Slashdot Mirror

brothke writes "If Shakespeare were to write an information security tragedy, it would not be titled Hamlet, rather Bayuk. The story of Jennifer Bayuk is tragic in that she spent a decade as CISO at Bear, Stearns, building up its security group to be one of the best in the business; only to find it vaporized when the firm collapsed and was acquired by J.P. Morgan Clearing Corp. After all that toil and sweat, Bayuk was out of a job. (Full disclosure: Bayuk and I have given a presentation together in the past, and I did get a copy of this book for free.)" Read below for Ben's review. Enterprise Security For the Executive author Jennifer Bayuk pages 176 publisher Praeger Publishers rating 9/10 reviewer Ben Rothke ISBN 0313376603 summary helps business executives become familiar with security concepts and techniques While the information security engineering group that was at Bear, Stearns is no more, Bayuk has taken her vast expertise and put it in a great new book: Enterprise Security for the Executive: Setting the Tone from the Top. While many other books equate security with technology, and are written for technologists; Bayuk writes that information security is all about management control. And to the extent which a CxO controls assets, is the extent to which others can't use them in unexpected ways.

The book is written to help CxO's and business executives become familiar with information security concepts and techniques to make sure they are able to manage and support the efforts of their security team. This is an issue, as a big problem for the poor state of information security is that CxO's are far too often disconnected from their information security groups. No story is more manifest than that of when Heartland Payment Systems CEO Robert Carr blamed his PCI auditors for his firm's security problems. Carr is a perfect example of the type of person that needs to read this book. As an aside, for an excellent reply to Carr's kvetching, read what Rich Mogull wrote in An Open Letter to Robert Carr, CEO of Heartland Payment Systems.

While many CxO's think that security is about firewalls and other cool security products, it is truly a top-down management approach, and not a technology one. The book notes that the only way for information security to succeed in an organization is when management understands what their role is.

What is unique about the book is that Bayuk uses what she calls SHS (security horror stories). Rather than typical FUD stories, the horror stories detail systematic security problems and how they could have been obviated. By seeing how these companies have done it wrong, it makes it easier for pragmatic organizations to accomplish effective security by setting a strong tone from the top down.

Bayuk details the overall problem in the introduction and notes that many CxO's have wrongly spent significant amounts of money on security to avert security incidents; but have done that without any context of a greater information security methodology. The leads to executives thinking that security as nothing more than one long spending pattern.

Chapter 1 — Tone at The Top, notes that tone exists at the top, whether it is set or not. The tone is reflected in how an organization thinks about the things it really cares about. Employees can tell how a CxO cares about security by their level of personal involvement. Not that a CxO needs to be, or should be involved with minutia of firewall configuration or system administration; the key is rather that they are for example, championing the effective and consistent use of firewalls and how systems are securely administered.

In chapter 5 — Security through Matrix Management — Bayuk does a good job of detailing the various places that the security group can be placed in an organization. The chapter notes that there are as many ways to organize security as there are organization structures. Bayuk writes for example that if CxO's in a given organization are a tight-knit group, accustomed to close coordination, then it should not matter to which CxO the person managing information security reports to. If that is not the case, there may be multiple security programs that end up far too below the required C-levels that are needed for effective security. The chapter provides a number of different organizational scenarios, with requisite roles and responsibilities.

Chapter 5 closes with an important observation that a CxO should task the human resources department to put a line in all performance reviews whereby managers attest (or not) that the person being reviewed follows security policy. A CxO should fire people who willfully avoid compliance with security policy. Whatever tone at the top exists should be employed to make sure that everyone knows that the CxO is serious about the corporate security program. Such a tone clearly demonstrates an organization that is resolute about information security.

One thing that Bayuk does very well repeatedly throughout the book is to succinctly identify an issue and its cause. In chapter 6 — Navigating the Regulatory Landscape — she writes that if a CxO does not have management control over an organization, then the organization will fail the audit. It will fail because even if the organization is secure today, there is no assurance that it will be going forward. In addition, control means that the CxO will ensure that the organization is attempting to do the right thing. And in such cases, passing an audit is much easier.

Overall, Enterprise Security for the Executive is a fantastic book. It provides a no-nonsense approach to attaining effective information security. For those executives that are serious about security, the book will be their guiding light down the dark information security tunnel. In its 8 chapters (and a case study), the book focuses on a straightforward and plain-speaking approach to enable CxO's to get a handle on information security. As such, it is hoped that Enterprise Security for the Executive will soon find its way onto every executives required reading list.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know .

You can purchase Enterprise Security for the Executive: Setting the Tone from the Top from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "If Shakespeare were to write an information security tragedy, it would not be titled Hamlet, rather Bayuk. The story of Jennifer Bayuk is tragic in that she spent a decade as CISO at Bear, Stearns, building up its security group to be one of the best in the business; only to find it vaporized when the firm collapsed and was acquired by J.P. Morgan Clearing Corp. After all that toil and sweat, Bayuk was out of a job. (Full disclosure: Bayuk and I have given a presentation together in the past, and I did get a copy of this book for free.)" Read below for Ben's review. Enterprise Security For the Executive author Jennifer Bayuk pages 176 publisher Praeger Publishers rating 9/10 reviewer Ben Rothke ISBN 0313376603 summary helps business executives become familiar with security concepts and techniques While the information security engineering group that was at Bear, Stearns is no more, Bayuk has taken her vast expertise and put it in a great new book: Enterprise Security for the Executive: Setting the Tone from the Top. While many other books equate security with technology, and are written for technologists; Bayuk writes that information security is all about management control. And to the extent which a CxO controls assets, is the extent to which others can't use them in unexpected ways.

The book is written to help CxO's and business executives become familiar with information security concepts and techniques to make sure they are able to manage and support the efforts of their security team. This is an issue, as a big problem for the poor state of information security is that CxO's are far too often disconnected from their information security groups. No story is more manifest than that of when Heartland Payment Systems CEO Robert Carr blamed his PCI auditors for his firm's security problems. Carr is a perfect example of the type of person that needs to read this book. As an aside, for an excellent reply to Carr's kvetching, read what Rich Mogull wrote in An Open Letter to Robert Carr, CEO of Heartland Payment Systems.

While many CxO's think that security is about firewalls and other cool security products, it is truly a top-down management approach, and not a technology one. The book notes that the only way for information security to succeed in an organization is when management understands what their role is.

What is unique about the book is that Bayuk uses what she calls SHS (security horror stories). Rather than typical FUD stories, the horror stories detail systematic security problems and how they could have been obviated. By seeing how these companies have done it wrong, it makes it easier for pragmatic organizations to accomplish effective security by setting a strong tone from the top down.

Bayuk details the overall problem in the introduction and notes that many CxO's have wrongly spent significant amounts of money on security to avert security incidents; but have done that without any context of a greater information security methodology. The leads to executives thinking that security as nothing more than one long spending pattern.

Chapter 1 — Tone at The Top, notes that tone exists at the top, whether it is set or not. The tone is reflected in how an organization thinks about the things it really cares about. Employees can tell how a CxO cares about security by their level of personal involvement. Not that a CxO needs to be, or should be involved with minutia of firewall configuration or system administration; the key is rather that they are for example, championing the effective and consistent use of firewalls and how systems are securely administered.

In chapter 5 — Security through Matrix Management — Bayuk does a good job of detailing the various places that the security group can be placed in an organization. The chapter notes that there are as many ways to organize security as there are organization structures. Bayuk writes for example that if CxO's in a given organization are a tight-knit group, accustomed to close coordination, then it should not matter to which CxO the person managing information security reports to. If that is not the case, there may be multiple security programs that end up far too below the required C-levels that are needed for effective security. The chapter provides a number of different organizational scenarios, with requisite roles and responsibilities.

Chapter 5 closes with an important observation that a CxO should task the human resources department to put a line in all performance reviews whereby managers attest (or not) that the person being reviewed follows security policy. A CxO should fire people who willfully avoid compliance with security policy. Whatever tone at the top exists should be employed to make sure that everyone knows that the CxO is serious about the corporate security program. Such a tone clearly demonstrates an organization that is resolute about information security.

One thing that Bayuk does very well repeatedly throughout the book is to succinctly identify an issue and its cause. In chapter 6 — Navigating the Regulatory Landscape — she writes that if a CxO does not have management control over an organization, then the organization will fail the audit. It will fail because even if the organization is secure today, there is no assurance that it will be going forward. In addition, control means that the CxO will ensure that the organization is attempting to do the right thing. And in such cases, passing an audit is much easier.

Overall, Enterprise Security for the Executive is a fantastic book. It provides a no-nonsense approach to attaining effective information security. For those executives that are serious about security, the book will be their guiding light down the dark information security tunnel. In its 8 chapters (and a case study), the book focuses on a straightforward and plain-speaking approach to enable CxO's to get a handle on information security. As such, it is hoped that Enterprise Security for the Executive will soon find its way onto every executives required reading list.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know .

You can purchase Enterprise Security for the Executive: Setting the Tone from the Top from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "It is no news that the greatest computer scientists and programmers are/were mathematicians. As a kid 'hacking' if-else programs, I was not aware of the importance of math in programming, but few years later, when I read Engines of Logic by Martin Davis I started becoming increasingly more convinced of this. Unfortunately, math doesn't return my love, and prefers me to struggle with it. Now, as the end of the semester approaches, I am faced with a dilemma: What math subject to choose next? I have two choices: 'Discreet structures with graph theory' (discrete math; proofs, sets, algorithms and graphs) on one side, and 'Selected math chapters' (math analysis; vectors, euclidean space, differentials) on the other. I'm scared of the second one because it's said to be harder. But contrary to my own opinion, one assistant told me that it would be more useful for a programmer compared to the first subject. Then again, he's not a programmer. That's why I turn to you for help, fellow slashdotters — any advice?"

bfwebster writes "Orin Kerr, a George Washington University law professor who focuses on legal issues regarding information technology (I own a copy of his book Computer Crime Law) raises an interesting issue about a 2001 Supreme Court decision (Kyllo v. United States) that prohibited police from using a thermal imaging device on a private home without a warrant. (The police were trying to detect excess heat coming from the roof of a garage, as an indication of lamps being used to grow marijuana inside.) The Court made its decision back in 2001 because thermal imaging devices were 'not in general use' and therefore represented a technology that required a warrant. However, Kerr points out that anyone can now buy such thermal imaging devices for $50 to $150 from Amazon, and that they're advertised as a means of detecting thermal leakage from your home. In light of that, Kerr asks, is the Supreme Court's ruling still sound?"

gregrolan writes "The Trousers of Reality — Volume 1, Working Life is indeed a book about finding balance and satisfaction in life work and play. The author's thesis can be applied to almost any discipline, but it is from his background as an IT consultant that most of his professional examples are drawn. He considers success in this field pretty broadly and addresses the technical, management, political, personal, and social aspects of the IT profession." Read on for the rest of Greg's review. The Trousers of Reality - Volume 1: Working Life author Barry Evans pages 294 publisher Code Green Publishing rating 8 reviewer Greg Rolan ISBN 978-1907215001 summary Find balance and satisfaction in life work and play Rather than expound upon the virtues of Yet Another Methodology or a Prescribed Practice, the author sets out to show that the wisdom and experiences of the last few millennia have lead to principles and practices that transcend particular methodologies or approaches and form the basis of success; that introspection and empathy will serve better than adherence to position and retreat behind logical argument; and that, ultimately, we all want similar outcomes — even if it's not obvious on the face of it.

If you have ever been torn between deadlines and burnout, stretched between politics and technology, or simply wondered "How am I going to get through this?" I think that this book definitely has something to offer you.

Firstly: a disclaimer. I worked with Barry Evans for approximately nine months about fifteen years ago in London. We kept in touch, sporadically, after I returned to Australia and, over the years, I followed his career from Software Engineer to Team Leader to Organizational Project Mentor to his own Practice Consultancy business throughout Europe and beyond. What struck me in retrospect was that, in the mid-nineties, Evans was doing Agile — not that it had a name back then, or even that we recognized it as such. He talked philosophy, was passionate about practice and meaning and we delivered (on time and in budget) which was surprising given the nature of the project. This was a pattern that he would come to repeat within many projects and organizations.

When he announced that he was taking time out to commit his experiences to paper, I admit I was keen read his book. It turns out that this is the first volume in a series of four and addresses developing a set of principles to guide working life. The other three (yet to be published) cover how to use these principles; specific examples of their use; and the principles in broader contexts — relationships, society and the world.

The first thing the reader notices about this work is the breadth of the material drawn upon in order to build the author's arguments — ranging from historical, contemporary, technical and personal sources. The second is the copious footnoting and rigorous referencing of other works. This in itself is valuable allowing the reader to delve deeper into particular themes if they wish. The book is supported with additional material at the author's web site

The main body of the book opens with the short chapter "Themes, Directions and Koans" which outlines the broad ideas and concepts of the volume. It's a pretty starkly written chapter — the first few pages in particular are daunting — but soon you realize that the book is written somewhat fractally. Concepts are stated, revisited and linked with others into a whole, adding details as the iterations progress. In fact the book itself is a good example of the author's themes: "Evolution and Interconnectedness" and "Universality and Context" — the other ones being "Reciprocity and Balance" and "Longevity and Inspiration". Here, the themes are introduced, connected and linked with the tools one needs to begin to address them.

"The Most Important Chapter In This Book" follows next and introduces the idea of "Deep Structure and Surface Structure". Most of our activities in professional and personal life involve discerning others' expectations and perspectives and working to accommodating them. This chapter accounts for differences in perspective we have in relation to even commonly held ideas. It explores the conflicts that may arise due to this duopoly and shows how the evolution of ideas and practices give rise to the paradox "The more we know, the less we know". It also lays the foundations of understanding prejudices and the mechanisms of socialization of ideas. None of these concepts are new, but are drawn together in forehead slapping clarity. This, I think, is what makes this book accessible, the author's ability to describe an easily digestible deep structure from seemingly disparate surface structure concepts.

The third main chapter "The Map" draws the distinction between process and principle and gives guidelines on how to form one's principles for professional and personal life. As the author explains, this is a process of "differentiate[ing] between opinion and observation", and "determine[ing] which rules we can trust and which are wolves in sheep's clothing". Such principles facilitates one's own meta-practice, balancing "empiricism rigor and repeatability" against "inspiration, wonder and motivation", enabling the practitioner to develop the most effective approach to take for various life endeavors.

"The Key" introduces a series of tools or skills that can be brought to bear on the themes of this book. They include Agile Development, Theory of Constraints, Systems Thinking, Lateral Thinking and Neuro-Linguistic Programming, metaphor, refinement and pattern recognition amongst others. The author then shows how they relate to discovering the deep structures of problems and how they can be combined to support principles and practice. I found myself more familiar with some of these than others, however this chapter provided a good introduction to these techniques and their applicability, as well as providing many references to enable further study.

The chapter "Inspiration" concerns the motivation or desire to achieve on a personal level and, in particular, inspiring others. Here, the author rather cheekily turns the title of the volume around from "Working Life" to "A Life That Works" and goes on to explain that to inspire or be inspired you must place work into the context of that which gives one's life meaning. He draws the distinction between inspiration (as a principle) and motivation (as a process), going on to discuss management styles involving counterproductive attempts to motivate and inappropriate introduction of competition. This chapter also covers the introduction of change into an organization or team — particularly in the sense of changing context, methodology or practice — and mechanisms for avoiding conflict and inspiring others to embrace the change.

The longest chapter in the book is entitled "Balance" and discusses finding the inspired and effective centre or "norm" of your life, your team, your project etc. and staying there in the face of change. It is a rather long and rambling chapter and I think the book would have been better served by breaking it up into more digestible chunks. It is, however, where the previous threads coalesce, the author bringing them together with case studies and lengthy examples. He starts this chapter with the metaphor of life as a high wire balancing act with the processes we employ as the balancing pole. He then discusses the different feedback sensitivities and reactions required to regain the centre of balance as it shifts. The author gives as examples: the tensions between software stability and responsiveness to changing requirements, productivity and fatigue, skill and process, priority and effort, importance and urgency, and complexity and difficulty — all of which may need to be balanced against one another. He then covers in more detail issues surrounding the prioritizing of work activities and their impact on stress using a common importance/urgency quadrant model. This is followed by a description of strategies for negotiating this area. The author then touches upon the need to balance the requirement for skills, tools and processes at both a team and at a personal level, noting how to avoid potential conflict between personal career objectives and organizational goals.

The core of this chapter is based on a discussion of fulcrums, levers, balance and counterbalance as a metaphor for understanding where to apply effort in order to bring about change. This metaphor leads to a suggested mechanism for bringing the domain under analysis — whether your life, a project, or an organization — into balance. This follows on to a case study of the common situation regarding the competing needs of an organization's commercial, software development and production support groups which the author terms "The Consultant's Conundrum". This part of the chapter concludes with a fairly detailed approach to dealing with the seemingly disparate perceptions, aspirations and needs of these groups and bringing them into accord. It points out the role of management in this exercise and concludes that, like good jazz, the best of people in any discipline is born from an environment of controlled freedom.

The last main chapter "Context" rounds off the foregoing by introducing the concept of hierarchies of focus, the ability to move between the gestalt and the detail, and the pitfalls, challenges and mechanisms for success when doing so. The author entreats us to always know where are in the hierarchy of concerns and points out that many "arguments about the details" are due to fuzzy understanding of the higher layers of the problem at hand. A large portion of this chapter will be familiar to software developers as it uses metaphors drawn from object-oriented programming to describe problem analysis, the interactions between processes, and the relationship between organizational hierarchies and groups. This analysis of organization design leads into recommendations for those in a position to influence organizational structure. The chapter concludes with a discussion regarding project planning and process refactoring — and the various techniques that may be employed to inform these processes at various levels of a hierarchy of focus. I found this last part of immense value and the most important part of this chapter.

By the end of this volume, it is apparent that the author has much to say and is at times overeager to get it all out — bubbling over with ideas and metaphors. I found this volume somewhat unconventional in it's layout and writing style, but compelling and challenging nonetheless. It is the sort of book that lends itself to taking place on a professional 's bookshelf to be read and re-read over time — each reading yielding some nugget or insight overlooked in the past. I am certainly looking forward to the subsequent volumes and would recommend this series to anyone engaged in or with the IT industry.

You can purchase The Trousers of Reality - Volume 1: Working Life from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

littleidea writes "Ruby In Practice is like a sampler platter that picks up where The Ruby Way leaves off. Depending on your tastes each of the different offerings are delicious, but sometimes leave you wishing you had a whole order of just that. Then again, if you eat the whole thing, chances are you won't be hungry." Keep reading for the rest of Andrew's review. Ruby In Practice author Jeremy McAnally, Assaf Arkin with Yehuda Katz, David Black, Gregory Brown, Peter Cooper and Luke Melia pages 335 publisher Manning rating 8 reviewer Andrew Clay Shafer ISBN 1933988479 summary A cookbook style reference with Ruby code examples for systems integration, monitoring, messaging, web development, processing documents and databases in a clear problem/solution format. I really jumped headfirst into Ruby and the Ruby ecosystem when I started working on Puppet around Fall 2007. I had spent years writing code in compiled imperative and object oriented languages and just dabbled with interpreted languages before that. I've met Jeremy and several of the authors of Ruby In Practice at Ruby conferences since then.

I had a particularly hard time rating this book. If you have just learned the Ruby basics and you need to hook up your jabber server to a message queue that will spawn workers that interact with RESTful web services exposing indexed logs to twitter by tomorrow, then this book is a 10. If you are a hard core Rubyist plugged into the Ruby ecosystem, and 'Ruby In Practice' is what you do all the time, then this book is probably a 6, useful and enjoyable but hard to recommend. I'm somewhere in the middle, so I'm giving the book an 8.

The books starts out with the premise that the reader can read Ruby code. I wouldn't call the style 'code heavy' but this book is definitely 'code ample'. If you haven't been through the Pickaxe or at least a Ruby primer of some sort, be prepared to spend some time head scratching and googling before all the code syntax makes sense. That being said, you don't need to understand the subtleties of 'yield' or 'inject' to understand the examples and the book does a reasonably good job of walking through and explaining them. The exceptions to that are some of the examples involving Rails make the assumption that the reader is familiar with those idioms, which is probably fair statistically speaking and those bits can be filled in rather quickly with one of the many books on the topic or your search engine of choice.

The book credits a number of Rubyists with contributions for each of the sections. This makes for some noticeable variation in the stylistic presentation from topic to topic. As I alluded to earlier, each of the sections is more of a taste of a topic than a full exploration, but there are also references to the resources one would need to pursue each topic more fully.

The book starts out with chapter on 'Why Ruby' followed by an attempt to convert readers to become 'Test Infected', then the real Ruby fun begins in chapter 3. The first example is scaling images, stuffing them in Amazon S3 and printing the link to Twitter in 30 something lines of code. If you don't understand Ruby syntax and passing blocks, you will probably be a little lost here, but the good news is: if you take the time to sort out these first examples the rest of the code in the book should be relatively accessible. The application domain will vary throughout the book, but the level required to understand the ideas expressed in the code remains relatively constant. (which one might argue is one of the strengths of Ruby as well)

By this point, the rest of the book basically follows this pattern, discussion on a technology topic, gem install, code examples, links to more resources. I'm not going to list all the topics, though I alluded to many of them when I discussed the rating. (Here's the TOC to give you some idea.) The book definitely covers ground.

There is some really choice stuff in there and I definitely learned things, but there are a few things that are presented through Ruby colored glasses (as one would probably expect). The one that will always stick out is 'Say goodbye to dependency hell!' in reference to setting up a gem repository and using RubyGems (gems is Ruby's network library/package manager, similar to CPAN for perl or apt for Debian Linux) . I had a little chuckle and eye roll at that one. (Sorry Jeremy)

One quick note, and this is a comment about the Ruby ecosystem as much as anything, Ruby libraries change relatively quickly. On the one hand, gems are mostly up to date and tracking new versions of whatever they integrate with, on the other, this can sometimes break backwards compatibility. I didn't run every line of code in the book, but I played around with a good portion of it. There were a few gem updates which were not compatible with the code in the book. The twitter gem in particular had non-backward compatible changes to authentication (to support OAuth). I was able to get the example working with a few minutes of Google and looking at the code, but that might have taken longer and been frustrating if I didn't have a Ruby background. Ruby In Practice provides enough context and information that you can probably find the maintainer or community for a project without much trouble if you really get stuck.

I would strongly recommend this book to someone who has come to Ruby through Rails and is ready to learn more about what is possible with the language or someone who is coming from another language background with experience and perspective on things like stomp servers or Lucene and who's interest in dynamic languages has been piqued (if you have a background in any OO language, a simple primer is probably enough to make this book accessible. Also, you should remember irb, the interactive ruby interpreter, is your friend.) Anyone in either of those groups will get working examples and resources that could realistically be used in useful applications right away.

You can purchase Ruby In Practice from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes"Experienced Web designers and developers will readily admit that the most challenging aspect of their professions is not the technical work itself, nor learning the tools of the trade, but rather dealing with clients. Within that area, the most frustrating type of work — aside from the ever-joyless chore of collecting on invoices — is getting (non-technical) clients to understand the possibilities and limitations of Web technologies, design decisions, and all the other factors that can make or break a website project, as well as the site itself. Yet this process can be just as unhappy, and far more confusing, to prospective site owners, who typically are quite knowledgeable of their own fields, but have little to no understanding of how best to ensure the success of any website project they sponsor. Aiming to bridge this gap, is the appropriately-titled Website Owner's Manual." Read on for the rest of Michael's review. Website Owner's Manual author Paul Boag pages 296 pages publisher Manning Publications rating 8/10 reviewer Michael J. Ross ISBN 978-1933988450 summary A guidebook for anyone responsible for a new website. This book was written by Paul Boag, a veteran Web designer and the Creative Director of Headscape, a British design agency. He speaks at industry events, writes articles for various Web design publications, and cohosts Boagworld, "the podcast for all those involved in designing, developing, and running websites on a daily basis." The book was published on 1 December 2009 by Manning Publications, under the ISBN 978-1933988450. The publisher makes available a Web page for the book, where visitors can order print or electronic versions (purchasing the former entitles one to the latter), read the ancillary portions of the book (the table of contents, the index, etc.), read some reviewers' comments, and download two sample chapters for free: "Chapter 1: The secret to a successful website" and "Chapter 7: Ensuring access for all."

Spanning 296 pages, the book's material is grouped into twelve chapters, covering the following topics: the role and challenges of a website owner; planning a site development project; crafting a project brief, and choosing the team to implement it; how to work with a designer and understand design basics; optimal website content; site usability and testing; site accessibility, and what can undermine it; content management systems; an overview of the Web, browsers, and hosting; online and off-line promotion, including search engine optimization and marketing performance; how to develop your site into an online community, and the many benefits of doing so; preparing your website for the future. The dozen chapters can be thought of as forming three parts, although they are not formally labeled as such.

The book's first chapter is titled "The secret to a successful website," which is also the book's subtitle — at least, as shown on the cover, but oddly not on the title page. It is a poorly chosen chapter title, partly because the author repudiates it on the first page, and partly because it suggests that there is but one element to a successful website, and it is being kept a secret. (One can only hope that the publisher's marketing department is not planning on keeping it a secret.). Fortunately, the silly title does not reflect the chapter's content, which may be brief, but offers sensible advice to any business owner who decides that she needs a new website, or works within an organization and has been given that role. The reader is warned of the dangers of information overload, specialization in only one area of site ownership, and the common failure to comprehend the critical responsibilities of that role: balancing conflicting priorities, defining the role, and planning for the future. This chapter, like all that follow, concludes with a "Next actions" section, containing several tasks that the reader is advised to implement, in order to get the most benefit from the chapter's recommendations.

Chapter 2, titled "Stress-free planning," explores several ways that a website owner can proactively lay the groundwork for a successful Web project: understanding the objectives of an entirely new site or changes to a legacy one, and the organization as a whole; consulting with stakeholders; developing criteria for success; obtaining feedback on an existing site, if any, as well as the competition's sites; and understanding the site's future audience, and representing them in the form of personas. The author posits that this information forms a prerequisite for writing a site brief and assembling "The perfect team," which is the title of the third chapter. He begins by listing the major advantages of either using an internal Web team or outsourcing to an external agency, or choosing a combination thereof (an option that far too many business owners fail to consider, even when it may be the ideal choice). Perhaps one of the most valuable sections of the book is the discussion on how to create an effective brief, and the reasons for doing so even for small and/or internally sourced projects. However, readers may be confused by the assertion on page 49 that revenue can be estimated from profits, when in fact profits are calculated from revenues (less expenses). The chapter concludes with some excellent advice on how to choose the ideal outside team to complete one's Web project, if one has decided to outsource the work.

The second part of the book begins with the fourth chapter, and presupposes that the reader has created a brief and a statement of work, selected a team to implement the latter, and everyone involved has attended a kickoff meeting. Now begins the critical phase of site design, and the author provides sound recommendations on how to avoid some of the most common Web design pitfalls: neglecting the target audience, failing to test the design, designing by committee or on-the-fly, micromanaging the design decisions, overloading the site's homepage, and settling for a corporate brand or page layout that ill-serves the site user and thus the organization. The chapter concludes with discussion of some key topics in the design world: the user's screen resolution, the fold, and the three options for page layout (fixed, fluid, and elastic). Chapter 5 delves into "Creating killer content" — specifically, the importance of context, brevity, logical and user-centric information architecture (through card sorting and use cases), and text that is engaging and easy to read.

