jsuda writes "At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable." Read below for the rest of Jsuda's review.

Jon Mitchell writes "As a Perl programmer recently thrown in to the world of C development on Linux, I have been looking for something that would take my K&R level of experience and bring it up to date with modern methods, hopefully letting me write more efficient and reliable programs. Linux System Programming is a volume that targets this need. Robert Love, former "Chief Architect, Linux Desktop" at Novell, kernel hacker of many years, and Gnome developer of well known features such as Beagle and NetworkManager, attempts in this book to document the Linux system call and C API to common systems programming tasks. Given that he developed the pre-emptive kernel and inotify he has the knowledge." Read below for the rest of Jon's review.

symbolset writes "InternetNews is reporting that Cisco's new Application eXtension Platform turns several models of Cisco switches into Linux application servers. With certified libraries in C, Java and Perl, developers will be able to use a downloadable SDK to build their apps. The AXP server is just another module in a Cisco switch running Cisco's own derivation of a modern Linux distro (Kernel 2.6.x) specifically hardened to run on that particular hardware. Modules will include up to 1.4-GHz Intel Pentiums with 2 GB RAM and a 160 GB hard drive."

LinucksGirl writes to share an IBM DeveloperWorks article that shows how to support user verification through keystroke-dynamics processing by modifying the GNOME Display Manager (GDM). You can create and store a one-way encrypted hash of your keystroke patterns when entering your user name. The article shows how to add code to GDM to read current keystroke patterns and permit a user to log in when the characteristics are a match. An interesting idea to be sure but I know I certainly am not that consistent when I type, so I'm skeptical of how well this may work.

An anonymous reader writes "Engineers' focus and attention to details, along with their perceived lack of social skills, make them ideal targets to be recruited as terrorists, according to EETimes. Planning skills make engineers good 'field operatives' was written up by Raphael Perl, who heads the Action against Terrorism Unit of Organization for Security and Cooperation in Europe. He offers that 'Engineers ideally make excellent strategic planners, and they make excellent field operatives. They think differently from how other people think.' That may sound like a stereotype, but Perl claims that 'because of those traits, terrorist groups actively recruit engineers.' He says that Al-Qaeda has widely acknowledged that a significant number of the group's top leadership had engineering backgrounds." This is the second time in just a few months that engineers have been likened to terrorists.

Michael J. Ross writes "When software developers need to manipulate text programmatically — such as finding all substrings within some text that match a particular pattern — the most concise and flexible solution is to use "regular expressions," which are strings of characters and symbols that can look anything but regular. Nonetheless, they can be invaluable for locating text that matches a pattern (the "expression"), and optionally replacing the matched text with new text. Regular expressions have proven so popular that they have been incorporated into most if not all major programming languages and editors, and even at least one Web server. But each one implements regular expressions in its own way — which is reason enough for programmers to appreciate the latest edition of Regular Expression Pocket Reference, by Tony Stubblebine." Read below for the rest of Michael's review.

simoniker writes "Over at Dobbs Code Talk, Chris Diggins has been discussing programming languages beyond C++ or Java, suggesting options such as Ruby ('does a great job of showing how powerful a dynamic language can be, and leverages powerful ideas from Smalltalk, Perl, and Lisp') but suggesting Scala as a first choice ('Very accessible to programmers from different backgrounds.') What would your choice be for programmers extending beyond their normal boundaries?"

Cory Doctorow sounds the alarm over a Library of Congress deal with Microsoft that will have collections locked up in Silverlight. I'll double the Microsoft deal and offer them $6M in perl scripts and an infinite value of free OS software if they let me (or Google or any other honest company) publish their collections in free formats. "This deal involves the donation of 'technology, services and funding' (e.g., mostly not money) with a purported value of $3M from Microsoft to the Library of Congress. The Library, in turn, agrees to put kiosks running Vista in the library and to use Microsoft Silverlight to 'help power the library's new Web site, www.myloc.gov.'"

CBR is reporting that open source use in the workplace is continuing to grow at an astonishing rate. Up 26% since last year, businesses are using 94 different open source tools to get the job done. "[OpenLogic's] breakdown of licenses for the top 25 packages found that Apache, not the GPL, is the most common license. 62% of the packages use Apache, 27% use some variant of GPL and 4% each use BSD, CPL, Eclipse, MPL and Perl licenses (since packages may be released under two or more licenses, percentages total to more than 100%).

Stony Stevenson writes "Organizations using Python will be affected in a major way by changes in store for the language over the course of the next twelve months, Linux.conf.au attendees were told this morning. The Python development community is working towards a new, backwards-incompatible version of the language, version 3.0, which is slated for release in early 2009. Anthony Baxter, the release manager for Python and a senior software engineer at Google Australia, said "We are going to break pretty much all the code. Pretty much every program will need changes." Baxter also added another tidbit for attendees, saying that Python accounts for around 15 percent of Google's code base."

