Slashdot Mirror

Lorin Ricker writes "Back in the dark ages of windows-based GUIs, corresponding to my own wandering VMS evangelical days, I became enamored of a series of books jauntily entitled Xxx Annoyances (from O'Reilly & Assocs.), where "Xxx" could be anything from "Windows 95", "Word", "Excel" or nearly piece of software which Microsoft produced. These were, if not the first, certainly among the most successful of the "tips & tricks" books that have become popular and useful to scads of hobbyists, ordinary users, hackers and, yes, even professionals in various IT pursuits. I was attracted, even a bit addicted, to these if only because they offered to try to make some useful sense out of the bewildering design choices, deficiencies and bugs that I'd find rampant in Windows and its application repertory. Then I found Keir Thomas, who has been writing about Linux for more than a decade. His new "tips" book entitled, Ubuntu Kung Fu — Tips & Tools for Exploring Using, and Tuning Linux, and published by Pragmatic Bookshelf, is wonderful. Having only recently wandered into the light of Linux, open source software, and Ubuntu in particular, this book comes as a welcome infusion to my addiction." Read below for the rest of Lorin's review. Ubuntu Kung Fu author Keir Thomas pages 367 publisher Pragmatic Bookshelf rating 9 reviewer Lorin Ricker ISBN 1-934356-22-0 summary A very useful "tips and tricks" how-to book about Ubuntu Linux As a relatively young Linux distro, Ubuntu already sports a wealth of introductory and how-to books vying for the enthusiast's money — and I've already purchased a significant sampling of these which informs my opinion about the book here under review. And even for Ubuntu, the "tips & tricks" section of my own Linux bookshelf contains volumes which run from the encyclopedic to the practical — I'd even collected O'Reilly's Ubuntu Hacks (Oxer, Rankin & Childers) well before encountering Ubuntu Kung Fu.

How well does Keir Thomas's new book fare in this crowded field? Does he provide actual unique value to the Ubuntu community, useful knowledge which is otherwise unavailable or hard to find? In a nutshell (oops, sorry... that's a book series for another time!): Yes, he does. In fact, he hits the target pretty squarely.

Ubuntu Kung Fu is organized as only three chapters (with no preface material at all): "1 Introduction," including obligatory "How to Read This Book," "Acknowledgments" and "Sharing" sections; "2 An Ubuntu Administration Crash Course"; and, the largest chapter by far, "3 The Tips" themselves.

Though it concentrates on rather basic material, the second chapter on Ubuntu administration is actually one of the best subject primers I've encountered so far, and is written directly and to-the-point. There's the right focus and enough detail to help those users making the initial transition from Windows to Linux/Ubuntu, including coaching on users and passwords, file system structure (see sidebar "Drive Letters and Ubuntu"), and guidance regarding "Command Line or GUI?".

For example, after weeks of my own stumbling about in the vast sea of information and opinion known as the Ubuntu Forums, searching in vain for a concise explanation on the distinction between a "virtual console" and a regular old "X-windows terminal" — as an old VMS hacker, I'd had experience with such things — I found exactly the explanation I needed, including Ctrl/Alt/F-key controls, in this chapter. The author manages to underline the relevance of this even to the novice Ubuntu user as it applies to "What do I do if things go wrong?", without getting mired in unneeded exotica.

This chapter continues with the necessary skills in software installation and management, including Synaptic and APT, packages and repositories, doing a good job of giving the novice his or her bearings to get started. It concludes with a decent orientation on config files and the gconf-editor, making and keeping backups, and what to do if it does all go wrong.

"The Tips," the third chapter, constitutes 315 separate items, covering over 300 pages, the big majority of the book. Each tip is clearly titled as to its purpose, and has a small check-box in the margin beside the title so that the reader has a place to mark the tip as to personal relevance and priority.

I suppose that the best way to give you a sense of the value of these tips is to provide a summary of my own "usage statistics", derived from my own check-box marks. When I first surveyed the book to get my own bearings, I used a yellow highlighter pen to color in the check-box for tips that caught my eye and that I especially wanted to get back to... Later, as I read through the entire "Tips" chapter, I made a check in the box for each tip I intended to return to for installation or implementation on my own Ubuntu box, and where appropriate, when I actually did install or implement the tip, I made an installation note as to time and details. A good many of the tips are for information or how-to skill only, with nothing to install or implement other than enhancing the reader's own understanding.

Of the 315 tips, I counted 108 (34%) that I marked with yellow highlight; 16 (5%) that I checked for implementation, but have not yet done so for one reason or another; and 19 (6%) that I've implemented on my system. Considering that any "tips & tricks" book ends up becoming a grab-bag of items with a hit-or-miss appeal to any particular person, this is a very good personal return-on-investment. Yet this breakdown is rather arbitrary, as many of the tips are techniques to know and use, rather than configurations to manage or applications to install. In other words, your mileage may vary.

Mr. Thomas's grab-bag is typical in its variety and scope — there's likely something for everyone, both Ubuntu novice and expert, in this book. And, true to style for such volumes, the author notes this about his "big book of tips": "...that you can jump in anywhere." This goes to the heart of my only notable criticism of the book, one of organization. Unlike many "tips" books, where there's usually some attempt to organize the presentation of topical items into a somewhat obvious order, the editorial decision for UKF was to explicitly order the tips randomly — this was no accident, as the author makes explicit in a couple of his remarks.

Indeed, reading through the "Tips" chapter in page-order is no different than embarking on a thorough reading in random order — there simply is no rhyme-or-reason to the presentation of items. This is particularly frustrating because there are numerous instances of tips which are closely related by subject or purpose, and for which the reader would be well served by having them grouped on successive pages for ease of reference and purpose.

That this was an editorial decision is made clear by the fact that the Table of Contents is itself 10 pages long, listing every single tip in the book, and is then followed by a secondary, equally lengthy "Contents by Topic" which attempts to group the tips by general category, "Application Enhancements", "Command Line Tricks", "General Productivity Tips", etc. Furthermore, the editorial effort was made to cross-reference related tips in the text, under Tip 39, we find "...see Tip 173, on page 204, and Tip 228, on page 260," and so on. For all this cross-referencing and contents by topic effort, wouldn't it have been more effective to simply organize the tips in a semblance of relationship, commonality and order? After all, having done a "Contents by Topic", why not just go ahead and organize the book accordingly?

For some readers, the random shuffling of tips may not matter much, as so much of the information will be newly encountered and of subjectively individual value. And value there is aplenty in this book! I'll close by noting four items which were of particular interest and value to me, things for which I'd been previously searching for without luck, or which I didn't even know existed in the open source world of resources:

First, on the ubiquitous implementation of yet another Trashcan for file deletion in a File Manager (the Gnome Nautilus app, which is prevalently used on Ubuntu): GUI designers just can't get over the fact that "mere mortals" might actually delete files and not really mean it... hence, the Trashcan mechanism to protect them from their own silly actions.

This is actually a two-edged sword, and I'd been caught in the quandary of having intended to really delete some application files, which happen to have been root-owned, only to have them get snagged in my file system's Trashcan. The real quandary commenced when, using sudo, I tried to figure out how to delete them from the command line — but where in the heck is "the Trashcan"? I could see the files in Nautilus (where I couldn't conveniently use sudo-power to delete them), but following my own hunches as to where-in-the-file-system the Trashcan was actually stored turned up empty-handed.

UKF to the rescue — see Tips 39, 228 and 309 for everything you'd need to know about handling the Trashcan from the command line.

Secondly, I'd become quite fond of enhanced cut-&-paste (multiple) clipboard capabilities under Windows. Again, UKF to the rescue: Tip 306 let me know of an open source (KDE) clipboard enhancement known as Klipper (it's in the Ubuntu Repositories), which scratches this itch most satisfactorily.

Third, although Ubuntu provides basic, rudimentary tools (Gnome and KDE) for capturing screen shots, until I got to Tip 313, I didn't know that the GIMP could be used to augment and sophisticate screen shot capturing! And, of course, you can refine, edit and save your shots in any GIMP-available format directly. A great enhancement, if only to my working GIMP knowledge!

Lastly, like most folks, I've got a dark side, secrets which must be kept — things like account numbers, passwords, and other personal arcana which cannot, or should not, be kept in unencrypted form. Again, under Windows, I'd found an encryption technology known as TrueCrypt which I'd employed (and paid for) on that platform for a couple of years prior — and with my transition to Linux, I had mistakenly assumed that I had to abandon TrueCrypt as a Windows-only app.

Imagine my surprise and delight when I encountered Tip 145, which informed me that TrueCrypt includes an open source licensed release for Linux, including exactly where to go to install it and how best to use it! Bravo, and thank you, Mr. Thomas, for helping me resurrect an old and trusted friend!

In summary, it should be apparent that, in spite of my grumblings about the random tip presentation, I think that Keir Thomas's Ubuntu Kung Fu is a wonderful book — address the organization issues in a second edition, and I think it'd become an exemplar of its type. I recommend it highly to anyone who has become, or is becoming, an Ubuntu Linux user and enthusiast. It usefully helps bridge the gap between the Microsoft Windows experience and the not-so-different world of the Linux desktop. It provides ample practical help and knowledge to advance your productive use of Ubuntu Linux. This book takes a pride-of-place position right beside my copy of Ubuntu Hacks, where I can refer to it whenever I've a hankering to implement "that new thing" I remember having read about.

You can purchase Ubuntu Kung Fu from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Blowit writes "With the Christmas holidays just past and opening up your electronic presents may get you all excited, but not for a selected lot of people who got the Mercury 1.5" Digital Photo Frame from Walmart (or other stores). My father-in-law attached the device to his computer and his Trend Micro Anti-virus screamed that a virus is on the device. I scanned the one I have and AVAST did not find any virus ... So I went to Virscan.org to see which vendors found what, and the results are here and here." Update: 12/29 05:44 GMT by T : The joy is even more widespread; MojoKid points out that some larger digital photo frames have been delivered similarly infected this year, specifically Samsung's SPF-85H 8-inch digital photo frame, sold through Amazon among other vendors, which arrived with "W32.Sality.AE worm on the installation disc for Samsung Frame Manager XP Version 1.08, which is needed for using the SPF-85H as a USB monitor." Though Amazon was honest enough to issue an alert, that alert offers no reason to think that only Amazon's stock was affected.

chris_eineke writes "I like to read and to collect good books related to computer science. I'm talking about stuff like the classic textbooks (Introduction to Algorithms 2nd ed., Tanenbaum's Operating Systems series) and practitioners' books (The Practice of Programming, Code Complete) and all-around excellent books (Structure and Interpretation of Computer Programs, Practical Common Lisp). What's your stocking-stuffer book this Christmas? What books have been sitting on your shelves that you think are the best ones of their kind? Which ones do you think are -1 Overrated? (All links are referral-free.)"

chris_eineke writes "I like to read and to collect good books related to computer science. I'm talking about stuff like the classic textbooks (Introduction to Algorithms 2nd ed., Tanenbaum's Operating Systems series) and practitioners' books (The Practice of Programming, Code Complete) and all-around excellent books (Structure and Interpretation of Computer Programs, Practical Common Lisp). What's your stocking-stuffer book this Christmas? What books have been sitting on your shelves that you think are the best ones of their kind? Which ones do you think are -1 Overrated? (All links are referral-free.)"

chris_eineke writes "I like to read and to collect good books related to computer science. I'm talking about stuff like the classic textbooks (Introduction to Algorithms 2nd ed., Tanenbaum's Operating Systems series) and practitioners' books (The Practice of Programming, Code Complete) and all-around excellent books (Structure and Interpretation of Computer Programs, Practical Common Lisp). What's your stocking-stuffer book this Christmas? What books have been sitting on your shelves that you think are the best ones of their kind? Which ones do you think are -1 Overrated? (All links are referral-free.)"

chris_eineke writes "I like to read and to collect good books related to computer science. I'm talking about stuff like the classic textbooks (Introduction to Algorithms 2nd ed., Tanenbaum's Operating Systems series) and practitioners' books (The Practice of Programming, Code Complete) and all-around excellent books (Structure and Interpretation of Computer Programs, Practical Common Lisp). What's your stocking-stuffer book this Christmas? What books have been sitting on your shelves that you think are the best ones of their kind? Which ones do you think are -1 Overrated? (All links are referral-free.)"

chris_eineke writes "I like to read and to collect good books related to computer science. I'm talking about stuff like the classic textbooks (Introduction to Algorithms 2nd ed., Tanenbaum's Operating Systems series) and practitioners' books (The Practice of Programming, Code Complete) and all-around excellent books (Structure and Interpretation of Computer Programs, Practical Common Lisp). What's your stocking-stuffer book this Christmas? What books have been sitting on your shelves that you think are the best ones of their kind? Which ones do you think are -1 Overrated? (All links are referral-free.)"

chris_eineke writes "I like to read and to collect good books related to computer science. I'm talking about stuff like the classic textbooks (Introduction to Algorithms 2nd ed., Tanenbaum's Operating Systems series) and practitioners' books (The Practice of Programming, Code Complete) and all-around excellent books (Structure and Interpretation of Computer Programs, Practical Common Lisp). What's your stocking-stuffer book this Christmas? What books have been sitting on your shelves that you think are the best ones of their kind? Which ones do you think are -1 Overrated? (All links are referral-free.)"

stoolpigeon writes "John Scalzi, the author of Hugo Award-nominated science fiction novel Old Man's War, has built what started as a story serialized in his blog into a series of full novels and short stories. The latest installment in the OMW universe, Zoe's Tale, is quite a departure from the previous three books. It is the first of Scalzi's sci-fi novels written intentionally as young adult fiction. In a move that I am sure will continue to fuel Scalzi/Heinlein comparisons, Zoe is a precocious young woman thrust into a world of adventure and danger. In just three years Scalzi has built an impressive resume as an author of fiction, and Zoe's Tale will be no small part of what looks to be an influential and outstanding career." Keep reading for the rest of JR's review. Zoe's Tale author John Scalzi pages 335 publisher Tor Books rating 9/10 reviewer JR Peck ISBN 978-0-7653-1698-1 summary Scalzi himself rightly credited the influence of Heinlein when Old Man's War was published. Unfortunately I think that some have taken the comparisons too far and tend to view everything that Scalzi writes in terms of how it contrasts or parallels something by Heinlein. I think this is a mistake, not because Scalzi isn't a great writer like Heinlein but because Scalzi has his own voice. His work has a considerably different tone and viewpoint from much of what Heinlein published. It would not be correct to view Scalzi in a vacuum but it seems to me that it is just as much an error to define Scalzi in terms of RAH. For what it is worth, Scalzi has said on his blog that he welcomes the Heinlein comparisons as it helps him to sell books.

I mention this because Heinlein is very well known for his juveniles. Podkayne of Mars is a very well known and in some ways controversial novel that centers around a young woman and her adventures. Zoe's Tale shares a few surface characteristics with Podkayne but is in many ways almost the opposite story. I think this is important to mention because I think some people may dismiss this book as a retread of something else, but this couldn't be further from the truth. This is a fresh tale, and I believe may be one of those stories that years from now will be a fondly remembered first read for many science fiction fans.

Each of the previous Old Man's War universe novels stands well on it's own. There is very little overlap of characters in the first two and while the third brings back major characters from the first two, knowledge of them is not required to follow the story. Zoe's Tale stands on it's own as well but this is because it is a retelling of the third book, The Last Colony from a completely different perspective. Whereas The Last Colony focuses primarily on John Perry and Jane Sagan from Old Man's War, Zoe's Tale as the title informs is told from the perspective of their adopted daughter, Zoe.

Zoe is very much a typical teenager, though she lives in very atypical circumstances; even for a teenager in her time of interplanetary travel and colonization. Humanity lives in a universe shared with a myriad of other intelligent species. Many of them are competing for very rare and valuable real estate, inhabitable planets. The human government has decided to start their first new colony populated by people coming from existing colonies. To this point every new colony has been started by people leaving earth. Zoe's parents John and Jane are asked to lead this endeavor.

I would imagine that a middle aged man writing a teenage character of the opposite sex would be quite a stretch. Scalzi says that he had quite a bit of help from women in his life. However he did it, he pulled it off extremely well. Zoe is smart, sometimes a bit too smart for her own good. She is sarcastic and moody but a much fuller person than some whiney caricature. The reader gets to experience her ups and downs and watch her grow. She's a great kid right from the start but even stronger, more confident and wiser by the end. This is a book for young adults that does not treat the reader or the subject matter in a childish way.

In fact there aren't a ton of differences between this and any other Scalzi book. There is a good bet that this will work just as well for adults as kids. The language is tamer, there is no graphic sexual content (though I can't think of any in the other books). and the violence is toned down. There is still action and there is violence, but the descriptions are not quite as graphic as in the other novels. The emotions and the consequences of actions and words are just as strong and this is important. While this is less graphic, that does not mean content or meaning is filtered out. It truly is a young adult novel with emphasis on young.

Many of the greatest science fiction stories for youth out there were written in the 50's. Scalzi has created a modern tale that incorporates current technology, mores and norms in this story. This is an excellent introduction for any young man or woman who may not already be an avid science fiction fan. Important themes include those of being truthful, transparency in government, the sanctity of life and loyalty. These and more are touched on at various times but the book never feels preachy or heavy handed in its approach.

There is only one real negative with this book and it is only a drawback for those who have already read The Last Colony. The story is told from a completely new perspective, but it is still the same story. There are many new scenes and information brought in that were not revealed in Zoe's predecessor, but the outcomes are the same. This is not a weakness through a failing on the part of the author but rather a natural outcome of writing two books taking place in the same time frame. I still really enjoyed the book and was eager to see how certain events took place but it didn't hold quite the same impact at times as events had when I read The Last Colony. This wont be an issue for anyone who hasn't read that book or any young people who haven't read any of the novels. For me it was the difference between a 9 and a 10.

That is such a small thing though. This is a strong entry in a great series that I believe is destined to be considered a classic. Scalzi's entry into the field is a welcome treatment of classic themes with a fresh new viewpoint that is smart and entertaining.

You can purchase Zoe's Tale from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

Amazon's Game Room Blog is running a piece asking whether modern browser games are coming to occupy the same purpose as political cartoons. The article was inspired by the variety of shoe-tossing games that sprung up after President Bush's recent run-in with an irate Iraqi journalist, as well as the games satirizing aspects of the presidential campaign and candidates. Quoting: "The games are certainly no works of art, but they were not designed to be awe inspiring. They were instead designed to capture the moment, and immortalize it from a particular point of view that people in this particular time can appreciate, or at least recognize. ... just like the satirical editorial comics of our own past, these snippets of code will offer a window into the past, and the individually conceived past moments that it consists of."

Amazon's Game Room Blog is running a piece asking whether modern browser games are coming to occupy the same purpose as political cartoons. The article was inspired by the variety of shoe-tossing games that sprung up after President Bush's recent run-in with an irate Iraqi journalist, as well as the games satirizing aspects of the presidential campaign and candidates. Quoting: "The games are certainly no works of art, but they were not designed to be awe inspiring. They were instead designed to capture the moment, and immortalize it from a particular point of view that people in this particular time can appreciate, or at least recognize. ... just like the satirical editorial comics of our own past, these snippets of code will offer a window into the past, and the individually conceived past moments that it consists of."

brothke writes "The recent collapse of financial companies occurred in part because their operations were run like a black box. For many years, alternative medicine has similarly operated in the shadows with its own set of black boxes. In Trick or Treatment: The Undeniable Facts about Alternative Medicine, Simon Singh and Edzard Ernst, MD, break open that box, and show with devastating clarity and accuracy, that the box is for the most part empty." Keep reading for the rest of Ben's review. Trick or Treatment: The Undeniable Facts about Alternative Medicine author Simon Singh and Edzard Ernst pages 352 publisher W. W. Norton rating 9 reviewer Ben Rothke ISBN 978-0393066616 summary Peels away the fallacies of acupuncture, homeopathy, chiropractic and herbal medicine I first encountered co-author Simon Singh at the 2005 RSA Conference. In his presentation, he included a demonstration of the human brains unique capability for pattern matching when specific patterns are expected, and used Led Zeppelins Stairway to Heaven as an example. Stairway has long been rumored to have subliminal satanic messages. When played backwards, it is impossible to decipher any message. But when the message is known in advance, one can then hear the message imploring the listener to go to Satans tool shed. Once Singh put the subliminal lyrics on the overhead, the subliminal message was now clear, not due to a subliminal message, rather via pattern matching.

While no reasonable person can believe in Stairways subliminal lyrics, far too many people do believe in equally implausible things in the realm of alternative medicine. In the book, the authors tackle four main areas: acupuncture, homeopathy, chiropractic and herbal medicine. The books conclusion is that acupuncture, homeopathy, chiropractic are essentially worthless, while herbal medicine has limited value.

Chapter 1 starts with an overview of evidence-based medicine (EBM), of which the authors are staunch believers. EBM applies evidence gained via the scientific method and assesses the quality of the evidence relevant to the risks and benefits of the treatments. The foundation of EBM is the systematic review of evidence for particular treatments via mainly randomized controlled trials. In the chapter, the authors reiterate the concept that the plural of anecdote is not data. Acupuncture, homeopathy, chiropractic have plenty of first-person anecdotes, but a lack of controlled studies with real data to back up their spurious claims.

EBM shows that homeopathy and other bogus cures are of no value, yet the public is oblivious to those facts. In a piece I wrote on this topic, New York News Radio" The voice of bad science, its shows that cheap radio advertising (with its mishmash of pseudo-scientific claims) combined with a public that is ignorant of basic scientific facts, creates a perfect storm for the continuation of homeopathy and other bogus cures.

A recurring theme the book stresses is that acupuncture, homeopathy, chiropractic and other alternative therapies are scientifically impossible, and often will violate fundamental scientific principles. A perfect example of this implausibility is with homeopathy. Contrary to what common sense and basic science, in homeopathy, a solution that is more diluted is considered stronger and as having a higher potency. The issue is that the end result is a product that is so diluted, that its contents when in solid form is pure sugar, and when in liquid form; 100% H20. When a homeopathic liquid is in its most diluted state, there is not a single molecule of the active ingredient. Therein lays the scientific implausibility of homeopathy.

Chapter 1 also asks one of the books fundamental questions: how do you determine the truth? The authors answer that it is via the scientific method. This is determined only after strict and careful analysis of a clinical study, of which the most effective is double-blind and randomized.

In chapter 3, the book jokingly notes that since homeopathic liquid remedies are so diluted that they contain only water; their only use would be for dehydration. And since homeopathy is based on the fact that the strength of a remedy is based on its dilution, one could conceivably overdose on a homeopathic remedy by forgetting to take a dose.

The chapter concludes with perhaps the strongest indictment against homeopathy; namely its content. If one looks at the content of oscillococcinum, a homeopathic alternative marketed to relieve influenza-like symptoms, the packaging states that each gram of medication contains 0.85 grams of sucrose and 0.15 grams of lactose. Sucrose and lactose are simply forms of sugar, of which oscillococcinum is nothing more than am expensive sugar pill.

In chapter 4, the authors write that while homeopathy is nothing more than a placebo, the added danger with it is that patients will often forgo real medications to take a homeopathic one. It reports of a study in Britain, which demonstrated that the most benign alternative medicine can become dangerous if the therapist who administers it advises a patient not to follow an effective conventional medical treatment. The study demonstrated that alternative medical practitioners often recommend homeopathic remedies for malaria, and ignore proven conventional medicines. Such an approach can often mean a death sentence for the person taking the homeopathic remedy.

Chapter 5 deals with herbal medicine. The chapter is somewhat different in that the previous chapters about acupuncture, homeopathy and chiropractic showed them to be useless, herbal medicine does have value. The book notes that herbal medicine has been embraced by science to a far greater extent than acupuncture, homeopathy and chiropractics. The chapter lists over 30 herbal medicines and their levels of efficacy. An irony of herbal medicine is that some exotic ones, such as those with tiger bone or rhino horn are pushing the species to the brink of extinction, due to their level of popularity in certain parts of the world.

Chapter 5 concludes with on why smart people believe such odd things? Alternative medicine has failed to deliver the health benefits that it claims, so why are millions of patients wasting their money and risking their lives by turning towards a snake-oil industry? The authors provide numerous reasons for this, from the concepts such as natural, traditional and holistic, to attacks on the scientific method by the alternative medical community and more.

The appendix is a rapid guide to alternative therapies and lists over 30 new treatments with their benefits and potential dangers. The appendix gives single page summaries of the plethora other alternative therapies, from ear candles, colonic irrigation, reiki, to leech therapy and more. The authors write that most of these are bogus, many violate fundamental laws of sciences, and but a few have real, but limited value.

Alternative medicine operates in the shadows, blithely touting that their products have not been evaluated by the Food and Drug Administration, and that they are not intended to diagnose, treat, cure or prevent any disease. While these products are not intended to diagnose, treat, cure or prevent any disease; consumers nonetheless spends billions of dollars per year on unproven supplements. Consumers can be quite fickle. On one side they are furious at the SEC for their lack of oversight around Madoff Investments Securities. Yet when the FDA requires products use their disclaimer of how ineffective the item is, consumers will throw billions of dollars on ineffective products.

