An anonymous reader writes "If you are a security developer and need to interface a Java application with the local operating system user registry, what do you do? IBMDeveloperWorks gives you the answer: 'UNIX/Linux PAM (Pluggable Authentication Module)-compatible systems that use authentication based on the GNU MD5 extensions to the crypt() system call. It will describe these extensions and show you a Java implementation of MD5 crypt (using FreeBSD as my UNIX).'"

chromatic writes "Perl.com has a new article entitled What is Perl 6?. It analyzes the changes to the language in light of the good and bad points of Perl 5 and provides new information about the current state of the project: Perl 6 exists, you can write code in it today, and it's more consistent and easier to use than Perl 5."

rgraham writes "Intel has released a number of development tools for OSX, including a C++ and Fortran compiler. I for one would be interested to see some benchmarks of code compiled using these tools and Apple's own Xcode."

beuges writes "In an entry on the Microsoft Security Response Center Blog, Stephen Toulouse explains exactly how the WMF flaw could be triggered. BetaNews has an overview of the company's response." From the BetaNews article: "This code exists on every version of Windows since version 3.0, security firms have said. When this functionality was introduced, Toulouse said the security landscape differed from what it is now and metafile records were completely trusted by the operating system. Gibson claimed that the flaw could be exploited only by using a byte size of 1 in the metafile record, which Toulouse says is incorrect. He surmised that Gibson's tests had the offending function as the last entry in the metafile, which caused only incorrect sizes to trigger the flaw." We've previous reported on the backdoor claim.

Java_Good_COBOL_Bad asks: "For Java development, would most people recommend using Eclipse or IntelliJ IDEA? I am currently using Eclipse and it took a long time to get the environment set up. I understand that Eclipse is a framework that can be used for many things, not just Java development, but all I really need is an IDE for Java. So, I wonder if Eclipse is more complex than I need. I have never used IDEA before. Is it more straight-forward? Has anybody here migrated from Eclipse to IDEA? How steep was the learning curve?"

segphault writes "Ars Technica has an article about the new partnership between Sun and Oracle, designed to provide an alternative to .NET." From the article: "According to Ellison and McNealy, their mutual goal is the production of a complete Java-centric enterprise datacenter architecture that leverages Solaris 10 and Oracle's Fusion middleware. Designed specifically as an alternative to Microsoft's .NET technology stack, the new platform is competitively priced and based on robust frameworks."

An anonymous reader writes "Steve Gibson alleges that the WMF vulnerability in Windows was neither a bug, nor a feature designed without security in mind, but was actually an intentionally placed backdoor. In a more detailed explanation, Gibson explains that the way SetAbortProc works in metafiles does not bear even the slightest resemblance to the way it works when used by a program while printing. Based on the information presented, it really does look like an intentional backdoor." There's a transcript available of the 'Security Now!' podcast where Gibson discusses this.

porkrind writes "There is no Open Source Community is an Onlamp article about the economics of open source and how most people get it wrong. Really, open source is much more about supply and demand than it is about an activist community or individual drivers (individuals or individual companies) affecting change on society." From the article: "Taking the position that individuals have pushed open source forward leads to the conclusion that a core group of ideological 'believers' is necessary for the continued success of open source software. Businesses unaware of the falsehood of this claim are too afraid of running afoul of the 'open source community' and sometimes make decisions that are not in their financial interests. Both open source-based and proprietary software vendors need to challenge these assumptions."

blackcoot asks: "I know that there are tools which exist on hardened Linux distros and OpenBSD (and probably $your_os_of_choice too), which are designed to help track down stack corruption (which is often symptomatic of buffer overruns). Unfortunately, that's about all I know about those tools. What options are there? How effective are they? What does it take to get access to those tools? Are they really useful enough to make the effort justified?"

mrtrumbe asks: "The company I work for is in the process of creating a development standard to be applied to all projects. The topics being considered range from dictating the formatting of the code (an issue on which there is widespread agreement), to creating a standard for commenting and documenting the code (a far more contentious issue). On the issue of commenting and documenting, there are two extreme views being considered with most employees' opinions falling somewhere between them." To comment, or not to comment. And if you do choose to comment, what's the best way to standardize it, company-wide?

fashla writes "Several somber and soul searching threads have been recently posted to the USENET newsgroup comp.lang.c++ such as "C++ is Dead" and "A Dying Era". The reason for this reflective mood is the sudden demise of the magazine C/C++ Users Journal (CUJ) http://www.cuj.com/ that had been published by CMP Media. Participating in the posts have been such C++ luminaries such as Bjarne Stroustrup and P.J. Plauger. While some contributers think that CUJ's demise is due to the general trend away from print, others think something else is afoot..."