In Chapter 6, the author examines a number of aspects of user testing: costs and benefits thereof, techniques for dramatically reducing the former while maximizing the latter, the selection of test subjects, and how best to run usability test sessions and then capitalize on the results in order to hone the website before and during its design. The subsequent chapter — which covers website accessibility — shares common ground with user testing, in some respects, because site testing is an effective post-development strategy to discover accessibility problems. Yet this should be supplemented proactively with an adequate understanding of how to make one's site accessible using standards-based design and coding. The author makes clear the many advantages of separating presentation from content, and of maximizing a site's accessibility — largely by building upon said separation. However, his advice to website owners to read and understand the WCAG 2 guidelines is arguably unrealistic, given that those specifications are admittedly "extensive and highly technical in places"; all clients in my experience would dismiss the suggestion immediately.

Mentioned earlier in the book — as a potential tool for creating a wireframe of a site — content management systems (CMSs) take center stage in Chapter 8, which explores their advantages and disadvantages. One of the criticisms leveled at CMSs — that they reduce site quality by allowing greater user input — is unfair, since a hand-coded, non-CMS site could only allow similar user input with far greater risk (imagine non-technical employees butchering HTML files by editing them in word processors!). Nevertheless, the issues raised by the author definitely need to be considered by anyone planning a CMS-based website. When researching and comparing available CMSs, a business person planning a new site will encounter a plethora of technical terms, many of which are explained in Chapter 9, titled "Decoding technobabble." Yet these terms are just as likely to be encountered during the phases discussed in the book's earlier chapters, and thus this material should have been placed at the beginning of the book, with the suggestion that tech-savvy readers could skip over it; or, the chapter could have been made an appendix, with a similar message at the beginning of the book, pointing to the appendix for those unsure of Web terminology. The only glaring mistake is the statement that "the web consists of a vast network of computers spread across the globe"; that's not the Web, but rather the Internet. Nevertheless, the author's lucid introduction to Web technologies and terms could be a real help to non-technical readers.

The last three chapters can be thought of as the post-launch part of the book, because at this stage in the process, the website owner has completed the build phase, and is now ready to begin increasing the popularity and usage of the site. Chapter 10, titled "Driving traffic," explains the pitfalls and best practices in trying to promote one's site using search engines, social media, and other methods of reaching an audience and measuring the results. The material serves as a decent introduction to the topics, including a brief overview of Google AdWords (although it incorrectly states that AdWords prices start at $.10 per click, when in fact it is one cent). The next chapter explores what is involved in building a vibrant community online, as well as the costs and benefits of doing so. The final chapter, "Planning for the future," begins by warning against the wasteful but common practice of organizations commissioning brand new websites every few years, to replace the previous ones that fell into neglect, oftentimes because the website owner failed to maintain a strong relationship with the site designer. The bulk of the chapter explores emerging trends in the Web world, such as rich media, Web services, and mobile devices.

The book concludes with an index that is quite complete — a characteristic now rarely seen in programming books. Credit should also be given for the neat format and indentation of the table of contents, which facilitates quick scanning.

The text is interspersed with some screenshots, graphs, and, most welcome of all, cartoons that reflect the author's sense of humor and illustrate the conflicts and misunderstandings that can arise during site development and maintenance. All of the screenshots and other technical illustrations are well captioned, except for the one on page 33, which contains an extraneous space after the "link:," and would be baffling if taken at face value, without examining the Google Search screenshot. Sadly reflecting our era of texting and grammatical sloppiness, the chapter titles are not presented in title case, but instead in sentence case — which is especially confusing when they are embedded within sentences in the text. On several pages (45, 60, 86, 91, 102, 140, 185, 186, 209-211, etc.) at least one paragraph contains an errant newline character or is missing an indentation of a paragraph. In general, the production quality of the book does not match the value of the information.

First editions of technical books are usually riddled with errata, and this one is no exception: "Aesthetics refer[s]" (page 5), "principle" (should read "principal"; page 6), "We respects" (page 7, in the form), "site [owner] considers" (9), "Planning give" (16), "possible accessibility problem[s]" (30), "us the web" (37), "she is gives" (37), "a internal" (45), "amazon.com" (47, twice), "suitable [ones]" (48), "are [a] number" (56), "Recommenede" (56), "a RSS" (73), "Resolution affect[s]" (82), "branding and designs" (86), "Pages... needs" (91), "to[o] hard" (94), "This techniques" (95), "can't achieved" (96), "was" (should read "were"; 102 and elsewhere), "content stand out" (104), "Using" (should read "Use"; 104), "on the identifying," (105), "used. and" (111), "longer that than" (115), "This also it" (118), "a certainly level across" (141), "approach take" (141), "JavaS-cript" (143), "then if" (147), "Wordpress" (157), "pervious version" (no joke!; 161), "a enterprise" (161), "open [a] web browser" (173), "photo book" (should read "phonebook"; 173), "than are" (should read "that are"; 175), "in obscure language" (178), and at that point I gave up and stopped recording them. Given the modest length of this book, there are far too many errors such as these.

Readers will likely find that there are two major weaknesses in this book: Firstly, some of the discussion, especially in the first half, is a bit too high level, at times almost like an outline for a meatier discussion — one encompassing more specific information as to how the reader could implement and measure the principles provided. Similarly, because many of the suggestions are fairly general, they would greatly benefit from more examples — either contrived or, even better, real world occurrences — perhaps from Headscape's past projects, with names changed if needed. These could demonstrate the key ideas, and make it easier for readers to see the truth of those ideas in their own past experiences, and then apply them in the future. Fortunately, the book does employee several hypothetical case studies that are incorporated into the narrative, at various points; those are helpful, as are the screenshots that illustrate violations of design best practices.

Secondly, and more importantly, almost no advice is given as to what to do when things go wrong. What can the website owner do when an external design agency begins missing deadlines, but appears to be making an honest effort? What can be done when interdepartmental bickering threatens to sink the specifications process? These and other critical topics are not addressed. (Readers undoubtedly could think of other common scenarios.) It would have been terrific had the author shared hard-won lessons gleaned from his background and those of his colleagues, as well as what methods they found to be effective in squelching those crises, and which ones proved ineffective, and why. Those case studies alone would most likely have been worth the price of the book — again, with no need to disclose the names of the participants. Perhaps there would prove to be enough material to make for a second book.

The writing style can be described using Web design terms: fluid and accessible — although there are some run-on sentences from a lack of well-placed commas. The author explains the topics in a straightforward manner, without the assumptions and jargon that undermine communication between Web experts and non-technical businesspeople. This is one reason why this book should be of value not only to people responsible for websites in organizations of all sizes, but also to designers, developers, user interface specialists, and all other Web professionals who communicate with project managers and end-users.

Website Owner's Manual is a valuable resource that benefits from the experience and insight of a veteran Web designer, and clearly presents guidelines that site managers can follow for maximizing the odds of successful site design, implementation, and maintenance.

Michael J. Ross is a freelance website developer and writer.

You can purchase Website Owner's Manual from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Frequent Slashdot contributor Bennett Haselton writes "Google finds itself inserting a disclaimer once again above some offensive search results. But the disclaimer still leads many to believe (incorrectly) that Google doesn't tamper with search results even in cases of 'harmful' or 'offensive' material. We know that Google has in fact de-listed some pages at the request of offended parties. What is their real policy on the issue?" Read on for Bennet's essay.

In 2004, when Google users discovered that the top search result for the word "Jew" was the anti-semitic site Jew Watch, Google ran a disclaimer in the space usually reserved for ads, explaining that their results only reflected the reality of link counts on the Web, and that they did not endorse any Web sites which appeared at the top of their listings. Now the disclaimer has been dusted off again, as the top result on Google Images for "Michelle Obama" is a picture of a monkey's face with Michelle's hairdo. (Ironically, it looks as if the original image would have fallen out of the rankings, if it hadn't been for a follow-up blog post about the controversy, which itself now comes up as the first result.)

I first heard about the controversy from Dennis Prager's column in which he takes a New York Times columnist to task, because the columnist complained about "racially offensive images of the first couple" that come up in Google searches. Prager was unable to find any examples from Googling "first couple" or "Michelle and Barack Obama pictures," so he concluded that the NYT columnist "wildly exaggerated, if not made up" his claims. I tried Google Image searches for "first couple," "Barack Obama," and some other terms, and I couldn't find anything controversial either. However, it only took 10 seconds to enter "first couple google images controversy" on the regular Google Web search and find multiple blog posts explaining what all the fuss was about. Back to Google 101 for Dennis.

Many of the blog posts refer to Google's disclaimer about not tampering with search results. Those on one side are urging Google to make an exception and "fix" the results, while others sagely observe that Google just reflects reality, it doesn't create it.

All of this punditry is starting from a premise that's wrong. Google has actually removed pages from their search results — not because the pages were illegal or because the webmasters were search engine spamming, but because of the page's "offensive" content. In the "Chester's Guide" incident, a councilman in Chester, England discovered that one of the search results for "chester guide" was a satirical page titled "Chester's guide to picking up little girls." Although the page itself was obviously just someone's idea of sick humor, a Chester city councilman (who admitted that he hadn't looked at the page, saying that the title told him everything he needed to know) urged Google to remove the page from their index. Google at first refused, but later manually blacklisted the page to prevent it from appearing in their search results.

Whether or not you think this was the right decision, probably depends on what you think is the purpose of Google. If Google's purpose is to return the most useful results, then it made sense to remove the link, as Danny Sullivan of Search Engine Watch argued at the time, since it almost certainly was not a useful result for people searching for "Chester Guide." On the other hand, if the primary purpose of Google is to reflect the reality of what pages on the Web feature certain words most prominently (combined with all the other factors that Google weighs, of course), then the results shouldn't be altered.

But more people should at least realize that it happened. The Google disclaimer doesn't precisely say that they never blacklist pages or modify search results ("Google reserves the right to address such requests individually"), but it seems to give most people the impression that that's the case. According to that crudest of Googling techniques for which novice searchers are so frequently lampooned, there appear to be about 400 times as many stories on the Web about the Google "Jew Watch" controversy (where Google stood their ground) as there are stores about the "Chester's Guide" incident (where Google caved).

And Google-number-three Matt Cutts posted on his blog back in March explaining why Google does not remove "offensive" pages from search results; over a hundred comments followed, debating the pros and cons of the position, but none of them mentioned the Chester incident or any other case where Google actually had removed pages except as a result of a court order. One isolated comment from "Anonymous" said:

This is not quite true. I know of at least one web site that was de-listed for containing illegal content and/or promoting illegal activity.

which may or may not have been a reference to the Chester Guide incident. And that was it.

Is this a lot of hay to be making over something that happened years ago? Well, for one thing, I doubt if it happened just once. Consider that the Chester Guide incident involved a public declaration of outrage by a city council, and a public statement from Google, and still hardly anyone knows that it ever happened. If other incidents occurred without those high-profile elements, it would be even harder to discover them now. We'll probably never know how many such incidents took place, unless someone sues Google (maybe the owner of a blacklisted website, or maybe the victim of a RipOffReport hatchet job wondering why that site hadn't been blacklisted long ago), subpoenas Google for a list of cases where pages were de-indexed, and publishes the list if it's not sealed by a court order.

But whether it was one time or a handful, consider that political candidates like Arnold Schwarzenegger and Al Franken got asked during their campaigns about things they did 20 years earlier, and it's fair to ask a candidate about their past, because it's the same person standing in front of you now. Why did you do that? Have you stopped? Why?

And in the big scheme of things, Google is probably more powerful than a single US senator or the governor of California. So, can't we ask? What are their real rules about page removal? Have those rules changed since the Chester's Guide controversy? Can they even tell us what their rules are, or do they consider it a trade secret?

It is well known, of course, that Google censors some results in their search engines branded for different markets like China and even in liberal democracies like Germany. But nobody would call that a slippery slope towards censorship in the US version of Google, because the censorship in the Chinese and German versions is done at the behest of the governments there. On the other hand, Google does admit that they will de-index pages which include credit card numbers or social security numbers (which are all too easy to find on the Web). This might not seem like a controversial position, but even this act of voluntary self-censorship may be dipping their toe in the water further than it seems. Most people do consider their credit card information more private than their home address. But surely there are people like J.D. Salinger who less about the privacy of their credit card number (which is easily changeable) than their home address (which isn't). If someone finds Salinger's address and posts it on the Web, should Salinger be able to demand that Google de-index the page? Why should Google cater to the majority who want to keep their credit card number secret, but not to the minority who care more about keeping their address secret? Another commenter on Matt Cutts's blog post asked:

"hi. I have a question. My mom 'googled' herself and it shows some of her medical problems. She wants/needs these pages removed from search engines."

Again, why shouldn't that be considered at least as private as a credit card number?

And finally, even Google's decision to display an "offensive results" disclaimer, for some results but not for others, raises the same "Where do you draw the line?" questions as the issue of page removal. The Michelle Obama monkey picture gets a disclaimer. But search for 'george w bush' and the first row includes a photoshopped (I think!) image of Bush flipping off the press. Does that warrant a disclaimer as well? (Maybe that's considered less unfair because, even though the picture is fake, it does depict something that actually happened.) The first image result for "bristol palin" is a photo of her engaged in underage drinking — a real photo, but probably unfair to call it the single most relevant photo of her on the Web.

So while Google might consider credit cards and social security numbers and search engine spam to be on one side of a "bright line," and everything else is served up without alteration, I think the line is blurrier than that, for at least those three reasons: (a) credit cards and SSNs are less private than some other that things that Google serves up anyway; (b) Google has unambiguously removed some content that fell outside that bright line, as in the Chester's guide incident, and (c) they make other "slippery slope" judgment calls about search results all the time (as in the question of when to show the disclaimer). So I hope that Google someday comes out with a more complete answer to the question. What is their real policy on what they will remove? The Chester's guide incident — would they do that sort of thing if the same situation came up today, or have their rules changed? If they want to go really deep, then is there a general set of principles from which their rules follow — explaining why, for example, they treat credit card numbers as more private than sensitive medical information? (Google did not respond to my request for comment, either through official channels or the unofficial back channels of friends who work there.)

I hope Google gives an answer some day. Even just to say, "It's a classified internal policy and that's all we're going to tell you." But once and for all, the answer is not "Google doesn't remove content just because it's 'offensive' or 'harmful.'"

Meanwhile, a modest suggestion about the disclaimer displayed above the search results: Put it where people will actually see it, in a separate line below the ads, but above the search results. Right now the link to the disclaimer is displayed as one of three ads across the top, and people don't look at the ads. But hey, people do buy ads, so if you push the disclaimer down a bit where people will read it, you also free up space for 50% more ad revenue!

ryanvm alerts us to Amazon's beta announcement this morning for what it is calling Spot Instances, which represent a name-your-own-price way of using the elastic compute service. Here is Amazon's documentation on the feature. "For customers with flexibility in when their applications can run, Spot Instances can significantly lower their Amazon EC2 costs. Additionally, Spot Instances can provide access to large amounts of additional capacity for applications with urgent needs." Customers can use the EC2 API to see recent spot prices.

swsuehr writes "The Book of Xen: A Practical Guide for the System Administrator provides an excellent resource for learning about Xen virtualization. I frequently need to create test environments for examples that appear in various books and magazine articles (in the interest of full disclosure, I've never written for the publisher of this book). In the days before virtualization that meant finding and piecing together hardware. Like many readers, I've been using virtualization in one form or another for several years, including Xen. This book would've saved hours searching around the web looking for tidbits of information and sifting through what works and doesn't work in setting up Xen environments. The authors have done the sifting for me within the ~250 pages of the book. But far beyond, the authors also convey their experience with Xen using walkthroughs, tips, and recommendations for Xen in the real world." Read on for the rest of Steve's review. The Book of Xen: A Practical Guide for the System Administrator author Luke Crawford, Chris Takemura pages 312 publisher No Starch Press rating 9/10 reviewer Steve Suehring ISBN 1593271867 summary A guide for using Xen for virtualization. The Book of Xen is written with the system administrator in mind; someone who is comfortable with tasks like installing Linux and working with the command line. While it wouldn't be impossible for someone completely new to Linux to accomplish the tasks in the book, a bit of experience would go a long way to both visualize and complete the installation and configuration steps shown in the book. As stated in the introduction, the book is organized "(mostly) alternating between theoretical and practical discussion [because] an admin needs both practical experience and a firm theoretical ground to effectively solve problems..." (xxiii).

The authors do an excellent job of explaining what Xen is and where it fits in the virtualization landscape. This explanation begins with the introduction where the reader gathers a brief history of virtualization along with Xen's place in the landscape. Xen's limitations and reasons for using Xen are also covered right in the introduction, along with an overview of the book.

Chapter 1 begins with a high-level overview of Xen. This discussion is excellent if only to get the readers on equal footing for the discussions to come later in the book. Included in this chapter is a discussion of various techniques for virtualization including Full Virtualization, OS Virtualization, and Paravirtualization. The section on Paravirtualization leads nicely into some of the underlying details of scheduling, interrupts, and memory, and other resource management which are handled by Xen and discussed later in the chapter.

Chapter 2 sends the reader down the path of installing and using Xen. It's a short chapter, coming in at about 9 pages, and the reader is expected to be able to handle an install of CentOS with just a bit of guidance from the authors on specific options to select. This is a key point for those among us who have a preference for a certain Linux distribution. The book isn't tied specifically to a single distro, as the authors note in the introduction, "[w]e've tried to keep this book as distribution- and version-independent as possible, except in the tutorial sections, where we try to be extremely specific and detailed..." (xxiv). The base or host system upon which the examples run is based on CentOS, which the authors acknowledge and highlight in Chapter 2, "[f]or the purposes of this chapter, we'll assume you're installing CentOS 5.x with the server defaults and using its built-in Xen support. If you're using something else, this chapter will probably still be useful, but you might have to improvise a bit" (13). There is discussion of the Xen-tools package in a later chapter which shows its installation under Debian Linux too. So far from being tied to one distro, the book is refreshingly neutral in this regard.

By the end of Chapter 2, the reader has a working Xen host system and a domain 0 or dom0 host upon which to provision virtual machines. Included in Chapter 3 is a discussion of how to provision guest operating systems, known as domU in Xen-speak. The authors devote a good number of pages to making this task clear, and work through examples of basic domU installation and the use of package management systems and Debian's debootstrap to create domUs. Additionally in Chapter 3 the reader learns how to convert VMware disk images to a format usable by Xen.

Chapters 4 and 5 examine details of the Xen backend, including storage and networking. Chapter 4 stands out for its recommendation of blktap and LVM (Logical Volume Manager) as the storage backend as well as an overview of LVM itself, along with the use of networked storage for Xen.

Chapter 6 looks at tools for management of Xen, focusing on Xen-tools, libvirt, and Xen-shell while Chapter 7 gives advice for hosting untrusted users with Xen. Chapter 8 discusses the use of Xen with Unix-like operating systems and includes sections on Solaris and NetBSD.

The ability to migrate the virtual machine from one physical machine to another is one of the advantages of virtualization. As pointed out by the authors, a virtual machine might be migrated to take advantage of newer hardware, to perform maintenance, or any number of other reasons. Chapter 9 is of interest for its discussion of Xen migration. Cold and Live migrations are examined and Footnote 1 on page 126 is interesting for its reference to the Kemari Project and Project Remus which are projects to add hardware redundancy to Xen.

Tools and techniques for the measurement of Xen performance are shown in Chapter 10, which walks the reader through basic usage of well-known tools such as Bonnie++, httperf, UnixBench, and others. More importantly for the Xen admin is the discussion of Xen-aware profilers like Xenoprof which is "a version of OProfile that has been extended to work as a system-wide profiling tool under Xen..." (151).

Chapter 11 covers the Citrix XenServer, which is the enterprise-grade commercial Xen product from Citrix. The authors summarized it best in the review of Chapter 11: "Can Citrix's product replace the open source Xen? As always, the answer is maybe. It offers significant improvements in management and some interesting new capabilities, but that's balanced against the substantial cost and annoying limitations" (174).

Chapter 12 begins the discussion of Hardware Virtual Machines (HVMs), which are virtualization extensions that enable "an unmodified operating system [to run] as a domU" (176). This means the ability to run an unmodified version of Microsoft Windows as a guest OS within a Xen environment. The HVM discussion in Chapter 12 leads nicely into Chapter 13, "Xen and Windows".

The main chapters of the book end with Chapter 14, "Tips", and Chapter 15, "Troubleshooting". Both chapters draw on the experience of the authors and provide value to the book for their recommendations. Though the tool of choice for troubleshooting is the nearest Google search box, it's still helpful to glance over the content in the Troubleshooting chapter if for no other reason than to maybe remember that it's there when you receive the dreaded "Error: DestroyDevice() takes exactly 3 arguments" error.

The Book of Xen is almost certainly a time-saver for anyone looking to implement Xen or virtualization with Linux. The back cover states "The Complete Guide to Virtualization with Xen". The book lives up to that statement and more.

You can purchase The Book of Xen: A Practical Guide for the System Administrator from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "While there is a plethora of books such as Public Speaking for Dummies, and many similar titles, Confessions of a Public Speaker is unique in that it takes a holistic approach to the art and science of public speaking. The book doesn't just provide helpful hints, it attempts to make the speaker, and his associated presentation, compelling and necessary. Confessions is Scott Berkun's first-hand account of his many years of public speaking, teaching and television appearances. In the book, he shares his successes, failures, and many frustrating experiences, in the hope that the reader will be a better speaker for it." Keep reading for the rest of Ben's review. Confessions of a Public Speaker author Scott Berkun pages 238 pages publisher O'Reilly Media rating 8/10 reviewer Ben Rothke ISBN 0596801998 summary Professional speaker Scott Berkun reveals the techniques behind what great communicators do An issue with many books on public speaking is that they focus on the mechanics of public speaking. While there is nothing necessarily wrong with that approach, Confessions takes a much deeper and analytical look at public speaking. The book demonstrates that the best public speakers are not simply people with fancy PowerPoints; rather they are excellent communicators with a strong message.

While other books focus and stress the importance of creating good PowerPoints, Confessions shows how one can rise above the PowerPoint and be a presenter of ideas to the audience. Such an approach can take a dry presentation and turn it into a compelling one.

Berkun notes that while many people perceive public speaking to be a terrifying experience, the reality is that it does not have to be so petrifying. With fundamental preparations, even the most timid person can be a public speaker. While such a person will never be a speaker at the caliber of a Steve Jobs, there is no reason they can't present an enjoyable and educating presentation.

The book is loaded with chapter after chapter of practical advice. Berkun also shows what to do when things go terribly wrong; from how to work a tough room, when technology fails, microphones that go bad and more.

The book also provides effective techniques on how to deal with a participant, who in the course of asking a question, turns it into a monologue or diatribe. His suggestion is to throw the question back at the audience. Ask the audience "how many people are interested in this question?", If only a fraction of the audience raise their hands, tell the questioner to come up afterwards and that you will answer them. Berkun concludes that just because a question is raised, does not mean that the speaker is obligated to answer it.

Some of the advice in the book is obvious, but only after you read it, such as not turning your back on the audience, and more. One of the better suggestions is rather than ending a talk with "are there there any questions?", use "what questions did you think I would answer but didn't?"

As an effective communicator, one would have thought that Berkun could have gotten his message across with less profanity. While the book is not necessarily profanity laden; it is there in numerous places. That will preclude the book from being purchased in many organizations sensitive to that.

Chapter 6 — the Science of not boring people — is perhaps the best chapter in the book, where Berkun takes a look at a fundamental problem with many public presentations, they are simply boring. The chapter describes an experiment in which heart-rate monitors were strapped to listening students during lectures. Their heart rate peaked at the start of the lectures and then steadily declined. Berkun notes that with this depressing fact, it's easy to understand why most lectures are slow one-way trips into sedation. Our bodies, sitting around doing little, go into rest mode, and where our bodies go, our minds will follow."

Berkun also writes of perhaps what is the biggest bane of having to listen to a speaker, death by PowerPoint. Far too many speakers lack relevant content and try to make up for that with fancy PowerPoint presentations. Berkun notes that far too few people create their content first. Rather they put their ideas immediately into a PowerPoint, with the hope that good content will magically emerge. The message Berkun says repeatedly and which speakers should take to heart, is that content is what matters, and not the sacred PowerPoint.

The reason for so much death by PowerPoint is that many speakers are seduced by the style of the presentation and get caught up in the fonts, videos, graphics, and more, and lose all context of the points that they want to make. Berkun concludes that the problem with most bad presentations is not the slides, the visuals or any of the things that most people obsess about; rather it is the lack of thinking.

The book also stresses the importance of good feedback for the speaker to grow into a better speaker. The challenge is that most attendees are reticent to give effective rebuke to the speaker. Berkun says the best way to overcome this is for a speaker to videotape themselves, and be merciless with themselves, extracting what their mistakes are.

The last chapter is "You Can't Do Worse Than This" is made up of stories of disastrous experiences from various public speakers. The chapter is exceptionally insightful and entertaining. Perhaps the funniest story was when Larry Lessig was invited to be a guest at a conference in Georgia (as in Eastern Europe) and after the introduction, was unexpectedly told that he was to give a one-hour talk comparing the German, French and American constitutions, with special insights for Georgia.

Overall, Confessions of a Public Speaker is a very well-written, entertaining and engaging overview of the art of public speaking. For those that are contemplating public speaking, or want to improve their current aptitude, it is impossible that after reading the book, they won't be a better speaker. For those that simply want to know what goes into, and what makes a really good presentation, Confessions of a Public Speaker is also a worthwhile book to read.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Confessions of a Public Speaker from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "While there is a plethora of books such as Public Speaking for Dummies, and many similar titles, Confessions of a Public Speaker is unique in that it takes a holistic approach to the art and science of public speaking. The book doesn't just provide helpful hints, it attempts to make the speaker, and his associated presentation, compelling and necessary. Confessions is Scott Berkun's first-hand account of his many years of public speaking, teaching and television appearances. In the book, he shares his successes, failures, and many frustrating experiences, in the hope that the reader will be a better speaker for it." Keep reading for the rest of Ben's review. Confessions of a Public Speaker author Scott Berkun pages 238 pages publisher O'Reilly Media rating 8/10 reviewer Ben Rothke ISBN 0596801998 summary Professional speaker Scott Berkun reveals the techniques behind what great communicators do An issue with many books on public speaking is that they focus on the mechanics of public speaking. While there is nothing necessarily wrong with that approach, Confessions takes a much deeper and analytical look at public speaking. The book demonstrates that the best public speakers are not simply people with fancy PowerPoints; rather they are excellent communicators with a strong message.

While other books focus and stress the importance of creating good PowerPoints, Confessions shows how one can rise above the PowerPoint and be a presenter of ideas to the audience. Such an approach can take a dry presentation and turn it into a compelling one.

Berkun notes that while many people perceive public speaking to be a terrifying experience, the reality is that it does not have to be so petrifying. With fundamental preparations, even the most timid person can be a public speaker. While such a person will never be a speaker at the caliber of a Steve Jobs, there is no reason they can't present an enjoyable and educating presentation.

The book is loaded with chapter after chapter of practical advice. Berkun also shows what to do when things go terribly wrong; from how to work a tough room, when technology fails, microphones that go bad and more.

The book also provides effective techniques on how to deal with a participant, who in the course of asking a question, turns it into a monologue or diatribe. His suggestion is to throw the question back at the audience. Ask the audience "how many people are interested in this question?", If only a fraction of the audience raise their hands, tell the questioner to come up afterwards and that you will answer them. Berkun concludes that just because a question is raised, does not mean that the speaker is obligated to answer it.

Some of the advice in the book is obvious, but only after you read it, such as not turning your back on the audience, and more. One of the better suggestions is rather than ending a talk with "are there there any questions?", use "what questions did you think I would answer but didn't?"

As an effective communicator, one would have thought that Berkun could have gotten his message across with less profanity. While the book is not necessarily profanity laden; it is there in numerous places. That will preclude the book from being purchased in many organizations sensitive to that.

