Slashdot Mirror

John S. Lewis -- Deep Space Industries' chief scientist, author, and University of Arizona professor -- speaks in an interview with Air & Space magazine about the practicalities and possibilities of deep-space mining, a topic on which he is unapologetically bullish. He points out, though, that some of the artist's-conception version of space mining skips over some of the economic realities of getting back to Earth metals that are scarce here. From the interview: But—and here’s the big conditional—if we develop an industrial capability in space such that we’re processing large amounts of metals to make solar-powered satellites, for example, then as a byproduct, we would have very substantial quantities of platinum-group metals, which are extremely valuable. So if you have a market for the iron and the nickel in space, that would liberate the precious metals to be brought back to Earth. So the scheme is not based on the idea of retrieving platinum-group metals—that is simply gravy."

An anonymous reader writes: Starting on September 1, Amazon will no longer support Flash across its advertising platform. The online retailer sites changes to browser support and a desire for customers to have a better experience as their reasons for blocking it. Google has been quite active recently in efforts to kill Flash; the Chrome beta channel has begun automatically pausing Flash, Google has converted ads from Flash to HTML5, and YouTube uses HTML5 by default now as well. Safari and Firefox also place limits on Flash content. Is Flash finally on its way out?

Nerval's Lobster writes: This weekend, The New York Times published a lengthy report about working conditions for white-collar workers at Amazon. Describing the e-commerce giant as a "bruising workplace," the report paints a picture of a Darwinian environment. But criticism of Amazon's working conditions actually goes back years. In The Everything Store, a book-length account of Amazon by Bloomberg BusinessWeek reporter Brad Stone, the Amazon of yesteryear is indeed described as an aggressive place in which Bezos pushed employees relentlessly. So is Amazon a terrible place to work? On Quora and Glassdoor, current employees suggest that the company presents its workers with interesting challenges, and that the culture is fast-paced. While there are complaints about the hours and workload, many don't seem Amazon-specific: The world is filled with tech pros struggling to achieve work-life balance in the face of incredible goals on tight deadlines. Many cite issues with the company's frugality—its lack of perks vis-à-vis Google or Microsoft. After the report was published Jeff Bezos wrote a memo to employees that reads in part: “The article doesn’t describe the Amazon I know or the caring Amazonians I work with every day. But if you know of any stories like those reported, I want you to escalate to HR. You can also email me directly at jeff@amazon.com. Even if it’s rare or isolated, our tolerance for any such lack of empathy needs to be zero.”

An anonymous reader writes: XKCD cartoonist Randall Munroe will be publishing a new book in November, but it's already become Amazon's #1 best-seller in two "Science & Math" subcategories, for mechanics and scientific instruments. Inspired by a cartoon describing NASA's Saturn V rocket as "the up-goer V", Randall's created a large-format collection of blueprints describing datacenters, tectonic plates, and even the controls in an airplane cockpit — using only the thousand most common English words. "Since this book explains things, I've called it Thing Explainer," Randall writes on the XKCD blog, trying to mimic the humorously simple style of his book. Randall's previous book of scientific hypotheticals — published one year ago — is still Amazon's #1 best-selling book in their "Physics" category, ranking higher than Stephen Hawking's "A Brief History of Time."

An anonymous reader writes: XKCD cartoonist Randall Munroe will be publishing a new book in November, but it's already become Amazon's #1 best-seller in two "Science & Math" subcategories, for mechanics and scientific instruments. Inspired by a cartoon describing NASA's Saturn V rocket as "the up-goer V", Randall's created a large-format collection of blueprints describing datacenters, tectonic plates, and even the controls in an airplane cockpit — using only the thousand most common English words. "Since this book explains things, I've called it Thing Explainer," Randall writes on the XKCD blog, trying to mimic the humorously simple style of his book. Randall's previous book of scientific hypotheticals — published one year ago — is still Amazon's #1 best-selling book in their "Physics" category, ranking higher than Stephen Hawking's "A Brief History of Time."

Recently the founder of the Mars Settlement Research Organization and author of The International Mars Research Station Shaun Moss agreed to sit down and answer any questions you had about space exploration and colonizing Mars. Below you will find his answers to your questions. Mars One?
by quantaman

What's your opinion on Mars One? I'm extremely skeptical that they can achieve their roadmap or anything close to it, do you share this skepticism? If so do you think they're mostly finished at this point (ie the project will fade into obscurity) or do you think the Mars One group will achieve something significant in the future?

Moss: Having looked over the Mars One plans I must say I am also highly skeptical, but hesitantly so, because you never know what can happen. Humans are remarkable, and entrepreneurs are among the most remarkable of humans because they see what does not yet exist and believe they can make it exist. They have tremendous faith and self-confidence, and although I haven’t met Bas, having heard him speak I’m convinced of his genuine and well-meaning intentions. I have met and interviewed Arno Wielders (Mars One CTO), who is also a Mars Society member, and there’s no doubt these guys are on the level, at least in spirit. It is not a scam, despite what click-hungry web “journalists” would have you think.

The architecture has some good features. Not returning to Earth enables a range of optimizations to be introduced, greatly reducing the mass to be launched to Earth orbit and to be delivered to Mars, which significantly reduces cost and thus increases viability. However, I consider it incomplete.

Mars One’s approach is that they themselves will not do any engineering. They are merely providing the high-level vision, while engineering and manufacturing will be outsourced to firms who will produce the hardware necessary for the missions. However, this strategy can only work if the architecture is already rock solid.

Another key element of their philosophy is that the mission will be assembled from existing technology, i.e. (to quote them) “No new technology developments are required to establish a human settlement on Mars.” It is highly questionable whether this is possible, depending on your definition of “technological development”. For example, spacesuits for Mars (marssuits) will be required, and these do not currently exist. Will not the design and manufacture of these suits constitute technological development? Other examples include the rovers to support the mission, vehicles to transport astronauts and supplies to Mars, the living units, EDL system for capsules, ECLSS, communications satellites, and so forth. These will all need to be developed, so to say that “no technology developments are required” is simply bollocks. However, that’s arguably a question of semantics. Let’s assume for now that they will have all the time and money necessary to produce the hardware on which the architecture is based.

The intention is that the Mars One astronauts will live on Mars in living units, which are space capsules similar to the SpaceX Dragon capsule, except larger, with a diameter of about 5 meters. The Dragon has a diameter of 3.7 meters. So, there are a few problems with this. SpaceX and Mars One are not currently in business together (as far as is generally known), and Musk has his own plans for establishing a colony on Mars that do not require Mars One. It is therefore unlikely that SpaceX is currently planning to develop a 5 meter variant of the Dragon.

There are only a few scenarios that could play out from here:

• SpaceX join up with Mars One and begin developing the 5 meter capsule. How they would fund this technological development (not to labor the point) is another question. Keep in mind we are yet to see a 3.7 meter Dragon land on solid ground on Earth, let alone a 5 meter one on Mars. But this would be the best possible scenario for Mars One.
• Another company, e.g. Boeing, offers to develop the required capsule for Mars One. This would be significantly more expensive, as it would require them to exceed the engineering that SpaceX has already done. Without a major injection of funds this would also push the Mars One timeline out even further.
• Mars One decide to use the 3.7 meter Dragon for the living units instead. This would probably be an acceptable compromise, but would have significant knock-on effects for the architecture, reducing the volume and mass budget available for the inflatable habitat, furniture, ECLSS and food production systems, energy systems, etc. It would mean fewer astronauts per living unit; perhaps 2 instead of 4. This is perhaps the most likely scenario.

Assuming that the challenge of providing the living units and landing these on Mars is solved, the next difficulty is positioning them and connecting them up. Mars One have said that this will be achieved using multipurpose rovers, which will be sent out in advance of the astronauts in order to scout out a good site, deploy solar panels, and things of this nature.

The capsules will not be landed in their exact final position and orientation, which is most likely because the thrusters used in landing will kick up a lot of dust and dirt, which could damage nearby hardware, in addition to covering any solar panels that have already been deployed with dirt. Therefore, Mars One are planning to land capsules up to 10km away from the base, and tow them into position with the rovers.

This begs several questions. Mars One say that the rovers will be “capable and powerful tools”, each with a robotic hand and a trailer that will be used to tow the capsules. The problem here is that a Dragon capsule weighs about 4.2 tonnes empty and each will carry up to about 1.9 tonnes of cargo, for a total mass of around 6 tonnes each. A fully-loaded 5 meter capsule would be significantly heavier. We don’t know the size of Mars One’s rovers, but they will need to be fairly sturdy to somehow lift a 6-tonne mass onto a trailer, tow it across up to 10 km of rocky ground to an exact position, unload it, and connect up the necessary hoses and cables. This aspect of the architecture seems like pure fantasy; but, who knows, there may be engineers associated with the project who have a very clever way to achieve this. Perhaps two rovers working together could do it?

Each living unit will contain an inflatable habitat extension, possibly in addition to all the furniture, equipment, electrical wiring and plumbing which is to be assembled inside of it. This also seems difficult to imagine. The inflatable habitat is not a thin plastic shopping bag. Aside from being able to contain at least half an atmosphere pressure (the minimum required for health and safety) against a near-vacuum, the inflatable section’s walls must be thick enough to support a covering of dirt. It is hard to imagine such a thick-walled bag, large enough to expand into a volume of 1000 m3, squished into a capsule along with all the fixtures and fittings. Perhaps these will be carried in the supply capsules. Note, however, that the living units must include an airlock for EVA.

Another question about the habitat is: plumbing? Where is the latrine? How will it be emptied, what is the recycling or disposal plan for the waste, what about the smell, etc.?

The astronauts are not supposed to have sex with each other on the mission. To send mixed-gender crews of intelligent and healthy young TV stars to another planet and expect them not to get freaky is wishful thinking at best, particularly if they start brewing their own alcohol, which is virtually certain if any Australians, Americans, Canadians, Brits, Irish, French, Spaniards, Germans, Italians or Russians are included in the mission.

One of the most important aspects of the mission plan that seems to have not been fully examined yet is the astronauts’ nutrition. Even assuming that all other nutritional needs are satisfactorily met, a purely vegan diet is known to be deficient in certain essential nutrients such as vitamins B12 and D. Vegans on Earth typically require supplementation in order to compensate for these deficiencies.

It has been suggested that crickets could be grown in the habitat, as a source of protein and B12, but it’s hard to imagine sharing close quarters with 1-3 other people and hundreds of noisy crickets; or, for that matter, going through a daily process of grinding up a new batch of protein powder each day. Perhaps they could synthesize B12, which researchers on Earth have only just figured out how to do, but this would require lab equipment, the space to use it, and considerable scientific expertise. B12 is made by bacteria in the lower intestine, which is why it only comes from meat, and why some vegetarian animals eat their own shit; so they get enough B12. In the face of chronic B12 deficiency the astronauts could also do this, but since they will probably already be feeling depressed due to lack of sunlight, living in a smelly cave, being (on average) 225 million kilometers away from everyone they have ever known and every place they have ever been, and not being allowed to shag each other, they would probably rather die. Hence, the most likely solution to the B12 problem will be supplementation, which means sending sufficient quantities of pills or injectables to Mars. This can only be a temporary solution, however, due to the disparity between the available money and mass budgets and how long people generally like to live. This places pressure on the settlers to somehow develop a local source of B12 as soon as they can.

The food system to be used by Mars One involves growing hydroponic crops inside under LED lighting which only produces photons with frequencies that plants utilize, i.e. blue, red and infra-red. Growing plants indoors using LED lighting seems inefficient, and inconsistent with other aspects of the architecture. To provide the astronauts with air and water, Mars One are making use of local resources such as the gases in the Martian atmosphere and water frozen in the ground. This is called ISRU, or In Situ Resource Utilization, and is much more efficient than shipping everything out to Mars from Earth. This strategy underpins most modern Mars missions. However, Mars One are not planning to directly use the free photons from the Sun in order to grow food, but rather, to first convert them into electrical energy using solar panels, then convert that electricity back into photons with the LEDs. To me this seems inefficient.

The habitats have no windows. Yes, that’s right. The astronauts are going to spend 90% of their lives effectively living in a low-gravity cave, surrounded by technology, body odor, and danger. From a psychological perspective this seems to be one of the most serious oversights. If I was on Mars, I would want to wake up each morning and look out on that glorious, planet-sized vacant lot. It might get boring after a few months, but it would be much better than never being able to see Mars without actually going EVA, which has a high barrier in terms of suiting up and passing through the airlock. Having no windows also means wasted energy in terms of the lights needing to be on inside all day. Mental illness could be significantly more likely in a habitat without windows; far worse than ordinary Seasonal Affective Disorder. Perhaps on a short mission it would be acceptable, but not for the rest of your life. Having no windows and no sunlight coming into the hab also means no vitamin D, since it won’t be present in their diet. They may get a little sunlight through their helmet on EVA, but considering the small area of skin exposed, the small amount of time spent outside, and the fact that sunlight intensity on Mars is about 40-50% of Earth, this will hardly be enough to be healthful. Vitamin D deficiency has been associated with sore bones, muscle weakness and depression, among other things. Consider that the Mars One astronauts will already be at risk of musculoskeletal problems due to living in a reduced gravity environment, and depression, additional adverse affects associated with vitamin D deficiency are ideally avoided.

Here’s what I would change about the Mars One plan:

• Modify the architecture to use the 3.7 meter Dragon. This may require reducing the crew size per living unit to 2 or 3, but it will be much quicker and cheaper, and arguably the only way to make the plan possible within anything like the proposed timeline and budget. It also might bring SpaceX in as a partner which would be incredibly valuable.
• Forget about moving the capsules once landed and forget about connecting them together. Where they land is where they stay. Astronauts can move between the living units by walking (or driving) the intervening distances in suits. This means each capsule would need to include its own self-contained life-support system, which might be very difficult.
• Include many windows along both sides of the inflatable section of the living units.
• Send additional capsules containing inflatable greenhouses, rather than attempting to grow food inside the habitats. Design the food system to directly use sunlight rather than, or in addition to, LED lighting. This will make it possible for the environment inside the greenhouses to be optimized for plant growth. It would also mean going EVA to get food, but humans have a lot of experience with this, generally speaking.
• Design the food system as an integrated aquaponics system in which fish and plants grow symbiotically. This will provide a significantly better nutrition profile in addition to a means of disposing of food scraps and vegetable waste (i.e., the fish will eat them). A fatty fish with edible bones such as salmon will provide – especially if they eat the bones and livers – long-chain fatty acids, all essential amino acids, minerals such as calcium, zinc and iron, and vitamins D and B12, all of which would be lacking in a vegan diet. Anyone can learn how to scale and fillet a fish, and they have the non-trivial advantage of being delicious, and salmon can be eaten cooked or raw. There is also the psychological benefit of having animals to care for.
• Include several ATVs and ideally at least one long-range pressurized vehicle. This will greatly increase the territory that the astronauts can explore and thus the science return, preventing them from becoming extremely bored, and making it easier to travel between the living units and greenhouses if they aren’t all gathered in one location.

Mars One certainly aren’t finished yet. However, as much as I would love for them to succeed, I do not think they will unless their plans are majorly revised and they get a serious injection of capital. Having said that, they have already achieved something significant, which is to cause virtually the entire Earth to not only take human missions to Mars seriously, but to take private human missions to Mars seriously. It has also exposed considerable interest in the global community in going to Mars despite the risks, which is useful information for future entrepreneurs.

Becoming multiplanetary represents a massive quantum leap in our evolution, and Mars One have done a lot to raise awareness of this tremendously historical transition. Whether they succeed or fail, whoever tries next will benefit from what they have done.



Radiation abatement
by tbg58

Primary galactic cosmic radiation bombards the surface of Mars because its magnetic field is too feeble to turn high-energy charged particles aside, but most colonization plans envision human-constructed habitations on the surface. How much work is being directed toward finding subsurface features (lava tubes, sinkholes) which can provide radiation-hardened locations for long-term habitations? (and perhaps a word about popularizing both the risk and subsurface habitation to address it).

Moss: The radiation risk of Mars missions is not as serious as many would make out. There is less than half the radiation on the surface of Mars than there is in interplanetary space due to half being blocked from underneath by the planet itself, and the atmosphere serving to block some from above. Plus, the solar radiation at Mars is only 43% that at Earth. However, you are right, without a magnetosphere or ozone layer, the radiation environment on Mars is somewhat more extreme than on Earth.

The most popular method of providing additional radiation protection on the surface of Mars is to shelter below a layer of dirt or rock. A few people have been looking at this. Gus Frederick has investigated the use of lava tubes as habitats on Mars, and Martian lava tubes were also the topic of this year’s Space Apps Challenge. The Mars Foundation developed two concepts for Mars settlements, named the Hillside Settlement and the Plains Settlement. The Hillside Settlement is created by burrowing into the side of a mesa; the Plains Settlement has a deep tray filled with regolith above the habitat modules. Both of these concepts are way early exploratory missions. Mars One are planning to cover their inflatable habitats with “meters” of dirt, although how practical this actually is remains to be seen. Missions based on Mars Direct or Mars Semi-Direct often show the hab’s roof covered in sandbags, which is practical, and much easier than trying to place the hab in a cave or lava tube. In the mission architecture I describe in The International Mars Research Station, the surface habitat is based on a Bigelow B330 module, which will supposedly provide radiation protection equivalent to or better than the ISS.

I am not aware of any major work being done by NASA with regard to locating lava tubes, caves or sink holes for locating a habitat. This may partly be due to the difficulty of locating a suitable structure from space, as uncollapsed lava tubes are difficult to see from above, or it may simply be a matter of priorities. Early human missions will be targeted at locations offering maximum science return, and only require temporary habitation solutions. Considering the investment required in locating suitable structures, inspecting them for structural integrity, and constructing or moving habitats inside, lava tubes are probably more suited to permanent habitation, and this will not be a requirement for several decades.

The radiation level in LEO is also about half that in interplanetary space, i.e. similar to that on the surface of Mars. Thus, despite some people’s concerns about radiation on Mars, astronauts on the ISS, some of whom have spent more than a year in LEO, have already demonstrated that humans can tolerate radiation doses similar to what astronauts on Mars will experience.

The greater risk will be during the trip out and back, which emphasizes the importance of short trip times in a well-shielded transit habitat.

It is arguably inconsistent to be pathologically concerned about the radiation risks in space missions while simultaneously tolerating so many carcinogens in our air, food and water. In fact, it may even be the case that going to Mars lowers your risk of cancer due to the astronaut’s air, food and water being much cleaner and containing fewer carcinogens than what we are habitually exposed to on Earth.



What's the point?
by StikyPad

I don't mean this in a cynical, "why do anything," sort of way, but what exactly is the objective? Glory? No breathable atmosphere, no native food source, little to no natural resources, high radiation, and likely a very shortened lifespan as a consequence. Not to mention social isolation. Most explorers come back, and most migrants travel for a better life, so it seems like you are doing this wrong.

Moss: There will always be people who wish to see beyond the horizon, which is a good thing, otherwise we might all still be living in Africa; or, more accurately, most of us may never have been born at all; in fact, without adventurers we may have died out thousands of years ago. Aside from the fact that biological organisms will always expand into every niche they can, just as surely as gas will expand to fill a container, there are obvious benefits to expansion. The migration of humanity to new lands stimulates scientific discovery and innovation, which, due to communications and transportation, benefits everyone. Countless inventions are produced by people living on the frontier. Necessity is the mother of invention, as the saying goes, and the challenges of living on the frontier have stimulated all manner of innovation, as have the challenges of living in space. Mars will be the same. We don’t know what we will find there, but there’s no question that living on Mars is already leading to new technological innovation as we ramp up to make the leap. Thus, just as people living everywhere benefit from inventions developed on the frontiers in America and Australia, and those produced as a result of the space program, the people of Earth will benefit greatly from the inventions produced by humans settling Mars.

Consider how America, founded as it was on principles of freedom and self-realization, has benefited all humanity. Electricity, automobiles, air travel, the internet, and many other inventions fundamental to technological society worldwide, were developed in America primarily as a result of its culture of innovation, optimism and ballsy self-confidence. This culture is still very much alive and well today, as evidenced by the thousands of new startups pouring out of Silicon Valley, NYC, Seattle and elsewhere every year. Imagine what we can achieve on Mars by building a society incorporating the very best aspects of Earth culture, based on liberty, equality and science. Space is the new frontier, and the frontier is always a zone of tremendous creativity, driven by a feeling of true freedom, inevitable resourcefulness, and the sharpness that comes from living on the edge. Mars has the significant benefit of being extremely resource-rich, offering an abundance of metals, water and carbon with which to construct countless new settlements and technological marvels of which we can now barely conceive; inventions that can be shipped back to Earth to benefit everyone else.

Another common answer to this question is survival. Every now and then, Earth gets hit by an asteroid large enough to wipe out most life on the planet. Although this tends to happens less frequently over time, as Jupiter and the Sun mop up the leftover rocks, there are still hundreds of thousands of them in our Solar System and another large impact will almost certainly happen again sooner or later. Human expansion into space will stimulate the development of two main strategies to help us protect ourselves against this eventuality.

For starters, we will learn how to work with asteroids, including mining them as well as pushing them into new orbits. Therefore, whenever the next extinction-level rock swings into a collision course with Earth, we’ll hopefully be able to deal with it.

However, if we cannot – for example, if it is larger than what are capable of shifting or breaking apart at the time – then it will be advantageous to have settlements on other worlds. In my opinion it would be very difficult to wipe out all human life on Earth, because humans are so resourceful and tenacious. Even if the sky is blacked out by dust and ash from the impact and most plant life dies off due to lack of sunlight, humans would find ways to survive. Nonetheless, having a population on Mars (and ideally many other worlds) provides a backup plan for our species; the genetic and memetic equivalent of storing your most precious files in the cloud. Mars offers more potential for creating an independent branch of humanity than any other world we know of, due to its proximity, favorable temperatures, 24-hour day, and abundance of all the elements necessary for life and technological civilization. The more Earthian organisms we can implant there, the better.

Going to Mars will affect humanity more positively than anything else we will ever do. It will inspire generations of young people to continue and broaden their education, particularly in the highly valuable STEM topics, much more than Apollo ever did. It will also bring the people of Earth together psychologically, as humanity begins to perceive itself not as a species of many lands, but as one of many worlds. It will produce remarkable new inventions, especially related to resource utilization, life support, communications and transportation, which can be exported to Earth for everyone’s benefit, as our planet’s population grows to ten billion and beyond, and we expand into deserts and oceans, and underground. Technologies and strategies developed for terraforming can be exported to Earth to help heal the environmental damage caused by the industrial revolution. New systems developed on Mars for planetary self-governance and global resource management can be exported to Earth, transcending outmoded political and economic systems. Technologies and systems developed on Mars, and the experience gained by settling Mars, will lay the technological and cultural foundation for expanding Earthian life to countless other worlds; worlds around other stars that are capable of supporting our kind of life, which we will soon begin to discover.

Not everyone who goes to Mars will want to come back to Earth, just as many Europeans who traveled to the Americas and Australia did not want to return to Europe. They came from cities that were filthy, crowded, aggressive and classist; places where it was hard to get ahead. It was worth the significant cost and risk associated with migration. The new lands offered wide open spaces, clear skies, and new opportunities for leadership and creating fortunes and dynasties. Mars will be the same. Enough people will want to go and live on the frontier to make it worthwhile. Even if it’s not for you, it is impossible to prevent adventurers from seeking adventure.



Lunar Space Elevator
by NoImNotNineVolt

Decades ago, Jerome Pearson produced detailed plans for a lunar space elevator for NASA Institute of Advanced Concepts, seeking to enable lunar mining and lower-cost access to water in space. Since any human missions to Mars would benefit from (if not outright require) large amounts of water (either split into propellant and oxidizer, used as radiation shielding, or even just for life support), do you feel that construction of such a device would be a net benefit? Why or why not?

Moss: I do not see any reason to build a space elevator on Earth, Luna, Mars or anywhere else, because I believe (hope) we will soon see the emergence of antigravity a.k.a. gravity propulsion technology. This will be a superior means of transporting anything into space. I realize most space enthusiasts are focused firmly on rockets and are somewhat dismissive of gravity propulsion, consigning it to the same bin as UFOs, conspiracy theories and Apollo-deniers, but, frankly, if gravity propulsion is possible then we owe it to ourselves to pursue its development diligently, as it could dramatically lower the cost and difficulty of getting into space and thereby open up the space frontier just as surely as air travel opened up Earth.

Setting aside for the moment the controversial question as to whether various national governments already have this technology but keep it secret for military reasons, the work done by people such as Podkletnov, Puthoff, Brandenburg and many others suggests gravity propulsion may be possible, and that we will ultimately develop practical applications including spacecraft. The advent of this class of vehicles, which I estimate/hope will be between now and about 2050, should make both rockets and space elevators obsolete.

If I’m wrong, then space elevators are a good solution, once we work out how to economically manufacture suitable materials. However, there are enough researchers interested in gravity propulsion that I believe it’s more likely to be developed sooner. In my opinion more funding should be made available to develop this technology as a priority, as its advent would offer many benefits to society.



Teraforming
by Charliemopps

I believe the most likely way we'll actually have any impact on Mars is via genetically engineered microbes, as we've recently seen Darpa has mentioned. This, at first blush, seems harmless, Mars is already dead. But given the increasing evidence that Mars and likely many other celestial bodies have in the past and maybe even at the present microbial life on them, and that it's extremely likely all of the planets in the solar system routinely trade biological materials via asteroid impacts. It seems that logical to assume that Biological Tera-forming of Mars is also Biological Tera-forming of Earth.

In short, the Bugs we design here, and send there, will eventually come back to haunt us. Do you have opinion on this? I love science, and want us to use it to our benefit. But I'm not ignorant to the fact that nature has the uncanny knack of turning our best intentions to ashes in our mouths.

Moss: It’s by no means certain that Mars does not harbor any LAWKI. Life can be found everywhere on Earth where there is liquid water and all the necessary elements; thus, because Mars does have all the necessary elements for life, if liquid water was present on the Martian surface there would be a strong likelihood that biological (as in, water and carbon-based) life would develop. Conditions at the surface of Mars can sometimes support liquid water, but only rarely. However, there’s quite a lot of water on Mars, and underground, where temperatures and pressures are higher, there could well be aquifers harboring chemotrophic microorganisms.

If life exists on Mars, then it may have already reached Earth via panspermia, as you say. If so, has it taken root here, and, if so, has the effect been positive, negative, or nothing? Earth is covered in life, which means the answer must logically be either positive or nothing. If any genetically engineered microbes migrate from Mars to Earth, the risk of them traveling by impact debris, landing on Earth, and flourishing in a way that has a devastating effect on Earth’s biosphere, is minimal. For starters, most species would not be able to survive such a trip due to the extremes of temperature and radiation; although, to be fair, this is exactly the type of organism we would engineer to survive on the surface of Mars. Any organisms hitching an interplanetary ride on the surface of a rock would most likely die, although perhaps they could survive if encased within the rock; or, they would simply die of old age, as the trip time by this route would be on the order of millions of years, a period most likely be longer than the life of the organism unless it was somehow able to cryogenically hibernate.