Esther Schindler writes "Developers spend a lot of time telling managers, 'Let me use the tool that's appropriate for the job' (cue the '...everything looks like a nail' meme here). But rarely do we enumerate when a language is the right one for a particular job, and when it's a very, very wrong choice. James Turner, writing for CIO.com, identifies five tasks for which perl is ideally suited, and four that... well, really, shouldn't you choose something else? This is the first article in a series that will examine what each language is good at, and for which tasks it's just plain dumb. Another article is coming RSN about JavaScript, and yet another for PHP... with more promised, should these first articles do well."

mAriuZ writes "Bob Rogers just released Parrot 0.5.2. This monthly release includes a couple of interesting new features. First, we've bundled Patrick Michaud's Rakudo (thats the implementation of Perl 6 on Parrot) such that you can type make perl6 on Unixy platforms and make perl6.exe on Windows and get a working standalone Perl 6 binary. This is experimental and we hope to iron out some installation and deployment issues by next months release, but it was important to demonstrate our progress. The second new feature is a toolkit for starting your own compiler. Max Mohun built a prototype several months ago, and we've added a stripped-down version for now that builds the skeleton of a compiler for you using the Parrot Compiler Tools. I mentioned the LOLCODE compiler in What the Perl 6 and Parrot Hackers Did on Their Christmas Vacation; this is how Simon and Company were able to get LOLCODE up and running so quickly."

Coverity is claiming they have found and helped to fix more than 7,500 security flaws in open source software since the inception of the governmentally backed project designed to harden open source software. The company has also identified eleven projects that have been especially responsive in correcting security problems. "Eleven projects have been awarded the newly announced status of Rung 2, including those known as Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL."

The TIOBE Programming Community Index has declared Python as the Programming Language of 2007 due to a 58% surge in its popularity rating during the year, making it now the sixth most popular programming language and finally surpassing Perl. They also assert that Python has become the "defacto glue language," being "especially beloved by system administrators and build managers."

Stony Stevenson alerts us to a US Department of Homeland Security program in which subcontractors have been examining FOSS source code for security vulnerabilities. InformationWeek.com takes a glass-half-empty approach to reporting the story, saying that for FOSS code on average 1 line in 1000 contains a security bug. From the article: 'A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006 ...' ZDNet Australia prefers to emphasize those FOSS projects that fixed every reported bug, thus achieving a clean bill of health according to DHS. These include PHP, Perl, Python, Postfix, and Samba.

alfcateat writes "Perl 1 was released to the public by Larry Wall 20 years ago yesterday. To celebrate, Perl5Porters have released Perl5.10, the latest stable version of Perl 5. Happy Birthday Perl! Perl 5.10 isn't just a bug fix version: it's full of new features that I'm eager to use: named captures in regular expressions, state variables for subroutines, the defined-or operator, a switch statement (called given-when, though), a faster regex engine, and more. You can read more about the changes in perldelta."

chromatic writes "Larry Wall's State of the Onion 11 address is now online. Every year, he describes the state of Perl and its community through metaphor and analogy. This year, Larry explored the history of scripting languages, from their dimly-lit beginnings to their glorious future. Along the way, he also describes several of the design principles invoked in the design of Perl 6. 'When I was a RSTS programmer on a PDP-11, I certainly treated BASIC as a scripting language, at least in terms of rapid prototyping and process control. I'm sure it warped my brain forever. Perl's statement modifiers are straight out of BASIC/PLUS. It even had some cute sigils on the ends of its variables to distinguish string and integer from floating point. But you could do extreme programming. In fact, I had a college buddy I did pair programming with. We took a compiler writing class together and studied all that fancy stuff from the dragon book.'"

Bogtha writes "Long-time users of Perl for their public websites, and having successfully used Ruby on Rails for internal websites, the BBC have fused the two by creating a 'Perl on Rails' that has the advantages of rapid development that Rails brings, while performing well enough to be used for the Beeb's high-traffic public websites. This is already powering one of their websites, and is set to be used in the controversial iPlayer project as well."

Michael J. Ross writes "When veteran PHP developers have specific and nontrivial functionality that they want to implement in their code, they can do so from scratch, but this can be time-consuming or essentially reinventing the wheel. They can adopt completed code posted in an online discussion forum, but such code tends to be buggy. They can use an open source library or other packaged code, but this approach can oftentimes prove to be overkill. Consequently, many developers prefer focused solutions found in PHP cookbooks, such as The PHP Anthology: 101 Essential Tips, Tricks & Hacks." Read on for the rest of Michael's review.

Brian Aker is Director of Architecture for MySQL AB. He has also worked on the code (and database) that runs Slashdot, and is well-known in both Apache and Perl circles. Outside of the arcane world of open source "back-end" programming, though, hardly anyone has heard of him. This is your chance to ask Brian (hopefully after looking at his blog and Wikipedia listing) about anything you like, from Perl to database architecture to open source philosophy to upcoming events in Seattle. We'll send Brian 10 of the highest-moderated questions approximately 24 hours after this post appears. His (verbatim) answers will appear late this week or early next week.