Chapter 6 — the Science of not boring people — is perhaps the best chapter in the book, where Berkun takes a look at a fundamental problem with many public presentations, they are simply boring. The chapter describes an experiment in which heart-rate monitors were strapped to listening students during lectures. Their heart rate peaked at the start of the lectures and then steadily declined. Berkun notes that with this depressing fact, it's easy to understand why most lectures are slow one-way trips into sedation. Our bodies, sitting around doing little, go into rest mode, and where our bodies go, our minds will follow."

Berkun also writes of perhaps what is the biggest bane of having to listen to a speaker, death by PowerPoint. Far too many speakers lack relevant content and try to make up for that with fancy PowerPoint presentations. Berkun notes that far too few people create their content first. Rather they put their ideas immediately into a PowerPoint, with the hope that good content will magically emerge. The message Berkun says repeatedly and which speakers should take to heart, is that content is what matters, and not the sacred PowerPoint.

The reason for so much death by PowerPoint is that many speakers are seduced by the style of the presentation and get caught up in the fonts, videos, graphics, and more, and lose all context of the points that they want to make. Berkun concludes that the problem with most bad presentations is not the slides, the visuals or any of the things that most people obsess about; rather it is the lack of thinking.

The book also stresses the importance of good feedback for the speaker to grow into a better speaker. The challenge is that most attendees are reticent to give effective rebuke to the speaker. Berkun says the best way to overcome this is for a speaker to videotape themselves, and be merciless with themselves, extracting what their mistakes are.

The last chapter is "You Can't Do Worse Than This" is made up of stories of disastrous experiences from various public speakers. The chapter is exceptionally insightful and entertaining. Perhaps the funniest story was when Larry Lessig was invited to be a guest at a conference in Georgia (as in Eastern Europe) and after the introduction, was unexpectedly told that he was to give a one-hour talk comparing the German, French and American constitutions, with special insights for Georgia.

Overall, Confessions of a Public Speaker is a very well-written, entertaining and engaging overview of the art of public speaking. For those that are contemplating public speaking, or want to improve their current aptitude, it is impossible that after reading the book, they won't be a better speaker. For those that simply want to know what goes into, and what makes a really good presentation, Confessions of a Public Speaker is also a worthwhile book to read.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Confessions of a Public Speaker from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

theodp writes "After a copy of Get a Grip on Physics appeared in police photos of Tiger Wood's golf club/hydrant-damaged SUV, the book's Amazon sales rank jumped from 396,224 to 2,268. 'I'm delighted,' said author John Gribbin upon hearing that Tiger was in possession of his layman's guide to physics. 'I write books about science for people who aren't scientists so he's exactly my target audience.'"

Martijn de Boer writes "The book has been written to provide the reader with a short introduction to the concepts of Service Oriented Architecture with Java. The book covers the theory and analysis from the start and is progressing to a more intermediate level slowly throughout the different chapters. This book has been written for software architects and programmers of the Java language who have an interest in building software using SOA concepts in their applications. The cover hints to a series called “From Technologies to Solutions”, and that is exactly what this book tries to do, it tries to explain the SOA technology with different case studies and a path for solutions for your applications." Read below for the rest of Martijn's review. Service Oriented Architecture with Java author Binildas A. Christudas, Malhar Barai, Vincenzo Caselli pages 192 pages publisher Packt Publishing rating 8/10 reviewer Martijn de Boer ISBN 1847193218 summary This book is an overview of how to implement SOA using Java with the help of real-world examples. It briefly introduces the theory behind SOA and all the case studies are described from scratch. When I ordered the copy of the book, I was under the impression that I was required some familiarity with terms used in the world of SOA but I was rather fond of the easy explanation of terms in the first chapter. The first chapter starts off with a small introduction to the role of software architecture when thinking about a software project. The chapter covers alternatives to SOA and tries to get the reader onto the right path for the rest of the book.

Later on in the book different subjects pass, the first few chapters start off with the basics of using XML as a communication layer. The third chapter introduces the audience to different implementations of web services in the Java world including the most familiar names as Apache Axis, Spring and XFire. The reader will be shown and guided to the install process of these web services and is being shown around the process of working with the software. The pros and cons of every piece of software are shown when following the steps throughout the chapters.

The book ends with chapters providing case studies of real world examples of SOA and alternatives. I have found this to be the most informative section of the book when looking to make decisions on how to architect a software project as it provides several examples on when to use which aspect of SOA. The different case studies allow you to put some weight and foundations into your decisions. The last chapter of the book is basically a conclusion of what we have learned throughout the book and provides a clear summary of goals of using service oriented architecture.

The reader is expected to have understanding of Java to follow the examples throughout the book. Examples are demonstrated on Windows machines, but could be followed on any other platform as well without having the hassle of setting up a different environment. That is one of the advantages of Service Oriented Architecture with Java, because it basically can be ran everywhere.

When you work your way throughout the book, you will discover different clearly illustrated diagrams and other informational graphics. There are more than enough images to make this something other than a boring theory book, as the images often provide a better understanding of different explanations of architecture and setups.

The book covers a small setup with Apache Axis 1.3 and mentions to use this opposed to the more recent 2.0 version because more software is being implemented on top of the 1.x series of said web service. However because the reader is starting to learn about SOA, it would have been great to see some of the differences and read why 2.0 hasn't been adopted much yet. I would have liked to see a bigger comparison between those two versions, but as the authors point out, there is a great community for both versions which provides a lot more background information if you want to look further into the more technical information that isn't provided in the book yet.

This book is a good way to get your feet wet in using web services to build and architect powerful Java applications for your business. I am no big Java developer yet, and I needed this book to navigate through the different pieces of software available, it succeeded very well at that point. I was fond of the clear writing style, which has always been the case by books from Packt Publishing. The book also has been written in a logical order, putting case studies at the end of the book so they are better to follow. Most technical books I own are written in a way that allows you to jump from chapter to chapter in an order that you need them, but I found this book to be a solid line of information of which the difficulty grade builds up from beginning to end. As a developer and software architect I really appreciate how well this book has been written for this audience, it's almost as if it was written especially for me and the knowledge I had of service oriented architecture.

You can purchase Service Oriented Architecture with Java from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "The shopping cart systems that power online stores have evolved from simple homebrew solutions in the CGI era to far more powerful open source packages, such as osCommerce. But even the later systems are frequently criticized as suffering from poorly-written code and inadequate documentation — as well as for being difficult to install and administer, and nearly impossible to enhance with new functionality and improved site styling, at least without hiring outside help. These problems alone would explain the rapidly growing interest in the latest generation of shopping cart systems, such as Magento, purported to be outpacing all others in adoption. In turn, technical publishers are making available books to help developers and site owners get started with this e-commerce alternative, such as Magento: Beginner's Guide, written by William Rice." Read on for the rest of Michael's review. Magento: Beginner's Guide author William Rice pages 300 publisher Packt Publishing rating 8/10 reviewer Michael J. Ross ISBN 978-1847195944 summary A starter guide to this popular e-commerce shopping cart. This title was published on 15 April 2009 by Packt Publishing, under the ISBN 978-1847195944. The firm makes available a Web page dedicated to the book, where visitors can find information on how to purchase the print or PDF versions of the book (or both as a bundle, at substantial savings). The site also has a link labeled "Code download" (even though there isn't any downloadable code), another link for viewing any errata (of which there is one reported, as of this writing), and a link for downloading a sample chapter (the third one, "Categories and Attributes").

The bulk of the book's 300 pages are organized into eleven chapters, which are intended to take the reader through the basic topics, in the same order they might be encountered by anyone developing a Magento-based store for the first time: an introduction; Magento system requirements and installation; product categories and attributes; tax rules; adding product information; site styling; advanced product functionality; CRM; payment processing; shipping configuration; and order fulfillment. These chapters are followed by an appendix that delineates, as numbered lists, all of the steps covered in greater detail in the chapters. The book concludes with an index whose value is immediately brought into question by the "products" entry, which presumably would be one of the most lengthy sections for an e-commerce book such as this one, yet contains only two entries, and neither one has a page number.

The book's first chapter begins by stating what Magento and the book offer, which were already covered in the preface. The author then introduces the demo store (an online vendor of coffee beans) to be used throughout the book, with screenshots. Readers can skip over this chapter, without missing anything of importance. This chapter, like all that follow, concludes with a summary, which adds no value to the book.

In Chapter 2, the author patiently steps the non-technical user through each phase of installing Magento on a Web server, with an emphasis upon Linux systems, which apparently are far less problematic for Magento than using a Windows-based hosting account (imagine that). PHP novices will likely appreciate the author's tip on how to use phpinfo() to see their server settings, but should be warned to delete that file so hackers cannot also stumble upon that information. Also, there are some technical inaccuracies in the author's discussion of search engine friendly URLs. In step 1 of the installation, he should have explained why he chose the Full Release and not the Downloader. On page 31, he instructs the reader to set some Magento files to permissions of 777, even though the previous page stated that his Web hosts' control panel does not allow that setting. Some readers may be confused by this, and should be advised to use their FTP programs for accomplishing this task, if their control panel has the same limitation. In step 3, the author could have provided some guidance as to what the reader can do if Magento refuses to proceed with the installation and provides no error messages, even though the database information is valid and confirmable by logging in at the command line. Of course, it is difficult to anticipate all the possible problems that a user may encounter. Even the official Magento documentation does not appear to address this particular issue. Lastly, the checklist at the end of the chapter, which specifies four items to confirm prior to installation, obviously should have been presented at the beginning of the chapter.

In the third chapter, the author explores some key concepts needed in working with Magento: products, categories, and attributes. Throughout the book, these three common terms — and later, "shopping cart," "payment gateways," etc. — are presented in title case, as if they were proper names, which they are not. Within the text, this formatting gives them the appearance of menu or page names, which quickly becomes annoying. A glaring example of this is section 16 on page 59. On the same page, the reader will encounter a rather cryptic heading, "Have a go hero." Nonetheless, readers should find the topic coverage to be quite useful, including tips on enabling a product navigation menu, optimizing categories, entering products, creating product images, and setting attributes. The next two chapters explain how to apply taxes to customer purchases, and how to add "simple products" (those without customer-changeable attributes), respectively. At first glance, one might conclude that Chapter 5 should immediately follow Chapter 3 — or be combined into one chapter — since both deal primarily with products. But within Magento, tax rules are a prerequisite for properly creating new products in one's store, so the chosen order makes sense.

The author shifts gears with the sixth chapter, which explores basic styling, i.e., customizing the appearance of a Magento-based storefront. The majority of the changes can be accomplished easily by the reader, because most of them are made within the Magento administrative area, and not through any involved editing of the CSS files of the default theme. Chapter 7 covers the topics of related products, grouped products, and configurable products — and thus clearly should have followed Chapter 5. Regardless, the author's use of illustrative examples, in creating the demo site, is quite helpful for the reader to see how to use each dialog box in the process of creating the various types of products.

The last four chapters of Magento: Beginner's Guide address four essential aspects of building and running an online store, beyond the products themselves: Chapter 8 is fairly brief, but explains how to configure a store's e-mail addresses and contact form (but not how to customize the e-mail templates), as well as the functionality made available by Magento for administering customers once they have become registered users on the store site. The subsequent chapter shows how to set up a Magento site to accept customer payments using PayPal, Authorize.Net, and other electronic payment options. Chapter 10 explains how to configure the various shipping options within Magento, and, like the previous chapter, focuses on trade-offs among the various options rather than the details of how to complete each dialog box. Confusingly, on page 219, the author states that you can charge a handling fee with the flat rate method, but four pages earlier states the exact opposite. The last chapter in the book covers the various phases of order fulfillment, as well as order management.

Despite the value of the book's contents, the material would have benefited from some proper editing, evidenced alone by the many errata: "freelance[r]" (on the "About the reviewer" page), "[and] so" (page 2), "distinguishes" (page 3), "top[-]two" (page 10), "Paypal" (page 11), "Card(saved)" (page 11), "php" (page 13), "reading and article" (page 17), "you web host" (page 27), "/single-origin-coffees" is missing (page 55), "Attribute[']s Model" (page 73), "Add New [Attribute] Set" (page 75), "answer[s]" (page 78), "zip codes" (pages 85-86, and others), "characters;" (should be a comma; page 104), "later [in the] book" (page 131), "discuss about" (page 131), "direct[ion] replacement" (page 133), "graphics;" (should be a comma; page 138), "tab. to" (page 141), "2@ brew..." (page 182), "can sit[e]" (page 190), "such [as] Visa" (page 195), and "Shopping Card" (page 197). Some of these errata are likely not attributable to the author, but instead introduced during the production phase of publication. There are other indicators that quality control was lacking, such as an errant period tacked on to every "Chapter 5" in the page title, on all the pages of that chapter. On a more subjective note, I found Packt Publishing's use of four different font sizes within the table of contents — no doubt intended to make higher level section names stand out — to actually reduce speed of scanning and comprehension, just as it does on Web pages that have half a dozen or more font sizes on a single page. The practice is not limited to this particular title, but appears to be standard in their lineup of books. In addition, the longer subheads are shown in such a thick and compressed font face as to be quite difficult to read, e.g., on page 239.

Throughout his book, the author's writing style is generally clear and approachable, though occasionally choppy. His background in technical instruction is exemplified by his logical, step-by-step explanations. Some readers may find this style too repetitive, such as the many mini-summaries — labeled "What just happened?" — scattered throughout the book. These are unnecessary, waste space, and could be excised. One instance of pedantry (on page 105) deserves special recognition/ribbing: "Yes and No are self-explanatory."

But all of these aforementioned flaws are relatively minor — particularly to the reader anxious to put up a new online storefront with minimum delay. Magento: Beginner's Guide is a detailed and lucid introduction to an e-commerce system quickly growing in favor.

Michael J. Ross is a freelance Web developer and writer.

You can purchase Magento: Beginner's Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "The third book in a pseudo-trilogy, Writing for Video Game Genres: From FPS to RPG, offers advice from 21 experts in the field of video game writing, pulled from the ranks of the IGDA's Game Writers Special Interest Group and wrangled together by editor Wendy Despain. It follows in the footsteps of Professional Techniques for Video Game Writing and Game Writing: Narrative Skills for Videogames, and in keeping with the trend, offers the most specific, targeted advice for how to write for an assortment of game genres." Read below for the rest of Michael's review. Writing for Video Game Genres: From FPS to RPG author Wendy Despain (editor), Sande Chen, Richard Dansky, et al pages 300 publisher A.K. Peters Ltd rating 10 reviewer Michael Fiegel ISBN 978-1-56881-417-9 summary Genre-specific advice for game writers, from game writers Depending on your particular poison, the authors of each chapter might be immediately recognizable or complete unknowns. Possibly most likely to be familiar to a general audience are Sande Chen (The Witcher) and Richard Dansky (Tom Clancy's Splinter Cell, Far Cry), but Lee Sheldon (the Agatha Christie series), Andrew Walsh (Prince of Persia) and David Wessman (the Star Wars: X-Wing series) might also ring a bell.

The important thing here, however, is not who the writers are, so much as that they deftly cover a wide variety of terrain. As the subtitle suggests the book covers everything from FPS to RPG, from MMO to ARG, and the entirety of alphabet soup in-between. Each chapter covers the particular challenges of writing for one particular genre, and generally offers specific tips on how to overcome those challenges when writing for that genre. The chapter on MMOs, for example, discusses the fact that MMOs have stories that never end, worlds with millions of chosen ones, and a complete inability to control pacing or quest flow. "Writing for Platform Games" emphasizes the need to provide a coherent narrative even while the player is generally busy trying to complete the next jumping puzzle. Other familiar genres covered along the way include Adventure games, Sports games, Flight Simulators and Driving games.

Several of the chapters also venture outside of what traditionally constitutes a "game genre." For example, Richard Dansky and Chris Klug respectively cover Horror and Sci-Fi/Fantasy, themes that are based on the shape of the narrative rather than any particular gameplay format. Later chapters also explore Sandbox games (which author Ahmad Saad indicates can include everything from Grand Theft Auto III to SimCity), Serious games (being "games that do not have entertainment as a primary purpose"), and Casual games. Chapters are also devoted to specific platforms: Evan Skolnick covers Handheld games, and Graeme Davis explores Mobile Phone games. The fact that some of these categories necessarily include games that might also fall into genres covered earlier is never a problem here, however; each chapter offers specific advice relevant to its particular subject, and there is little if any "what he said" repetition to be found, and certainly nothing like outright contradictory advice from different authors.

While a single numbered outline format is followed throughout the book, each author writes in a slightly different fashion. This means that some authors (such as Andrew Walsh, in his coverage of Platformers) present swaths of dense copy within each numbered section, whereas others break up their chapter with numerous subheads, a single short paragraph beneath each point (as with Daniel Erickson's chapter on RPGs). Further, while the format of the book's bulleted lists is consistent throughout, their prevalence is somewhat uneven; Lee Sheldon's chapter on Adventure games is chock full of bullets, while Dansky's chapter on Horror games nearly dispenses with them altogether (but for one single list of five items). Certain chapters contain many charts, tables and/or screenshots, while others lack them altogether. One particular design feature — a boxed "Special Note" that intrudes into the margin — is used only a scant handful of times in the entire book, which makes each sudden instance more of a "Hey! Over Here!!" than the "Psst, by the way..." which I think was intended.

None of this is in any way bad: in fact, Despain's Preface encourages skipping around, and specifically addresses the issue of inconsistency by saying that the chapters are "written as personal essays with the individual style of each author intact." However, it is a notable feature of the book and worth a mention; this is not a book you read from cover to cover in one sitting.

The larger consideration for the purposes of review is this: should you buy a copy? The book's intended audience is — as with the earlier books in the "trilogy" — geared towards professionals already working in the game industry. Quotes on the back cover specifically mention "those of us swimming in the murky waters of games storytelling," and the book's closing chapter (J. Robinson Wheeler's "Writing For Interactive Fiction") dispenses with any illusion altogether, saying "If you're reading this book, you're a writer..." Even the Preface says "we" more than "you" when addressing the reader. The assumption is that you're already "one of us," and while that's a warm embrace for me (since I am indeed "one of them"), it might come across as a bit of a lukewarm shoulder for someone outside the industry.

In short, this book — perhaps even moreso than either of the previous IGDA Writers SIG books — is by writers, and for writers. As a "starting point from which we (game writers) can work together to improve the state of the art," the book provides an excellent foundation, and deserves to be on the bookshelf of any game writer or designer, be they novice or veteran. As for everyone else... if you're ready to dip a toe in the chilly waters of game writing, you could do far worse than to check out the advice within.

You can purchase Writing for Video Game Genres: From FPS to RPG from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "Take a look at this awesome new product on Amazon. The laptop steering wheel desk is just the thing for the person who can't be sufficiently distracted by newspapers, eating, or cell phones while they drive. The user comments and reviews are great."

dag writes "Drupal 6 Social Networking is an interesting book about how to build social networks and why Drupal is a good choice as a platform for building communities. Even if you don't have any Drupal experience yet, this book explains what is needed when you start from scratch and looks at the different facets of a social network." Keep reading for the rest of Dag's review. Drupal 6 Social Networking author Michael Peacock pages 312 publisher Packt Publishing rating 8/10 reviewer Dag Wieers ISBN 978-1-847196-10-1 summary Building community websites using Drupal as a content management framework The book starts off with a short introduction about social networks and a list of compelling reasons why one wants to set up her own social network rather than using an existing social network like Facebook or MySpace. It all comes down to what your particular goals are. The first chapter looks into why Drupal is a good fit for building a community website. Its modular design, use of known technologies and ease of installation, as well as the ample availability of modules help in that respect, and also clearly marks where the book is going next. The other half of the first chapter explains in great detail what is needed during the installation of Drupal to have a working setup. If you are already experienced with setting up Drupal you can skim through this chapter to verify that you did not miss anything with earlier installations.

The second chapter prepares the reader for using Drupal specifically targeted for building a community website. To do this the author comes up with his own example (Dino Space) which is used throughout the book. And while the subject may be far-fetched and very different from what you plan to do, it serves its purpose well. Throughout this chapter the author explains many Drupal related concepts and terminology like Nodes, Content Types or Blocks and how to use these to your advantage when designing your site.

So while the first and second chapters explains and prepares the reader, chapter three helps with important decisions regarding user contributed content and all aspects related to it. User Roles, Comments, Polls, Forums and Blogs. One thing that surprised me was how it is possible to write blog entries from Microsoft Word using a standardized API. And while it is not applicable to me (as a Linux user) I can see some benefit for others within the targeted community. Another topic from the book that I had little experience with is collaborating on a Book within your community. I was always amazed by the annotated PHP manual in the past and this possibility reflects that effort a great deal. The chapter also includes attention to how to automatically generate feeds or include feeds from others, something that helps growing the community.

The next chapter goes into how users can maintain their profiles, how profiles can be extended and themed and how profiles can be shared between websites. It also looks into specific modules to help you eg. integrate OpenID or avatars from other websites. Chapter five explains how users can interact and how the User Relationships and User Activity modules allow users to promote their own content and actions on their site. Much like how Facebook becomes a time log of individual actions of our friends. It also looks at Guestbooks, Contact forms and Groups covering more than I was looking for myself.

One thing I recently had to look into myself was how to communicate with your users. Some users register and then loose touch so there is a clear need to regularly update them about what is happening and what new content is available and that's where chapter six explains how to set up Newsletters or connect your social network to online services like Google Groups.

Drupal is mostly respected for its modular design and Drupal's author often states "If it cannot be done from a module, then that's a design bug which needs to be fixed". That said, almost everything is possible from a module, which offers great flexibility to anyone deploying Drupal to customize it to its own needs. Chapter seven explains in some detail how to write your own Drupal modules from accessing the database, interacting with other services as well as making it installable and customizable. The example shows how to interact with Google Maps from a Drupal module. But also points to similar modules for connecting to Facebook.

Another important aspect of any website is its design, chapter eight shows how to install and configure additional themes, but also explains how to modify existing templates and tweak CSS files. It does not go into great detail though, but it sufficiently points out where to look and how to experiment.

The last two chapters are a bit dim, chapter nine explains how to secure your Drupal site from automated spam and lists a few maintenance tasks every admin should know about. Much like chapter nine, chapter ten does not go into a lot of detail about how to promote your website. It mostly lists important aspects and in some cases provides links to experienced websites.

All in all I was surprised by the many items this book covers, especially the chapters about writing modules and modifying themes is something most buyers will not expect in a Drupal book regarding Social Networking. And while I believe there are better books about those topics, in general this book is a good introduction to Drupal and a guide for those who are also interested in the more advanced parts of Drupal.

I was particularly interested in this book as I set up my own family website based on Drupal and I wanted to know what technologies I missed, and what additional modules I could use to make our own family website better. In that regard this book confirmed for a large part that what I did with Drupal was how it was supposed to be, but I did learn some new tricks and new modules I never investigated before. This knowledge undoubtedly will be useful for some future Drupal-based projects as well.

You can purchase Drupal 6 Social Networking from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

theodp writes "Over at the Center on Budget and Policy Priorities, Michael Mazerov carefully picks apart Amazon's arguments against collecting sales taxes, arguing that they simply do not withstand scrutiny. While Amazon officials say collecting sales tax in every state would be excessively burdensome, Mazerov notes the e-tailer already collects sales tax in virtually every state for numerous other companies that sell on its website. Mazerov also finds it disingenuous for Amazon to argue that it should not have to help support public services in states in which it has no physical presence when the company fails to support public services in most of the states in which it does have a physical presence. Finally, Mazerov isn't buying Amazon's argument that its opposition to collecting sales tax is not driven by a desire to gain a price advantage over competitors, which he finds at odds with the company's own actions and SEC filings. By claiming sales-tax immunity, says Mazerov, Amazon has enjoyed an unfair 5%-10% price advantage over local retailers, while also depriving states and localities of hundreds of millions of dollars of legally due revenue each year."

IraLaefsky writes "The appropriately titled Becoming Agile: In An Imperfect World by Greg Smith and Ahmed Sidky offers a realistic path to the family of Agile practices which have become prevalent in software development in the last few years. This family of approaches to software development has been widely adopted in the past decade to replace the traditional Waterfall Model of software development, described in a 1970 article by Winston W. Royce 'Managing the Development of Large Software Systems.' The Waterfall Model stressed rigid functional and design specification of the program(s) to be constructed in advance of any code development. While the this methodology and other early formal tools for Software Engineering were infinitely preferable to the chaos and ad-hoc programming-without-design practices of early systems, these first tools ignored the fallibility of initial interviews used to construct initial design and often resulted in massive time and cost overruns." Read below for the rest of IraLaefsky's review. Becoming Agile: In An Imperfect World author Greg Smith and Ahmed Sidky pages 408 pages publisher Manning rating 9/10 reviewer IraLaefsky ISBN 1933988258 summary provides the tools to introduce and adapt agile practices in a variety of corporate cultures The Agile methodologies which are described in this text stress an iterative approach to software development, with the continuous involvement of users (or user surrogates). These iterations consist of several week periods (to at most two month intervals) where a concise partial design requirement, story, is translated to a complete executable version of the program which can be demonstrated to users, for their immediate and anticipated criticism and controlled feature addition. These practices have undergone various codifications since the Agile Manifesto of 2001. Among the more popular Agile Menthodologies are Extreme Programming (XP), Crystal Clear and Scrum.

In describing these development methodologies this practical handbook takes an approach sorely needed in descriptions of Information Technology (IT), it assumes that the purchaser is considering employing the technologies described within the context of a real corporate environment with existing strengths and limitations, an existing approach to the problems addressed, and cultural biases concerning the adoption of new technologies. This approach enables the book to be used as a virtual consultant, taking the experiences described in a case study based upon the authors' advisory experience, and the test of organizational readiness for adoption and needs for customization of the technology as true guideline for introducing these practices in culturally and technology appropriate fashion. During the mid 1980s I served as an internal consultant at a large insurance firm, at the time we were considering the introduction of Expert Systems methodologies into the IT organization. I purchased several handbooks which were intended to introduce this new from academia technology to companies in the financial industries. Most of these books did an adequate job of describing the nature and basis of this technology to IT and Business Analysts trained in existing technology. But, all of the available books failed to chart a path for an IT organization with traditional development practices to successfully migrate to the new technology and appropriately translate this technology for business management. Becoming Agile, introduces a new effective method for describing the risks, benefits and appropriate adaptation of a radically new technology to organizations with existing successful and unsuccessful software development practices and a particular business culture.

Important features of this guide include the Sidky Agile Measurement Index (SAMI) which provides guidelines in moving your particular organization to Agile practices, the non-religious presentation of multiple Agile methodologies and approaches (specifically XP and SCRUM), appendices on organizational readiness assessment, phased development within the Agile context, an overview of the Agile process (suitable for business presentation), and the author forum. The importance of recognizing that new technology methodologies such as Agile Practices must be introduced and carried out in the context of a specific organization, with its own strengths and foibles, cannot be overemphasized. Step-by-step directions and illustrations are given for choosing an appropriate target application for the initial introduction of these methodologies, and each stage of implementation and their possible stumbling blocks are carefully outlined.

That it provides the tools to introduce and adapt these practices in a variety of corporate cultures, with varying degrees of technical sophistication is an invaluable advantage over other Agile texts and will save the organization many thousands of dollars in consulting fees. My only minor nit with this exceptionally fine introduction to Agile Methodologies is that some of the illustration appear to have been formatted in PC-based tools such as VISIO and PowerPoint and require a bit of squinting to study in the smaller book format. With this trivial exception I would award this excellent guide and virtual consultant, an almost perfect nine out of ten review, and recommend it to any organization seeking to intelligently adopt Agile Practices.

The print edition is available at all retailers, while the ebook can be purchased exclusively through the Manning E-Book Storefront.

