instead of the caller. Usually just dialing the number or even using it from the phones address book is much more convenient than talking to the operator.

So doing things ourselves can be a win-win situation, if the assistence we can get is good enough or if businesses lets us profit from their efficiency gain in some reasonable way. But in any more sophisticated transaction we either loose endless time to figure out how to do them or we absolutely need a human to help us. What is a sophisticated transaction may change with the time. We can learn things and software can become better.

Today quite often even things like login or registration sometimes are difficult. An example across which I came a few times are „master sites“ and afiliated sites, like „SwissPass“ and the Swiss Federal Railroad (SBB) or „Miles and More“ and the site of an airline within the system. This allows for a login via the master site, but also for a direct login bypassing the master site, where we do not necessarily have an account. Getting this right technically and UX-wise is a challenge. But the concepts exist. Yes, it is non-trivial identity management.

And quite often sites just do not work. I tried to register on some sites and gave up. It is necessary to enter 8 pieces of information. If one of them is wrong, the other 7 need to be entered again. Ok, they come from auto completion of the browser, maybe. Phone numbers and dates fields often do not work well. Date fields should always accept ISO-format like „2016-07-16“ besides a date format that is commonly used in the locale of the user, like „16.07.2016“ in Germany and Switzerland (though the official format is ISO). This is ugly, but can be handled, if the desired format is mentioned in the form. Often a calendar widget is useful, because it helps us know the weekday, but in case of the birth date we rarely need it for that reason. The phone number is very often a problem. There are so many variants to this, but actually starting with a „+“ and separating groups of digits with spaces should at least work. That is another issue. Quite a few forms fail because of leading or trailing spaces, which we hardly see and which we sometime get into the form when using copy+paste.

I remember the nightmare of installing Oracle 10-15 years ago. There was a „comfortable“ installer, written in Java (Java 1.1). Everything worked fine and then the installer failed with some red alarm, without any obvious way out, other than do it once again. Of course professional Oracle admins never used this installer and got it right within a day. But leaving the user in a „nightmare“ situation without any visible way out of this is a clear UX anti pattern. Even if I am no way a UX specialist but just an ordinary user I can tell.

Share Button

Bring your own Device

This issue is quite controversial and it applies to laptops, tablets and smart phones.
Usually the „bringing“ is not really an issue, you can have anything in your bags and connect it via the mobile phone network as long as it does not absorb the working time.
But usually this implies a bit more.
There are some advantages in having company emails and calendar on a smart phone. This is convenient and useful. But there are some security concerns that should be taken serious. How is the calendar and the emails accessed? How confidential are the emails? Do they pass through servers that we do not trust? What happens, if a phone gets lost?
This is an area, where security concerns are often not taken too serious, because it is cool for top manager to have such devices. And they can just override any worries and concerns, if they like.
This can be compensated by being more restrictive in other areas. 😉
Anyway, the questions should be answered. In addition, the personal preferences for a certain type of phone are very strong. So the phone provided by the company might not be the one that the employee prefers, so there is a big desire to use the own phone or one that is similar to the own phone, which depends on the question of who pays the bills, how much of private telephony is allowed on the company phone and if there are work related calls to abusive times.
Generally the desirable path is to accept this and to find ways to make this secure.

The other issue is about the computer we work with. For some kind of jobs it is clear that the computer of the company is used, for example when selling railroad tickets or working in the post office or in a bank serving customers.

It shows that more creative people and more IT-oriented people like to have more control on the computer they work with.
We like to have hardware that is powerful enough to do the job. We like to be able to install software that helps us do our job. We like to use the OS and the software that we are skilled with. Sometimes it is already useful to be able to install this on the company computer or in a virtual computer within the company computer. Does the company allow this? It should, with some reasonable guidelines.

Some companies allow their employees to use their own laptops instead. They might give some money to pay for this and expect a certain level of equipment for that. Or just allow the employees to buy a laptop with their own money and use it instead of the company computer. They will do so and happily spend the money, even though it is wrong and the company should pay it. But the pain of spending some of the own money is for many people less than the pain of having to use crappy company equipment.