Panspermia by this means is not the real risk. The real risk is that organisms will travel by spacecraft, in protected conditions, with trip times of just a few months, reducing, over time, to days.

Just as all kinds of plants, animals, fungus and bacteria migrated between continents on human-operated boats (and now, planes), such will also be the case between Earth and Mars. On Earth we have customs controls to restrict species migration, but this is hardly water-tight and almost completely unenforceable across land borders. It will be the same between Earth and Mars in the future, with the frequency of species migration events increasing with interplanetary travel and trade. While measures may be taken to prevent the unauthorized transportation of macroorganisms between planets, any number of microbes will be able to hitch a ride in exported goods, food, on boot soles, or on or inside human bodies.

We already have innumerable case studies of what happens when foreign species enter new ecosystems. Sometimes the effect is nothing; the organisms cannot find a niche, cannot reproduce, and die out. In Australia, however, we have several well-known cases of catastrophic effects. The introduction of the influenza virus, for example, was disastrous for the indigenous inhabitants. Cane toads, brought into the country to control cane beetles, with no natural predators have become an ugly pest. Similarly, rabbits, brought into Australia for sport hunting, are now in plague proportions in some parts of the country. Domestic cats gone feral have wiped out many species of marsupial, lizard and frog. (But none of these come anywhere close to the most destructive invasive species in Australia – can you guess which it is?)

The data suggests, however, that introduction of new species to an ecosystem, while the results may be unpredictable, are never absolutely catastrophic, which is to say, the ecosystem as a whole survives. Populations of various member species may ebb and flow, but the biosphere itself persists. I very much doubt that anything we will engineer for Mars could have truly calamitous effects on Earth. Perhaps one possible scenario would be something like what is happening now with soybeans, corn and other GMO crops, with more resilient engineered variants displacing the originals as they spread into new areas. However, even this is unlikely. Regardless of the mode of transport, organisms from Mars will have either evolved or been created for Martian conditions, which are very different to Earth’s, and hence they will be at an evolutionary disadvantage compared with native Earthian species. It seems unlikely they would flourish to the point of displacing native species to any great degree.

There is one species far more devastating to ecosystems and responsible for more extinction than any other, and I think you can guess which one it is. It’s precisely the same one we are planning to spread to Mars and beyond. This could be a problem for extant Martian life, if present.



How much infrastructure needs to be there first?
by Dr. Spork

Some people think that we should send someone to Mars as soon as possible, even if they can't do much before they return home. Simply leaving a human bootprint would be worth it. Others think that unmanned missions should first build up enough Martian infrastructure to support human "colonists" with a reasonable level of comfort. Only then should people be sent. Where would you put yourself on this continuum? What sort of activities should Martian astronauts be able to do before you would think the expensive trip there was worth it?

Moss: I am surely of the latter camp. Mars is not going anywhere. We shouldn’t delay, but we also shouldn’t rush in where angels fear to tread. We should send humans to Mars as soon as possible, but within the boundaries of safety and well-considered strategy. A series of unmanned missions to build up infrastructure on the surface and in Mars orbit such that a human crew can spend 1.5 years on the surface, perhaps not with a reasonable level of “comfort” but at least a reasonable level of safety, is essential.

Short missions to Mars do not make sense. If it was in any way practical to visit Mars for just a few days, such a mission would be comparatively simple and light, and could be sent fairly soon, without too much infrastructure installed in advance. However, due to Mars’ orbit, mission durations totaling 2.5 years, including a 1.5-year surface stay, are more practical. To sustain a human crew on the surface of Mars for this period of time requires significant investment in infrastructure, including satellites to provide 100% communications uptime with Earth, reliable ISRU systems capable of producing sufficient water, air, electricity, and rocket propellant for the mission, and surface habitats and vehicles. Everything they need for the mission needs to be set up and tested before the crew even leave Earth, including a fully-fueled return vehicle.

As for what activities Martian astronauts should be able to do, the main thing is that they should be able to work outside as much as they want. Considering they are going to Mars as explorers, field scientists, and representatives of humanity’s adventurous spirit, they need to be working outside a lot. Therefore they need very robust, lightweight and maneuverable suits, long-range pressurized surface vehicles, and good cameras, tools and instruments.

You may be surprised to hear that I do not think we should go to Mars next. Despite being a passionate Mars settlement advocate, it’s my considered view that we should first conduct a new series of lunar missions, far surpassing what was achieved with Apollo. The intention would be the addition of some basic infrastructure elements to the lunar surface including habitat modules and pressurized surface vehicles analogous to what we will need on Mars.

The positive benefits of this strategy will be include development of the public and private space sectors, technological innovation, improved confidence in human missions beyond LEO, more capital being made available for space projects, and practice missions similar to the human Mars missions.

While it’s true that Earth provides useful Mars analogs, these pale in comparison to the Moon in terms of value, as the Moon offers real danger, real science and exploration, and real issues of space and surface transportation, communications, life support, dust, radiation, human factors and so on. The great advantages of the Moon over Mars is that we can go any time, trip times are short, there’s virtually zero communications lag, and missions can be of any duration. We should be planning, right now, a series of lunar missions ranging in duration from weeks to months, to be conducted over the next decade by an international consortium of space agencies, as preparation for the considerably more ambitious human Mars missions. Doing this will be significantly more valuable than continuing to operate the ISS because of the degree to which it will inspire everybody, particularly students, scientists, engineers and entrepreneurs. We’ve seen LEO, people! Let’s go somewhere new. If Mars is still too far, the Moon is right there.

The immense benefit of practicing for Mars missions on the Moon is that you get the Moon. The Moon is greatly undervalued; it’s an absolute goldmine to the visionary space entrepreneur. Mars may have more potential for supporting life, but from a business perspective the Moon is currently a much better proposition. It can be done sooner, for less money, with higher return. In the current entrepreneurial climate I think it will not take many publicly-funded missions to inspire a slew of private lunar ventures, which will open up the Moon, expand the space industry and economy, and significantly improve the state of the art in space technology. This will effectively set the stage for human exploration and settlement of Mars.



How long till boot on surface of Mars?
by painandgreed

Given Apollo level funding and political will (from the US and other involved nations), what do you think the major steps to getting to Mars will be and how long do you think it would take to actually put a man on Mars?

Moss: It is difficult to estimate a time frame as we are currently going through a period of major global change which may significantly affect funding available for space. Exponential growth in world population combined with increasingly intense weather events will place pressure on food and water supplies, diverting attention away from “luxury” topics such as space and towards more immediate survival concerns. Therefore, I suspect the amount of both funding and political support available for Mars will decrease in the near future, although I could be, and I hope I am, completely wrong. It will rebound eventually, however, because of people like us, and because, despite whatever else changes, technologically consistently improves, which means getting into space will inevitably get easier and cheaper.

However, I realize this is not your question. The main area of technological development necessary is transportation, as this represents the most expensive aspect of the mission; hence why almost everyone in the Mars community hopes that SpaceX will be successful in developing reusable rockets, which will reduce the cost of space travel by 1-2 orders of magnitude, and why I hope gravity propulsion vehicles will be developed soon. Another important area of research is in the suits. The new generation of space suits, which are mechanical counter-pressure (i.e. skin-tight, like SCUBA suits) are much more comfortable and flexible and can be worn for longer periods than the current gas pressurized suits. However, some considerable investment is needed in this tech to make it ready for Mars.

Development in materials science is also important, particularly 3d-printed nanostructured materials, which will make it possible to manufacture space hardware stronger than steel but with a fraction of the mass, thus lowering launch costs. Items of ISRU hardware that can make breathable air, potable water and methalox propellant from indigenous Martian resources need to be developed and tested on Mars. We also ideally need to place communications satellites around Mars and possibly also the Sun in order to provide 100% connectivity with Earth.

Thus, if we are truly intent on sending humans to Mars, in my view we need to shift the focus of Mars missions away from science and towards engineering. At the moment the engineering is serving the science; we need to reverse this, using what we now know about Mars to develop and test the technologies needed for survival. We need a series of technology demonstration missions that prove each piece of equipment in the critical path of the mission, including transportation, communications and ISRU. To achieve all of these things will require significant investment in terms of time, money and human resources; however, it will greatly contribute to our success. Apollo missions 11-17 would not have been the successes they were without Apollos 1-10.

For 25 years people have been saying Mars is only 10 years away. In my book I set a more realistic timeline of about 20 years before boots on Mars; 10 years for building the consortium and developing the technology on Earth, plus 10 years for uncrewed precursor missions. If I had my druthers, as mentioned, a lunar program would precede the Mars program, however, this does not necessarily mean pushing the timeline for Mars further out, as the technological evolution and general enthusiasm for space stimulated by a lunar program would significantly amplify interest in, and funding for, Mars.

In reality, with the global environmental, geopolitical, economic and moral situations being what they are, it’s really anyone’s guess how the next few decades will unfold. Having said that, we should not wait; we should try our guts out to get there as soon as we can. The benefits of settling Mars are truly immense. Really, it’s up to us. We cannot wait for anyone else to do it for us. We are the space generation. The more we think and talk about it, and develop our plans and designs, the sooner it will happen. So, let’s keep talking, thinking, drawing, calculating, sharing and dreaming.



Why Mars instead of building in space?
by SoftwareArtist

Why colonize Mars instead of just building colonies in space? It seems to have many disadvantages and hardly any advantages. It's incredibly far away. You still have to deal with a large gravity well every time you want to come or go. You can't create artificial gravity on Mars, so you're stuck with 38% Earth gravity. We don't even know if humans can be healthy long term living in such low gravity. Colonies in space seem as good or better in nearly every respect. About the only advantage Mars has is access to raw materials, but space colonies could mine those from asteroids or the moon.

Moss: Mars has several distinct advantages over colonies in space.

As you say, the main one is its abundance of raw materials, including all the elements necessary for life and technological civilization, including metals, carbon, water, nitrogen and more, which you cannot say about the Moon or asteroids. This is not a minor advantage, it is a HUGE advantage. Space colonies could, and indeed, will, mine asteroids and the Moon for materials, but this is orders of magnitude more difficult than just digging up as much iron and silicon as you want from the back yard. Besides, some essential elements, for example, nitrogen, may not be available from these places, and would thus always need to be imported from Earth, Mars or elsewhere.

The raw materials available from asteroids and the Moon will mainly be of use to people living there.

Mars provides a land area equivalent to the land area of Earth, which is a huge platform on which to build. In free space you have to build the platform first, using resources that need to come from somewhere else. Until we have mining facilities on the Moon and asteroids, this place will be Earth, which is a much deeper gravity well. Due to the massive cost, there would be severe limits on how much “land” can be created in this way, constraining the possible population and scope of activities.

To compare Mars and space stations is really comparing apples and oranges, as Mars has orders of magnitude greater potential. Mars is a world with the potential to become home to millions of people. It may even be possible to engineer its environment such that it can host an uncontained biosphere, which cannot realistically be claimed for any world in our Solar System, at least with our current scientific understanding. The value of such a thing would be inestimable. A large city in space may potentially contain perhaps thousands of people, and one or several ecosystems, but these would all rely on complex life support technology requiring constant maintenance. An uncontained biosphere, however, thrives on water, sunlight and dirt; no human effort required.

Living on Mars may be challenging, but much will be familiar – land, horizon, Sun, moons, wind, clouds, dirt, and so on. Eventually, with a little warming, rain, snow, lakes and rivers will appear. People can explore the surface in buggies and trucks, or fly over it in balloons. It has fascinating geomorphology – caves, valleys, mountains, craters, dunes and more – all with their own character and history. Mars speaks adventure! It’s the frontier, where we will experiment with new ways of living together. Surely this cannot compare to living in an extremely expensive technological container floating above Earth, most likely subject to Earth’s laws and antiquated systems.

Mars is really not far away; a quick look at a map of the Solar System shows how close it really is. It’s only far away compared to how far we currently travel. But this will change.

It’s true that we don’t know if living in 38% gravity long term is healthful, but since we know living in microgravity is certainly not fatal, it’s reasonable to imagine that people will adapt. There should be more than enough gravity for the body to be able to orient itself, and to maintain sufficient muscle and bone to remain functional within that environment.

We will probably build cities in space, because enough people want to. However, it may be very expensive to live there. Elysium had it right; space stations will probably be a home for the super-rich.



Surfacism - why Mars and not Venus?
by Luminary Crush

There are actually some compelling reasons to go to Venus first including cost and transit time but also more human-favorable gravity, greater protection from radiation and possibly the only other place in the solar system which currently offers temperatures and atmospheric pressures close Earth norm - albeit only at a 30-mile altitude. So, why not cloud cities on Venus?

Moss: A cloud city on Venus would be even more difficult to build than a space station in Earth orbit, so the previous question’s answer applies even more here. You cannot get the raw materials to build such a city from Venus, because mining operations on the surface would be extremely difficult due to the high temperature and pressure. Therefore, the materials would need to come from Earth, the Moon or asteroids, and the cities would need to be constructed in space, which would limit their size. Note, too, these cities cannot have any exposed metal, which would be corroded by the sulphuric acid in Venus’ atmosphere; neither would any visiting ships, for example, supply ships. This would present an engineering challenge.

These cities would need to be shipped out to Venus and lowered into the atmosphere at the right altitude. Due to the difficulty of engineering, and cost of fabrication and shipping, if such a thing was ever created it would most likely be home to a few planetary scientists who wanted to study Venus. The population could not expand without adding more cities at great expense. In any case, not as many people will be excited about living in sulphuric acid clouds.

Mars, on the other hand, has the potential to host millions of people and a planetary biosphere.



Revolution?
by wbr1

One of the more interesting aspects of Robinson's books to me are the socio-political ones. Specifically, the fact tha Mars was a new place, with initially a very intelligent population, it came to be a place to rethink society and economics, in often painful ways. Also, there were attempts due to resource pressures on earth, of using it as an escape valve for human populations, which it could never completely be.

Assuming we ever make it to Mars, do you see it as a likely spot to foment revolution? Do you see a presence there as being able to relieve or change issues here on earth? How so?

What do you see as the primary reason we should go to Mars? I agree we should and have my own reasoning, but I want to know yours.

Moss: The primary benefit of settling Mars will be its effects on humanity as a whole. It’s an historic, evolutionary-level venture, which will do much to bring humanity together. There will be a sense of “we achieved something truly great”, which is why I am so strongly I favor of an international mission; so the “we” will not refer to the US or China or whoever, but humanity as a whole. Either way, it will herald a new frontier, and a new age of human exploration and scientific and technological achievement. It will induce strong feelings of optimism and inspiration in a world that greatly needs them.

Perhaps the most compelling reasons for going to Mars will not become fully apparent until decades or even centuries have passed. Every time humans have expanded into new territory it has presented opportunities to review our values. Mars will cause us to re-examine our ideas about economics, politics, morality, sex, health, education, food, resources and more; i.e. virtually every aspect of society. Geography has a profound influence on culture, as any traveler can tell you. Thus, Mars, because of its extremely different geography, living conditions, and the characteristics of its population (i.e. scientific adventurers), will inevitably produce a very different culture.

This will affect Earth in a similar way that the creation of new nations (the US being the most obvious example) has affected the rest of the world, particularly if the new society embodies values that the rest of the world generally agrees with, or that prove themselves over time by producing happier, healthier, more prosperous people. We may imagine that the Martian society will be formed from the very best elements of Earth’s political and social systems, incorporating values of equality, tolerance, rationality, freedom, fairness, compassion, universal health care, sustainability, free education and communications, and so forth.

As an example, consider that Martians may be highly reliant on genetic engineering for optimized food production, planetary engineering (terraforming), and possibly reproduction (self-directed evolution). Thus we can expect to see great advancements from Mars in this field, not only with regard to the science and technology, but also policy and regulation, which is sadly lacking on Earth. The same can be said about robots (technically the first inhabitants of Mars), which will share Mars with humans and other Earthian organisms, and evolve alongside them. Mars, being basically an enormous sandpit with no wildlife to disrupt, is the perfect place to play with interesting and capable robots of every shape and size. They will mine, build, make, plant, carry, and do almost all other physical work on Mars, because, let’s be honest, it’s so frickin’ cold outside. Imagine how the evolution of robotics technology on Mars will benefit Earth.

It may be that the Martian nation evolves as a single planetary society from the beginning, and due to the ubiquity of communications, a common language, and a single planet-sized continent, never fractures into competing tribes. The formation of a planetary government on Mars, including associated systems for planetary environmental and resource management, could be highly instructive in the formation of a similar world government on Earth.

Planetary engineering of Mars for the purpose of terraforming will produce advanced computer simulations of planetary systems, and a suite of strategies for influencing and controlling atmospheric constituents and pressure, surface temperatures, climate, and thus the biosphere. On Earth, where the effects of climate change will escalate until we are forced to enter a more proactive regime of regulation and planetary repair, this effort could eventually be greatly aided by planetary engineering techniques developed on Mars.

These and other similar feedback effects can be summed up as what I call “reflective planetary evolution”, as the evolution of Mars will reflect back on to Earth and pull it forward as well. It will similarly drive evolution of societies on the Moon and elsewhere. Of course, every world will affect all the others, just as all nations affect each other on Earth now. However, Mars is unique in its immense potential, and the unfolding story of Mars will drive considerable evolution throughout the Solar System. Indeed, the historical foundation laid down during human settlement of Mars will echo throughout millennia of future human history as we expand to other worlds throughout the galaxy.

This, I believe, will be the primary benefit of settling Mars.

benrothke writes: Far too many technology books take a Hamburger Helper approach, where the first quarter or so of the book is about an introduction to the topic, and filler at the end with numerous appendices of publicly available information. These books end up being well over 800 pages without a lot of original information, even though they are written an advanced audience. In software engineering, a design pattern is a general repeatable solution to a commonly occurring problem in software design. A design pattern isn't a finished design that can be transformed directly into code. It is a description or template for how to solve a problem that can be used in many different situations. Using that approach for the cloud, in Cloud Computing Design Patterns, authors Thomas Erl, Robert Cope and Amin Naserpour have written a superb book that has no filler and fully stocked with excellent and invaluable content. Keep reading for the rest of Ben's review. Cloud Computing Design Patterns author Thomas Erl, Robert Cope, Amin Naserpour pages 592 publisher Prentice Hall rating 9/10 reviewer Ben Rothke ISBN 0133858561 summary Provides well-explained vendor-agnostic patterns to the challenges of providing or using cloud solutions from PaaS to SaaS. The authors use design patterns to refer to different aspects of cloud architectures and its design requirements. In the cloud, just as in software, design patterns can speed up the development process by providing tested, proven development paradigms. The book contains over 100 different design pattern scenario templates that are common to a standard enterprise cloud roll-out. Each scenario uses a common template which starts with a question or specific requirement. It then details the problem, solution, application and the mechanisms used to solve the problem.

The authors build on the notion that for anyone who wants to architect a large cloud solution, they need to have a broad understanding of the many factors involved with the real-world usage of cloud services. Because cloud services are so easy to deploy, they are often incorrectly misconfigured during roll-out and deployment. The authors write that its crucial have a strong background in cloud services before doing any sort of a rollout. Because it's often so easy to deploy cloud services, this results in far too many failed cloud projects. And when the project is poorly implemented, it can actually cause the business to be in a far worse point from where it was before the cloud rollout.

The authors deserve credit for writing a completely vendor agnostic reference, even though there are many times you would appreciate it if they could suggest a vendor for a specific solution. Some of the more interesting patterns detailed in the book are:

• Hypervisor clustering – how can a virtual server survive the failure of its hosting hypervisor or physical server?
• Stateless hypervisor – how can a hypervisor be deployed with a minimal amount of downtime, while allowing for quick updating and upgrading?
• Trusted platform BIOS – how can the BIOS on a cloud-based environment be protected from malicious code?
• Trusted cloud resource pools – how can cloud-based resource pools be secured and become trusted?
• Detecting and mitigating user-installed VMs – how can user installed VMs from non-authorized templates be detected and secured?

The book is replete with these scenarios, and each scenario includes downloadable figures that effectively illustrate the mechanisms used to solve the problem.

Chapter 3 provides a number of first-rate architectural ideas on how to design a highly resilient cloud solution. Much of the promise of the cloud is built on scalability, elasticity and overall optimization. These chapters show how to take those possibilities from conceptual to a working implementation.

Cloud failures are inevitable and chapter 4 details how to build failover, redundancy and recovery of IT resources for the cloud environment.

Chapter 9 is particularly important, as far too many designers think that since the underlying cloud abstraction layer is highly secure, everything they build on top of that will have the same level of security. The book details a number of design patterns that are crucial to ensuring the cloud design is securing that data at rest and is resistant against specific cloud attacks.

With a list price of $49.99, the book is a bargain considering the amount of useful information it provides. For anyone involved with cloud computing design and architecture, Cloud Computing Design Patterns, is an absolute must read.

Reviewed by Ben Rothke.

You can purchase Cloud Computing Design Patterns from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

bmearns writes: Amazon has announced a new library called "s2n," an open source implementation of SSL/TLS, the cryptographic security protocols behind HTTPS, SSH, SFTP, secure SMTP, and many others. Weighing in at about 6k lines of code, it's just a little more than 1% the size of OpenSSL, which is really good news in terms of security auditing and testing. OpenSSL isn't going away, and Amazon has made clear that they will continue to support it. Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions. Further more, it implements a relatively small subset of SSL/TLS features compared to OpenSSL.

pacopico writes: In a new biography on him, Elon Musk goes into gory details on his plans for colonizing Mars. The author of the book subsequently decided to run those plans by Andy Weir, the author of The Martian. Weir's book is famous for its technical acumen around getting to and from The Red Planet. His conclusion is that Musk's technology, which includes the biggest rocket ever built, is feasible — but that Musk will not be the first man on Mars. The interview also hits on the future of NASA and what we need to get to Mars. Good stuff. Weir says, "My estimate is that this will happen in 2050. NASA is saying more like 2035, but I don't have faith in Congress to fund them."

theodp writes: As one works his or her way through EdX's free The Analytics Edge, one finds oneself going back-and-forth between videos and R to complete the programming exercises associated with the lectures. While this can certainly be done on a cheap-o 13" laptop with a 6mbps connection by jumping around from the web-based videos to the client-based programming environment and to the web for help (god bless Stack Overflow), have you found (or do you dream of) a better setup for the MOOC programming courses offered by the likes of EdX, Udacity, and Coursera? Are you using multiple screens, split screens, touch screens, laptops/desktops/tablets, speakers, headphones, higher-speed connections? Anything else? Do you rely solely on the class materials and web-based resources, or do you purchase complementary books? Any thoughts on how to make the experience work best for those learning at home, in a classroom setting, on the road for business/travel, or during lengthy train commutes? Do you playback videos at faster speeds (e.g., 1.5x)? Any other tips?

theodp writes: In his new book Will College Pay Off?, Wharton professor Peter Cappelli argues that banking on a specialized degree's usefulness is risky, especially since one reason some jobs are in high demand is that no one predicted that they would be. "A few generations ago," notes Cappelli, "the employers used to look for smart or adaptable kids on college campuses with general skills. They would convert them to what they wanted inside the company and they would retrain them and they'd get different skills. They're not doing that now. They're just expecting that the kids will show up with the skills that the employer needs when the employer needs them. That's a pretty difficult thing to expect, because of these kinds of problems. So the employers now are always complaining that they can't get the people they need, but it's pretty obvious why that's not happening." On CS-as-a-major, Cappelli says, "If you look at most of the people who are in computer programming, for example, they have no IT degree-they just learned how to program. Maybe they had a couple of courses in it, maybe they were self-taught. In Silicon Valley, the industry was built with only 10 percent of the workforce having IT degrees. You can do most of these jobs with a variety of different skills. I think what's happening now is that people have come to think that you need these degrees in order to do the jobs, which is not really true. Maybe what these degrees do for you is they shorten the job training by a bit, but that's about it. And you lose a bunch of other things along the way." One wonders what Cappelli might think of San Francisco's recent decision to pick a preschool curriculum based on where today's tech jobs are, echoing President Obama's tech industry-nurtured belief that "what you want to do is introduce this [coding] with the ABCs and the colors."

Nerval's Lobster writes: The latest biography of Elon Musk, by technology journalist Ashlee Vance, provides an in-depth look into how the entrepreneur and tech titan built Tesla Motors and SpaceX from the ground up. For developers and engineers, getting a job at SpaceX is difficult, with a long interviewing/testing process... and for some candidates, there's a rather unique final step: an interview with Musk himself. During that interview, Musk reportedly likes to ask candidates a particular brainteaser: "You're standing on the surface of the Earth. You walk one mile south, one mile west, and one mile north. You end up exactly where you started. Where are you?" If you can answer that riddle successfully, and pass all of SpaceX's other stringent tests, you may have a shot at launching rockets into orbit.

benrothke writes: The infinite monkey theorem states that a monkey hitting random typewriter keys for an infinite amount of time will eventually be able to create the complete works of Shakespeare. Various scientists such as Nobel laureate Arno Penzias have shown how the theorem is mathematically impossible. Using that metaphor, if you took every member of United States Congress and House of Representatives and wrote their collected wisdom on Iraq, it's unlikely they could equal the astuteness of even a single chapter of author Malcolm W. Nance in The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014. It's Nance's overwhelming real-world experiential knowledge of the subject, language, culture, tribal affiliations and more which make this the overwhelming definitive book on the subject. Read below for the rest of Ben's review. The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014, 2nd Edition author Malcolm W. Nance pages 404 publisher CRC Press rating 10/10 reviewer Ben Rothke ISBN 978-1498706896 summary Definitive text on the Iraq War written by one of the few Americans who truly understand the issue Nance is a career intelligence officer, combat veteran, author, scholar and media commentator on international terrorism, intelligence, insurgency and torture. In 2014 he became the executive director of the counter-ideology think tank the Terror Asymmetrics Project on Strategy, Tactics and Radical Ideologies (TAPSTRI).

While it's debatable if most members of Congress could elucidate the difference between the Sunnis and Shiites; Nance knows all of the players in depth. He understands and describes who there are, what they are and how their methods work. His unique analysis provides an in-depth understanding of who these groups are and what they are fighting about.

The book details how the many terror groups formed to create the Iraqi insurgency that led to the rise of the Islamic State of Iraq and Syria (ISIS). Nance places the blame on the Bush administrations 2003 invasion of Iraq that lead to the destabilization of the country. While the war was based on faulty evidence, the insurgency was created by myriad mistakes, misperceptions and miscalculations by L. Paul Bremer, who lead the occupational authority of Iraq during the war.

A common theme Nance makes throughout the book is that the US ignored history and didn't learn the lessons of the Iraqi revolt against the British in 1920 or the events of the Vietnam War. Those lessons being that insurgents and foreign terrorist operations were much more effective despite the enormous manpower and firepower that the U.S. troops brought to bear in Iraq.

Nance details how much of the coalition's strategy was based on wishful thinking. He writes that Washington never had a realistic plan for post-war Iraq. Only Saddam Hussein, Abu Musab al-Zarqawi and the ex-Ba'athists has a definitive strategy for what to do in post-war Iraq. Unlike the Americans, they mobilized the right resources and persons for the job, with devastating and horrifying effects.