Trick or Treatment: The Undeniable Facts about Alternative Medicine is an incredibly important and eye-opening book. While Singh is a physicist and Ernst a medical doctor, the book is written in a clear and compelling style, avoids technical jargon, and sticks to the facts. In the spirit of the scientific method, the authors scrutinize alternative and complementary cures and the results show that the snake oil is still selling.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Trick or Treatment: The Undeniable Facts about Alternative Medicine from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "The recent collapse of financial companies occurred in part because their operations were run like a black box. For many years, alternative medicine has similarly operated in the shadows with its own set of black boxes. In Trick or Treatment: The Undeniable Facts about Alternative Medicine, Simon Singh and Edzard Ernst, MD, break open that box, and show with devastating clarity and accuracy, that the box is for the most part empty." Keep reading for the rest of Ben's review. Trick or Treatment: The Undeniable Facts about Alternative Medicine author Simon Singh and Edzard Ernst pages 352 publisher W. W. Norton rating 9 reviewer Ben Rothke ISBN 978-0393066616 summary Peels away the fallacies of acupuncture, homeopathy, chiropractic and herbal medicine I first encountered co-author Simon Singh at the 2005 RSA Conference. In his presentation, he included a demonstration of the human brains unique capability for pattern matching when specific patterns are expected, and used Led Zeppelins Stairway to Heaven as an example. Stairway has long been rumored to have subliminal satanic messages. When played backwards, it is impossible to decipher any message. But when the message is known in advance, one can then hear the message imploring the listener to go to Satans tool shed. Once Singh put the subliminal lyrics on the overhead, the subliminal message was now clear, not due to a subliminal message, rather via pattern matching.

While no reasonable person can believe in Stairways subliminal lyrics, far too many people do believe in equally implausible things in the realm of alternative medicine. In the book, the authors tackle four main areas: acupuncture, homeopathy, chiropractic and herbal medicine. The books conclusion is that acupuncture, homeopathy, chiropractic are essentially worthless, while herbal medicine has limited value.

Chapter 1 starts with an overview of evidence-based medicine (EBM), of which the authors are staunch believers. EBM applies evidence gained via the scientific method and assesses the quality of the evidence relevant to the risks and benefits of the treatments. The foundation of EBM is the systematic review of evidence for particular treatments via mainly randomized controlled trials. In the chapter, the authors reiterate the concept that the plural of anecdote is not data. Acupuncture, homeopathy, chiropractic have plenty of first-person anecdotes, but a lack of controlled studies with real data to back up their spurious claims.

EBM shows that homeopathy and other bogus cures are of no value, yet the public is oblivious to those facts. In a piece I wrote on this topic, New York News Radio" The voice of bad science, its shows that cheap radio advertising (with its mishmash of pseudo-scientific claims) combined with a public that is ignorant of basic scientific facts, creates a perfect storm for the continuation of homeopathy and other bogus cures.

A recurring theme the book stresses is that acupuncture, homeopathy, chiropractic and other alternative therapies are scientifically impossible, and often will violate fundamental scientific principles. A perfect example of this implausibility is with homeopathy. Contrary to what common sense and basic science, in homeopathy, a solution that is more diluted is considered stronger and as having a higher potency. The issue is that the end result is a product that is so diluted, that its contents when in solid form is pure sugar, and when in liquid form; 100% H20. When a homeopathic liquid is in its most diluted state, there is not a single molecule of the active ingredient. Therein lays the scientific implausibility of homeopathy.

Chapter 1 also asks one of the books fundamental questions: how do you determine the truth? The authors answer that it is via the scientific method. This is determined only after strict and careful analysis of a clinical study, of which the most effective is double-blind and randomized.

In chapter 3, the book jokingly notes that since homeopathic liquid remedies are so diluted that they contain only water; their only use would be for dehydration. And since homeopathy is based on the fact that the strength of a remedy is based on its dilution, one could conceivably overdose on a homeopathic remedy by forgetting to take a dose.

The chapter concludes with perhaps the strongest indictment against homeopathy; namely its content. If one looks at the content of oscillococcinum, a homeopathic alternative marketed to relieve influenza-like symptoms, the packaging states that each gram of medication contains 0.85 grams of sucrose and 0.15 grams of lactose. Sucrose and lactose are simply forms of sugar, of which oscillococcinum is nothing more than am expensive sugar pill.

In chapter 4, the authors write that while homeopathy is nothing more than a placebo, the added danger with it is that patients will often forgo real medications to take a homeopathic one. It reports of a study in Britain, which demonstrated that the most benign alternative medicine can become dangerous if the therapist who administers it advises a patient not to follow an effective conventional medical treatment. The study demonstrated that alternative medical practitioners often recommend homeopathic remedies for malaria, and ignore proven conventional medicines. Such an approach can often mean a death sentence for the person taking the homeopathic remedy.

Chapter 5 deals with herbal medicine. The chapter is somewhat different in that the previous chapters about acupuncture, homeopathy and chiropractic showed them to be useless, herbal medicine does have value. The book notes that herbal medicine has been embraced by science to a far greater extent than acupuncture, homeopathy and chiropractics. The chapter lists over 30 herbal medicines and their levels of efficacy. An irony of herbal medicine is that some exotic ones, such as those with tiger bone or rhino horn are pushing the species to the brink of extinction, due to their level of popularity in certain parts of the world.

Chapter 5 concludes with on why smart people believe such odd things? Alternative medicine has failed to deliver the health benefits that it claims, so why are millions of patients wasting their money and risking their lives by turning towards a snake-oil industry? The authors provide numerous reasons for this, from the concepts such as natural, traditional and holistic, to attacks on the scientific method by the alternative medical community and more.

The appendix is a rapid guide to alternative therapies and lists over 30 new treatments with their benefits and potential dangers. The appendix gives single page summaries of the plethora other alternative therapies, from ear candles, colonic irrigation, reiki, to leech therapy and more. The authors write that most of these are bogus, many violate fundamental laws of sciences, and but a few have real, but limited value.

Alternative medicine operates in the shadows, blithely touting that their products have not been evaluated by the Food and Drug Administration, and that they are not intended to diagnose, treat, cure or prevent any disease. While these products are not intended to diagnose, treat, cure or prevent any disease; consumers nonetheless spends billions of dollars per year on unproven supplements. Consumers can be quite fickle. On one side they are furious at the SEC for their lack of oversight around Madoff Investments Securities. Yet when the FDA requires products use their disclaimer of how ineffective the item is, consumers will throw billions of dollars on ineffective products.

Trick or Treatment: The Undeniable Facts about Alternative Medicine is an incredibly important and eye-opening book. While Singh is a physicist and Ernst a medical doctor, the book is written in a clear and compelling style, avoids technical jargon, and sticks to the facts. In the spirit of the scientific method, the authors scrutinize alternative and complementary cures and the results show that the snake oil is still selling.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Trick or Treatment: The Undeniable Facts about Alternative Medicine from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "Many manga titles that are popular in Japan are being translated into English and published in the United States. This trend continues with a book that puts a slightly different spin on manga. The Manga Guide to Statistics, part of a series already popular in Japan, seeks to entertain while it informs. There are many elements here that can be found in any manga; a young love-struck girl, giant eyes, small noses and exaggerated emotional responses. What many may not have seen in manga before are things like calculating the mean, median and deviation of bowling scores. And that is just the start." Read below for the rest of JR's review. The Manga Guide to Statistics author Shin Takahashi pages 222 publisher No Starch Press rating 7/10 reviewer JR Peck ISBN 978-1-59327-189-3 summary Statistics with heart-pounding excitement! The story line is relatively simple. The protagonist, Rui is a teenage girl. One night her father brings home a co-worker Mr. Igarashi. Rui is quite smitten with Mr. Igarashi and tells her father that she is interesting in learning about statistics so that she can be tutored by Mr. Igarashi. The day of her first lesson, her tutor shows up and it is not who she expects. Rather than her heart-throb it is another of her father's co-workers Mamoru Yamamoto. Rui is crushed but plunges ahead, heart still set on hooking up with Mr. Igarashi.

If the idea of a fifteen year old bouncing about in skimpy outfits while pursuing a relationship with one of her father's co-workers sounds strange to you, welcome to the world of manga. If you've already read a lot of it this should sound pretty normal. It provides context as the book covers various topics in statistics and also injects quite a bit of humor into the story. That said, in the end of it all math is math. The story does provide a framework around what is presented but underneath it all this is a book that is trying to teach statistics and so my first question was "How does it do in that regard?"

The book follows a standard format through each chapter. A comic section presents some new facet of the story and then that is tied into the statistics concept that will be covered. Here the math and story are blended together. As the book moves further along these sections become increasingly more text heavy and contain less graphics. That section is followed with exercises. Here I have a small issue. The exercises are sometimes numbered, sometimes not and there seems to be absolutely no pattern or system that regulates this numbering. The answers immediately follow the exercises so it doesn't really cause any problems. I can only guess the numbers are related to an issue from the translation process. I couldn't figure it out.

The instruction and exercises are not watered down to somehow fit into the whole making math interesting theme. This was my first concern. That in an attempt to make it fun the math would not be correct or somehow watered down. This isn't the case. In fact, for a person to really get some good use out of this book I would say that they need to have a very strong command of algebra and at the very least some familiarity with calculus.

There is an entire section in the back of the book about how to do statistics using Microsoft Excel. When some formulaes are presented the book says that knowing it is not necessary but the reader is still going to see things referenced like integration and derivatives. But when, for example, Mr. Yamamoto is teaching Rui about chi-square distribution and explains to her how to read a probability density function she starts to freak out and he consoles her saying, "Don't worry. You'll never have to learn this formula itself unless you become a mathematician."

But all of the math and tables to do the work for the exercises are presented. A graphing calculator would probably make things easier but I don't think it would be necessary. I think the only other shortcoming is that the exercises are not very numerous. There are usually two or three per chapter. Sometimes they are packaged as one exercise with multiple parts. Having the answers immediately follow the exercise may also make it difficult for the reader to avoid looking at it until they have done the work themselves. The reader should still gain a solid idea of what statistics is all about and the math behind it. I wouldn't say they will have a deep understanding of the subject but they will also have moved well beyond a cursory introduction.

The story is silly and sets up some humorous examples of how to use statistics. Ramen noodle prices get graphed, Rui looks at grading on a curve and explores why her and a class mate get different grades for identical scores. Cramer's coefficient is used to examine how boys and girls prefer to be asked out. I thought that this was helpful not only because it helps to keep the readers interest but because it also moves the problems from the abstract to more concrete applications.

The weak point for me is the lack of examples and exercises. The graphic style of story telling is entertaining but limits the space for more text. This is not a statistics text book and I know that it is not trying to be one but it still limits the usefulness. Rather than giving a thorough education into statistics, it is more of an overview or quick primer. Anyone who picks this up thinking that they will gain a solid mastery of statistics is mistaken.

The jacket states that it will help the reader 'get over the "I'm no good at math" feeling.' I think that the reader had better already have some decent math skills if they want to get the most from the book, but it could be useful in helping the reluctant realize that statistics is not unapproachable. As I said, really all that is required is a good solid grasp of algebra.

I think that the real strength of the book may be in helping younger people to find the entry into this kind of work to be more entertaining. Kids would be, I think, much more likely to actually pick this up and find out if they are interested in statistics as opposed to a regular text book. If they do enjoy it, it could encourage them to go further and really master the subject. A sort of gateway text if you will. It also helps to answer the age old student's question, "Why does this matter?" by giving examples of real world use. I think the book could also be a lot of fun for someone who doesn't need to learn statistics but approaches it as a fun mental exercise, like Sudoku or another math game but with a story line and more complicated problems to solve.

Balancing out the limited amount of work, and the possibility for finding budding statisticians and mathematicians or entertaining those who already enjoy math I think that this book fills a rather unique nichee. I think within that niche it is pretty good, but outside of that may be found lacking and that is why I would rate it as adequate rather than outstanding.

You can purchase The Manga Guide to Statistics from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

mantex writes "The title of this book combines two coded terms — 'Web 2.0' and 'The Enterprise' — for which read 'social networking software' and 'Big Business.' And the purpose is to show how the techniques and concepts behind Web 2.0 applications (blogs, wikis, tagging, RSS, and social bookmarking) can be used to encourage collaboration efforts in what was previously thought of as secretive, competitive businesses." Read on for the rest of Roy's review. Enterprise 2.0 author Niall Cook pages pp.164 publisher Londo: Gower rating 7 reviewer Roy Johnson ISBN 0566088002 summary How social software will change the future of work It's an argument which is fast becoming quite familiar. To succeed in modern business, managers and directors must learn to listen and talk to their customers and staff. They need to be more agile in their thinking, less monolithic in their practices, and they need to catch up to new Internet-based activities which can sweep away unwary traditionalists overnight [look what happened to Encyclopedia Britannica] and create multi-billion pound enterprises almost as quickly [Amazon, Google]. Niall Cook realises that there will be problems and resistance to such suggestions from within orthodox business communities. But he also points to their existing weaknesses. Companies spend millions of dollars installing information and knowledge management systems, yet still struggle with the most basic challenges of persuading their employees to use them. Will it be difficult to persuade large organizations to adopt these very democratic tools? He offers case studies from companies such as the BBC, IBM, Microsoft, and BUPA and others to show that it might. He even makes a case for the use of instant messaging and social presence software (MSN and Twitter).

He also has an example of the US Defence Intelligence Agency using mashups to provide simultaneous streams of information through a single interface (because that's what its users want), and a multinational software company using Facebook as an alternative to its own Intranet (because its employees use it more).

He gives a very convincing example of the creation of a wiki running alongside the company Intranet in a German bank. The IT staff started using the wiki to generate documentation, and within six months use of the Intranet was down 50%, email was down 75%, and meeting times had been cut in half.

In fact he misses the opportunity to point out that one of the biggest incentives for companies to embrace Web 2.0 software is that much of it is completely free. Almost all major programs are now available in Open Source versions — including such fundamentals as operating systems (Linux) content management systems (Joomla) and virtual learning environments (Moodle).

In the UK, government institutions have invested and wasted billions of pounds after being bamboozled by software vendors. In the education sector alone, VLEs such as Blackboard and WebCT have proved costly mistakes for many colleges and universities. They are now locked in to proprietary systems, whilst OSS programs such as Moodle run rings round them — and are free.

Is the embracing of social software solutions likely to take place any time soon? Well, Cook has some interesting answers. His argument is that these developments are already taking place. Smart companies will catch on, and obstructors will fall behind with no competitive edge.

Bear in mind that within just five years, members of the MySpace generation are going to be entering the workforce, bringing their collaborative tools with them. If you don't have the software that allows them to search, link, author, tag, mashup, and subscribe to business information in the ways they want to, they are going to do one of three things: use third party software that does; leave to join a competitor that does; not want to work for you in the first place.

Even the software solutions in this radical, indeed revolutionary development, must be fast, light, and quick to implement. Oracle's IdeaFactory took just a few days to build. Janssen-Cilag's wiki-based Intranet was purchased, customized, and launched within two weeks. This is all part of what Peter Merholz in his recent Subject to Change calls agile technology.

Cook provides strategies for those who wish to implement these ideas within their own company — and it has to be said that he assumes a certain degree of subversiveness might be necessary.

The book ends with a review of the literature on social software and a comprehensive bibliography — so anyone who wants to pursue these matters at a theoretical level has all the tools to do so. But I suspect that anybody who is taken with these new ideas — if they have any blood in their veins — will immediately want to go away and put them into practice.

This is a truly inspirational book which should be required reading for managers, IT leaders, systems analysts, developers, and business strategists in any enterprise, small, medium, and especially large. I can think of two organizations I am working with right now (one a university, the other a large city college) who ought to be implementing these ideas but who are doing just the contrary — stifling innovation. One, following its culture of 'no change' has just been swallowed up by its rival. The other is running onto the financial rocks precisely because it refuses to learn from its users and its own staff — whilst claiming to do just the opposite.

Roy Johnson files regular book reviews at MANTEX

You can purchase Enterprise 2.0 from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "The 1962 song Wipe Out, with its energetic drum solo started, was the impetus for many people to take up playing the drums. Similarly, Nmap, the legendary network scanner, likely interested many in the art of hacking, and for some, started a career for security professionals and hackers. Nmap and its creator Fyodor need no introduction to anyone on Slashdot. With that, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, is a most useful guide to anyone interested in fully utilizing Nmap." Read on for the rest of Ben's review. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning author Gordon Lyon (Fyodor) pages 468 publisher Nmap Project rating 9 reviewer Ben Rothke ISBN 978-0979958717 summary Valuable book about an invaluable security tool One may ask, why spend $50 on this book, when the Nmap Reference Guide provides a significant amount of the basic information needed to use the tool, especially since the reference guide is both free, and well written. The reference guide is included in the book in chapter 15, and takes up 41 pages. And for those that are cash strapped, the free reference guide is the way to go.

In addition, the web site for the book notes that about half of the content is available in the free online edition. The most useful information is in the book in chapters exclusive to the print edition, which includes Detecting and Subverting Firewalls and Intrusion Detection System, Optimizing Nmap Performance, Port Scanning Techniques and Algorithms, Host Discovery, and troubleshooting.

The main benefit of the buying the book is that it has the collected wisdom of Fyodor's, in addition to numerous real-world scenarios, and Nmap commands not documented elsewhere. At over 400 pages, the books 15 chapters provide the reader with everything they need to know about using Nmap to the fullest.

Chapter 1 starts with an overview of the history of Nmap and how it came to be. As to the question of whether port scanning is legal, the author writes that it is best to avoid the debate and its associated analogies. He advises that it's best to avoid ISP abuse reports and criminal charges, by not annoying the target network administrators in the first place. Chapter 1 provides a number of practical suggestions on just how to do that.

A complaint against Nmap it that is has often been blamed for crashing systems. Chapter 1 shows that the reality is that Nmap will rarely be the primary cause of a system crash. The truth is that many of the systems that crashed as a result of an Nmap scan were likely unstable from the outset, and Nmap either pushed them over the top or they coincidentally crashed at the same time as the Nmap scan.

An ironic incident detailed in chapter 3 is when someone from the information security department of Target Corp. complained to the author that he felt the Nmap documentation was particularly directed at his organization; given the use of the term target. He requested that the Nmap documentation be changed from targetto example. The section on target enumeration in the book shows the author did not take that request to heart.

Another example of where the book goes beyond what is in the reference guide is where the author shows the most valuable TCP ports via his probe of tens of millions of IP addresses across the internet. Not surprisingly, ports 80 23 and 443 were the top three most commonly open TCP ports. It is surprising that other ports, which should have been secured long ago, are still as vulnerable as ever.

For the serious Nmap user, the book is worth purchasing just for the indispensable information in chapter 16, which is about optimizing Nmap performance. The author writes that one of his highest priorities in the creation of Nmap has been performance. Nmap uses parallelism and numerous advanced algorithms to execute its blazingly fast scans. This chapter shows how to create Nmap commands to obtain only the information you care about and significantly sped up the scan. The chapter details numerous scan time reduction techniques, and strategies on how to deal with long scans. The chapter concludes with the output of a user who, with a customized Nmap command, was able to reduce his scan of a 676,352 IP address network from nearly a week to 46 hours.

Chapter 10 is also a fascinating chapter on the topic of detection and subverting of firewalls and IDS. The function of such tests on an internal network is to help an organization understand the dangers and risks of a real attack. Since it is not uncommon for firewalls to be accidentally misconfigured, or have rule bases that leak from far too many rules; such a test can be quite useful to any network.

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning is the guide for anyone who wants to get more out of Nmap. It is useful whether one is a novice and only getting into basic security testing, or an advanced user looking for ways to optimize Nmap.

The book takes a real-world approach on how to use the tool and clearly documents every Nmap feature and option. It also shows how the tool should be correctly used in various settings.

What is unique about is that this is a rare book in which the creator of the program wrote it. Linus Torvalds never got around to writing a Linux reference, nor did the creators of the Check Point firewall. In Nmap Network Scanning, the reader gets the story from the creator of the code itself. This then is the ultimate Nmap reference guide.

Aside from the history and use of the program in the first chapter, the rest of the book is an extreme guide to maximizing the use of Nmap. It is written by a programmer and written for the technically astute. Anyone who wants to maximize their use of Nmap will find no better reference.

Ben Rothke manages the Bright Hub Enterprise Security channel and is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "The 1962 song Wipe Out, with its energetic drum solo started, was the impetus for many people to take up playing the drums. Similarly, Nmap, the legendary network scanner, likely interested many in the art of hacking, and for some, started a career for security professionals and hackers. Nmap and its creator Fyodor need no introduction to anyone on Slashdot. With that, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, is a most useful guide to anyone interested in fully utilizing Nmap." Read on for the rest of Ben's review. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning author Gordon Lyon (Fyodor) pages 468 publisher Nmap Project rating 9 reviewer Ben Rothke ISBN 978-0979958717 summary Valuable book about an invaluable security tool One may ask, why spend $50 on this book, when the Nmap Reference Guide provides a significant amount of the basic information needed to use the tool, especially since the reference guide is both free, and well written. The reference guide is included in the book in chapter 15, and takes up 41 pages. And for those that are cash strapped, the free reference guide is the way to go.

In addition, the web site for the book notes that about half of the content is available in the free online edition. The most useful information is in the book in chapters exclusive to the print edition, which includes Detecting and Subverting Firewalls and Intrusion Detection System, Optimizing Nmap Performance, Port Scanning Techniques and Algorithms, Host Discovery, and troubleshooting.

The main benefit of the buying the book is that it has the collected wisdom of Fyodor's, in addition to numerous real-world scenarios, and Nmap commands not documented elsewhere. At over 400 pages, the books 15 chapters provide the reader with everything they need to know about using Nmap to the fullest.

Chapter 1 starts with an overview of the history of Nmap and how it came to be. As to the question of whether port scanning is legal, the author writes that it is best to avoid the debate and its associated analogies. He advises that it's best to avoid ISP abuse reports and criminal charges, by not annoying the target network administrators in the first place. Chapter 1 provides a number of practical suggestions on just how to do that.

A complaint against Nmap it that is has often been blamed for crashing systems. Chapter 1 shows that the reality is that Nmap will rarely be the primary cause of a system crash. The truth is that many of the systems that crashed as a result of an Nmap scan were likely unstable from the outset, and Nmap either pushed them over the top or they coincidentally crashed at the same time as the Nmap scan.

An ironic incident detailed in chapter 3 is when someone from the information security department of Target Corp. complained to the author that he felt the Nmap documentation was particularly directed at his organization; given the use of the term target. He requested that the Nmap documentation be changed from targetto example. The section on target enumeration in the book shows the author did not take that request to heart.

Another example of where the book goes beyond what is in the reference guide is where the author shows the most valuable TCP ports via his probe of tens of millions of IP addresses across the internet. Not surprisingly, ports 80 23 and 443 were the top three most commonly open TCP ports. It is surprising that other ports, which should have been secured long ago, are still as vulnerable as ever.

For the serious Nmap user, the book is worth purchasing just for the indispensable information in chapter 16, which is about optimizing Nmap performance. The author writes that one of his highest priorities in the creation of Nmap has been performance. Nmap uses parallelism and numerous advanced algorithms to execute its blazingly fast scans. This chapter shows how to create Nmap commands to obtain only the information you care about and significantly sped up the scan. The chapter details numerous scan time reduction techniques, and strategies on how to deal with long scans. The chapter concludes with the output of a user who, with a customized Nmap command, was able to reduce his scan of a 676,352 IP address network from nearly a week to 46 hours.

Chapter 10 is also a fascinating chapter on the topic of detection and subverting of firewalls and IDS. The function of such tests on an internal network is to help an organization understand the dangers and risks of a real attack. Since it is not uncommon for firewalls to be accidentally misconfigured, or have rule bases that leak from far too many rules; such a test can be quite useful to any network.

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning is the guide for anyone who wants to get more out of Nmap. It is useful whether one is a novice and only getting into basic security testing, or an advanced user looking for ways to optimize Nmap.

The book takes a real-world approach on how to use the tool and clearly documents every Nmap feature and option. It also shows how the tool should be correctly used in various settings.

What is unique about is that this is a rare book in which the creator of the program wrote it. Linus Torvalds never got around to writing a Linux reference, nor did the creators of the Check Point firewall. In Nmap Network Scanning, the reader gets the story from the creator of the code itself. This then is the ultimate Nmap reference guide.

Aside from the history and use of the program in the first chapter, the rest of the book is an extreme guide to maximizing the use of Nmap. It is written by a programmer and written for the technically astute. Anyone who wants to maximize their use of Nmap will find no better reference.

