Active since 1995, the Comprehensive Perl Archive Network (or CPAN) hosts 221,742 Perl modules written by 14,548 authors. This week they announced that the CPAN Security Group "was authorized by the CVE Program as a CVE Numbering Authority (CNA)" to assign and manage CVE vulnerability identifications for Perl and CPAN Modules.

"This is great news!" posted Linux kernel maintainer Greg Kroah-Hartman on social media, saying the announcement came "Just in time for my talk about this very topic in a few weeks about how all open source projects should be doing this" at the Linux Foundation Member Summit in Napa, California. And Curl creator Daniel Stenberg posted "I'm with Greg Kroah-Hartman on this: all Open Source projects should become CNAs. Or team up with others to do it." (Also posting "Agreed" to the suggestion was Seth Larson, the Python Software Foundation's security developer-in-residence involved in their successful effort to become a CNA in 2023.)

444 CNAs have now partnered with the CVE Program, according to their official web site. The announcement from PerlMonks.org: Years ago, a few people decided during the Perl Toolchain Summit (PTS) that it would be a good idea to join forces, ideas and knowledge and start a group to monitor vulnerabilities in the complete Perl ecosystem from core to the smallest CPAN release. The goal was to follow legislation and CVE reports, and help authors in taking actions on not being vulnerable anymore. That group has grown stable over the past years and is now known as CPANSec.

The group has several focus areas, and one of them is channeling CVE vulnerability issues. In that specific goal, a milestone has been reached: CPANSec has just been authorized as a CVE Numbering Authority (CNA) for Perl and modules on CPAN

"Scientists have just resurrected 'ELIZA,' the world's first chatbot, from long-lost computer code," reports LiveScience, "and it still works extremely well." (Click in the vintage black-and-green rectangle for a blinking-cursor prompt...) Using dusty printouts from MIT archives, these "software archaeologists" discovered defunct code that had been lost for 60 years and brought it back to life. ELIZA was developed in the 1960s by MIT professor Joseph Weizenbaum and named for Eliza Doolittle, the protagonist of the play "Pygmalion," who was taught how to speak like an aristocratic British woman.

As a language model that the user could interact with, ELIZA had a significant impact on today's artificial intelligence (AI), the researchers wrote in a paper posted to the preprint database arXiv Sunday (Jan. 12). The "DOCTOR" script written for ELIZA was programmed to respond to questions as a psychotherapist would. For example, ELIZA would say, "Please tell me your problem." If the user input "Men are all alike," the program would respond, "In what way."

Weizenbaum wrote ELIZA in a now-defunct programming language he invented, called Michigan Algorithm Decoder Symmetric List Processor (MAD-SLIP), but it was almost immediately copied into the language Lisp. With the advent of the early internet, the Lisp version of ELIZA went viral, and the original version became obsolete. Experts thought the original 420-line ELIZA code was lost until 2021, when study co-author Jeff Shrager, a cognitive scientist at Stanford University, and Myles Crowley, an MIT archivist, found it among Weizenbaum's papers. "I have a particular interest in how early AI pioneers thought," Shrager told Live Science in an email. "Having computer scientists' code is as close to having a record of their thoughts, and as ELIZA was — and remains, for better or for worse — a touchstone of early AI, I want to know what was in his mind...."

Even though it was intended to be a research platform for human-computer communication, "ELIZA was such a novelty at the time that its 'chatbotness' overwhelmed its research purposes," Shrager said.
I just remember that time 23 years ago when someone connected a Perl version of ELIZA to "an AOL Instant Messenger account that has a high rate of 'random' people trying to start conversations" to "put ELIZA in touch with the real world..."

Thanks to long-time Slashdot reader MattSparkes for sharing the news.

Not every tech "advent calendar" involves programming puzzles. Instead the geek tradition of programming-language advent calendars "seems to have started way back in 2000," according to one history, "when London-based programmer Mark Fowler launched a calendar highlighting a different Perl module each day."

So the tradition continues...

• Nearly a quarter of a century later, there's still a Perl Advent Calendar, celebrating tips and tricks like "a few special packages waiting under the tree that can give your web applications a little extra pep in their step."

• And of course there's a separate advent calendar for Raku programmers.

• Since 2009 web performance consultant (and former Yahoo and Facebook engineer) Stoyan Stefanov has been pulling together an annual Web Performance calendar with helpful blog posts.

• There's also a JVM Advent calendar with daily helpful hints for Java programmers.

• Another advent calendar promises daily posts about C#.

• The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — is celebrating the season with the "HTMHell Advent Calendar," promising daily articles on security, accessibility, UX, and performance.

• There's even an advent calendar with tips for the reverse-engineering framework Radar.

• There's still a lovely web-design themed calendar at Designcember.com.