The book writes of the utterly depravity and evil nature of Saddam Hussein and his sons Uday and Qusay. Following the first Gulf War. Qusay revealed a brutality to match both his father's and brother's. The Hussein family was responsible for the death and torture of hundreds of thousands of innocent Iraq's and others.

The insurgency was and is made up of countless different groups. Some of these groups number under a hundred members, others in the tens of thousands. Nance details who these groups are, their makeup and leadership structure and what they hope to achieve.

Nance quotes Donald Rumsfeld and General Tommy Franks who described the insurgency as dead-enders; namely small groups dedicated to Hussein, and not large military formations or networks of attackers. Yet the reality was that Hussein started creating the insurgency in the months before the invasion. Rather than being a bunch of dead-enders, the insurgency was a group that was highly organized, heavily armed, with near unlimited funds based on looting hundreds of millions of dollars.

From a reporting perspective, the book details how the U.S. government made the same mistakes in Iraq as it did in Iran. Underreporting U.S. casualties, over reporting enemy losses, and obfuscating how terrible the situation on the ground was.

The term IED (improvised explosive device) became part of the vernacular during the Iraq War. The book details how the insurgency used the many different types of IED's (including human-based IED) at specific times and places for their political and propaganda goals.

Nance writes that the biggest gift the U.S. gave to Osama bin Laden was to invade Iraq. The invasion provided him with an opportunity for inspirational jihad. bin Laden envisioned a holy war with heroic men fights against desperate odds in the heart of historic Islam, just like the first battles of the Prophet Mohammed.

Nance spends a few chapters dealing with ISIS and how it came to be. There are multiple iterations of the group, which developed as the Iraq mess evolved.

The book closes with a disheartening overview of the current state. Nance writes that the Middle East is in far more danger from destabilizing collapse of states due to the effects of the American invasion today than it has ever been.

As ISIS is currently the dominant force in Iraq; Nance states that he fears ISIS will have no intention of going back to being a small insurgent group. It will attempt to consolidate captured terrain. It will offer the Sunni a chance to rule under it at the technocrat level, but that is when the pogroms will start.

In the end, Nance writes, the Islamic caliphate will attempt and fail at creating a popular Iraqi-Syrian nation out of stolen governorates. But unless confronted quickly and forcefully, it may become an isolated jihadistan from which no end of terror will spawn.

For those that want to truly understand the Iraq conflict, Nancy is eminently qualified and this book is uniquely superb. There is no better book than The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014 on the subject.

Reviewed by Ben Rothke.

You can purchase The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014, 2nd Edition from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

theodp writes: Wondering what kind of things Microsoft might do with its purchase of Revolution Analytics? Over at the Revolutions blog, David Smith announces that in-database R is coming to SQL Server 2016. "With this update," Smith writes, "data scientists will no longer need to extract data from SQL server via ODBC to analyze it with R. Instead, you will be able to take your R code to the data, where it will be run inside a sandbox process within SQL Server itself. This eliminates the time and storage required to move the data, and gives you all the power of R and CRAN packages to apply to your database." It'll no doubt intrigue Data Scientist types, but the devil's in the final details, which Microsoft was still cagey about when it talked-the-not-exactly-glitch-free-talk (starts @57:00) earlier this month at Ignite. So, brush up your R, kids, and you can see how Microsoft walks the in-database-walk when SQL Server 2016 public preview rolls out this summer.

An anonymous reader writes: Today comic book stores around the world celebrate "Free Comic Book Day", offering anyone who pays them a visit some free comic books. This year there's 50 different titles to choose from, including a reprint of Neil Gaiman's "Lady Justice" (not seen in print in nearly 25 years) and a new Fight Club story by Chuck Palahniuk. The Marvel and D.C. universes are represented, as well as Dr. Who, The Simpsons, Jim Henson's Labyrinth, and even something called Steampunk Goldilocks. Saturday many bookstores will also be recognizing "Independent Bookstores Day" with special events, though ironically, some fans may be tempted to visit Amazon.com instead to download some free Kindle editions of last year's free comic books.

An anonymous reader writes: Today comic book stores around the world celebrate "Free Comic Book Day", offering anyone who pays them a visit some free comic books. This year there's 50 different titles to choose from, including a reprint of Neil Gaiman's "Lady Justice" (not seen in print in nearly 25 years) and a new Fight Club story by Chuck Palahniuk. The Marvel and D.C. universes are represented, as well as Dr. Who, The Simpsons, Jim Henson's Labyrinth, and even something called Steampunk Goldilocks. Saturday many bookstores will also be recognizing "Independent Bookstores Day" with special events, though ironically, some fans may be tempted to visit Amazon.com instead to download some free Kindle editions of last year's free comic books.

George Maschke writes AntiPolygraph.org (of which I am a co-founder) has published a set of leaked Defense Intelligence Agency polygraph countermeasure case files along with a case-by-case analysis. The case files, which include polygraph charts and the exact questions used, suggest that the only people being "caught" trying to beat the polygraph are those using crude, unsophisticated methods that anyone who actually understood polygraph procedure and effective countermeasures (like, say, a real spy, saboteur, or terrorist) would ever use. AntiPolygraph.org has previously published polygraph community training materials on countermeasures that indicate they lack the ability to detect countermeasures like those described in our free book, The Lie Behind the Lie Detector (PDF) or in former police polygraph examiner Doug Williams' manual, How to Sting the Polygraph. Williams, who was indicted last year after teaching undercover federal agents how to pass a polygraph, is scheduled to stand trial on May 12 in Oklahoma City.

Saint Aardvark writes Michael W. Lucas has been writing technical books for a long time, drawing on his experience as both a system and a network administrator. He has mastered the art of making it both easy and enjoyable to inhale large amounts of information; that's my way of saying he writes books well and he's a funny guy. Networking for System Administrators, available both in DRM-free ebook and dead tree formats, is his latest book, and it's no exception to this trend. Keep reading for the rest of Saint Aardvark's review. Networking for Systems Administrators author Michael W. Lucas pages 206 publisher Tilted Windmill Press rating 9/10 reviewer Saint Aardvark ISBN 0692376941 summary Explains networking to sysadmins - both juniors new to this career, and those who have been around for a while Like the title suggests, this book explains networking to sysadmins — both juniors new to this career, and those who have been around for a while but don't understand how those network folks live or what they need to do their job. If you're one of the latter, you might think "Oh I've read 'TCP/IP Illustrated' — I don't need another networking book." And it's true that there is overlap between these two books. But Lucas also explains about how to work with network folks: dealing with areas of shared responsibility, how to understand where your side ends, and how to talk to a network admin so that everyone understands each other — and more importantly, is both able and happy to help the other. This is something that is out-of-scope for a network textbook, and it's valuable.

So what's in this book? Lucas takes us through all the network layers, explaining how everything fits together. From physical ("If you can trip over it, snag it, break the stupid tab off the plastic connector at its end, or broadcast static over it, it's the physical layer.") to transport and application, he shows practical examples of how the OSI model maps (or doesn't) to the world of TCP/IP. He shows the happy path and the sad path at each layer, explaining how to understand what's going on and troubleshooting failures. This is the part with the strongest overlap with those other network textbooks. If system administration is a side gig (maybe you're a developer who has to maintain your own server), you'll have enough in this book to deal with just about anything you're likely to trip over. But if you're early in your sysadmin career, or you find yourself making the jump to Ops, you will want to follow it up with TCP/IP Illustrated for the additional depth.

Since you'll be troubleshooting, you'll need to know the tools that let you dump DNS, peer into packets, and list what's listening (or not) on the network. Lucas covers Linux and Unix, of course, but he also covers Windows — particularly handy if, like me, you've stuck to one side over the course of your career. Tcpdump/Windump, arp, netstat, netcat and ifconfig are all covered here, but more importantly you'll also learn how to understand what they tell you, and how to relay that information to network administrators.

That thought leads to the final chapter of this book: a plea for working as a team, even when you're not on the same team. Bad things come from network and systems folks not understanding each other. Good things — happy workplaces, successful careers, thriving companies and new friends — can come from something as simple as saying "Well, I don't know if it is the network's fault...why don't we test and find out?"

After reading this book, you'll have a strong footing in networking. Lucas explains concepts in practical ways; he makes sure to teach tools in both Unix/Linux and Windows; and he gives you the terms you'll use to explain what you're seeing to the network folks. Along the way there's a lot of hard-won knowledge sprinkled throughout (leave autonegotiation on — it's a lot better than it used to be; replace cables if there's any hint of flakiness in a server's network connection) that, for me at least (and be honest, you too) would have saved a lot of time over the years.

Who would I recommend this book to?

• If you're a sysadmin at the beginning of your career, this book is an excellent beginning; take it, read it, and build on it — both with practical experience and further reading.
• If you're coming into system administration the back way (as a developer who has to manage their own server, say, or who shares responsibility for a networked service with other admins), I can't think of a better single source for the practical knowledge you need. You'll gain an understanding of what's going on under the hood, how to diagnose problems you encounter, and how to talk to either system or network administrators about fixing those problems.
• If you're a manager or senior sysadmin, buy this book and read it through before handing it to the juniors on your team, or that dev who keeps asking questions about routing and the firewall; you may learn a few things, and it's always good to read fine technical writing.

You can purchase Networking for Systems Administrators from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

schwit1 writes with this snippet from Ars Technica: In the wake of the Thursday arrest of two women accused of attempting to build a bomb, Sen. Dianne Feinstein (D-CA) wrote on her website that the 1971 book on bomb making, which may have aided the terror suspects in some small way, should be "banned from the Internet."

The senator seems to fail to realize that not only has The Anarchist Cookbook been in print for decades (it's sold on Amazon!), but also has openly circulated online for nearly the same period of time. In short, removing it from the Internet would be impossible.

Zothecula writes The Amazon Dash Button is a small device that you can stick to walls or a variety of household appliances. Each button is associated with a certain brand or product, and when you set it up (via smartphone) you associate the button with a specific size or quantity (like, say, two 12-packs of Starbucks K-cups or one 2-pack of 50 oz. Tide detergent) and shipping speed. When you start to get low on said product, mash the button and Amazon takes care of the rest.

Michael Ross writes As with any content management system, building a website using Drupal typically requires extensive use of its administrative interface, as one navigates through its menus, fills out its forms, and reads the admin pages and notifications — or barely skims them, as they have likely been seen by the site builder countless times before. With the aim of avoiding this tedium, speeding up the process, and making it more programmatic, members of the Drupal community created a "shell" program, Drush, which allows one to perform most of these tasks on the command line. At this time, there is only one current print book that covers this tool, Drush for Developers, Second Edition, which is ostensibly an update of its predecessor, Drush User's Guide. Read below for the rest of Michael's review. Drush For Developers, 2nd Edition author Juampy Novillo Requena pages 180 publisher Packt Publishing rating 7/10 reviewer Michael Ross ISBN 978-1784393786 summary Recommendations for improving Drupal development with Drush. Both editions were written by Juampy Novillo Requena, although in the transition from the first edition to the second, both the author's name and the book title were changed. The most recent edition's title seems redundant, because of course such a book is going to be "for developers"; after all, who but Drupal developers would have an interest in Drush? The edition under review was published on 29 January 2015 by Packt Publishing, under the ISBN 978-1784393786. (My thanks to the publisher for a review copy.) At 180 pages, this edition is longer than its predecessor, but still a manageable size. Its content is divided among half a dozen chapters. Anyone interested in learning more about the book may wish to visit the publisher's website, which provides a brief description of the book, the table of contents, free sample content (Chapter 3), and the source code files.

The first chapter begins by presenting a brief comparison of the steps needed to run database updates on a Drupal website, using the GUI versus using Drush. As expected, the latter requires fewer steps. The author then discusses the prerequisites for installing Drush in a Linux or OS X environment. For Windows, the given download URL, http://www.drush.org/drush_win..., is incorrect and should instead be http://drush.readthedocs.org/e.... The author states that "the installer installs an older version of Drush," but actually the installer has disappeared from its former locations. Fortunately, the current Windows archive file has the latest version as of this writing, 7.0.0-alpha7. This version is more recent than the alpha5 used in the book, but the commands and their options seem identical. On the other hand, it is a large archive file containing the Drush application files, Msys, PHP, and parts of PEAR and Symfony's YAML — but no helpful installer. The chapter continues with explication of Drush command invocation, arguments, options, aliases, and context. The only apparent blemish is that the variable name "site-name" (page 14) should instead read "site_name."

After this introductory material, one would expect the next chapter or so to explain and illustrate the details of Drush commands frequently used by site developers, such as those for installing, enabling, and updating modules and themes. Instead, the author jumps far ahead to much more advanced topics (more on this below). In the case of the second chapter, the goal is to learn how to synchronize code, database configuration, and content among different server environments, including capturing database configuration settings in files so they can be version controlled in Git. This is arguably worthwhile knowledge, but certainly not what the average reader would expect so early in the book.

Readers attempting to follow and replicate the demonstrations in the book, may become frustrated with the pitfalls in the second chapter — such as the instances where it does not provide all the needed instructions, or they don't match the example code. When readers starting from scratch encounter the Drush script (page 23), they may be tempted to try it right away on their own test sites, but this would be ill-advised because the first command will fail until the Registry Rebuild command is installed (later in the chapter), and the fourth command will fail if the chosen website does not have the Features module already installed and enabled. When learning about database updates, the reader is instructed to create a new Boolean field, but only later learns that the test website should have contained nodes of the "Basic Page" content type. When readers learn these things the hard way, they must circle back and redo steps or, even worse, try to revert the state of files or the database.

The mymodule custom module found in the downloadable archive does not match what the reader will need on page 30, so she will need to modify mymodule.install to match that listed in the book, and also presumably comment out the last two lines in mymodule.info related to the Features module — but not the first two, because that would result in worse problems later. This initial code should have been included in the downloadable archive. Before running the command drush --verbose updatedb, should she have enabled the mymodule custom module? Apparently so, since the expected output includes "Executing mymodule_update_7100," but when I tried it, the provided module's update hook was not recognized as a database update, using Drush or the admin interface (update.php). On page 32, the reader is told to download and enable the Features module, but that must have been done already because the mymodule module required it earlier. Lastly, the book's preface states that PHP version 5.2 (or higher) would be sufficient, but 5.5 is needed, otherwise a fatal PHP error is generated by the empty() call on line 29 of the "7101" example code.

The third chapter covers the use of Drush for running and monitoring a variety of tasks in a Drupal website, such as updating the database or reindexing the searchable content in Apache Solr. The author begins by briefly describing the uses for the cron utility, and some advantages of executing it from Drush. A technique shown for preventing Drupal from running cron automatically, is to set the cron_safe_threshold variable to 0, export it to code (as a Features module), and then deploy it to the target environments. The author also demonstrates how to use Jenkins in conjunction with Drush to periodically run and monitor cron jobs. As an example of running a task without using cron, a Feeds importer is set up to work with Drush, using a custom module and a Drush command to trigger the Feeds importer. It's not mentioned in the book, but for the importer, in the settings for the node processor, be sure to assign the bundle, otherwise there will be EntityMalformedException errors; also, map the essential feed and node elements, otherwise the nodes created will be empty.

The book then explores a number of topics that are somewhat related to one another: how to use Drush and the Drupal Batch API to run time-consuming tasks so as to avoid PHP and database limits of memory and time; how to run PHP code after Drupal has been bootstrapped; how to best log messages using the drush_log() function; how to capture Drush output in a file; how to implement your own logging mechanism by overriding the Drush default logging function; and how to run Drush commands in the background. Despite the complexity of the processing implemented in this chapter, readers should encounter few problems trying it out. For the drush php-eval commands, Windows command line users will need to replace the single quotes with double quotes. In the section titled "The php-script command," two of the three "php-eval" terms should instead read "php-script" (page 65).

Debugging and error handling are addressed in detail in the fourth chapter: how to validate user input values and Drush command line options prior to passing them to a command's callback; how to define custom validation within a command; how to discover all of the available hooks for any given Drush command; utilizing the Devel module, how to discover all of the Drupal modules that use a given hook, and how to find the location of a given function or class method. In the midst of all this, readers get a detailed tour of the steps that Drush executes when bootstrapping Drupal. Readers should note that, as with the second chapter, some of the code in the downloadable archive does not match the initial code presented in the text, but rather its final state. As readers may have been seen in earlier chapters, the "-- verbose" versions of the Drush commands can produce a lot more informational output than what is presented in the text, including the MySQL commands (that may be a consequence of, in this case, the Windows command line). In the case of drush --debug testhooks, the output is remarkably different, but at least all of the commands are executed.

The penultimate chapter explores techniques for leveraging Drush to better manage Drupal websites on local and remote servers, utilizing site aliases. Developers will undoubtedly be intrigued if not thrilled with the possibilities of being able to execute Drush, Linux, and MySQL commands within remote environments from the local command line. The only questionable aspect is that in the first chapter it is claimed that one "does not even have to open an SSH connection" to perform these feats of digital derring-do, and yet all of them presented in this chapter seem to depend upon an SSH connection — if not explicitly on the command line, then at least established and used in the background by Drush. Nonetheless, the potential power of using Drush in this manner is clearly significant for Drupal site builders and maintainers, and thus the author wisely shows how to avoid inadvertently corrupting the files or database of a target installation.

The final chapter blends and builds upon most if not all of the topics addressed in the earlier chapters, to show how Drush can be used to set up an effective development workflow for teams building Drupal websites. To this end, the author demonstrates how to move Drush commands out of a project's web document root, and how to use Drupal Boilerplate to achieve this and more. The instructions employ wget to download Boilerplate, but other readers as well may encounter an error of wget not being able to verify github.com's certificate. Readers learn how to use Jenkins to synchronize the Drupal files and databases in disparate environments, how to use Drush commands to improve database synchronization and sanitization, and how to prevent inadvertently emailing production addresses.

Like seemingly any Packt Publishing book, this one has plenty of errata relative to its length: "OSX" (page 9; should read "OS X"), "an input data" (page 14; should read "an input datum"), "inform [Drush] where" (page 19), "Dated" (page 21; should read "It is dated"), "sites/all/drush/command[s]" (page 28), "type Page" (page 29; should read "type Basic Page"), "PHP.ini" (page 34; should read "php.ini"), "cover [the] Queue API" (page 58), "context" (page 66; probably should read "content"), "run[ning]" (page 66), "straight brackets" (page 68; just "brackets"), "thanks to [']allow-additional-options'" (page 83), "require [the] minimum" (page 94), "a valid Drupal's root directory" (page 94; no "'s"), "point [to] our local Drupal project" (page 117), "logged as message" (page 120), "our the $HOME path" (page 139), "password;." (page 149), and "offers [a] hook" (ditto). Some of the phrasing is odd, e.g., "output can be logged in to" (page 34), "tasks running at cron" (page 52), and "equals to 1" (page 61). Some of the sentences are incomplete, e.g., "Importing configuration into the database." (page 34). Fortunately, none of the narrative is incomprehensible, and it is generally smoother in this edition than in the first.

The structure of this book is more logical than that of its predecessor. As Drupal expert Mike Anello correctly pointed out in his review of the first edition, "the book could have easily been improved by splitting out various sections of chapters into their own stand-alone chapters." The same criticism still holds true for this second edition, particularly the third chapter, though to a much lesser extent overall.

As with most if not all titles offered by Packt Publishing, this book's chapters are lengthened with summaries, none of which serve any useful purpose, since they repeat what was presented just pages earlier, but do not include enough detail to be of any value.

One major problem with the book is that it is billed as a second edition to the earlier user guide, which covered introductory and intermediate topics; yet this second edition does not, and instead is almost entirely devoted to advanced topics. In fact, much of the material is preparatory for the final chapter, on utilizing Drush to improve a team's project workflow. This is not made clear to the prospective buyer. This is truly a new book, and not an update of the first edition. Furthermore, it is more focused on specific uses of Drush.

Whether this book could be recommended to any potential reader, depends upon what that individual is hoping to learn. For anyone who wishes full coverage of the beginner and intermediate topics of Drush, this book would be completely inappropriate, and the individual would be best pointed to the Drush documentation. On the other hand, the book would be much better suited for a Drupal developer looking to improve his or her understanding of using Drush for managing database configuration settings and other topics related to project workflow, particularly in team settings — in which case it could be extremely valuable.

Michael Ross is a freelance web developer and writer.

You can purchase Drush For Developers, 2nd Edition from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

An anonymous reader writes: Amazon has quietly rolled out a new business called "Home Services," which aims to be a middleman between customers and all sorts of contracted services. It includes things like appliance repair, home cleaning, installation/assembly of products in your car or home, tutoring (academic and musical), and even performance art. Amazon makes money on this by taking a cut of the total price — between 10 and 20 percent. Since everything is geolocated, they have many more options available in big cities than in small rural communities. One of Amazon's goals is to help standardize the price for various services, so there aren't any surprises when the bill comes due.

benrothke writes Technology is neutral and amoral. It's the implementers and users who define its use. In Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side. Keep reading for the rest of Ben's review. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It author Marc Goodman pages 400 publisher Doubleday rating 9/10 reviewer Ben Rothke ISBN 978-0385539005 summary In the rush to get everyone wired, they forget to secure it Technology breeds crime and in the book, Goodman users Crime, Inc. as a metaphor for the many entities and organizations that exist in the dark web and fringes of the Internet. Towards the end of the book, after describing all of the evils that the Internet creates, he suggests creation of a modern day Manhattan Project for cyber security. He writes that a major initiative such as that is what is required to secure the Internet and emerging technologies.

As to Crime, Inc., Goodman shows how they use technologies such as distributed computing, satellite communications, crowdsourcing, encrypted channels and other sophisticated mechanisms to carry out their actions. The premise of the book, and it's a compelling one, is that in the rush to wire every classroom, person and organization, we have failed to secure it appropriately.

The books 18 chapters are an easy and fascinating read. Goodman writes in detail about many major technologies trends and how its benefits can be subverted. The book is written for the non-technical reader and Goodman does an admirable job of minimize tech-talk and gibberish.

While the book obsesses on the dark side, it's important to note that Goodman is not an anti-technologist. The goal of the book is to make people aware of what they are clicking on, and how they often give away their personal life when using free mobile applications.

Chapter 6 on the surveillance economy is particularly interesting. While Snowden brought attention to the NSA's wholesale spying, what has gone under the radar is the lucrative surveillance economy that has developed. Goodman writes how firms like Acxion, Epsilon and others are part of the over $150 billion data brokerage industry. Their power is that they correlate information from myriad disparate sources, to create a powerful dossier that marketers are willing to pay for.

The chapter articulately details the unprecedented amounts of data people have shared with third-parties; that once shared, is almost impossible to control. The privacy implications are huge and the problem is only getting worse. Data brokers have no privacy incentives as they make money when they sell data, not when they protect it.

The book is a fascinating read, albeit a bit wordy at times. The book contains so many horror stories and examples of software and hardware gone badly, that the reader can be overwhelmed. Goodman on occasion makes some errors, such as when he writes that a six-terabyte hard drive could hold all of the music ever recorded anywhere in the world throughout history. At times, he overemphasizes things, such as when he writes that one billion users have posted their most intimate details on Facebook. While Facebook recently passed the 1 billion user mark, not every user posts intimate details of their live.

The book provides a superb overview of the security implications of the Internet of Things (IoT). Goodman details how the IoT can be used to create intelligent systems and networks that can detect and shutdown adversaries. But to secure the IoT will require an effort akin to the Manhattan Project. With that, Goodman advocates that the government fund a digital Manhattan Project, getting the best and brightest minds in the information security space together, to create a framework to better secure the Internet.

The problem is as he notes, that Washington simply does not see the need nor can they comprehend the urgency of the situation. It's only the government that can ostensibly get the private and public sectors together to work in concert, but that is unlikely to happen anytime soon. Which only serves to exacerbate an already tenuous information security problem.

An additional issue the book grapples with, it that the while government wants its citizens to be secure and touts the importance of personal privacy, it simultaneously spies on them. Also, providers such as Google and Facebook provide free services, at the cost of turning the user into a data customer. It's not just the criminals and terrorists the book warns about, rather government and free data collection services.

While the book paints an overly depressing picture of what the future holds for personal privacy, Goodman closes the book with his UPDATE protocol. He writes that while the worst is yet to come and that it's getting more and more difficult to gain control you're your personal data and metadata; there are six steps you can do. Goodman claims that these 6 steps can prevent 85% of digital attacks. The UPDATE steps are: Update frequently, Passwords, Download from safe sites only, Administrator accounts used with care, Turn off computers and Encrypt data.

Much of the problem is that people are clueless to what is going on. They use free services not knowing their data and personal privacy is what they are giving away. Finally, users don't know what good security looks like. The book is a valiant attempt to show users that while they think they are using the Internet in a pristine environment, it is simply a cesspool of malware, scammers and miscreants. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It is a great wake-up call. Let just hope everyone wakes up and read it.

Reviewed by Ben Rothke.

You can purchase Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

Michael Ross writes In recent years, JavaScript has enjoyed a dramatic renaissance as it has been transformed from a browser scripting tool primarily used for special effects and form validation on web pages, to a substantial client-side programming language. Similarly, on the server side, after years as the target of criticism, the PHP computer programming language is seeing a revival, partly due to the addition of new capabilities, such as namespaces, traits, generators, closures, and components, among other improvements. PHP enthusiasts and detractors alike can learn more about these changes from the book Modern PHP: New Features and Good Practices, authored by Josh Lockhart. Keep reading for the rest of Michael's review. Modern PHP: New Features and Good Practices author Josh Lockhart pages 268 publisher O'Reilly Media rating 8/10 reviewer Michael Ross ISBN 978-1491905012 summary Solid advice on some state-of-the-art PHP tools and techniques. Programmers familiar with the language and its community may recognize the author's name, because he is the creator of PHP The Right Way, a website which he describes as "an easy-to-read, quick reference for PHP popular coding standards, links to authoritative tutorials around the Web and what the contributors consider to be best practices at the present time," in 21 different languages.

Yet rest assured that the book under review is not merely a dead-tree version of the website. Instead, the book covers the more recent advancements within the language, while the website covers best practices and standards. This should be borne in mind, otherwise the reader may be baffled by the absence from the book of certain topics on the website essential to the language, such as SPL, PEAR, and PHPDoc. Moreover, of the topics shared between the book and the website, the information is generally organized quite differently, with more example code in the book.

This title was published on 1 March 2015, under the ISBN 978-1491905012, by O'Reilly Media, who kindly provided me with a review copy. Its material is presented in 268 pages, organized into 13 chapters (The New PHP; Features; Standards; Components; Good Practices; Posting; Provisioning; Tuning; Deployment; Testing; Profiling; HHVM and Hack; Community), which are grouped into three parts (Language Features; Good Practices; Deployment, Testing, and Tuning) — as well as two appendices (Installing PHP; Local Development Environments) and an index. The publisher's page does not offer much of interest. However, all of the example code is available from the book's GitHub repository. There are differences between the GitHub code and what is printed in the book, e.g., a baffling require 'vendor/autoload.php'; in the first example code file. The author claims that the reader does not need to know PHP, but at least "a basic understanding of [] fundamental programming concepts" (page xiv). However, anyone without at least intermediate skills and experience with PHP could conceivably struggle with these more advanced subjects.