Ben Rothke manages the Bright Hub Enterprise Security channel and is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

turnkeylinux writes "Amazon just launched its Public Data Sets service (home). The project encourages developers, researchers, universities, and businesses to upload large (non-confidential) data sets to Amazon — things like census data, genomes, etc. — and then let others integrate that data into their own AWS applications. AWS is hosting the public data sets at no charge for the community, and like all of AWS services, users pay only for the compute and storage they consume with their own applications. Data sets already available include various US Census databases, 3-D chemical structures provided by Indiana University, and an annotated form of the Human Genome from Ensembl."

stoolpigeon writes "MySQL is frequently touted as the world's most widely used relational database management system. Many of the best known web applications and web sites use MySQL as their data repository. The popularity of MySQL has continued to grow while at the same time many were concerned by the lack of many features considered essential to a 'real' rdbms. Such naysayers have done little to impede the growth or development of MySQL. The first edition of MySQL in a Nutshell, published in 2005, gave users a handy reference to using MySQL. The second edition, published in 2008, covers many new features that MySQL fans proudly proclaim as an answer to all those critics clamoring for a better-rounded rdbms." Read below for the rest of JR's review. MySQL in a Nutshell author Russell J.T. Dyer pages 561 publisher O'Reilly Media, Inc. rating 9/10 reviewer JR Peck ISBN 978-0-596-51433-4 summary A Desktop Quick Reference

O'Reilly's Nutshell books normally encompass two types of content; tutorials and command reference. MySQL in a Nutshell is true to that format. In this book though, the line between the two is not as cut and dried as in some of the other Nutshell books. The closest to pure reference is probably the documentation of MySQL functions. But there is always more than just a simple statement of function name and parameters. There are examples and when appropriate, Dyer explains function behavior beyond the inherently obvious. A good example would be when Dyer explains the output of Sleep() in the case of a user interrupting query execution with crtl-c.

The tutorials cover all of the basics but extend well into the meat of successfully administering an rdbms. The book begins with an introduction to MySQL itself, instructions on installation and a brief overview of the basics. These chapters make up the first section of the book and take up 35 pages. This means that the book is not an introduction to sql or using an rdbms. This book is first and foremost a reference for the MySQL user who has already moved past the introductory level. I don't think one needs to be an expert to use the book but there is no extended hand-holding for the novice. This is a plus in my opinion, rather than the publisher shoving in a bunch of extra material in an attempt to make the book useful to every reader regardless of their level of experience.

The second section, "SQL Statements and Functions", understandably comprises the majority of the text. This second edition breaks down the categories further, leading to an additional five chapters when compared to the first edition. This is evident with the first chapter, "Security and User Statements and Functions" a chapter that was not in the first edition. Here again the real strength is that the commands are not just documented but they are explained and illustrated with examples.

For the person already working as a MySQL DBA or aspiring to do so, there is excellent coverage beyond the basics. There is documentation on essential skills like back-up, recovery and replication. Another new chapter breaks out database table and schema commands on their own. The brief, but thorough documentation of these features makes this volume extremely useful to the DBA moving to MySQL from another rdbms. One struggle for me, coming to MySQL from Oracle has been that sometimes things are just done very differently than I expect. I don't need a lot of background, I just need to know the MySQL method and this book makes that quickly available and gets me running until I have time to dig further into the why. I would think that this book is a must on the bookshelf of any DBA responsible for the care of MySQL.

Section three further shores up this use with very thorough documentation of MySQL server and client tools. Chapter 15 covers mysqld and mysql. Chapter 16 covers command line utilities. There are roughly 30 utilities covered and I am sure that this chapter could be a real life saver for many. The book does not cover the gui tools available for managing and working with MySQL. This is a strength in my opinion. The tools are built on top of what is documented here and knowledge of the command line commands should adequately prepare the user to deal with any of the various gui tools available out there. This may be somewhat disconcerting to anyone coming from a MS SQL Server background. It's been my experience that folks who have only worked with MS SQL Server struggle when they don't have gui tools, whatever rdbms they are on. Fortunately for them there are a lot of options available to manage MySQL with a gui, they just aren't covered in this book.

The second group that could benefit the most from this book, beyond database administrators is the developer. The documentation of sql statements and functions is of course very useful. The fourth section covers APIs and connectors. It documents the c, perl and php APIs. These chapters follow the same easy flow of mix between documentation and tutorial. The beginning of the chapter covers the basics of connecting, executing statements against the database and the reference follows with the specifics of commands and accompanying examples.

Section five contains three appendices that cover data types, operators and server/environment variables. All three are concise but valuable and cover the information fully. The index does an excellent job of covering not only specific terms but subjects and makes it easy to find what the reader wants, even if they aren't sure of the specific command they are looking to read about.

The book is based on MySQL 5.0 and makes note of features that will be available in 5.1 and 6.0. This does not include master-master replication, since I mentioned that the book does cover that topic. But the section on replication will still be of use with that new feature I am sure. There were some formatting issues in my copy. I don't know if it was isolated or a part of a larger number of copies, I did not see it mentioned on the errata web page for the book. In the chapter on date and time functions, three of the sql examples have formatting errors. The last three characters of the last line of the example are repeated as a fourth line. I'm not sure how this crept in, and it is pretty easy to see that the characters are a typo as opposed to part of the statement but it did throw me for a moment when I looked at them. Anyone typing the command verbatim will get an opportunity to see what their client does with incorrect sql.

I think that this is an excellent book that will aid anyone who interacts with MySQL on a regular basis. There is no fluff, no cuteness and no attempt to do anything beyond providing quick access to key information. The book hits that sweet spot between providing too much or not enough. It does not try to be everything to everyone as I mentioned. It will not do all the lifting necessary to get someone who does not even know what an rdbms is to where they will need to be in order to make good use of this book. It does not dive deep on internals or more advanced topics. But what it covers in that wide middle, it covers very well.

You can purchase MySQL in a Nutshell from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "As perhaps the only substantial computer language embedded inside of the major Web browsers, JavaScript has brought an unprecedented level of power to client-side programming for the Internet. Yet as a result of cross-browser incompatibilities and other problems, it has probably also resulted in an unprecedented number of headaches for Web developers. JavaScript libraries attempt to mitigate much of these difficulties. One of the most popular such libraries, jQuery, is explored in a book by Bear Bibeault and Yehuda Katz, titled jQuery in Action." Keep reading for the rest of Michael's review. jQuery in Action author Bear Bibeault and Yehuda Katz pages 376 publisher Manning Publications rating 9/10 reviewer Michael J. Ross ISBN 978-1933988351 summary A well-crafted guide to jQuery. Released by Manning Publications on 7 February 2008, under the ISBNs 1933988355 and 978-1933988351, jQuery in Action attempts to cover a large amount of information within its 376 pages. The material is grouped into nine chapters: an introduction to jQuery; wrapped element sets; modifying element properties, attributes, styling, and content; browser event models, including jQuery's; animations and effects; jQuery utility functions; plug-ins; AJAX; and four powerful plug-ins. The book concludes with an appendix, which may be the best place to start reading in the book, because it reviews many of the key aspects of JavaScript upon which more advanced jQuery heavily relies. The authors assume that the reader has a solid understanding of JavaScript, and is familiar with the basics of AJAX

As an introduction to jQuery, the first chapter briefly presents the rationale behind jQuery and its contribution to "Unobtrusive JavaScript," which is essentially the long overdue separation of JavaScript and CSS code from HTML markup — that is to say, separating behavior from structure in Web pages. With this new approach to JavaScript, the resultant code may in some cases be a bit longer, but it is far more readable, maintainable, and robust. Anyone who has tried to decipher cryptic JavaScript interwoven with HTML, will appreciate this leap forward. However, after these first two sections, prior to starting with the details of jQuery and its syntax, the authors should have explained to the reader where to find jQuery and how to reference it within a page. This critical information is provided only in the chapter summary, almost as an afterthought. A reader skipping the chapter summary could easily miss it.

The second and third chapters lay the groundwork for what will follow. The former chapter explains how to specify and manipulate sets of elements on the Web page, known as "wrapped element sets." This is done using all of the selection methods supported by CSS 3, as well as some additional selection capabilities built into jQuery. The latter chapter explains how to manage the properties and attributes of page elements, and how to get and set attribute values and other attribute manipulation techniques. The authors show how jQuery gives programmers tremendous control over the HTML and CSS of their Web pages, which can be changed by creating and modifying elements, and wrapping them in new elements, as well as adding and removing class names within the HTML, thereby using the existing CSS code. On the other side of the same coin, styling can also be updated by getting and setting the styles themselves, thereby using the existing HTML code. The last section of the third chapter focuses on form elements, which have special properties within both HTML and jQuery.

Event handling is a key aspect of any GUI, and is the subject of Chapter 4, in which the authors describe the DOM event models — focusing on Levels 0 and 2 — and how the jQuery event model helps to neutralize the problems introduced by Internet Explorer (naturally) failing to follow industry standards in its implementation of the DOM Level 2 Event Model. The chapter concludes with an extended examination of some sample code — in this case an order page from the online menu of an imaginary Asian fusion restaurant.

The book shifts gears in its fifth chapter, which explains how to use animation and other effects to jazz up the Web page — such as fading images in and out, as well as smoothly resizing and moving elements on the page. For instance, the first application of these capabilities is in the form of a collapsible list, which is ideal for making lengthy vertical navigation menus far less space consuming. Chapter 6 arms the reader with an understanding of jQuery's many utility functions, which can be used to trim unneeded spaces from strings, iterate through collections and properties, filter and translate arrays, extend objects, load scripts dynamically, and determine the site visitor's user agent and box model. These functions add the capabilities to one's jQuery code; yet one can even extend jQuery itself, by using plug-ins created by other developers or by oneself. In Chapter 7, the authors explain how anyone can write custom utility functions, which they illustrate with a date formatting function. They also explain how-to create custom wrapper methods.

Although it has its detractors, Asynchronous JavaScript and XML (AJAX) has enabled a plethora of new ways to make Web pages respond faster to user events, without requiring the overhead of wholesale page reloads. AJAX is the topic of Chapter 8, and the authors begin with a review of how to make asynchronous requests using the JavaScript XHR object, thus enabling the page to communicate with the server. This can be used for loading content into page elements, making GET and POST requests, and more. Similar to the previous two chapters, this one ends with a detailed examination of sample code. The final chapter in the book begins with a brief overview of jQuery plug-ins, and then examines in detail four highly popular plug-ins for handling HTML forms, controlling the dimensions of elements, declaring element behavior prior to creating the elements themselves, and gaining even greater control over the user interface, such as dragging and dropping elements on the page.

Anyone interested in learning more about the book can consult the publisher's page, which offers a book description, excerpts from reviews, and links to pages containing the supplemental sections of the book, such as the table of contents. It also has the book's errata, of which there are listed (as of this writing) five in the second printing, and three from the previous printing. Two sample chapters (2 and 5) are offered, as well as all of the sample source code. The PDF version of the book can be purchased online, at a discount to the printed version; the two can also be purchased as a bundle. Lastly, there is an authors' forum, where readers are invited to post questions, almost all of which have been kindly answered why the authors.

jQuery in Action illustrates how the primary aim of programming frameworks is to encapsulate much of the details of the language being used, so the developer can focus on the higher-level purpose of the code they are creating, and not the minutia of syntax and, in the case of JavaScript, differences among browsers. The authors successfully demonstrate the major concepts, primarily through the use of what they refer to as "lab pages" — essentially detailed code samples, with explanations, beginning with the second chapter. These exemplify the spirit of Manning's "in Action" series of technical books, which recognizes that in computer programming — as with probably most every other field — the best way to learn is by doing, and in this case, seeing sample code in action. This also makes it easier for the reader to modify the given code and experiment with it, to confirm what they have learned, and perhaps discover something new. Most of the sample code for this book runs fine in a Web browser opening the HTML files, without having to be run on a local Web server.

This book should prove a favorite among jQuery developers. The authors zero in on the core components of the library, and explain everything clearly — providing thorough coverage, without excessive verbiage. They are forthright about the weaknesses of jQuery, just as much as its strengths. The book does not contain a large number of screenshots or other figures, but it does use those in conjunction with code snippets, tables, and command syntax summaries to help break up the text visually. The authors improve the readability of the material with a genuine sense of humor, yet without resorting to the silliness currently found in many books written by programmers.

There are few blemishes, and of those, none are major. Phrasing in a few instances could be confusing to the average reader, such as referring to functions as elements just a few paragraphs after mentioning CSS elements (in the "NOTE" on page 9). The chapter summaries add no value, and should be jettisoned. Also, they should not be used as a place to introduce information not even mentioned in the corresponding chapters, e.g., the jQuery download information noted above. Almost every chapter summary touched upon something that had not proceeded it; such material should be folded into the particular chapter proper. The chapter titles should be in title case, and not sentence case. On the other hand, some phrases are incorrectly put in title case, such as "Rich Internet Applications" — a phrase overused. There were only a few errata not already reported on the publisher's Web page, such as "it incursion" (page 15). As with many computer books nowadays, there is an excessive use of exclamation marks. In terms of the sample code, it is complete and quite handy for trying out the ideas discussed in the book, and learning by modifying it. However, the JavaScript portions of the code can be difficult to read, because most of the code is compressed, with almost no use of whitespace to enhance readability.

With its capable technical coverage, extensive use of sample code, and approachable style, jQuery in Action is a valuable resource for any Web developer seeking to maximize the power of JavaScript, and a must-have for anyone interested in learning jQuery.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase jQuery in Action from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Max Tardiveau writes "I just finished reading Neal Stephenson's latest novel, Anathem. I was awaiting it with some anticipation because I absolutely loved Stephenson's best-known novels: Snow Crash, The Diamond Age, and Cryptonomicon. One of Stephenson's non-fiction pieces, called In the beginning was the command line, simply wowed me when I read it. The man can write. A few years ago, I got really excited when I heard that he was writing a whole cycle of novels (the Baroque cycle). But I read the first book of the cycle — Quicksilver — and I was somewhat disappointed, so I skipped the rest of the cycle. I realize that many people enjoyed these novels, but I was hoping that Stephenson would get back his old style and inspiration. So, when Anathem was announced, I was full of anticipation — was this going to be the one? Would he find his mark again?" Keep reading for Max's impressions of Anathem Anathem author Neal Stephenson pages 935 publisher HarperCollins rating 6 reviewer Max Tardiveau ISBN 9780061474095 summary Action and philosophical exploration in an Earth-like future The first impression of this book is its heft---at 935 pages in the hardback edition, you'll need strong arms, or a good support, just to read the thing. But otherwise, this is a sharply printed, well-bound book. The official retail price is $30, but you can find it for around $24, less if you buy it used.

Anathem is set on a fictional planet called Arbre, which is very similar to Earth, in a fairly distant future. Much has happened, as we discover during the course of the story. World wars, revolutions, climate change, etc... During all these tribulations, religious orders have provided a certain amount of continuity, and have pursued theoretical scientific research. They still live like monks and nuns, even though there are occasional glimpses of highly advanced technology (materials, genetics, etc...).

In a monastery, ruled by an ancient Discipline, our hero is a young monk who is inquisitive, smart but not brilliant, and brave but not foolhardy. We see most of the action through his eyes.

Not much happens in the first 100 pages or so, which can be a bit trying, but soon we learn that mysterious events are in progress, and the narrative picks up the pace after that. I can't say much more without spoilers.

As usual with Stephenson, there are many neat ideas, and a few mind-twisters. The writing is usually clear, the action can be stimulating, the characters can be engaging. And yet...

It's not that Anathem isn't interesting. It's just that it feels ... self-indulgent. It's a 935-page novel that should be 600 pages or less. Perhaps Stephenson's fame and success make it difficult for editors to stand up to him. That would be his loss (and ours). A good editing job would have turned a good novel into one that is worthy of him.

Why do I say that?

First, the story is replete with made-up words that add very little to the story, the atmosphere, the narration, or anything at all. They just stand in the way. I'm not opposed to a judicious use of this device, but here it feels gratuitous and pointless and, yes, at times irritating.

I know it's not supposed to be Earth, but at least half of this gobbledygook could have been skipped without any detrimental effect. I'm afraid I have to invoke Munroe's Law, which states: "The probability of a book being good is inversely proportional to the number of made-up words it contains". In fact, XKCD had a strip about this specifically aimed at Anathem.

There is a lot of dialog and action that adds little or nothing to the narrative. One feels, at times, like Stephenson is filling time. This is where a good editor should step in and tighten things up. One senses that the entire book was published as delivered by the author, with no critical paring, no condensing. I'm sure I'm wrong about that, but the feeling is there nonetheless.

We meet a very large cast of characters, many of whom seem unnecessary. Names appear and disappear, and the reader is left to ponder why they were introduced at all. Is there some ulterior motive? Will they have some sort of meaning later in the book? But alas, most don't, and we feel like we have invested time and emotion in vain.

There are also a lot of uncompleted story lines and plot holes. Perhaps the novel is simply too ambitious, and tries to broach too many topics. Time and time again, Stephenson introduces an interesting concept, or an intriguing subplot, only to drop it without any follow-up. This is most unsatisfying.

This is a surprise, because I am under the impression that Stephenson's audience is in large part made of people like me — somewhat geeky, interested in science, and therefore prone to paying close attention to details of the story. In this respect, this book simply fails. The reader is left with so many open questions, so many unfinished lines of inquiry, that the whole thing feels unfinished, even rushed. The ending is bland and appallingly predictable, worthy of a Bruce Willis action movie--harsh words, I know, but I am not using them lightly.

I was expecting more intellectual stimulation, a significantly faster pace, and more storytelling rigor from Stephenson, and I have to admit to being disappointed. The book is certainly not without redeeming qualities, I was just expecting quite a bit more.

I would not recommend this book as an introduction to Stephenson. If you're a real fan, you'll probably read it no matter what, but otherwise you can safely skip it. If you've never read anything by Stephenson, then you owe it to yourself to read the three novels I mentioned at the beginning of this article. They are truly excellent. Anathem, sadly, is not cut of the same cloth.

You can purchase Anathem from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Adam Jenkins writes "This book seemed to have potential, particularly since the image of nerds has changed in recent times. Once objects of derision and schoolyard bullying, nerds are now acknowledged as having a place in society. The Lord of the Rings became a multi-million dollar movie trilogy, the internet is now used by an incredible number of people, and computer games are no longer seen as being 'just for kids.' Around the years of the dot-com boom, successful nerds were driving Ferraris and going to cool parties. So it's not so surprising that the definition of a nerd has changed over time, nor that a society which has generally become better at accepting people who are different, has accepted nerds." Read below for the rest of Adam's review. American Nerd: The Story of My People author Benjamin Nugent pages 224 publisher Scribner rating 9/10 reviewer Adam Jenkins ISBN 978-0-743-28801-9 summary A history and entertaining discussion of the American Nerd. As is clear from the title, American Nerd sets out to concentrate on the American nerd, and to define what a nerd is. As with a lot of social labels, it's not so easily defined. Nugent defines two categories of nerd; those who are intellectual and socially awkward in a machine-like way, and also people who are simply socially excluded. We learn that the word 'nerd' first started being used in America around the 1960s, but as well as the more recent 'geek', there have also been words like 'boffin' and 'greasy grind' which are similar in meaning. The book is divided into three sections, with the history of the nerd, a more detailed section called "Among the Nerds", and a shorter section "My Credentials". The latter section expands on the glimpses into Nugent's life through the rest of the book, like the case study in the second part about Nugent's friend from the Ghetto of Amherst and includes another case study, about another of his childhood friends.

The author spent some his school years being picked on as a nerd and at the start he discloses that consequently his journalistic objectivity is compromised. Later in the book, he tells us that he stopped being a nerd in his teens. As part of this disclaimer, Nugent states that he empathizes with nerds and anti-nerds alike, and really, who better to do that than an ex-nerd? He seems to have done some good research for the book, including attending the Third Annual Anime Los Angeles Convention, SCA events like Estrella War in Arizona, and talking with Rosie Shuster and Anne Beatts, who wrote the first nerd sketch for Saturday Night Live.

The publishers claim this is the first comprehensive examination of nerds, and it's certainly a fine study of the history to date. No doubt there are good related academic papers in the fields of psychology and sociology, and the books of Professor Sherry Turkle (mentioned in this book) sound interesting, but American Nerd is not only more accessible, but it is specifically about nerds. I've read a couple of books which have touched upon nerd culture, but they have mostly concentrated on other topics; usually the stories of early Silicon Valley pioneers and their companies. Nugent's book covers not only the more usual topics like how nerds are treated at school and what a nerd is, but also science fiction fan clubs and conventions, computer gamers, "fake nerds", Japanese pop culture and parallels between race discrimination and nerds. I was a little surprised that some nerd subcultures weren't included, like those around computer bulletin board systems, or tabletop gaming and live action roleplaying. There were lots of analogies and examples from not only movies like Blade Runner, Rain Man and The Nutty Professor, but also classic literature, like Pride and Prejudice, and Frankenstein. Of more current works, there's mention of Beauty and the Geek and The Big Bang Theory, and some interesting information about the production of Freaks and Geeks.

I'm not sure whether the book would appeal only to nerds or ex-nerds. I think the subject material is probably broad enough that it would have a greater appeal. Parts of the book are quite funny like the story about a Super Smash Bros. Melee competition at a Major League Gaming tournament, and the examples of strange vocabulary adopted by gamers. There are also stories about Ben and his interactions with his friend's crazy Mormon Mum. Toward the end of the book, he described getting drunk with popular kids at age 13 in Petrozavodsk, Russia and deciding he didn't want to be a nerd anymore. There was a lot that I learned from this book, not just the history of nerds, but also something of modern subcultures like yaoi, otaku and SCA, as well as some American specific things like RPIs Bachelor journal and high school debating. Though there's some parallels drawn in this book between the UK and the US in the coverage of "muscular Christianity" around the late 19th century, I am sure that currently nerds in the UK are quite different to those in the US, and I did wonder generally just how nerds in other countries are similar and different to the American variety.

This is an intelligent and thought-provoking book, which also manages to be entertaining. Whether you're a nerd or not, you will find parts of the book that remind you of some of your own experiences and make you appreciate how much richer our society is for having nerds!

You can purchase American Nerd: The Story of My People from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "Orson Scott Card's work Ender's Game began as a novelette, which he says he wrote as a means of leading up to the full story he had developed, Speaker for the Dead. Ender's Game was published as a full novel in 1985, and won the Hugo and Nebula awards (as did Speaker for the Dead in '86 and '87). I think it is safe to say that Ender's Game is ensconced in its position as a science fiction classic. Now, 23 years later, Card has finished the first direct sequel to Ender's Game in his new novel Ender in Exile." Keep reading for the rest of JR's review. Ender in Exile author Orson Scott Card pages 377 publisher Tor Books rating 7 reviewer JR Peck ISBN 978-0765304964 summary A good midquel in the Ender's series While Speaker for the Dead was published right after Ender's Game, there is a huge gap in time between the two stories. Due to the effects of traveling at close to light speed, thousands of years pass between the two novels. Chapter fifteen of Ender's Game does give an explanation of the events that fill that time. Card also went on to write other novels set in the Ender universe that do not involve Ender directly but rather other students from the battle school and family. This makes Ender in Exile more of a 'midquel', a term Card uses in the afterword, than a sequel. Because of this, from a high level view of the plot, readers who have stuck with the saga will not find much new here. This is a closer look at events already related in other books for the most part.

Card is an able author and this story is solid. Much of it reminded me of some of my favorite classic science fiction. There is colonization, extended periods of life aboard space ships, discovery of alien civilization and not much in the way of hard science. Card's primary purpose is to analyze and consider the human condition as opposed to exploring technological possibilities or theories. Almost everything that is highly advanced is the result of alien technology and is never explained or understood. Much of it functions on an almost mystical or magical level.

Ender is a young adolescent with an incredibly unique life and mind. In this novel we see him transitioning and growing from a youth into a man. I was often reminded of Herbert's Paul Atreides when he was first on the run in the desert with his mother in the book Dune. Ender is aware that he is different and has amazing capabilities but he is unsure just what the full ramifications of that difference are. He is trying to find his place in humanity and in the universe as a whole.

The story encompasses four basic plot lines that flow one to the next. I never felt any great sense of urgency or climax and resolution in the story. Really what it felt like was a thread weaving together pieces from the earlier stories. While the themes and issues were great, sometimes the characters were remote or the working of the issues very subtle. The most impacting and emotional moments relied upon knowledge of events from the other books in the series to carry their full force. In that light the novel is very effective. I think that fans of the Ender series, already biased towards this work, are going to be very pleased and enjoy Ender in Exile greatly. They are going to get to dig just a bit deeper into this world and it's primary character Andrew Wiggin. They will enjoy moments of discovery and the answer to questions that may have been in the back of their minds, possibly for the last twenty years or so.

On the other hand, someone new to the series may not be as enthralled and may find the story to be a bit flat. If I could I would rate this book in two ways. For those who have not read all the other Ender books, a 6 or 7. This is not bad since the book is designed to sit in the middle of an existing set of tales. It is possible that someone could pick this book up without having read a single Ender story or novel and track with it. I think they would even find it interesting if a little flat. But for a fan of the series with a high degree of familiarity with the characters and events of this world it is probably a solid 8 or 9. At the very least, Card has done nothing to tear down what he has built up but has completed a sturdy addition to the body of work.

In the afterword Card has some interesting comments to make about reader involvement in helping him to write this story. He also explains how he would like to approach some discrepancies between this story and what is related at the conclusion to Ender's Game. I thought it was a sign of the times that an author, facing a large and complex world he had created but could not track on his own, was able to use the internet to call upon readers assistance in achieving as much consistency as possible.

This is a thoughtful, well written book. It may even motivate some to dig up an old copy of Ender's Game so that they can relive the enjoyment of a classic and see what is new to find. I think that most will not be disappointed. Some may not be as thrilled as they would hope, but there is something here for any science fiction fan.