You can purchase Becoming Agile: ...in an imperfect world from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Martin Ecker writes "The “OpenGL Shading Language” (also called the Orange Book because of its orange cover) is back in its third edition, with updated discussions of the OpenGL shading language (up to version 1.40, introduced with OpenGL 3.1). Like the previous edition, the third edition of the book is one of the best introductions to GLSL — the OpenGL Shading Language — that not only teaches the ins and outs of GLSL itself but also explains in-depth how to develop shaders in GLSL for lighting, shadows, animation, and other topics relevant to real-time computer graphics." Keep reading for the rest of Martin's review. OpenGL Shading Language Third Edition author Randi J. Rost, Bill Licea-Kane pages 458 publisher Addison-Wesley Professional rating 9/10 reviewer Martin Ecker ISBN 978-0-321-63763-5 summary A solid introduction to developing shaders in the OpenGL Shading Language GLSL Not unexpectedly the book starts out with a brief review of OpenGL basics. However, I would not recommend diving into this book without having prior experience with OpenGL, or at least with some other kind of 3D API, such as Direct3D. The book targets an audience that is already familiar with computer graphics and with OpenGL. Furthermore, knowledge of the C programming language is expected.

The next few chapters introduce the syntax and semantics of GLSL. At its core, GLSL is very similar to C. All the usual control flow statements, such as if statements and for loops, are available. However, the language adds some graphics-specific types, such as vectors and matrices. Even though this material is fairly dry, the writing is easy to follow and all concepts are presented with plenty of examples. Also uniform blocks — a new feature of GLSL version 1.40 — are discussed. Uniform blocks are used to efficiently send a block of variables via a uniform buffer to the GPU.

After familiarizing the reader with the language itself, chapter four delves into the integration of the shader-programmable units into the OpenGL pipeline, in particular the vertex and fragment shader units. Note that geometry shaders are not discussed in this book since they are a fairly recent addition to the OpenGL 3.2 specification. The next chapter goes over all the built-in, common functions that GLSL provides, such as sin, cos, abs, fract, and so on. Being more of a visual learner, what I really like about this chapter that the authors provide function graphs for each of the functions introduced. After all the basics of the shading language have been laid out in previous chapters, chapter six is dedicated to a full-fledged example that uses GLSL to procedurally render a brick pattern. If you're already familiar with other shading languages, such as Direct3D's HLSL or Cg, and you want to switch over to OpenGL/GLSL, I recommend jumping straight to this chapter to see how much you can grasp and then going back to the preceding pages to fill in the blanks if necessary.

The somewhat lengthy chapter seven contains detailed descriptions of the entry points provided by OpenGL to create and set up shader programs. Among other things, it describes how shader objects are created, compiled, and then linked to form shader programs that can then be used to render objects. Chapter seven concludes the dry, technical part of the book that introduced both the shading language and the necessary infrastructure to use it from a host program running on the CPU. The remainder of the book concentrates on numerous graphics techniques that can be achieved with shaders, such as bump mapping, lighting, shadows, animation, procedural effects, and many more. In short, it's the real fun part of the book where all the theory gets put into practice.

One of the highlights for me is the chapter on writing lighting shaders that discusses hemi-sphere lighting, image-based lighting using environment maps as light probes, and spherical harmonics lighting. The chapter on lighting is concluded by a discussion of the ÜberLight shader, a shader for a very versatile lighting model initially presented as RenderMan shader by Pixar Animation Studios.
Where there's no light there's shadow and so the book has an interesting chapter on various shadowing techniques, in particular ambient occlusion, shadow maps, and an interesting technique for rendering shadow volumes using deferred shading. The latter technique can be used to render soft shadows convincingly.

The most interesting chapter for me in the book is the one on surface characteristics. It discusses and develops shaders to render surface materials that exhibit complex light interaction. The authors start out with a discussion of refraction and present shaders to achieve the classic Fresnel reflection/refraction and chromatic aberration effects. Then diffraction, i.e. light bending around sharp edges, is discussed and a shader that renders a vinyl record realistically is developed. Finally, the chapter focuses on BRDF-based lighting and develops various material shaders using the BRDF model, a quite important topic nowadays since more and more video games now actually use BRDF-based lighting models.

Another important chapter in the book in my opinion is chapter seventeen about antialiased procedural textures. I consider it important because it is often ignored that shaders that procedurally create textures usually suffer from aliasing artifacts. This chapter shows a number of anti-aliasing techniques to diminish these issues. Chapter eighteen is a fun chapter on non-photorealistic rendering, discussing hatching, Gooch shading, and how to render the Mandelbrot set in a shader. Finally, the book closes with a comparison of GLSL with other shading languages, in particular RenderMan, HLSL, and Cg. This is mostly of interest to real geeks and language lawyers ;)

As in the previous edition, all images and diagrams in the book are in black and white, except for a few pages that contain 34 color plates in the middle of the book. Most of the images are not overly "flashy" but do give a practical idea of the types of rendered images a particular shader can produce.

The book’s accompanying website offers the source code to all the shaders presented in the book for download. Also available are other shaders not mentioned in the book and a demo application including source code, which nicely demonstrates the shaders in action. Most of the shaders are available under a very liberal BSD-style open source license.

The third edition of "OpenGL Shading Language" is an excellent introduction to shader programming with GLSL. It provides an in-depth and comprehensive discussion of the shading language itself as well as the C shader API used to create and manage shaders in the host program. The best and largest part of the book focuses on developing shaders for various applications, such as lighting, shadows, animation, and other areas of real-time computer graphics. If you’re interested in learning GLSL and shader programming in OpenGL, this is the book to get.

Martin has been involved in real-time graphics programming for more than 10 years and works as a professional game developer for High Moon Studios in sunny California.

You can purchase OpenGL Shading Language 3rd ed. from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Frequent Slashdot contributor Bennett Haselton changes things up today by reviewing The Big Questions: Tackling the Problems of Philosophy with Ideas from Mathematics, Economics and Physics. Questions that big need a big review and you can learn what Bennett has to say about it all by reading below. The Big Questions: Tackling the Problems of Philosophy with Ideas from Mathematics, Economics and Physics author Steven E. Landsburg pages 288 pages publisher Free Press rating 8/10 reviewer Bennett Haselton ISBN 978-1439148211 summary Steven Landsburg uses concepts from mathematics, economics, and physics to address the big questions in philosophy The first thing that I have to admit as a reviewer is that I enjoyed the book -- not just reading it, but scribbling out pages of scratch paper working on the puzzles inspired by the book -- that I probably would have paid up to about $200 for it (despite the fact that I disagreed with many of the conclusions, and even thought some of the arguments were pretty weak). I certainly don't mean that it's better than books by Richard Dawkins, Daniel Dennett, Steven Pinker, Malcolm Gladwell, or Steven Levitt and Steven Dubner (the Freakonomics and SuperFreakonomics team), but it will appeal to many of the same people.

Those authors' books typically marshall a large amount of research data and evidence in support of a thesis that seems contrarian but turns out to be probably true. The Big Questions (released November 3rd with a companion website and blog doesn't do that. The book is divided into many self-contained vignettes and side topics and independent arguments, which are based more on logic and reasoning than externally gathered evidence, and the arguments don't always convince you of the conclusions. But that's part of the fun: many of the arguments in the book are structured so rigorously, almost like mathematical proofs, that if you disagree the conclusion, the challenge is to figure out why you think the conclusion is wrong. (Nobody ever scribbled equations in the margins of Malcolm Gladwell's books trying to figure out if he was "right".)

You'll probably enjoy the book the most if the following are true for you:

• You enjoyed math all the way through high school, especially the paradoxes that seemed to grow out of elementary rules of logic or probability. Sometimes the paradoxes resulted from a flaw in one of the reasoning steps, so that identifying the flaw led to a deeper understanding of how to conduct those steps. And sometimes there really is no flaw in the reasoning, so that the conclusion, no matter how counterintuitive, must be true.
• Eventually, though, you ran out of "paradoxes" that could be described in the language of intermediate mathematics. There are other paradoxes lurking in mathematics, of course (like the celebrated Banach-Tarski paradox), but most of them require you to learn so much mathematics just to understand the paradox, that there aren't enough hours in the day.
• So, you'd be delighted to discover paradoxes in an entirely new field, where arguments built from elementary rules of logic, lead to a conclusion that seems at first to make no sense, but leads to a deeper understanding the more you think about it.

The core philosophy of The Big Questions -- not embodying any of the conclusions, but rather the rules of the game by which those conclusions should be reached -- is expressed in two lines near the end:

If you're objecting to a logical argument, try asking yourself exactly which line in that argument you're objecting to. If you can't identify the locus of your disagreement, you're probably just blathering.

(This quote makes Landsburg sound grumpier than he is; at this point in the book, he's just coming off of describing an exhausting round of e-mail argument with another professor who he felt was not playing by these rules.) I've believed this passionately for a long time, and to me it seems trivially true anyway: If an argument is organized into a series of steps, and you disagree with the conclusion, then some step in the argument must be the first step you disagree with, and if the author feels like each step in their argument follows by airtight logic from the previous step, then that's the point at which one of the two players is wrong. There's nothing more exasperating to me than writing what I think is a well-reasoned logical argument, sending it to the intended audience, and getting back a reply which makes it obvious that the recipient simply read my conclusion, disagreed with it, cleared their throat, and started typing out paragraphs describing their own view. Which they're entitled to, but they missed the point -- I was hoping that if they disagreed with my argument, they could pinpoint exactly what part they disagreed with. (If they had replied with their own argument structured like a sequence of logical steps, then that would at least be a tit-for-tat exchange, but that rarely happens -- people who believe in forming their arguments like rigorous proofs, usually also like to find the error in logical arguments that lead to the opposite conclusion.)

To give you some of the flavor: One chapter in The Big Questions contains an elegant argument against protectionist tariffs: Suppose that an American sells cameras for $80 but a foreigner wants to sell cameras in America for $60 apiece. An American who would have bought the $80 camera will now buy the $60 camera and hence is better off by $20. The seller now has to sell their own cameras for $60 to stay competitive, so they are worse off by at most $20 -- however, if they voluntarily switch to some other business, then they'll be better off than they were when they were selling cameras for $60, and therefore worse off by some amount less than $20 from their original position. So on balance, abolishing protectionist tariffs would be good for Americans. "Therefore," writes Landsburg, "it seems to me that the protectionist's position is even less respectable than the creationist's. If you're convinced that most scientists are liars -- that everything they say about fossils, for example, is false -- then you can be a logically consistent creationist. But you can't be a logically consistent protectionist."

But the best part of reading an argument like that is to try and come up with a counter-argument that is equally rigorous. I think Landsburg is right, but only insofar as it applies to benefits to Americans. That leaves out another part of the equation: whether the production of cheaper foreign goods is harmful to foreigners providing the cheap labor. The textbook answer from economic theory is that the factory jobs must make workers better off (or at least no worse off) than they were before, otherwise they wouldn't have taken the jobs voluntarily. On the other hand, conditions in overseas sweatshops are so notoriously dangerous and unpleasant that it seems hard to believe the opportunities leave workers better off on balance. So you could be a logically consistent protectionist if you believe that: (a) sweatshop workers systematically underestimate how much the factory jobs are harming them; and (b) the harm done to the workers outweighs the benefits of lower prices for Americans. I'm not sure if these statements are true, but they are logically consistent. Still, Landsburg's argument is about as concise as possible and seems to refute any argument that protectionism makes
Americans better off on average.

In another chapter, Landsburg discusses the recent atheist bestsellers such as Richard Dawkins's The God Delusion and suggests that these books are really directed against a non-existent enemy, because the evidence is quite strong that most adults do not really believe the tenets of any major religion anyway. There is the argument that "interfaith dialog" makes no sense if you really believe (as many major religions teach) that your own religion's tenets are settled beyond discussion. There is the argument that since economic theory consistently shows that people respond to threat of punishment, virtually no one behaves as if they actually believe in everlasting damnation after death as punishment for sin. And the fact that the voluntary martyrdom of suicide bombers is vastly more rare than most people believe, and a disproportionate number of those are children (as Landsburg says, "I do not deny that many children believe in God, just as I do not deny that many children believe in Santa Claus"). I'd wondered before about how many people really did believe in God, but in just a few pages this argument had me thinking that the number was a lot lower than I'd ever thought before.

On the other hand, there were some arguments that I didn't spend much time puzzling over at all. Landsburg summarizes the paradox of "free will", and his dismissal of the paradox, basically as follows: The interactions of atoms that make up our brains and our environments, are deterministic processes, so if you know the state of a system at a given point in time, you could predict the state at any future point in time if you had enough computational power (with a caveat about the randomness possibly introduced by quantum physics). "Where, then, is there room for free will?... Easy: There is room for free will on Tuesday, Wednesday, Thursday and Friday, as the human being in question engages in deliberations that ultimately cause his actions." He says that just as "weather" is shorthand for the aggregate of the interactions of trillions of water molecules, "free will" is the same kind of shorthand:

"What caused your decision to get drunk and watch Mystery Science Theater the night before your philosophy final? Free will. An insane person might object that free will can't be it at all, because free will is just a shorthand term for an indescribably complex process involving trillions of neurons, which in turn can be described in terms of quadrillions of atoms and quintillions of subatomic particles. So what? You still have free will, and you know it."

I wrote Landsburg to object that this misses what people really mean by "free will" -- it's not just a shorthand term for the aggregate of particle interactions that make up human choices. It means, very specifically, that you could possibly have done something other than what you did. Landsburg replied to this objection by e-mail: "I dispute that there is any way to make sense of a phrase like 'could possibly have done something else'. I know what it means to say you did something; spacetime consists of all the things that get done; it is what it is." And I agree; it's hard to pin down what the statement means. But it underlies all of our instincts and intuition about human choices and blame: "You could have called yesterday, but you didn't." "I should have studied harder last night." If determinism is true, then these statements make no sense, and therein lies what I think most people mean then they refer to the paradox of determinism vs. free will. I think the issue deserves more thought than it's given in the book.

This is followed by a passage arguing that the controversy over "ESP" is silly, because of course everyone knows certain things by "extra-sensory perception", if by that you mean "things perceived not through the senses" -- like mathematical truths, which are arrived at through thought and not sensory input. Writes Landsburg: "Some of those phenomena have one additional characteristic: They are physically impossible. But if you're going to define ESP by its impossibility, then of course there's no point in debating it... And if impossibility is not a criterion, then mathematical insight is as good an example of ESP -- in the everyday sense of the term -- as any instance of clairvoyance or telepathy." Actually, I think the everyday use of the word "ESP" refers to perceiving facts that do not logically have to be true (so mathematical facts are excluded) -- like "Someone is watching me right now" -- without sensory input. And, once you clarify the definition, most people agree there's no evidence for it, so the whole discussion seems uninteresting.

But even if you throw out 75% of the book's arguments (which is far more than I rejected), you should still enjoy puzzling through the remaining 25% and forming your own conclusions. The most interesting argument in the book, to me, is about how to properly answer the question: How much should the government be willing to spend, to save the life of one of it's citizens? Of course if you're Ayn Rand, the answer is zero, but if you want to answer the question according to the laws of economic efficiency, it's a tough one. Landsburg originally got into the debate by writing a column arguing that ventilator support was not the most efficient way to help the poor. (Unfortunately, he couched it in the language of "ventilator insurance", which I think clouded the issue. I think it would have been more clear to say: "If we're going to spend this money to help the poor at all, it would make more sense to spend it on groceries for a far larger number of people, than to spend it on ventilator support for one person.") Another more liberal economist, Robert Frank, responded with a New York Times editorial arguing with Landsburg's methods and coming up with his own reasoning. I think there are problems with the reasoning on both sides (not logical errors, but rather situations in which the rules that they have adopted, lead to paradoxes and untenable positions -- suggesting that both sides' axioms have to be thrown out), but I still don't know the answer. (My own opinion about the flaws in their logic, and an alternative answer, is at this link: "How much should government spend to save a single life?")

The Big Questions also has excursions into areas of science and mathematics that I had never fully understood before, and in some cases hadn't even thought about. Landsburg describes how he had first learned that colors could be arranged continuously into a color wheel, and later learned that they could be arranged continuously along a line according to their wavelengths, and then a friend pointed out the contradiction. Which is it? Do colors vary continuously in two dimensions (forming a wheel) or one (forming a line)? Or, wait a minute, we measure colors according to the strength of their red, green, and blue components, so don't they vary continuously in three dimensions? Well, the answer is in there.

There are also chapters on Heisenberg's uncertainty principle, Gödel's incompleteness theorem, and the quantum phenomenon of "spooky action at a distance", which explain all of the concepts more clearly than I'd ever heard them explained anywhere else. I think that most writers attempting to explain these concepts err either on the side of being too precise -- determined that everything they right be correct, with no regard for whether they reader grasps it or not -- or too vague -- giving the general air of mystery, but not explaining the rules governing how a phenomenon works, and how to work with those rules to derive other conclusions from them. Landsburg's chapter simply begins, "This chapter is full of lies. That's because I'll be explaining the foundations of quantum mechanics, and I assume that if you wanted a careful accounting of every detail, you'd be reading a textbook." The text then gives an example of considering an electron that moves in a conceptual "circle", where at some points on the circle it has a greater probability of manifesting itself in one location if you examine it, and at other points it has a greater probability of manifesting itself in another location. He uses this to dispel a common misconception about the uncertainty principle:

You're just idly wondering where the electron is. In most circumstances, quantum mechanics says that it's quite impossible for you to know the answer to that question.

Aha! A fundamental limitation on human knowledge, no? No. Here's why: Most of the time, the electron is nowhere. Asking "Where is the electron?" is akin to asking "What is the electron's favorite movie?". It's a nonsense question. The inability to answer nonsense questions is not a fundamental limitation on knowledge.

How can the electron be nowhere? Because electrons behave nothing at all like anything you're familiar with. Instead of a location, the electron has a quantum state.

This clarified something for me that had bugged me for years. I never took a course in quantum physics, but I had indeed always assumed that electrons did have a "location" and the uncertainty principle referred to a limit on our ability to determine that location. Unfortunately there are probably many people who get through an entire course in quantum physics without getting this cleared up.

Balanced against these valuable insights are some libertarian arguments that are probably nothing you haven't heard before, especially if you have read of one of Landsburg's earlier books, Fair Play -- subtitled "What your child can teach you about economics, values, and the meaning of life", although the book was clearly about what he was teaching to his daughter. Many reviewers of Fair Play took note of passages like this one:

Most people have instinctive sympathy for the man who says "I tried for months to get a job and nobody would hire me. Only in desperation did I turn to theft." The same people have only scorn for the man who says "I tried for months to get a date and nobody would go out with me. Only in desperation did I turn to rape."

While I think most rape victims would have some choice words about the comparison, I was more unpersuaded because the passage wasn't structured like a true argument. In a good argument -- like Landsburg's earlier argument against protectionist tariffs -- -- you start with premises that seem apparently true, proceed by steps that seem apparently valid, and end with a conclusion that may not have been obvious from the outset. But in this case, the premise is the argument -- either you think rape and theft are comparable, or you don't. I don't think they are, because (a) the harm to a rape victim is out of proportion to the "benefit" to the rapist, and (b) notwithstanding the claims of college males, you won't actually die without sex. (Just as a thought experiment, if you would die without sex, and a man hadn't been able to get any women to sleep with him, and the government didn't provide any sort of sex "safety net", more people probably would feel sympathy for the rapist, if he only did it to save his own life.)

Some passages in The Big Questions are recycled from Fair Play and require a (just) slightly more thoughtful rebuttal. Landsburg argues that most parents, deep down, must not believe in redistributive taxation because

"I have never, ever, heard a parent say to a child that it's okay to forcibly take toys away from other children who have more toys than you do. Nor have I ever heard a parent tell a child that if one kid has more toys than the others, then it's okay for those others to form a 'government' and vote to take those toys away."

OK, but... I have also never heard a parent tell their child that it was OK to build a "jail" and put other kids in that "jail" for wrongdoing. And yet almost everyone, even libertarians, supports some form of imprisonment for lawbreakers. The lesson here is that there are some powers that are appropriate to delegate to a democratically elected government, with all the right checks and balances, but that you don't want random vigilantes seizing for themselves. So if you want a principled argument against taxation, it would take more than that.

And other passages in Fair Play deservedly did not make the cut of being imported into The Big Questions:

The massacre at Waco took place only days after my daughter (then aged six) had asked me how the government uses our tax dollars. When she walked in on the television coverage of flamed and carnage, I told her that now she was seeing the answer to her question. And when she heard that there were children in there, that they were burning children, her eyes grew wide with horror, and I both hope and believe that she will never forget that moment.

If you want 230 pages of that, then Fair Play is the book for you!

Of the libertarian arguments that did get carried over into The Big Questions, I think the problem with most of them is not that I think the conclusion is wrong, but, again, that the whole argument is the premise, and if you disagree with the premise then there's nothing to think about. For example:

Bert wants to hire an office manager and Ernie wants to manage an office. The law allows Ernie to refuse any job for any reason. If he doesn't like Albanians, he doesn't have to work for one. Bert is held to a higher standard: If he lets it be known that no Albanians need apply, he'd better have a damned good lawyer.

These asymmetries grate against the most fundamental requirement of fairness -- that people should be treated equally, in the sense that their rights and responsibilities should not change because of irrelevant external circumstances.

But I think the laws do treat all people equally, because they apply equally whether Bert is discriminating in deciding whether to hire Ernie, or whether Ernie is discriminating in deciding whether to hire Bert. The laws don't apply equally to all roles that people play, which is the distinction that Landsburg is highlighting -- but laws never apply equally to different roles, since roles are defined by what we do, and what is the point of laws, except to draw distinctions based on behaviors? So there may be some other argument against anti-discrimination laws, but "symmetry" by itself wouldn't be enough.

A footnote in this chapter of The Big Questions says, "Portions of this chapter are adapted from my earlier book Fair Play." In the margin where I'd been scribbling all of my notes and equations and counterarguments, I wrote, "That's what's wrong with it!"

And yet, as I said, I would probably have paid up to about $200 for the book, based on how much I enjoyed the parts that I did like. At one point Landsburg praises an insight from Daniel Dennett and Douglas Hofstadter and adds, "You should read all their books." Yes, and all of Richard Dawkins's and Malcolm Gladwell's and Steven Pinker's and Dubner's and Levitt's books, for starters. Landsburg himself would probably agree that it's more important to read those books, than this one. But there's time in your life to read The Big Questions as well. It's even structured so you can consume it in bite-sized portions while taking a break from working your way through those other books -- which are, in truth, more valuable, but not as much fun.

You can purchase The Big Questions: Tackling the Problems of Philosophy with Ideas from Mathematics, Economics and Physics from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Of the leading content management systems used by developers for creating websites, Drupal is highly regarded for many characteristics, including a much smaller initial footprint, compared to Joomla and other CMSs. Yet some developers find this a disadvantage as well, because one of the most common criticisms leveled against Drupal is its lack of built-in support for images and multimedia elements — thereby forcing new Drupal developers to choose from the thousands of contributed Drupal modules those that would be optimal for implementing their websites' multimedia functionality. Aaron Winborn's book Drupal Multimedia is intended as a guide to help such developers." Keep reading for the rest of Michael's review. Drupal Multimedia author Aaron Winborn pages 264 publisher Packt Publishing rating 7/10 reviewer Michael J. Ross ISBN 978-1-847194-60-2 summary A guidebook for adding images, videos, and audio content to Drupal sites The book was put out by Packt Publishing on 30 October 2008, under the ISBN 978-1-847194-60-2. On the publisher's book page, visitors can learn more details about the book and its author, purchase the electronic or print editions of the book (or both, at a discount), download the sample source code, send feedback or questions to the publisher, read the book's table of contents, or download a sample chapter for free ("Third Party Video") in PDF format. As with all other Packt Publishing titles, the errata is annoyingly not available directly from the book page; instead the visitor must go to the general Packt Publishing support page, find the title in a lengthy drop-down list box, click a button, and finally click another link (the one that should have been on the book page from the start) — only to have the errata displayed in a pop-up window. Among all the technical book publishers, Packt's procedure for accessing errata is surely the most tedious, and one can only hope it will be improved in the future. As of this writing, only one erratum has been reported. It is listed as being on "page 0," but that instead should read "page 34" (an erratum in an erratum!). Speaking of online resources, one would expect the author's own site to have further information on the book, but there does not appear to be any there.

Drupal Multimedia is a fairly slender volume, at 264 pages, no doubt because it focuses on a limited subject area — implementing multimedia with some key contributed modules — as opposed to most of the recent spate of Drupal books, some of which try to cover every major aspect of the CMS. The material in Aaron Winborn's book is organized into eleven chapters, addressing most if not all of the key topics within the chosen subject area: Drupal basics; images, galleries, and slideshows; image theming and effects; third-party and local video; file management; audio nodes and fields; theming audio; and the future of multimedia in Drupal. The book concludes with a skimpy five-page index, which fails to contain such basic entries as Flash, FLV, SWF, sprites, star ratings, slideshows, and countless others. A robust index is especially critical for any technical book, such as this one, that divides related topics among multiple chapters, and has section and subsection names that in some cases are quite similar to one another and thus could be easily confused.

Because this book is geared more toward programmers new to Drupal, and not well-versed veterans, the first chapter — the second longest in the book — introduces the reader to the core concepts of Drupal (nodes, regions, blocks, themes, and modules — core and contributed) as well as two essential modules (CCK and Views). The explanations do not go into any great detail, but should be enough to give any Drupal newbie a head start. Nonetheless, readers may be confused by the screenshots on pages 16 through 19, which appear to be from Drupal 5. Also, the brief coverage of views arguments is inadequate, and needs to be beefed to be useful later in the book. For creating a new theme, the author advises copying wholesale an existing theme; instead, a sub-theme is a much better approach. Chapter 1 wraps up with a discussion of some basic concepts in Drupal theming, which makes puzzling the title of the section, "Advanced Theming." Speaking of themes, readers should note that when the author refers to "theming" an image or video, he means making the uploaded file display as content on the node's page (and not just exist as an attachment to that node).

For many programmers new to Drupal, the first hurdle they encounter is how to add an image to the content of a page or story — a seemingly trivial task that is built into most major CMSs — without writing HTML and hard coding the path of an image file they FTP-ed to the server. Drupal version 6 and presumably all prior versions, do not have native support for uploading and embedding in-line images. In his second chapter, the author explains how one can create image galleries, teaser thumbnails, and images embedded in content. However, in the discussion on page 45, some details are incorrect, such as the label for the "Save" button (three times) and the presence of the galleries drop-down list. Readers will undoubtedly be confused by two additional inaccuracies: There is no Navigation menu item for displaying the "image galleries" created by default, because initially the image_gallery view has no menu assigned in the Gallery page settings. Secondly, the gallery description is not shown on the gallery page; in fact, it is not even listed as an available view field. The section titled "Image Gallery Settings" suggests that the author may have been using an older version of the Image module. But this probably does not explain the erroneous statement on page 56, that "image nodes created with Image attach will automatically be marked as not published." The chapter concludes with an explanation of how to embed an image in content, using manually inserted image tags, or the ImageAssist module, optionally supplemented with a WYSIWYG HTML editor, such as TinyMCE. The fourth chapter looks at how to theme images, and discusses — it greatly varying levels of detail — style overriding, the Firebug Firefox extension, the Theme Developer module, image nodes, image-based rollover menus, sprites, light boxes, star ratings, slideshows, and various special effects: drop shadows, magnification, and watermarks.

The subsequent chapter — oddly titled "Developing for Images" — extends the discussion by showing how to insert images as fields utilizing ImageField and several supporting modules. One of those modules is referred to as "FileField Tokens" (page 70), but there is no such module; the author probably meant ImageField Tokens. Also extending the previously noted problem of non-Drupal 6 content, is the screenshot for "Display fields," on page 83, as well as the narrative, which appear to be pre-version 6. The latter half of the chapter delves into how to create galleries and slideshows (using views), user pictures, and images associated with taxonomy terms.