And meanwhile developers at the Svelte frontend framework are actually promising to release something new each day, "whether it's a new feature in Svelte or SvelteKit or an improvement to the website!"

But not every tech advent calendar is about programming...

• Adafruit's managing director is publishing a Retrocomputing Advent Calendar — daily looks at the ghosts of computers past.

• The Atlantic continues its 17-year tradition of a Space Telescope advent calendar, featuring daily images from both NASA's Hubble telescope and James Webb Space Telescope

• The gaming blog Rock Paper Shotgun has been counting down their favorite games of 2024...

Five local privilege escalation (LPE) vulnerabilities in the Linux utility "needrestart" -- widely used on Ubuntu to manage service updates -- allow attackers with local access to escalate privileges to root. The flaws were discovered by Qualys in needrestart version 0.8, and fixed in version 3.8. BleepingComputer reports: Complete information about the flaws was made available in a separate text file, but a summary can be found below:

- CVE-2024-48990: Needrestart executes the Python interpreter with a PYTHONPATH environment variable extracted from running processes. If a local attacker controls this variable, they can execute arbitrary code as root during Python initialization by planting a malicious shared library.
- CVE-2024-48992: The Ruby interpreter used by needrestart is vulnerable when processing an attacker-controlled RUBYLIB environment variable. This allows local attackers to execute arbitrary Ruby code as root by injecting malicious libraries into the process.
- CVE-2024-48991: A race condition in needrestart allows a local attacker to replace the Python interpreter binary being validated with a malicious executable. By timing the replacement carefully, they can trick needrestart into running their code as root.
- CVE-2024-10224: Perl's ScanDeps module, used by needrestart, improperly handles filenames provided by the attacker. An attacker can craft filenames resembling shell commands (e.g., command|) to execute arbitrary commands as root when the file is opened.
- CVE-2024-11003: Needrestart's reliance on Perl's ScanDeps module exposes it to vulnerabilities in ScanDeps itself, where insecure use of eval() functions can lead to arbitrary code execution when processing attacker-controlled input. The report notes that attackers would need to have local access to the operation system through malware or a compromised account in order to exploit these flaws. "Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited," adds BleepingComputer.

Long-time Slashdot theodp says this "provocative" blog post by former Google engineer Avery Pennarun — now the CEO/founder of Tailscale — is "a call to take back the Internet from its centralized rent-collecting cloud computing gatekeepers."

Pennarun writes: I read a post recently where someone bragged about using Kubernetes to scale all the way up to 500,000 page views per month. But that's 0.2 requests per second. I could serve that from my phone, on battery power, and it would spend most of its time asleep. In modern computing, we tolerate long builds, and then Docker builds, and uploading to container stores, and multi-minute deploy times before the program runs, and even longer times before the log output gets uploaded to somewhere you can see it, all because we've been tricked into this idea that everything has to scale. People get excited about deploying to the latest upstart container hosting service because it only takes tens of seconds to roll out, instead of minutes. But on my slow computer in the 1990s, I could run a perl or python program that started in milliseconds and served way more than 0.2 requests per second, and printed logs to stderr right away so I could edit-run-debug over and over again, multiple times per minute.

How did we get here?

We got here because sometimes, someone really does need to write a program that has to scale to thousands or millions of backends, so it needs all that stuff. And wishful thinking makes people imagine even the lowliest dashboard could be that popular one day. The truth is, most things don't scale, and never need to. We made Tailscale for those things, so you can spend your time scaling the things that really need it. The long tail of jobs that are 90% of what every developer spends their time on. Even developers at companies that make stuff that scales to billions of users, spend most of their time on stuff that doesn't, like dashboards and meme generators.

As an industry, we've spent all our time making the hard things possible, and none of our time making the easy things easy. Programmers are all stuck in the mud. Just listen to any professional developer, and ask what percentage of their time is spent actually solving the problem they set out to work on, and how much is spent on junky overhead.
Tailscale offers a "zero-config" mesh VPN — built on top of WireGuard — for a secure network that's software-defined (and infrastructure-agnostic). "The problem is developers keep scaling things they don't need to scale," Pennarun writes, "and their lives suck as a result...."

"The tech industry has evolved into an absolute mess..." Pennarun adds at one point. "Our tower of complexity is now so tall that we seriously consider slathering LLMs on top to write the incomprehensible code in the incomprehensible frameworks so we don't have to."

Their conclusion? "Modern software development is mostly junky overhead."

An anonymous reader quotes an op-ed for Slate, written by Amanda Chen: In August 2009, Wired magazine ran a cover story on Craigslist founder Craig Newmark titled "Why Craigslist Is Such a Mess." The opening paragraphs excoriate almost every aspect of the online classifieds platform as "underdeveloped," a "wasteland of hyperlinks," and demands that we, the public, ought to have higher standards. The same sentiment can found across tech forums and trade publications, a missed opportunity that the average self-professed LinkedIn expert on #UX #UI #design will have you believe that they are the first to point out. But as sites like Craigslist increasingly turn into digital artifacts, more people, myself included, are starting to see the beauty that belies those same features. Without them, where else on the internet could you find such ardent professions of desire or loneliness, or the random detritus of a life so steeply discounted?