On a side note, in conjunction with the release of this new book, Marvel Comics is doing a limited series comic adaptation of the original Ender's Game novel.

You can purchase Ender in Exile from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

404 Clue Not Found writes "The One Laptop Per Child project's XO-1 laptop is once again available to the general public via its Give One Get One promotion, where $400 will buy two laptops, one for the purchaser and one for 'a child in the emerging world.' Having learned from their delivery and fulfillment headaches the first time around, this time they partnered with Amazon.com to handle shipping. But a year after its initial release, the market has become saturated with Eee-wannabe netbooks from every major manufacturer. Can the XO-1's charitable appeal, unique chassis and dual-mode screen compete with the superior performance and standard operating systems of its newer peers?"

brothke writes "It has been suggested that if one was somehow able to change history so that aspirin had never been discovered until now, it would have died in the lab and stand no chance of FDA approval. Similarly, if we knew the power that Google would have in 2008 with its ability to aggregate and correlate personal data, it is arguable that various regulatory and privacy bodies would never allow it to exist given the extensive privacy issues." Read below for the rest of Ben's review. Googling Security: How Much Does Google Know About You? author Greg Conti pages 360 publisher Addison-Wesley Professional rating 9 reviewer Ben Rothke ISBN 978-0321518668 summary Explores the many security risks around Google and other search engines In a fascinating and eye-opening new book Googling Security: How Much Does Google Know About You?, author Greg Conti explores the many security risks around Google and other search engines. Part of the problem is that in the rush to get content onto the web, organizations often give short shrift to the security and privacy of their data. At the individual level, those who make use of the innumerable and ever expanding amount of Google free services can end up paying for those services with their personal information being compromised, or shared in ways they would not truly approve of; but implicitly do so via their acceptance of the Google Terms of Service.

While the book focuses specifically on Google, the security issues detailed are just as relevant to Yahoo, MSN, AOL, Ask and the more than 50 other search engines.

My friend and SEO guru Shimon Sandler has a blog around search engine optimization (SEO). In the over three years that his blog has been around, my recent post on The Need for Security in SEO was the first on the topic of SEO security. Similar SEO blogs have a very low number (and often no) articles on SEO and security. Sandler notes that when he mentions privacy issues around search to his clients, it is often the first time they have thought of it.

The book opens with the observation that Google's business model is built on the prospect of providing its services for free. From the individual user's perspective, this is a model that they can live with. But the inherent risk is that the services really are not completely free; they come at the cost of the loss of control of one's personal information that they share with Google.

The book lists over 50 Google services and applications which collect personal information. From mail, alerts, blogging, news, desktop, images, maps, groups, video and more. People are placing a great deal of trust into Google as each time they use a Google service, they are trusting the organization to safeguard their personal information. In chapter 5, the book lists over 20 stated uses and advantages of Google Groups, and the possible information disclosure risks of each.

In the books 10 chapters, the author provides a systematic overview of how Google gets your personal data and what it does with it. In chapter 3, the book details how disparate pieces of data can be aggregated and mined to create extremely detailed user profiles. These profiles are invaluable to advertisers who will pay Google dearly for such meticulous user data. This level of personal data aggregation was impossible to obtain just a few years ago, given the lack of computing power, combined with the single point of user data. The book notes that this level of personalization, while golden to advertisers, is a privacy anathema.

Chapter 6 is particularly interesting in that it details the risks of using Google Maps. Conti explains that the privacy issue via the use of Google Maps is that it combines disclosure risks of search and connects it to mapping. You are now sharing geographic locations and the associated interactions. By clicking on a link in a Google map, the user discloses and strengthens the link between the search they performed and what they deemed as important in the result. By aggregating source IP addresses and destinations searches, Google can easily ascertain confidential data.

After detailing over 250 pages of the risks of Google and related services, Chapter 9 is about countermeasures. Short of simply not using the services, the book notes that there is no clear solution for protecting yourself and company from web-based information disclosure. Nonetheless, the chapter lists a number of things that can be done to reduce the threat. Some are easier, some are harder; but they can ultimately add up to a significant layer of protection. Chapter 9 details 11 specific steps that help users appreciate the magnitude of their disclosures and make informed decisions about which search services to use.

Googling Security: How Much Does Google Know About You? is an important book given that far too many people do not realize how much personal information they are disclosing on a daily basis. An important point that the book makes is that small information disclosures are not truly small when they are aggregated over the course of years. Advances in data mining and artificial intelligence are magnifying the importance of the threat, all under the guise of improving the end-user experience. The book emphasizes the need to evaluate the short-term computing gains with the long-term privacy losses.

The final chapter notes that apathy is the enemy. As a user becomes aware of the magnitude of the threat, they will see it grow every day. But the next step is to take action. Be it with technical countermeasures, taking your business where privacy is better supported, or petitioning lawmakers.

As to the underlying question, "how much does Google know about you?", the answer is that it is a colossal amount, far more than most people realize. For anyone who uses the Internet, Googling Security should be on their list of required reading. The risks that Google and other search engines present are of great consequence and can't be overlooked. If not, privacy could slowly be a thing of the past.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Googling Security: How Much Does Google Know About You? from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "It has been suggested that if one was somehow able to change history so that aspirin had never been discovered until now, it would have died in the lab and stand no chance of FDA approval. Similarly, if we knew the power that Google would have in 2008 with its ability to aggregate and correlate personal data, it is arguable that various regulatory and privacy bodies would never allow it to exist given the extensive privacy issues." Read below for the rest of Ben's review. Googling Security: How Much Does Google Know About You? author Greg Conti pages 360 publisher Addison-Wesley Professional rating 9 reviewer Ben Rothke ISBN 978-0321518668 summary Explores the many security risks around Google and other search engines In a fascinating and eye-opening new book Googling Security: How Much Does Google Know About You?, author Greg Conti explores the many security risks around Google and other search engines. Part of the problem is that in the rush to get content onto the web, organizations often give short shrift to the security and privacy of their data. At the individual level, those who make use of the innumerable and ever expanding amount of Google free services can end up paying for those services with their personal information being compromised, or shared in ways they would not truly approve of; but implicitly do so via their acceptance of the Google Terms of Service.

While the book focuses specifically on Google, the security issues detailed are just as relevant to Yahoo, MSN, AOL, Ask and the more than 50 other search engines.

My friend and SEO guru Shimon Sandler has a blog around search engine optimization (SEO). In the over three years that his blog has been around, my recent post on The Need for Security in SEO was the first on the topic of SEO security. Similar SEO blogs have a very low number (and often no) articles on SEO and security. Sandler notes that when he mentions privacy issues around search to his clients, it is often the first time they have thought of it.

The book opens with the observation that Google's business model is built on the prospect of providing its services for free. From the individual user's perspective, this is a model that they can live with. But the inherent risk is that the services really are not completely free; they come at the cost of the loss of control of one's personal information that they share with Google.

The book lists over 50 Google services and applications which collect personal information. From mail, alerts, blogging, news, desktop, images, maps, groups, video and more. People are placing a great deal of trust into Google as each time they use a Google service, they are trusting the organization to safeguard their personal information. In chapter 5, the book lists over 20 stated uses and advantages of Google Groups, and the possible information disclosure risks of each.

In the books 10 chapters, the author provides a systematic overview of how Google gets your personal data and what it does with it. In chapter 3, the book details how disparate pieces of data can be aggregated and mined to create extremely detailed user profiles. These profiles are invaluable to advertisers who will pay Google dearly for such meticulous user data. This level of personal data aggregation was impossible to obtain just a few years ago, given the lack of computing power, combined with the single point of user data. The book notes that this level of personalization, while golden to advertisers, is a privacy anathema.

Chapter 6 is particularly interesting in that it details the risks of using Google Maps. Conti explains that the privacy issue via the use of Google Maps is that it combines disclosure risks of search and connects it to mapping. You are now sharing geographic locations and the associated interactions. By clicking on a link in a Google map, the user discloses and strengthens the link between the search they performed and what they deemed as important in the result. By aggregating source IP addresses and destinations searches, Google can easily ascertain confidential data.

After detailing over 250 pages of the risks of Google and related services, Chapter 9 is about countermeasures. Short of simply not using the services, the book notes that there is no clear solution for protecting yourself and company from web-based information disclosure. Nonetheless, the chapter lists a number of things that can be done to reduce the threat. Some are easier, some are harder; but they can ultimately add up to a significant layer of protection. Chapter 9 details 11 specific steps that help users appreciate the magnitude of their disclosures and make informed decisions about which search services to use.

Googling Security: How Much Does Google Know About You? is an important book given that far too many people do not realize how much personal information they are disclosing on a daily basis. An important point that the book makes is that small information disclosures are not truly small when they are aggregated over the course of years. Advances in data mining and artificial intelligence are magnifying the importance of the threat, all under the guise of improving the end-user experience. The book emphasizes the need to evaluate the short-term computing gains with the long-term privacy losses.

The final chapter notes that apathy is the enemy. As a user becomes aware of the magnitude of the threat, they will see it grow every day. But the next step is to take action. Be it with technical countermeasures, taking your business where privacy is better supported, or petitioning lawmakers.

As to the underlying question, "how much does Google know about you?", the answer is that it is a colossal amount, far more than most people realize. For anyone who uses the Internet, Googling Security should be on their list of required reading. The risks that Google and other search engines present are of great consequence and can't be overlooked. If not, privacy could slowly be a thing of the past.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Googling Security: How Much Does Google Know About You? from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "The real estate bubble is long gone. Oil prices are sliding down. Are we in an education bubble? The author of Beating the College Bubble says so. He's written a short, simple guide to avoiding the crushing college debt that he thinks is about to bankrupt all of us. Just as easy loans encouraged people to dream big and buy a McMansion, big college loans are tempting students with too much Comp Lit and Frat Parties. When they graduate, the debt is so hefty that the students are stuck living in their parents' basement for 10 years until they've paid it all off. I can tell you from personal experience that there's some real truth to the hangover. The beer headache is gone after a week, but the monthly payments just keep going." Read below for the rest of cdog40's review Beating the College Bubble author C. Davis pages 140 publisher Edububble Press rating 9 reviewer cdog40 ISBN 1438235909 summary Don't go to college. Save your money. The author spells out why he wrote the book: his kids are graduating soon and he wants to do the right thing. Should he encourage them to spend big on an impressive, Cadillac-grade education or should he be really cheap so they can be free of loans? Which will help the kids?

Chapter 2 works through a handful of examples of people who spent too much on education. Of course he brings up the fact that all of the big guys in the computer business skipped out on college after a few courses. Steve Jobs and Bill Gates started the trend and now it looks like Mark Zuckerberg is following in the famous footsteps.

The author writes out that some of the people in Chapter 2 really did benefit from their education. The lawyers and the doctors who sell their credentials did very well with fancy diplomas.

Chapter 3 is a largely obvious summary of what we all know: lots of college courses don't have any real use in the world. It's not as bad as jokes like: What do you call an English major? (Waiter!) The problem is that the Internet is very good at exporting bits and most college degrees specialize in manipulating bits. The Internet can and will ship this work to the lowest-wage countries in the world. So if you're interested in making money by manipulating bits, the Internet is going to cut you off at your knees. The real secret to making money he says is getting a career in something like sewer maintenance because that can't be exported despite what that famous Senator says about the Internet just being a bunch of pipes.

Chapter 4 is a great piece that explains where the money is going: into the pockets of the college presidents. Many of them make more than a million dollars a year in salary. Well, that's not all true. Some of it is going into the big, expensive buildings. Apparently long ago, students put on shows without fancy state-of-the-art, high-tech arts complexes. They just used an auditorium. No longer. Schools love to spend money on big-name architects. There's a good mention made of the high price tag, the bar, and the leaky roof at MIT's Stata Center.

Chapter 5 is a kind of a nice guy section added so the author couldn't be accused of being completely cynical and nasty. It points out that most schools aren't just spending the cash on the president's new yacht, but on things the students use like fancy dorms and swanky exercise rooms. I know this is true of my school. The dorms are much better. You can't even see the mortar between the cinder blocks any longer. He's still annoyed by this because all of the fancy features pump up the tuition bill.

Chapter 6 is where the book starts to get useful. He talks about how to negotiate for better terms on the debt or how to avoid picking up too much. You can pretty much skip Chapter 7 and move right on to Chapters 8 and 9 which describe how to save money by getting cut rate degrees or skipping college altogether.

I'm not sure whether I buy all of the techniques. He suggests that internet forums like Slashdot are more informative than a college classroom, something I'm not sure I believe. Yes, there's more discussion and the moderation system does a good job of shutting up that bossy know-it-all in the front row, but it would be nice to have a professor. I guess that's what they mean when we're supposed to read the article before commenting. Hah. No one did at my school either.

There are good ones. He tells of low-cost degree programs at most schools. You can save 80% of the price of going to Harvard, for instance. I think he's pretty honest about this because he does point out that you lose something when you take the cheap route. But freedom is just another word for nothing left to pay on your loans.

The book's website is trying to make the book interactive by posting new news stories and alternative solutions for college. It listed the new School of Everything as an alternative.

This is where the meat of the book lies. The only way to avoid getting hurt by a bursting bubble is to get out early. This book made me think long and hard about college. You can't go back and do a scientific experiment because you can only live life once. But I do think that's how he put it. We're really in love with the idea of college that we'll spend anything. It's like when you fall head over heels over some beautiful girl that you don't even know. Then you run up your credit card on an expensive meal to impress her only to find out that she's kind of snobby or flakey or just not interested in the right things (PS3, BitTorrent, Android, Erlang etc). When the bill comes a month later, you feel kind of dumb. This book is trying to help the next generation avoid that headache.

You can purchase Beating the College Bubble from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "As Internet users' expectations continue to ratchet upwards, it is increasingly essential that every Web site owner maximize the chances that those users will find the site in question, and, once found, that the site will perform well enough that those visitors become customers or members, and recommend the site to others. Key elements of a successful strategy include optimization for search engines, pay-per-click advertising, and visitor conversion, as well as responsive Web pages and fine-tuning of all the above, using various metrics. These topics and others are explored in Website Optimization: Speed, Search Engine & Conversion Rate Secrets by Andrew B. King." Keep reading for the rest of Michael's review. Website Optimization author Andrew B. King pages 394 publisher O'Reilly Media rating 8/10 reviewer Michael J. Ross ISBN 0596515081 summary Techniques for increasing a site's SEO, conversion rates, and speed. The book was published by O'Reilly Media on 15 July 2008, under the ISBNs 0596515081 and 978-0596515089. Website Optimization is organized into two major parts: search engine marketing optimization and Web performance optimization. The book's material, spanning 394 pages, is divided into 10 chapters, covering a range of topics: natural search engine optimization, an SEO case study, pay-per-click optimization, a case study thereof, conversion rate optimization, Web page performance, CSS optimization, AJAX optimization, server- and client-side performance techniques, and Web site metrics. The book begins with a forward by Jim Sterne, a Web marketing and metrics consultant, followed by a preface in which Andy King provides an overview of what is to follow, as well as credits to four other individuals. These credits are confusing, because they do not make clear for what exactly the individuals are being credited! The reader will be left wondering: Are these people the technical editing team? Or did they write some of the material in the book, without byline? Or did they only provide research material to the primary author? In personal correspondence to me, Andy King mentions that this book was "written by a team of experts let [sic] by me." Thus, they are apparently co-authors, but not identified as so in the book.

The first five chapters of the book focus on optimization of search engine marketing (SEM), which comprises search engine optimization (SEO), pay-per-click (PPC) advertising, and conversion rate optimization (CRO). The author(s) begin by demonstrating, through cited statistics, just how critical it is for Web sites to appear within the first few search engine result pages (SERPs), otherwise the sites will probably not be found by the roughly 90 percent of Internet users who do not bother looking at any subsequent pages. This documented selectivity should alone serve as an energizing wake-up call to any Web site owners who — either through ignorance or laziness — make no effort to improve their rankings within the major search engine results. The first chapter delineates the most common SEO mistakes, as well as basic techniques for achieving higher rankings. The two categories could have been combined, simply by inverting the language of the first category; for instance, "develop an adequate number of popular inbound links" could replace "[avoid] a lack of popular inbound links." The bulk of the SEO information will be familiar to most Web marketing veterans, though even they should glean some new pointers. All of the advice is correct, up-to-date, and worthy of implementation on any site — existing or under development. However, the "Step 3" and "Step 4" in Figures 1-6 and 1-7 may be confused by some readers with the identical section headings in the book's text. Note also that the KEI of "84,100" should instead read "84.100" (page 17). Lastly, the first and third sample URIs are missing GET keys (page 29).

The strategies for natural search engine optimization, presented in the first chapter, are illustrated in the second — through a case study of the SEO overhaul of a Philadelphia dental practice's Web site. The original version of the site was lacking keyword-rich headers, body copy, inbound links, etc. (In addition, the dentist's e-mail address was revealed to spam harvesters in plain text. Andy King mentions the use of a contact form to resolve this problem, but does not mention that there are methods of displaying an e-mail address to human visitors, while hiding it from spambots.) This site's search engine results were dramatically boosted through two iterations of SEO fine-tuning, redesign, and release. While this particular dentist's site was greatly improved by the work described in this chapter, the book itself is not improved by inclusion of said chapter, since no additional SEO techniques are offered to the reader, and the first chapter already had enough HTML code snippets to exemplify the concepts discussed. In fact, the case study results should have been boiled down to a few paragraphs and better presented as a sidebar at the end of the first chapter, or moved to the back as an appendix. This latter approach is further supported by the fact that the second chapter illustrates best practices discussed in chapters that the reader has presumably yet to read (5 and 6). The material that composes the actual last sidebar in the first chapter — on metadata and microformats — could have been relegated to an appendix.

Search engine-based ad campaigns are the most important elements in the marketing strategies of countless online vendors, and in Chapter 3, Andy King explains how to increase a site's pay-per-click results, click-through rates (CTRs), and conversion rates. He begins by explaining some key terms and concepts, which should be quite helpful for most readers — especially given how much the online marketing world is laden with terminology and acronyms. The chapter reviews the advertising programs of the three top search engines, and discusses PPC optimization for those programs, with special emphasis given to Google AdWords. Like the first chapter of the book, this one does a competent job of explaining and illustrating the key ideas, and making clear topics that can be quite daunting to anyone new to the field. However, additional clarification of some terms would be helpful, otherwise many readers may be uncertain as to what is meant by terms such as "negative keywords," which unfortunately are left undefined. Even phrases outside the online marketing industry, such as "second-price sealed bidding system," could confuse countless readers. More importantly, some of the material is discussed at a level higher than what would be really usable for most site owners and developers — in contrast to the first chapter, which generally presented more actionable details. In fact, for readers unfamiliar with all the factors involved in running a PPC ad campaign, the early portion of this chapter could prove quite bewildering. Returning to the issue of how best to present case studies, the "Bid Optimization in Action: The E-Grooming Book Example" section shows how illustrative examples can be presented much more concisely. In contrast, Chapter 4, which consumes eight pages, shows how not to illustrate concepts already discussed.

Considerable SEO and PPC efforts could pay off in the form of a huge increase in traffic to one's Web site. But all of that would be in vain if there were no corresponding increase in turning those visitors into customers. Chapter 6 is devoted to conversion rate optimization, and presents some key elements of persuading online prospects, as well as the top 10 factors for maximizing one's conversion rates, from an online marketing and sales perspective. This chapter is rich in material that should inspire site owners to critically reevaluate their sites' contents, as well as their competitors'.

The sixth chapter, on Web page optimization, commences the second part of the book, and explores the most common pitfalls that lead to poor site performance, as well as ten techniques for increasing page display speeds — many of them based upon Steve Souders's book High Performance Web Sites. Andrew King correctly notes that this optimization can result in increased profits, customer satisfaction, and accessibility. However, he also claims that it will decrease costs as well as improve site maintainability and search engine rankings. He should have made it clear that faster page loading per se will not provide those last three benefits, but rather those are potential secondary gains that result from changes to code and other factors with the goal of decreasing page load times for site visitors. Nonetheless, even the most experienced Web developers should find one or more ideas in this chapter for reducing the total bandwidth consumption of the pages they create — particularly for anyone serving video content, which receives substantial coverage in this chapter. Chapter 7, on CSS optimization, follows a pattern similar to its predecessor, by presenting ten methods for improving one's CSS code, as helpful rules. The advice is spot-on, and well illustrated with examples. The suggested methods are preceded by brief discussion of reset rules, including mention of the (differing) reset rules advocated by Eric Meyer and Yahoo. It would be interesting to have learned the author's perspective on the technical differences, and why the author chose one set of rules over another. Incidentally, the paragraph describing the section, immediately below the "Tip #1" header, should have been located above it. Also, on page 195, " | inherit" should have been explained, or, better yet, excised. Lastly, the "|" appears to be missing from the similar instances on the three subsequent pages.

During the past several years, there has been a huge increase in the usage of Asynchronous JavaScript and XML (AJAX) to reduce dynamic Web page reloading, and to make Web sites behave more like desktop applications. Unfortunately, there are pitfalls in this approach, and Andy King discusses them in Chapter 8, in addition to numerous best practices for minimizing these problems within one's own AJAX code. Incidentally, in the tip on page 225, the author states that the sample AJAX application will not run on your desktop; this apparently means that it cannot run on a local Web server. An explanation as to why, would most likely be of interest to the typical reader. Prior to getting into the details of JavaScript optimization, some tips on evaluating and choosing an AJAX library are presented.

Chapter 9 covers additional optimization techniques — aside from the Web page and code techniques covered earlier — on both the server and client side. The former category consists of parallel downloads, frequent caching, HTTP compression, delta encoding, and rewriting URIs. The latter category consists of load delaying, caching of off-site files on the server to be loaded locally, JavaScript packing, and inlining images.

The last chapter delves into Web site metrics for measuring the effectiveness of Web sites and changes made to them. The author explains some of the most popular and telling metrics, the leading Web analytics software (both Web server log analysis and JavaScript page tagging), and how they can be used for improving one's search marketing strategies and results. The chapter concludes with a detailed discussion of Web performance metrics — i.e., measures of page load times, oftentimes broken out by site, request sizes, and content type. The material clearly shows that there are a great many options for testing the optimization techniques presented in all of the earlier chapters.

There are two Web sites that have additional information about the book: O'Reilly's book page offers book descriptions, the table of contents, and confirmed and reported errata (of which there are no significant ones, as of this writing). There is a more substantial author book site, which has chapter summaries, full color figures, worksheets, all the sample code, and links to external reviews.

In general, the book achieves its goals. Aside from the occasional marketing term that will most likely puzzle the majority of readers (more on that in a moment), the writing is clear and the examples cited are applicable. The illustrations created and chosen for this book are more than adequate in quality and number, although some of the graph labels would be confusing if not clarified by the text, e.g., "Mean Fixation Duration" (page 2). Web site statistics and other data are well referenced throughout the manuscript.

On the other hand, the brief chapter summaries add nothing new to the reader's understanding, and could be disposed of without loss to the book's usefulness. Chapter summaries are more appropriate for books whose material is far more lengthy and dense, thus justifying summaries as a way to convey the highlights to the reader. As noted earlier, the case study chapters similarly add very little value, if any, to Website Optimization, and could in future editions be folded into the relevant chapters, as sidebars, or at least made much more concise and moved to the back as appendices. There is a fair bit of repetition, in the form of allusions to techniques that are covered in more detail in earlier or later chapters, and other times in the form of redundancy within chapters. For instance, the sidebar on page 156, concerning CSS and JavaScript placement, consists of a uselessly brief mention of information covered later in more detail. Trimming away all of the repeated material and the chapter summaries, and folding the case studies into the relevant chapters, would make the book leaner and a faster read. Furthermore, some of the phrases are not entirely clear in their meaning, at least to readers who are not SEO marketers. For instance, "flagged sites" (page 12) — flagged for what? Some of the phrasing is confusing, if not downright bizarre, e.g. "information scent" (page 2) and "the scent of a link" (page 122)

Admittedly, a Web site owner could learn much of this information by reading numerous articles freely available online. But most businesspeople value their time much more highly than that, and would probably find a significant amount of repetition among those articles, because they tend to "borrow" a lot from one another. This is especially true in the cases of writers who have never done SEO optimization to a Web site themselves, or run a PPC campaign.