With Chapters 5 and 6, the author shifts attention to what is perhaps the second most commonly used type of multimedia on websites nowadays — video — with the former of those chapters devoted to third-party videos (such as content hosted on YouTube), while the latter chapter is devoted to "local video" (local in the sense of hosted on one's own remote Web server — not one's local development machine). The author demonstrates how to utilize a YouTube-hosted video, first using core Drupal modules only, then using the Embedded Video Field module. For using local video files, the author shows how to use the FileField module so the user can upload QuickTime video files. Unfortunately, the instructions on page 146 may prove confusing to beginners, since it is not entirely clear as to whether the later, more-detailed paragraphs are repeating earlier instructions, or specifying something new. More significantly, the use of the FileField module necessitates writing theme PHP code, just to have the video display on the page — which less technical readers may not feel comfortable attempting on their sites. The second part of the chapter may be more useful to the typical reader, because it covers how to embed Flash videos, a more popular format. The author advocates the use of the jQuery Media module (which he created) in conjunction with the jQ module. Unfortunately for the reader, the details of implementing this approach are glossed over at the end of the chapter, with only meager instructions ("... add .node .content a to the classes."), and without any illustrative example. No explanation is provided as to why this particular JavaScript-dependent solution is recommended, as opposed to a more straightforward one, such as the Flash Node module — which is far less problematic for FLV files. (By the way, the author states that he and some other developers are creating a fully GPL media player module and that there is a development version available of this Media Player module. But there is no such version on that page, and the situation may never change, because the project appears to have fizzled in August 2008, judging by the comments on the Drupal.org site and the author's site.)

In written tutorials, videocasts, and other discussions of Drupal multimedia, one important area that is often neglected is asset management. This includes such seemingly mundane matters as where in a Drupal site's file system one should place plug-in files and even the uploaded multimedia files themselves. A more far-reaching topic is how to best associate multimedia assets with nodes so they can be accessed by various modules — for instance, as stand-alone content types versus CCK fields. Chapter 7 examines some of these topics, first discussing how to create and theme nodes whose associated videos can be used elsewhere on a site, such as in a gallery — using the Embedded Media Field and Node Reference modules. However, some readers may become frustrated because a couple critical steps are skipped, and, even worse, no guidance is provided as to how to make the video show up on a node reference content page, or what content provider selection to use (since "Local" is not an option). Next the author considers how to set access to videos by user role — using the Asset module. Unfortunately, the reader is apparently not shown how to do anything useful with video content uploaded and managed using the Asset module, including the scenario proposed at the beginning of the section. (Incidentally, one might assume that the author's solution would use the Asset Embedded Media submodule, but it is not compatible with the latest version of Drupal 6.) The Media Mover module, and its many submodules, offer an alternate method of video asset management, and the author shows how to e-mail a video from a mobile phone, to be automatically attached to a new blog post. The chapter concludes with a brief look at Kaltura, an open-source platform for storing and editing multimedia.

Some Web developers and end-users may consider online audio as the poor cousin of video. In truth, audio-only content plays a key role in many Web applications — from podcasts embedded in RSS feeds, to sample tracks on music sellers' websites. The subsequent three chapters of the book are devoted to managing audio content within Drupal using several resources and solutions — specifically, the Audio, getID3, FileField, jQuery Media, Embedded Media Field, XSPF Playlist, and Views modules

In the last chapter, titled "The Future of Drupal Multimedia," the author speculates as to what media-related capabilities he thinks we will likely find in Drupal 7 and beyond — such as native file handling (via hook_file) and multimedia support in core Drupal, the merging or deprecation of non-FileField modules, dissociation of data from nodes, improved module interfaces and usability, embeddable widgets (for data distribution), semantic multimedia (microformats, RDF, and taxonomy-powered tagging), mobile Web access, virtual reality (such as Second Life), tactile and olfactory media, and motion sensing (such as the Wii Remote controller).

One laudable feature of this book is the inclusion of numerous screenshots, which can be quite reassuring to a reader getting lost in the technical minutia of any particular recipe. Also helpful is the manner in which the author, for the most part, keeps the reader informed as to all configuration settings — and where to find them within the Drupal administration interface — that the reader must or may want to modify, depending on his or her needs. Technical books that fail to do this can be extremely frustrating to anyone trying to learn a nontrivial technology.

Yet there are some major flaws with the book: Far too much of the material suggests that the author was using Drupal 5. Aside from the screenshots mentioned earlier, sections of the text point in that direction, such as the statement, "The multiple image issue might be taken care of by Drupal 6" (page 56). Fortunately, none of these gaffes prevent the reader from learning how to perform the tasks using version 6. The second and more important flaw is the poor coverage of Flash content, as detailed above. A follow-up edition to the book, in which all of these problems are resolved, would be most welcome and valuable.

A revision would also be an opportunity to fix the grammatical errors that should have been caught in the proofreading process. For instance, the fourth complete sentence on page 11, is missing a verb. Errata include "Autrhor" (credits page), "you [have] learned" (page 2), ". you'll" (page 2), a ")" without a "(" to match it (page 17), "isin" (page 31), "it [is] installed" (page 32), "provide files" (page 33; should instead read "provide functions"), "hierarchal" (page 46), "formated" (page 57), "[the] FTP" (page 75), "menu — By" (page 117), "going a view" (page 119), "quicktime" (page 146), and "[Submit] Audio" (page 179). In addition, there are eight pairs of adjacent words missing their separating spaces — five on page 159, and three more on page 174.

As seen in many other Packt Publishing titles, this one contains excessive usage of inappropriate title case (e.g., several on page 8 and 9 alone), though occasionally title case is neglected (e.g., "Image attach" throughout the book). In addition, some of the phrasing is rather awkward, which may pose no barrier to a reader who already understands the particular idea being discussed in the text, but could prove a real detriment to anyone unfamiliar with that idea. For instance, on page 36, the author states that "Often you may wish to override a theme that is not provided as a file in the default theme." But no theme is contained within a single file, and one does not override themes anyway; rather, one can disable a theme, or modify a copy of it, or create a variation as a sub-theme.

Yet overall, this book's strengths outweigh its weaknesses. For Drupal developers who wish to add image, audio, and video content to their sites, Drupal Multimedia is a useful resource with which to begin.

Michael J. Ross is a freelance Web developer and writer.

You can purchase Drupal Multimedia from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

1sockchuck writes "Amazon Web Services has added a relational database service to host MySQL databases in the cloud, and is also dropping prices on its Amazon EC2 compute service by as much as 15 percent. Amazon says the new service lets users focus on development rather than maintenance, but it will probably be bad news for startups offering database services built atop Amazon's cloud. Cloud Avenue warns that Amazon RDS should serve as 'a warning bell for the companies that build their entire business on Amazon ecosystem. ... They are just one announcement away from complete destruction.' Data Center Knowledge has a roundup of analysis and commentary on Amazon RDS and its impact on the cloud ecosystem."

The Rat Race Trap blog has a look at one aspect of the irrational decision-making process humans employ, based on the book Predictably Irrational by Dan Ariely. "Professor Ariely describes some experiments which demonstrated something he calls 'arbitrary coherence.' Basically it means that once you contemplate a decision or actually make a decision, it will heavily influence your subsequent decisions. That's the coherence part. Your brain will try to keep your decisions consistent with previous decisions you have made. I've read about that many times before, but what was surprising in this book was the the 'arbitrary' part. ... [In an experiment] the fact that the students contemplated a decision at a completely arbitrary price, the last two digits of their social security number, very heavily influenced what they were willing to pay for the product. The students denied that the anchor influenced them, but the data shows something totally different. Correlations ranged from 0.33 to 0.52. Those are extremely significant."

stoolpigeon writes "Google's mobile OS Android has received plenty of press. As with a lot of Google products, there was much anticipation before any devices were even available. Now a number of phones are available, with many more coming out world-wide in the near future. Part of the lure of Android is the openness of the platform and the freely available tools for development. The SDK and accompanying Eclipse plug-in give the would be creator of the next great Android application everything they need to make their idea reality. The bar to entry in the official Google Android Marketplace is very low and it doesn't seem to be much of a stretch to predict that the number of developers working on Android is only going to grow. As with any hot technology the number of books will grow as well and O'Reilly's Android Application Development has jumped into the fray, promising to help budding Android developers what they need to get started." Read on for the rest of JR's review. Android Application Development: Programming with the Google SDK author Rick Rogers, John Lombardo, Zigurd Mednieks, Blake Meike pages 332 publisher O'Reilly Media Inc. rating 7/10 reviewer JR Peck ISBN 978-0-596-52147-9 summary Programming with the Google SDK. The book begins with a brief introduction to Android followed by detailed instructions on procuring and installing the Android SDK. Space is given to Windows, Linux and Mac. The install is relatively simple on all three platforms, extra information is provided for Ubuntu users but no others distributions. Extra care is taken to help Windows users with items they may not use regularly, such as environmental variables. This is all pretty basic and gives the book very much of a 'for beginners' feel. Before I had the book I had already installed the SDK and Eclipse plug-in on Windows, Ubuntu and Fedora without any issues beyond getting a current version of Eclipse for the Ubuntu machine. The version I already had from the Ubuntu repositories was not able to run the plug-in. It's a short chapter and if someone really struggles with it, they probably should shift their focus from learning to code to learning how to use their platform of choice. This does set the tone though, that this is a book for those who are very new to development.

Chapter two steps the reader through the ever present "Hello World" and gives an overview of the structure of Android applications. Chapter three introduces the example application that will be used for the rest of the book. There is a lot of repetition here on just what directories and files make up the guts of an Android program. I was quickly worried ( the first four chapters are only fifty-six pages in ) that maybe four authors had been too many. The repetition made it feel as if separate work had been combined without enough editing to remove what was redundant. Fortunately this got better, though there was still a strange proclivity to list files while referring to earlier chapters that explained their purpose. This would be helpful to anyone jumping right into the middle of the book, but the index also serves the same purpose and saves space for more valuable content, as opposed to explaining the purpose of AndroidManifest.xml repeatedly.

Once I moved into the fifth chapter, Debugging Android Applications and the following chapters, things got better. The pace picked up and the repetition dropped off for the most part. The book did not become incredibly difficult, trying to be everything to everyone, but did maintain an introductory style. At the same time the example application makes use of many Android features that are likely to be used by developers. How to set up and use tools was covered step by step. This is very nice but did cause some issues for the authors due to the rapid pace of development on Android. A visit to the book's errata page will show that many readers struggled with changes to the SDK tool set that came out very shortly after the book. The authors say that future editions will fix these issues, but this creates a dilemma for that reader needing introductory level materials. They are more dependent upon the book than a more advanced user and so these issues can be very trying. Based on the responses to the errata posts it became trying for the authors as well. This isn't a knock on the book itself but rather a limitation of the delivery method.

Once the reader is digging down into the example application the team approach to writing the book does become an asset. The authors bring a number of skills to the table that closely resemble the players that would be necessary to a team developing a real-world application. The reader is now being pulled into an example that benefits from the knowledge of each and does a good job of exploring the range of options an Android developer has available. This includes core functionality, UI options and how to best take advantage of the platform while at the same time taking performance and user expectations into account. I felt like I was getting something beyond the excellent documentation provided by Google. This is where I felt the book stood strongest.

Working with a single, large example application was a move that probably helped move things along on writing the book and I think it's an interesting approach. The problem is of course, that means that this example must be right. Right for the task and technically correct. Small issues in the code are inevitable but now their impact is book wide. The changes to the platform just made it just that much more difficult to sort out. On the whole I still found this to be a better approach primarily due to the fact that it gives the features highlighted a better sense of context. Stand-alone examples are often good at highlighting technical features but completely ignore the issues necessary to using the feature in a larger piece of code.

I'm a fan of O'Reilly books. Interestingly enough this doesn't mean that I'll gloss over issues with what they produce. The result is actually the inverse, in that I go into all their titles with a high level of expectation with regards to quality on every level. This may mean that though I strive to be neutral when I look at a book, I'm probably a little tougher on O'Reilly titles. This made my rough start with Android Application Development a bit jarring. The repetition and what felt like sloppy editing are not what I expect. I was quickly given a sense that this book may have been rushed to publication a little sooner than it should have been. As I moved deeper into the book, things improved and while I think there were still editorial issues, things did seem to smooth out to some degree.

There is an interesting tension that exists purely do to the nature of print books. I don't like to bring up print versus electronic in reviews as I don't think it is on topic, but here it is unavoidable. The book is aimed at people that need a little more hand holding and help getting going. It does a good job of providing step by step instructions, the problem is that some of those steps have changed. I don't think anything in the code itself needs to be different, but the tools have changed enough that getting the code to run in a development environment against the new SDK is different. That means that portion of the book is no longer of as much value without going to other sources to find the new steps.

That said, warts and all I found this to be a helpful way to get my feet wet with Android. I really look forward to future versions as I think just a little more time and work will move this from my 'good' list to my 'great' list. Making things a little tighter and cleaning up the few typos and errors would certainly make this an 8 instead of an 7, which is really substantial in my mind. I'm no super developer and I need stuff like this, that can take things a little more slowly and make it all clear. I think this guide is great for those of us in that category as long as the reader is o.k. with hopping to external sources for the information they'll need to get the newer tool set working.

You can purchase Android Application Development: Programming with the Google SDK from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "Rich Internet Applications (RIA) have often been associated with some type of sandbox or virtual machine environment to make desktop features available via the web. Many applications though, have left behind the restrictions and demands of those technologies, implementing RIAs as pure web interfaces. One key technology in this area is JavaScript. It's been well documented that working with JavaScript can be problematic across various browsers. In response a number of JavaScript libraries have been created to alleviate the issues in dealing with different browsers, allowing developers to focus on application logic rather than platform concerns. One such library, focused on providing tools for building RIAs is Ext JS. For the aspiring developer looking to use Ext JS, Packt provides a guide to the library in the form of Learning Ext JS." Read on for the rest of JR's review. Learning Ext JS author Shea Frederick, Colin Ramsay, Steve 'Cutter' Blades pages 309 publisher Packt Publishing rating 8/10 reviewer JR Peck ISBN 978-1-847195-14-2 summary Build dynamic, desktop-style user interfaces for your data-driven web applications. The book is written for people with experience in doing web development. The authors state that a working knowledge of HTML and CSS are important, but experience with JavaScript is not essential. I think that a reader that has not used JavaScript may want to supplement this guide with something that covers the basics of JS. Experienced developers that haven't worked specifically with web programming should have no trouble keeping up. Anyone completely new to the idea of programming, scripting, markup, etc. really will need to take some time to get familiar with those concepts before they dive into this book. The authors do not spend time teaching programming, they are focused purely on realistic applications of Ext JS.

The authors begin by stating that, "Ext is not just another JavaScript library..." and it is understandable that they would feel this way. I am unsure why one wouldn't think so other than a personal preference for the product. That said Ext JS can be used alongside other JS libraries and does provide a lot of features 'out of the box' that make it an attractive choice. The emphasis on RIA widgets and building strong applications is nice as Ext JS is not working to be all things to all developers.

The book is heavy on code and examples but not so much so that it falls into the cook-book style of writing. Learning Ext JS is more of an extended tutorial with ample explanation to help the reader not only understand the code but why certain choices are made. Frederick, Ramsay and Blades have done a good job of working through the examples in a concise manner. While the book is the result of group work, it does not have the feeling of being written by a community. I did not run into an abundance of repetition and topics flowed well. Learning Ext JS also covers installation and integration of the library as well as a very quick survey of tools for development. While short these sections would be extremely important to anyone coming into web development with little experience.

It's a quick read, and doesn't delve extremely deeply into more advanced topics. Rather, a reader new to Ext JS will get a launch that should make the library usable in a practical way and also give them the framework to push deeper. The book was written and published just as Ext JS moved between versions. The new version is backwards compatible with the material in this book and a number of the changes in version three would not have fallen within the scope of this book, so it is still a good place to get started with Ext JS. Those who want to dig deeper will need to look elsewhere.

The brevity of the book wont work for those folks who want to really dig down deep into Ext JS. I on the other hand, wasn't looking for a massive tome to lug around and grind through. I was happy to have a very accessible tool that would get me started quickly and that is what I got. On the other hand I do like to be able to find what I need quickly and nothing is more important to me when learning than a solid index. Unfortunately the only really large ding I have for the book is that the index is weak. It would be a lot worse if the book were larger, so the brevity helps here a bit, but it's still unfortunate. This does make the ebook version a little more attractive. Packt will bundle them at a cost that makes the addition of the electronic copy very attractive. That said, the easy flow does it make it easy to read this book front to back while working the examples. Learning Ext JS just wont be my first choice when I need to quickly check a reference.

I've discussed the shallow coverage, but this does not mean that the book is not useful. The Ext JS library bundles enough functionality into the stock widgets, that decent applications could be written with nothing more. Creating custom widgets is covered and extending existing code as well, but this is later in the book. The material prior to that covers not only the use of the provided widgets but how to tie them together, theme an app and then handling data. This means the reader pretty much has everything in hand to build a stock application. The focus is on dealing with these issues on the client side. The examples do include a small amount of back end code when necessary for the execution of examples. All the examples are available to download from the Packt site and come packaged with all necessary scripts, images, etc.

I've always worked primarily with desktop applications. I've done some work with web applications, but it seems to me that increasingly the tools that I use the most are web based. With technology like Google Gears making those applications available whether I'm connected or not they have become much more attractive. Tools like Ext JS make it much easier for me to transition over to this new way of developing applications. I've found that Learning Ext JS has been a valuable resource in taking what is a great resource and allowing me to get the most out of it more rapidly than I would have otherwise.

You can purchase Learning Ext JS from amazon.com . Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

CWmike writes "Apple missed a golden opportunity to lock down Snow Leopard when it again failed to implement fully a security technology that Microsoft perfected nearly three years ago in Windows Vista, noted Mac researcher Charlie Miller said today. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus makes it harder for them to craft reliable exploits. 'Apple didn't change anything,' said Miller, of Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive 'Pwn2own' hacker contests. 'It's the exact same ASLR as in Leopard, which means it's not very good.'"

stoolpigeon writes "The popularity of web site Will It Blend? is indicative of how people enjoy mashing things together. Of course this kind of sharing and combining has been going on in the arts for quite some time. The new Lev Grossman novel, The Magicians asks 'will it blend?' of two rather popular fantasy series, J.K. Rowling's world of Harry Potter and the tales of Narnia from C.S. Lewis. Grossman's thoughts on both are tossed on top and then the author begins to play a symphony across the full range of buttons from stir to liquefy. What comes out is not children's fantasy but at times a rather bitter mix." Keep reading for the rest of JR's review. The Magicians author Lev Grossman pages 402 publisher Viking rating 7/10 reviewer JR Peck ISBN 978-0-670-020550-3 summary Boy feels socially akward...boy discovers he's magical...boy gets into private magical school. Grossman is an author and critic for Time and has written for a number of high-profile magazines. He is a talented writer and handles his story telling with skill. His characters have depth and this story takes on a very gritty sense of reality, something that is not often found in fantasy. I was impressed with his writing, yet at the same time I was torn with how I felt about the book. I found it to be compelling and at the same time difficult. It took me a few weeks to process the whole thing and get an idea of why the book impacted me the way that it did. I'm going to lay that all out now, but I have to say that when reviewing fiction I work very hard to avoid discussing plot. In this case, it will be impossible to some extent. I don't think I'm going to give away anything that the promotional material doesn't make pretty obvious, but anyone who wants to go into this book knowing as little as possible should stop reading now.

The protagonist, Quentin Coldwater, is a nerd. He's an academic over-achiever living a life of privilege, set on a path of success. He's also extremely unhappy, feeling disconnected from the rest of the world. He struggles with his inability to connect with others and the meaninglessness of life. He has sought out and found some respite in the fantasy world of Fillory, a magical land created and explored in the books of an American author that lived in England. At the start of The Magicians Quentin in on his way to an interview as part of the admissions process for Princeton. But this does not end up as another normal day for Quentin. Rather than his ultimate destination, Princeton, Quentin ends up at Brakebills. Brakebills is a university in upstate New York where students learn magic.

While Hogwarts was not the first literary school of magic, it is the model Grossman has in mind and he is very up front about that fact. The students take part in a magical game called Welters. At one point a team member of Quentin's, Josh, is absent at the start of a match. Quentin hunts him down and the following interaction takes place between the two of them.

Josh stood up. He saluted smartly. "Send me an owl."

"Come on, they're waiting for us. Fogg is freezing his ass off."

"Good for him. Too much ass on that man anyway."

Quentin got Josh out of the library and heading toward the rear of the House, though he was moving slowly with a worrying tendency to lurch into door frames and occasionally into Quentin.

He did an abrupt about-face.

"Hang on," he said. "Gotta get my quidditch costume. I mean uniform. I mean welters."

"We don't have uniforms."

"I know that, " Josh snapped. "I'm drunk, I'm not delusional. I still need my winter coat."

This sliver does a lot to reveal the similarities and differences. Brakebills is very much like Hogwarts in external ways, and completely different in substance. The school is for adults, not children and the life that Grossman portrays is much more in line with reality than fantasy. This is not a book to pick up for a young child. This story contains profanity, sexual content, graphic violence, as well as alcohol and drug abuse. This is where I ran into my first issue with The Magicians. I'll get to that shortly, but first I'd like to finish laying out what the book involves.

Not all of Brakebills is lifted straight from Hogwarts, though I don't think the reader with much experience in reading fantasy will find anything that could really be called new. What there is, as I have mentioned, is very well done. Grossman builds up to moments of palpable tension. He pulls the reader into the life of Quentin and shows real finesse at times. His characters very much come alive, in their brief moments of joy and in their many moments of pain, frustration and loss. Anyone who has felt the hurt of being outside, dealing with the cruelty of others or a general questioning of meaning will be able to relate well to the protagonist.

Eventually school is over and the students graduate. And here is the turn that I think the promotional material makes obvious but some may not want to know about going into reading the book. The second section of the story begins as Quentin and his fellow Brakebills alumni find out that Fillory is real. They immediately prepare to set out on an expedition to the land they've loved since childhood. That Fillory is better spelled N-a-r-n-i-a is just as obvious as the connection to Rowling's work. Quentin and company enter Fillory using magic buttons that take them to an intermediary world of fountains. Jumping into each fountain takes a person to a different world. They have to take care to jump into the correct pool at the base of the fountain that will take them to Fillory. Fillory is a land of talking beasts and magical creatures.

So what sets The Magicians apart from lesser books that lift heavily from other works? Why is The Magicians a strong story while something like Eragon is a weak rip-off? I think it boils down to two elements. First is Grossman's strong writing. Even if this were just a big piece of fan fiction, it would be well written fan fiction. Secondly, this isn't just an homage to the work of others. While Grossman has lifted the settings and externals, the substance is completely different often to the point of taking a position that is completely antithetical to the original work.

My first problem, which I tie to the very adult content is wrapped up in why I read fantasy. I read fantasy on many levels as a form of escape, much like Grossman's character Quentin did. Much of the fantasy I've read is not only fantasy but it is written for children. At the bottom of it all there is no real risk or fear. I read with anticipation, not of an outcome but rather how that outcome will be worked out by the author. There is often death or treachery but it takes on a fairy tale like quality. It does not feel real or cruel but rather cartoonish. Grossman completely jettisons any of this kind of approach. He tackles the safety of these children's tales and eviscerates it. The violence in The Magicians is not cartoonish, it is often cruel even sadistic. There's not much in the way of escapism here. What Quentin finds is that magic doesn't change the basic underlying facts of life, not even traveling to another world does this. This is combined with the fact that much of Grossman's realism includes behavior and speech that isn't something that I would consider normal or appropriate. It may be for others but this isn't a book I would feel comfortable recommending to friends or family.

Then there is my second issue. I've read that Pullman's His Dark Materials trilogy is intended to be a type of anti-Narnia. Well Grossman doesn't just create an alternative world that is contrary to Narnia. He destroys Narnia from the inside. And this caused issues for me in both sections of the book at times. Not because of ideological difficulties with what Grossman puts forward but because it would frequently push me outside the story as it felt like Grossman would move from telling his own story to commenting on the story of another. It isn't that what he has to say about the other stories isn't interesting and that he doesn't bring up intriguing issues and criticisms of both, but rather that it jarred me out of the narrative as the story became more a work of exposition. Something like the flashbacks to History and Moral Philosophy class that fill so much of Starship Troopers. The author shows his hand, that he is more interested in making a point than telling a story.

The fact that a major component of the book is polemic in nature means much of the discussion around the book will not be about plot or setting but rather about the argument the author sets forth. I don't agree with Grossman's premise or conclusions but I do admire how well he states his case throughout the entire book, not only in those portions that might feel a bit preachy. I've read in an interview Grossman did about The Magicians that he feels that Rowling lets her characters solve their problems, rather than resting on divine intervention like the characters of Lewis's works. This is reflected in how he handles the world of each, though I would argue that this is not the case, especially in light of how Rowling's series ended. I think it does explain why he is so much rougher on Lewis.

Anyone looking for a dark story that questions the assumptions and underlying principles of those that are not so dark should really enjoy this book. Any parent that picks it up for their young one because they hear it compared to Harry Potter is in for a rude surprise. Those looking for a fun little escape from the real world wont find it here, though things are so grim at times they may find the real world a bit of a relief after the weight of Grossman's. The Magicians held my attention and I was impressed with Grossman's ability, unfortunately at the same time I was a bit disappointed with how he used that ability. With something this subjective your mileage may vary, and since release The Magicians has hit number nine on the New York Times best sellers list.

Viking set up a number of web sites to support the release of The Magicians. This is not so much about the book itself but will be of interest to readers and I think is an interesting development for book lovers in general. There are four sites TheMagiciansBook.com is a normal promotional site with information on the book. ChristopherPlover.com brings to life the fictional author of the Fillory books. Brakebills of course has a site, obfuscated just like the school itself. Finally there is Embers Tomb a wealth of Fillory related information. The Fillory and Plover sites come across as very genuine and will probably snag a reader or two into some level of confusion. The Brakebills site is a bit too over the top to be taken seriously but then again, with real news sites quoting The Onion and the occasional uproar I see over humor sites like Objective Ministries there probably will be some who think it is a real school.

You can purchase The Magicians from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Vladimir Sedach writes "Aside from authoring narrowly focused technical books, teaching university courses, or mentoring others in the workplace, programmers don't often get a chance to pass on the knowledge of the practise of programming as a profession. Peter Seibel's Coders at Work takes fifteen world-class programmers and distills their wisdom into a book of interviews with each of them." Keep reading for Vladimir's review. Coders at Work author Peter Seibel pages 632 publisher Apress rating 8 reviewer Vladimir Sedach ISBN 978-1430219484 summary How the best programmers in the world do their job The list of coders interviewed includes some geek household names like Donald Knuth and jwz, but also some not so well-known ones such as Bernie Cosell (one of the programmers behind the ARPANET IMP, the first Internet router) and Fran Allen (compiler pioneer). The full list of people interviewed is available on the book's website. The eras embodied by the interviewees range from the very beginnings of software as we know it today, to the heyday of the Internet boom, when people like Brad Fitzpatrick made their mark.

Seibel himself is a coder and author (having the well-received Practical Common Lisp under his belt). It is then no surprise that the interviews are packed with technical details, which (with one exception, explained below) restricts the intended audience of the book to those already familiar with programming.

Coders at Work manages to communicate the wisdom of programmers of bygone eras, while simultaneously being heavily colored by very contemporary issues. JavaScript, its consequences and its discontents, is a topic recurring throughout the book. More than just a recounting of history, Coders at Work should inspire readers to learn about the wider context of their craft and stop the reinvention of the proverbial wheel decried by several of the interviewees in its pages.