The first chapter is only a brief overview of the history of PHP, its current state, and some possible future changes to the language's engine. The real content starts in the second chapter, in which the author gives the reader a fast-paced introduction to his seven favorite major new features in PHP: namespaces, class interfaces, traits, generators, closures, Zend OPcache, and the built-in HTTP server. In some regards, the coverage is a bit too fast-paced, as some topics and questions likely in the reader's mind are not addressed — for instance, namespace case-sensitivity and techniques for ensuring that a chosen namespace is globally unique (page 9). For each topic, its purpose and advantages are explained, and sometimes illustrated with code examples, although none are extensive.

The second part of the book opens with a chapter on some of the new standards in the PHP ecosystem that are intended to move the common development process from a reliance upon one isolated framework, with an idiosyncratic coding style, to distributed components that can interoperate through the use of interfaces, industry-wide coding standards, and the use of autoloaders for finding and loading classes, interfaces, and traits at runtime. Components are covered in more detail in the subsequent chapter, as is Composer, for installing components and managing dependencies. The fifth chapter is a lengthy but information-packed exposition of numerous best practices regarding input data sanitization, password handling, dates and times, and safe database queries, among other topics. Some of the advice can be found in other PHP books and online, but all of this is neatly explained, updated with the newer PHP versions, and worthwhile as a refresher.

Deployment, testing, and tuning are the broad subject areas of the third and final part of the book. The author discusses the options for hosting your PHP applications, as well as provisioning any self-managed web server and tuning a server for optimal performance. All of the instructions assume you are using Linux and nginx, and thus would be of less value to those using Windows or Apache, for instance. The material on application deployment is relatively brief, and focuses on use of the Capistrano tool. Testing is often neglected in real-world projects, but certainly not in this book, as the author explains unit and functional testing, illustrated through the use of PHPUnit. This is followed by information on how to use a development or production profiler to analyze the performance of your application, with detailed coverage of Xdebug and XHProf, among other tools. The next two chapters dive into topics related to the (possible) future of PHP — specifically, Facebook's HHVM PHP interpreter and their Hack derivative language. The final chapter briefly discusses the PHP community. The two appendices explain how to install PHP on Linux or OS X for commandline use, and how to set up a local development environment. The author mentions a free edition of Zend Server, but the vendor page mentions no such pricing.

Despite its technical subject matter, this book is not a difficult read. The author's writing style is usually light and friendly, especially in the preface. In a few places, the phrasing is a bit too terse, which might prove momentarily confusing to some readers, e.g., "Function and constant aliases work the same as [those of] classes" (page 11). The text has some errata (aside from the two, as of this writing, already reported): "curl" (pages 15, 220, and 222; should read "cURL"), "a an argument" (page 33), "Prepared statement [to] fetch" (pages 99 and 100), "with [the] php://filter strategy" (page 110), "2 Gb" (page 129; should read "2 GB"), "the the" (page 154), "path to a the code" (page 176), and "Wordpress" (page 190; should read "WordPress").

One weakness with the book is that for several of the topics — including some critical ones — there is not enough detailed information provided that would allow one to begin immediately applying that technique or resource to one's own coding, but instead just enough information to whet one's appetite to learn more (presumably from another book or a website). Secondly, some of the narrative — particularly near the end of the book, when discussing various tools — would be of less value to anyone not developing analytics environment. Beware that some of the tools require numerous dependencies. For instance, do you have Composer, Git, MongoDB, and its PHP extension installed? If not, then you won't be using XHGUI. Also, some of the installation and configuration steps are quite lengthy, with no details provided for troubleshooting issues that might arise. Lastly, despite the promise that any reader with only basic programming knowledge will be able to fully understand the book, such a reader would likely find much of its contents mystifying without further preparation from other sources.

Nonetheless, the book has much to offer, despite its slender size. Numerous resources are recommended — most if not all apparently vetted by the author, who clearly has considerable experience in this arena. Some valuable techniques are presented, such as those instances in the text where the author shows how to use iteration on large data sets to minimize memory usage. In addition, the example code demonstrates that the author has made the effort to produce quality code that can serve as a model to others. Modern PHP does a fine job overall of explaining and advocating the newer capabilities of PHP that would attract developers to choose the language for building state-of-the-art websites and web applications.

Michael Ross is a freelance web developer and writer.

You can purchase Modern PHP: New Features and Good Practices from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

An anonymous reader writes A British newspaper is celebrating "the world's worst ebook artwork", as discovered by the creator of a new Tumblr feed. 'It's the hubris of it that people get a kick out of — the devil-may-care attitude of an author who, with zero arts training, says to themselves: "How hard can it be?" Two different authors simply cut-and-pasted smaller images over a background showing the planets, according to one Kindle blog, which notes that one author actually pasted eyes and lips onto the planets, creating an inadvertently creepy montage. But the site's creator tells the newspaper that it's ultimately meant to be an affectionate tribute to their rejection of the mundane and appreciating each creative and beautiful mess.

benrothke writes Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, author Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama and the NSA for their wholesale spying on innocent Americans and violations of myriad laws. Instead, he was written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers facing everyone. A comment like what's the big deal? often indicates a naiveté about a serious significant underlying issue. The idea that if you have nothing to hide you have nothing to fear is a dangerously narrow concept on the value of privacy. For many people the notion that the NSA was performing spying on Americans was perceived as not being a big deal, since if a person is innocent, then what do they have to worry about. In the book, Schneier debunks that myth and many others, and defends the importance of privacy. Keep reading for the rest of Ben's review. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World author Bruce Schneier pages 400 publisher W. W. Norton and Company rating 10/10 reviewer Ben Rothke ISBN 978-0393244816 summary Important defense of privacy and expose on the dangers of NSA domestic mass surveillance Schneier writes that privacy is an essential human need and central to our ability to control how we relate to the world. Being stripped of privacy is fundamentally dehumanizing and it makes no difference whether the surveillance is conducted by an undercover police officer following us around or by a computer algorithm tracking our every move.

The book notes that much of the data sharing is done voluntarily from users via social media and other voluntary sharing methods. But the real danger is that the NSA has unlawfully been conducting mass surveillance on Americans, in violation of the Constitution and other Federal laws. And with all of that, the book observed that after spending billions doing it, the NSA has very little to show for its efforts.

While the NSA has often said they were just collecting metadata; Schneier writes that metadata can often be more revealing than the data itself, especially when it's collected in the aggregate. And even more so when you have an entire population under surveillance. How big of a deal is metadata? Schneier quotes former NSA and CIA director Michael Hayden that "we kill people based on metadata".

The book spends chapters detailing the dangers of mass data collection and surveillance. It notes that the situation is exacerbated by the fact that we are now generating so much data and storing it indefinitely. People can now search 20 years back and find details that were long thought to have been forgotten. Today's adults were able to move beyond their youthful indiscretions; while today's young people will not have that freedom. Their entire life histories will be on the permanent record.

Another harm of mass government surveillance is the way it leads to people being categorized and discriminated against. Since much of the data is gathered in secret, citizens don't have the right to see or refute it. Schneier notes that this will intensify as systems start using surveillance data to make decisions automatically.

Schneier makes numerous references to Edward Snowden and views him as a hero. He views Snowden's act as being courageous since it resulted in the global conversation about surveillance being made available. Had it not been for Snowden, this book would never have been written.

Schneier does a good job of showing how many of the methods used by the NSA were highly questionable, and based on extremely broad readings of the PATRIOT ACT, Presidential directives and other laws.

The book notes that not only has mass surveillance on US citizens provided extremely little return on the tens of billions of dollars spent; the very strategy of basing security on irrational fears is dangerous. The book notes that many US agencies were faulted after 9/11 and the Boston Marathon bombing for not connecting the dots. But connecting the dots against terrorist plots is extraordinarily difficult, if not impossible. Given the rarity of these events, the book notes that they current systems produce so many false positives as to render them useless.

Schneier straight-out says that ubiquitous surveillance and data minding are not suited for finding dedicated criminals or terrorists. The US is wasting billions on these programs and not getting the security they have been promised. Schneier suggests using the money on investigations, intelligence and emergency response; programs whose tactics have been proven to work.

Schneier makes many suggestions on how to stop the mass surveillance by the NSA. His biggest suggestion is to separate espionage agencies from the surveillance agencies. He suggests that government surveillance of private citizens should only be done as part of a criminal investigation. These surveillance activities should move outside of the NSA and the military and should instead come under the auspices of the FBI and Justice Department, which will apply rules of probable cause, due process and oversight to surveillance activities in regular open courtrooms. As opposed to the secret United States Foreign Intelligence Surveillance courts.

Schneier notes that breaking up the NSA is a long-range plan, but it's the right one. He also suggests reducing the NSA's budget to pre-9/11 levels, which would do an enormous amount of good.

While Schenier comes down hard on mass surveillance, he is also rational enough to know that there are legitimate needs for government surveillance, both law enforcement and intelligence needs to do this and we must recognize that. He writes that we must support legitimate surveillance and work on ways for these groups to do what they need without violating privacy, subverting security and infringing on citizens' rights to be free of unreasonable suspicion and observation.

The book concludes with a number of things that can be done. At the personal level there is a lot people can legitimately do to stop sharing so much personal information. But for most people, they would rather reap the short-term benefits of sharing information on social media, with retailers and more; than the long-term privacy benefits.

The book also notes that much of the problem stems with federal agencies since keeping the fear stoked is big business. For those in the intelligence agencies, that is the basis of their influence and power. Schneier also lays some of the blame on the media who stoke the irrational fears in the daily news. By fixating on rare and spectacular events, the media conditions us to behave as if terrorism were much more common than it is and to fear it far out of proportion to its actual incidence.

This is an incredibly important book. Schenier is passionate about the subject, but provides an extremely reasonably set of arguments. Superbly researched, Schneier lays out the facts in a clear, concise and extremely readable manner. The book is at times disturbing, given the scope and breadth of the NSA surveillance program.

This is the perfect book to take with you on a long flight. It's a compelling and engrossing read, and important book and a major wake-up call. The NSA knows all about you via its many total information awareness programs. In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, Bruce Schneier provides the total information awareness about what the NSA is doing, how your personal data is being mined, and what you can do about it.

While the NSA was never able to connect the dots of terrorists, Schneier has managed to connect the dots of the NSA. This is a book that must be read, for your freedom.

Reviewed by Ben Rothke.

You can purchase Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

theodp (442580) writes " Learning to code has become a mainstream fascination," writes Brian Liou in Why are YOU learning to code?, "but all the evangelization has been misleading. The problem in our Chris-Bosh-codes-so-should-you society is that people learn to code without first asking "for what purpose do you want to use code?" What in your day-to-day work could you actually automate using code? Let's face it, your odds of creating the next hot iPhone app aren't great, but the spreadsheets you look at everyday or the strategic business decisions you or your company makes? Coding can help you with those. Coding to better understand data would help everyone." Leada co-founder Liou's advice? "So to all non-technical professionals looking to get technical: If you want to become a software engineer, by all means learn Ruby or go through the JavaScript tutorials on Codecademy. But if you're simply a business professional looking to gain an edge on your peers, trust me, you are much better off learning R." So, did Mark Zuckerberg steer 100 million K-12 coder wannabes down the wrong path with the JavaScript and Ruby preaching?"

MassDosage writes As the full title to Lauren Ipsum: A story about Computer Science and Other Improbable Things indicates, this is a book about Computer Science but what's surprising about it is that it manages to be about Computer Science without actually ever directly referring to the subject or even to computers at all. It is in fact a fictional story about a young girl called Lauren who gets lost after wandering into a forest near her house after an argument with her mother. She stumbles into a world populated with all kinds of strange creatures and colorful characters some of whom she befriends in order to figure out how to get back to her home. The "figuring out" part of the plot is where things get interesting as she has many attempts at solving this problem with different characters giving her often contradictory advice and Lauren then has to decide what exactly she's trying to do and which of the various possible solutions is the best. This involves a fair amount of trial and error, learning from certain mistakes and trying different approaches. If this is starting to sound familiar to those who have written software then that's the whole point. Lauren Ipsum is cunningly littered with references to Computer Science and in particular to things like algorithms, logic puzzles and many other of the theoretical underpinnings of the subject. Read below to see what MassDosage has to say about the book. Lauren Ipsum: A Story About Computer Science and Other Improbable Things author Carlos Bueno pages 182 publisher No Starch Press rating 8/10 reviewer Mass Dosage ISBN 978-1-59327-574-7 summary A whimsical journey through a land where logic and computer science come to life. In the course of her adventures Lauren encounters characters like Xor the chameleon, Hugh Rustic the shop owner, a flock of round Robins and a Wandering Salesman. Anyone who knows a bit about computer science will be aware of the topics that are being alluded to here. This is also evident in some of the places she visits — a forest made up of red and black trees, the Island of Byzantium and a Garden of Forking Paths. All these insider references are obviously more enjoyable if you know the subject but it doesn't really matter if you don't get them as the story itself is separate from all the in-jokes. It's also almost certainly the intention of the authors to stimulate people to look up some of the things they refer to and thus learn more about computer science. Lauren Ipsum can thus be read on two levels — one as a straightforward adventure story and the other as a "find and research the hidden references" book. The title of the book is itself a play on words of "Lorem Ipsum" which I'll leave you to read up on on your own.

The chapter I enjoyed the most was one that covered building up a solution to a problem by breaking it down into smaller pieces and then combining these to come up with the final answer. In the book Lauren first learns how to draw a line and then that she can then draw and connect four of these to make a square. Even better is the discussion of the seemingly simple task of how to draw a circle which demonstrates that there are different ways of doing this, each having their own pros and cons. The solutions can be easily described as a set of steps and the question of how to control the size of the circle can be specified separately from the steps themselves. This is done without referring to any of the technical terms directly (one of the first chapters in the book is all about avoiding jargon) however what is actually being described will be instantly recognizable to anyone who has written some code — namely algorithms,algorithmic complexity, variables and parameter passing. This is quite a different way of illustrating programming concepts instead of the usual manner which involves lots of theory and code examples. Lauren Ipsum's approach offers a much lower learning curve with simple story driven metaphors that can then be applied practically later.

The target audience of the book is probably children from around the age of 8 and up with the intention being to spark an interest in computers without the intimidation and possible connotations of boredom that a textbook might evoke. The story is entertaining but relatively simple and most of the more serious subject matter is just touched on in passing. There is an Appendix at the end which covers a few of the topics in more technical and mathematical detail but there is plenty that isn't covered and it is up to the reader whether they want to find out more in their own way.

I found Lauren Ipsum an entertaining read, even though some of the computer science references are a bit forced. I ended up looking up a few things I wasn't entirely sure about and learnt something new in the process and I can imagine this being even more the case for someone new to the subject. Even if the reader isn't an aspiring geek-to-be there should be enough in the story here for them to enjoy and maybe help convince them that Computer Science can actually be fun or at the very least give them a taste for why problem solving is interesting and useful.

You can purchase Lauren Ipsum: A Story About Computer Science and Other Improbable Things from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

eldavojohn writes Core HTML5 2D Game Programming details a journey through creating Snail Bait in well defined steps. This simple two dimensional platform game works as a great starting point for anyone interested in making their very first game targeting many desktop and mobile platforms. This incremental process is expertly segmented into logical lessons with the only prerequisite being fluency in JavaScript. One of the most attractive aspects of this book is that the core concepts of this book don't rely on some flavor of the week JavaScript library or framework. Read below for the rest of eldavojohn's review. Core HTML5 2D Game Programming author David Geary pages 615 pages publisher Prentice Hall rating 9/10 reviewer eldavojohn ISBN 9780133564242 summary An exercise in 2D game development and mechanics in HTML5 and JavaScript. First, this book isn't for people who do not recognize HTML5 and JavaScript as a valid development platform for games. I know you're out there, you can stop reading here and move on to the next article. This book isn't for you. If you have no programming experience this book is likely not for you either. This book dives into concepts faster than Geary's last book on game development in Canvas. You should also be familiar with JavaScript if you want to effortlessly start on this book. Throughout the book, Geary utilizes object's JavaScript prototypes to add functions, uses anonymous functions and refers to common programming patterns.

It is worth repeating that the implementation in this book does not rely on a framework or library that could change or go defunct. The game runs entirely on code covered in the book accessing W3C standard specifications like requestAnimationFrame(). As long as JavaScript interpreters don't change core things like timing control, this book should be relevant to developers for years to come.

The reason this book gets a nine is it accomplishes everything it sets out to do and Geary does a great job dividing up task after incremental task of setting sprite sheets and backgrounds into motion. The reason it doesn't get a ten is that I was personally disappointed with the the author devoting little time to physics and their simulations.

The book is laid out to enable its use as two kinds of resources: cover to cover and chapter specific topics. Reading this straight through, there were only a few times where it felt like I was needlessly being reminded of where I had already read about tangential topics. On the plus side if you ever want to see how Snail Bait implemented something like sound, you need only spend time on the chapter devoted to sound sprites. One mild annoyance I had with the text was that the author seems to always refer to Snail Bait as "Snail Bait" which leads to a Ralph Wiggum-like aversion to pronouns or saying "the game" instead occasionally. It might only be me but it can become tiresome to read "Snail Bait" five or six times on the same page.

You can read a sample chapter here that shows how to implement sprite behaviors.

The first two chapters of the book focus on a set of basic guidelines to follow when doing game development in HTML5 and JavaScript — like keeping certain UI display elements in CSS instead of rendering them as paths or objects in the Canvas. Geary also covers the very absolute simplest concepts of how graphics are going to be displayed and how the background is going to move. He also spends time in Chapter Two showing how to best set up the development environment. It is demonstrated how shortening your cycle of deployment saves you tons of time and the author does a great job on letting you know what tools to use to debug throughout the whole text.

The third chapter delves into draw and rendering graphics in the canvas as well as introducing the reader to the game loop. It spends a good amount of time explaining the use of animation frame control in a browser to keep animations running smoothly. It also begins the auditing of frame rates so that the game can respond to and display things normalized at the rate the user is experiencing them. It also touches on how parallax can be employed to show things closer up moving faster than those further back in the background. This illusion of depth has long been popular and is even finding its way into scrolling on blogs and I wish that Geary would have spent more time on this perhaps in a later chapter but offer the reader more on how to do multiple levels of depth.

The next chapter tackles the core infrastructure of Snail Bait and discusses at length encapsulation of certain functionalities (instead of globals) in the source code as well as Snail Bait's 2300 line prototype. It bothers me that one file is 2300 lines and I wish there was a better way to do this but as a learning tool, it works even if it is daunting to scroll through. The book adds some helpful pointers about how utterly confusing the "this" keyword can be in JavaScript. Chapter Four really sets the pace for the rest of the book by introducing the use of event listeners and illustrating how the game loop is going to continually be extrapolated.

The next three chapters cover the use of loading screens, sprites and their behaviors. Snail Bait uses all its graphics from an open source game (Replica Island). But if you were to design your own graphics for your game, these chapters do a great job of showing how to construct sprite sheets and how to use tools to construct metadata in the code so that the sprites are usable by the sprite artists. Using the flyweight pattern, Geary sets the stage for more complex behaviors and actions to come in the following chapters.

The next three chapters cover time, stopwatches and their effects on motions and behaviors within the game. The author starts and works from linear motion to non-linear motion and then using transducer functions to affect the time system. The game now has bouncing coins, a jumping player and Geary does a good job of showing the reader how to emulate behaviors in the code.

Naturally what follows next is collision detection and gravity. The collision detection strategies were adequate but I wish that there was more depth at least referenced in the text. This isn't a simple problem and I did like how Geary referenced back to chapter two's profile and showed how collision detection performance as you implement and refine and optimize your algorithm. The nice thing about this book is that it often tackles problems with a general solution in the code (runner/sprite collision) and then provides the edge case solutions.

In the fourteenth chapter, the author tackles something that has long been a plague in HTML5 games: sound and music. The author doesn't sugarcoat this citing the long history of problems the vendors have had trying to support this in browsers. There's a great explanation of how to create and handle "sound sprites" (similar to sprite sheets) so that there is only one download for background music and one download for audio sprites.

Next Geary covers the problem of multiple viewport sizes with a focus on mobile devices. Of course this is one of the biggest issues with mobile gaming today. The chapter is lengthy and deals with the many intricacies of scaling, sizing and touch events. This chapter is long but the highly detailed support of multiple platforms and resolutions is a justified discussion point.

In sixteen, the reader gets a treatment of utilizing sprites and their artists to simulate sparks and smoking holes. The book calls this chapter "particle systems" but I don't think that's a very good title as the code isn't actually dealing with things at the particle level. Instead this chapter focuses on using sprites to simulate those behaviors via animation. This is completely necessary on a computation inexpensive platform but it is misleading to call these particle systems.

Now that the game looks and functions appropriately, the book covers UI elements like player scores and player lives. The auditing of these metrics are covered in the code as well as warnings when the game begins to run to slowly. It also covers the 'edge' condition of winning in the game and the routine that is followed when the user wins the game.

The next chapter introduces the concept of a developer backdoor so that the reader can manually speed up or slow down the game while playing it or even test special cases of the runner sprite interacting with other elements. It's a useful trick for debugging and playing around but does devote a lot of time to the specialized UI like the speed slider and other things that won't (or rather shouldn't) be seen by a common player.

Chapter nineteen really felt out of place and very inadequate on important details. It's a blind rush through using node.js and socket.io to implement server side high scores. The way it's implemented would make it trivial for someone to submit a high score of MAX_INT or whatever to the server. The metrics reporting is done in a manner that (in my opinion) breaks from long established logging structure one would be familiar with. While it covers important things to record from your users in order to tweak your game, the inadequacy of discussions about shortcomings makes it feel out of place in this text. It's a topic of great depth and I have no problem with an author touching on something briefly in one chapter — this chapter does lack the warnings and caveats found in other chapters though.

Contrary to the previous chapter, the final chapter is a fast application of the entire book's principles applied to a new game (Bodega's Revenge). Geary gives a final run through showing how the lengthy prior discussions quickly translate to a new set of sprite sheets and game rules. If this book is ever expanded, I think it would be great to include additional chapters like this although I would pick a more distinct and popular two dimensional game format like a tower defense game or a bejeweled knockoff.

Overall, Core HTML5 2D Game Programming is a great book for a JavaScript developer looking to dabble in game development. You can purchase Core HTML5 2D Game Programming from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review Designing and Building a Security Operations Center author David Nathans pages 276 publisher Syngress rating 8/10 reviewer Ben Rothke ISBN 978-0128008997 summary Good introduction to those looking to build their own security operations center An effective SOC provides the benefit of speed of response time to a security incident. Be it a DDoS attack or malware which can spread throughout a corporate network in minutes, and potentially knock out the network, every second counts in identifying these attacks and negating them before they can cause additional damage. Having a responsive SOC can make all the difference in how a firms deals with these security issues.

The book notes that the SOC is akin to an enterprise nervous system that can gather and normalize vast amounts of log and related data. This can provide continuous prevention, protection and detection by providing response capabilities against threats, remotely exploitable vulnerabilities and real-time incidents on the monitored network.

The 11 chapters provide a start for anyone considering building out their own SOC. Topics include required infrastructure, organizational structure, staffing and daily operations, to training, metrics, outsourcing and more.

When building a SOC, the choices are for the most part doing it yourself (DIY) or using an outsourced managed security service provider (MSSP). The book focuses primarily on the DIY approach, while chapter 10 briefly details the issues and benefits of using a MSSP. The book provides the pros and cons of each approach. Some firms have a hybrid approach where they perform some SOC activities and outsource others. But the book doesn't details that approach.

The book provides a large amount of details on the many tasks needed to create an internal SOC. The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".

One important topic the book does not cover is around SIM/SIEM/SEM software. SIEM software can provide a firm with real-time analysis of security alerts generated by network and security hardware, software and other applications.

Many benefits come from an effective SIEM tool being the backbone of the SOC. A SIEM tool consolidates all data and analyzes it intelligently and provides visualization into the environment. But selecting the appropriate SIEM and correctly deploying it is not a trivial endeavor.

Those looking for a good reference on SIEM should read: Security Information and Event Management (SIEM) Implementation, which I reviewed on Slashdot. That book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy.

The book notes that the most important part of a SOC, and often the most overlooked, is that of the SOC analyst. And with that, the book writes how it's important to be cognizant of the fact of SOC analyst burnout. SOC analysts can burnout and it's important for an organization to have a plan to address this, including aspects of training, management opportunities and job rotation.

Building an in-house SOC takes significant planning an attention to detail and the book details a lot of the particulars that are required for an effective SOC design.

The implementation of a SOC will cost a significant amount of money and management will often want to have metrics to let them know what the SOC is doing. The book spends a brief amount of time on SOC metrics; which is a topic that warrants a book in its own right. There are many metrics that can be created to measure SOC efficacy. Effective SOC metrics will measure how quickly incidents are handled by the SOC, and how incident are identified, addressed and handled.

The downside to metrics is that they must be used judiciously. It's important not to measure base performance of a SOC analyst simply on the number of events analyzed or recommendations written. Metrics used in that manner are akin to help desk where analysts are only concerned about getting calls finished, in order to meet their calls completed metrics.

As important as a SOC is, this is surprisingly the first book written on the topic. At under 250 pages, the book provides an introduction to the topic, but is not a comprehensive work on the topic. There are areas in SOC management that the book doesn't cover, such as SOC documentation, creating and using SOC operation run books, and more.

But even with those missing areas, Designing and Building a Security Operations Center is a good reference to start with. A SOC is a security component most organizations are in dire need of, and the book is a good way to get them started on that effort.

Reviewed by Ben Rothke.

You can purchase Designing and Building a Security Operations Center from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

theodp writes Maybe Bill Gates' Summer Reading this year will include The Art of R Programming. Pushing further into Big Data, Microsoft on Friday announced it's buying Revolution Analytics, the top commercial provider of software and services for the open-source R programming language for statistical computing and predictive analytics. "By leveraging Revolution Analytics technology and services," blogged Microsoft's Joseph Sirosh, "we will empower enterprises, R developers and data scientists to more easily and cost effectively build applications and analytics solutions at scale." Revolution Analytics' David Smith added, "Now, Microsoft might seem like a strange bedfellow for an open-source company [RedHat:Linux as Revolution Analytics:R], but the company continues to make great strides in the open-source arena recently." Now that it has Microsoft's blessing, is it finally time for AP Statistics to switch its computational vehicle to R?