Aside from the aforesaid weaknesses, Website Optimization is an engaging, comprehensive, and valuable resource for anyone who wishes to improve the online marketing results of their own businesses Web sites or those of the clients they support. Online business owners and Web developers unfamiliar with core SEO and site optimization techniques, are urged to read this book.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Website Optimization from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

rsiles writes "When security professionals are dealing with huge amounts of information (and who isn't nowadays?), correlation and filtering is not the easiest path (and sometimes enough) to discern what is going on. The in-depth analysis of security data and logs is a time-consuming exercise, and security visualization (SecViz) extensively helps to focus on the relevant data and reduces the amount of work required to reach to the same conclusions. It is mandatory to add the tools and techniques associated to SecViz to your arsenal, as they are basically taking advantage of the capabilities we have as humans to visualize (and at the same time analyze) data. A clear example is the insider threat and related incidents, where tons of data sources are available. The best sentence (unfortunately it is not an image ;) that describes SecViz comes from the author: 'A picture is worth a thousand log entries.'" Read on for the rest of rsiles's review. Applied Security Visualization author Raffael Marty pages 552 publisher Addison-Wesley Professional rating 9/10 reviewer rsiles ISBN 978-0321510105 summary Definitely Security Visualization is one of the most relevant present and future topics in the security field, and this book is simply THE reference. This is a great book that joins two separate worlds, visualization and information security (infosec). The first chapter is an excellent introduction to the human perception system, its basic principles, and how we analyze, discern, and assimilate information. It is an eye opener for those new to the field. Chapter two is similar from an infosec perspective, and summarizes the main challenges and data sources, such as packet captures, traffic flows, and firewall, IDS/IPS, system, and application logs. The third chapter details different graph properties and chart types, including some open-source and online tools for chart and color selection. Although we (infosec pros) are familiarized with link graphs to represent relationships between botnet members or hosts, the book provides a whole set of charts for different purposes; one of the most useful types, and we are not very used too it in the security field, is treemaps. The chapter includes a really useful table to select the right graph based on the purpose of the analysis and the data available.

Then, the previous chapters are smoothly mixed together through a reference methodology that defines what is the problem to solve, and the process to manipulate the available data and generate a (or set of) graph(s) that allow gathering relevant conclusions and answers. The methodology is complemented with an introduction to the standard Unix-based text processing tools (grep, awk, Perl, etc). This methodology is later on applied, with a strong hands-on and how-to spirit, to an extensive set of common security use-cases, such as the perimeter threat, compliance, and the insider threat.

The perimeter chapter offers a deep insight into common attack scenarios, such as worms, DoS or anomaly detection, and operational tasks, like firewall log and ruleset analysis, IDS tuning, or vulnerability assessments. I could never forget how useful were SecViz techniques for anomaly detection on a huge DNS-related incident I was involved about 5 years ago. Thanks to the performance and statistical graphs we had available at that time, we were able to easily identify and solve a very complex and critical security incident.

When I saw this chapter included a wireless section I got really excited due to personal interest. However, I was disappointed as it was just a couple of pages. I think it could be extended to gather a whole set of useful information about complex wireless attacks and client and access points relationships, just by inspecting the different 802.11 management, control, and data frames, and even radio-frequency signals (from a spectrum analyzer). SecViz opens the door to a whole new wireless research area!

The compliance chapter offers a whole methodology to check and manage regulations, control frameworks, auditing, and risk monitoring and management from a visual perspective.

The same applies to the insider threat chapter, as it provides an impressive framework, not only visualization-based, to deal with malicious insiders. It is based on setting up scores for certain behaviors and activities (precursors), generating lists of suspicious candidates, and apply thresholds to accommodate exceptions. It also contains an extensive and directly applicable precursor list at the end to detect suspicious insider activities.

Finally, the book contains a whole chapter, full of references and comparison tables, of open-source and commercial visualization tools and libraries that allow the reader to select the appropriate tool for specific tasks and scenarios.

Although the book hands-on component is very significant, with lots of detailed examples of commands, scripts, and tool options to generate the different graphs, I would have liked to see a thorough usage of the how-to portions, as for some sections there are no specific details about how the graphs have been generated. The book layout makes it the perfect candidate to become a fully interactive technical book. I would suggest to add (for a 2nd edition ;)) practical sections to each chapter where the reader could reproduce all the steps discussed. The book CD is the perfect tool to provide the reader with all the (sanitized) data sets and logs used to generate the graphs, and even allow to include some challenges where the reader needs to analyze the data and answer some questions after generating the appropriate graphs.

To sum up, this book is a mandatory reference for anyone involved in the operational side of infosec, doing intrusion detection, incident handling, forensic analysis, etc, and it can be applied to both, historical analysis and real-time monitoring. Additionally, I found it useful too for auditing and pen-testing professionals, as it provides great tips to generate relevant and efficient graphs for the associated reports.

The accompanying DAVIX Live CD is an excellent resource to start applying the techniques covered throughout the book through open-source tools, SecViz is the Web portal to expand your knowledge on this topic, and AfterGlow is (one of) the most relevant SecViz open-source tools.

You can purchase Applied Security Visualization from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

mallumax notes Amazon's new Frustration-Free Packaging initiative. Over several years the retailer hopes to convince many of its suppliers to offer consumer-friendlier packaging. It's starting with just 19 products from Mattel, Fisher-Price, Microsoft, and Transcend. Until this program spreads to more products, better get one of these (ThinkGeek and Slashdot share a corporate overlord). From Amazon's announcement: "The Frustration-Free Package is recyclable and comes without excess packaging materials such as hard plastic clamshell casings, plastic bindings, and wire ties. It's designed to be opened without the use of a box cutter or knife and will protect your product just as well as traditional packaging. Products with Frustration-Free Packaging can frequently be shipped in their own boxes, without an additional shipping box. Amazon works directly with manufacturers to box products in Frustration-Free Packages right off the assembly lines, which reduces the overall amount of packing materials used."

lamaditx writes "The world of the .NET framework is taken to the next level by the release of .NET 3.5. The intended audience of this book are experienced .NET programmers. There are no sections that tell you details about C#, SQL servers or anything like that. I don't recommend this book if you never worked on a .NET project and don't know how to set up a SQL database. You should be aware that the code is written in C#. You might use one of the software code converters if you prefer Visual Basic instead. I think the code is still readable even if you do not know C#. I appreciate the fact that the authors decided to use one language only because it keeps the book smaller. The authors assume you are using Visual Studio 2008. You don't necessarily need to update to 2008 if you are working with an older edition because you can use the free Express Edition to get started." Keep reading for the rest of Adrian's review. Programming .NET 3.5 author Jesse Liberty & Alex Horovitz pages 476 publisher O'Reilly Media rating 7/10 reviewer Adrian Lambeck ISBN ISBN 978-0-596-52756-3 summary Covers all main .NET technologies found in .NET 3.5 The table of contents is available from O'Reilly — together with a chapter preview — here. The book does not come with any extras but includes the usual free 45 days access to the book on Safari.

This book covers the key technologies in .NET. There are books on each of these technologies: Windows Presentation Foundation (WPF), Windows Communication Foundation (WCF), XAML, AJAX,C# and Silverlight already, but this book shows you how everything is connected with each other. As the authors note: "Our goal is to show you the 25% that you will use 85% of the time.". From my point of view this is good because I have a .NET 2.0 background and wanted to know what is new in .NET 3.5 and how things are connected.

The book is divided in 3 main parts. The first is presentation, which covers XAML, WPF and AJAX. The second describes how to take advantage of the design pattern support in .NET. The last part covers the business layer which includes LINQ, WCF, WF and CardSpace.

The first part starts with XAML. This is the eXtensible A The next main topic is using WPF which is the successor of Windows Forms. The authors explain how to connect data structures to the user interface which I consider to be one of the most important parts of using WPF. You will also find a lot of code and XAML layout descriptions.

The chapter on Silverlight was not very helpful to me. Silverlight is the competitor of Adobe Flash. Giving samples how to layout a Silverlight application is essentially the same as a WPF application thus it dives into more details of XAML. I am missing the real Silverlight message so this part did not meet my expectations.

The third technology you will learn about is AJAX which leads us away from the desktop client to a web client. The explanation how AJAX works is pretty good. The authors show you step by step how to create a todo list web-application with a database backend using ASP.NET and AJAX. Again, this does not cover all AJAX controls or ASP.NET but it shows you how the parts are interconnected and assumes that if you know how to handle one control, then you can also figure out how to handle all the others. Most web applications need some kind of access control. At this point the authors argue that it is faster to implement your own security tables instead of using the ASP.NET forms-based controls.My opinion is that you should never do something that is not correct to teach something else. There are always people who get it wrong in a way you did not anticipate. My recommendation: use the ASP.NET components and do not implement them by yourself.

The second part about the design patterns was surprising to me because I expected the common introduction to standard design pattern. The Model-View-Controller project implements the pattern for ASP.NET and allows developers to incorporate it easily. The advantage is that you get a comprehensive and easy to understand introduction how .NET supports design pattern implementation. I guess this will lead some developers from theory of design patterns to actually implementing them.

I consider the third part to be the real interesting content. It starts with LINQ which bridges object-oriented code to relational databases. You get to know the differences to SQL and also the advantages it provides by explaining new concepts. The examples are easy to understand and successfully make their point.

Windows Communication Foundation (WCF) covers the hot Service-Oriented-Architecture (SOA) topic. The authors explain what it is all about but you will need some knowledge about Web Services and XML to really get it. The introduction is rather short but more details are explained in the corresponding example.

The chapter about Windows Workflow Foundation (WF) starts with a short example how you implement a workflow without WF. After that you get to see how you do the same with WF. This way the necessity for WF become clear and you understand how to take advantage of this technology.

Card Space is the successor of Microsoft passport which was not successful as an authentication service with respect to user acceptance. This is also the key issue that decides on the success of Card Space. Maybe the improved interoperability will help. The chapter provides you with a short authenticate-yourself test and shows you how to offer Card Space authentication in your ASP.NET application.

The book is a good entry to the world of .NET 3.5 because it gives you an idea about every part and what it is good for. Maybe you do not need all of it for your job but at least you know that it exists and how it might be useful. I think it is reasonable that a comprehensive introduction to .NET 3.5 can not satisfy everybody because the range of topics is too broad. One can argue that this kind of information could also be retrieved from the net. I consider the book to be a better resource because it already summarizes the important information such that you do not drown in a flood of information.

There is also some criticism as I pointed out earlier. Maybe I am just a little picky about the details but if you print code download references into a book, they must be available. Most examples can be downloaded but the Alex Horovitz site was not reachable when I tried to access it. Another personal remark is that I do not like to see quotes from Wikipedia. Other people might think different about that so you just need to decide on your own.

I rate this book a 7. The authors scratch the surface of every topic and choose an appropriate style to explain it. You can tell that they thought about how to explain each topic on it's own and give you not just the "how" but also the "why".

Adrian Lambeck is a graduate student in "Media and Information Technologies" and worked with .NET for a few years.

You can purchase Programming .NET 3.5 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "After attending DEFCON in August and seeing the overwhelming interest in this book, I was eager to dive into The IDA Pro Book by Chris Eagle. Chris Eagle's team, School of Root, won the 'Capture the Flag' event at DEFCON this year and Chris gave a presentation on CollabREate, a tool that integrates with IDA Pro to allow collaboration in reverse engineering (RE). All of that — together with the fact that the book sold out — screamed that this book should quickly make it to the top of my list." This review originally appeared on The Ethical Hacker Network. The IDA Pro Book author Chris Eagle pages 640 publisher No Starch Press rating 9/10 reviewer Ryan Linn ISBN 1593271786 summary An information-packed guide to IDA Once I had the book in-hand, the cover alone offered some insight into what was to come. The quote on the front of the book is an endorsement from the creator of IDA Pro. The image on the front is a throwback to the Operation game by Milton Bradley, which reminds me of how I felt when I got started doing reverse engineering. I am not a professional Reverse Engineer or Malware Analyst; however, my coding background and my current position as a security professional at SAS affords the opportunity to dabble. This puts me in the perfect middle ground of being able to understand the material as well as assess its ability to teach.

The IDA Pro Book is broken up into a number of different "Parts" each having several chapters and its own goal. Even if the content appears to be beyond your level of knowledge in a certain area, I highly recommend that you keep reading. It may also be handy to point out the fact that the book is 640 pages. So this lends itself to being more of a reference guide than a book read straight through from cover to cover.

I should also mention at this point that the book is about the 5.X tree of IDA Pro, and not the freeware version. There is a demo that you can download off of the IDA Pro Website if you aren't able to purchase the full version right away. In addition, there is a reference at the back discussing how the freeware version differs from the commercial version, so as long as you are ok with those restrictions while you are learning, this book still should be very handy.

One of the most important sections of Chris' book is found in "Introduction to IDA." The author discusses disassembly and the challenges that go with it, the tools involved with reverse engineering and disassembly, and a general breakdown of how these tools approach the binaries that they are analyzing. He also references other tools that are handy alongside IDA Pro, and outlines how they fit into the reverse engineering process. Finally information about IDA Pro licensing and installation is discussed, and the base information that you will need for the rest of your IDA Pro adventure is laid out.

Once the basics of RE have been covered, the author addresses the fundamentals of using IDA Pro. Unlike some other books, this book does a great job of letting you know where you should be looking when it lays out a block of assembly code. The references are well laid out as well. "Part II: Basic IDA Usage" progresses logically and eases you into the interface. It does a great job helping you figure out what all the new windows are doing, and how to get to the information that IDA Pro is providing. The content moves from basic skills such as finding the disassembly into manipulating the disassembly to be more meaningful then to optimizing the disassembly process. It shows you how to navigate the code, and how to incorporate other knowledge that you have about the binary you are disassembling, such as what headers or what libraries might have been used in order to obtain the most useful disassembly possible and facilitate the disassembly of the binary.

"Part III: Advanced IDA Usage" gets deeper into using IDA Pro, including utilizing the Fast Library Identification and Recognition Technology (FLIRT) signatures and custom files in order to suck the most information possible out of a binary before analysis. You also get a glimpse into how to modify the pieces of the application which can be modified only through config files. It concludes by explaining the patch capabilities of IDA Pro and discussing what the limitations and expectations should be. This Part provides insight into creating your own signatures for custom libraries that might not be available in IDA Pro, so, as you start working on real life applications, you can tailor IDA Pro to be able to recognize libraries that you frequently encounter.

After the basics of using the application have been covered, the author explains how to extend the capabilities of IDA Pro in Parts III and IV. He discusses in depth the scripting engine and how to build plug-ins and modules. Throughout this Part numerous examples are given of how the scripting and plug-ins fit into the application. Short detailed examples are used to illustrate how to accomplish some tasks that would be useful for a reverse engineer including listing out function information. The beginning of the chapter was great. As a beginning Reverse Engineer, I was able to clearly see how this information would apply. For the stuff that was beyond my current knowledge level, it was easy to see that as my knowledge progresses in the future, I would be back to re-visit this information.

Throughout the entire fifth Part are goodies focusing on the real-world applications of IDA Pro. It goes into the different types of binaries that you might encounter while doing reverse engineering. This chapter also goes into two large areas where IDA Pro is used such as obfuscated code analysis and vulnerability analysis. After reading this Part, you should have some handy scripts and a series of applications and plug-ins to aid in your RE adventures. The author discusses a number of those plug-ins in-depth including adding in bindings for Python and Ruby. At the end of this chapter, I hadn't learned an incredible amount more about IDA Pro; however I definitely knew more about how to approach the problems I might encounter and how to extend IDA Pro's capabilities in order to tackle real world tasks.

The final Part of the book is on the IDA Debugger. The debugging features of IDA Pro were an afterthought and aren't the primary focus of IDA Pro. Chris Eagle goes into what to expect from the debugger, how it's used, and then finally how to integrate the information obtained from the debugger into the overall RE process. He concludes with a discussion of how to automate debugging tasks with scripts and plug-ins and discusses some of the real-world problems that people might encounter, such as dealing with UPX packing that has been modified. This chapter also goes into remote debugging, where you can be running a binary on one machine and having it come back to a GUI on another. Knowing this information is especially useful if you are doing analysis across multiple platforms. The Windows GUI is the only non-console GUI in the IDA Pro supported platforms.

Chris Eagle's The IDA Pro Book provides a significantly better understanding not of just IDA Pro itself, but of the entire RE process. There are little gems littered throughout the book that bring in real-life experience and knowledge that you don't always get from other books instructing you in the use of an application. Although it is impossible to absorb everything in this book due to its size, it helped greatly in overcoming some of the initial hurdles of understanding a highly technical topic. As I continue down my reverse engineering path, I'm confident that I will use this book repeatedly as a reference.

If you are interested in getting deep into the assembly and figuring out what applications are doing when you don't have the source, then I would highly recommend this book to get you started with IDA Pro; it won't turn you into a reverse engineering expert, but it certainly will provide you with a major tool that will help you along the way.

You can purchase The IDA Pro Book from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "The number and functionality of web based applications has exploded recently. Many of these applications rely heavily on AJAX to provide a more desktop-like experience for users. As the number of people using JavaScript grew, libraries were developed to assist with commonly encountered issues. Jim Harmon's new book Dojo: Using the Dojo JavaScript Library to Build Ajax Applications aims to introduce readers to one of those libraries, the Dojo Toolkit." Keep reading for the rest of JR's review. Dojo: Using the Dojo JavaScript Library to Build Ajax Applications author James E. Harmon pages 316 publisher Addison-Wesley Professional rating 7/10 reviewer JR Peck ISBN 978-0-13-235804-0 summary a complete example rich developer's guide to Dojo The Dojo Toolkit, is a JavaScript library, created to increase the speed of writing JavaScript applications. It provides developers with widgets, themes, wrappers for asynchronous communication, client side storage and more. It does all this across various browsers and platforms without requiring the user to worry about differences in browsers.

The book follows an interesting pattern. It begins with a five chapter tutorial. The tutorial launches immediately into taking a straight html form and using Dojo widgets to add functionality. All of the code used in the tutorial is available at the book's web site. This tutorial moves quickly, introducing a number of available widgets and giving the reader a nice feel for how Dojo integrates with html markup.

What does not take place in the tutorial is the normal introductory material on just what Dojo is, how it is installed, or what it can do. I'm guessing that this will be a welcome change to those used to quickly brushing past the first chapter, or more, of any programming book. Harmon takes advantage of the fact that Dojo is available via the AOL Content Delivery Network, so the examples will work any javascript capable browser connected to the internet. He does give a quick explanation of what would need to be different to use local files.

All of the introductory material that I'm use to seeing is still in the book but it does not appear until chapter ten. There Harmon covers the motivation to develop Dojo, explains the history of the project, provides a bit of information regarding the dual-licensing of Dojo. (It is available under the BSD and Academic Free Licenses.) This leads into the last seven chapters, that cover the 'deeper' material in the book.

Between the tutorial and chapter ten, there are four chapters of widget documentation with examples and some explanation. Of the three sections this is the longest, though this is in part due to sometimes large sections of white space, as each widget begins on it's own page. The documentation covers each widget and provides a visual representation where applicable. There is some repetition as this section covers widgets that were used in the first section's tutorial.

The third section is entitled "Dojo in Detail." It's the level of detail that marks this book as more of an overview, rather than an in-depth treatment of Dojo. Harmon is true to the title, this book is an extremely pragmatic guide to getting started with Dojo as a means of adding Ajax to applications. It is not however going to take the reader to any great depth into the toolkit. There is plenty here to get started, and enough to hit the ground running, but anyone to get really in-depth coverage of the library will be disappointed.

The person who will get the most out of this book is someone with some knowledge of mark-up and programming but not to an advanced level. The developer with a lot of experience will probably be frustrated with the amount of explanation and repetition of simple material combined with the lack of depth. The reader with no programming experience may struggle, though they could keep up if they are willing to look outside the book for a few resources to get a good grasp of web technologies. They may become extremely frustrated with some of the later chapters where the code examples skip steps and leave the reader to assume what has happened in between what is shown and the output.

That said, this book allows the reader to dive in quickly, get a quick overview and move immediately to making use of the Dojo Toolkit. If one is not concerned with gaining insight on every aspect of the library but would rather just get into it immediately with a little guidance, this may be just right.

With this in mind, it would have been nice if the book had provided less time on documentation and more on examples and ideas for how to best use the capabilities of Dojo. It is nice to have a book that isn't so huge that it is overwhelming and difficult to find anything. But if something had to be given up to keep things compact, I'd have much rather lost things that are easy to find in the on-line documentation and subject to change as the toolkit develops. This keeps the book from being excellent, but it is still a solid introduction and primer.

You can purchase Dojo: Using the Dojo JavaScript Library to Build Ajax Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply buy products and magically get instant security by flipping on the switch. The reality is that security is not something you can buy; it is something you must get." Keep reading for the rest of Ben's review. Schneier on Security author Bruce Schneier pages 336 publisher Wiley rating 10 reviewer Ben Rothke ISBN 978-0470395356 summary The best articles from one of security's best Perhaps no one in the world gets security like author Bruce Schneier does. Schneier is a person who I am proud to have as a colleague [Schneier and I are both employed by the same parent company, but work in different divisions, in different parts of the country]. Schneier on Security is a collection of the best articles that Bruce has written from June 2002 to June 2008, mainly from his Crypto-Gram Newsletter, his blog, and other newspapers and magazine. The book is divided into 12 sections, covering nearly the entire range of security issues from terrorism, aviation, elections, economics, psychology, the business of security and much more.

Two of the terms Schneier uses extensively throughout the book are intelligence and economics. From an intelligence perspective, he feels that Washington has spent far too much on hardware and other trendy security devices that create a sense of security theater. The security theater gives an aura and show of security, but in reality, has little real effect.

The lack of intelligence is most manifest with airports, which are a perfect example of misguided security. Schneier notes that current trends in US airport security requires that people remove their shoes, due to a one-time incident with shoe-based explosive. Such an approach completely misses the point. Also, Schneier notes that the attempt to create a no-fly list, by feeding a limited set of characteristics into a computer, which is somehow expected to divine a person's terrorist leaning, is farcical.

Schneier therefore feels that the only way to effectively uncover terrorist plats is via intelligence and investigations, not via large-scale processing of everyone. Intelligence is an invaluable tool against terrorism, and the beauty of it is that it works regardless of what the terrorists are plotting. The bottom line according to Schneier in the book is that too much of the United State's counterterrorism security spending is not designed to protect us from the terrorists; but instead to protect public officials from criticism when another attack occurs.

Schneier also astutely notes that for the most part, security is not really so much of a technical issue, rather one of economics. A perfect example he gives is that of bulletproof vests. Since they are so effective, why doesn't everyone wear them all of the time? The reason people don't is that they do not think they are worth the cost. It is not worth the money or inconvenience, as the risk of being shot for most people is quite low. As a security consumer, people have made the calculation that not wearing a bulletproof vest is a good security trade-off. Schneier also notes that much of what is being proposed as national security is a bad security trade-off. It is not worth it and as consumers, the public is being ripped off.

Another recurring theme throughout the book is how the Bush administration has little by little eroded the Constitution, all in the name of fighting terrorism. Schneier notes that the brilliant framework the founding fathers created by creating divisions of power (executive, legislative, judicial) with checks and balances violates a basic unwritten rule, that the government should be granted only limited powers, and for limited purposes. Since there is a certainty that government powers will be abused.

Schneier observes that the USA PATRIOT is a perfect example of this abuse. The Constitution was designed and carefully outlines which powers each branch may exercise. While Schneier is best-known as a cryptographer and security expert, Schneier on Security also shows him to be a defender of the Constitution. In a number of essays in the book, he shows how unchecked presidential powers is bad not only for security, but for the preservation of democracy.

In chapter 8, on the topic of the economics of security, Schneier suggests a three-step program for improving computer and network security. He notes that none of them have anything to do with technology; they all have to do with businesses, economics, and people.

In chapter 9, on the psychology of security, Schneier writes that he tells people that if something is in the news, then they do not have to worry about it. He writes that the very definition of news is something that hardly ever happens. It's when something is not in the news, when it is so common that it is no longer news, drunk drivers killing people, domestic violence, deaths from diabetes, etc., that is when you should start worrying. And much of the terrorist threats that the Department of Homeland Security is spending tens of billions of dollars on, are those news threats, such as shoe bombers and liquid explosives that present very little real threat to the people of the US.

A fundamental theme of the book is that security is a trade-off. And far too many people have made the security trade-off without thinking if it is truly worth it. In essay after essay, Schenier challenges those assertions. Since 9/11, much has been given up in the name of terrorism, and that has been personal privacy and security. Schenier asks, has it been worth it?

Schneier on Security is an exceptionally important book that is overflowing with thought-provoking articles. Schneier gets above vague adages such as the war on terror and gets to the heart of the matter. His insight details what the real threats are, and what we should really be worrying about. The irony is that what Washington does is often the exact opposite of what should be done.

Much of the security carried out in the name of 9/11 has proven to be infective in the seven years since the attack. Schneier on Security is a manifesto of what should have been done, and what should be done. The book is eye-opening from the first page to the last. It lets you know that the next time you see grandma asked to take her shoes off by a TSA agent at the airport, why she is simply a bit player in the large security theater. And why spending tens of billions on a charade like that, makes that a tragedy of epic proportions.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Schneier on Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply buy products and magically get instant security by flipping on the switch. The reality is that security is not something you can buy; it is something you must get." Keep reading for the rest of Ben's review. Schneier on Security author Bruce Schneier pages 336 publisher Wiley rating 10 reviewer Ben Rothke ISBN 978-0470395356 summary The best articles from one of security's best Perhaps no one in the world gets security like author Bruce Schneier does. Schneier is a person who I am proud to have as a colleague [Schneier and I are both employed by the same parent company, but work in different divisions, in different parts of the country]. Schneier on Security is a collection of the best articles that Bruce has written from June 2002 to June 2008, mainly from his Crypto-Gram Newsletter, his blog, and other newspapers and magazine. The book is divided into 12 sections, covering nearly the entire range of security issues from terrorism, aviation, elections, economics, psychology, the business of security and much more.