Given the related subject matter, the people interviewed in Coders at Work who played a role in creating major programming languages (Armstrong, Eich, and Steele), and close publication dates of the two books, inevitable comparisons will be drawn between Coders at Work and Federico Biancuzzi and Shane Warden's Masterminds of Programming (I previously reviewed Masterminds of Programming on my blog). There is a lot of common ground between the two books in terms of technical areas covered, but Coders at Work clearly comes out on top.

Part of the reason has to do with the fact that Seibel's choice of interviewees is stellar. Masterminds of Programming's niche focus on programming language designers meant that its authors had a tougher job than Seibel, but details like the omission of Alan Kay (creator of Smalltalk and one of the most influential programming language designers in the field's history) from Masterminds are nothing short of dumbfounding.

Just as important to making Coders at Work a good book is the fact that Seibel is a great interviewer. Seibel's questions felt more open-ended than those in Masterminds, and the resulting interviews have a flow and narrative that makes them engrossing to read and gives the programmers interviewed a chance to explore details in-depth.

A refreshing aspect of Coders at Work are the interviewees who don't shy away from strong opinions or humor, as shown in this remark by Peter Deutsch, "I think Larry Wall has a lot of nerve talking about language design--Perl is an abomination as a language." One aspect where Coders unintentionally shines is as a guide to finding and hiring programming talent. Even non-technical managers will benefit greatly by reading those excerpts of the interviews concerned with hiring programmers.

Another unexpected aspect of the book is the breadth of topics discussed — everything from debugging machine code to women's issues in computing workplace and education.

One area where Coders could stand improvement is in its length. Not all of the coders interviewed possessed the gift of brevity, and many interview answers could have been edited to reduce their length without affecting the message.

In her interview, Fran Allen makes an interesting assertion — programming and computer science need to become more socially relevant. Other scientific and engineering fields are filled with well-known personalities, described in prominent interviews, biographies, and major Hollywood films. The only "software people" to appear in the public spotlight are the CEOs of major software firms. Ultimately, its role in helping programming assert its status as a socially relevant profession may be the most important contribution of Coders at Work.

You can purchase Coders at Work from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is an interesting and thought-provoking book. Ultimately, the state of information security can be summed up in the book's final three sentences, in which John Viega writes that 'real, timely improvement is possible, but it requires people to care a lot more [about security] than they do. I'm not sure that's going to happen anytime soon. But I hope it does.'" Read on for the rest of Ben's review. The Myths of Security: What the Computer Security Industry Doesn't Want You to Know author John Viega pages 260 publisher O'Reilly Media rating 8 reviewer Ben Rothke ISBN 978-0596523022 summary A contrarian provides an interesting look at the information security industry The reality is that while security evangelists such as Viega write valuable books such as this, it is for the most part falling on deaf ears. Most people don't understand computer security and its risks, and therefore places themselves and the systems they are working in danger. Malware finds computers to load on, often in part to users who are oblivious to the many threats.

Much of the book is made up of Viega's often contrarian views of the security industry. With so much hype abound, many of the often skeptical views he writes about, show what many may perceive are information security truths, are indeed security myths.

From the title of the book, one might think that there is indeed a conspiracy in the computer security industry to keep users dumb and insecure. But as the author notes in chapter 45 — An Open Security Industry, the various players in the computer security industry all work in their own fiefdoms. This is especially true when it comes to anti-virus, with each vendor to a degree reinventing the anti-virus wheel. The chapter shows how sharing amongst these companies is heavily needed. With that, the book's title of What the Computer Security Industry Doesn't Want You to Know is clearly meant to be provocative, but not true-life.

The book is made up of 48 chapters, on various so called myths. Most of the chapter are 2-3 pages in length and tackle each of these myths. The range of topics covers the entire security industry, with topics spanning from various security technologies, issues, risks, and people.

While not every chapter is a myth per se, many are. Perhaps the most evocative of the security myth is chapters 10 — Four Minutes to Infection and chapter 22 — Do Antivirus Vendors Write their own Viruses?. But the bulk of the book is not about myths per se, rather an overview of the state of information security, and why it is in such a state.

In chapter 16, The Cult of Schneier [full disclosure — Bruce Schneier and I work for the same company], Viega takes Schneier to task for the fact that many people are using his book Applied Cryptography, even though it has not been updated in over a decade. It is not fair to blame him for that. While Viega admits that he holds Schneier in high esteem, the chapter reads like the author is somehow jealous of Schneier's security rock star status.

Chapter 18 is on the topic of security snake oil, ironically a topic Schneier has long been at the forefront of. The chapter gives the reader sage advice that it is important to do their homework on security products you buy and to make sure you have at least a high-level understanding of the technical merits and drawbacks of the security product at hand. The problem though is that the vast majority of end-users clearly don't have the technical wherewithal to do that. It is precisely that scenario that gives rise to far too many security snake-oil vendors.

Perhaps the best chapter in the book, and the one to likely get the most comments, is chapter 24 — Open Source Security: A Red Herring. Viega takes on Eric Raymond's theory of open source security that "given enough eyeballs, all bugs are shallow." Viega notes that a large challenge with security and open source is that a lot of the things that make for secure systems are not well defined. Viega closes with the argument that one can argue open versus closed source forever, but there isn't strong evidence to suggest that it is the right question to be asking in the first place.

Overall, The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is good introduction to information security. While well-written and though provoking, the book may be too conceptual and unstructured for an average end-user, and too basic for many experienced information security professionals. But for those that are interested, the book covers the entire gamut of the information security, and the reader, either security pro or novice, comes out much better informed.

While the author makes it clear he works for McAfee, and at times takes the company to task; the book references McAfee far too many times. At times the book seems like it is an advertisement for the company.

Viega does give interesting and often entertaining overviews of what we often take for granted. Some of the books arguments are debatable, but many more are a refreshing look at the dynamic information security industry. Viega has sat down and written his observations of what it going on. They are worth perusing, and the book is definitely worth reading.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know .

You can purchase The Myths of Security: What the Computer Security Industry Doesn't Want You to Know from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is an interesting and thought-provoking book. Ultimately, the state of information security can be summed up in the book's final three sentences, in which John Viega writes that 'real, timely improvement is possible, but it requires people to care a lot more [about security] than they do. I'm not sure that's going to happen anytime soon. But I hope it does.'" Read on for the rest of Ben's review. The Myths of Security: What the Computer Security Industry Doesn't Want You to Know author John Viega pages 260 publisher O'Reilly Media rating 8 reviewer Ben Rothke ISBN 978-0596523022 summary A contrarian provides an interesting look at the information security industry The reality is that while security evangelists such as Viega write valuable books such as this, it is for the most part falling on deaf ears. Most people don't understand computer security and its risks, and therefore places themselves and the systems they are working in danger. Malware finds computers to load on, often in part to users who are oblivious to the many threats.

Much of the book is made up of Viega's often contrarian views of the security industry. With so much hype abound, many of the often skeptical views he writes about, show what many may perceive are information security truths, are indeed security myths.

From the title of the book, one might think that there is indeed a conspiracy in the computer security industry to keep users dumb and insecure. But as the author notes in chapter 45 — An Open Security Industry, the various players in the computer security industry all work in their own fiefdoms. This is especially true when it comes to anti-virus, with each vendor to a degree reinventing the anti-virus wheel. The chapter shows how sharing amongst these companies is heavily needed. With that, the book's title of What the Computer Security Industry Doesn't Want You to Know is clearly meant to be provocative, but not true-life.

The book is made up of 48 chapters, on various so called myths. Most of the chapter are 2-3 pages in length and tackle each of these myths. The range of topics covers the entire security industry, with topics spanning from various security technologies, issues, risks, and people.

While not every chapter is a myth per se, many are. Perhaps the most evocative of the security myth is chapters 10 — Four Minutes to Infection and chapter 22 — Do Antivirus Vendors Write their own Viruses?. But the bulk of the book is not about myths per se, rather an overview of the state of information security, and why it is in such a state.

In chapter 16, The Cult of Schneier [full disclosure — Bruce Schneier and I work for the same company], Viega takes Schneier to task for the fact that many people are using his book Applied Cryptography, even though it has not been updated in over a decade. It is not fair to blame him for that. While Viega admits that he holds Schneier in high esteem, the chapter reads like the author is somehow jealous of Schneier's security rock star status.

Chapter 18 is on the topic of security snake oil, ironically a topic Schneier has long been at the forefront of. The chapter gives the reader sage advice that it is important to do their homework on security products you buy and to make sure you have at least a high-level understanding of the technical merits and drawbacks of the security product at hand. The problem though is that the vast majority of end-users clearly don't have the technical wherewithal to do that. It is precisely that scenario that gives rise to far too many security snake-oil vendors.

Perhaps the best chapter in the book, and the one to likely get the most comments, is chapter 24 — Open Source Security: A Red Herring. Viega takes on Eric Raymond's theory of open source security that "given enough eyeballs, all bugs are shallow." Viega notes that a large challenge with security and open source is that a lot of the things that make for secure systems are not well defined. Viega closes with the argument that one can argue open versus closed source forever, but there isn't strong evidence to suggest that it is the right question to be asking in the first place.

Overall, The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is good introduction to information security. While well-written and though provoking, the book may be too conceptual and unstructured for an average end-user, and too basic for many experienced information security professionals. But for those that are interested, the book covers the entire gamut of the information security, and the reader, either security pro or novice, comes out much better informed.

While the author makes it clear he works for McAfee, and at times takes the company to task; the book references McAfee far too many times. At times the book seems like it is an advertisement for the company.

Viega does give interesting and often entertaining overviews of what we often take for granted. Some of the books arguments are debatable, but many more are a refreshing look at the dynamic information security industry. Viega has sat down and written his observations of what it going on. They are worth perusing, and the book is definitely worth reading.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know .

You can purchase The Myths of Security: What the Computer Security Industry Doesn't Want You to Know from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "There are countless content management systems (CMSs) available for building websites, and they offer varying levels of built-in functionality. But once a site developer has successfully installed any given CMS, a critical form of help (or hindrance) is the CMS's documentation, which for some CMSs is quite impressive, and for others absolutely atrocious. Joomla is a powerful and popular choice for Web developers, but can be daunting to newbies confused by its non-intuitive menu structure and restrictive content hierarchy. The documentation for Joomla is frequently criticized, for various reasons, and that may largely account for the popularity of third-party books — such as Barrie M. North's Joomla! 1.5: A User's Guide, now in its second edition." Read on for the rest of Michael and Ethelyn's review. Joomla! 1.5: A User's Guide, 2nd Edition author Barrie M. North pages 480 publisher Prentice Hall rating 9/10 reviewer Michael J. Ross and Ethelyn Holmes ISBN 978-0137012312 summary A comprehensive introduction to creating sites using Joomla. The book was published by Prentice Hall, on 1 June 2009, under the ISBN 978-0137012312. Just as with its predecessor, this updated edition spans 480 pages, and the material is grouped into 12 chapters: an introduction to CMSs in general and Joomla in particular; downloading and installing Joomla; basic Joomla administration; content management using Joomla; menus and navigation; enhancing Joomla functionality with extensions, components, modules, plug-ins, and templates; creation of content via the back-end and front-end; attracting Web traffic using SEO, referrals, and other techniques; how to create pure CSS templates; and building example websites for a school, a restaurant, and a blog. The book wraps up with four appendices on getting assistance with any Joomla development hurdles; four separate Joomla case studies; an introduction to SEO concepts; and installing WampServer.

On the book's Web page, the publisher makes available a description of the book, excerpts from Amazon.com reviews, the table of contents, and a sample chapter — "Creating Pure CSS Templates in Joomla!" — as both an online article and as a downloadable PDF file. There are also links for purchasing the print version, and for reading the Safari Books online version.

In conjunction with the book, Prentice Hall has published a DVD training course, titled Fundamentals of Joomla!, under the ISBN 978-0137017812. It consists of 13 lessons, spanning more than nine hours of video instruction. The DVD includes a bonus chapter explaining how to set up a membership site, not covered in the print book. The DVD disc is accompanied by a 128-page book, which includes all of the PHP and CSS code used in the training, plus additional material. As of this writing, Barnes & Noble is selling Joomla! 1.5: A User's Guide, 2nd Edition and the video training course bundled together. Anyone purchasing the video course should be aware that Lesson #6 on the DVD has a compression problem, which causes a small lag between the audio and video streams. In response to this, Prentice Hall uploaded that particular lesson as a free download to the product's site, under the "Updates" tab. A multimedia training course such as this may be the ideal tool for someone who finds printed technical books to be rather dry, and prefers learning from audiovisual material.

In this review, we will be examining both the book and the DVD training course, as the two complement one another.

Barrie North is well regarded in the Joomla community, and for good reason. He frequently blogs about Joomla on the website of Compass Design, a consulting firm specializing in Joomla Web design and SEO. Joomla developers consider Compass Design's site a source for some of the most up-to-date information on the subject. Barrie also founded Joomlashack, a noted provider of Joomla templates and customization services. He has more than 15 years of Internet experience as a Web designer, plus over a decade of classroom teaching experience and curriculum development expertise. He consults on Web marketing, search engine optimization, usability, and standards compliance for Joomla. He's also a former member of the Joomla Design and Documentation Working Groups.

The title of his book's first chapter, "Content Management Systems and an Introduction to Joomla!," fairly describes what the reader will find. As a CMS, Joomla's primary function is to organize and present all the content stored in a site's database, avoiding the problems in the past of static HTML files. This chapter presents Joomla's out-of-the-box features and delineates its various parts, templates, and modules. The DVD mentioned above shows the differences between constructing an ordinary Web page with Dreamweaver and constructing one with Joomla. People who learn best visually should be pleased with this demonstration, as well as Barrie North's teaching approach. He holds one's attention with a friendly yet informative conversational style. This first chapter provides an in-depth tutorial that explains how Joomla displays its content articles, and how the developer can organize them into a hierarchical structure. It details how to plan and organize the content and user experience for the site. It also explains the hierarchy structure currently used in Joomla — sections and categories — and how to best structure content into them for small and large sites.

The second chapter, "Downloading and Installing Joomla!," gives the reader a very detailed explanation on how to get up and running with Joomla. It explains where one can find the most current Joomla files; how to unpack these files on a home computer or into a remote Web hosting account; how to use the Joomla Installation Wizard; and how one can support the Joomla project. Barrie states that the worst part of the Joomla installation process is setting up the MySQL database, and uploading all the files to a remote server. But for anyone who has performed those tasks with other software technologies, the process should not pose a problem.

Chapter 3, "Joomla! Administration Basics," shows how the power of the Joomla site administration system, despite its simplicity. Compared to such site administration systems as those for WebLogic and Oracle AS, Joomla's system is a piece of cake. Reader should find the DVD especially helpful during the presentation of the back-end, front-end, control panels, and menus — especially the demonstration and explanation of such topics as articles, the front page, sections, categories, and modules. Barrie also gives tips on how to import and export users to Joomla, and about language extensions.

The fourth chapter, "Content Is King: Organizing Your Content," is a substantial and key chapter for those building a site with Joomla. It delves into Joomla's so-called "managers": the Article Manager, Frontpage Manager, Section Manager, Category Manager, and Module Manager. The author explains how to organize content logically, and the role of components and modules. Someone new to Joomla could otherwise find the many components and modules confusing. Of course, one can play around with them, but it is much more efficient to learn what one is doing from an expert. He demonstrates the Custom HTML module very well, and in the DVD walks the viewer through the development of a site using it.

Creating menus and navigation in a CMS is often perplexing to the uninitiated, and that's the topic of Chapter 5. It covers how to work with menu items, and clears up the issue about how to get rid of the dreaded "Welcome to the Frontpage." It also gets into managing modules (as opposed to Chapter 4's managing module content). Barrie North states that menus are perhaps the core of a Joomla site. In a static HTML site, they merely serve as navigation; in a Joomla site, they not only serve that purpose, but also determine the layout of what a dynamic page will look like and what content will appear on that page when the visitor navigates to it. The relationships among menus, menu items, pages, and modules, are perhaps the most confusing aspect of Joomla. Newbies can find daunting why some menu content shows up in articles, and then how to get rid of it. In this chapter, the reader learns how to create a navigation scheme that works for a new site.

Chapter 6, "Extending Joomla!," explains why extensions are essential to any well-functioning Joomla site. Rare is the Joomla-powered website that has no additional functionality, beyond the basics. In the world of Joomla, the term "extension" collectively describes components, modules, plugins, and languages. There are many hundreds available, both free and commercially from third-party providers. This chapter covers the Joomla 1.5 core templates — Khepri, Milkyway, JA Purity, and Beez — as well as how to use third-party templates.

In Chapter 7, "Expanding Your Content: Articles and Editors," the author returns to the critical topic of content management — specifically, WYSIWYG (what you see is what you get) editing, and how it relates to the backend with what Joomla refers to as Managers, Administrators, and Super Administrators. Barrie North then examines how authors, editors, and publishers can manage content through the front-end, as well as how administrators can set various permissions through the Menu Managers. This is critical for the site developer who wants users to be able to update content in a controlled manner, without breaking other things (inadvertently or otherwise!). Quite useful is Joomla's "global checkout" feature, which allows only one user at a time the ability to lock and then edit articles, and, if necessary, fix problems with checked-out articles.

The most attractive and powerful Joomla site in the world will be useless without visitors. Chapter 8, "Getting Traffic to Your Site," benefits from the author's knowledge and experience in online marketing and search engine optimization. For instance, he explains why the developer should discourage clients who ask for Flash-heavy sites, because pages loaded down with Flash elements can discourage traffic, for various reasons. In the DVD training material, he presents a step-by-step process of bringing traffic to an example site, using Wordtracker and Google tools. He also shows how to use Google advertising tools such as AdWords and AdSense. Interestingly, Barrie North does not put too much stock in keywords and metadata, but rather emphasizes the use of page titles as traffic magnets. He argues in both the DVD and the book that while email blasts may be effective and popular marketing tools, they should be used with caution. He also covers how blogs are another useful method for bringing traffic to one's sites.

The final four chapters in the book are all hands-on application of concepts and lessons covered in the earlier part of the book — specifically, how to create pure CSS templates, and how to create the three sample sites (for a school, a restaurant, and a blog).

Appendix A provides information on getting help with Joomla. If one is interested in seeing how Joomla is used in the real world, then Appendix B should prove valuable, because it offers information on Joomla's usage for commercial and government websites. Appendix C provides a quick overview of search engine optimization. Appendix D goes into detail on WampServer installation, with corresponding illustrations.

The book contains some errata: "Cpanel" (pages 25, 27, and 289), and "add fee" (should read "ad fee"; page 218). Those errata were present in the first edition, and even pointed out to the publisher in an earlier review.

The book's material is organized so that the reader can utilize it as a tutorial, reading from cover to cover, or skim through and take what is needed at the moment. The introductory ideas in the earlier chapters are developed and built upon to help the reader understand more advanced concepts later on. The book can also be used as a reference. For instance, if the reader desires a quick overview of what newsletter extensions are available, Chapter 6 provides that information. Lastly, the appendices contain valuable extra information about various aspects of Joomla. The target audience does not have to understand PHP in order to read this book or work through the many examples. Each example is presented in a clear step-by-step fashion. If a reader were to implement all of the examples in her development environment, then she would gain the skills to be able to build a substantial website. The DVD has an extra chapter on building a membership site. If the reader would like to go into the business of creating Joomla templates, the author even has a chapter showing how to do just that.

Joomla! 1.5: A User's Guide, 2nd Edition is to be recommended, particularly when matched with the DVD training course. Together they form a valuable reference guide and self-teaching tool, for newbies as well as seasoned website developers.

Michael J. Ross is a freelance website developer and writer. Ethelyn Holmes is a software and website developer — primarily using Java / J2EE and Joomla.

You can purchase Joomla! 1.5: A User's Guide, 2nd Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Jason writes "After months of digging though speculation and polar opposite opinions from PCI experts, I finally sent a direct request to Amazon's AWS sales team asking if they are in fact PCI compliant and will provide documentation attesting that they are as is required by PCI guidlines. I fully expecting them to dodge the question and refer me to a QSA, but to my relief, they replied with a refreshingly honest and absolute confirmation that it is currently impossible to meet PCI level 1 compliance using AWS services for card data storage. They also very strong suggest that cardnumbers never be stored on EC2 or S3 as those services are inherently noncompliant. For now at least, the official verdict is if you need to process credit cards, the Amazon cloud platform is off the table."

PainMeds writes "Apple's stepped-up and controversial rejections are helping to foster competition in the app store marketplace. According to an article by Wired, developers aren't taking AppStore rejection lying down, but are turning to the hacking community's repository system for the iPhone to launch an app store of their own. The 4-month-old Cydia store is yielding notably higher sales for a few application developers than Apple's AppStore, and is reportedly running on over 4 million Apple iPhone devices, with perhaps 350,000 connected at any one time. In this store, developers are distributing applications they've written that push the limits of Apple's normal AppStore policies, with software to add file downloads to Safari, trick applications into thinking they're on Wi-Fi (for VoIP), and enhance other types functionality. You'll also find the popular Google Voice application, which was recently rejected by Apple. Third party application development has been around since 2007, when the iPhone was originally introduced, and became so popular that O'Reilly Media published a book geared toward writing applications before an SDK was available. The Cydia store acts as both a free package repository and commercial storefront to third-party developers."

rrohbeck writes "Today Amazon credited my card with $65.45. After ordering an Eee PC 1005 HA from amazon.com, I asked them for a refund for the cost of Windows XP via the 'Contact us' form. At first they told me to cancel any items on my order that I wanted a refund for, but after I explained that XP was pre-installed on the machine they got it. They asked what the cost of the OS was, and I answered that I had no idea but that Amazon UK refunded £40.00. Within a few hours I got a response saying 'I've requested a refund of $65.45 to your Visa card.' Somehow I doubt that Amazon will charge Asus or even Microsoft, but maybe they will one day if more people do this. Oh, and peeling off the 'Designed for Microsoft Windows XP' sticker is easy, too."

brothke writes "Imagine for a moment what his novels would read like if Dan Brown got his facts correct. The challenge Brown and similar authors face is to write a novel that is both compelling and faithful to the facts. In Tetraktys, author Ari Juels is able to weave an interesting and readable story, and stay faithful to the facts. While Brown seemingly lacks the scientific and academic background needed to write such fiction, Juels has a Ph.D. in computer science from Berkeley and is currently the Chief Scientist and director at RSA Laboratories, the research division of RSA Security." Read below for the rest of Ben's review. Tetraktys author Ari Juels pages 351 publisher Emerald Bay Books rating Excellent debut novel by Ari Juels reviewer Ben Rothke ISBN 978-0982283707 summary Intriguing cryptographic thriller The book, which might be the world's first cryptographic thriller, tells the story of Ambrose Jerusalem, a gifted computer security expert, still haunted by his father's death, a few months shy of his doctorate, who has a beautiful and loving girlfriend, and a bright future ahead of him. This is until the government gets involved and Jerusalem's plans are put on hold when the NSA asks him to join them to track down a strange and disturbing series of computer breaches.

Tetraktys, like similar thrillers, has its standard set of characters; from corrupt State Department and World Bank officials, a dashing protagonist with a long-suffering girlfriend, to mysterious and obscure terrorist groups. This terrorist group is in the book is comprised of followers of Pythagoras.

As to the title, a tetraktys is a triangular figure of ten points arranged in four rows, with one, two, three, and four points in each row. It is a mystical symbol and was most important to the followers of Pythagoras. While mainly known as the creator of the Pythagorean theorem, Pythagoras of Samos was an influential Greek mathematician and founder of the religious movement of Pythagoreanism. Those wanting more information can watch a video about the symbol.

As to the storyline, the NSA is trying to recruit Ambrose as they feel that the terrorists, who form a secret cult of followers of Pythagoras have broken the RSA public-key algorithm. Breaking RSA is something that is not expected for many decades, but if a revolution in factoring numbers were to occur sooner, RSA's demise could happen that much quicker. And if RSA was indeed broken by the antagonists, it would undermine the security of nearly every government and financial institution worldwide and create utter anarchy.

A good part of the book centers on the cult of Pythagoras. Its followers believe that truth and reality can only be understood via their system of numbers. The NSA needs Jerusalem's assistance as he is one of the few people who have the mathematical, classical and philosophical background to help them. It is he who ultimately connects the dots that the Pythagoreans have left, which leads to the books dramatic conclusion.

The book is a most enjoyable read and one is hard pressed to put it down once they start reading it. The reader gets a good understanding of who Pythagoras was and his worldview via Juels weaving of Pythagorean philosophy into the storyline.

While the book is not autobiographical, there are many similarities between Ambrose Jerusalem and Ari Juels. From identical initials, to their lives in events in Berkeley and Cambridge, to RSA and more.

For a first book of fiction, Tetraktys is a great read. As a novelist, Juels style approaches that of Umberto Eco, in that he weaves numerous areas of thought into an integrated story. Like Eco's works, Tetraktys has an arcane historical figure as part of it storyline, and an intricate plot that takes the reader on many, and some unexpected, turns. While not as complex and difficult to read as Eco, Tetraktys is a remarkable work of fiction for someone with a doctorate in computer science, not literature.

The book though does have some gaps, but that could be expected for a first novel. The reader is never sure what the Pythagoreans are really after or why they have resurfaced, and one of the characters is killed, for reasons that are not apparent. Readers who want more information can visit the Tetraktys web site.

As to the book's protagonist, Ambrose Jerusalem is to Juels what Jack Ryan is to Tom Clancy, meaning that his adventures are just beginning, and that is a good thing.

For those interested in a cryptographic thriller, Tetraktys is an enjoyable read. The book interlaces Greek philosophy, mathematics, and modern crime into a cogent theme that is a compelling read. And if the exploits of Ambrose Jerusalem continue, we may have found the successor to Umberto Eco.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Tetraktys from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Imagine for a moment what his novels would read like if Dan Brown got his facts correct. The challenge Brown and similar authors face is to write a novel that is both compelling and faithful to the facts. In Tetraktys, author Ari Juels is able to weave an interesting and readable story, and stay faithful to the facts. While Brown seemingly lacks the scientific and academic background needed to write such fiction, Juels has a Ph.D. in computer science from Berkeley and is currently the Chief Scientist and director at RSA Laboratories, the research division of RSA Security." Read below for the rest of Ben's review. Tetraktys author Ari Juels pages 351 publisher Emerald Bay Books rating Excellent debut novel by Ari Juels reviewer Ben Rothke ISBN 978-0982283707 summary Intriguing cryptographic thriller The book, which might be the world's first cryptographic thriller, tells the story of Ambrose Jerusalem, a gifted computer security expert, still haunted by his father's death, a few months shy of his doctorate, who has a beautiful and loving girlfriend, and a bright future ahead of him. This is until the government gets involved and Jerusalem's plans are put on hold when the NSA asks him to join them to track down a strange and disturbing series of computer breaches.

Tetraktys, like similar thrillers, has its standard set of characters; from corrupt State Department and World Bank officials, a dashing protagonist with a long-suffering girlfriend, to mysterious and obscure terrorist groups. This terrorist group is in the book is comprised of followers of Pythagoras.

As to the title, a tetraktys is a triangular figure of ten points arranged in four rows, with one, two, three, and four points in each row. It is a mystical symbol and was most important to the followers of Pythagoras. While mainly known as the creator of the Pythagorean theorem, Pythagoras of Samos was an influential Greek mathematician and founder of the religious movement of Pythagoreanism. Those wanting more information can watch a video about the symbol.

As to the storyline, the NSA is trying to recruit Ambrose as they feel that the terrorists, who form a secret cult of followers of Pythagoras have broken the RSA public-key algorithm. Breaking RSA is something that is not expected for many decades, but if a revolution in factoring numbers were to occur sooner, RSA's demise could happen that much quicker. And if RSA was indeed broken by the antagonists, it would undermine the security of nearly every government and financial institution worldwide and create utter anarchy.