The site has changed relatively little in both functionality and appearance since Newmark launched it in 1995 as a friends and family listserv for jobs and other opportunities. Yet in spite of that, it remains a household name whose niche in the contemporary digital landscape has yet to be usurped, with an estimated 180 million visits in May 2024. Though, it's certainly not for a lack of newcomers attempting to stake their claims on the booming C2C market; in the U.S., Facebook Marketplace, launched in 2016, is its closest direct competitor, followed by platforms like Nextdoor and OfferUp. Craigslist's business model is quite simple: Users in a few categories -- apartments in select cities, jobs, vehicles for sale -- pay a small but reasonable fee to make posts. Everything else is free. Its Perl-backed tech is straightforward. The team is relatively lean, as the company considers functions like sales and marketing superfluous. This strategy has allowed Craigslist to stay extremely profitable throughout the years without implementing sophisticated recommendation algorithms or inundating the webpage with third-party advertisements. Its runaway success threatens decades-old industry gospels of growth, disruption, and innovation, and might force tech evangelists to admit they don't fully understand what people want. [...]

These days I find myself casually browsing Craigslist in lieu of Instagram. Like readers of a local paper, I use it to keep a pulse on what's happening around me, even if I'll never know who these people are. That's beside the point. Perhaps Craigslist's single greatest cultural contribution, and my favorite place to lurk, is the "missed connections." The feature has inspired countless copycats, artistic reinterpretations, human interest stories, and analyses (one in particular extrapolated that Monday evenings are the most lovelorn time across the country). There is something deeply comforting about seeing those intangible threads of yearning which permeate a city so plainly laid out, as confirmation that you're not alone in wanting to be seen by others alive in the same place and time as you. Sometimes I'll peruse random job listings or the "free" section. This leads to the ever-amusing exercise, which I'll often invite friends to participate in, of speculating about the motivations and circumstances behind an object's acquisition and imminent relinquishment. I'll even visit the clunky, dial-up era-style discussion forums, subdivided into topics labeled things like "death and dying" or "haiku hotel," where a unique penchant for whimsy and romance can be felt deeply throughout. On Craigslist, a post can be a shout into the void that may or may not be returned, an affirmation of life, but regardless, in 45 days it's gone. Positioned somewhere in between digital ephemera and archive, the site's images and language are often utilitarian, occasionally unintelligible, and just when you least expect it, absurd, poetic, and profound. "Frequently, technologists remain convinced that the market will eventually reveal a solution for all of our deep-seated societal problems, something that we can hack if only granted access to better tech," writes Chen, in closing. "From the start, the industry has advanced the idea that change is inherently good, even if only for its own sake, which can be viewed as symptomatic of the accelerating conditions of late-stage capitalism. Of course, there are many ways in which change is desperately needed in this moment, but when it comes to the particular case of Craigslist, it hardly seems necessary."

It's a geek tradition that started online back in 2000. Programming language "advent calendars" offer daily tips about a programming language (if not a Christmas-themed programming puzzle) -- one a day through December 25th.

And 2023 finds a wide variety of fun sites to choose from:

• For example, there's 24 coding challenges at the Advent of JavaScript site (where "each challenge includes all the HTML and CSS you need to get started, allowing you to focus on the JavaScript.") And there's another 24 coding challenges on a related site... Advent of CSS.

• The cyber security training platform "TryHackMe.com" even coded up a site they call "Advent of Cyber," daring puzzle-solvers to "kickstart your cyber security career by engaging in a new, beginner-friendly exercise every day leading up to Christmas!"

• The programming puzzles at Advent of Code are continuing through the 25th (though so far less than 30,000 people have solved both parts of Saturday's challenge.)

• Every year since 2000 there's also been a new edition of the Perl Advent Calendar, and this month Year 23 started off with goodies from Perl's massive module repository, CPAN. (Specifically its elf-themed story references the Music::MelodicDevice::Ornamentation module) -- along with the MIDI::Util library and TiMidity++, a software synthesizer that can play MIDI files without a hardware synthesizer.)

• Meanwhile, since 2009 there's also been an advent calendar for Raku (the programming language formerly known as Perl 6), promising an article a day. (Day One's entry was titled "Rocking Raku Meets Stodgy Debian...")

• James Bennett, from the Django project's core team, is even attempting a Python/Django Advent calendar.

• There's also a JVM advent calendar for the Java Virtual Machine, plus another advent calendar promising daily posts about C#.