Two of the terms Schneier uses extensively throughout the book are intelligence and economics. From an intelligence perspective, he feels that Washington has spent far too much on hardware and other trendy security devices that create a sense of security theater. The security theater gives an aura and show of security, but in reality, has little real effect.

The lack of intelligence is most manifest with airports, which are a perfect example of misguided security. Schneier notes that current trends in US airport security requires that people remove their shoes, due to a one-time incident with shoe-based explosive. Such an approach completely misses the point. Also, Schneier notes that the attempt to create a no-fly list, by feeding a limited set of characteristics into a computer, which is somehow expected to divine a person's terrorist leaning, is farcical.

Schneier therefore feels that the only way to effectively uncover terrorist plats is via intelligence and investigations, not via large-scale processing of everyone. Intelligence is an invaluable tool against terrorism, and the beauty of it is that it works regardless of what the terrorists are plotting. The bottom line according to Schneier in the book is that too much of the United State's counterterrorism security spending is not designed to protect us from the terrorists; but instead to protect public officials from criticism when another attack occurs.

Schneier also astutely notes that for the most part, security is not really so much of a technical issue, rather one of economics. A perfect example he gives is that of bulletproof vests. Since they are so effective, why doesn't everyone wear them all of the time? The reason people don't is that they do not think they are worth the cost. It is not worth the money or inconvenience, as the risk of being shot for most people is quite low. As a security consumer, people have made the calculation that not wearing a bulletproof vest is a good security trade-off. Schneier also notes that much of what is being proposed as national security is a bad security trade-off. It is not worth it and as consumers, the public is being ripped off.

Another recurring theme throughout the book is how the Bush administration has little by little eroded the Constitution, all in the name of fighting terrorism. Schneier notes that the brilliant framework the founding fathers created by creating divisions of power (executive, legislative, judicial) with checks and balances violates a basic unwritten rule, that the government should be granted only limited powers, and for limited purposes. Since there is a certainty that government powers will be abused.

Schneier observes that the USA PATRIOT is a perfect example of this abuse. The Constitution was designed and carefully outlines which powers each branch may exercise. While Schneier is best-known as a cryptographer and security expert, Schneier on Security also shows him to be a defender of the Constitution. In a number of essays in the book, he shows how unchecked presidential powers is bad not only for security, but for the preservation of democracy.

In chapter 8, on the topic of the economics of security, Schneier suggests a three-step program for improving computer and network security. He notes that none of them have anything to do with technology; they all have to do with businesses, economics, and people.

In chapter 9, on the psychology of security, Schneier writes that he tells people that if something is in the news, then they do not have to worry about it. He writes that the very definition of news is something that hardly ever happens. It's when something is not in the news, when it is so common that it is no longer news, drunk drivers killing people, domestic violence, deaths from diabetes, etc., that is when you should start worrying. And much of the terrorist threats that the Department of Homeland Security is spending tens of billions of dollars on, are those news threats, such as shoe bombers and liquid explosives that present very little real threat to the people of the US.

A fundamental theme of the book is that security is a trade-off. And far too many people have made the security trade-off without thinking if it is truly worth it. In essay after essay, Schenier challenges those assertions. Since 9/11, much has been given up in the name of terrorism, and that has been personal privacy and security. Schenier asks, has it been worth it?

Schneier on Security is an exceptionally important book that is overflowing with thought-provoking articles. Schneier gets above vague adages such as the war on terror and gets to the heart of the matter. His insight details what the real threats are, and what we should really be worrying about. The irony is that what Washington does is often the exact opposite of what should be done.

Much of the security carried out in the name of 9/11 has proven to be infective in the seven years since the attack. Schneier on Security is a manifesto of what should have been done, and what should be done. The book is eye-opening from the first page to the last. It lets you know that the next time you see grandma asked to take her shoes off by a TSA agent at the airport, why she is simply a bit player in the large security theater. And why spending tens of billions on a charade like that, makes that a tragedy of epic proportions.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Schneier on Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Most Web developers are familiar with one or more content management systems (CMSs), and how they can be used to create Web sites more efficiently than by hand. These developers may have deep knowledge of how to install, configure, customize, and extend a CMS. But far more rare is knowledge of how to develop a CMS of one's own, and the programming considerations required to do so successfully. These are the main themes of Martin Brampton's book PHP5 CMS Framework Development." Read below for the rest of Michael's review. PHP5 CMS Framework Development author Martin Brampton pages 348 publisher Packt Publishing rating 8/10 reviewer Michael J. Ross ISBN 1847193579 summary An in-depth look at creating a CMS, focusing on Aliro. This title was released by Packt Publishing on 6 June 2008, under the ISBNs 1847193579 and 978-1847193575. In addition to an appendix on packaging Aliro extensions, the book's material is organized into 14 chapters, covering various CMS topics: overall CMS architecture; users and administrators; code organization; user sessions; databases and data objects; access control; supporting extensions of the CMS; data caching and handlers; menus; support for multiple human languages; presentation services; miscellaneous services, such as file handling, e-mail delivery, and admin functionality; error handling; and how to manage many types of content.

At the very beginning of the preface, the author notes that "This book guides you through the design and implementation decisions necessary to create a working architecture for a PHP5-based content management system." Martin Brampton is qualified for this task, given his strong background in CMS development, having served as the leader of the Mambo development team during a critical period of its evolution, and later creating his own CMS, Aliro. It should be noted that the book does not assume any prior knowledge of CMSs in general or Aliro in particular, although in most respects this work is very much a case study of the architecture and design decisions of that specific CMS. However, the book does assume a solid understanding of PHP and object-oriented principles.

All of the code samples come from the Aliro content management system, of which Martin Brampton is the project architect. On the book's Web page, the publisher has made available links to purchase the electronic version of the book, to download the source code, to post feedback on the book, to ask questions, to read the table of contents and media reviews, and to download a sample chapter (Chapter 6: Access Control). The only problem with these offerings is that the source code is not organized by chapter, but instead comprises the source code for Aliro. (The publisher's page labels it as 2.6 MB, as of this writing, but Aliro is about three times that size.) Consequently, readers who want to find specific code should search through the files using their favorite programmer's editor.

The author devotes the first chapter of the book to presenting his perspective on the advantages of using CMSs for site development, the required and the desirable features of a CMS, and some system management issues. Also covered are reasons for using PHP 5, its object-oriented capabilities, XHTML, and the Model-View-Controller pattern. He then discusses sundry topics on site hosting, JavaScript, site security, and CMS-specific terminology. Many readers may find interesting the arguments for separating system administrative access (as done in Aliro, for instance) versus integrating it with the regular site interface and using access control to restrict non-admin users (as done in Drupal, for instance). The chapter concludes with a summary, which for this and the following two chapters, may be of value to some readers, since these chapters are more narrative than the others. But the chapter summaries that follow, for the more technical material, could be disposed of in future editions, since readers will seek within the chapters for the information covered.

Throughout much of the history of the Web, one of the most problematic aspects of site development has been the management of users and administrators — especially with CMSs causing the two distinct groups to be splintered into a spectrum ranging from anonymous visitors with no privileges, to site administrators with full privileges, along with authorized users, content contributors, and content editors. In his second chapter, the author examines the challenges of user authentication, password storage, SQL injection, and other access issues. He proposes a framework solution and also a division of user data into two tables, as done in Aliro. He describes some of the key code utilized within his CMS (naturally, the full code is obtainable since Aliro is an open-source project). Chapter 4 addresses an area that frequently mystifies new PHP programmers — namely, how to create, utilize, and protect user sessions. Thus, this material should have been placed immediately after the second chapter.

The third chapter is devoted to the critical architectural issue of how to best organize one's code. Given that the two aforementioned chapters — dealing with users and sessions — both contain a fair amount of code, this chapter's meta-information should have been presented prior to both Chapters 2 and 4. Nonetheless, the author covers such topics as inclusion and the singleton pattern. He makes a strong case for favoring small classes, stored in separate source code files, and only loading them when needed, using PHP 5's autoloading capability.

In Chapter 5, the author spends some time exploring some of the key issues for storing data in a CMS framework, including dependency upon a particular RDBMS, item counting and ordering, database security, SQL validation, PHP exception handling, and the techniques that the author used for effectively dealing with these challenges when developing his own CMS. The first portion of the chapter, which essentially presents the problems, is fairly disjointed compared to the other material; the remaining portion of the chapter, which covers all of the solutions, is certainly more complete.

The next two chapters of the book, 6 and 7, are focused on topics more specific to CMSs: access control, and extensions to the CMS (components, modules, plug-ins, and templates), respectively. Chapter 8 explores caching and cache handlers, as well as the advantages of using them. The ninth chapter, on menus and page handling, is quite specific to Aliro, and thus will prove disappointing to any reader who hopes to get ideas for their own menu code. In contrast, Chapter 10 should be of interest to anyone who would like their Web sites to be usable and appealing to Internet visitors who do not read the single language of any site not designed for foreign use. Character sets and language extensions are discussed, as well as a third-party solution that is available.

For many years there has been an ongoing debate among PHP developers, as to whether or not to use templating systems as a way of separating presentational content from business logic and functional content. At essence is a question pondered by most if not all dedicated PHP developers: What is the easiest and yet most maintainable way to deliver one's XHTML code, using PHP? This is just one of many subjects discussed in Chapter 11, "Presentation Services," which is easily one of the most compelling and wide ranging sections of the book. Chapter 12 addresses the topic of allowing a site to interact with other services, such as those for WYSIWYG editing and XML parsing. Error handling is explored in Chapter 13, including errors within application code — from PHP itself and from business logic problems — and the database. The book's final chapter covers what the author refers to as "real content," by which he means the content contributed by administrators and users to a CMS, such as articles, comments, forum postings, calendar entries, and other items. The book's single appendix explains how to package an Aliro extension for release, and would most likely be of no interest to anyone not creating such extensions for distribution.

The book has few weaknesses. Occasionally the author will state something that could be misleading to the beginning programmer. For instance, on the first page of the first chapter (not an auspicious start) he refers to the World Wide Web as a markup language. On the contrary, the markup language used to create the Web, is HTML. As we are seeing more frequently in technical books, the writing itself could use a bit more editing — such as hyphens missing from adjective phrases in many locations in the text. Lastly, some programmers may find the author's GNU style of code formatting rather bizarre in appearance.

Overall, PHP programmers who are committed to following best practices in site security, code organization, database usage, and other important factors in any site development, will find plenty of ideas in this book to consider and possibly apply to their own coding. Readers who simply see the book's title, and perhaps browse quickly through its contents, may get the false impression that the information would only be of value to someone who wants to create their own CMS from scratch. The book may be of considerable value for such an effort, but it offers more than that. Many of the most critical issues in architecting and implementing a CMS, apply to non-CMS Web sites as well. Also, as a veteran of software development, the author conveys worthy advice on development practices — such as in the first chapter — regardless of the chosen computer language. In addition, for the growing number of developers who are exploring the inner workings of CMSs — usually with the idea of extending their functionality by writing modules — an appreciation for how the creator of a CMS thinks, could be helpful. Ideas are illustrated throughout with sample code — none of them excessive in length. PHP5 CMS Framework Development offers lessons in PHP 5 object-oriented programming and Web site development that goes beyond CMSs and Aliro.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase PHP5 CMS Framework Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

jgoguen writes "Nagios, originally known as Netsaint, has been a long-time favourite for network and device monitoring due to its flexibility, ease of use, and efficiency. Nagios provided, and still provides today, a low-cost, versatile alternative to commercial network monitoring applications. Nagios 3 takes a huge step forward compared to Nagios 2, providing improved flexibility, ease of use and extensibility, all while also making significant performance enhancements. Due to its extensibility and ease of use, no device or situation has yet been found that cannot be monitored using Nagios and a pre-made or custom script, plug-in or enhancement." Read on for the rest of jgoguen's review. Nagios 3: Enterprise Network Monitoring author Max Schubert, Derrick Bennett, Jonathan Gines, Andrew Hay, John Strand pages 339 publisher Syngress rating 8 reviewer jgoguen ISBN 978-1-59749-267-6 summary Making Nagios 3 work for you and your business. The first chapter is devoted to new features in Nagios 3. The major changes implemented for Nagios 3, which includes changes to data storage options and locations, checks, configuration objects, and macros, are discussed here. Operational, performance, and usability enhancements are also discussed here. Users upgrading from Nagios 2, or users who may already be familiar with Nagios 2, will gain the most from this chapter. New users will still gain value from this chapter, however, since a number of changes also involve some of the major features of Nagios. In addition, users who may be referring to configuration file samples created for Nagios 2 will save a great deal of time referring to this chapter for changes. Using Nagios 2 configuration files directly prevents users from enjoying some new features of Nagios 3. Users who will only be writing plug-ins and scripts for their local Nagios deployment might not find Chapter 1 very useful.

Chapters 2 and 3 deal with scaling Nagios to work efficiently within large deployments. First, designing a Nagios configuration for large organizations is shown. This is something that all Nagios administrators should make use of when designing configurations, not only administrators in large organizations, because a properly done configuration for a small organization will easily scale up as the organization grows. I was impressed to see that the authors stress the importance of the end user's input when designing configurations. Administrators who ignore this piece of advice risk the success of Nagios in their organization. Various diagrams help to explain the relationships between the various Nagios configuration objects. A good amount of detail is provided regarding allowing various groups within an organization to have semi-independent control over how Nagios interacts with their hosts and services, and how Nagios alerts their staff. The authors have included numerous configuration file snippets, which allows a Nagios administrator to very quickly create a configuration file and then tweak the configuration parameters to suit local requirements.

Scaling the Nagios graphical user interface (GUI) follows a very simple concept: use a "less is more" approach. Although the specific details here deal with Nagios, the general idea is equally applicable to anyone displaying information they expect their users to actually pay attention to. In general, users should be able to see as much as they want (limited by resources and permissions) but only be shown what they need to know about by default. For example, the system administrator for marketing probably does not need to know when the development disk image server goes down, while the development system administrator would probably be very interested. Utilizing user accounts allows the administrator to allow various groups to have access to Nagios filtered by its fine-grained permissions system. Users from various groups can also be shown only what they need to be shown by default, without the need to select a particular area first. Utilizing user accounts also prevents users who need to view Nagios from having full administrative control, and allows for records of each user's actions to be made. Using a patch provided with the book's download package will enable Nagios to have read-only accounts as well, which is great for organizations who would like to grant certain users (or groups) access to view Nagios but not make any changes. As an example, an organization's help desk could use Nagios to determine quickly whether users are unable to access services because of an outage, or if further troubleshooting is necessary.

The authors continue on here to discuss clustering, failover, and the future of the Nagios GUI. I'm not convinced that these belong in a chapter devoted to scaling the Nagios GUI, since these seem to mostly deal with scaling the entire Nagios deployment. Regardless, they are all very important topics, especially when Nagios is heavily relied upon. Clustering allows remote sites to have a Nagios instance local to the site monitoring hosts and devices rather than requiring a central Nagios instance to monitor remote hosts and services. Not only would monitoring hosts and services take much longer due to the WAN links between the central instance and remote locations, but also due to the security implications of allowing the checks to be done. The authors don't discuss the security side of clustering, but it's still something that every Nagios administrator (and everyone else!) should keep in mind. The clustering section deals primarily with the rationale behind clustering and how to configure the local and remote instances of Nagios properly, but the authors include a good deal of information here that a less experienced Nagios administrator might overlook. Most notable is their discussion about the display of service status when a service is reachable from the master server but not from a remote instance. While Nagios can translate the remote instance's check result to be displayed from its own perspective, it may be more desirable to have the master Nagios GUI display the results from the perspective of the server which made the check. After implementing clustering, some sort of fallback mechanism is required. Failover and redundancy are the two main choices, and that's what the authors discuss next. They don't spend much time on redundancy, since this would require each redundant Nagios instance to perform its own set of checks, which can significantly raise the load on both the monitored hosts and the network in general. Given the problems it can introduce, the authors have spent more time on redundancy than most administrators should spend considering. Failover is a much better solution, and the authors do a great job of covering the setup of a proper failover setup. As usual, they make sure to remind readers of some things that are easily overlooked, especially when you're trying to get Nagios back up and running when the master server crashes.

Chapters 4 and 5 discuss Nagios plug-ins, add-ons, and enhancements. These chapters alone are worth the price of the book because of how much time they can save. It's much faster to copy a script and make minor tweaks than it is to try reinventing the wheel, and with the number of scenarios covered here combined with the Nagios user community there aren't very many things that haven't been done already. Whether you want to test command-line interfaces, CPU usage, memory utilization, bandwidth utilization, HTML pages, LDAP services, or even specialized hardware, there's probably already a plug-in written for it. Most common scenarios actually have a plug-in already included in this book. The available add-ons and plug-ins are equally varied, providing ways to monitor hosts across security zones, configure read-only displays that live in a security zone other than the one Nagios is in, interface with Cacti, and even read out alerts. Even more scenarios can be handled by other scripts provided by the Nagios community.

Chapter 6 goes into detail on how to integrate Nagios into an enterprise environment. This chapter goes into just enough detail to get Nagios configured to work with a large number of third-party services, such as LDAP authentication, Cacti, Puppet, and Splunk. Emphasis here is always placed on the human element; how to use Nagios to help help desk and/or NOC staff do their jobs more efficiently and effectively, and how to gain maximum support for Nagios within the organization. The importance of the human element, in all its forms, simply cannot be overstated, and the the authors have done a wonderful job of outlining a good way to make Nagios an integral part of an organization. A lot of the material towards the end of the chapter, especially the section on smaller Network Operation Centres, could be used by anyone looking for ways to help a small group work together effectively.

Chapter 7 is another chapter with a lot of content easily applicable outside of a Nagios environment. The chapter begins with the authors reminding you to know your network and to watch out for session hijack attacks, then show you how to use Nagios to do both. Nagios can't replace a competent network administrator, but it can make their lives easier and the authors show you here how the configuration you've already done on Nagios already shows you a potential session hijack attack and how it forces you to properly know your network. Nagios forces you to know your network not only by how it's built and by what devices are in use, but it also requires that you have a solid handle on what constitutes normal conditions for all your devices and services.

Another area which is very important to companies, especially companies operating in the United States, that Nagios can assist with is regulatory compliance. The authors outline how a company could use Nagios to assist with compliance with Sarbanes-Oxley (SOX) with COBIT or COSO, Payment Card Industry (PCI) Data Security Standard (DSS), Director of Central Intelligence Directive (DCID) 6/3 and Department of Defence (DoD) Information Assurance Certification and Accreditation Process (DIACAP). Nagios alone isn't enough to be compliant, at the very least detailed documentation will also be required, but the authors give a good overview of how Nagios can assist with compliance in all of these regulations.

The final chapter helps to bring the rest of the book together by walking through a full Nagios configuration for a fictional Fortune 500 corporation. The bulk of this chapter covers the pre-deployment stage of a Nagios deployment, but that doesn't mean that there isn't a lot to learn about deploying Nagios. A major hurdle towards deploying Nagios in an organization is the pre-deployment phase, and the authors outline here how to easily turn this major challenge into a series of simple steps to increase the chances of Nagios' success in your organization. From the very beginning, you can see how involving the customer early and starting small, along with everything else, becomes a part of a process. Although it's specific to Nagios, the process followed here could be easily adapted to integrating any sort of monitoring service. The remainder of the chapter is devoted to how you might integrate Nagios into a Fortune 500 company, finishing the book off with some good advice for integrating Nagios.

Despite all the book's strengths, there is some room for improvement. In chapter 2, it may have been more effective to outline the relationships between the Nagios configuration objects before discussing configuration planning. I found it much easier to think of a configuration for a large organization after knowing about how Nagios' configuration objects relate to each other.

Throughout the book, the authors have included configuration file snippets, scripts, and example script output in the main text. While all of these are quite useful and serve to enhance the book, I think it would have been better if these were all included in an appendix instead, perhaps keeping only the relevant parts of configuration snippets in the main text for clarification.

At the end of chapter 3, the sections on the future of Nagios and the CGI front end are informational and interesting, but they would be better placed in a separate chapter dealing with the potential future of Nagios in general. These and the other major areas of Nagios combined would provide more than enough material for a full chapter on their collective futures.

Overall, this is a great book for anyone using Nagios as more than a casual user, and is still very informative for the casual user. A few of these chapters alone would be worth the price of the whole book.

Disclaimer: I worked with one author when I was asked to review this book.

You can purchase Nagios 3: Enterprise Network Monitoring from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Martin Ecker writes "Mobile phones and other embedded devices are getting more and more powerful each year. The availability of dedicated hardware for 3D rendering is becoming increasingly ubiquitous, and the latest mobile phones come with 3D hardware acceleration that rivals the power of desktop graphics hardware. OpenGL ES 2.0 is the latest version of a cross-platform, low-level graphics API to utilize these new resources available in embedded devices. The OpenGL ES 2.0 Programming Guide published by Addison-Wesley Publishing aims to help the reader make use of the full power of OpenGL ES 2.0 to create interesting 3D applications." Keep reading for the rest of Martin's review. OpenGL ES 2.0 Programming Guide author Aaftab Munshi, Dan Ginsburg, Dave Shreiner pages 417 publisher Addison-Wesley Publishing rating 7/10 reviewer Martin Ecker ISBN 0-321-50279-5 summary All you need to know to develop mobile phone 3D applications in OpenGL ES 2.0 The book is intended for an audience with experience in the C programming language and a solid foundation in computer graphics. No experience with the desktop version of OpenGL is necessary, however. The book starts out with a basic introduction of OpenGL ES and explains the differences between OpenGL ES 1.x and 2.0. The main difference is that 2.0 has completely dropped support for the fixed-function pipeline and is now completely shader-based. The book then immediately gets the reader's feet wet by discussing a first simple example program that renders a triangle on the screen. This is also where the downsides of dropping fixed-function support in OpenGL ES 2.0 become apparent. It takes almost 4 pages of code to render a simple triangle. The reason for this is that you need to write a vertex and fragment shader (albeit really simple ones) to transform vertices to device coordinates and to assign a color to each pixel of the triangle. Of course, in "real-life" applications this isn't much of a problem. The increased possibilities that programmable shaders have to offer outweigh the inconvenience of having a bit more setup code.

The book continues to discuss EGL, which is like WGL on Windows or GLX on Unix, i.e. the interface between OpenGL and the underlying operating system. The next few chapters give a basic introduction to the OpenGL Shading Language. As mentioned above, with OpenGL ES 2.0 using shaders is the only way to get something on the screen. So having a good grasp of the OpenGL Shading Language is essential. The discussion at this point is fairly dry and might overwhelm readers that haven't used a shading language before. Later chapters, however, delve more deeply into developing vertex and fragment shaders.

The subsequent chapters present how to specify vertices and primitives in OpenGL ES. OpenGL ES 2.0 only supports generic vertex attributes (since there is no fixed-function pipeline anymore) and vertex data can only be specified using vertex arrays or vertex buffer objects. Immediate mode as known from desktop OpenGL is not available.

Now that the reader is familiar with sending vertices and triangles to the 3D hardware, the book describes vertex and fragment shaders in more detail. There is also a pretty long chapter on texture mapping, going into the specifics of the API calls to define and upload textures to the hardware. There are numerous examples in these chapters that demonstrate how to do lighting, generate texture coordinates, perform vertex skinning, multitexturing. These are all essential examples because the fixed-function pipeline that used to do these things is not available in OpenGL ES 2.0.

The next two chapters deal with the backend of the pipeline discussing the various per-fragment operations following the fragment shader, such as stencil test, scissor test, depth test, and framebuffer blending. Also framebuffer and renderbuffer objects (FBOs) used to efficiently implement render-to-texture in OpenGL are discussed. FBOs are thankfully fully supported in OpenGL ES 2.0. It's nice to see a whole chapter on this topic since this particular feature took a long time to make its way into OpenGL.

Chapter 13 on advanced programming with OpenGL ES is probably the best part of the book for me. It is one of the longest chapters of the book and contains numerous examples of advanced shader techniques, such as per-pixel lighting, point sprite particle systems, 3D noise, procedural textures, and some others. The provided examples are a good starting point for experimentation.

The book concludes with a chapter on state queries, which are used to obtain various parameters about the OpenGL render state, and a chapter on the interesting topic of using OpenGL ES on handheld platforms, which briefly goes into OpenKODE. OpenKODE is a standard set of APIs that provides a unified interface to the system OS of handheld devices.

Overall, the OpenGL ES 2.0 Programming Guide is an excellent book if you want to start developing 3D graphics applications for today's embedded devices and bleeding-edge mobile phones. The book also does a good job of pointing out the differences and similarities with desktop OpenGL. So if you're already familiar with OpenGL the book can help you identify the limitations of OpenGL ES compared to its big cousin.

Martin has been involved in real-time graphics programming for more than 10 years and works as a professional game developer for High Moon Studios in sunny California.