A good part of the book centers on the cult of Pythagoras. Its followers believe that truth and reality can only be understood via their system of numbers. The NSA needs Jerusalem's assistance as he is one of the few people who have the mathematical, classical and philosophical background to help them. It is he who ultimately connects the dots that the Pythagoreans have left, which leads to the books dramatic conclusion.

The book is a most enjoyable read and one is hard pressed to put it down once they start reading it. The reader gets a good understanding of who Pythagoras was and his worldview via Juels weaving of Pythagorean philosophy into the storyline.

While the book is not autobiographical, there are many similarities between Ambrose Jerusalem and Ari Juels. From identical initials, to their lives in events in Berkeley and Cambridge, to RSA and more.

For a first book of fiction, Tetraktys is a great read. As a novelist, Juels style approaches that of Umberto Eco, in that he weaves numerous areas of thought into an integrated story. Like Eco's works, Tetraktys has an arcane historical figure as part of it storyline, and an intricate plot that takes the reader on many, and some unexpected, turns. While not as complex and difficult to read as Eco, Tetraktys is a remarkable work of fiction for someone with a doctorate in computer science, not literature.

The book though does have some gaps, but that could be expected for a first novel. The reader is never sure what the Pythagoreans are really after or why they have resurfaced, and one of the characters is killed, for reasons that are not apparent. Readers who want more information can visit the Tetraktys web site.

As to the book's protagonist, Ambrose Jerusalem is to Juels what Jack Ryan is to Tom Clancy, meaning that his adventures are just beginning, and that is a good thing.

For those interested in a cryptographic thriller, Tetraktys is an enjoyable read. The book interlaces Greek philosophy, mathematics, and modern crime into a cogent theme that is a compelling read. And if the exploits of Ambrose Jerusalem continue, we may have found the successor to Umberto Eco.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Tetraktys from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

levicivita writes "From the down-but-not-out NYT comes an article (warning: login may be required) about user backlash against Kindle's embedded DRM: 'Last week, Jeffrey P. Bezos, chief executive of Amazon, offered an apparently heartfelt and anguished mea culpa to customers whose digital editions of George Orwell's "1984" were remotely deleted from their Kindle reading devices. Though copies of the books were sold by a bookseller that did not have legal rights to the novel, Mr. Bezos wrote on a company forum that Amazon's "'solution' to the problem was stupid, thoughtless and painfully out of line with our principles."' Bezos's post is here."

Michael J. Ross writes "Slow Web page loading can discourage visitors to a site more than any other problem, regardless of how attractive or feature-rich the given site might be. Consequently, many Web developers hope to achieve faster response times using AJAX (Asynchronous JavaScript and XML), since only portion(s) of an AJAX page need to be reloaded. But for many rich Internet applications (RIAs), such potential performance gains can be lost as a result of non-optimized JavaScript, graphics, and CSS files. Steve Souders — a Web performance expert previously at Yahoo and now with Google — addresses these topics in his second book, Even Faster Web Sites: Performance Best Practices for Web Developers." Read on for the rest of Michael's review. Even Faster Web Sites author Steve Souders pages 254 pages publisher O'Reilly Media rating 8/10 reviewer Michael J. Ross ISBN 978-0596522308 summary Advanced techniques for improving website performance. The book was published by O'Reilly Media on 18 June 2009, under the ISBN 978-0596522308. The publisher makes available a Web page, where visitors can purchase the print and electronic versions of the book (as well as a bundle of the two), read the book online as part of the Safari library service, and check the reported errata — comprising those confirmed by the author (of which there are currently two) and any unconfirmed errors (all six of which are valid, though the fifth one may be a coincidence). In a break with traditional practice among technical publishers nowadays, there is no sample chapter available, as of this writing.

In many ways, this second book is similar to Steve's previous one, High Performance Web Sites: It presents methods of enhancing the performance of websites, with a focus on client-side factors. It is fairly slender (this one is 254 pages), relative to most programming books nowadays, and the material is organized into 14 chapters. However, unlike its predecessor, Even Faster Web Sites emphasizes generally more advanced topics, such as script splitting, coupling, blocking, and chunking (which to non-developers may sound like a list of the more nefarious techniques in professional hockey). This second book also has employed a team approach to authorship, such that six of the chapters are written by contributing authors. In his preface, Steve notes that the 14 chapters are grouped into three broad areas: JavaScript performance (Chapters 1-7), network performance (Chapters 8-12), and browser performance (Chapters 13-14). The book concludes with an appendix in which he presents his favorite tools for performance analysis, organized into four types of applications: packet sniffers, Web development tools, performance analyzers, and some miscellaneous applications.

In the first chapter, "Understanding Ajax Performance," guest author Douglas Crockford briefly describe some of the key trade-offs and principles of optimizing applications, and how JavaScript now plays a pivotal role in that equation — as websites nowadays are designed to operate increasingly like desktop programs. On pages 2 and 3, he uses some figures to illustrate fixed versus variable overhead, and the dangers of attempting to optimize the wrong portions of one's code. By the way, the so-called "axes" are not axes, or even Cartesian grid lines, but simply levels. Aside from its choppy narrative style and a pointless religious reference in the first paragraph, the material serves as a thought-provoking springboard for what follows. Chapter 2, titled "Creating Responsive Web Applications," was written by Ben Galbraith and Dion Almaer, who discuss response times, user perception of them, techniques for measuring latency, browser threads, Web Workers, Google Gears, timers, and memory issues. The material is neatly explained, although Figure 2-2 is quite confusing; moreover, both of the figures on that page should not have been made Mac- and Firefox-specific.

In the subsequent four chapters, Steve dives into the critical topic of how to optimize the performance of JavaScript-heavy pages through better script content and organization — specifically, how and when to split up large scripts into smaller ones, how to load scripts without blocking one another or breaking dependencies within the code, and how to best in-line scripts, when called for. Each of the four chapters follows an effective methodology: The first author delineates a particular performance mistake made by even some of the most popular websites, with the statistics to back it up. He presents one or more solutions, including any relevant tools, again with waterfall charts illustrating how well the solutions work. Lastly, he explains any browser-specific issues, oftentimes with a handy chart showing which possible method would likely be optimal for the reader's given situation, such as expected browser choices in the site's target audience. When there are potential pitfalls, Steve points them out, with helpful workarounds. He generally provides enough example source code to allow any experienced developer to implement the proposed solutions. Unfortunately, the example code does not appear to be available for download from O'Reilly's website.

The discussion of JavaScript optimization is capped off by the seventh chapter, written by Nicholas C. Zakas, who explains variable scope within JavaScript code, the advantages of choosing local variables as much as possible, scope chain augmentation, the performance ramifications of the four major data types (literal values, variables, arrays, and objects), optimizing flow control statements, and string concatenation. He outlines what sorts of problems can cause the user's Web browser to freeze up, and the differing responses she would see depending upon her chosen browser. Nicholas concludes his chapter by explaining how to utilize timer code to force long-running scripts to yield, in order to avoid these problems. By the way, in Figures 7-2 and 7-3, the data point symbols need to be enlarged so as to be distinguishable; as it is, they are quite difficult to read. More importantly, on page 93, the sentence beginning "This makes array lookup ideal..." is either misworded or mistaken, since array lookup cannot be used for testing inclusion in ranges.

With the eighth chapter, the book shifts gears to focus on network considerations — namely, how to improve the site visitor's experience by optimizing the number of bytes that must be pushed down the wire. In "Scaling with Comet," Dylan Schiemann introduces an emerging set of techniques that Steve Souders describes as "an architecture that goes beyond Ajax to provide high-volume, low-latency communication for real-time applications such as chat and document collaboration" — specifically, by reducing the server-side resources per connection. In Chapter 9, Tony Gentilcore discusses a rather involved problem with using gzip compression — one that negatively impacts at least 15% of Internet users. Even though videos, podcasts, and other audiovisual files consume a lot of the Internet's bandwidth, images are still far more common on websites, and this alone is reason enough for Chapter 10, in which Stoyan Stefanov and Nicole Sullivan explain how to reduce the size of image files without degrading visible quality. They compare the most popular image formats, and also explain alpha transparency and the use of sprites. The only clear improvement that could be made to their presentation is on page 157, where the phrase "named /favicon.ico that sits in the web root" should instead read something like "usually named favicon.ico," since a favicon can have any filename, and can be located anywhere in a site's directory structure.

The lead author returns in Chapter 11, in which he explains how to best divide resources among multiple domains (termed "sharding"). In the subsequent chapter, "Flushing the Document Early," Steve explores the approach of utilizing chunked encoding in order to begin rendering the Web page before its full contents have been downloaded to the browser. The third and final section of the book, devoted to Web browser performance, consists of two chapters, both of whose titles neatly summarize their contents: "Using Iframes Sparingly" and "Simplifying CSS Selectors." That last chapter contains some performance tips that even some of the most experienced CSS wizards may have never heard of before. As with most of the earlier chapters, the narrative tends to be stronger than the illustrations. For instance, Figure 14-5, a multiline chart, is quite misleading, because it appears to depict three values varying over time, when actually each of the ten x-axis coordinates represents a separate major website. A bar chart would obviously have been a much better choice.

Like any first edition of a technical book, this one contains a number of errata (aside from those mentioned earlier): In Figure 1-1, "iteration" is misspelled. On page 23, in the sentence beginning "Thus, if...," the term "was" should instead read "were." In Figures 7-1 and 7-4, the "Global object" box should not contain "num2." On page 95, in the phrase "the terminal condition evaluates to true," that instead should read "false." On page 147, in the sentence beginning "However, the same icon...," the "was" should instead read "were." On page 214, "Web-Pagetest. AOL" should instead read "Web-Pagetest, then AOL," because the first sentence is one long absolute phrase (i.e., lacking a finite noun and verb).

All of these defects can be easily corrected in future printings. What will probably need to wait for a second edition, are improvements to the figures that are in need of replacement or clarification. What the publisher can rectify immediately — should the author and O'Reilly choose to do so — would be to make all of the example source code available for download.

Even though this book is decidedly longer than High Performance Web Sites, and has many more contributing authors, it does not appear to contain as much actionable information as his predecessor — at least for small- to medium-sized websites, which probably make up the majority of all sites on the Web. Even though such methodologies as Comet, Doloto, and Web Workers appear impressive, one has to wonder just how many real-world websites can justify the development and maintenance costs of implementing them, and whether their overhead could easily outweigh any possible benefits. Naturally, these are the sorts of questions that are best answered through equally hard-nosed experimentation — as exemplified by Steve Souders's admirable emphasis upon proving what techniques really work.

Fortunately, none of this detracts from the application development and optimization knowledge presented in the book. With its no-nonsense analysis of Internet performance hurdles, and balanced recommendations of the most promising solutions, Even Faster Web Sites truly delivers on its title's promise to help Web developers wring even more speed out of their websites.

Michael J. Ross is a freelance Web developer and writer.

You can purchase Even Faster Web Sites from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "A recent search on Amazon for travel guides returned over 30,000 results. Most of these are standard travel guides to popular tourist destinations which advise the reader to go to the typical tourist sites. The Geek Atlas: 128 Places Where Science and Technology Come Alive is a radically different travel guide. Rather than recommending the usual trite destinations, which are often glorified souvenir stores, the book takes the reader to places that make science real and exciting, and hopefully those who exit such places are more knowledgeable than when they went in." Read on for the rest of Ben's review. The Geek Atlas: 128 Places Where Science and Technology Come Alive author John Graham-Cumming pages 542 publisher O'Reilly Media rating 10/10 reviewer Ben Rothke ISBN 978-0596523206 summary A fascinating and enjoyable read Irrespective of its travel content, The Geek Atlas is a unique and fascinating read for the information and overview of its wide range of topics. If there is a fault in the book, it is with its title. When people see Geek Atlas, they might think that this is a book that takes the reader to boring and obscure places, which is the exact opposite of its intent.

Author John Graham-Cumming writes that you won't find tedious, third-rate museums, or a tacky plaque stuck to a wall stating that "Professor X slept here." Every place he recommends is meant to have real scientific, mathematical, or technological interest.

Each of the books 128 chapters is separated into 3 parts: a general introduction to the place with an emphasis on its scientific, mathematical or technological significance; a related technical subject covered in greater detail, and practical visiting information. So while you may not be able to make it to the Escher Museum (chapter 29) in The Hague, Netherlands; the information on how M.C. Escher used impossible shapes in which the chapter describes is a fascinating read on its own.

Graham-Cumming notes that a disappointing trend with science museums today is a tendency to emphasize the wow factor without really explaining the underlying science. He notes the following 3 attributes of such museums: a short name ending with an exclamation mark, a logo featuring pastel colors or a cuddle cartoon mascot, or an IMAX theater.

Why does the book specifically have 128 places listed? See chapter 58, for the National Museum of Computing in Bletchley, UK. Graham-Cumming notes that your average travel guide would have listed perhaps 100 or 125 places. 128 is a round binary number (10000000). Of course, those who are binary obsessed might wonder why this book is not titled 10000000 Places Where Science and Technology Come Alive.

The 128 places listed are for the most part divided equally between sites in Europe and the USA, with a few in the Far East and Russia. A complete listing of the sites is mapped on the books web site. Africa for some reason seems to be left out and perhaps a follow-up volume will fill that void. Of course, one could argue that Africa has had a minimal contribution to the world of science, mathematics and technology. Nigeria for example is famous for its 419 advance-fee fraud, but not its overabundance of contributors to physics.

For the US locations, there are locations for 25 states, with California being the biggest with 7 suggested places to visit. With that, it is surprising that the book lists the HP Garage, given that it is not open to the public and only serves as a shack to be photographed. Other places such as the US Navy Submarine Force Museum and MIT Museum are indeed more visit worthy.

The tours of some of the sites, like the HP Garage will take less than an hour or so (chapter 42 — Bunhill Fields Cemetery, London, UK), while others one can spend a half or full-day at the site.

While The Geek Atlas is touted as a travel guide, it is much more than that. Its 128 chapters are a wide-ranging overview of science and mathematics. Topics run the gamut from physics and pharmacology to transistors and optics. In fact, the book would make a superb syllabus for an introduction to science course. The plethora of subject covered, combined with its easy to read and absorbing style makes it a fantastic book for both those that are scientifically challenged, yet curious, and those that have a keen interest in the sciences.

The Geek Atlas is a fascinating and enjoyable read; in fact, it I found it hard to put down. Lets hope the author is working on a sequel with the next 256 additional places where science and technology come alive.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The Geek Atlas: 128 Places Where Science and Technology Come Alive from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "A recent search on Amazon for travel guides returned over 30,000 results. Most of these are standard travel guides to popular tourist destinations which advise the reader to go to the typical tourist sites. The Geek Atlas: 128 Places Where Science and Technology Come Alive is a radically different travel guide. Rather than recommending the usual trite destinations, which are often glorified souvenir stores, the book takes the reader to places that make science real and exciting, and hopefully those who exit such places are more knowledgeable than when they went in." Read on for the rest of Ben's review. The Geek Atlas: 128 Places Where Science and Technology Come Alive author John Graham-Cumming pages 542 publisher O'Reilly Media rating 10/10 reviewer Ben Rothke ISBN 978-0596523206 summary A fascinating and enjoyable read Irrespective of its travel content, The Geek Atlas is a unique and fascinating read for the information and overview of its wide range of topics. If there is a fault in the book, it is with its title. When people see Geek Atlas, they might think that this is a book that takes the reader to boring and obscure places, which is the exact opposite of its intent.

Author John Graham-Cumming writes that you won't find tedious, third-rate museums, or a tacky plaque stuck to a wall stating that "Professor X slept here." Every place he recommends is meant to have real scientific, mathematical, or technological interest.

Each of the books 128 chapters is separated into 3 parts: a general introduction to the place with an emphasis on its scientific, mathematical or technological significance; a related technical subject covered in greater detail, and practical visiting information. So while you may not be able to make it to the Escher Museum (chapter 29) in The Hague, Netherlands; the information on how M.C. Escher used impossible shapes in which the chapter describes is a fascinating read on its own.

Graham-Cumming notes that a disappointing trend with science museums today is a tendency to emphasize the wow factor without really explaining the underlying science. He notes the following 3 attributes of such museums: a short name ending with an exclamation mark, a logo featuring pastel colors or a cuddle cartoon mascot, or an IMAX theater.

Why does the book specifically have 128 places listed? See chapter 58, for the National Museum of Computing in Bletchley, UK. Graham-Cumming notes that your average travel guide would have listed perhaps 100 or 125 places. 128 is a round binary number (10000000). Of course, those who are binary obsessed might wonder why this book is not titled 10000000 Places Where Science and Technology Come Alive.

The 128 places listed are for the most part divided equally between sites in Europe and the USA, with a few in the Far East and Russia. A complete listing of the sites is mapped on the books web site. Africa for some reason seems to be left out and perhaps a follow-up volume will fill that void. Of course, one could argue that Africa has had a minimal contribution to the world of science, mathematics and technology. Nigeria for example is famous for its 419 advance-fee fraud, but not its overabundance of contributors to physics.

For the US locations, there are locations for 25 states, with California being the biggest with 7 suggested places to visit. With that, it is surprising that the book lists the HP Garage, given that it is not open to the public and only serves as a shack to be photographed. Other places such as the US Navy Submarine Force Museum and MIT Museum are indeed more visit worthy.

The tours of some of the sites, like the HP Garage will take less than an hour or so (chapter 42 — Bunhill Fields Cemetery, London, UK), while others one can spend a half or full-day at the site.

While The Geek Atlas is touted as a travel guide, it is much more than that. Its 128 chapters are a wide-ranging overview of science and mathematics. Topics run the gamut from physics and pharmacology to transistors and optics. In fact, the book would make a superb syllabus for an introduction to science course. The plethora of subject covered, combined with its easy to read and absorbing style makes it a fantastic book for both those that are scientifically challenged, yet curious, and those that have a keen interest in the sciences.

The Geek Atlas is a fascinating and enjoyable read; in fact, it I found it hard to put down. Lets hope the author is working on a sequel with the next 256 additional places where science and technology come alive.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The Geek Atlas: 128 Places Where Science and Technology Come Alive from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Oracle Goddess writes "In a story just dripping with irony, Amazon Kindle owners awoke this morning to discover that 1984 and Animal Farm had mysteriously disappeared from their e-book readers. These were books that they had bought and paid for, and thought they owned. Apparently the publisher changed its mind about offering an electronic edition, and apparently Amazon, whose business lives and dies by publisher happiness, caved. It electronically deleted all books by George Orwell from people's Kindles and credited their accounts for the price. Amazon customer service may or may not have responded to queries by stating, 'We've always been at war with Eastasia.'"

bfwebster writes "Over the last forty years, a small set of classic works on risks and pitfalls in software engineering and IT project management have been published and remained in print. The authors are well known, or should be: Gerry Weinberg, Fred Brooks, Ed Yourdon, Capers Jones, Stephen Flowers, Robert Glass, Tom DeMarco, Tim Lister, Steve McConnell, Steve Maguire, and so on. These books all focus largely on projects where actual software development is going on. A new book by Phil Simon, Why New Systems Fail, is likewise a risks-and-pitfalls book, but Simon covers largely uncharted territory for the genre: selection and implementation of enterprise-level, customizable, off-the-shelf (COTS) software packages, such as accounting systems, human resource systems, and enterprise resource planning (ERP) software. As such, Simon's book is not only useful, it is important." Read on for the rest of Bruce's thoughts on this book. Why New Systems Fail: Theory and Practice Collide author Phil Simon pages 251 publisher AuthorHouse, 2009 rating 8/10 reviewer Bruce F. Webster ISBN 9781-4389-4424-1 summary Risks and pitfalls of enterprise COTS projects Phil Simon has written a long-needed and long-overdue book. Most risks-and-pitfalls book in the IT category focus primarily on projects where actual software engineering is the principal activity. However, many of the large, expensive and often spectacular IT project failures over the past 20 years have little to do with software design and development. Instead, they involve a given organization selecting and implementing — or trying to implement — a commercial off-the-shelf (COTS) software package to replace existing legacy systems, either homegrown or also commercial. The reasons for such a move can be many: standardizing IT and data management across the enterprise, seeking new functionality, retiring systems that are no longer supported or supportable, and so on. By so doing, the firm (usually rightly) thinks to avoid the risks and expense of from-scratch custom software development. However, the firm (usually wrongly) thinks that such a project comprises nothing more than installing the software, training some users, converting some data, and turning a switch. A quick search on the terms "ERP" and "lawsuit" shows just how mistaken that idea can be.

Simon's book is far more informative and instructive than a Google search and should be required reading for all CIOs, IT project managers, and involved business managers prior to starting any such enterprise COTS project. He covers the complete lifecycle of such projects, starting with the typical expectations by upper management ("Fantasy World") and following it through system selection, implementation, and production, along with a final section on how to maximize the chances of success. Along the way, he uses several real-word case studies (with names changed), as well as a few hypothetical ones, to demonstrate just how such efforts go wrong.

What Simon writes is spot on. For roughly 15 years now, my primary professional focus has been on why IT projects fail. I do that both as a consultant (brought in to review troubled projects to get them back on track) and as a consulting or testifying expert (brought in to review troubled or failed projects now in litigation). I have reviewed hundreds of thousands of pages of project documentation and communication; I have likewise traced or reconstructed project histories for many major IT projects, including enterprise COTS projects. It's clear that Simon knows exactly what he's talking about and knows where all the bodies are buried.

The book itself is very readable. Simon's tone is conversational and a bit humorous; he occasionally dives into technicalities that would be lost on upper management, but always comes back to basic principles. The real-world and hypothetical case studies will have those of us who have been on such projects nodding our heads even as we occasionally wince or shudder. His coverage is exhaustive (and at times a bit exhausting), but his goal appears to be to give those managing and overseeing such projects the information they need to navigate the shoals. He goes into detail about COTS pitfalls such as project estimation, vendor selection, use of consultants, group responsibility, integration with legacy systems, data conversion, and report generation.

The first section of the book covers how and why firms decide to initiate a major COTS project. Besides the "Fantasy World" section that compares management expectations to what really happens, the book also covers why firms hold onto legacy systems, why they buy new (replacement) systems, and how they can (or should) make the decision among building a custom system, buying a COTS system, and "renting" enterprise software via a web-based software-as-a-service (SaaS) vendors such as Workday and Salesforce.

The second section covers COTS system selection. The book divides current ERP and COTS vendors into four different tiers based on company size and use (e.g., SAP, Oracle and BaaN are all Tier 1) and warns of the, ah, enthusiasm of vendor salespersons. (Old-but-still-timely joke: What's the difference between a used car salesman and a software salesman? The used car salesman knows how to use his own product and knows when he's lying.) The book then raises up front an issue often left (by customers) until much later: how will business processes change as a result of the COTS system we're acquiring? It then talks about selecting, if necessary, a consulting firm to help with the installation and project management.

The third section covers the actual COTS implementation process, including the overall strategy, roles and responsibilities, providing the necessary environments, data migration, testing, reports, and documentation. This section is a bit exhausting at times, but it is critical for exactly that reason: far too many firms launch into a major COTS acquisition without fully realizing just what it will take to get the system into production.

The fourth section briefly deals with life after implementation. In theory, one of the reasons a firm buys a COTS system is to avoid doing its own maintenance and support; the reality is that the firm often doesn't like paying those large annual maintenance fees and instead goes off on its own path, which is seldom a good idea.

The fifth and final section talks about how to maximize the chance of success in a large COTS implementation. This section builds upon the rest of the book, which has provided suggestions along the way. In particularly, it talks about how to deal with a troubled project mid-course in order to get it back on track.

Throughout the book, Simon puts a significant focus on human factors in project success and failure. He identifies issues such as internal politics, kingdom-building, reluctance to learn new systems, internal project sabotage, end-user resistance, and staff allocation. Simon divides firm personnel assigned to work on the COTS project into four groups — willing and able (WAA); willing but not able (WBNA); not willing but able (NWBA); and neither willing nor able (NWNA) — and talks about how each groups helps or hurts. Similarly, he identified four dangerous type of project managers: the Yes Man, the Micromanager, the Procrastinator, and the Know-It-All. Again, those of us who have been on major IT projects, particularly those involving COTS implementations, will recognize both sets of categorization and the risks they entail.

While Simon is himself a consultant, he is also quite frank about the role consultancies can play in COTS project failures. In particularly, he notes the tendency of consulting firms to underestimate project duration and cost in order to win business, as well as the frequent unwillingness to point out risks and pitfalls to the client, particularly if they represent something the client wants to do.

My few complaints with Why New Systems Fail are mostly production-related. Simon self-published the book; as such, the book's internal layout and graphic design leaves something to be desired. Likewise, his organization and prose could use a bit of editing in spots; he has a propensity for throwing in terms and abbreviations without clarification, and the technical level can vary within a given chapter. Almost all of his footnote references come from Wikipedia; his bibliography is small (just four books) and cites only Brooks from the cadre of authors listed above. None of this makes the book's content any less important or useful, but some of the very people who should be reading this book might well skip or skim it for those reasons. My understanding is that Simon is working on finding a publisher for the book, which will likely solve all those problems.

In the meantime, if you or someone you love is about to embark on an enterprise-level COTS project, get this book; I've added it to my own short-list of recommended readings in software engineering.

You can purchase Why New Systems Fail: Theory and Practice Collide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "Hitting middle age has been an interesting time. I catch myself thinking about how well kids have it today and sounding a lot like my father. One difference is while my dad was happy to teach me about sports or cars, we never spent any time knocking out code together. I think he did realize that home computers were important and I will always be grateful for the Commodore Vic-20 he brought home one day. It was a substantial purchase for our household. I spent many days copying lines of basic from magazines and saving the results to cassette tapes. In my home today we have a considerably better situation, computing wise. There are usually a couple laptops running as well as the desktop machine upstairs. My kids take for granted what I found to be amazing and new. Still, that's all pretty normal and I'd like to give them an opportunity to go deeper if they are so inclined, just like we give them opportunities to explore other skills and pursuits. With that in mind I brought a copy of Hello World! home a few weeks ago, and the response from my oldest has been surprisingly enthusiastic." Keep reading for the rest of JR's review. Hello World! Computer Programming for Kids and Other Beginners author Warren and Carter Sande pages 430 publisher Manning rating 9/10 reviewer JR Peck ISBN 978-1933988498 summary Computer programming for kids and other beginners. Warren Sande wanted to teach his son Carter about programming but had difficulty finding what he thought was a suitable book to guide the process. At the encouragement of Warren's wife, he and Carter decided to write their own while Carter learned to code. Warren chose Python as the language they would work in and then the two together outlined the book and created the sample applications. As the book moves into more complex territory the sample applications are the kind kids like best. They are games. As soon as my daughter saw that she would get to make her own computer games she immediately asked me if we could start working through the book together. When it has been a while since we've had a chance to crack it open, she reminds me by asking when we will get back to it. I would say that on her end it has been a complete success. It has been a great time for us as father and daughter and educational for us both.

Language choice can be quite a hot topic amongst us geeks. In the preface Warren defends his choice of Python with a bullet list I'll summarize here.

• Python was created from the start to be easy to learn.
• Python is free.
• Python is open source software.
• Python is not just a 'toy' language.
• Python is multi-platform.
• Warren likes Python and thinks others will like it too.

I think the list is pretty solid. The only one I think may not be directly applicable to the case it hand is the FOSS angle. Warren explains that being open means that more can be done with the software and that there is a large set of corresponding code out there freely available. A case could be made that this is also true of more closed languages. The one thing I think that could make this important is if the teacher of the material is interested in not just teaching the technical side of programming but is also interested in communicating the philosophical values of freedom. In light of the amount of closed source software and ignorance in regards to FOSS options I've seen in the public school system where I live, I think this may be more important than some think.