• The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — is celebrating the season with the "HTMHell Advent Calendar," promising daily articles on security, accessibility, UX, and performance.

The creators of four programming languages will appear together onstage for a historic conversation on September 19th.

- Adele Goldberg — Smalltalk
- Guido Van Rossum — Python
- Anders Hejlsberg — Turbo Pascal, C#, TypeScript
- James Gosling — Java

The announcement describes it as "a conversation about programming language design." The charity event brings together this unique group of computer science pioneers, unlike any event held before. These great minds come together for what will surely be a fantastic night of discussion as the panel delves into the past and future of programming language creation.
It's a fundraiser for two groups. NumFOCUS is a nonprofit charity sponsoring nearly all the major tools in the Python data science stack (including jupyter, numpy, pandas, and matplotlib), and it's also the group behind PyData conferences on open source data tools. And the Last Mile Education Fund offers financial support for low-income underrepresented students. It's being billed as the "inaugural charity event" of PyData Seattle.

This happened once before in 2019, when Puget Sound Programming Python arranged a four-way discussion with Python creator Guido van Rossum, Java creator James Gosling, Perl creator Larry Wall, and Anders Hejlsberg (Turbo Pascal, C#, TypeScript). They held a 90-minute discussion about "language design, the universe, and everything" as a benefit for CSforALL (a group promoting computer science classes at every grade level). During that discussion Gosling shared how Java "started out as kind of 'Do a better C', and it got out of control. The rest of the project really ended up just providing the context." And Anders Hejlsberg told the audience that TypeScript was inspired by massive "write-only" JavaScript code bases.

In their discussion on variable typing and its use in IDEs, Gosling mocked what he called the "real men use vi" mentality, leading to a lively back and forth. Perl's Larry Wall later acknowledged the importance of types and the careful consideration that went into implementing them for Perl 6, but also shared his unique perspective as a long-time designer of programming languages. "I think IDEs make language developers lazy."

At the end of the event, they all agreed that the most rewarding part of language design was the people — the excitement, the gratitude, and to see that community helping others in its community.

Perl 5.38 was released this week "after being in development for more than one year," reports Phoronix. "Perl 5.38 brings a new experimental syntax for defining object classes where per-instance data is stored in 'field' variables that behave like lexicals."

"Maybe, just maybe, the new features introduced into the language in this newest version will attract much sought new talent," writes the site I Programmer, noting the argument that Perl is installed by default everywhere — and has the "fun factor... The class keyword is part of the plan to bring effective object-oriented programming to the Perl core while still keeping Perl being Perl."

The Perl docs warn that "This remains a new and experimental feature, and is very much still under development. It will be the subject of much further addition, refinement and alteration in future releases." But "Since Perl 5, support for objects revolved around the concept of blessing references with a package name," notes updated documentation, which points out this new class syntax "isn't a bless wrapper, but a completely new system built right into the perl interpreter." The class keyword declares a new package which is intended to be a class... classes automatically get a constructor named new... Just like with other references, when object reference count reaches zero it will automatically be destroyed.
Phoronx notes that Perl 5.38 also brings a new PERL_RAND_SEED environment variable "for controlling seed behavior for random number generation," along with some new APIs. And I Programmer adds that Perl 5.38 also adds support for Unicode 15.0, adding 4, 489 characters, for a total of 149,186 characters. Other additions include enhanced regular expressions, plus defined-or and logical-or assignment default expressions in signatures.

Three years after Rails was introduced in 2005, InfoWorld asked whether it might the successor to Java.

That didn't happen. So this week InfoWorld "spoke to current and former Ruby programmers to try to trace the language's rise and fall." Some responses: "Rails came along at the cusp of a period of transformation and growth for the web," says Matthew Boeh, a Ruby developer since 2006. "It both benefited from and fueled that growth, but it was a foregone conclusion that it wasn't going to be the only success story." Boeh recently took a job as a senior staff software engineer at Lattice, a TypeScript shop. "You could say that Ruby has been a victim of its own success, in that its community was a major driving force in the command-line renaissance of recent years," he says. "In the early '00s it was introducing REPL-driven development to people who had never heard of Lisp, package management to people who would have been scared off by Perl's CPAN, test-driven development to people outside the highly corporate Java world, and so on. This is all stuff that is considered table stakes today. Ruby didn't originate any of it, but it was all popularized and made accessible by Rubyists...."

"The JavaScript ecosystem in its current form would have been unimaginable in 2004 — it needed both the command line renaissance and the takeoff of the web platform," adds Lattice's Boeh. "Did you know it took a full decade, 1999 to 2009, to release a single new version of the JavaScript standard? We get one yearly now. Rails became a big deal in the very last time period where it was possible to be a full-stack developer without knowing JavaScript...."