Saint Aardvark writes If, like me, you administer FreeBSD systems, you know that (like Linux) there is an embarrassment of riches when it comes to filesystems. GEOM, UFS, soft updates, encryption, disklabels — there is a *lot* going on here. And if, like me, you're coming from the Linux world your experience won't be directly applicable, and you'll be scaling Mount Learning Curve. Even if you *are* familiar with the BSDs, there is a lot to take in. Where do you start? You start here, with Michael W. Lucas' latest book, FreeBSD Mastery: Storage Essentials. You've heard his name before; he's written Sudo Mastery (which I reviewed previously), along with books on PGP/GnuPGP, Cisco Routers and OpenBSD. This book clocks in at 204 pages of goodness, and it's an excellent introduction to managing storage on FreeBSD. From filesystem choice to partition layout to disk encryption, with sidelong glances at ZFS along the way, he does his usual excellent job of laying out the details you need to know without every veering into dry or boring. Keep reading for the rest of Saint Aardvark's review. FreeBSD Mastery: Storage Essentials author Michael W. Lucas pages 240 publisher Tilted Windmill Press rating 9/10 reviewer Saint Aardvark ISBN 0692343202 summary FreeBSD Mastery: Storage Essentials takes you on a deep dive into FreeBSD’s disk management systems. Do you need to know about GEOM? It's in here: Lucas takes your from "What *is* GEOM, anyway?" (answer: FreeBSD's system of layers for filesytem management) through "How do I set up RAID 10?" through "Here's how to configure things to solve that weird edge-case." Still trying to figure out GUID partitions? I sure was...and then I read Chapter Two. Do you remember disklabels fondly, and wonder whatever happened to them? They're still around, but mainly on embedded systems that still use MBR partitions — so grab this book if you need to deal with them.

The discussion of SMART disk monitoring is one of the best introductions to this subject I've ever read, and should serve *any* sysadmin well, no matter what OS they're dealing with; I plan on keeping it around for reference until we no longer use hard drives. RAID is covered, of course, but so are more complex setups — as well as UFS recovery and repair for when you run into trouble.

Disk encryption gets three chapters (!) full of details on the two methods in FreeBSD, GBDE and GELI. But just as important, Lucas outlines why disk encryption might *not* be the right choice: recovering data can be difficult or impossible, it might get you unwanted attention from adversaries, and it will *not* protect you against, say, an adversary who can put a keylogger on your laptop. If it still make sense to encrypt your hard drive, you'll have the knowledge you need to do the job right.

I said that this covers *almost* everything you need to know, and the big omission here is ZFS. It shows up, but only occasionally and mostly in contrast to other filesystem choices. For example, there's an excellent discussion of why you might want to use FreeBSD's plain UFS filesystem instead of all-singing, all-dancing ZFS. (Answer: modest CPU or RAM, or a need to do things in ways that don't fit in with ZFS, make UFS an excellent choice.) I would have loved to see ZFS covered here — but honestly, that would be a book of its own, and I look forward to seeing one from Lucas someday; when that day comes, it will be a great companion to this book, and I'll have Christmas gifts for all my fellow sysadmins.

One big part of the appeal of this book (and Lucas' writing in general) is that he is clear about the tradeoffs that come with picking one solution over another. He shows you where the sharp edges are, and leaves you well-placed to make the final decision yourself. Whether it's GBDE versus GELI for disk encryption, or what might bite you when enabling soft updates journaling, he makes sure you know what you're getting into. He makes recommendations, but always tells you their limits.

There's also Lucas' usual mastery of writing; well-written explanations with liberal dollops of geek humor that don't distract from the knowledge he's dropping. He's clear, he's thorough, and he's interesting — and that's an amazing thing to say about a book on filesystems.

Finally, the technical review was done by Poul Henning-Kamp; he's a FreeBSD developer who wrote huge parts of the GEOM and GBDE systems mentioned above. That gives me a lot of warm fuzzies about the accuracy of this book.

If you're a FreeBSD (or Linux, or Unix) sysadmin, then you need this book; it has a *lot* of hard-won knowledge, and will save your butt more than you'll be comfortable admitting.

You can purchase FreeBSD Mastery: Storage Essentials from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions." Early Soviet Computing?
by eldavojohn

Alexander Stepanov, I have never had a chance to ask someone as qualified as you about this topic. I grew up on the opposite side of the Iron Curtain and have constantly wondered if (surely there must have been) alternative computing solutions developed in the USSR prior to Elbrus and SPARC. So my question is whether or not you know of any hardware or instruction set alternatives that died on the vine or were never mass fabricated in Soviet times? I don't expect to you to reveal some super advanced or future predicting instruction set but it has always disturbed me that these things aren't documented somewhere -- as you likely know failures can provide more fruit than successes. Failing that, could you offer us any tails of early computing that only seem to run in Russian circles?

If you can suggest references (preferably in English) I would be most appreciative. I know of only one book and it seems to be a singular point of view.

Alex: I'm not sure I have any unique knowledge, but can only describe my own experience. The first computer I used was a mainframe called M-20 (or one of its derivatives). My first programming exam was pass/fail, but I had to take it several times before I passed. I had no idea how to write code -- I didn't attend lectures or participate in labs, and thought I could just study the book and take the test. But programming isn't like that; the only way to learn is to do it.

Then in my first job, I participated in the design of a minicomputer called TA-100 used to control hydroelectric power stations. I was one of thekey designers of the realtime operating system, a contributor to the instruction set, and the lead designer of the programming tools (debugger, assembler, linker, etc.) -- all written in assembly language. The fact that I started at a very low level -- gates and instructions -- continues to be useful to my work even today. About that time, the Soviet Union started copying American designs, but I was very fortunate to be able to design something original from scratch. The head designer of the TA-100, Aleksandr Gurevich, was a great mentor to me. Two of my senior colleagues, Ilya Neistadt and Natalya Davydovskaya, also spent a lot of time trying to teach me all the things I didn't know.

Despite my personal experience (many details of which I've forgotten), I'm not actually an expert on the history of Soviet computing. But there is a good website containing many articles in English about early Soviet computers. One radically different approach was the "Setun" ternary computer. Unfortunately, there is no detailed treatment of Soviet-era computing at the level of detail and insight found in the second ("Computer Zoo") volume of Computer Architecture by Blaauw and Brooks, which provides an exhaustive treatment of Western designs. In general, computer history is an important field and requires great dedication. My friend Paul McJones does a fabulous job on history of programming languages and other software artifacts. See, for example, his history of FORTRAN site. (He also created sites for Lisp and ALGOL.) Sadly, there is no comparable effort on Soviet computing.



Successor to C++
by Anonymous Coward

I remember you wrote that STL has nothing to do with C++, it was a framework for generic programming and that C++ was chosen for its first implementation because it was less deficient for that purpose compared with other commercial programming languages. That implies you'd like to develop a programming language from scratch. Is that so? If so, how is it going?

Alex: In my first experiments in building a component architecture, I tried to design a language from scratch, called Tecton, with Deepak Kapur and Dave Musser. Tecton was my second system (i.e. it suffered from The Mythical-Man Month's "Second System Effect"). It was an extremely high level language indeed, and had concepts, but was unusable for anything practical. Then I implemented a version of the library in Scheme (together with Aaron Kerschenbaum and Dave Musser), and then another version in Ada (with Dave Musser). I was hired by Bell Labs to join their C++ library team in 1987, which was my first exposure to C++. My C and C++ mentor was Andy Koenig, who helped me understand the overall logic of the language. Unfortunately at that time, C++ was not ready for STL.

I returned to the library work in 1993 at HP Labs, together with Meng Lee. C++ had just gotten templates, and we were able to create a large generic library. At Andy Koenig's suggestion, we submitted a version of it for inclusion in the C++ language standard. This became STL.

After STL was accepted into the standard in 1994, I started thinking about designing a minimal programming language that will allow even more intimate access to hardware than C/C++ and also provide support for concepts and generic programming. I was hoping that somebody would fund such an activity. I interviewed with several companies, proposing such a design, but there was no interest. A senior VP at Microsoft told me: "We are not interested in innovating in the direction you suggest." They were "innovating" in the direction of C#, trying to displace Java. The situation now is not any better. There might be some interest eventually, but it will happen after my retirement: I am no longer in the game.



STL
by serviscope_minor

I'm a huge fan of the STL, and I think the design has stood the test of time amazingly well. That said, you now hae a bunch of hindsight. What would you do differently knowing what you know now. Also if you were doing it today and using today's languages, how do you think it would differ?

Alex: STL is the result of many compromises. There was a tension between my research goals for generic programming and getting something approved by the different constituents of the standards committee with diverse technical, business, and personal agendas. Such compromises are inevitable in real life.

Having said that, here are some of the things I would have preferred were different:

As we discuss in From Mathematics to Generic Programming, my original name for iterators was "coordinates" (or more specifically, "linear coordinates"). The standards committee people told me that there was already a name for this concept, "iterator," so I should use that term. They were wrong -- they were confusing my coordinates with heavyweight stateful iterators found in languages such as CLU and Alphard. This unfortunate terminology still often leads to misunderstanding about the concept of iterator in generic programming. Furthermore, as far back as 1987 I knew that linear coordinates (i.e. iterators) were only one kind of coordinate structures, data types that allow one to navigate through data structures. There are coordinate structures that deal with multidimensional arrays, trees, graphs, etc. (See, for example, chapters 7 and 8 of Elements of Programming.)

Also, there are many different types of containers and STL provided only a rudimentary classification. Moreover, containers with ownership semantics constitute only one way of dealing with data structures. There are others. A properly designed library would be based on a far larger set of data structures than what I could include into STL. There are also simple mistakes in algorithmic interfaces. Partition should place non-satisfying elements before satisfying elements. Copy_n should return a pair. I should have included algorithms dealing with integer concepts. I should have resisted the pressure to include allocators.

It would make perfect sense to redesign STL from scratch when they put concepts into C++. I would recommend that a person who decides to do it, should carefully study both Elements of Programming and From Mathematics to Generic Programming. Both of these books expand on these issues.



Re:STL
by Pseudonym

Related question: C++ was originally conceived as "C + Simula", but something that is interesting about the STL is how non-object-oriented it is, in particular using no inheritance. If we were designing a new "better C" today, one that you'd be happy to implement a STL-like system in, knowing what we know now, would we bother with Simula-style objects at all?

Alex: I am still convinced that Simula/C++/Java style inheritance is unsound. I do believe, however, that there is sometimes a need for run-time dispatch. But run time dispatch should be done as a run-time concept dispatch. Imagine, say, writing code in terms of a pointer to forward iterator. One should be able to obtain affiliated types at run time. Eventually languages will unify object-orientation and generic programming, but nobody seems to work on it now.

Dan: Bjarne Stroustrup describes C++ as a multi-paradigm language. The features that support object-oriented programming and the features that support generic programming are, for the most part, independent. That doesn't mean that both sets of features are not useful. Could Alex have designed STL for a language that doesn't have object-oriented features? Sure. But as a programmer, I'm happy that both sets of features are available. Just because object-oriented features are not needed to implement STL doesn't mean they provide no value in the language.

Alex: C++ has evolved over many years, and many of its features (inheritance, templates, exceptions, namespaces, etc.) were incorporated based on other work. As a result, they don't always work well together, and even when they do, it's in a baroque way. Now that we as a community have many years of experience with these features, we could design a minimal language from scratch that incorporates these features in a more concise and elegant way.



Hardware evolution
by jonkalb

The STL is about three decades old. In that time, we've seen both OS and hardware evolution. What is the impact of these changes on how the STL should be used? How would the STL be different if it where implemented targeting modern environments?

Alex: STL is "only" two decades old, but yes, there have been important changes during that period that would lead to some different decisions. STL was actually designed on a Leading Edge PC with no cache and 640K memory. (Our group at HP Labs didn't have enough money in the budget for an HP PC. When HP CEO Lew Platt came to visit me, HP Labs' director rushed in beforehand to hide the Leading Edge PC.)

One of the biggest changes since then has been the growth of caches. Cache misses are very costly, so locality of reference is much more important now. Node-based data structures, which have low locality of reference, make much less sense. If I were designing STL today, I would have a different set of containers. For example, an in-memory B*-tree is a far better choice than a red-black tree for implementing an associative container.

Another change is the increase in pipeline depth and support for unaligned reads. Today it is cheaper to read extra data rather than to have a branch.

Most processors today also support SIMD instructions. Libraries should take advantage of them whenever they can.

Modern applications such as search engines and databases also use lots of collections of very small data items that can be stored compactly without an extra level of indirection by using variable-sized encodings. It is essential that the libraries provide support for these variable-size entities. Dan and I, together with colleagues at A9, worked on this. Sadly enough, we were not able to finish our work, although you can see some relevant code snippets using variable-sized types and a new data structure called "tape" here.



Search seemingly getting worse over time
by TWX

This is more for Daniel Rose, but to what do you attribute the seeming decline in the quality of search results? I used Digital's Alta Vista search engine when it was fairly new and it seemed revolutionary and seemed to provide me with exactly what I wanted. Over time that declined and Alta Vista as it was ceased to be, and Google initially also seemed to provide me with exactly what I wanted. Now it seems like I have to put a whole lot of thought into faking Google into performing a somewhat-boolean-style search for me, and normal boolean expressions themselves no longer seem to work.

Is this the result of attempting to dumb-down the interface for tailored results, or something else or more insidious? Obviously the amount of content on the Internet is growing, but the computing power to process through all of it is growing too, so I would expect it wouldn't be getting this much worse, this quickly.

Dan: This is a huge question, which could be the subject of a whole book by itself. But the short answer is that there are several factors that have made the search experience be (or at least seem) worse. Here are a few:

1. Size of the problem. In the early days of AltaVista, there were around 100,000 web sites. Today there are around a billion. Assuming the number of web pages has grown proportionally to the number of sites, that's a factor of 10^4. Search ranking algorithms have actually been improved a lot -- they might even be 10x better than they were in 1995. But they haven't improved by 10^4x.

2. Complexity of the problem. Originally, web search engines dealt with static HTML pages. Now they are expected to work with many different types of documents in different formats, with users having a much wider variety of search goals. At A9, which provides the search engine for Amazon.com, we optimized the system specifically for product search. Web search engines have to work for all kinds of search.

3. Adversarial relationship between sites and engines. In the early days of web search engines, most web sites were purely informational, and many were run by nonprofit organizations like universities. Even when for-profit companies put up web sites, most were offered as an informational service to their customers -- it was a cost to the company, not a source of revenue. Obviously, all that has changed. Now it's in the interest of most web site providers to drive traffic to their sites. To do that they want to rank higher in search results -- often even for queries where their content is not relevant. So there is basically an arms race between search companies, which want to accurately rank results by relevance, and so-called search engine optimizers, who want their clients' pages to rank higher regardless of relevance. This leads to all kinds of spam.

4. Business model. The invention of search advertising by Overture, and its adoption by Google and others, meant that it was more profitable to show an ad than an organic search result. I know of specific instances where search engine companies chose not to deploy relevance improvements, because that would reduce revenue (more people would click on the results, and fewer on the ads). Even if a company tries to have a separation between their relevance and advertising teams, it is very hard to serve two masters.

Regarding the use of boolean expressions, there is evidence both from cognitive psychology and from information retrieval research that most people don't understand boolean logic, and that this misunderstanding leads to worse results. So I claim that Google's decision to stop interpreting certain words and symbols as boolean operators is good user-centered design, not "dumbing down" -- but I wish they still provided an advanced search option for those who want it.

If you're interested in learning more about search user issues in particular, here's a lecture I gave at UC Berkeley about 10 years ago on that topic.



Re:Search seemingly getting worse over time
by MouseTheLuckyDog

I was wondering something similar. Often times recent news tends to overshadow search results.

Let me give a practical example. Grand Jury. proceedings have undergone serious reform since the 70s. In some states a target can demand to appear before the Grand Jury. In some states a No Bill precludes the State from representing the case. In others there must be clear new evidence before a case can be represented. I know one state has a three strikes rules for GJ proceedings ( sorry don't remember which).

The day before the Michael Brown shooting, a search on Grand Jury Missouri would have found several articles on the specific laws to Grand Jury proceedings in Missouri. The day the DA announced he would present the case to a Grand Jury, the same search gets hundreds of articles on news story about Michael Brown and Grand Jury proceedings, but it becomes impossible to find those same scholarly articles about the peculiarity of Missouri Grand Jury proceedings. Not even the relevant statutes from the state website. What can be done to mitigate this effect?

Dan: This is a good illustration of what a complex problem search is. There are two issues here: First, should search results change in response to news events? I think so; in your example, it's almost certainly what the majority of users are looking for.

Second, how can the search engine make sure that *other* relevant results are also findable? One way is to make sure that the results address a diversity of user intents. When I was at AltaVista and Yahoo, we did some research on how to identify different user intents and how to make sure the results were not dominated by just one. The query "grand jury Missouri" has at least two obvious intents: "give me information about the grand jury system in Missouri" and "tell me what is going on with the particular grand jury investigating Michael Brown's death."

There are techniques that can do this diversification, and some search engines use some of them. But perhaps a better approach is to recognize that information-seeking is a process, not a magic oracle. Search engines should be designed to facilitate a kind of dialogue with the user. At AltaVista, we had a feature called "Prisma" that would show 12 related queries right below the search box -- not just queries that shared substrings with what the user has typed (like autocomplete), but queries that were about the range of different topics discussed in the actual pages. So for the query "grand jury Missouri," one suggestion might be "Michael Brown news" and another might be "grand jury statute Missouri".

My advice to intelligent search users is to to imagine what terminology would be used in a hypothetical good result on your intended topic, and use those words. If you want to find information about the legal basis of the grand jury system in Missouri, don't just type "grand jury Missouri," type "grand jury statute Missouri." When I do that query today on Google, I get a 2009 publication from the state of Missouri explaining the grand jury process, and the text of the actual statute, both on the first page of results.



What's your time like?
by mlheur

How much of your time do you dedicate to computing vs doing other things; what are your other hobbies or is the work you do also your play time?

Alex: Over the course of my life I have gradually narrowed my focus to spending time on the few items that, to me, are the essential examples of their category. These are things that stood the test of time; I re-read the books I already have read; I listen to music I have listened many times before; etc, etc. Yes, there is a chance that I will miss a new Mozart or Euclid, but it is a chance I am willing to take. Also, like the Pythagoreans of old, I view these as part of a unity: music reflects mathematics, literature is connected with history, etc. My work and my play and my life are inseparable. This unity is also reflected in From Mathematics to Generic Programming, which blends math, programming, history, and sometimes philosophy and art. Here are some of my favorites:

Literature: Greek and Roman classics: Homer, Plato, Ovid, Seneca; Bible; "modern" novels from Swift and Sterne to Dickens and Anthony Trollope. Math and science classics: Euclid, Euler, Gauss, Poincare. I still use printed books, not e-books.

Music: Bach, Mozart, Beethoven, Schubert, Wagner, and Mahler. I tend to listen to many different interpretations of the same piece. I do not use MP3s or streaming music, but CDs and, recently, SACDs.

Movies and TV: Chaplin, Marx Brothers, Kurosawa, Satyajit Ray, Kenneth Clark's Civilization, Peter Brook's Mahabharata, Brideshead Revisited, Royal Shakespeare Company production of Nicholas Nickelby, Maigret with Bruno Cremer. I am a blu-ray enthusiast. I do not use Netflix or Amazon Instant Video.

I love dogs, especially Welsh corgis; I spend 1-2 hours a day walking my dog Maxwell. I no longer eat meat or milk. I have been very happily married for 45 years; my wife Helen is my closest friend. We are practicing Roman Catholics, go to church on Sundays and holidays of obligation and try to keep the commandments. Our political views are in line with Pope Francis: we believe in having an economically just society.

Dan: Ironically, during much of my career as a researcher and engineering manager, I had fairly little time for programming. But now that I am not currently working full time, one of the things I've been doing for fun is programming -- learning iOS development and writing a musical iPhone app. I also enjoy playing very basic guitar and piano, reading, and lately, writing fiction. I try to alternate between reading nonfiction and fiction. The last books I read are The Swerve: How the World Became Modern by Stephen Greenblatt (about how the rediscovery of an ancient Roman poem helped spur the Renaissance) and Dave Eggers' novel The Circle (a cautionary tale about social networking and privacy, which should be required reading for everyone who works at Facebook, Google, and Apple).



Re:ack-nak
by blue trane

When will programming evolve to use subject-predicate syntax, rather than function-argument? Function-argument goes back (at least) to Frege, and his prejudices against subject-predicate syntax (which dominates natural languages). But isn't changePassword(a,b) more ambiguous than "change the password from a to b"? Don't we get an "information gain" effect from using a syntax we are familiar with outside of programming? When you first come to a function-argument command such as (in Oz, which is used in the Paradigms of Computer Programming MOOC) {Push S X}, there is maximum entropy as to whether S is pushed, or pushed onto. "Push X onto S" has no entropy; you know immediately, from the syntax alone, what is pushed onto what.

Dan: I think you need to decouple your argument about entropy with your argument about subject-predicate syntax. IIRC, stack-based languages like Forth and Postscript (and old HP scientific calculators) had completely unambiguous syntax. You either push something on the stack or perform an operation on the required number of arguments at the top of the stack. But these are not subject-predicate syntax languages. So there is more than one way to have what you call no-entropy syntax. Another way to avoid ambiguity is to require that argument names be part of the function name, as Smalltalk and Objective-C do. Then instead of your function call being changePassword(a, b), it's [foo changePasswordFrom:a to:b] (where foo is the object getting the message).

Separate from the entropy issue, is there a cognitive benefit from having programming languages use syntax familiar from natural languages? Perhaps, but which natural language's syntax will you use? Many languages (e.g. Japanese) use a subject-object-verb syntax, while English uses subject-verb-object. Romance languages use SOV some of the time (e.g. with pronouns) and SVO the rest of the time. Talk about ambiguous argument order!

Furthermore, natural languages have evolved to convey all kinds of nuances and deliberate ambiguities that make it hard to specify anything precisely. As a small example, the English meaning of "and" and "or" is quite different from their Boolean interpretation. (If the waiter says that breakfast comes with juice or coffee, getting both is not an option.)

The business application language COBOL (the most popular language of the 1970s) was supposed to have "English-like" syntax, with expressions like "add 1 to x." I'm skeptical that this syntax made programming any easier, but it did lead to this old joke: "Did you hear about the new version of COBOL? It's called ADD 1 TO COBOL."

My opinion is that we will always have different languages with different styles of syntax, to meet the needs of different communities of programmers.



Why is Generic Programming often second class?
by Anonymous Coward

We see many programming languages with at least some support for Generics, but usually as a second class citizen, and often added as an afterthought in later releases, and subordinate to some other programming paradigm. Java is primarily OO, with generics added later. C# is also primarily OO, though with generic support. It took C++ several iterations to get generics, and C++ is "multi paradigm". Go doesn't have generics, and doesn't seem like it will not a while.

It seems to me like generic programming is sufficiently powerful as a paradigm to not need other paradigms like OO in the same language. In fact, in many ways, OO, which ties together data and algorithms, seems antithetical to generic programming. So, do you see a possibility of a programming language whose primary paradigm is generic programming? Why do language designers not get generics into the first releases of their languages, even now, when the issues would seem to be well known? What would such a language look like?

Alex: To design a language for generic programming, one needs to learn to program generically. One has to write lots of code before things become clear. In the Appendix B of Elements of Programming, Sean Parent and Bjarne Stroustrup outlined a minimal language needed for programming. The appendix is about 8 pages long. To make it real, it probably needs to grow by a factor of 3. So, something like 25 pages should be sufficient. I am too old to do it, but I wish that someone would try.

A more difficult problem is not to design the language: C++, after all, contains most of the things needed. The problem is to teach programmers to think abstractly. And that is a very difficult task. I do not know a single university where one could even learn the preliminaries: understanding the machine, and understanding abstract mathematics. Our new book, From Mathematics to Generic Programming, is an attempt to sketch what is needed. Hopefully some school will try to teach both assembly level programming and abstract algebra.

An even harder problem is to convince the software industry to build software out of carefully designed components. What I see, however, is the movement in the opposite direction. Hand-crafted, one-off, undisciplined code is impossible to replicate. Adobe did a fabulous job specifying Postscript; that allowed Peter Deutsch to single-handedly produce Ghostscript. Now Adobe is not going to specify Photoshop's behavior. Let the Gimp guys try to replicate it. While Linus Torvalds was able to replicate Unix from the carefully written System V interface definitions, no one could replicate Windows: being nonstandard creates barriers to entry. There are grave economic reasons making any progress unlikely while undisciplined programmers generate huge amount of capital. It's analogous to the programmer whose terrible spaghetti code gives him job security, since no one else can understand it.

Dan: The idea that object-oriented programming and generic programming are competing paradigms is, in my opinion, mistaken. They are really orthogonal approaches. As we discuss in our book, generic programming is really an attitude. This attitude is useful whether you are using an object-oriented approach or not.

I would love to have a real-world, efficient, popular language that supports generic programming -- including concepts, in particular -- as first-class features. But I see no reason why this language shouldn't also support OOP.

samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions." Early Soviet Computing?
by eldavojohn

Alexander Stepanov, I have never had a chance to ask someone as qualified as you about this topic. I grew up on the opposite side of the Iron Curtain and have constantly wondered if (surely there must have been) alternative computing solutions developed in the USSR prior to Elbrus and SPARC. So my question is whether or not you know of any hardware or instruction set alternatives that died on the vine or were never mass fabricated in Soviet times? I don't expect to you to reveal some super advanced or future predicting instruction set but it has always disturbed me that these things aren't documented somewhere -- as you likely know failures can provide more fruit than successes. Failing that, could you offer us any tails of early computing that only seem to run in Russian circles?

If you can suggest references (preferably in English) I would be most appreciative. I know of only one book and it seems to be a singular point of view.

Alex: I'm not sure I have any unique knowledge, but can only describe my own experience. The first computer I used was a mainframe called M-20 (or one of its derivatives). My first programming exam was pass/fail, but I had to take it several times before I passed. I had no idea how to write code -- I didn't attend lectures or participate in labs, and thought I could just study the book and take the test. But programming isn't like that; the only way to learn is to do it.

Then in my first job, I participated in the design of a minicomputer called TA-100 used to control hydroelectric power stations. I was one of thekey designers of the realtime operating system, a contributor to the instruction set, and the lead designer of the programming tools (debugger, assembler, linker, etc.) -- all written in assembly language. The fact that I started at a very low level -- gates and instructions -- continues to be useful to my work even today. About that time, the Soviet Union started copying American designs, but I was very fortunate to be able to design something original from scratch. The head designer of the TA-100, Aleksandr Gurevich, was a great mentor to me. Two of my senior colleagues, Ilya Neistadt and Natalya Davydovskaya, also spent a lot of time trying to teach me all the things I didn't know.

Despite my personal experience (many details of which I've forgotten), I'm not actually an expert on the history of Soviet computing. But there is a good website containing many articles in English about early Soviet computers. One radically different approach was the "Setun" ternary computer. Unfortunately, there is no detailed treatment of Soviet-era computing at the level of detail and insight found in the second ("Computer Zoo") volume of Computer Architecture by Blaauw and Brooks, which provides an exhaustive treatment of Western designs. In general, computer history is an important field and requires great dedication. My friend Paul McJones does a fabulous job on history of programming languages and other software artifacts. See, for example, his history of FORTRAN site. (He also created sites for Lisp and ALGOL.) Sadly, there is no comparable effort on Soviet computing.