You can purchase OpenGL ES 2.0 Programming Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cgjherr writes "If the recent financial meltdown has left you wondering, 'When does exponential decay function stop?' then I have the book for you. Advanced Excel for Scientific Data Analysis is the kind of book that only comes along every twenty years. A tome so densely packed with scientific and mathematical formulas that it almost dares you to try and understand it all. A "For Dummies" book starts with a gentle introduction to the technology. This is more like a "for Mentats" book. It assumes that you know Excel very well. The first chapter alone will have you in awe as you see the author turn the lowly Excel into something that rivals Mathematica using VBA, brains, and a heaping helping of fortitude." Read on for the rest of Jack's review. Advanced Excel for Scientific Data Analysis author Robert de Levie pages 700 publisher Oxford Press rating 9 reviewer Jack Herrington ISBN 9780195370225 summary Use Excel for high end scientific data analysis akin to Mathemetica When I first opened this book my mouth just dropped. It had been years since I had seen a book typeset using LaTeX. But in an instant it made sense as the book is crammed packed with the kind of equations that would have been a nightmare to build with any other tools. Chapter after chapter has everything a really smart person needs to do curve fitting, statistical measures, differential equations, time-frequency analysis. But don't expect a play by play here. You will get the equations, set within a few dense paragraphs, with maybe a spreadsheet and a chart or two to show the results.

The first chapter concentrates on the getting the most out of Excel as a tool. All the chapters that follow dig into specific data analysis techniques. Chapters two, three and four are on least squares. Chapter five and six cover the analysis in the time domain including fourier transforms. Chapter seven covers differential equations. Chapter eight returns to Excel by digging in deeper into macros. Which leads into chapter nine, where we dig deeper into basic mathematical operations. Chapter ten covers matrix operations. And chapter eleven wraps it all up by giving you some spreadsheet best practices.

In University style there are also some exercises that you can do along the way if you want to tweak your brain pan a little more. To amuse myself I tried a few and I believe the book would have assessed my attempts 'wanting' if it had a voice to tell me.

Where most books like this would have several authors this book has just one; Roberte de Levie. This means that the tone, style and quality of the book is consistent throughout. A fact that you will come to appreciate as the book wades in ever increasingly deep data analysis concepts as the chapters roll on.

Though I would have preferred the book to have code samples in C#, I understand that the language of Excel is VBA and I guess I have to live with that. Thankfully VBA has come a long way and if you so inclined it would likely be easy to translate the code into C#, Java, or whatever else you like.

The fact that one person wrote the book left me wondering, "Who is this guy?" In my minds eye I kinda of figured he would look like one of those pulsing brain guys from Star Trek. Turns out he is a professor at Bowdoin College. And his fields of study include ionic equilibria, electrochemical kinetics, electrochemical oscillators, stochastic processes, and a whole lot more stuff that almost seems made up to sound impressive.

When this book isn't serving as an amazing reference for both Excel, scientific problem solving, or just insane equations it serves other purposes as well. It's a handy portable IQ test, as the count of pages you can grind through in one sitting, plus 90, is roughly your intelligence quotient. And if you fail at that you can always put a copy of the book, along with the Orange Bible, under your pillow and try to osmose your way to becoming the Kwisatz Haderach.

In all seriousness, this is a great book. It represents the kind of in-depth work and research we used to see in books that came out twenty years ago. Robert is to be applauded for his work. This is an excellent resource for anyone looking to do scientific data analysis but who was unaware of the powerful capabilities that Excel provides that is likely waiting just one Startup menu click away.

The book is not without fault. I would have preferred that it had been in color, or at least have one color section to show some of the more impressive visualizations that I'm sure would look great in color. In addition the index is silly short for a book that clocks in at 700 pages. But those are only minor quibbles for what is all-in-all an amazing piece of work.

You can purchase Advanced Excel for Scientific Data Analysis from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

TristanBrotherton writes "Cloud computing seems to be a good choice for startups like ours, looking to scale easily with users. (We're providing a series of Web services, assets, and Web applications to users of our mobile client.) There are the obvious choices of Google, Amazon, and smaller shops like EngineYard. The biggest issue we have in choosing cloud computing to run our applications is trust in their robustness. If the provider goes down, we suffer. In traditional hosting environments we mitigate this with multiple sites / vendors. It's not really feasible to host on multiple compute services, so I wondered if a better option might be to set up a small (perhaps two servers) origin infrastructure in a traditional manner at a datacenter, running our applications, but then send excess load, or in the event of our origin servers failing, all load, to compute services. This would give us the best of both worlds. Has anyone done this, or had experience in designing Web applications to scale seamlessly across both environments? Is there particular load-balancing hardware we can use to do this?"

Merlin42 writes "I recently took a Test-Driven-Development (TDD) training course and the teacher recommended that I read "Working Effectively with Legacy Code" by Michael Feathers. First things first, a note about the title. Feathers defines "Legacy Code" a bit different than you may expect, especially if you are not into the XP/Agile/TDD world. I have heard (and used) a number of definitions for "legacy code" over the years. Most of these definitions have to do with code that is old, inherited, difficult to maintain, or interfaces with other 'legacy' hardware/software. Feathers' definition is 'code without tests.' For those not into TDD this may seem odd, but in the TDD world, tests are what make code easy to maintain. When good unit tests are in place, then code can be changed at will and the tests will tell automatically you if you broke anything." Read on for the rest of Kevin's review. Working Effectively with Legacy Code author Michael Feathers pages 456 publisher Prentice Hall rating 9/10 reviewer Kevin Fitch ISBN 978-0-13-117705-5 summary Excelent overview of how to apply TDD to an existing project Overall this is definitely an interesting read, and useful to anyone who has ever yelled "FSCKing LEGACY code!" It will be most useful to someone who already has some appreciation for TDD and wants to use it to 'pay down the technical debt' in a legacy code project. In my opinion adding unit tests (a sort of retroactive TDD) is the best ... err ... most effective approach for getting a legacy code project into a more malleable state.

One caveat is that most of the book is focused on working with object oriented programming languages. There is some coverage of techniques for procedural languages (mainly C), but this is not the main focus of the book. In a way this is unfortunate, since there is a lot of really useful C code out there gathering dust. But in the book he states that "the number of things you can do to introduce unit tests in procedural languages is pretty small." Unfortunately I would have to agree with him on this point.

One of the greatest things about this book is that it is written by someone who has worked with a lot of legacy code, and there are numerous real world anecdotes sprinkled throughout the text that really serve to help drive the points home. The code examples are plentiful, but not verbose. They all look like real code you might find lurking in a dark corner at work, not some fanciful made up snippet.

The high level goal of the book is show you how to write good unit tests for code that wasn't designed with unit tests in mind. The first step for writing unit tests is getting individual classes or functions into a test harness where you can apply known inputs, and check the outputs or behavior. To do this you need to break dependencies in the original code. The bulk of the book is dedicated to looking at different approaches to breaking dependencies.

Much of the book is organized like a FAQ. There are chapter titles like: "I Need to Make a Change. What Methods Should I Test?" and "My Project Is Not Object Oriented. How Do I Make Safe Changes?". This organization makes the book work a bit better as reference than as learning material. After the first few chapters there is very little flow to the book. Each chapter tends to stand as an independent look into a particular problem common in legacy code. As a result, you can read the table of contents and usually skip to a self-contained chapter that will help with the problem at hand.

The final chapter of the book is a listing of all the refactoring techniques used throughout the rest of book. So if you have a particular dependency-breaking technique in mind, you can skip straight to the description of the technique you want to use. This can be quite helpful when you need to perform a refactoring before you can get your code into a test harness. The descriptions are straightforward and provide a little checklist at the end that will help you make sure you didn't miss anything.

In conclusion I would definitely recommend this book to a colleague who is trying to introduce unit tests into code that was not designed with testing in mind. In fact I have already lent the book to several people at work, most of whom have bought their own copy.

You can purchase Working Effectively with Legacy Code from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Cory Foy writes "As developers, system admins, and a variety of other roles in IT, we have to deal with code on a daily basis. Sometimes it's just one-off scripts we never have to see again. Sometimes we stare at something that, for the life of us, we can't understand how it came out of a human mind (or, as the book puts it, has a high WTF/minute count). But there is a time when you find code that is a joy to use, to read and to understand. Clean Code sets out to help developers write that third kind of code through a series of essay-type chapters on a variety of topics. But does it really help?" Read below to find out. Clean Code - A Handbook of Agile Software Craftsmanship author Robert C. Martin pages 431 publisher Prentice Hall rating 10 reviewer Cory Foy ISBN 978-0-13-235088-4 summary A great book for anyone wanting to really improve how they write code I had the pleasure of attending Bob Martin (Uncle Bob)'s sessions at several agile software conferences over the past several years. In them, Bob has a unique way of showing us the value of clean code. This book is no different. There is a warning in the introduction that this is going to be hard work — this isn't a "feel good" kind of book, but one where we slog through crappy code to understand how to make it better. The authors also point out that this is their view of what clean code is all about — and fully acknowledge that readers may "violently disagree" with some of the concepts.

The book wastes no time diving in covering "Meaningful Names", "Functions" and "Comments" right in the first several chapters. While I could sum up the chapters by saying, "Use them", "Keep them small" and "Comments don't make up for bad code" it wouldn't do the wisdom in the book justice. For example, in the meaningful names chapter, he talks about making pronounceable and searchable names — staying away from things like "genymdhms" (Generation date, year, month, day, hour, minute and second) and preferring things like MAX_STUDENTS_PER_CLASS.

After touching on formatting rules (including some very interesting graphs on the file and function length distributions in some common open source projects) he dives back into some more controversial topics — "Objects and Data Structures", and "Error Handling". The Objects chapter does a great job of drawing a line in the sand between Objects and Data Structures and why it really is both important, and clearer, to keep your privates in your private classes.

The Error Handling chapter is important because of the application of earlier chapters — the Do One Thing rule. Your functions should do one thing — either handle business logic, or exception handling, but not both. It's the difference between this:

try { s = new Socket(4000); s.OpenSocket(); string data = s.ReadFromSocket(); if(data == "32") data = "42"; printer.print(data); } catch(Exception ex) { if(ex == NetworkInterruptException) { //do something } if(ex == PrinterOnFireException) { //do something } logException(ex); }

And this

try { tryToPrintDataFromSocket(); } catch(Exception ex) { logException(ex); }

We then move on to "Boundaries" and "Unit Tests" — the critical points where we tend to really let code go. If we work hard, usually we can keep our own code clean. It's when we have to begin interacting with other systems that things start to go astray. In these chapters, Bob and James Grenning show us how to keep our code at the boundaries clean — and how to keep our code working, period. The authors are proponents of Test-Driven Development, and the chapter on unit tests is a fresh reminder that those tests are just as much code, and need to be kept just as clean as any other code we write.

We then begin to move at a higher level, starting with "Classes" and "Systems". The classes section should be familiar to most any OO programmer — keep the classes small, with a single responsibility, and low coupling. He also talks about Organizing for Change which is a great section on how to structure classes in a way that keeps them open to change. The Systems section continues along the path with the great reminder to "Separate Constructing a System from Using It". Here they go into Dependency Injection and Aspect-Oriented Programming, which I'll address in a bit.

Moving even higher up the chain, the book then tackles "Emergent Design". The key is to keep the design simple, which according to Kent Beck, means:

• Runs all the tests
• Contains no duplication
• Expresses the intent of the programmer
• Minimizes the number of classes and methods

With the above list given in order of importance. Really this breaks out to "Runs all the Tests" and "Refactoring" or making the code better. Simple design is perhaps one of the harder things out there, and yet the most important. When you look at systems that highly scale, it's because they are made up of simply designed components which work very well together.

After the Emergent Design chapter there is suddenly a chapter on Concurrency. This was not something I expected to see, but was very glad to. Too many times books about patterns and design don't address problems like scaling and concurrency. But this chapter does a great job of introducing the necessary steps that need to be taken to deal with concurrency — while still keeping your code clean. The book also provides an appendix which goes even deeper into the concurrency topic which I found to be quite good. Both this chapter and the appendix provide some very valuable rules that I personally have used when writing concurrent systems — like "Get your nonthreaded code working first" and "Run with more threads than processors" to flush out problems.

Chapters 14-16 cover the cleaning up of three different sections of code — an argument processor, JUnit and SerialDate, which is part of the org.jfree package. These chapters really hold true to the warning in the introduction that we'd be going through some code. However, the refinements work very well, and I think that each of them show the value of how much cleaning up the code can improve the readability of even code that works well and seems clean.

The last chapter is a "Smells and Heuristics" chapter which I'm finding to be a handy reference guide for code smells I see. When something is bothering me with code I'm reading, I flip to this section first to see if they have it listed. And with things like "Replace Magic Numbers with Named Constants" you can be sure that all of the advice that should have been beaten into your head long ago is still there, and relevant.

All in all I think this is a very valuable book for any developer wanting to improve how they write code. For senior level people, some things may seem trivial, but if you really take the time to look at the structural changes being made and apply them, you will write better code. For functional developers — the authors believe in OO, but there are still valuable nuggets that are applicable outside of that (like "Use Copies of Data" in the concurrency section). And for any developer, the insights are really good, and you'll find yourself writing down little snippets to hang on the wall.

The challenges with the book are first that it is just as they said — hard work. This is not a flip-through-with-your-mind-shut-off type book. If you want the most out of it, you have to be willing to really work at it. The other challenges are that at times it gets way too Java-centric. All of the code examples being in Java is fine, but some of the chapters (most notably the Systems chapter) really go heavy into Java tools and the Java way which, to me, weren't always applicable across languages.

All in all, I'd highly recommend this book to anyone wanting to improve how they write code. You likely will find yourself violently disagreeing with parts, but the total sum more than makes up for it.

You can purchase Clean Code - A Handbook of Agile Software Craftsmanship from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "Equal parts ninja geekery and pop-cultural satire, The Ninja Handbook falls into that odd category of book that presents fiction as reality. Numerous Guides to Piracy have been published, and more than a few authors have taken a crack at Zombie Survival Guides, the most popular spin-off being the zombie novel World War Z, which is now on its way towards Hollywood. Of course, the creators of the Ask a Ninja website have taken the opposite tack here, having first staked their claim as an Internet video sensation before moving on to "old media."" Keep reading below to find out what secret moves Michael learned from this book. The Ninja Handbook author Douglas Sarine and Kent Nichols pages 336 publisher Three Rivers Press rating 9 reviewer Michael Fiegel ISBN 978-0-307-40580-7 summary An old media incarnation of the popular Ask a Ninja website Ask A Ninja is not the first Ninja website to turn bookish; the first "Ninja Handbook" to hit the shelves was Robert Hamburger's Real Ultimate Power: The Official Ninja Book, published on July 1, 2004 based on the website which hit its peak of popularity way back in 2002. Then there was my own Ninja Burger Honorable Employee Handbook, published in late May of 2006 based on a website started as a goof in June of 2000. Both of those books were published by Citadel Press, and in that light also worth mentioning here is the New York Times bestseller The Alphabet of Manliness, written by one Maddox, purportedly a pirate.

The Ninja Handbook, however, is entirely about ninja. Branded as an "Official Product of the International Order of Ninjas," it's an exploration of the lessons a non-ninja, or nonja, needs to learn in order to become a ninja. Of course, the book is subtitled "This Book Looks Forward To Killing You Soon," so one might expect that the lessons to be taught aren't quite so easy, or ordinary.

The book is nominally broken up into seven sections, although the content is random enough, and the humor fluid enough, that any attempt at organization seems futile at best. In many ways the book's sense of humor drifts about in the same general area as the Real Ultimate Power Book. However, that book's focus on what might best be called "12-year-old humor" (i.e.,guitar-wailing, excrement jokes, and Hippos) is decidedly different from the Ask a Ninja book which never breaks character. Ninjas are not "sweet" and "totally cool" in this book; they are savage killers with a made-up ancient history of the sort likely to send Wikipedia editors into reversion-driven nervous breakdowns.

Section 1 offers introductory advice and information about ninja, including how to form a ninja clan and make a clan flag. Section 2 teaches the Path to nearly ninja-hood, broken up into subsections that cover (in turn) the Nonja (non-ninja), those who are Ninjaish, the Ninjalike, the "Whooooooooo," (the sound of a gentle breeze) and then the I.T.A.N. ("Is That A Ninja?"). Along the way The Ninja teaches (or at least briefly mentions) the ninja basics: the ninja code, requirements to being a ninja, safe sword use, shuriken, pirates, mythical beasts, invisible scrolls, and smoke bombs, among many other topics. There are also plenty of sidewise pokes at Google Maps, Vampire Pumpkins, Fox News, A-Ha, Billy Joel, Woody Allen, and the like, the pop culture references sometimes plain to see, and at other times buried beneath in the subtext.

After a very short Section 3 (almost entirely comprised of Ninja Merit Badges, which as one might expect are all solid black), Section 4 teaches Ninja Skills, including Jumping, Spinning, Punching, Stabbing and Kicking, the latter illustrated via a list of 100 different kicks including "10 Piggies of Pain," "Driving Miss Daisy" and "Palace of Endless Toes." The book then dives headlong into the realm of the bizarre, with Section 5 covering "The Worlds" as in other dimensions and realms of existence, as well as magic and myth. The latter section does manage to clamber back out of the primordial stew onto solid ground when it looks at ninja movies, with a particularly hard look at Batman (not a ninja, as it turns out).

Since the reader has survived this far, Section 6 welcomes him or her to the International Order of Ninja, covering the top brass of the organization, ninja internships, and a bit of ninja rap music. Section 7 then introduces the new ninja to their Mission, an endless quest wherein they follow in the footsteps of the many ninja who have come before them. How many? There is an illustration of a ninja riding a pterodactyl, if that's any help. A lengthy timeline and a one page non-glossary close out the book on an abrupt note.

Obviously, this is a book designed for people who like ninja, but more than that it's a book for those who enjoy a mix of intelligent humor and surreal, near-stream-of-consciousness nonsense. The book is not for everyone; it does have a very scattershot feel in places, particularly if you're not prepared to read it all the way through. While there are jokes on every page, this is not a Mystery Science Theater 3000 sort of book where you can turn it on in the middle of an episode and immediately fall into synch with the humor. But while any individual joke (or page) on its own might be somewhat hard to swallow, taken as a whole the entire piece allows you to immerse yourself in an imaginary world somewhere next door to the Big Rock Candy Mountain.

In that regard, the general tone of the book is best compared with the likes of a John Hodgman, whose book The Areas of My Expertise included a list of 700 Hobo names which he dutifully recited in the audio book version (N.B., The Ninja Handbook is also being released in audio book format). On its own, out of context, such a list is merely awkward and possibly irritating to read (or listen to). But in context, as a part of an entire book full of similar ludicrousness, it's the sort of thing you can just immerse yourself in, and appreciate on a ninja Zen level. The same might be said of the Ask a Ninja video series as well: watch one episode, and you probably won't "get it," but give yourself time to watch them all, and it all suddenly makes sense.

Unless you're a pirate, of course, since pirates and ninja don't get along. As I write this, it's the eve of International Talk Like a Pirate Day (September 19), and I'm beginning preparations for the opposing Day of the Ninja (December 5), entering its 6th year. What is it about pirates and ninja that attracts fans and sells books? Whatever it is, there's obviously something to the whole "ninja vs pirate" thing, and The Ninja Handbook represents a strong argument for the continuation of the funny fad. Obviously Three Rivers Press agrees; according to Publishers Marketplace, the book was sold to Crown Publishing (a division of Random House) for "six figures." That'll buy a lot of shuriken.

You can purchase The Ninja Handbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "In the TV show House, M.D., a premise that protagonist Dr. Greg House holds dear is that people are liars and stupid. Real life is often not far from House's observation. At the general public level, people are often misled by their lack of common sense, their deficiency in understanding statistics and basic science, and therefore fall victim to the lies of the myriad charlatans that claim to have something that fixes everything. A piece I wrote on that issue, New York News Radio — The voice of bad science, details that. While it is too broad to call the authors of Fuel efficiency of commercial aircraft: An overview of historical and future trends liars; their mediocre research created the scenario that far too many took their research as reality. Known as the Peeters report, after lead author P.M. Peeters, the authors of Plane Simple Truth refute the wide-spread belief that the fuel efficiency gains in the commercial aviation sector are erroneous, which is the principle theme of the Peeters report." Keep reading for the rest of Ben's review. Plane Simple Truth author Geoffrey Thomas pages 208 publisher Aerospace Technical Publications rating 9 reviewer Ben Rothke ISBN 978-0975234167 summary Valuable book in the important debate over greenhouse gases and aviations contribution to it The aviation industry is often an environmental pariah, with environmentalists crying foul at the industry. But it is only a pariah due to flawed data that negatively influences the public debate, and this book attempts to set the record straight. Plane Simple Truth is an articulate and extremely well-written and researched rebuttal to the Peeters report, and other flawed studies.

The Peeters report flies in the face of reality, in which gains in jet engine efficiency over the last 40 years have been astounding. Contrast those gains with the popular Cadillac Escalade and similar SUV's whose mileage per gallon is often measured in single digits, and whose efficiencies have gone in the opposite direction.

The authors wrote Plane Simple Truth as they felt that never in recent history has an industry been so maligned and the public so misled by so much falsehood and distortion. With the Peeters report and climate activists pointing the accusing finger at the aviation industry, Plane Simple Truth is their defense.

The reality is that while the Detroit automakers were making huge gas guzzling SUV's well into 2008, companies such as Lockheed had fuel efficiency on their mind back to the 1970's. In fact, fuel efficiency has been a key factor in the aviation industry since the early days. This is based on simple economics and physics in that every pound of fuel, is a pound of payload that the airline cannot carry, which costs the airline money as fuel economy is a major driver in the industry. The bottom line is that fuel economy is absolutely critical in commercial aviation. Witness the number of aviation bankruptcies in 2008 when fuel prices soured.

Like a first-rate defense attorney, the book defends the industry against its charges. In every chapter, the authors show the errors, both intentional and those errors of omission, where incorrect reporting and research have negatively affected public opinion.

While not a book about the history of jet engines; the book details the fascinating and phenomenal improvement into the efficiency of the technology. But the underlying theme of the book is that of the environmental issues.

The book details the fundamental errors in the Peters and other environmental reports that have been often taken as the unquestionable truth. Rather than analyzing the facts like the book authors have done, the media often creates sensationalist headlines with an emphasis on short sound bites, often at the cost of scientific fact. Not only do the authors refute the Peeters report, they show in detail how important aviation is to the global economy. In fact, the aviation industry is critical to every growing economy.

The books 18 chapters cover the entire spectrum of jet emissions and their incredible development in detail. Current topics such as bio fuels and their promise, new engine technology, aerodynamic gains, green airlines and more are discussed. The book makes ample use of charts and photographs to illustrate its points.

Plane Simple Truth is a fascinating book that exposes the myriad errors of the flawed environmental studies. It is also a fascinating look at the development and history of jet engines, and the amazing progress that has come about in the last few decades. Huge strides have been made that increase power by significant amounts, while simultaneously cutting emissions. In fact, there are less environmental issues to worry about in the future due to aviation, given the significant strides that are being made.

The book makes many of its valuable points via the approach of letting charts and diagrams do the talking of often dry statistical facts. Be it fuel efficiency, less emissions, or toxic gases, the book shows that misplaced myths and the smoke and mirror games that are often used by those with an agenda, have negatively affected the public's view of aviation.

We have seen that a single bad piece of research is enough to derail an entire industry and mislead the press and politicians. Plane Simple Truthis an important book that has relevance to everyone, as there is no one that is not positively affected by the aviation industry.

While the industry still has a long way to go in other areas such as passenger satisfactions, lost luggage, air traffic control delays and much more, the engine makers have continually pushed the envelope in terms of fuel efficiency and environmental concerns, and they have done this for well over half a century. This was long before the environment was a cool topic. It was also done when jet fuel was still quite cheap.

While the book's authors are intimately involved in the airline industry and clearly pro-airline, and the book's publisher is Aerospace Technical Publications; the authors let the facts speak for themselves. While greenhouse gases and their potential negative effects are part of the public and scientific debate, the ability of modern jet-engines to minimize those effects is clear. Plane Simple Truth is a valuable book in the important debate over greenhouse gases and aviation's contribution to it.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Plane Simple Truth from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "In the TV show House, M.D., a premise that protagonist Dr. Greg House holds dear is that people are liars and stupid. Real life is often not far from House's observation. At the general public level, people are often misled by their lack of common sense, their deficiency in understanding statistics and basic science, and therefore fall victim to the lies of the myriad charlatans that claim to have something that fixes everything. A piece I wrote on that issue, New York News Radio — The voice of bad science, details that. While it is too broad to call the authors of Fuel efficiency of commercial aircraft: An overview of historical and future trends liars; their mediocre research created the scenario that far too many took their research as reality. Known as the Peeters report, after lead author P.M. Peeters, the authors of Plane Simple Truth refute the wide-spread belief that the fuel efficiency gains in the commercial aviation sector are erroneous, which is the principle theme of the Peeters report." Keep reading for the rest of Ben's review. Plane Simple Truth author Geoffrey Thomas pages 208 publisher Aerospace Technical Publications rating 9 reviewer Ben Rothke ISBN 978-0975234167 summary Valuable book in the important debate over greenhouse gases and aviations contribution to it The aviation industry is often an environmental pariah, with environmentalists crying foul at the industry. But it is only a pariah due to flawed data that negatively influences the public debate, and this book attempts to set the record straight. Plane Simple Truth is an articulate and extremely well-written and researched rebuttal to the Peeters report, and other flawed studies.