[W]hen it comes to data science, Python has a leg up because of the ready availability of libraries like TensorFlow and Keras. "These frameworks make it easy for coders to build data visualizations and write programs for machine learning," says Pulkit Bhardwaj, e-commerce coach at BoutiqueSetup.net. JavaScript, meanwhile, has spawned seemingly endless libraries that developers can easily download and adapt for just about any purpose. "As a technologist, you can go on your own hero's journey following whatever niche thing you think is the right way to go," says Trowbridge. But when it comes to JavaScript, "these libraries are excellent. Why ignore all of that?"

Many of those libraries were developed by community members, which inspired others to contribute in a snowball effect familiar to anyone involved in open source. But one big player has had an outsized influence here. Python's TensorFlow, which Bhardwaj called a "game-changer," was released by Google, which has followed academia's lead and made Python its internal scripting language. Google, as the maker of the dominant web browser, also has an obvious interest in boosting JavaScript, and Trowbridge gives Google much of the credit for making JavaScript much faster and more memory efficient than it once was: "In some ways it feels almost like a low level language," he says. Meanwhile, Ruby is widely acknowledged to be lagging in performance, in part because it lacks the same sort of corporate sponsor with resources for improving it.

"A new Linux malware downloader created using SHC (Shell Script Compiler) has been spotted in the wild," reports the site Bleeping Computer, "infecting systems with Monero cryptocurrency miners and DDoS IRC bots...

"The analysts say the attacks likely rely on brute-forcing weak administrator account credentials over SSH on Linux servers.... " According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.... When the SHC malware downloader is executed, it will fetch multiple other malware payloads and install them on the device. One of the payloads is an XMRig miner that is downloaded as a TAR archive from a remote URL and extracted to "/usr/local/games/" and executed....

The second payload retrieved, dropped, and loaded by the SHC malware downloader is a Perl-based DDoS IRC bot. The malware connects to the designated IRC server using configuration data and goes through a username-based verification process. If successful, the malware awaits commands from the IRC server, including DDoS-related actions such as TCP Flood, UDP Flood, and HTTP Flood, port scanning, Nmap scanning, sendmail commands, process killing, log cleaning, and more.

ASEC warns that attacks like these are typically caused by using weak passwords on exposed Linux servers.

"The Perl Advent Calendar has come a long way since it's first year in 2000," says an announcement on Reddit. But in fact the online world now has many daily advent calendars aimed at programmers — offering tips about their favorite language or coding challenges.

• The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — decided to try publishing 24 original articles for their 2022 HTMHell Advent Calendar. Elsewhere on the way there's the Web Performance Calendar, promising daily articles for speed geeks. And the 24 Days in December blog comes to life every year with new blog posts for PHP users.

• The JVM Advent Calendar brings a new article daily about a JVM-related topic. And there's also a C# Advent calendar promising two new blog posts about C# every day up to (and including) December 25th.

• The Perl Advent Calendar offers fun stories about Perl tools averting December catastrophes up at the North Pole. (Day One's story — "Silent Mite" — described Santa's troubles building software for a ninja robot alien toy, since its embedded hardware support contract prohibited unwarrantied third-party code, requiring a full code rewrite using Perl's standard library.) Other stories so far this December include "Santa is on GitHub" and "northpole.cgi"

• The code quality/security software company SonarSource has a new 2022 edition of their Code Security Advent Calendar — their seventh consecutive year — promising "daily challenges until December 24th. Get ready to fill your bag of security tricks!" (According to a blog post the challenges are being announced on Twitter and on Mastadon.

• Just as the Perl community spawned another language named Perl 6 — now called Raku — there's also a Raku-themed advent calendar. (It's now at a new URL, though it's been running since 2009.) Day Three's post tells the story of Santa and the Rakupod Wranglers.

• "24 Pull Requests" dares participants to make 24 pull requests before December 24th. (The site's tagline is "giving back to open source for the holidays.") Over the years tens of thousands of developers (and organizations) have participated — and this year they're also encouraging organizers to hold hack events.

• The Advent of JavaScript and Advent of CSS sites promise 24 puzzles delivered by email (though you'll have to pay if you also want them to email you the solutions!)

• TryHackMe.com has its own set of darily cybersecurity puzzles (and even a few prizes).

• For 2022 Oslo-based Bekk Consulting (a "strategic internet consulting company") is offering an advent calendar of their own. A blog post says its their sixth annual edition, and promises "new original articles, podcasts, tutorials, listicles and videos every day up until Christmas Eve... all written and produced by us - developers, designers, project managers, agile coaches, management consultants, specialists and generalists."

Whether you participate or not, the creation of programming-themed advent calendar sites is a long-standing tradition among geeks, dating back more than two decades. (Last year Smashing magazine tried to compile an exhaustive list of the various sites serving all the different developer communities.)