Successor to C++
by Anonymous Coward

I remember you wrote that STL has nothing to do with C++, it was a framework for generic programming and that C++ was chosen for its first implementation because it was less deficient for that purpose compared with other commercial programming languages. That implies you'd like to develop a programming language from scratch. Is that so? If so, how is it going?

Alex: In my first experiments in building a component architecture, I tried to design a language from scratch, called Tecton, with Deepak Kapur and Dave Musser. Tecton was my second system (i.e. it suffered from The Mythical-Man Month's "Second System Effect"). It was an extremely high level language indeed, and had concepts, but was unusable for anything practical. Then I implemented a version of the library in Scheme (together with Aaron Kerschenbaum and Dave Musser), and then another version in Ada (with Dave Musser). I was hired by Bell Labs to join their C++ library team in 1987, which was my first exposure to C++. My C and C++ mentor was Andy Koenig, who helped me understand the overall logic of the language. Unfortunately at that time, C++ was not ready for STL.

I returned to the library work in 1993 at HP Labs, together with Meng Lee. C++ had just gotten templates, and we were able to create a large generic library. At Andy Koenig's suggestion, we submitted a version of it for inclusion in the C++ language standard. This became STL.

After STL was accepted into the standard in 1994, I started thinking about designing a minimal programming language that will allow even more intimate access to hardware than C/C++ and also provide support for concepts and generic programming. I was hoping that somebody would fund such an activity. I interviewed with several companies, proposing such a design, but there was no interest. A senior VP at Microsoft told me: "We are not interested in innovating in the direction you suggest." They were "innovating" in the direction of C#, trying to displace Java. The situation now is not any better. There might be some interest eventually, but it will happen after my retirement: I am no longer in the game.



STL
by serviscope_minor

I'm a huge fan of the STL, and I think the design has stood the test of time amazingly well. That said, you now hae a bunch of hindsight. What would you do differently knowing what you know now. Also if you were doing it today and using today's languages, how do you think it would differ?

Alex: STL is the result of many compromises. There was a tension between my research goals for generic programming and getting something approved by the different constituents of the standards committee with diverse technical, business, and personal agendas. Such compromises are inevitable in real life.

Having said that, here are some of the things I would have preferred were different:

As we discuss in From Mathematics to Generic Programming, my original name for iterators was "coordinates" (or more specifically, "linear coordinates"). The standards committee people told me that there was already a name for this concept, "iterator," so I should use that term. They were wrong -- they were confusing my coordinates with heavyweight stateful iterators found in languages such as CLU and Alphard. This unfortunate terminology still often leads to misunderstanding about the concept of iterator in generic programming. Furthermore, as far back as 1987 I knew that linear coordinates (i.e. iterators) were only one kind of coordinate structures, data types that allow one to navigate through data structures. There are coordinate structures that deal with multidimensional arrays, trees, graphs, etc. (See, for example, chapters 7 and 8 of Elements of Programming.)

Also, there are many different types of containers and STL provided only a rudimentary classification. Moreover, containers with ownership semantics constitute only one way of dealing with data structures. There are others. A properly designed library would be based on a far larger set of data structures than what I could include into STL. There are also simple mistakes in algorithmic interfaces. Partition should place non-satisfying elements before satisfying elements. Copy_n should return a pair. I should have included algorithms dealing with integer concepts. I should have resisted the pressure to include allocators.

It would make perfect sense to redesign STL from scratch when they put concepts into C++. I would recommend that a person who decides to do it, should carefully study both Elements of Programming and From Mathematics to Generic Programming. Both of these books expand on these issues.



Re:STL
by Pseudonym

Related question: C++ was originally conceived as "C + Simula", but something that is interesting about the STL is how non-object-oriented it is, in particular using no inheritance. If we were designing a new "better C" today, one that you'd be happy to implement a STL-like system in, knowing what we know now, would we bother with Simula-style objects at all?

Alex: I am still convinced that Simula/C++/Java style inheritance is unsound. I do believe, however, that there is sometimes a need for run-time dispatch. But run time dispatch should be done as a run-time concept dispatch. Imagine, say, writing code in terms of a pointer to forward iterator. One should be able to obtain affiliated types at run time. Eventually languages will unify object-orientation and generic programming, but nobody seems to work on it now.

Dan: Bjarne Stroustrup describes C++ as a multi-paradigm language. The features that support object-oriented programming and the features that support generic programming are, for the most part, independent. That doesn't mean that both sets of features are not useful. Could Alex have designed STL for a language that doesn't have object-oriented features? Sure. But as a programmer, I'm happy that both sets of features are available. Just because object-oriented features are not needed to implement STL doesn't mean they provide no value in the language.

Alex: C++ has evolved over many years, and many of its features (inheritance, templates, exceptions, namespaces, etc.) were incorporated based on other work. As a result, they don't always work well together, and even when they do, it's in a baroque way. Now that we as a community have many years of experience with these features, we could design a minimal language from scratch that incorporates these features in a more concise and elegant way.



Hardware evolution
by jonkalb

The STL is about three decades old. In that time, we've seen both OS and hardware evolution. What is the impact of these changes on how the STL should be used? How would the STL be different if it where implemented targeting modern environments?

Alex: STL is "only" two decades old, but yes, there have been important changes during that period that would lead to some different decisions. STL was actually designed on a Leading Edge PC with no cache and 640K memory. (Our group at HP Labs didn't have enough money in the budget for an HP PC. When HP CEO Lew Platt came to visit me, HP Labs' director rushed in beforehand to hide the Leading Edge PC.)

One of the biggest changes since then has been the growth of caches. Cache misses are very costly, so locality of reference is much more important now. Node-based data structures, which have low locality of reference, make much less sense. If I were designing STL today, I would have a different set of containers. For example, an in-memory B*-tree is a far better choice than a red-black tree for implementing an associative container.

Another change is the increase in pipeline depth and support for unaligned reads. Today it is cheaper to read extra data rather than to have a branch.

Most processors today also support SIMD instructions. Libraries should take advantage of them whenever they can.

Modern applications such as search engines and databases also use lots of collections of very small data items that can be stored compactly without an extra level of indirection by using variable-sized encodings. It is essential that the libraries provide support for these variable-size entities. Dan and I, together with colleagues at A9, worked on this. Sadly enough, we were not able to finish our work, although you can see some relevant code snippets using variable-sized types and a new data structure called "tape" here.



Search seemingly getting worse over time
by TWX

This is more for Daniel Rose, but to what do you attribute the seeming decline in the quality of search results? I used Digital's Alta Vista search engine when it was fairly new and it seemed revolutionary and seemed to provide me with exactly what I wanted. Over time that declined and Alta Vista as it was ceased to be, and Google initially also seemed to provide me with exactly what I wanted. Now it seems like I have to put a whole lot of thought into faking Google into performing a somewhat-boolean-style search for me, and normal boolean expressions themselves no longer seem to work.

Is this the result of attempting to dumb-down the interface for tailored results, or something else or more insidious? Obviously the amount of content on the Internet is growing, but the computing power to process through all of it is growing too, so I would expect it wouldn't be getting this much worse, this quickly.

Dan: This is a huge question, which could be the subject of a whole book by itself. But the short answer is that there are several factors that have made the search experience be (or at least seem) worse. Here are a few:

1. Size of the problem. In the early days of AltaVista, there were around 100,000 web sites. Today there are around a billion. Assuming the number of web pages has grown proportionally to the number of sites, that's a factor of 10^4. Search ranking algorithms have actually been improved a lot -- they might even be 10x better than they were in 1995. But they haven't improved by 10^4x.

2. Complexity of the problem. Originally, web search engines dealt with static HTML pages. Now they are expected to work with many different types of documents in different formats, with users having a much wider variety of search goals. At A9, which provides the search engine for Amazon.com, we optimized the system specifically for product search. Web search engines have to work for all kinds of search.

3. Adversarial relationship between sites and engines. In the early days of web search engines, most web sites were purely informational, and many were run by nonprofit organizations like universities. Even when for-profit companies put up web sites, most were offered as an informational service to their customers -- it was a cost to the company, not a source of revenue. Obviously, all that has changed. Now it's in the interest of most web site providers to drive traffic to their sites. To do that they want to rank higher in search results -- often even for queries where their content is not relevant. So there is basically an arms race between search companies, which want to accurately rank results by relevance, and so-called search engine optimizers, who want their clients' pages to rank higher regardless of relevance. This leads to all kinds of spam.

4. Business model. The invention of search advertising by Overture, and its adoption by Google and others, meant that it was more profitable to show an ad than an organic search result. I know of specific instances where search engine companies chose not to deploy relevance improvements, because that would reduce revenue (more people would click on the results, and fewer on the ads). Even if a company tries to have a separation between their relevance and advertising teams, it is very hard to serve two masters.

Regarding the use of boolean expressions, there is evidence both from cognitive psychology and from information retrieval research that most people don't understand boolean logic, and that this misunderstanding leads to worse results. So I claim that Google's decision to stop interpreting certain words and symbols as boolean operators is good user-centered design, not "dumbing down" -- but I wish they still provided an advanced search option for those who want it.

If you're interested in learning more about search user issues in particular, here's a lecture I gave at UC Berkeley about 10 years ago on that topic.



Re:Search seemingly getting worse over time
by MouseTheLuckyDog

I was wondering something similar. Often times recent news tends to overshadow search results.

Let me give a practical example. Grand Jury. proceedings have undergone serious reform since the 70s. In some states a target can demand to appear before the Grand Jury. In some states a No Bill precludes the State from representing the case. In others there must be clear new evidence before a case can be represented. I know one state has a three strikes rules for GJ proceedings ( sorry don't remember which).

The day before the Michael Brown shooting, a search on Grand Jury Missouri would have found several articles on the specific laws to Grand Jury proceedings in Missouri. The day the DA announced he would present the case to a Grand Jury, the same search gets hundreds of articles on news story about Michael Brown and Grand Jury proceedings, but it becomes impossible to find those same scholarly articles about the peculiarity of Missouri Grand Jury proceedings. Not even the relevant statutes from the state website. What can be done to mitigate this effect?

Dan: This is a good illustration of what a complex problem search is. There are two issues here: First, should search results change in response to news events? I think so; in your example, it's almost certainly what the majority of users are looking for.

Second, how can the search engine make sure that *other* relevant results are also findable? One way is to make sure that the results address a diversity of user intents. When I was at AltaVista and Yahoo, we did some research on how to identify different user intents and how to make sure the results were not dominated by just one. The query "grand jury Missouri" has at least two obvious intents: "give me information about the grand jury system in Missouri" and "tell me what is going on with the particular grand jury investigating Michael Brown's death."

There are techniques that can do this diversification, and some search engines use some of them. But perhaps a better approach is to recognize that information-seeking is a process, not a magic oracle. Search engines should be designed to facilitate a kind of dialogue with the user. At AltaVista, we had a feature called "Prisma" that would show 12 related queries right below the search box -- not just queries that shared substrings with what the user has typed (like autocomplete), but queries that were about the range of different topics discussed in the actual pages. So for the query "grand jury Missouri," one suggestion might be "Michael Brown news" and another might be "grand jury statute Missouri".

My advice to intelligent search users is to to imagine what terminology would be used in a hypothetical good result on your intended topic, and use those words. If you want to find information about the legal basis of the grand jury system in Missouri, don't just type "grand jury Missouri," type "grand jury statute Missouri." When I do that query today on Google, I get a 2009 publication from the state of Missouri explaining the grand jury process, and the text of the actual statute, both on the first page of results.



What's your time like?
by mlheur

How much of your time do you dedicate to computing vs doing other things; what are your other hobbies or is the work you do also your play time?

Alex: Over the course of my life I have gradually narrowed my focus to spending time on the few items that, to me, are the essential examples of their category. These are things that stood the test of time; I re-read the books I already have read; I listen to music I have listened many times before; etc, etc. Yes, there is a chance that I will miss a new Mozart or Euclid, but it is a chance I am willing to take. Also, like the Pythagoreans of old, I view these as part of a unity: music reflects mathematics, literature is connected with history, etc. My work and my play and my life are inseparable. This unity is also reflected in From Mathematics to Generic Programming, which blends math, programming, history, and sometimes philosophy and art. Here are some of my favorites:

Literature: Greek and Roman classics: Homer, Plato, Ovid, Seneca; Bible; "modern" novels from Swift and Sterne to Dickens and Anthony Trollope. Math and science classics: Euclid, Euler, Gauss, Poincare. I still use printed books, not e-books.

Music: Bach, Mozart, Beethoven, Schubert, Wagner, and Mahler. I tend to listen to many different interpretations of the same piece. I do not use MP3s or streaming music, but CDs and, recently, SACDs.

Movies and TV: Chaplin, Marx Brothers, Kurosawa, Satyajit Ray, Kenneth Clark's Civilization, Peter Brook's Mahabharata, Brideshead Revisited, Royal Shakespeare Company production of Nicholas Nickelby, Maigret with Bruno Cremer. I am a blu-ray enthusiast. I do not use Netflix or Amazon Instant Video.

I love dogs, especially Welsh corgis; I spend 1-2 hours a day walking my dog Maxwell. I no longer eat meat or milk. I have been very happily married for 45 years; my wife Helen is my closest friend. We are practicing Roman Catholics, go to church on Sundays and holidays of obligation and try to keep the commandments. Our political views are in line with Pope Francis: we believe in having an economically just society.

Dan: Ironically, during much of my career as a researcher and engineering manager, I had fairly little time for programming. But now that I am not currently working full time, one of the things I've been doing for fun is programming -- learning iOS development and writing a musical iPhone app. I also enjoy playing very basic guitar and piano, reading, and lately, writing fiction. I try to alternate between reading nonfiction and fiction. The last books I read are The Swerve: How the World Became Modern by Stephen Greenblatt (about how the rediscovery of an ancient Roman poem helped spur the Renaissance) and Dave Eggers' novel The Circle (a cautionary tale about social networking and privacy, which should be required reading for everyone who works at Facebook, Google, and Apple).



Re:ack-nak
by blue trane

When will programming evolve to use subject-predicate syntax, rather than function-argument? Function-argument goes back (at least) to Frege, and his prejudices against subject-predicate syntax (which dominates natural languages). But isn't changePassword(a,b) more ambiguous than "change the password from a to b"? Don't we get an "information gain" effect from using a syntax we are familiar with outside of programming? When you first come to a function-argument command such as (in Oz, which is used in the Paradigms of Computer Programming MOOC) {Push S X}, there is maximum entropy as to whether S is pushed, or pushed onto. "Push X onto S" has no entropy; you know immediately, from the syntax alone, what is pushed onto what.

Dan: I think you need to decouple your argument about entropy with your argument about subject-predicate syntax. IIRC, stack-based languages like Forth and Postscript (and old HP scientific calculators) had completely unambiguous syntax. You either push something on the stack or perform an operation on the required number of arguments at the top of the stack. But these are not subject-predicate syntax languages. So there is more than one way to have what you call no-entropy syntax. Another way to avoid ambiguity is to require that argument names be part of the function name, as Smalltalk and Objective-C do. Then instead of your function call being changePassword(a, b), it's [foo changePasswordFrom:a to:b] (where foo is the object getting the message).

Separate from the entropy issue, is there a cognitive benefit from having programming languages use syntax familiar from natural languages? Perhaps, but which natural language's syntax will you use? Many languages (e.g. Japanese) use a subject-object-verb syntax, while English uses subject-verb-object. Romance languages use SOV some of the time (e.g. with pronouns) and SVO the rest of the time. Talk about ambiguous argument order!

Furthermore, natural languages have evolved to convey all kinds of nuances and deliberate ambiguities that make it hard to specify anything precisely. As a small example, the English meaning of "and" and "or" is quite different from their Boolean interpretation. (If the waiter says that breakfast comes with juice or coffee, getting both is not an option.)

The business application language COBOL (the most popular language of the 1970s) was supposed to have "English-like" syntax, with expressions like "add 1 to x." I'm skeptical that this syntax made programming any easier, but it did lead to this old joke: "Did you hear about the new version of COBOL? It's called ADD 1 TO COBOL."

My opinion is that we will always have different languages with different styles of syntax, to meet the needs of different communities of programmers.



Why is Generic Programming often second class?
by Anonymous Coward

We see many programming languages with at least some support for Generics, but usually as a second class citizen, and often added as an afterthought in later releases, and subordinate to some other programming paradigm. Java is primarily OO, with generics added later. C# is also primarily OO, though with generic support. It took C++ several iterations to get generics, and C++ is "multi paradigm". Go doesn't have generics, and doesn't seem like it will not a while.

It seems to me like generic programming is sufficiently powerful as a paradigm to not need other paradigms like OO in the same language. In fact, in many ways, OO, which ties together data and algorithms, seems antithetical to generic programming. So, do you see a possibility of a programming language whose primary paradigm is generic programming? Why do language designers not get generics into the first releases of their languages, even now, when the issues would seem to be well known? What would such a language look like?

Alex: To design a language for generic programming, one needs to learn to program generically. One has to write lots of code before things become clear. In the Appendix B of Elements of Programming, Sean Parent and Bjarne Stroustrup outlined a minimal language needed for programming. The appendix is about 8 pages long. To make it real, it probably needs to grow by a factor of 3. So, something like 25 pages should be sufficient. I am too old to do it, but I wish that someone would try.

A more difficult problem is not to design the language: C++, after all, contains most of the things needed. The problem is to teach programmers to think abstractly. And that is a very difficult task. I do not know a single university where one could even learn the preliminaries: understanding the machine, and understanding abstract mathematics. Our new book, From Mathematics to Generic Programming, is an attempt to sketch what is needed. Hopefully some school will try to teach both assembly level programming and abstract algebra.

An even harder problem is to convince the software industry to build software out of carefully designed components. What I see, however, is the movement in the opposite direction. Hand-crafted, one-off, undisciplined code is impossible to replicate. Adobe did a fabulous job specifying Postscript; that allowed Peter Deutsch to single-handedly produce Ghostscript. Now Adobe is not going to specify Photoshop's behavior. Let the Gimp guys try to replicate it. While Linus Torvalds was able to replicate Unix from the carefully written System V interface definitions, no one could replicate Windows: being nonstandard creates barriers to entry. There are grave economic reasons making any progress unlikely while undisciplined programmers generate huge amount of capital. It's analogous to the programmer whose terrible spaghetti code gives him job security, since no one else can understand it.

Dan: The idea that object-oriented programming and generic programming are competing paradigms is, in my opinion, mistaken. They are really orthogonal approaches. As we discuss in our book, generic programming is really an attitude. This attitude is useful whether you are using an object-oriented approach or not.

I would love to have a real-world, efficient, popular language that supports generic programming -- including concepts, in particular -- as first-class features. But I see no reason why this language shouldn't also support OOP.

An anonymous reader writes: For years, the Deluxe edition of TurboTax was enough for investors and the self-employed to do their taxes. With this year's edition, Intuit removed Schedules C, D, and E, covering self-employment, investment income and asset depreciation. Those features now require an extra charge of $40. The company is getting murdered on Amazon reviews for it, with 900 users giving the software a 1-star rating.

MassDosage writes "At the the risk of exposing my age I remember building my first website using a rudimentary Unix text editor (Joe) and carefully handcrafting the Hypertext Markup Language (HTML) while directly logged on to the web server it was being served from. Back then Cascading Style Sheets (CSS) weren't even a glint in the eyes of their creators. A lot has changed and there's now a world of fancy WYSIWYG web page editors to choose from as well as Content Management Systems that allow you to create websites without looking at the underlying code at all. While this is all very useful and allows less technical people to create websites I still feel that having at least some knowledge of how everything works under the hood is empowering — especially in situations where you want to go beyond the limits placed on you by a certain tool. This is where Build Your Own Website: A comic guide to HTML, CSS and Wordpress comes into the picture. Its aim is to enable people new to web development to learn the subject by teaching the fundamentals of HTML and CSS first and only then describing how to use a Content Management System (CMS) — in this case Wordpress. While Wordpress might not be everyone's kettle of fish it's a good choice as an example of a modern CMS that is easily accessible and very popular. The concepts presented are simple enough that it should be easy enough for a reader to apply them to a different CMS should they want to. Read below for The rest of MassDosage's review. Build Your Own Website: A Comic Guide to HTML, CSS, and WordPress author Nate Cooper and Kim Gee pages 264 publisher No Starch Press rating 7.5/10 reviewer MassDosage ISBN 1593275226 summary An illustrated introduction to the basics of creating a website To be clear, this book is intended for people who have little to no experience building websites and it is appropriately written in a non-formal, fun and non-threatening manner. Each chapter has the same format where a topic is initially covered at a high level in the form of a cartoon that is really easy to grasp. This is then followed by a more in-depth repetition of the same content using more "traditional" text and diagrams. Most chapters then end with a summary of the key points which can be used as a simple reference. This layout means that if you're a quick learner or are familiar with some of the concepts you can just read the comic section and then try implementing the material covered on your own. On the other hand if you want more information and depth you can read the text that follows.The material is presented in such a way that it should be easy for the reader to "learn by doing" as they copy or modify what the main character in the cartoon does (in this case building a website for her photography portfolio). All that's needed to get started is a browser, a text editor and some knowledge of how to organize files on a file system. This coverage of raw HTML and CSS may sound off-putting to non-technical people but it's presented in such a simple manner that pretty much anyone should be able to follow along. The benefit of this "back to the basics" approach is that one is not limited to using only a certain piece of software and instead the fundamentals can be applied to other tools later.

The book provides a good introduction to HTML and describes some useful tags that can be used to start creating a simple website. CSS are explained in a similar manner and the reader is shown how they can be used to easily change the look of a website. These two technologies are the bedrock on top of which pretty much all web development rests and thus understanding them is a prerequisite for anyone wanting to create their own websites. The book also does a good job of showing how a content management system like Wordpress builds on top of these foundations and how you can still get to the underlying HTML and CSS should you want to (as well as why this might be useful if you want to modify something that Wordpress does or doesn't do). On the Wordpress front the basics are covered — from creating pages and page hierarchies to how these can be categorized and grouped. Unfortunately when going into more detail on this topic things lose a bit of coherence. Wordpress is obviously a big beast which has entire books devoted to it and cramming in a summary of it means having to leave out a lot. It seems as if the author might have had to trim these sections down and this has resulted in the text feeling a bit rushed and confusing which is in contrast with the rest of the book where the topics are covered in a slower and more detailed manner. Any book that describes using a piece of software like Wordpress to the level of explaining how to point and click one's way through certain step risks becoming outdated as the software changes in future. For the most part this shouldn't be too much of an issue as Wordpress isn't covered in too much detail but it does mean that this book probably won't be a reference you still use in five year's time.

On the whole Build Your Own Website: A Comic Guide to HTML, CSS, and WordPress succeeds in its goal of presenting a gentle learning curve and guiding people through what is needed to create a website from scratch. It is just technical enough that readers should be able to understand the fundamentals of what they are doing while being non-intimidating and introducing concepts at a relaxed and fun pace via the comic format. By the end of this book readers should have a solid grasp of the basics of website creation and be able to set up a simple site themselves, either by coding this up in HTML and CSS directly or by using Wordpress. For anything more advanced one would need to move on to other books or self-teaching but this book is a great starting point if you're new to the subject.

You can purchase Build Your Own Website: A Comic Guide to HTML, CSS, and WordPress from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

With the holidays coming up, Bennett Haselton has updated his geek-oriented gift guide for 2014. He says: Some of my favorite gifts to give are still the ones that were listed in several different previously written posts, while a few new cool gift ideas emerged in 2014. Here are all my current best recommendations, listed in one place. Read on for the list, or to share any suggestions of your own.

Most annual gift guides would only list new items. It would be considered a mortal sin of click-baiting to tell the reader, "Well, the coolest stuff we could tell you about, was stuff that we mentioned this time last year, so first and foremost we're just going to direct you to that."

Well, my job in writing a gift guide is not to dazzle people with "all new hottest gift item" recommendations, my job is to recommend the things that I think you would most enjoy giving and the recipient would most enjoy receiving, and the fact of the matter is that most of the gifts I would most highly recommend, were listed in different previously written articles. I'll provide that list in a second (with links back to the older articles describing them in more detail), but first some criteria for how I make the recommendations.

First, I'm assuming you want to go inexpensive. If you have unlimited cash, you don't need my help finding cool presents -- although for the record, the online store of New York's Museum of Modern Art has the best collection of things that incorporate "visual puns" that I really like, but which are usually overpriced for what the item does. (Check out this image of a set of nesting tables, for example -- which isn't even that much of a "neat idea", by their standards -- and try to guess how much they cost, before looking at the answer on the product page.) If you don't mind spending the money, they also sell a dandelion encased in acrylic ($375), a lamp in the shape of an open book ($190), a necklace of small rectangular mirrors creating an interesting 3D effect ($190), a porcelain vase that kind of looks like a crinkled paper bag ($120), a pair of candleholders that interlock without touching ($170), a serving tray that looks like the splash from a drop of water ($130), a clock that evokes an M.C. Escher "infinite staircase" optical illusion ($80), and a vase that exists in the shape of an outline ($65, which at this point sounds cheap). At the end of this gift guide I list some MoMA items that are somewhat more reasonably priced.

Second, I'm assuming you don't need help finding branded merchandise. I'm sure literally every combination of [Star Wars / LOTR / Game of Thrones / Star Trek / Hunger Games] and [coffee mug / beach towel / earrings / Christmas tree ornaments / shot glass / cufflinks] is available somewhere. It's not that these are bad gifts for the hardcore fan, it's that all you need to find them is to Google "Game of Thrones Christmas tree ornaments" and you'll find something. And occasionally you'll will find something in this "branded" category that jumps out as a pretty cool idea, like the TARDIS Tea Infuser or the Game of Thrones Dragonclaw Goblet or the light-up lightsaber chopsticks.

Third, I look mostly for novelty or decorative items that confound your senses or demonstrate some interesting scientific principle (or both), but that can still fit in to a semi-elegant environment without garishly calling attention to themselves. These color changing beads are kind of neat, but it would look weird having them lying around on top of a living room dresser along with a UV flashlight to demonstrate what they do. On the other hand, a Galileo thermometer can blend in pretty well the decorations on a mantlepiece.

The following are my current most-recommended gift ideas:

Custom Photomosaic

In this December 2013 post I described how to create a photomosaic (a patchwork of smaller pictures that, when viewed from a distance, take on the appearance of a larger picture) using two free (donation-supported) programs, one to download and save pictures en masse from a friend's Facebook profile, and the other to create the photomosaic using those photos. I still think they make amazing gifts, and the only cost is the cost of printing and framing it. You can even give the digital-only version as a gift that costs nothing at all, making a photomosaic from a friend's photos and sending it to them on the other side of the world, where they can print it themselves or use it as a desktop background. Everyone that I've given one of these to, has loved it.

Strandbeest kit

With this $35 kit, which I recommended as a Christmas gift last year, you can assemble a tabletop version of the legendary full-size Strandbeests, the eerily lifelike creatures created by Dutch artist Theo Jansen which walk across the beaches of Holland powered only by the wind. Assembly of the creature takes about 90 minutes, less if you make a family activity out of it and share the labor.