An anonymous reader writes "IBM DeveloperWorks has an interesting article on how to simplify your Web-based development with Tapestry, an open-source, Java-based framework that makes developing a breeze. The article shows you around Tapestry, from installation to file structure. See for yourself how Tapestry facilitates servlet-based Web application development using HTML and template tags."

Coryoth writes "When you're writing software for an air traffic control system, military avionics software, or an authentication system for the NSA, the delivered code can't afford to have bugs. Praxis High Integrity Systems, who were the feature of a recent IEEE article, write exactly that kind of software. In "Correctness by Construction: A Manifesto for High-Integrity Software" developers from Praxis discuss their development method, explaining how they manage such a low defect rate, and how they can still maintain very high developer productivity rates using a more agile development method than the rigid processes usually associated with high-integrity software development."

dtmos writes "Clive Maxfield has an interesting article up on PL DesignLine cataloging most (all?) of the known rounding algorithms used in computer math. As he states, "...the mind soon boggles at the variety and intricacies of the rounding algorithms that may be used for different applications ... round-up, round-down, round-toward-nearest, arithmetic rounding, round-half-up, round-half-down, round-half-even, round-half-odd, round-toward-zero, round-away-from-zero, round-ceiling, round-floor, truncation (chopping), round-alternate, and round-random (stochastic rounding), to name but a few." It's a good read, especially if you *think* you know what your programs are doing."

Denver_80203 writes "Just when you thought Lego Mindstorms was grinding its last gear, comes the announcement of Lego Mindstorms NXT Robotics Toolset, with sleek servo motors, an ultrasonic sensor which allows robots to 'see' by responding to movement, a sound sensor which enables robots to react to sound commands (including sound pattern and tone recognition) improved touch and light sensors, and a and a programmable brick with at least 7 or 8 RJ11 type jacks. Robot fun! Out in August 2006, and in true Lego style will cost $249." Wired has a preview of the cover story about the new kit on their site.

FrazzledDad writes "Andrew Troelsen's Pro C# 2005 and the .NET 2.0 Platform, 3rd Ed. gives a great breadth and depth of coverage to C# and the features of Microsoft's .NET 2.0 Framework. He does a fine job covering fundamentals of C# and .NET in general and then dives into terrific detail on a number of important topics." Read the rest of Jim's review.

bariswheel wrote to mention an episode of 'Going Deep' on Channel 9 which takes a hard look at the architecture of Windows Vista. From the post: "Rob Short is the corporate vice president in charge of the team that architects the foundation of Windows Vista. This is a fascinating conversation with the kernel architecture team. It's our Christmas present to all of the Niners out there who've stuck with us day after day. This is a very candid interview." Topics discussed include the history of the Windows Registry, and the security/reliability of Microsoft's upcoming operating system.

mrseigen writes "Java Unlimited has been running a contest since Dec 1 to develop a game in Java using only four kilobytes of bytecode and resources. You have until March 1 to finish your entries, and it's worth looking at the entries for last years' contest."

Szplug writes "Bjarne Stroustrup has a sneak peek at the additions to C++ that he expects will be completed (hopefully) by 2009. Included are language-defined threads, optional garbage collection, some automatic type deduction, and template concepts. From the article: 'The list of current proposals is still quite modest and not anywhere as ambitious as I'd like. However, more proposals are being considered and more libraries will appear either as part of the C++0x standard itself or as further committee technical reports.'"

garylian writes "Some of the folks here might remember a Massive game called 'Mourning' that went into development and never really went anywhere. Apparently, it went Gold, but it wasn't even close to complete. Some former fans have a riviting Q/A with one of the former programmers. Highlights from the article include the fact that one of the game backers was a internet porn-lord!" From the article:"The game was going nowhere, no one really believed in its success. We all knew it was going to fail, but we were kind of reluctant in admiting it. Those who realized this and had better opportunities, left. Those who were blinded by different reasons or had no other choices, remained till the end (or maybe had different reasons.) It's not that we didn't try to change this direction the game was heading to... We did, but no one was listening to us. " The interview is well conducted, but you should obviously take this with a grain of salt.