The rest of the reasons though I think make Python an incredibly solid choice, and above all else is the simplicity. My daughter has been able to have fun typing code into IDLE without having to get hung up with a complicated environment. The syntax is clean and simple, there is no compiling, it's very easy to just jump in and start making things happen. I think this is important, the younger the student. I was concerned that nine might be just a touch too young for this undertaking. The book itself does not make any recommendations concerning age. The more I've thought about it, the more I agree with that choice. Children vary so greatly and any number chosen would be rather arbitrary. My nine your old has done well so far, but she is already quite a book worm and leans towards more academic pursuits. An older child may struggle and there may be some that are even younger that would be fine with the material in Hello World! So rather than focus on age I think a parent needs to come at this from a perspective of ability, proclivity and experience.

In the ability area, a child is going to know how to read, work with a mouse, and type things via the keyboard. Of course the mouse is optional strictly speaking but most will probably want to use it. Some math skill would be good as well as the ability to understand the use of variables. The book tackles the necessary material in a kid friendly way but it is not dumbed down. In fact the learning potential here is huge, as one may imagine. The book is formatted with lots of visuals and fly-outs that give information on how computers operate and how programming languages deal with information processing. My daughter and I have already had interesting discussions on subjects like integers and floats. An example that draws a sine wave lead to a great teachable moment about amplitude and wave length. Then there is the constant need for approaching problem solving in a structured manner using logic. I think that taking on programming brings a wide number of benefits.

One of the features, is a little caricature of Carter that is placed throughout the book with observations that the real Carter made as he learned with his dad. These are things that a real kid noticed, and so they are likely to stand out to a child working through this book. For instance in the chapter on "Print Formatting and Strings" Carter says, "I thought the % sign was used for the modulus operator!" The book explains that Python uses context to choose how the % sign is used. There are other little cartoon characters that appear throughout the book drawing attention to important points that need to be remembered. Learning is reinforced through quizzes at the end of the chapters. The chapters are not too long but I've found that my daughter and I have to break them into sections because of her typing speed. I've been tempted at times to move things along by typing for her but I know that she will not get the same benefit from the exercise if we do it that way. I will also let errors slide by at times to allow her the opportunity to look at error messages and find the problems.

As I mentioned the book is billed as being for kids and "other beginners." I'm going to say that the primary focus is rightly on kids, and probably kids who are in grade school or maybe junior high. This is not to say that the examples and information wouldn't be great for anyone brand new to programming. There are even some nuggets for someone who has written some code but is new to Python. I am going to guess though that the average high school student will not be as taken with the cartoons and puns. I'd have loved to have written my own lunar lander game at that age though, so maybe I'm selling this short, or maybe it would be something a teen would be happy to work on away from the eyes of others, so as not to appear childish. (I may take heat for this but even as a teenage geek I was immensely worried about the perceptions of my peer group.) I think an adult that was serious about learning to program, even if they had no prior experience, would do better with heavier material. All that said, I think for children they've really hit the sweet spot and as much as marketers would like it to be so, no book can be everything to everyone.

Things start simple with print statements and loops that took me back to good old days of watching messages scroll endlessly by on display computers at Sears when I was a kid. The move towards games starts even then with text and quickly moves on to leveraging Pygame for games that utilize graphics. I think this is important as it keeps things entertaining while teaching important concepts at the same time. I have to say it is quite a bit fun to sit with my child discussing nested loops and decision trees. By the end of the book examples will have included a simple virtual pet, a downhill skiing game and a lunar lander simulation.

I've discussed a child's ability a bit but I think the last two things I mentioned must be taken into account as well. They are proclivity and experience. I've let my daughter drive the time we spend working on this. Just like the parents who project their sports dreams on their kids, I think there is a possibility to do the same with my love for all things digital. It may even be easier to do so as I view the ability to do some amount of programming to be an important life skill. The thing is I don't want to push her too hard and have her back away from it completely. This fits in with the experience part. We take it as it goes, and if things stop being fun, we will back off. I don't do this with her core disciplines from school like reading and math, but for something that is extra right now I'm not going to push. It would transition from being a joy to being work. That brings up a last and unexpected benefit from Hello World! I'm rediscovering a lot of the fun and excitement that drew me into this industry in the first place.

You can purchase Hello World! from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

theodp writes "He once controlled the world's PCs. Now Bill Gates has set his sights on controlling the world's weather. And patenting it. On Thursday, the USPTO revealed that Gates and ex-Microsoft CTO Nathan Myhrvold have filed five patent applications that propose using large fleets of vessels to suppress hurricanes through various methods of mixing warm water from the surface of the ocean with colder water at greater depths. The idea is to decrease the surface temperature, reducing or eliminating the heat-driven condensation that fuels the giant storms. Hey, a guy can only play so much golf in retirement."

stoolpigeon writes "At the end of last year, I made a move from an IT shop focused on supporting the US side of our business to a department that provides support to our operations outside the US. This was the first time I've worked in an international context and found myself, on a regular basis, running into long-time assumptions that were no longer true. My first project was implementing a third-party, web-based HR system for medium-sized offices. I found myself constantly missing important issues because I had such a narrow approach to the problem space. Sure, I've built applications and databases that supported Unicode, but I've never actually implemented anything with them but the same types of systems I'd built in the past with ASCII. But a large portion of the world's population is in Asia, and ASCII is certainly not going to cut it there. Fortunately, a new edition of Ken Lunde's classic CJKV Information Processing has become available, and it has really opened my eyes." Keep reading for the rest of JR's review. CJKV Information Processing 2nd ed. author Ken Lunde pages 898 publisher O'Reilly Media, Inc. rating 10/10 reviewer JR Peck ISBN 978-0-596-51447-1 summary Chinese, Japanese, Korean and Vietnamese computing. CJKV Information Processing has a long history that actually goes back into the 1980s. It began as a simple text document JAPAN.INF, available via FTP on a number of servers. This document was excerpted and refined and published as Lunde's first book in 1993, Understanding Japanese Information Processing. Shortly after JAPAN.INF became CJK.INF and the foundation for the first edition of CJKV Information Processing was born. The first edition was published in 1999, and it is safe to say that a number of important things have changed over the last 10 years. Lunde states four major developments that prompted this second edition in the preface. They are the emergence of Unicode, OpenType and the Portable Document Format (PDF) as preferred tools and lastly the maturity of the web in general to use Unicode and deal with a wider range of languages and their character sets.

Lunde sets out not to create an exhaustive reference on the languages themselves, but rather an exhaustive guide to the considerations that come into play when processing CJKV information. As Lunde states, "..this book focuses heavily on how CJKV text is handled on computer systems in a very platform-independent way..." Taking into account the complexity of the topic, the breadth of the work and the degree to which it is independent of any specific technology, outside a heavy bias for Unicode, is extremely impressive. A glance over the table of contents show just how true this is. Chapter 9, Information Processing Techniques has sections touching on C/C++, Java, Perl, Python, Ruby, Tcl and others. These are brief, with most examples in Java but that they are all directly addressed shows a great awareness of the options out there. The sections that deal with operating system issues have the same breadth. Chapter 10, OSes, Text Editors, and Word Processors doesn't just hit the top Mac and Windows items. It looks at FreeBSD, Linux, Mac OS X, MS Vista, MS-DOS, Plan 9, OpenSolaris, Unix and more. There are also sections for what Lunde calls hybrid environments such as Boot Camp, CrossOver Mac, Gnome, KDE, VMware Fusion, Wine and the X Window System. Interestingly the Word Processor system covers AbiWord and KWord but not OpenOffice.org The point stands that anyone looking to support CJKV, this book will probably cover your platform and give you at the very least a starting point with your chosen tool set.

That said, an extremely specific implementation is not what Lunde is out to offer up. This is the very opposite of a 'cook book' approach. This also makes the book extremely useful to anyone dealing with internationalization, globalization or localization issues regardless of character set or language. Lunde teaches the underlying principles of how writing systems and scripts work. He then moves to how computer systems deal with these various writing systems and scripts. The focus is always on CJKV but the principles will hold true in any setting. This continues to be the case as Lunde talks about character sets, encoding, code conversion and a host of other issues that surround handling characters. Typography is included, as well as input and output methods. In each case Lunde covers the basics as well as pointing out areas of concern and where exceptions may cause issues. The author is nothing if not thorough in this regard. His knowledge of the problem space is at times down right staggering. Lunde also touches on dictionaries as well as publishing in print and on the web.

The first three chapters set the table for the rest of the book with an overview of the issues that will be addressed, information on the history and usage of the writing systems and scripts covered and the character set standards that exist. This was a fascinating glimpse, once again into CJKV languages and how other languages are dealt with as well. I think there is even a lot here that would be extremely informative to a person who wants to learn more about CJKV, even if they are not a developer that will be working with one of the languages. That's only the first quarter of the book, so I don't know that it would be worth it from just that perspective, but it is definitely a nice benefit of Lunde's approach.

The style is very readable, but I wouldn't just hand this to someone who didn't have some familiarity with text processing issues on computer systems. While there is no requirement to know or understand one of the CJKV languages, understanding how computer systems process data and information is important. I did not know anything about CJKV languages prior to reading the book and have learned quite a bit. What I learned was not limited to the CJKV arena. The experience I had was very similar to when I studied ancient Greek in school. Learning Greek I learned much more about English grammar than I had ever picked up prior. Reading CJKV Information Processing I learned quite a bit more about the issues involved in things like character encoding and typography for every language, not just these four. But in dealing with CJKV specifically I've found that Lunde's work is indispensable. It is not just my go to reference, it's essentially my only reference. If any other works do come my way, this is the standard against which they will be judged.

There are thirteen indexes including a nice glossary. Nine of them are character sets, which were printed out in the longer first edition. In this second edition, there is a note on each, with a url pointing to a PDF with the information. It seemed odd, but each URL gets it's own page. This means there are nine pages with nothing but the title of the index and a url. Fortunately they are all in the same directory, which can be reached directly from the books page at the O'Reilly site. It seems it would have made sense to just list them all on a single page, but maybe it was necessary for some reason. It's a minute flaw in what is a great book."

You can purchase CJKV Information Processing 2nd ed. from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Books that collect chapters from numerous expert authors often fail to do more than be a collection of disjointed ideas. Simply combining expert essays does not always make for an interesting, cohesive read. Beautiful Security: Leading Security Experts Explain How They Think is an exception to that and is definitely worth a read. The book's 16 chapters provide an interesting overview to the current and future states of security, risk and privacy. Each chapter is written by an established expert in the field and each author brings their own unique insights and approach to information security." Keep reading for the rest of Ben's review. Beautiful Security: Leading Security Experts Explain How They Think author Andy Oram and John Viega pages 300 publisher O'Reilly Media rating 9/10 reviewer Ben Rothke ISBN 978-0596527488 summary An eye-opening book that will challenge you A premise of the book is that most people don't give security much attention until their personal or business systems are attacked or breached. The book notes that criminals often succeed by exercising enormous creativity when devising their attacks. They think outside of the box which the security people built to keep them out. Those who create defenses around digital assets must similarly use creativity when designing an information security solution.

Unfortunately, far too few organizations spend enough time thinking creatively about security. More often than not, it is simply about deploying a firewall and hoping the understaffed security team can deal with the rest of the risks.

The 16 essays, arranged in no particular theme, are meant to show how fascinating information security can be. This is in defense to how security is often perceived, as an endless series of dialogue boxes and warnings, or some other block to keep a user from the web site or device they want to access. Each of the 16 essays is well-written, organized and well-argued. The following 4 chapters are particularly noteworthy.

Chapter 3 is titled Beautiful Security Metrics and details how security metrics can be effectively used, rather than simply being a vehicle for creating random statistics for management. Security metrics are a critical prerequisite for turning IT security into a science, instead of an art. With that, author Elizabeth Nichols notes that the security profession needs to change in ways that emulate the medical professional when it comes to metrics. She notes specifically that security must develop a system of vital signs and generally accepted metrics in the same way in which physicians work. The chapter also provides excellent insights on how to use metrics, in addition to high-level questions that can be used to determine how effective security is within an organization.

Chapter 6 deals with online-advertising and the myriad problems in keeping it honest. Author Benjamin Edelman observed a problem with the online supply chain world, as opposed to brick and mortar (BAM) world, in that BAM companies have long-established procurement departments with robust internal controls, and carefully trained staff who evaluate prospective vendors to confirm legitimacy. In the online world, predominantly around Google AdSense, most advertisers and advertising networks lack any comparable rigor for evaluating their vendors. That has created a significant avenue for online advertising fraud, of which the online advertising is a victim too.

Edelman writes that he has uncovered hundreds of online advertising scams defrauding hundreds of thousands of users, in addition to the merchants themselves. The chapter details many of the deceptive advertisements that he has found, and shows how often web ads that tout something for free are most often far from it.

Chapter 7 is about the PGP and the evolution of the PGP web of trust scheme. The chapter is written by PGP creator Phil Zimmerman, and current PGP CTO Jon Callas. It has been a long while since Zimmerman has written anything authoritative about PGP, so the chapter is a welcome one. Zimmerman and Callas note that while a lot has been written about PGP, much of it contains substantial inaccuracies. The chapter provides invaluable insights into PGP and the history and use of cryptography. It also gives a thorough overview of the original PGP web of trust model, and recent enhancements bring PGP's web of trust up to date.

Chapter 9 is one of the standout chapters in the book. Mark Curphrey writes about the need to get people, processes and technology to work together so that the humans involved in information security can make better decisions. In the chapter, Curphrey deals with topical issues such as cloud computing, social networks, security economics and more. Curphrey notes that when he starts giving a presentation, he does it with the following quotation from Upton Sinclair — "it's difficult to get a man to understand something when his salary depends on him not understanding it." He uses the quote to challenge listeners (and readers in this case) to question the reason why they are being presented the specific ideas, which serves as a reminder of common, subtle biases for thoughts and ideas presented as fact.

In its 250 pages, Beautiful Security is both a fascinating an enjoyable read. There are numerous security books that weigh a few pounds and use reams of paper which don't have a fraction of the real content that Beautiful Security has. With other chapters from industry luminaries such as Jim Routh, Randy Sabett, Anton Chuvakin and others, Beautiful Security is a required read.

For those that have an interest in information security or those that are frustrated by it, Beautiful Security is an eye-opening book that will challenge you, and change the way you think about information security. It is a good book for those whose who think information security is simply about deploying hardware, and an even better book for those who truly get information security.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Beautiful Security: Leading Security Experts Explain How They Think from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Books that collect chapters from numerous expert authors often fail to do more than be a collection of disjointed ideas. Simply combining expert essays does not always make for an interesting, cohesive read. Beautiful Security: Leading Security Experts Explain How They Think is an exception to that and is definitely worth a read. The book's 16 chapters provide an interesting overview to the current and future states of security, risk and privacy. Each chapter is written by an established expert in the field and each author brings their own unique insights and approach to information security." Keep reading for the rest of Ben's review. Beautiful Security: Leading Security Experts Explain How They Think author Andy Oram and John Viega pages 300 publisher O'Reilly Media rating 9/10 reviewer Ben Rothke ISBN 978-0596527488 summary An eye-opening book that will challenge you A premise of the book is that most people don't give security much attention until their personal or business systems are attacked or breached. The book notes that criminals often succeed by exercising enormous creativity when devising their attacks. They think outside of the box which the security people built to keep them out. Those who create defenses around digital assets must similarly use creativity when designing an information security solution.

Unfortunately, far too few organizations spend enough time thinking creatively about security. More often than not, it is simply about deploying a firewall and hoping the understaffed security team can deal with the rest of the risks.

The 16 essays, arranged in no particular theme, are meant to show how fascinating information security can be. This is in defense to how security is often perceived, as an endless series of dialogue boxes and warnings, or some other block to keep a user from the web site or device they want to access. Each of the 16 essays is well-written, organized and well-argued. The following 4 chapters are particularly noteworthy.

Chapter 3 is titled Beautiful Security Metrics and details how security metrics can be effectively used, rather than simply being a vehicle for creating random statistics for management. Security metrics are a critical prerequisite for turning IT security into a science, instead of an art. With that, author Elizabeth Nichols notes that the security profession needs to change in ways that emulate the medical professional when it comes to metrics. She notes specifically that security must develop a system of vital signs and generally accepted metrics in the same way in which physicians work. The chapter also provides excellent insights on how to use metrics, in addition to high-level questions that can be used to determine how effective security is within an organization.

Chapter 6 deals with online-advertising and the myriad problems in keeping it honest. Author Benjamin Edelman observed a problem with the online supply chain world, as opposed to brick and mortar (BAM) world, in that BAM companies have long-established procurement departments with robust internal controls, and carefully trained staff who evaluate prospective vendors to confirm legitimacy. In the online world, predominantly around Google AdSense, most advertisers and advertising networks lack any comparable rigor for evaluating their vendors. That has created a significant avenue for online advertising fraud, of which the online advertising is a victim too.

Edelman writes that he has uncovered hundreds of online advertising scams defrauding hundreds of thousands of users, in addition to the merchants themselves. The chapter details many of the deceptive advertisements that he has found, and shows how often web ads that tout something for free are most often far from it.

Chapter 7 is about the PGP and the evolution of the PGP web of trust scheme. The chapter is written by PGP creator Phil Zimmerman, and current PGP CTO Jon Callas. It has been a long while since Zimmerman has written anything authoritative about PGP, so the chapter is a welcome one. Zimmerman and Callas note that while a lot has been written about PGP, much of it contains substantial inaccuracies. The chapter provides invaluable insights into PGP and the history and use of cryptography. It also gives a thorough overview of the original PGP web of trust model, and recent enhancements bring PGP's web of trust up to date.

Chapter 9 is one of the standout chapters in the book. Mark Curphrey writes about the need to get people, processes and technology to work together so that the humans involved in information security can make better decisions. In the chapter, Curphrey deals with topical issues such as cloud computing, social networks, security economics and more. Curphrey notes that when he starts giving a presentation, he does it with the following quotation from Upton Sinclair — "it's difficult to get a man to understand something when his salary depends on him not understanding it." He uses the quote to challenge listeners (and readers in this case) to question the reason why they are being presented the specific ideas, which serves as a reminder of common, subtle biases for thoughts and ideas presented as fact.

In its 250 pages, Beautiful Security is both a fascinating an enjoyable read. There are numerous security books that weigh a few pounds and use reams of paper which don't have a fraction of the real content that Beautiful Security has. With other chapters from industry luminaries such as Jim Routh, Randy Sabett, Anton Chuvakin and others, Beautiful Security is a required read.

For those that have an interest in information security or those that are frustrated by it, Beautiful Security is an eye-opening book that will challenge you, and change the way you think about information security. It is a good book for those whose who think information security is simply about deploying hardware, and an even better book for those who truly get information security.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Beautiful Security: Leading Security Experts Explain How They Think from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Frequent Slashdot contributor Bennett Haselton's essay this week is about "A Tennessee man is arrested for possessing a picture of Miley Cyrus's face superimposed on a nude woman's body. In a survey that I posted on the Web, a majority of respondents said the man violated the law -- except for respondents who say they were good at math in school, who as a group answered the survey differently from everyone else." Continue on to see how.

On June 24, a Tennessee man was arrested for possessing photos that showed the faces of three underage girls, including Miley Cyrus, superimposed onto the nude bodies of adult women. Assistant District Attorney Dave Denny said of the arrest, "When you have the face of a small child affixed to a nude body of a mature woman, it's going to be the state's position that this is for sexual gratification and that this is simulated sexual activity." The phrase "simulated sexual activity" apparently refers to a Tennessee sex crimes law which states in part: "It is unlawful for any person to knowingly possess material that includes a minor engaged in simulated sexual activity that is patently offensive."

Assuming this is the crime that the D.A. plans to charge him with, to me it seems obvious that the defendant didn't violate the law as written. For one thing, if the nude women in the pictures were just standing there (and neither the article nor the D.A.'s statement suggests otherwise), then there was no "sexual activity" in the photos of any kind, real or simulated. But even if the nude adult women in the photos had been engaged in sexual activity (even just striking a mildly sexy pose), the law still would not apply, because the law requires an actual minor to actually be engaged in something, even if that "something" is simulated sexual activity. So if a video showed a real minor that appeared to be masturbating or having sex with someone in a manner that was "patently offensive", that could violate the law. (Hopefully the "patently offensive" clause would exclude artistic movies like The Tin Drum, although that defense has not always worked.) But if the girls' faces were simply cut and pasted onto the bodies of the women in the photos, then the minors in question were not "engaged in" anything. The D.A. appears to have confused "material that includes a minor engaged in simulated sexual activity" with "material that simulates a minor engaged in sexual activity". And the D.A.'s statement that "this is for sexual gratification and that this is simulated sexual activity" — clearly implying that the pictures are for sexual gratification and therefore this is "simulated sexual activity" — is ridiculous. The defendant probably used pictures of Miley with her clothes on for "sexual gratification" — does that make the photos "simulated sexual activity"? (Dave Denny's office did not respond to my request for comment.)

But I was more interested in a different question: What would people in a survey think about whether the defendant violated the law? And, would people who are good at math, answer the question differently from everyone else? And would those people answer the question differently from people who are good at, say, English composition?

That might seem like an odd twist to put on it. But if you can show that a certain answer correlates with mathematical ability, that indicates something special about that answer. And if you can show that that answer appeals to people with math skills, but not to people with English/writing/composition skills, then that indicates something interesting not just about that answer, but about mathematical ability as well, as opposed to writing ability. Whether that answer is "right" or "wrong" (or whether you think those terms are even meaningful for a legal opinion), it is a fact, not an opinion, that people with self-reported higher math skills are more likely to pick that as the correct choice.

By contrast, when the D.A. makes a public statement about the criminality of the defendant's actions, the implication is that we should give some weight to his statements because of his qualifications, such as being a member of the bar. But if we were to ask other bar members to decide independently of each other whether the defendant committed a crime, would they converge on the same answer? If not, then why should we listen to him, as opposed to someone else with the same credentials? When an expert cites their credentials in support of an opinion, if it's not true that other experts with the same credentials would back them up on that opinion, I don't think people realize the extent to which there is no there there.

So in the survey, I described the man's alleged actions and the Tennessee statute, and asked people if they thought he had violated the law. I also asked respondents to rate their math skills as "Excellent"/"Very good"/"Good"/"Fair"/"Poor" and to rate their English/composition skills as "Excellent"/"Very good"/"Good"/"Fair"/"Poor". The survey was posted on the Amazon Mechanical Turk site, where you can post "tasks" for people to complete in exchange for small payments of, say, 25 cents apiece. Some companies use this for grunt work (like hiring people to review user-submitted profile photos to make sure they don't contain nudity), but I use the site mainly to conduct surveys.

I think it's unlikely that the Mechanical Turk users are a representative cross-section of the population, but I use it more to find significant relative differences between demographic groups. If 60% of women on the site answer a question one way and 80% of men answer it the other way, that probably suggests that in a real cross-sectional survey of the population, men and women would largely disagree on the answer as well. (The alternative would be that the kind of men and women who use Mechanical Turk are predisposed to answer the question differently along gender lines in a way that average men and women are not, but that seems unlikely.)

For this survey, I offered users 25 cents apiece for completing this survey and collected 127 responses. The results in a nutshell:

1. About two-thirds of all respondents (85 out of 127) said that the man did violate the law.
2. However, among the respondents who rated their own math skills as "Excellent", only 44% (12 out of 27) said he violated the law, and 56% (15 out of 27) said that he did not. Out of all ten ability groupings (five different ability groupings for math, from "Excellent" to "Poor", and five for English), this was the only group where a majority said that the defendant didn't violate the statute.
3. Respondents who self-rated their English/composition skills as "Excellent", were also more likely than average to vote that the man did not violate the law, but a majority of them still voted that he did.

These results are significant at the 99% level, which you can check using an online statistical significance calculator. In other words, despite the modest sample size, the answers given by the respondents with self-rated "excellent" math skills are so starkly different from everyone else's, that there's less than a 1 in 100 chance that the difference is due to coincidence. Almost certainly, something about mathematical ability is correlated with a person's likelihood of giving the "not guilty" answer. (At this point I'm going to give in to my bias and hereinafter refer to that as the "right answer.")

Furthermore, while respondents with "excellent" English/composition skills were also more likely than average to get the right answer (a difference that is also significant at the 99% level, given the collected data), they were considerably less likely to do so, than the users with self-reported "excellent" math skills (again, significant at the 99% level). I tabulated all the responses.

If I could afford to pay a larger sample, I would investigate whether the effect of "excellent" English/composition skills disappears entirely when you control for math skills. In other words, it's possible that the people with excellent English/composition skills were more likely than average to get the right answer, but only insofar as their English/composition skills were correlated with excellent math ability — and maybe people with "excellent" English/composition skills, but only average math ability, score no better than the average respondents.

One thing that jumps out at me: Even though 44% of the 27 people with "excellent" math skills said the man did violate the law, when you look at the 58 people who self-reported "very good" math skills, 74% of them said he violated the law. This would appear to confound my original hypothesis that good math skills lead people to converge on the correct answer. But I suspect that many people with self-reported "very good" math grades were probably just good students who studied hard and did the practice problems and got good grades in math, but without necessarily having the insight that makes someone an "excellent" math student. Without that insight, there was no reason to expect them to be better than average at answering a question that has no resemblance to their textbook's practice problems.

In fact, I suspect that many of the people who self-reported their math skills as "excellent", and who still answered "yes" to the question of whether the man violated the law, probably fell into that studious-but-not-insightful category as well. It would be interesting to test whether if you required respondents to actually answer a math question — not a standard textbook question, but a tricky question that required people to demonstrate an understanding of what is actually going on — if the correlation between correctly answering that question, and "correctly" answering the legal question, is even stronger.

But what I think is even more important than the correlation of the correct answer with "excellent" math ability, was the significantly lower correlation of the correct answer with "excellent" English skills. I've been saying for years that you can use excellent prose to defend an illogical idea, or you can use poorly crafted prose to defend a good idea, and so if you care about the quality of an idea and its impact on the real world, you have to look at the substance of an argument, not the style. Economics professor Steven Landsburg writes in his forthcoming philosophy book The Big Questions,

The bane of a college professor's existence is the student who has been taught in a writing course that there is such a thing as good writing, independent of having something to say. Students turn in well-organized grammatically correct prose, with the occasional stylistic flourish in lieu of any logical argument, and don't understand why they've earned grades of zero.

I call such people "vocabulemics", who seem to think the purpose of a discussion is to vomit up as many SAT vocab prep words as possible, rather than to form a coherent point. I've tried, and I can't think of any coherent point that could be made in order to argue that the Miley photoshopper really did violate the Tennessee law.

If you're still unconvinced by the results of a survey of mathletes, consider that they do match up well with the comments provided to me by Mark Rasch, a lawyer and computer security specialist with Secure IT Experts and the former head of the Department of Justice Computer Crimes Unit:

First, an image of a minor engaged in simulated sexual activity is not the same as a simulated minor engaged in sexual activity... In other words, if you posed actual minors, nude, and made it look like they were having sex, it would be a crime, even though there was no "actual" sexual activity. In most other contexts, when the legislature says "simulated sexual activity" they mean real people engaged in what appears to be sex. The government is trying to apply this theory to real sex but simulated minors. I don't think that passes statutory muster.. its not what the statute prohibits... Under that rationale, if you had, for example, a picture of two dogs mating, and glued pictures of kids on the dogs faces, this would be "simulated sexual activity" but would not be prosecutable. Where do you draw the line? Under federal law, you typically draw the line at the use and posing of real kids.

Depending on how you look at it, you may think that this opinion from credentialed expert Mr. Rasch, vindicates the opinion of the math aficionados who voted that the defendant did not violate the law. I think it's the other way around — the fact that this answer was correlated in the survey responses with mathematical ability, vindicates the opinion of Mr. Rasch.