The Peeters report flies in the face of reality, in which gains in jet engine efficiency over the last 40 years have been astounding. Contrast those gains with the popular Cadillac Escalade and similar SUV's whose mileage per gallon is often measured in single digits, and whose efficiencies have gone in the opposite direction.

The authors wrote Plane Simple Truth as they felt that never in recent history has an industry been so maligned and the public so misled by so much falsehood and distortion. With the Peeters report and climate activists pointing the accusing finger at the aviation industry, Plane Simple Truth is their defense.

The reality is that while the Detroit automakers were making huge gas guzzling SUV's well into 2008, companies such as Lockheed had fuel efficiency on their mind back to the 1970's. In fact, fuel efficiency has been a key factor in the aviation industry since the early days. This is based on simple economics and physics in that every pound of fuel, is a pound of payload that the airline cannot carry, which costs the airline money as fuel economy is a major driver in the industry. The bottom line is that fuel economy is absolutely critical in commercial aviation. Witness the number of aviation bankruptcies in 2008 when fuel prices soured.

Like a first-rate defense attorney, the book defends the industry against its charges. In every chapter, the authors show the errors, both intentional and those errors of omission, where incorrect reporting and research have negatively affected public opinion.

While not a book about the history of jet engines; the book details the fascinating and phenomenal improvement into the efficiency of the technology. But the underlying theme of the book is that of the environmental issues.

The book details the fundamental errors in the Peters and other environmental reports that have been often taken as the unquestionable truth. Rather than analyzing the facts like the book authors have done, the media often creates sensationalist headlines with an emphasis on short sound bites, often at the cost of scientific fact. Not only do the authors refute the Peeters report, they show in detail how important aviation is to the global economy. In fact, the aviation industry is critical to every growing economy.

The books 18 chapters cover the entire spectrum of jet emissions and their incredible development in detail. Current topics such as bio fuels and their promise, new engine technology, aerodynamic gains, green airlines and more are discussed. The book makes ample use of charts and photographs to illustrate its points.

Plane Simple Truth is a fascinating book that exposes the myriad errors of the flawed environmental studies. It is also a fascinating look at the development and history of jet engines, and the amazing progress that has come about in the last few decades. Huge strides have been made that increase power by significant amounts, while simultaneously cutting emissions. In fact, there are less environmental issues to worry about in the future due to aviation, given the significant strides that are being made.

The book makes many of its valuable points via the approach of letting charts and diagrams do the talking of often dry statistical facts. Be it fuel efficiency, less emissions, or toxic gases, the book shows that misplaced myths and the smoke and mirror games that are often used by those with an agenda, have negatively affected the public's view of aviation.

We have seen that a single bad piece of research is enough to derail an entire industry and mislead the press and politicians. Plane Simple Truthis an important book that has relevance to everyone, as there is no one that is not positively affected by the aviation industry.

While the industry still has a long way to go in other areas such as passenger satisfactions, lost luggage, air traffic control delays and much more, the engine makers have continually pushed the envelope in terms of fuel efficiency and environmental concerns, and they have done this for well over half a century. This was long before the environment was a cool topic. It was also done when jet fuel was still quite cheap.

While the book's authors are intimately involved in the airline industry and clearly pro-airline, and the book's publisher is Aerospace Technical Publications; the authors let the facts speak for themselves. While greenhouse gases and their potential negative effects are part of the public and scientific debate, the ability of modern jet-engines to minimize those effects is clear. Plane Simple Truth is a valuable book in the important debate over greenhouse gases and aviation's contribution to it.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Plane Simple Truth from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "There isn't a person writing code in this country who is not impacted by US intellectual property laws. I think that it is safe to say, that not all coders have a strong understanding of just what those laws are, let alone what they mean. Stepping into this gap is programmer become lawyer Van Lindberg with his new book Intellectual Property and Open Source. Lindberg has really done something special with this volume. I don't think I've ever read a tech oriented work where I've felt so convinced that I was reading something that would become a standard by which others would come to be judged." Read below for the rest of JR's review. Intellectual Property and Open Source author Van Lindberg pages 371 publisher O'Reilly Media, Inc. rating 10/10 reviewer JR Peck ISBN 978-0-596-51796-0 summary A practical guide to protecting code. Let me quickly state what this book is not. It is not comprehensive. It does not cover all of US law on intellectual property. What it does cover is mostly viewed from a high level that does not address many finer points. It is not a reference for IP laws outside of the United States. While there is some commonality in various parts of the world, I think the differences preclude this book from being too useful for anyone not impacted by US law.

So what is this book? To me it felt very much like sitting down with a lawyer who can speak my language, understands my concerns, uses open source software, cares about freedom and has a gift for building metaphors and illustrations that make sense. It is that ability to bridge the gap between lawyer and developer and do it in an readable way that makes this such an incredible book. If it were just accurate and thorough but I couldn't get past a couple pages it wouldn't be worth much. If things weren't put into terms that I could grasp and apply to real life situations, the same would be true.

The first seven chapters are a primer on the history and current status of U.S. IP law. Lindberg walks the reader through patents, copyright, trademarks, trade secrets, contracts and licenses. He discusses how these impact inventors and developers. I had considered myself to be somewhat familiar with most of these, but was surprised how much I learned. I was also a bit scared by the time I was done with it all. Lindberg cites not only the pitfalls that are out there, but backs it up with case history that illustrates his points. More than once I caught myself thinking, "I guess that is possible but it is unlikely." only to be reading a page or two later about how it had already happened and was in some cases still finding its way through the courts. This was all quite a wake-up call for me.

Chapter eight and on deal with how one can operate in the open source world. Lindberg talks about just what Open Source is and then handles the many things that a developer needs to consider from how to handle a new idea (especially if one is employed) to choosing a license, accepting patches, reverse engineering without being as likely to get sued, and setting up a non-profit to run a project.

I found the discussion on various licenses and just what they mean to be especially helpful. There is a general discussion that covers a wide array of licenses, and then a separate chapter just for working with the GPL. There is an illustration in that chapter that I think stands as an excellent illustration of what this book is like. "The Darth Vader Scale of Derivative Works", found in chapter twelve, serves to illustrate the Free Software Foundation's position on the applicability of the GPL. Lindberg takes time and care to explain the issue, but the figure showing a range from little "Anny" to the fully cloaked and helmeted Darth Vader shows how he also makes it fun at the same time.

It is not absolutely necessary to read through the book from start to finish but I would highly recommend it. The conversational style makes it easy to do, and there are concepts and metaphors that Lindberg reuses throughout the book that will be easier to understand if the reader has familiarity with their use right from the start. That said, the table of contents, index and topical separation of chapters will make this useful as a reference. I would just agree with Lindberg that reading it through first will make such use easier in the future.

The book has appendices that contribute over 80 pages to the total length. These include a sample Proprietary Information Agreement, a list of Open Source licenses ( along with some descriptions of how they are used), a Free Software license list, a list of the licenses used with Fedora on a grid that lists GPL compatibility, the full text for a number of licenses and a very nice GPL Compatibility Matrix. That matrix shows what versions of *GPL licenses can be used with one another from the perspective of adding code to an already licensed project or licensing a project that will include code already licensed under one of the *GPL licenses.

Some of the sections are quite sobering. I don't think becoming more educated about these issues is going to encourage people that things are headed in the right direction. That said, I don't think they will arrive at that conclusion because Lindberg is pushing a particular point of view. He is very even handed in his approach and it is obvious that he took great pains to focus on one single goal, disseminating accurate and valuable information without letting anything else get in the way. He leaves value judgments to the reader. When there are issues of debate he presents information on both sides, and may express his leaning but does not argue for it or attack other view points.

This book may be frustrating for those who just want copyright and all intellectual property laws to go away. I get the sense that while Lindberg believes that there is a lot of room for improvement, he isn't trying to describe what could or should be, he is just giving advice on how to try and best navigate what is. Right now, the penalties for failing to understand the current environment can be quite harsh, and so I think that such a guide is very important. This extremely approachable and useful book is must reading for anyone creating or contributing to FOSS projects.

You can purchase Intellectual Property and Open Source from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Of all the content management systems (CMSs) that a Web developer could use for creating a new site, the best ones allow the developer to extend the chosen CMS's capabilities, by adding new functionality, in the form of third-party modules. This is one of many reasons why Drupal is growing in popularity: Developers can choose from hundreds of Drupal modules but not all functionality that a developer might want has been captured in a module, and many of the modules are unfinished or otherwise limited in capabilities. Fortunately, PHP programmers can create their own modules, and one way to get up to speed is Learning Drupal 6 Module Development, authored by Matt Butcher." Learning Drupal 6 Module Development author Matt Butcher pages 328 publisher Packt Publishing rating 9/10 reviewer Michael J. Ross ISBN 1847194443 summary A step-by-step guide to creating new Drupal 6 modules Published on 10 May 2008 by Packt Publishing, under the ISBNs 1847194443 and 978-1847194442, the book is intended as a tutorial for developing your first Drupal 6 module; yet it also explains how to create themes and custom content types, how to use external XML APIs, and how to add AJAX functionality to your Drupal site using jQuery.

The book spans 328 pages, grouped into nine chapters, each devoted to a major topic of Drupal module development: Drupal's architecture and primary concepts (nodes, users, blocks, menus, etc.); an introduction to building a new module; Drupal's theme system, and how to create a custom one; module theming; using JavaScript, AJAX, and JSON; creating a custom administration module; creating a new content type, using the CCK; filters, input formats, hooks, actions, and triggers; installation profiles, how to develop one, and how to package a distribution. Throughout the book, the author illustrates key ideas by applying them to a sample Web site, named the Philosopher Bios. The material assumes that the reader has a solid understanding of the essentials of PHP and SQL, and familiarity with Drupal's administration area. But no advanced PHP or MySQL knowledge is required, nor prior experience creating Drupal modules and themes.

Packt Publishing has made available a Web page for the book, where visitors can order the book (print and electronic copies), download the book's sample code, provide feedback to the publisher, send in a question, read a summary of the book or the table of contents, and obtain a sample chapter (Chapter 2 — "Creating Our First Module"). One would expect to find a link to errata reported for this specific book, but this page does not have such a link. In fact, none of the book profile pages on Packt Publishing's site appear to have links to their respective errata. Instead, the visitor must go to their support page, specify the book of interest (the drop-down list should default to the last book review, but it does not), and finally click on the errata link, which should have been on the individual book's page. After clicking a link, a small and non-resizable browser window pops up, listing the known errata.

To Web developers unversed in Drupal's architecture and the use of modules to extend Drupal's core capabilities, the first chapter of this book should be quite valuable, because the author explains how Drupal's functionality has been logically organized into modules. For developers unfamiliar with CMS modules, the author sums it up nicely: "A module is a bundle of PHP code and supporting files that use Drupal's APIs and architecture to integrate new functional components into the Drupal framework." As noted earlier, the author presents overviews of the most critical Drupal concepts, including core modules, hooks, themes, nodes, comments, users, blocks, page rendering, menus, and forms. Unlike what is found in far too many programming books, the explanations in this chapter are generally quite complete, authoritative, and clear — with the exception of the last note on page 8 pertaining to system modules. The chapter concludes with a brief discussion of the demonstration site created in the book, as well as some developer tools recommended by the author.

In the second chapter, readers learn the basics of creating a module — in this case, one that accesses a philosophy reading list from Goodreads. Anyone who does not yet own a copy of the book, can quickly see the overall style of the book's information and presentation, by downloading the aforementioned sample chapter. There are few blemishes in this chapter: A short (and apparently non-facetious) phrase in one of the notes, "Drupal is meticulously documented..." (page 30), should come as a surprise to anyone who has stumbled into one of the gaps in Drupal's online documentation. The reader should beware that the code for the two private functions used in the sample module, differs between the book's code and that in the download archive, with no indication to the reader from either source as to which is to be preferred, if any. The book's code has other problems, as described in the errata. Also, tags such as "<channel/>" and "<item/>" may give the reader a false impression that those are empty tags (i.e., single tags, and not paired open/close tags). Unfortunately, this nonstandard and confusing notation is used throughout the book.

Theming a Web site is an important part of making it attractive and more usable to site visitors, and Drupal, like any solid CMS, has built-in support for applying themes to a site. In the third chapter, the author explores Drupal's theme system and theme engines, as well as how to create a new theme, and how to use Drupal's hook system for overriding a template function. The discussion is better than that seen in any other book, but could be further strengthened if the author were to explain the reasoning behind some of the suggested practices, such as making redundant copies of a parent theme's images for a sub-theme. Any readers implementing the "descartes" sub-theme should note that template.php, in the download code, begins with "<?" and not "<?php," which will cause problems if their PHP has short_open_tag set to Off. Chapter 5 extends the ideas presented earlier, and shows the reader how to create a new module with a default theme. The discussion of how to register a theme and, more specifically, the naming conventions, is in some places rather turgid — not due only to the writing, but partly Drupal's overriding scheme. But it does not help to have array keys such as "theme_function_name" mentioned in the text but not in the code (should it be "<theme function name>," following his earlier naming convention?). Partway through the fourth chapter, the author acknowledges that the reader may be getting lost in the terminology, and clarifies it. This is a worthy practice that could have been employed in several other places in the book (and by the authors of other programming books).

In the fifth chapter, readers will find a detailed discussion of how to leverage the power of AJAX, jQuery, and JSON to allow modules to refresh with changed content, without requiring Drupal to reload the entire Web page. Chapter 6 explains how to create a module with an administration interface, as well as how to use the powerful Forms API (FAPI), and the Mail API, among other Drupal capabilities available to the programmer. Creating a nontrivial content type that incorporate specialized fields, is the subject of Chapter 7. It is accomplished by building a new module, rather than the more common approach of using the Content Construction Kit (CCK). Readers will also benefit from an introduction to the Schema API, which is valuable for generating database-neutral SQL code. In Chapter 8, the author explains how to create content filters, actions, and hooks, as well as how to assign a trigger to an action. Like the previous two chapters, this one is fairly long and takes some work to fully digest, but doing so is essential for learning how to make the most of hooks, among the other topics. The author also shows how to indicate that your new module depends upon others. The final chapter covers installation profiles and packages, which allow the developer to put together a customized version of Drupal containing the new modules he or she has created, in addition to any dependent non-core modules.

Overall, Learning Drupal 6 Module Development accomplishes its primary goals, and provides information that would even be of interest to Drupal developers who may have no intention of ever creating their own modules and themes, but who would like to learn a lot more about Drupal's underlying architecture, and some of the differences between versions 5 and 6. The author tackled a difficult subject area, and presents enough explanations that would allow any experienced PHP programmer to work through the examples and learn from them. There are plenty of screenshots and diagrams, all of which are helpful. However, a few of the screenshots are intended to show color changes, which makes no sense because all of the screenshots are grayscale only. Rather than choosing orange and pink and other colors, distinct shades of gray would probably have been a better approach.

The book's remaining flaws — aside from those noted above — are relatively minor. The chapter summaries are of no value, and could be dropped in the interests of making the book leaner. Some of the paragraphs are overly short, and should be combined with adjacent ones (e.g., "Here is one very good reason."; page 111). Some of the phrasing is weak (e.g., "has got better and better"; page 18), confusing (e.g., "a typical template work"; page 60), or incorrect (e.g., "uninspiring"; should read "uninspired"; page 70). Other similar problems are identified in the book's errata. The author misses many opportunities to use commas to improve the text's readability, and even uses them incorrectly with parentheses (page 64). Some proper names do not have correct title case, such as "Windows explorer" (page 35). Throughout the manuscript, "hookname" should instead read "hook name." The possessive term "its" should contain no apostrophe (page 185, for example). Occasionally, a (non-critical) word is missing, such as in "content is main content" (page 33). Yet in none of these instances should the alert reader be unable to determine what the author is stating.

None of the weaknesses identified above detract from the overall value of the book. As of this writing, Learning Drupal 6 Module Development is the most promising and information-rich resource for Drupal developers interested in creating their own modules and themes.

Michael J. Ross is a Web developer, writer, and freelance editor."

You can purchase Learning Drupal 6 Module Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "Quests have always been a part of fantasy gaming; from the earliest days of Dungeons & Dragons to World of Warcraft's myriad quest lines, quests have given players purpose beyond button-pressing and mindless grinding. Jeff Howard's Quests: Design, Theory, and History in Games and Narrative is an exploration of such quests in both literary and gaming contexts, comparing and contrasting their appearances in each medium and striving to bring the two worlds closer together by imbuing game quests with more meaning." Read below for the rest of Michael's review Quests: Design, Theory, and History in Games and Narratives author Jeff Howard pages 248 publisher A.K. Peters Ltd rating 8 reviewer Michael Fiegel ISBN 978-1-56881-347-9 summary A comparison of quests in both literature and gaming In his preface, Howard first attempts to define quests, both in his own terms and with respect to the likes of Campbell and Frye. In short, a narrative quest is a "journey to attain a meaningful goal," such as one might find in The Odyssey, The Faerie Queene, or The Quest for the Holy Grail. Such quests are romantic, archetypal, and laden with meaning and purpose. On the contrary, a game quest is in Howard's words "an activity in which players must overcome challenges to reach a goal." The disparity in the language used here is clear, especially when Howard goes on to clarify game quests as being "about action that is meaningful to a player on the level of ideas..." Narrative quests are about meaningful goals; game quests are about meaningful action. Howard quotes Auden as saying that "the search for a lost button is not a quest," but is this not exactly the sort of quest we find in MMOs like WOW? Time-filling quests to give the player some sort of activity, to provide "meaningful play" in the absence of meaningful goals.

This inherent problem with quests in games is further touched upon in the introduction to the book, which explains that its own goal is to prove quests out as a bridge between games and narratives. "[I]nteractivity is a prerequisite of enactment but is not sufficient to produce it...," says Howard. "[E]nactment requires active, goal-directed effort, often in the form of balancing long-term and short-term goals." Campbell, Frye, Auden and Propp are all consulted and cited here, exploring their own takes on quests in terms of their place in the heroic monomyth, medieval romance, subjective personal experience, and a "sequence of defined transformations," respectively. However, the most enlightening point comes after an exploration of the history of quest games (from D&D through WOW) where, quoting Tronstad, the author explains that "the paradox of questing is that as soon as meaning is reached, the quest stops functioning as quest." The profusion of more-or-less meaningless quests in MMORPGs "causes the 'main quest' to disappear" according to Howard, who cites the "bleak scenario" of WOW as not being conducive to meaningful gameplay.

Given that challenge, the main portion of the book serves as a sort of lesson plan towards the creation of better, more meaningful quests in modern games. In Chapter 1, "Introduction to Quest Design," Howard asserts that designing meaningful action is key, and ample examples of symbolism and spiritual analogy tied to the story of Sir Gawain and the Green Knight are offered. The following chapters each cover a different element of quest design, more or less aligned along the same breakdowns as one might find in a MUD codebase: w(or)ld, mob(ile), obj(ect) and the like. Each one is broken up into two sections: theory, and practice, the former covering Howard's thoughts on the topic, and the latter delving into practical examples of how to create that quest element using the Neverwinter Nights Aurora Toolset.

Chapter 2 covers the "Spaces of the Quest," providing a sort of primer on level design and world design, from dungeons and labyrinths to dreamlike allegorical spaces. Chapter 3 then focuses on "Characters," both NPC and PC alike, including a discussion of encounters, dialog trees, archetypes and some minor venom spat Fable-wards due to the presence in that game of characters literally named Mentor and Hero; perhaps worth mentioning in Fable's defense is that both Hero (of Hero and Leander fame) and Mentor (Odysseus' sagacious friend) are both legitimate names derived from Greek myth. But I digress.

Chapter 4 explores "Objects," specifically those quest items that players seek out and gather on their quests. "[T]he drive to acquire objects in Everquest challenges literary understandings of games because players do not seek to interpret these objects," Wesp is quoted as saying here. The assumption seems to be that quests should strive to contain objects laden with meaning and symbolism, whether they be "rods of eight parts" that one must piece together or symbolic tattoos such as those found in Planescape: Torment. Certainly, many MMOs could learn a few lessons from this chapter, being as so many have players running around collecting feces, offal and skins. Indeed, the quests that send them off to do such things are explored in Chapter 5, "Challenges." Here Howard covers fetch/collect quests, kill quests, escort quests and the like, providing a somewhat awkward apology for kill quest proliferation by trying to compare kill grinding in games like WOW with the intense violence practiced by Odysseus. Of course, Odysseus was never sent on a quest to kill 12 Cyclopes to collect their eyes for a healing potion; once again, the difference between meaningful action and meaningful goals rears its ugly head. Indeed, Howard provides a somewhat telling example of an attempt to rectify this disparity in his scripting example, wherein he has King Arthur bestowing Gawain several keys to use on various chests so Gawain can open them in sequence to find objects hidden inside each which will help him on his quest. Surely there are examples of this sort of rote quest sequencing to be found in folklore and mythology; Russian mythology in particular is full of things done in threes. Yet one cannot help but feel that it makes the whole thing somewhat less epic in the retelling when a knight of the Round Table is reduced to playing puzzle games.

Chapter 6 of the book closes out the lesson plan with "Quests and Pedagogy," an example of how Howard used The Crying of Lot 49 with his own students to explore the nature of quests in a video game setting. This rather short chapter is followed by a Conclusion, summarizing what's come before, and then several lengthy Appendices: a guide to the Aurora Toolset; an excerpt from Sir Gawain and the Green Knight; and an excerpt from The Faerie Queene. An excellent Works Cited page (nearly as long as Chapter 6) and an adequate index close out the book. In total, the book weighs in at 248 pages, although 46 pages of that is introduction (15 more if you count Chapter 1) and over 80 pages is composed of conclusion, appendices and endmatter. Thus, about half of the book is either introduction or conclusion, frontmatter or endmatter, and this makes the book feel somewhat imbalanced, taking a long time to introduce and then back up the topic while spending not enough time (in my opinion) actually working through it. Howard's writing style is excellent and the subject matter worthy; I wish he had spent more time in his book's Act 2; perhaps he would have been able to extend his ideas even further than he does, striving not only to infuse quests with meaningful activity but with meaningful goals as well. Too much of game quest design is derived from the Latin origin of the word quest (which Howard tells us comes from questare, which means " to seek,") and not enough on the purpose of the quest, which is to have a heroic journey with a "Happily Ever After" at the end. Yet MMOs almost by definition require that many millions of players walk the exact same heroic path; would the epic tale of King Arthur be so epic if his round table had 10 million chairs, with ten million knights forever searching for their own copy of the Grail?

"Go and tell your master that we have been charged by God with a sacred quest," says King Arthur in Monty Python and the Holy Grail. "If he will give us food and shelter for the night, he can join us in our quest for the Holy Grail."

"Well, I'll ask him, but I don't think he will be very keen," replies a French soldier. "Uh, he's already got one, you see."

Therein lies the problem: he's already got one, and so does everyone else. Because everyone has done the quest, and furthermore everyone wants to keep grinding for the +2 grail, which will no doubt be available in the next expansion, or perhaps in the Player's Handbook IV, or as an exclusive Dragon Magazine feature, available to subscribers of D&D Insider. Many (if not most) fantasy games can never have meaningful, magical quests where you get the vorpal sword and slay the Jabberwock and save the world, because their Sisyphean stories can never truly end; the Horde will always be at war with the Alliance, and the ring will never, ever make it to that volcano, and there will always be another supplement or sequel, another dungeon to raid, another hamlet of Hommlet to rescue. One telling Neverwinter Nights module is called Infinite Dungeons; the solitary hero has turned into the solitaire hero, ever grinding away. Sure, Odysseus had his wandering Odyssey as he searched for home, and Galahad took years to quest for the Holy Grail, but in each case they eventually found what they were looking for. Unfortunately, right now much of the game industry seems to generally be following the example of King Pellinore, endlessly pursuing his Questing Beast.

What Howard attempts to do with Quests: Design, Theory, and History in Games and Narratives is truly worthwhile, and I look forward to the dialog his book will inspire. He would have us re-examine the game quest in terms of the narrative quest, and apply those lessons to gaming. The book is well worth a read, both as a lesson plan for making the activity of questing more meaningful, as well as a first step towards giving games that rely heavily on quests — especially MMOS — more meaningful goals. If the game industry can pull that off, it will be an impressive feat, worthy of Sir Galahad himself. If not... well, there's always another 12 wolf pelts to collect.

You can purchase Quests: Design, Theory, and History in Games and Narratives from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page.

g0dsp33d writes "Amazon opened the doors on its new video on demand service. Some promotional videos are free and the quality seems to be good. You can preview the first 2 minutes of any of the offerings. Episodes of TV shows cost $1.99 and movies are $14.99. Movies can also be 'rented' for 24 hours for $3.99. Purchasing allows download to two machines and unlimited viewing online. The service claims 14.5K movies and 1,200 TV shows including pre-purchasing the rights to upcoming seasons. Considering alternative, ad-based, free online video sites such as Hulu, is Amazon's service too pricey?"

eldavojohn writes "Everyone's got their favorite theories of Dinosaur extinction, but new speculation is rampant in a book that gives cause to believe it may have been disease-carrying insects. Due to the length of their slow and eventual extinction (the 'K-T Boundary'), it is argued that this would more likely be attributed to the spread of disease and the rise of parasitic insects like ticks or biting flies. Are our immune systems the only reason any animals survived?"