In the last year, a second model has been released, dubbed the "Rhinoceros Mini-Beest (technically, it was available a year ago, but the assembly instructions were only printed in Japanese; now it's available with English directions). I haven't assembled one of these myself yet, but it looks fine in the video.

There is also now a pre-assembled, motorized, remote-control version of the Strandbeest, although honestly, where's the fun in that? Part of the effect of the Strandbeest assembly kit is the feeling that you've breathed life into an inanimate object by putting it together from static parts. A remote-control toy that moves forwards and backwards on the ground is a little underwhelming when you can get an RC helicopter for the same price.

Levitron Revolution and Levitron Cherrywood

The Levitron Revolution ($70) consists of a circular magnetic disc that levitates about half an inch above an electrically powered square base, and can support up to a pound of weight on top of it while maintaining levitation. The Levitron Cherrywood ($35) consists of a top that has to be spun by hand, which levitates almost a full two inches above the cherrywood base containing an embedded magnet. As described in the first gift guide, the Levitron Cherrywood is more visually impressive because of the extra height of levitation, but the top almost always falls if you touch the top or move the base while the top is spinning. The Levitron Revolution only levitates the disc by half an inch, but you can embellish the appearance by placing other objects on top of it, like the pyrite crystal levitating in this video. (Also, the Levitron Revolution will continue levitating as long as power is supplied to it, making it a good decorative item; the Levitron Cherrywood has to be spun by hand and levitates for only about two minutes before air friction slows it down, so it works better as a toy or party activity.) Both of them take some practice to operate (the Levitron Cherrywood takes considerably more), but they're worth it.

Spare batteries for your friend's phone

I mentioned this in January 2013 as a life hack for smartphones and got pilloried for promoting what people called an "obvious" idea. But two years later, almost nobody that I know is carrying around fully charged extra batteries for their phones. It's easy, it works, and the spare batteries in my jacket pockets have gotten me out of a jam multiple times. If you know what type of phone your gift recipient uses, get them some extra batteries. (T-Mobile sent me extra batteries for my LG Optimus for free.)

The iPhone is the only phone I'm aware of that does not support this, because the battery is not meant to be removed or replaced by the user.

And yes, I know about the portable external battery products that can be used to charge a phone. These aren't as big or expensive as they used to be, but you still have to leave them plugged in to your phone while they're charging it, which is awkward if you're using your phone or carrying it in your pocket (compared to the 10 seconds it takes to swap out the battery).

Heat Wave car heater

This $40 device from Canadian company "Heat & Clean" sits on your dashboard and turns itself on at a pre-determined time, blowing hot air into the interior of the car for 20 minutes, all without starting the car. If all goes well, this means your car will be warm (or at least not as cold as it would have been) when you first get into it in the morning, and you don't have to wait several minutes for the air ventilation system to heat up. The Heat Wave is powered by the car's 12V charger, although Heat & Clean states that "has built-in circuitry to ensure that the health of the vehicle's battery is never compromised."

I can't vouch for the device's respect for your battery (the device unfortunately isn't sold on Amazon, which is usually where I go to find out if something does what it's supposed to), but I ordered one and verified that it works, then gave it to my aunt for her birthday. (If it kills her car, I will promptly make it up to her by taking it out of the gift guide.) Even though I tested the functionality, I didn't get the chance to see if the device actually helps much, because it's not cold enough yet here in Seattle to really feel the bite of the cold when you get into your car in the morning. (The other reason I personally won't get much benefit from this, is that I work from home and leave the house at a different time every day, so I never know in advance what time I'll be getting into my car the next morning.)

Most cars can be modified so they can be started remotely, so that they're warmed up by the time you go outside and get into them, but that modification usually costs a few hundred dollars. You might as well try the Heat Wave first to see if it does the job almost as well.

(To me, the obvious question is: Why not make a version of the Heat Wave that can be turned remotely, as well? For people like me who usually don't know the night before what time they'll be getting into their car the next day, but who often do know at least 20 minutes in advance, so they can turn it on remotely and start heating the car. The company does make a very different-looking product called the Heat Stick which can be activated remotely -- but at $300, that's more than it costs to add remote start to the actual car.)

It's Nuts 3D puzzle

Distributed by Grand Illusions in the UK, the It's Nuts 3D puzzle consists of a bolt and a pair of nuts threaded onto the bolt. As you can see in the video, when you rotate one nut, it moves in the direction that you'd expect, following the threading on the bolt -- but when you rotate the other nut the same way, it moves in the opposite direction. There are no hidden moving parts to make the illusion work, and you can unscrew both nuts right off of the bolt and examine them.

Having acquired one, I can say that the secret is a little bit easier to figure out when you're holding it in your hand and looking at it closely, than when you're watching the video. But it still makes a nice novelty conversation piece.

As a brain-tickler, this feels a bit overpriced at $40 - costing more than the aforementioned Levitron Cherrywood, which actually levitates. I bought It's Nuts mainly to fill out my collection off oddities since I already owned most of the other items in this list. Of course, unlike the Levitron, this takes no skill to operate (only a little bit of smarts to figure out the secret). I wouldn't foist the Levitron on my grandfather, but he would probably enjoy this one.

(Note that if you buy from the Grand Illusions website to ship to the United States, you'll pay the non-VAT rate -- but then you'll have to add about $14 in air mail shipping to the U.S. So you might want to combine this order with some other items from Grand Illusions -- search this article for "Grand Illusions" for the other recommended items, or browse their site and pick your own.)

Inverter Magnet

The Inverter Magnet, from Grand Illusions (also available from Amazon at a slightly higher price), consists of one disc magnet encased in rubber, which holds a second disc magnet in a permanent "force field" a few millimeters away when the two are slid across a table.

At $40, this might be more of a "collection filler-outer", since especially as a magnetic toy it compares unfavorably with the Levitron Cherrywood, which, to repeat, can actually fly. But again, the Inverter Magnet also takes no skill to operate.

Magna Nails

This nail polish (about $7 used on Amazon) forms a stripe pattern when you hold a magnet near your fingernail while the polish is trying. (There are many similar products on the market, searchable under "magnetic nail polish.") The appeal to young science geeks is that the iron filings in the nail polish align themselves along magnetic field lines in the vicinity of the magnet, forming the stripes.

I don't wear glittery nail polish (at least not as "Bennett Haselton"...), but I took one for the team to see if this works. It does. That's my thumb. (Apparently it looks better if you apply a "top coat" after the nail polish dries, but I didn't have any.) If you plan on testing it out before giving it as a gift, remember to pick up some nail polish remover to get it off.

A few things from MoMA that we can actually afford

• An appetizer serving dish complete with toothpick holder that looks like a porcupine ($28). This item probably has the highest price-to-cool-factor ratio of anything on this list, just barely within the limit of what I'd recommend, but it's elegant in addition to being funny, and the recipient would probably use it.
• A faux-wood cube clock ($38). This is interesting mostly for looking like a visual impossibility -- how can the digital numbers appear on the side of a block of wood, even fake wood? Unfortunately I think the photo is doctored, because this youtube video shows an undoctored shot of the cube clock, and you can easily see the un-illuminated LEDs on the side, which don't quite blend in with the wood. But it still makes for an elegant optical illusion.

Miscellaneous "Visual Puns"

• The ambiguous vase ($33) from Grand Illusions -- a real-life version of the Rubin vase optical illusion, where a vase suddenly takes on the appearance of two faces in profile.
• The glass water faucet ($50)
• The sliced grandfather clock ($36)
• Ulexite "television stones" ($10) - a rock that, when placed on a flat surface, will cause the markings on that surface to re-appear on the top face of the rock, due to the naturally occurring fiber optics in ulexite.

Of course, if you're now craving one of these items for yourself, order one and try it out before re-gifting, or set up an Amazon wish list in the last two weeks before Christmas. And remember to be good!

With the holidays coming up, Bennett Haselton has updated his geek-oriented gift guide for 2014. He says: Some of my favorite gifts to give are still the ones that were listed in several different previously written posts, while a few new cool gift ideas emerged in 2014. Here are all my current best recommendations, listed in one place. Read on for the list, or to share any suggestions of your own.

Most annual gift guides would only list new items. It would be considered a mortal sin of click-baiting to tell the reader, "Well, the coolest stuff we could tell you about, was stuff that we mentioned this time last year, so first and foremost we're just going to direct you to that."

Well, my job in writing a gift guide is not to dazzle people with "all new hottest gift item" recommendations, my job is to recommend the things that I think you would most enjoy giving and the recipient would most enjoy receiving, and the fact of the matter is that most of the gifts I would most highly recommend, were listed in different previously written articles. I'll provide that list in a second (with links back to the older articles describing them in more detail), but first some criteria for how I make the recommendations.

First, I'm assuming you want to go inexpensive. If you have unlimited cash, you don't need my help finding cool presents -- although for the record, the online store of New York's Museum of Modern Art has the best collection of things that incorporate "visual puns" that I really like, but which are usually overpriced for what the item does. (Check out this image of a set of nesting tables, for example -- which isn't even that much of a "neat idea", by their standards -- and try to guess how much they cost, before looking at the answer on the product page.) If you don't mind spending the money, they also sell a dandelion encased in acrylic ($375), a lamp in the shape of an open book ($190), a necklace of small rectangular mirrors creating an interesting 3D effect ($190), a porcelain vase that kind of looks like a crinkled paper bag ($120), a pair of candleholders that interlock without touching ($170), a serving tray that looks like the splash from a drop of water ($130), a clock that evokes an M.C. Escher "infinite staircase" optical illusion ($80), and a vase that exists in the shape of an outline ($65, which at this point sounds cheap). At the end of this gift guide I list some MoMA items that are somewhat more reasonably priced.

Second, I'm assuming you don't need help finding branded merchandise. I'm sure literally every combination of [Star Wars / LOTR / Game of Thrones / Star Trek / Hunger Games] and [coffee mug / beach towel / earrings / Christmas tree ornaments / shot glass / cufflinks] is available somewhere. It's not that these are bad gifts for the hardcore fan, it's that all you need to find them is to Google "Game of Thrones Christmas tree ornaments" and you'll find something. And occasionally you'll will find something in this "branded" category that jumps out as a pretty cool idea, like the TARDIS Tea Infuser or the Game of Thrones Dragonclaw Goblet or the light-up lightsaber chopsticks.

Third, I look mostly for novelty or decorative items that confound your senses or demonstrate some interesting scientific principle (or both), but that can still fit in to a semi-elegant environment without garishly calling attention to themselves. These color changing beads are kind of neat, but it would look weird having them lying around on top of a living room dresser along with a UV flashlight to demonstrate what they do. On the other hand, a Galileo thermometer can blend in pretty well the decorations on a mantlepiece.

The following are my current most-recommended gift ideas:

Custom Photomosaic

In this December 2013 post I described how to create a photomosaic (a patchwork of smaller pictures that, when viewed from a distance, take on the appearance of a larger picture) using two free (donation-supported) programs, one to download and save pictures en masse from a friend's Facebook profile, and the other to create the photomosaic using those photos. I still think they make amazing gifts, and the only cost is the cost of printing and framing it. You can even give the digital-only version as a gift that costs nothing at all, making a photomosaic from a friend's photos and sending it to them on the other side of the world, where they can print it themselves or use it as a desktop background. Everyone that I've given one of these to, has loved it.

Strandbeest kit

With this $35 kit, which I recommended as a Christmas gift last year, you can assemble a tabletop version of the legendary full-size Strandbeests, the eerily lifelike creatures created by Dutch artist Theo Jansen which walk across the beaches of Holland powered only by the wind. Assembly of the creature takes about 90 minutes, less if you make a family activity out of it and share the labor.

In the last year, a second model has been released, dubbed the "Rhinoceros Mini-Beest (technically, it was available a year ago, but the assembly instructions were only printed in Japanese; now it's available with English directions). I haven't assembled one of these myself yet, but it looks fine in the video.

There is also now a pre-assembled, motorized, remote-control version of the Strandbeest, although honestly, where's the fun in that? Part of the effect of the Strandbeest assembly kit is the feeling that you've breathed life into an inanimate object by putting it together from static parts. A remote-control toy that moves forwards and backwards on the ground is a little underwhelming when you can get an RC helicopter for the same price.

Levitron Revolution and Levitron Cherrywood

The Levitron Revolution ($70) consists of a circular magnetic disc that levitates about half an inch above an electrically powered square base, and can support up to a pound of weight on top of it while maintaining levitation. The Levitron Cherrywood ($35) consists of a top that has to be spun by hand, which levitates almost a full two inches above the cherrywood base containing an embedded magnet. As described in the first gift guide, the Levitron Cherrywood is more visually impressive because of the extra height of levitation, but the top almost always falls if you touch the top or move the base while the top is spinning. The Levitron Revolution only levitates the disc by half an inch, but you can embellish the appearance by placing other objects on top of it, like the pyrite crystal levitating in this video. (Also, the Levitron Revolution will continue levitating as long as power is supplied to it, making it a good decorative item; the Levitron Cherrywood has to be spun by hand and levitates for only about two minutes before air friction slows it down, so it works better as a toy or party activity.) Both of them take some practice to operate (the Levitron Cherrywood takes considerably more), but they're worth it.

Spare batteries for your friend's phone

I mentioned this in January 2013 as a life hack for smartphones and got pilloried for promoting what people called an "obvious" idea. But two years later, almost nobody that I know is carrying around fully charged extra batteries for their phones. It's easy, it works, and the spare batteries in my jacket pockets have gotten me out of a jam multiple times. If you know what type of phone your gift recipient uses, get them some extra batteries. (T-Mobile sent me extra batteries for my LG Optimus for free.)

The iPhone is the only phone I'm aware of that does not support this, because the battery is not meant to be removed or replaced by the user.

And yes, I know about the portable external battery products that can be used to charge a phone. These aren't as big or expensive as they used to be, but you still have to leave them plugged in to your phone while they're charging it, which is awkward if you're using your phone or carrying it in your pocket (compared to the 10 seconds it takes to swap out the battery).

Heat Wave car heater

This $40 device from Canadian company "Heat & Clean" sits on your dashboard and turns itself on at a pre-determined time, blowing hot air into the interior of the car for 20 minutes, all without starting the car. If all goes well, this means your car will be warm (or at least not as cold as it would have been) when you first get into it in the morning, and you don't have to wait several minutes for the air ventilation system to heat up. The Heat Wave is powered by the car's 12V charger, although Heat & Clean states that "has built-in circuitry to ensure that the health of the vehicle's battery is never compromised."

I can't vouch for the device's respect for your battery (the device unfortunately isn't sold on Amazon, which is usually where I go to find out if something does what it's supposed to), but I ordered one and verified that it works, then gave it to my aunt for her birthday. (If it kills her car, I will promptly make it up to her by taking it out of the gift guide.) Even though I tested the functionality, I didn't get the chance to see if the device actually helps much, because it's not cold enough yet here in Seattle to really feel the bite of the cold when you get into your car in the morning. (The other reason I personally won't get much benefit from this, is that I work from home and leave the house at a different time every day, so I never know in advance what time I'll be getting into my car the next morning.)

Most cars can be modified so they can be started remotely, so that they're warmed up by the time you go outside and get into them, but that modification usually costs a few hundred dollars. You might as well try the Heat Wave first to see if it does the job almost as well.

(To me, the obvious question is: Why not make a version of the Heat Wave that can be turned remotely, as well? For people like me who usually don't know the night before what time they'll be getting into their car the next day, but who often do know at least 20 minutes in advance, so they can turn it on remotely and start heating the car. The company does make a very different-looking product called the Heat Stick which can be activated remotely -- but at $300, that's more than it costs to add remote start to the actual car.)

It's Nuts 3D puzzle

Distributed by Grand Illusions in the UK, the It's Nuts 3D puzzle consists of a bolt and a pair of nuts threaded onto the bolt. As you can see in the video, when you rotate one nut, it moves in the direction that you'd expect, following the threading on the bolt -- but when you rotate the other nut the same way, it moves in the opposite direction. There are no hidden moving parts to make the illusion work, and you can unscrew both nuts right off of the bolt and examine them.

Having acquired one, I can say that the secret is a little bit easier to figure out when you're holding it in your hand and looking at it closely, than when you're watching the video. But it still makes a nice novelty conversation piece.

As a brain-tickler, this feels a bit overpriced at $40 - costing more than the aforementioned Levitron Cherrywood, which actually levitates. I bought It's Nuts mainly to fill out my collection off oddities since I already owned most of the other items in this list. Of course, unlike the Levitron, this takes no skill to operate (only a little bit of smarts to figure out the secret). I wouldn't foist the Levitron on my grandfather, but he would probably enjoy this one.

(Note that if you buy from the Grand Illusions website to ship to the United States, you'll pay the non-VAT rate -- but then you'll have to add about $14 in air mail shipping to the U.S. So you might want to combine this order with some other items from Grand Illusions -- search this article for "Grand Illusions" for the other recommended items, or browse their site and pick your own.)

Inverter Magnet

The Inverter Magnet, from Grand Illusions (also available from Amazon at a slightly higher price), consists of one disc magnet encased in rubber, which holds a second disc magnet in a permanent "force field" a few millimeters away when the two are slid across a table.

At $40, this might be more of a "collection filler-outer", since especially as a magnetic toy it compares unfavorably with the Levitron Cherrywood, which, to repeat, can actually fly. But again, the Inverter Magnet also takes no skill to operate.

Magna Nails

This nail polish (about $7 used on Amazon) forms a stripe pattern when you hold a magnet near your fingernail while the polish is trying. (There are many similar products on the market, searchable under "magnetic nail polish.") The appeal to young science geeks is that the iron filings in the nail polish align themselves along magnetic field lines in the vicinity of the magnet, forming the stripes.

I don't wear glittery nail polish (at least not as "Bennett Haselton"...), but I took one for the team to see if this works. It does. That's my thumb. (Apparently it looks better if you apply a "top coat" after the nail polish dries, but I didn't have any.) If you plan on testing it out before giving it as a gift, remember to pick up some nail polish remover to get it off.

A few things from MoMA that we can actually afford

• An appetizer serving dish complete with toothpick holder that looks like a porcupine ($28). This item probably has the highest price-to-cool-factor ratio of anything on this list, just barely within the limit of what I'd recommend, but it's elegant in addition to being funny, and the recipient would probably use it.
• A faux-wood cube clock ($38). This is interesting mostly for looking like a visual impossibility -- how can the digital numbers appear on the side of a block of wood, even fake wood? Unfortunately I think the photo is doctored, because this youtube video shows an undoctored shot of the cube clock, and you can easily see the un-illuminated LEDs on the side, which don't quite blend in with the wood. But it still makes for an elegant optical illusion.

Miscellaneous "Visual Puns"

• The ambiguous vase ($33) from Grand Illusions -- a real-life version of the Rubin vase optical illusion, where a vase suddenly takes on the appearance of two faces in profile.
• The glass water faucet ($50)
• The sliced grandfather clock ($36)
• Ulexite "television stones" ($10) - a rock that, when placed on a flat surface, will cause the markings on that surface to re-appear on the top face of the rock, due to the naturally occurring fiber optics in ulexite.

Of course, if you're now craving one of these items for yourself, order one and try it out before re-gifting, or set up an Amazon wish list in the last two weeks before Christmas. And remember to be good!

With the holidays coming up, Bennett Haselton has updated his geek-oriented gift guide for 2014. He says: Some of my favorite gifts to give are still the ones that were listed in several different previously written posts, while a few new cool gift ideas emerged in 2014. Here are all my current best recommendations, listed in one place. Read on for the list, or to share any suggestions of your own.

Most annual gift guides would only list new items. It would be considered a mortal sin of click-baiting to tell the reader, "Well, the coolest stuff we could tell you about, was stuff that we mentioned this time last year, so first and foremost we're just going to direct you to that."

Well, my job in writing a gift guide is not to dazzle people with "all new hottest gift item" recommendations, my job is to recommend the things that I think you would most enjoy giving and the recipient would most enjoy receiving, and the fact of the matter is that most of the gifts I would most highly recommend, were listed in different previously written articles. I'll provide that list in a second (with links back to the older articles describing them in more detail), but first some criteria for how I make the recommendations.

First, I'm assuming you want to go inexpensive. If you have unlimited cash, you don't need my help finding cool presents -- although for the record, the online store of New York's Museum of Modern Art has the best collection of things that incorporate "visual puns" that I really like, but which are usually overpriced for what the item does. (Check out this image of a set of nesting tables, for example -- which isn't even that much of a "neat idea", by their standards -- and try to guess how much they cost, before looking at the answer on the product page.) If you don't mind spending the money, they also sell a dandelion encased in acrylic ($375), a lamp in the shape of an open book ($190), a necklace of small rectangular mirrors creating an interesting 3D effect ($190), a porcelain vase that kind of looks like a crinkled paper bag ($120), a pair of candleholders that interlock without touching ($170), a serving tray that looks like the splash from a drop of water ($130), a clock that evokes an M.C. Escher "infinite staircase" optical illusion ($80), and a vase that exists in the shape of an outline ($65, which at this point sounds cheap). At the end of this gift guide I list some MoMA items that are somewhat more reasonably priced.

Second, I'm assuming you don't need help finding branded merchandise. I'm sure literally every combination of [Star Wars / LOTR / Game of Thrones / Star Trek / Hunger Games] and [coffee mug / beach towel / earrings / Christmas tree ornaments / shot glass / cufflinks] is available somewhere. It's not that these are bad gifts for the hardcore fan, it's that all you need to find them is to Google "Game of Thrones Christmas tree ornaments" and you'll find something. And occasionally you'll will find something in this "branded" category that jumps out as a pretty cool idea, like the TARDIS Tea Infuser or the Game of Thrones Dragonclaw Goblet or the light-up lightsaber chopsticks.

Third, I look mostly for novelty or decorative items that confound your senses or demonstrate some interesting scientific principle (or both), but that can still fit in to a semi-elegant environment without garishly calling attention to themselves. These color changing beads are kind of neat, but it would look weird having them lying around on top of a living room dresser along with a UV flashlight to demonstrate what they do. On the other hand, a Galileo thermometer can blend in pretty well the decorations on a mantlepiece.

The following are my current most-recommended gift ideas:

Custom Photomosaic

In this December 2013 post I described how to create a photomosaic (a patchwork of smaller pictures that, when viewed from a distance, take on the appearance of a larger picture) using two free (donation-supported) programs, one to download and save pictures en masse from a friend's Facebook profile, and the other to create the photomosaic using those photos. I still think they make amazing gifts, and the only cost is the cost of printing and framing it. You can even give the digital-only version as a gift that costs nothing at all, making a photomosaic from a friend's photos and sending it to them on the other side of the world, where they can print it themselves or use it as a desktop background. Everyone that I've given one of these to, has loved it.

Strandbeest kit

With this $35 kit, which I recommended as a Christmas gift last year, you can assemble a tabletop version of the legendary full-size Strandbeests, the eerily lifelike creatures created by Dutch artist Theo Jansen which walk across the beaches of Holland powered only by the wind. Assembly of the creature takes about 90 minutes, less if you make a family activity out of it and share the labor.

In the last year, a second model has been released, dubbed the "Rhinoceros Mini-Beest (technically, it was available a year ago, but the assembly instructions were only printed in Japanese; now it's available with English directions). I haven't assembled one of these myself yet, but it looks fine in the video.

There is also now a pre-assembled, motorized, remote-control version of the Strandbeest, although honestly, where's the fun in that? Part of the effect of the Strandbeest assembly kit is the feeling that you've breathed life into an inanimate object by putting it together from static parts. A remote-control toy that moves forwards and backwards on the ground is a little underwhelming when you can get an RC helicopter for the same price.

Levitron Revolution and Levitron Cherrywood

The Levitron Revolution ($70) consists of a circular magnetic disc that levitates about half an inch above an electrically powered square base, and can support up to a pound of weight on top of it while maintaining levitation. The Levitron Cherrywood ($35) consists of a top that has to be spun by hand, which levitates almost a full two inches above the cherrywood base containing an embedded magnet. As described in the first gift guide, the Levitron Cherrywood is more visually impressive because of the extra height of levitation, but the top almost always falls if you touch the top or move the base while the top is spinning. The Levitron Revolution only levitates the disc by half an inch, but you can embellish the appearance by placing other objects on top of it, like the pyrite crystal levitating in this video. (Also, the Levitron Revolution will continue levitating as long as power is supplied to it, making it a good decorative item; the Levitron Cherrywood has to be spun by hand and levitates for only about two minutes before air friction slows it down, so it works better as a toy or party activity.) Both of them take some practice to operate (the Levitron Cherrywood takes considerably more), but they're worth it.

Spare batteries for your friend's phone

I mentioned this in January 2013 as a life hack for smartphones and got pilloried for promoting what people called an "obvious" idea. But two years later, almost nobody that I know is carrying around fully charged extra batteries for their phones. It's easy, it works, and the spare batteries in my jacket pockets have gotten me out of a jam multiple times. If you know what type of phone your gift recipient uses, get them some extra batteries. (T-Mobile sent me extra batteries for my LG Optimus for free.)

The iPhone is the only phone I'm aware of that does not support this, because the battery is not meant to be removed or replaced by the user.

And yes, I know about the portable external battery products that can be used to charge a phone. These aren't as big or expensive as they used to be, but you still have to leave them plugged in to your phone while they're charging it, which is awkward if you're using your phone or carrying it in your pocket (compared to the 10 seconds it takes to swap out the battery).

Heat Wave car heater

This $40 device from Canadian company "Heat & Clean" sits on your dashboard and turns itself on at a pre-determined time, blowing hot air into the interior of the car for 20 minutes, all without starting the car. If all goes well, this means your car will be warm (or at least not as cold as it would have been) when you first get into it in the morning, and you don't have to wait several minutes for the air ventilation system to heat up. The Heat Wave is powered by the car's 12V charger, although Heat & Clean states that "has built-in circuitry to ensure that the health of the vehicle's battery is never compromised."

I can't vouch for the device's respect for your battery (the device unfortunately isn't sold on Amazon, which is usually where I go to find out if something does what it's supposed to), but I ordered one and verified that it works, then gave it to my aunt for her birthday. (If it kills her car, I will promptly make it up to her by taking it out of the gift guide.) Even though I tested the functionality, I didn't get the chance to see if the device actually helps much, because it's not cold enough yet here in Seattle to really feel the bite of the cold when you get into your car in the morning. (The other reason I personally won't get much benefit from this, is that I work from home and leave the house at a different time every day, so I never know in advance what time I'll be getting into my car the next morning.)

Most cars can be modified so they can be started remotely, so that they're warmed up by the time you go outside and get into them, but that modification usually costs a few hundred dollars. You might as well try the Heat Wave first to see if it does the job almost as well.

(To me, the obvious question is: Why not make a version of the Heat Wave that can be turned remotely, as well? For people like me who usually don't know the night before what time they'll be getting into their car the next day, but who often do know at least 20 minutes in advance, so they can turn it on remotely and start heating the car. The company does make a very different-looking product called the Heat Stick which can be activated remotely -- but at $300, that's more than it costs to add remote start to the actual car.)

