OStatic

Last week, members of the Ruby community received word that all but the most recent versions of the language contain a serious security hole, and should be upgraded immediately. The announcement indicated that the security problem allows an attacker to potentially execute arbitrary code from a remote location. Other than that general description, what is the problem? Well... the powers that be aren't telling. Zed Shaw, decided to blog about this, announcing the vulnerabilities, as well as the techniques that he used to uncover them.

One of the fascinating trends that the Java world has seen in the last few years is the growth of non-Java languages that use the JVM (Java Virtual Machine). After all, if you create a new programming language, you will need to write it for a particular platform. If you want your language to be portable across platforms, you will need to implement versions for each of those platforms. By contrast, if you implement your language on the JVM, then your language will work on any system with a JVM, which is basically everywhere. Four of these languages -- Jython, JRuby, Groovy, and Scala -- are released under open-source licenses, and are increasingly popular choices for programmers who value portability.

CPAN, the Comprehensive Perl Archive Network, is one of the strongest and most active repositories for open-source libraries around. These libraries, many of which are packaged as Perl objects, do everything from communicate with Amazon's various Web services (including EC2 and S3), to verify credit cards, to manipulate images, to parse XML, to implement SSL. Because of the somewhat chaotic nature of CPAN, many of these functions are implemented in multiple modules. So there are several dozen modules for parsing XML and another few dozen templating systems, for starters.

The developers of Django, a Python-based framework for creating and deploying sophisticated Web applications, announced yesterday that they have established the Django Foundation. This foundation, like foundations for Apache and Mozilla, will allow for communal ownership of the Django code, as well as accept donations and pay individuals.

Client-side Web developers work mainly in JavaScript, HTML, and CSS, displaying and manipulating data within a Web browser, while retrieving and storing that data on the server. One exciting new entry on this front is SproutCore, a new JavaScript framework that brings a full model-view-controller (MVC) approach to client-side programming. SproutCore gained a great deal of public attention in the last week, since Apple announced that its new MobileMe (formerly .Mac) service uses it.

It shouldn't surprise anyone to find that the number of books about the Ruby language, and about Web development using Ruby on Rails, has soared over the last year. Many books tell you how to write Rails applications, but very few tell you how to put them into production. Deploying Rails Applications, published recently by the Pragmatic Programmers, does try to answer these questions, and does so quite well, introducing a variety of programs and techniques that can make the difference between a painful deployment and a pain-free one.

Databases provide a great way to store information. But more important than that is their ability to retrieve information, and to do so in many different ways. Because database programmers, like all other programmers, don't like to re-invent the wheel, they often turn to reporting software, allowing them to concentrate on what they want to report, rather than how they want it to appear. One open-source reporting tool that is gaining momentum is Ruport, written in the Ruby language. Ruport is designed for use with Ruby applications, including those using Ruby on Rails.

Many of the best-known PostgreSQL hackers joined together several weeks ago for the annual PGCon, a conference dedicated to all things PostgreSQL. I've finally had a chance to review some of the talks and slides from that conference, and it not only gives me confidence in what PostgreSQL can do today, but also where it is headed in the coming years. Between scaling, geographic information systems, compatibility with other databases, and configuration management, presentations at PGCon contained a wealth of information for anyone using PostgreSQL.