But no list would be complete without mentioning Advent of Code. This year's programming puzzles involve everything from feeding Santa's reindeer and loading Santa's sleigh. The site's About page describes it as "an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like."

Now in its eighth year, the site's daily two-part programmig puzzles have a massive online following. This year's Day One puzzle was solved by 178,628 participants...

Fedora 37 is now officially released. From a report: Fedora 37 brings the GNOME 43 desktop to Fedora Workstation 37, updated toolchain components like Glibc 2.36 and LLVM 15 and Binutils 2.38, official support for the Raspberry Pi 4, retiring 32-bit ARMv7 support, Fedora CoreOS has been promoted to a Fedora Edition, Perl 5.36, Python 3.11, RPM 4.18, LXQt 1.1, and a wealth of other updated packages.

The short answers are "yes" and "no." America's Constitution prohibits government intervention into public expression, reports the business-news radio show Marketplace, "protecting free speech and expression "through, for example.... writing, protesting and coding languages like JavaScript, HTML, Python and Perl."

Specifically protecting code started with the 1995 case of cryptographer Daniel Bernstein, who challenged America's "export controls" on encryption (which regulated it like a weapon). But they also spoke to technology lawyer Kendra Albert, a clinical instructor at Harvard Law School's Cyberlaw Clinic, about the specific parameters of how America protects code as a form of expression: Albert: I think that the reality was that the position that code was a form of expression is in fact supported by a long history of First Amendment law. And that it, you know, is very consistent with how we see the First Amendment interpreted across a variety of contexts.... [O]ne of the questions courts ask is whether a regulation or legislation or a government action is specifically targeting speech, or whether the restrictions on speech are incidental, but not the overall intention. And that's actually one of the places you see kind of a lot of these difficulties around code as speech. The nature of many kinds of regulation may mean that they restrict code because of the things that particular forms of software code do in the world. But they weren't specifically meant to restrict the expressive conduct. And courts end up then having to sort of go through a test that was originally developed in the context of someone burning a draft card to figure out — OK, is this regulation, is the burden that it has on this form of expressive speech so significant that we can't regulate in this way? Or is this just not the focus, and the fact that there are some restrictions on speech as a result of the government attempting to regulate something else should not be the focus of the analysis?

Q: Congress and federal agencies as well as some states are looking to tighten regulations around cryptocurrencies and blockchain technology. What role do you think the idea of code as speech will play in this environment moving forward?

Albert: The reality is that the First Amendment is not a total bar to regulation of speech. It requires the government meet a higher standard for regulating certain kinds of speech. That runs, to some extent, in conflict with how people imagine what "code is speech" does as sort of a total restriction on the regulation of software, of code, because it has expressive content. It just means that we treat code similarly to how we treat other forms of expression, and that the government can regulate them under certain circumstances.

"19-year-old chess grandmaster Hans Niemann was banned by massive online chess platform Chess.com," reports Motherboard, "just a few days after being accused of cheating in real life against five-time World Chess Champion Magnus Carlsen."

Chess.com said in a statement that "We have shared detailed evidence with him concerning our decision, including information that contradicts his statements regarding the amount and seriousness of his cheating on Chess.com." Niemann admitted to cheating on Chess.com in the past, but claimed that the two times he did were involving trivial, non-over-the-board games, and that he was only a child as he was 12 and 16 when it happened. "I just wanted to get higher-rated so I could play stronger players, so I cheated in random games on Chess.com," he said [in an online interview with St. Louis Chess Club].... " I have never cheated in an over-the-board game" [meaning a game that takes place on a real-world chess board]. Chess.com released its own statement Thursday countering his claims, which said: "At this time, we have reached out to Hans Niemann to explain our decision to privately remove him from Chess.com and our events. We have shared detailed evidence with him concerning our decision, including information that contradicts his statements regarding the amount and seriousness of his cheating on Chess.com...."

So far, there has not been any concrete evidence that points to Niemann cheating.... There are still many people who have been publicly supporting Niemann as the underdog. Russian chess grandmaster, Garry Kasparov, told TASS, "Of course we can't say with certainty that Niemann didn't cheat, but Carlsen surprisingly played the opening so badly with white that he automatically got into a worse position."
Chess.com's statement says they've "invited Hans to provide an explanation and response with the hope of finding a resolution where Hans can again participate on Chess.com."

The Guardian points out that Niemann has now also been uninvited from Chess.com's Global Championship, a $1m event with online qualifiers and an eight-player final in Toronto. But they also explore whether Neimann was really cheating... The Californian teenager, who does not have a coach but whose rating has jumped 250 points in three years, had already beaten the world champion a month earlier in an online tournament in Miami, when he made headlines for a one-sentence victory interview where he said: "Chess speaks for itself," before walking off.... [In his match this week against Carlsen] the position out of the opening was almost level, a minimal 0.3 plus for Black, but the world champion seemed to try too hard, with sub-optimal choices at moves 22, 40 and 42. Niemann also made inaccuracies, so the game lacked the tell-tale signs of computer aid....