This rises the question of the network drive Q:, the outlook, MS-Word, MS-Excel,…
Actually this is not so much an issue, at least for the group we are talking here. Or becoming less of an issue.
Drive Q: can quite well be accessed from Linux, if the company policies allow it. But actually modern working patterns do not need this any more.
We can use a Wiki, like MediaWiki or Confluence for documentation. This is actually a bit better in many cases and I would see a trend in this direction, at least for IT-oriented teams.
Office-Formats and Email are more and more providing Web-Applications that can be used to work with them on Linux, for example. And MS-Office is already available for Linux, at least for Android, which is a Linux Variant. It might or might not come for Desktop Linux. LibreOffice is most of the time a useful replacement. Maybe better, maybe almost as good, depending on perspective… And there is always the possibility to have a virtual computer running MS-Windows for the absolutely mandatory MS-Windows-programs, if they actually exist. Such an image could be provided and maintained by the company instead of a company computer.

It is better to let the people work. To allow them to use useful tools. To pay them for bringing their own laptop or to allow them to install what they want on the company laptop. I have seen people who quit their job because of issues like this. The whole expensive MS-Windows-oriented universe that has been built in companies for a lot of money proves to be obsolete in some areas. A Wiki, a source code repository, … these things can be accessed over the internet using ssh or https. They can be hosted by third parties, if we trust the third party. Or they can be hosted by the company itself. Some companies work with distributed teams…

It is of course important to figure out a good security policy that allows working with „own“ devices and still provide a sufficient level of security. Maybe we just have to get used to other ways of working and to learn how to solve the problems that they bring us. In the end of the day we will see which companies are more successful. It depends on many factors, but the ability to provide a innovative and powerful IT and to have good people working there and actually getting stuff done is often an important factor.

Share Button

tmp-directories

On all computers we have some concept of a tmp-directory. Typically it is /tmp on Linux- and Unix-systems and something like C:/TEMP plus some subdirectory in each users home directory on MS-Windows.

In terms of software development this tends to be some dark area. Programs like to create some files there, store some stuff there and then maybe remove it, maybe not. And we do not know for sure, when we can delete these files and we actually do not want to care. Linux and Unix-Systems sometimes clear their tmp-directories on reboot, while providing an additional /var/tmp-directory, that survives reboot. Sometimes the tmp-directory is deducted from shared memory, so it is kind of a RAM-disk, but usually stored in the swap partition (or swap file) of our OS. Now this cleanup on reboot does not help too much, when we want to keep our system running for a long time.

These days most computers are somehow dedicated. Either they are virtual computers that run exactly one server application or a set of closely related server applications. Or it is a mobile phone, tablet or desktop computer that is typically used by only one person. But still we should not forget that the system should allow being used by several applications and by several users. So sharing the same tmp-directory for everyone can cause some conflicts. The Unix- and Linux-family has a way of setting file permissions for the tmp-directory itself and for its entries that stop users from reading, changing or deleting each others files, but still there is some concurrency about using the namespace of this one directory, which is usually quite elegantly bypassed by each software by using smart naming or by having the OS create unique names. But I would not consider it ideal. On the other hand, sometimes we might actually want to use the tmp-directory to share something between users or between processes, where this one tmp-directory might come in handy.

The approach of having a separate tmp-directory in each home directory and in a sub directory of each server application’s installation is tempting, because it separates name spaces, allows to disallow reading the directory entries by others and does not mix totally unrelated stuff in one directory. There is a drawback to this. We usually have different storage technologies. Some are optimized for reading, maybe even avoiding redundancy, because the system can be reinstalled. Some use sporadic writing, some are strictly read-only. And some use a lot of reading and writing. Some data is transient, some can be easily restored and some data needs to be stored redundantly to be safe. Depending on that we should aim to put it on Flash disks, or on a different RAID setup of hard disks. This is getting harder with virtualization, but eventually we can get to the point where virtual computers have disks of different characteristics, that are mapped to the appropriate hardware.

So there is no real good answer to this question, but I think that a tmp-directory that is separate from the home directory, but specific to each user, would be the best approach. Will this change? Probably not so easily. But maybe in some distant future.

Share Button