It would appear that the central issue is whether Carlsen believes his pre-game analysis of his intended surprise 1 d4 Nf6 2 c4 e6 3 Nc3 Bb4 4 g3 was leaked, either by a mole within his camp or by a computer hack. An alternative explanation of the "leak" could be quite innocent. The relevant pawn structure, with plausible transpositions into Carlsen v Niemann, had already occurred in a previous well-known Carlsen game against England's Michael Adams in 2006. Niemann said he asked himself what ideas Carlsen might produce to divert him from his planned Catalan with ... Bb4+ and decided to check 5 Nc3, a rare transposition to the Nimzo-Indian. There was also Niemann's own very recent game against Le Quang Liem at Miami, where 5 g3 (instead of 5 e3 d5 as played) d5 6 a3 could easily transpose into Carlsen v Niemann....

[I]t is easy to understand why the world champion was so upset. Carlsen's tournament score will be cancelled, but his games will be rated and the defeat by Niemann will cost him seven rating points, a large setback in the context of trying to get from 2865 to 2900. His dream of a record rating has just become more distant.

Perl's major version number hasn't changed since 1994, notes a new blog post at Stack Overflow by Perl book author Dave Cross. Yet the programming language has still undergone "massive changes" between version 5.6 (summer of 2000) and version 5.36 (released this May).

But because the Perl development strives for backwards compatibility, "many new Perl features are hidden away behind feature guards and aren't available unless you explicitly turn them on...." You're no doubt familiar with using print() to display data on the console or to write it to a file. Perl 5.10 introduced the say() command which does the same thing but automatically adds a newline character to the output. It sounds like a small thing, but it's surprisingly useful. How many times do you print a line of data to a file and have to remember to explicitly add the newline? This just makes your life a little bit easier....

Some of the improvements were needed because in places Perl's Unix/C heritage shows through a little more than we'd like it to in the 21st century. One good example of this is bareword filehandles... It is a variable. And, worst than that, it's a package variable (which is the closest thing that Perl has to a global variable)... [But] for a long time (back to at least Perl 5.6), it has been possible to open filehandles and store them in lexical variables... For a long time, Perl's standard functions for dealing with dates and times were also very tied to its Unix roots. You may have seen code like this:

my @datetime = localtime();

The localtime() function returns a list of values that represent the various parts of the current local time... Since Perl 5.10, the standard library has included a module called Time::Piece. When you use Time::Piece in your code, it overrides localtime() and replaces it with a function that returns an object that contains details of the current time and date. That object has a strftime() method... And it also has several other methods for accessing information about the time and date [including a method called is_leap_year]... Using Time::Piece will almost certainly make your date and time handling code easier to write and (more importantly) easier to read and understand....

In most languages you'd have a list of variable names after the subroutine name and the parameters would be passed directly into those. Well, as of version 5.36 (which was released earlier this summer) Perl has that too. You turn the feature on with use feature 'signatures'.... Subroutine signatures have many other features. You can, for example, declare default values for parameters.
And new features possibly coming soon incude a new object-oriented programming framework named Corinna being written into the Perl core. "Beyond that, the Perl development team have their eye on a major version number bump."

And to avoid confusion with Raku -- the offshoot programming language formerly known as Perl 6 -- the next major version of Perl will be Perl 7.

Red Hat announced that Paul Cormier, the company's CEO and president since 2020, is stepping over to become chairman of the board. Matt Hicks, a Red Hat veteran and the company's head of products and technologies, will replace Cormier as president and CEO. ZDNet reports: It had been rumored at May 2022's Red Hat Summit that Cormier, who had been with Red Hat for over 14 years, might retire soon. That rumor wasn't true, but he is moving to a "somewhat" less demanding position. That said, as Stephanie Wonderlick, Red Hat's VP of Brand Experience + Communication, said, "I don't think Red Hat would have become Red Hat without Paul Cormier." [...]

As for Hicks, he's a popular figure in the company. He's known as a hands-on leader. Hicks joined Red Hat in 2006 as a developer working on porting Perl applications to Java. That is not the start one thinks of for a future CEO! Hicks knows it. He said in a note to Red Hat employees that he'd "never imagined that my career would lead me to this moment. If I had followed my initial path, not raised my hand for certain projects, or shied away from contributing ideas and asking questions, I might not be here. That is what I love about Red Hat, and it's something that differentiates us from other companies: nothing is predetermined; we're only limited by our passion and drive to contribute and make an impact." So it was that he quickly rose to leadership positions. In particular, thanks to his work with Red Hat OpenShift, he saw Red Hat move from being primarily a Linux powerhouse to a hybrid cloud technology leader as well.

Hicks, now in charge, said in a statement, "When I first joined Red Hat, I was passionate about open source and our mission, and I wanted to be a part of that. I am humbled and energized to be stepping into this role at this moment. There has never been a more exciting time to be in our industry, and the opportunity in front of Red Hat is vast. I'm ready to roll up my sleeves and prove that open-source technology truly can unlock the world's potential." He also said, Together, [IBM and Red Hat] can really lead a new era of hybrid computing. Red Hat has the technology expertise and open-source model -- IBM has the reach."

Cormier's new role will focus on "moving forward to help customers drive innovation forward with a hybrid cloud platform built on open-source technology. Open-source technology has won the innovation debates, and whatever the future looks like, it's going to be built on open-source technology, and Red Hat will be there. Moving ahead, Cormier will continue to work alongside IBM chairman and CEO, Arvind Krishna. Both Cormier and Hicks will report to Krishna. As for day-to-day work, Hicks said, "I'm here to do the work with you. Let's roll up our sleeves together, embrace these values and earn the opportunity ahead of us."

I Programmer writes: December 1st is much anticipated among those who like programming puzzles. It is time to start collecting stars by solving small puzzles on the Advent of Code website with the goal of amassing 50 stars by Christmas Day, December 25th. Raku has also opened its advent calendar and there's a brand new Bekk Christmas blog with informational content on multiple topics... At the time of writing we are only 10.5 hours into Advent of Code's Day 1, almost 50,000 users have completed both puzzles and another 8,484 have completed the first. [Some programmers are even livestreaming their progress on Twitch, or sharing their thoughts (and some particuarly creative solutions) in the Advent of Code subreddit.]

We can credit Perl with pioneering the idea of a programming advent calendar with daily articles with a festive theme and the Raku Advent Calendar now continues the tradition. Now in its 13th year, but only the third with its new name this year's first advent post solves a problem faced by Santa of creating thumbnails of approaching 2 billion images...
Smashing magazine has pulled together its own exhaustive list of additional geek-themed advent calendars. Some of the other highlights:

• The beloved site "24 Pull Requests" has relaunched for 2021, daring participants to make 24 pull requests before December 24th. (The site's tagline is "giving back to open source for the holidays.") Over the years 26,465 contributors (as well as 25,738 organizations) have already participated through the site.

• The Advent of JavaScript and Advent of CSS sites promise 24 puzzles delivered by email (though you'll have to pay if you also want them to email you the solutions!)

• This year also saw daily challenges from the sixth annual Code Security advent calendar being announced on Twitter, while TryHackMe.com has its own set of cybersecurity puzzles (and even a few prizes).

ZDNet reports that Python "is now the most popular language, according to one popularity ranking."

"For the first time in more than 20 years we have a new leader of the pack..." the TIOBE Index announced this month. "The long-standing hegemony of Java and C is over."

When Slashdot reached out to Guido van Rossum for a comment, he replied "I honestly don't know what the appropriate response is...! I am honored, and I want to thank the entire Python community for making Python so successful."

ZDNet reports: [I]t seems that Python is winning these days, in part because of the rise of data science and its ecosystem of machine-learning software libraries like NumPy, Pandas, Google's TensorFlow, and Facebook's PyTorch. Python is also an easy-to-learn language that has found a niche in high-end hardware, although less so mobile devices and the web — an issue that Python creator Guido van Rossum hopes to address through performance upgrades he's working on at Microsoft.

Tiobe, a Dutch software quality assurance company, has been tracking the popularity of programming languages for the past 20 years. Its rankings are based on search terms related to programming and is one measure of languages that developers should consider learning, along with IEEE Spectrum's list and a ranking produced by developer analyst RedMonk. JavaScript, the default for front-end web development, is always at the top of RedMonk's list. For Tiobe, its enterprise focus, has seen Java and C dominate in recent years, but Python has been snapping at the heels of Java, and has now overtaken it...

Python's move to top spot on the Tiobe index was a result of other languages falling in searches rather than Python rising. With an 11.27% share of searches, it was flat, while second place language C fell 5.79% percentage points compared to October last year down to 11.16%. Java made way for Python with a 2.11 percentage point drop to 10.46%.

Other languages that made the top 10 in Tiobe's October 2021 index: C++, C#, Visual Basic, JavaScript,. SQL, PHP, and Assemblyy Language. Also rising on a year-on-year basis and in the top 20 were Google-designed Go, number-crunching favorite MATLAB, and Fortran.
"Python, which started as a simple scripting language, as an alternative to Perl, has become mature," TIOBE says in announcing its new rankings.

"Its ease of learning, its huge amount of libraries, and its widespread use in all kinds of domains, has made it the most popular programming language of today. Congratulations Guido van Rossum!"