It's Nuts 3D puzzle

Distributed by Grand Illusions in the UK, the It's Nuts 3D puzzle consists of a bolt and a pair of nuts threaded onto the bolt. As you can see in the video, when you rotate one nut, it moves in the direction that you'd expect, following the threading on the bolt -- but when you rotate the other nut the same way, it moves in the opposite direction. There are no hidden moving parts to make the illusion work, and you can unscrew both nuts right off of the bolt and examine them.

Having acquired one, I can say that the secret is a little bit easier to figure out when you're holding it in your hand and looking at it closely, than when you're watching the video. But it still makes a nice novelty conversation piece.

As a brain-tickler, this feels a bit overpriced at $40 - costing more than the aforementioned Levitron Cherrywood, which actually levitates. I bought It's Nuts mainly to fill out my collection off oddities since I already owned most of the other items in this list. Of course, unlike the Levitron, this takes no skill to operate (only a little bit of smarts to figure out the secret). I wouldn't foist the Levitron on my grandfather, but he would probably enjoy this one.

(Note that if you buy from the Grand Illusions website to ship to the United States, you'll pay the non-VAT rate -- but then you'll have to add about $14 in air mail shipping to the U.S. So you might want to combine this order with some other items from Grand Illusions -- search this article for "Grand Illusions" for the other recommended items, or browse their site and pick your own.)

Inverter Magnet

The Inverter Magnet, from Grand Illusions (also available from Amazon at a slightly higher price), consists of one disc magnet encased in rubber, which holds a second disc magnet in a permanent "force field" a few millimeters away when the two are slid across a table.

At $40, this might be more of a "collection filler-outer", since especially as a magnetic toy it compares unfavorably with the Levitron Cherrywood, which, to repeat, can actually fly. But again, the Inverter Magnet also takes no skill to operate.

Magna Nails

This nail polish (about $7 used on Amazon) forms a stripe pattern when you hold a magnet near your fingernail while the polish is trying. (There are many similar products on the market, searchable under "magnetic nail polish.") The appeal to young science geeks is that the iron filings in the nail polish align themselves along magnetic field lines in the vicinity of the magnet, forming the stripes.

I don't wear glittery nail polish (at least not as "Bennett Haselton"...), but I took one for the team to see if this works. It does. That's my thumb. (Apparently it looks better if you apply a "top coat" after the nail polish dries, but I didn't have any.) If you plan on testing it out before giving it as a gift, remember to pick up some nail polish remover to get it off.

A few things from MoMA that we can actually afford

• An appetizer serving dish complete with toothpick holder that looks like a porcupine ($28). This item probably has the highest price-to-cool-factor ratio of anything on this list, just barely within the limit of what I'd recommend, but it's elegant in addition to being funny, and the recipient would probably use it.
• A faux-wood cube clock ($38). This is interesting mostly for looking like a visual impossibility -- how can the digital numbers appear on the side of a block of wood, even fake wood? Unfortunately I think the photo is doctored, because this youtube video shows an undoctored shot of the cube clock, and you can easily see the un-illuminated LEDs on the side, which don't quite blend in with the wood. But it still makes for an elegant optical illusion.

Miscellaneous "Visual Puns"

• The ambiguous vase ($33) from Grand Illusions -- a real-life version of the Rubin vase optical illusion, where a vase suddenly takes on the appearance of two faces in profile.
• The glass water faucet ($50)
• The sliced grandfather clock ($36)
• Ulexite "television stones" ($10) - a rock that, when placed on a flat surface, will cause the markings on that surface to re-appear on the top face of the rock, due to the naturally occurring fiber optics in ulexite.

Of course, if you're now craving one of these items for yourself, order one and try it out before re-gifting, or set up an Amazon wish list in the last two weeks before Christmas. And remember to be good!

With the holidays coming up, Bennett Haselton has updated his geek-oriented gift guide for 2014. He says: Some of my favorite gifts to give are still the ones that were listed in several different previously written posts, while a few new cool gift ideas emerged in 2014. Here are all my current best recommendations, listed in one place. Read on for the list, or to share any suggestions of your own.

Most annual gift guides would only list new items. It would be considered a mortal sin of click-baiting to tell the reader, "Well, the coolest stuff we could tell you about, was stuff that we mentioned this time last year, so first and foremost we're just going to direct you to that."

Well, my job in writing a gift guide is not to dazzle people with "all new hottest gift item" recommendations, my job is to recommend the things that I think you would most enjoy giving and the recipient would most enjoy receiving, and the fact of the matter is that most of the gifts I would most highly recommend, were listed in different previously written articles. I'll provide that list in a second (with links back to the older articles describing them in more detail), but first some criteria for how I make the recommendations.

First, I'm assuming you want to go inexpensive. If you have unlimited cash, you don't need my help finding cool presents -- although for the record, the online store of New York's Museum of Modern Art has the best collection of things that incorporate "visual puns" that I really like, but which are usually overpriced for what the item does. (Check out this image of a set of nesting tables, for example -- which isn't even that much of a "neat idea", by their standards -- and try to guess how much they cost, before looking at the answer on the product page.) If you don't mind spending the money, they also sell a dandelion encased in acrylic ($375), a lamp in the shape of an open book ($190), a necklace of small rectangular mirrors creating an interesting 3D effect ($190), a porcelain vase that kind of looks like a crinkled paper bag ($120), a pair of candleholders that interlock without touching ($170), a serving tray that looks like the splash from a drop of water ($130), a clock that evokes an M.C. Escher "infinite staircase" optical illusion ($80), and a vase that exists in the shape of an outline ($65, which at this point sounds cheap). At the end of this gift guide I list some MoMA items that are somewhat more reasonably priced.

Second, I'm assuming you don't need help finding branded merchandise. I'm sure literally every combination of [Star Wars / LOTR / Game of Thrones / Star Trek / Hunger Games] and [coffee mug / beach towel / earrings / Christmas tree ornaments / shot glass / cufflinks] is available somewhere. It's not that these are bad gifts for the hardcore fan, it's that all you need to find them is to Google "Game of Thrones Christmas tree ornaments" and you'll find something. And occasionally you'll will find something in this "branded" category that jumps out as a pretty cool idea, like the TARDIS Tea Infuser or the Game of Thrones Dragonclaw Goblet or the light-up lightsaber chopsticks.

Third, I look mostly for novelty or decorative items that confound your senses or demonstrate some interesting scientific principle (or both), but that can still fit in to a semi-elegant environment without garishly calling attention to themselves. These color changing beads are kind of neat, but it would look weird having them lying around on top of a living room dresser along with a UV flashlight to demonstrate what they do. On the other hand, a Galileo thermometer can blend in pretty well the decorations on a mantlepiece.

The following are my current most-recommended gift ideas:

Custom Photomosaic

In this December 2013 post I described how to create a photomosaic (a patchwork of smaller pictures that, when viewed from a distance, take on the appearance of a larger picture) using two free (donation-supported) programs, one to download and save pictures en masse from a friend's Facebook profile, and the other to create the photomosaic using those photos. I still think they make amazing gifts, and the only cost is the cost of printing and framing it. You can even give the digital-only version as a gift that costs nothing at all, making a photomosaic from a friend's photos and sending it to them on the other side of the world, where they can print it themselves or use it as a desktop background. Everyone that I've given one of these to, has loved it.

Strandbeest kit

With this $35 kit, which I recommended as a Christmas gift last year, you can assemble a tabletop version of the legendary full-size Strandbeests, the eerily lifelike creatures created by Dutch artist Theo Jansen which walk across the beaches of Holland powered only by the wind. Assembly of the creature takes about 90 minutes, less if you make a family activity out of it and share the labor.

In the last year, a second model has been released, dubbed the "Rhinoceros Mini-Beest (technically, it was available a year ago, but the assembly instructions were only printed in Japanese; now it's available with English directions). I haven't assembled one of these myself yet, but it looks fine in the video.

There is also now a pre-assembled, motorized, remote-control version of the Strandbeest, although honestly, where's the fun in that? Part of the effect of the Strandbeest assembly kit is the feeling that you've breathed life into an inanimate object by putting it together from static parts. A remote-control toy that moves forwards and backwards on the ground is a little underwhelming when you can get an RC helicopter for the same price.

Levitron Revolution and Levitron Cherrywood

The Levitron Revolution ($70) consists of a circular magnetic disc that levitates about half an inch above an electrically powered square base, and can support up to a pound of weight on top of it while maintaining levitation. The Levitron Cherrywood ($35) consists of a top that has to be spun by hand, which levitates almost a full two inches above the cherrywood base containing an embedded magnet. As described in the first gift guide, the Levitron Cherrywood is more visually impressive because of the extra height of levitation, but the top almost always falls if you touch the top or move the base while the top is spinning. The Levitron Revolution only levitates the disc by half an inch, but you can embellish the appearance by placing other objects on top of it, like the pyrite crystal levitating in this video. (Also, the Levitron Revolution will continue levitating as long as power is supplied to it, making it a good decorative item; the Levitron Cherrywood has to be spun by hand and levitates for only about two minutes before air friction slows it down, so it works better as a toy or party activity.) Both of them take some practice to operate (the Levitron Cherrywood takes considerably more), but they're worth it.

Spare batteries for your friend's phone

I mentioned this in January 2013 as a life hack for smartphones and got pilloried for promoting what people called an "obvious" idea. But two years later, almost nobody that I know is carrying around fully charged extra batteries for their phones. It's easy, it works, and the spare batteries in my jacket pockets have gotten me out of a jam multiple times. If you know what type of phone your gift recipient uses, get them some extra batteries. (T-Mobile sent me extra batteries for my LG Optimus for free.)

The iPhone is the only phone I'm aware of that does not support this, because the battery is not meant to be removed or replaced by the user.

And yes, I know about the portable external battery products that can be used to charge a phone. These aren't as big or expensive as they used to be, but you still have to leave them plugged in to your phone while they're charging it, which is awkward if you're using your phone or carrying it in your pocket (compared to the 10 seconds it takes to swap out the battery).

Heat Wave car heater

This $40 device from Canadian company "Heat & Clean" sits on your dashboard and turns itself on at a pre-determined time, blowing hot air into the interior of the car for 20 minutes, all without starting the car. If all goes well, this means your car will be warm (or at least not as cold as it would have been) when you first get into it in the morning, and you don't have to wait several minutes for the air ventilation system to heat up. The Heat Wave is powered by the car's 12V charger, although Heat & Clean states that "has built-in circuitry to ensure that the health of the vehicle's battery is never compromised."

I can't vouch for the device's respect for your battery (the device unfortunately isn't sold on Amazon, which is usually where I go to find out if something does what it's supposed to), but I ordered one and verified that it works, then gave it to my aunt for her birthday. (If it kills her car, I will promptly make it up to her by taking it out of the gift guide.) Even though I tested the functionality, I didn't get the chance to see if the device actually helps much, because it's not cold enough yet here in Seattle to really feel the bite of the cold when you get into your car in the morning. (The other reason I personally won't get much benefit from this, is that I work from home and leave the house at a different time every day, so I never know in advance what time I'll be getting into my car the next morning.)

Most cars can be modified so they can be started remotely, so that they're warmed up by the time you go outside and get into them, but that modification usually costs a few hundred dollars. You might as well try the Heat Wave first to see if it does the job almost as well.

(To me, the obvious question is: Why not make a version of the Heat Wave that can be turned remotely, as well? For people like me who usually don't know the night before what time they'll be getting into their car the next day, but who often do know at least 20 minutes in advance, so they can turn it on remotely and start heating the car. The company does make a very different-looking product called the Heat Stick which can be activated remotely -- but at $300, that's more than it costs to add remote start to the actual car.)

It's Nuts 3D puzzle

Distributed by Grand Illusions in the UK, the It's Nuts 3D puzzle consists of a bolt and a pair of nuts threaded onto the bolt. As you can see in the video, when you rotate one nut, it moves in the direction that you'd expect, following the threading on the bolt -- but when you rotate the other nut the same way, it moves in the opposite direction. There are no hidden moving parts to make the illusion work, and you can unscrew both nuts right off of the bolt and examine them.

Having acquired one, I can say that the secret is a little bit easier to figure out when you're holding it in your hand and looking at it closely, than when you're watching the video. But it still makes a nice novelty conversation piece.

As a brain-tickler, this feels a bit overpriced at $40 - costing more than the aforementioned Levitron Cherrywood, which actually levitates. I bought It's Nuts mainly to fill out my collection off oddities since I already owned most of the other items in this list. Of course, unlike the Levitron, this takes no skill to operate (only a little bit of smarts to figure out the secret). I wouldn't foist the Levitron on my grandfather, but he would probably enjoy this one.

(Note that if you buy from the Grand Illusions website to ship to the United States, you'll pay the non-VAT rate -- but then you'll have to add about $14 in air mail shipping to the U.S. So you might want to combine this order with some other items from Grand Illusions -- search this article for "Grand Illusions" for the other recommended items, or browse their site and pick your own.)

Inverter Magnet

The Inverter Magnet, from Grand Illusions (also available from Amazon at a slightly higher price), consists of one disc magnet encased in rubber, which holds a second disc magnet in a permanent "force field" a few millimeters away when the two are slid across a table.

At $40, this might be more of a "collection filler-outer", since especially as a magnetic toy it compares unfavorably with the Levitron Cherrywood, which, to repeat, can actually fly. But again, the Inverter Magnet also takes no skill to operate.

Magna Nails

This nail polish (about $7 used on Amazon) forms a stripe pattern when you hold a magnet near your fingernail while the polish is trying. (There are many similar products on the market, searchable under "magnetic nail polish.") The appeal to young science geeks is that the iron filings in the nail polish align themselves along magnetic field lines in the vicinity of the magnet, forming the stripes.

I don't wear glittery nail polish (at least not as "Bennett Haselton"...), but I took one for the team to see if this works. It does. That's my thumb. (Apparently it looks better if you apply a "top coat" after the nail polish dries, but I didn't have any.) If you plan on testing it out before giving it as a gift, remember to pick up some nail polish remover to get it off.

A few things from MoMA that we can actually afford

• An appetizer serving dish complete with toothpick holder that looks like a porcupine ($28). This item probably has the highest price-to-cool-factor ratio of anything on this list, just barely within the limit of what I'd recommend, but it's elegant in addition to being funny, and the recipient would probably use it.
• A faux-wood cube clock ($38). This is interesting mostly for looking like a visual impossibility -- how can the digital numbers appear on the side of a block of wood, even fake wood? Unfortunately I think the photo is doctored, because this youtube video shows an undoctored shot of the cube clock, and you can easily see the un-illuminated LEDs on the side, which don't quite blend in with the wood. But it still makes for an elegant optical illusion.

Miscellaneous "Visual Puns"

• The ambiguous vase ($33) from Grand Illusions -- a real-life version of the Rubin vase optical illusion, where a vase suddenly takes on the appearance of two faces in profile.
• The glass water faucet ($50)
• The sliced grandfather clock ($36)
• Ulexite "television stones" ($10) - a rock that, when placed on a flat surface, will cause the markings on that surface to re-appear on the top face of the rock, due to the naturally occurring fiber optics in ulexite.

Of course, if you're now craving one of these items for yourself, order one and try it out before re-gifting, or set up an Amazon wish list in the last two weeks before Christmas. And remember to be good!

benrothke writes There are really two stories within Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door. The first is how Brian Krebs uncovered the Russian cybergangs that sent trillions of spam emails for years. As interesting and compelling as that part of the story is; the second storyline is much more surprising and fascinating. Brian Krebs is one of the premier cybersecurity journalists. From 1995 to 2009, he was a reporter for The Washington Post, where he covered Internet security, technology policy, cybercrime and privacy issues. When Krebs presented the Post with his story about the Russian spammers, rather than run with it, the Post lawyers got in the way and were terrified of being sued for libel by the Russians. Many of the stories Krebs ran took months to get approval and many were rejected. It was the extreme reticence by the Post to deal with the issue that ultimately led Krebs to leave the paper. Before Krebs wrote this interesting book and did his groundbreaking research, it was clear that there were bad guys abroad spamming American's with countless emails for pharmaceuticals which led to a global spam problem. Read below for the rest of Ben's review. Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door author Brian Krebs pages 256 publisher Sourcebooks rating 10/10 reviewer Ben Rothke ISBN 978-1402295614 summary Excellent expose on why cybercrime pays and what you can do about it Much of the story details the doings of two of the major Russian pharmacy spammer factions, Rx-Promotion and GlavMed. In uncovering the story, Krebs had the good fortune that there was significant animosity between Rx-Promotion and GlavMed, which lead to an internal employee leaking a huge amount of emails and documents. Krebs obtained this treasure trove which he used to get a deep look at every significant aspect of these spam organizations. Hackers loyal to the heads of Rx-Promotion and GlavMed leaked this information to law enforcement officials and Krebs in an attempt to sabotage each other.

Krebs writes that the databases offered an unvarnished look at the hidden but burgeoning demand for cheap prescription drugs; a demand that appears driven in large part by Americans seeking more affordable and discreetly available medications.

Like many, I had thought that much of the pharmaceutical spam it was simply an issue of clueless end-users clicking on spam and getting scammed. This is where the second storyline comes in. Krebs notes that the argument goes that if people simply stopped buying from sites advertised via the spam that floods our inboxes, the problem would for the most part go away. It's not that the spam is a technology issue; it's that the products fill an economic need and void.

Krebs shows that most people who buy from the spammers are not idiots, clueless or crazy. The majority of them are performing rational, if not potentially risky choices based on a number of legitimate motivations. Krebs lists 4 primary motivations as: price and affordability, confidentiality, convenience & recreation or dependence.

Most of the purchasers from the Russian spammers are based in the US, which has the highest prescription drug prices in the world. The price and affordability that the spammers offer is a tremendous lure to these US consumers, many of whom are uninsured or underinsured.

Krebs then addresses the obvious question that this begs: if the spammers are selling huge amounts of bogus pharmaceuticals to unsuspecting Americans, why doesn't the extremely powerful and well-to-do pharmaceutical industry do something about it. Krebs writes that the pharmaceutical industry is in fact keenly aware of the issue but scared to do anything about it. Should the reality be that the unauthorized pharmaceuticals are effective, then the pharmaceutical industry would be placed in a quandary. They have therefore decided to take a passive approach and do nothing.

The book quotes John Horton, founder and president of LegitScript, a verification and monitoring service for online pharmacies. Horton observed that only 1% of online pharmacies are legitimate. But worse than that, he believes that the single biggest reason neither the FDA nor the pharmaceutical industry has put much effort into testing, is that they are worried that such tests may show that the drugs being sold by many so-called rogue pharmacies are by and large chemically indistinguishable from those sold by approved pharmacies.

So while the Russian spammers may be annoying for many, they have found an economic incentive that is driving many people to become repeat customers.

As to the efficacy of these pharmaceuticals being shipped from India, Turkey and other countries, it would seem pretty straightforward to perform laboratory tests. Yet the university labs that could perform these tests have found their hands-tied. In order to test the pharmaceuticals, they would have to order them, which is likely an illegal act. Also, the vast amount of factories making these pharmaceuticals makes it difficult to get a consistent set of findings.

As to getting paid for the products, Krebs writes how the thing the spammers relied on most was the ability to process credit card payments. What they feared the most were chargebacks; which is when the merchant has to forcibly refund the customer. If the chargeback rate goes over a certain threshold, then the vendor is forced to pay higher fees to the credit card company or many find their merchant agreement cancelled. The spammers were therefore extremely receptive to customer complaints and would do anything to make a basic refund than a chargeback. This was yet another economic incentive that motivated the spammers.

As to the main storyline, the book does a great job of detailing how the spam operations worked and how powerful they became. The spammers became so powerful, that even with all the work firms like Blue Security Inc. did, and organizations such as Spamhaus tried to do, they were almost impossible to stop.

Krebs writes how spammers now have moved into new areas such as scareware and ransomware. The victims are told to pay the ransom by purchasing a prepaid debit card and then to send the attackers the card number to they can redeem it for cash.

The book concludes with Krebs's 3 Rules for Online Safety namely: if you didn't go looking for it, don't install it; if you installed it, update it and if you no longer need it, remove it.

The scammers and online attackers are inherent forces in the world of e-commerce and it's foolhardy to think any technology or regulation can make them go away. Spam Nation does a great job of telling an important aspect of the story, and what small things you can do to make a large difference, such that you won't fall victim to these scammers. At just under 250 pages, Spam Nation is a quick read and an important one at that.

Reviewed by Ben Rothke.

You can purchase Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications author Ivan Ristic pages 530 publisher Feisty Duck rating 10/10 reviewer Ben Rothke ISBN 978-1907117046 summary Tremendous guide on how to correctly deploy TLS by one of the top experts in the field Ristic is the author of the SSL Labs web site; a site dedicated to everything SSL, including extensive documents and tools.

One would think that it's impossible to write an interesting book about a security protocol. But for those who use SSL or just want to understand what it's all about, the book is not only quite practical, but a very interesting read.

The book provides a good balance of overview, protocol details, summary of vulnerabilities and weaknesses, and a large chunk of practical deployment guidance.

The first three chapters provide an excellent overview to SSL, TLS, PKI and cryptography. While chapter 2 may be a bit dry, the introduction is thorough and comprehensive.

Chapter 4 is particularly interesting in that the author notes that while the cryptography behind SSL and PKI is fundamentally secure, there is an inherent flaw in how PKI operates, in that any CA (certificate authority) is able to issue a certificate for any name without have to seek approval from the domain name owner. This trust dependency creates numerous attack vectors that can be exploited.

The chapter details a number of significant incidents that arose from this flaw, from the 2001 code signing certificate mistake; where Verisign mistakenly issued Class 3 code signing certificates to someone claiming to be a Microsoft employee, to the Flame malware, which was signed with a bogus certificate that was seemingly signed by Microsoft, to a number of other issues.

In chapter 5, the book details a number of HTTP and browser issues, and related TLS threats. Attacks such as sidejacking, cookie stealing, cookie manipulation and more are detailed.

The author wisely notes that cookies suffer from two main problems: that they were poorly designed to being with, allowing behavior that encourages security weaknesses, and that they are not in sync with the main security mechanisms browsers use today, namely same-origin policy (SOP).

The chapter also details a significant TLS weakness in that that certificate warnings generated often leaves the clueless user to make the correct decision on how to proceed.

Ristic writes that if you receive an alert about an invalid TLS certificate, the right thing to do is immediately abandon the connection attempt. But the browser won't do that. Browser vendors decided not to enforce TLS connection security; rather they push the problem down to the user in the form of a certificate warning.

The problem is that when a user gets a certificate warning error, they simply don't know what to do to determine how big of an issue it really is, and will invariably choose to override the warning, and proceed to the website.

The challenge the user face is that these certificate warning errors are pervasive. In 2010, Ristic scanned about 119 million domain names (.com, .net and .org) searching for TLS enables sites. He found that over 22 million or 19% of the sites hosted in roughly 2 million IP addresses. But only about 720,000 had certificates whose names matches the intended hostname.

The chapter also details that the biggest problem with security indicators, similar to the certificate warnings, is that most users don't pay attention to them and possible don't even notice them.

As valuable as the first half of the book is, its significance really comes alive starting in chapter 8 on deployment issues. The level of security TLS offers only works when it is deployed correctly, and the book details how to do that. Given that OpenSSL, which is the most widely used SSL/TLS library, is notorious for being poorly documented and difficult to use, the deployment challenges are a significant endeavor.

Another issue with TLS, is that it can create performance issues and chapter 9 provides a lot of insight on performance optimization. The author quotes research from Google that SSL/TLS on their email systems account for less than 1% of the CPU load, less than 10kb of memory per connection, and less than 2% of the network overheard. The author writes that his goal is to enable the reader to get as close as possible to Google's performance numbers.

SSL/TLS has a reputation for being slow, but that is more a remnant of years ago when CPU's were much slower. With better CPU's and the optimization techniques the book shows, there is no reason not to use TLS.

For those that want an initial look, the table of contents, preface, and chapter 1 are available here. Once you get a taste of what this book has to offer, you will want to read the entire book.

As noted earlier, OpenSSL is poorly documented. In Bulletproof SSL and TLS, Ivan Ristic has done the opposite: he has written the most readable and insightful book about SSL/TLS to date. TLS is not so difficult to deploy, but incredibly easy to deploy incorrectly. Anyone who is serious about ensuring that their SSL/TLS deployment is effective should certainly read this book.

Reviewed by Ben Rothke.

You can purchase Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes A word to describe the book Takedown: The Pursuit and Capture of Americas Most Wanted Computer Outlaw was hyperbole. While the general storyline from the 1996 book was accurate, filler was written that created the legend of Kevin Mitnick. This in turn makes the book a near work of historical fiction. Much has changed in nearly 20 years and Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon has certainly upped the ante for accurate computer security journalism. The book is a fascinating read and author Kim Zetters attention to detail and accuracy is superb. In the inside cover of the book, Kevin Mitnick describes this as an ambitious, comprehensive and engrossing book. The irony is not lost in that Mitnick was dogged by misrepresentations in Markoff's book. Keep reading for the rest of Ben's review. Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon author Author: Kim Zetter pages 448 publisher Crown rating 10/10 reviewer Ben Rothke ISBN 978-0770436179 summary Outstanding narrative about Stuxnet and how it was developed, quarantined and debugged For those that want to know the basics about Stuxnet, its Wikipedia entry will suffice. The book take a detailed look at how the Stuxnet worm of 2010 came to be, how it was written, discovered and deciphered, and what it means for the future and provides nearly everything known to date about Stuxnet.

The need to create Stuxnet was the understanding that a nuclear Iran was dangerous to the world. The book notes that it just wasn't the US and Israel that wanted a nuclear free Iran; Egypt and Saudi Arabia were highly concerned about the dangers a nuclear Iran would bring to the region.

What is eminently clear is that Iran chronically lied about their nuclear intentions and actions (chapter 17 notes that former United Kingdom Prime Minister Gordon Brown told the international community that they had to do something over Iran's serial deception of many years) and that the United Nations International Atomic Energy Agency (IAEA) is powerless to do anything, save for monitoring and writing reports.

Just last week, President Obama said a big gap remains in international nuclear negotiations with Iran and he questioned whether talks would succeed. He further said "are we going to be able to close this final gap so that (Iran) can reenter the international community, sanctions can be slowly reduced and we have verifiable, lock tight assurances that they cant develop a nuclear weapon, there's still a big gap. We may not be able to get there". It's that backdrop to which Stuxnet was written.

While some may debate if Stuxnet was indeed the worlds first digital weapon, it's undeniable that it is the first piece of known malware that could be considered a cyber-weapon. Stuxnet was unlike any other previous malware. Rather than just hijacking targeted computers or stealing information from them, it created physical destruction on centrifuges the software controlled.

At just over 400 pages, the book is a bit wordy at times, but Zetter does a wonderful job of keeping the book extremely readable and the narrative enthralling. Writing about debugging virus code, Siemens industrial programmable logic controllers (PLC) and Step7 software (which was what Stuxnet was attacking) could easily be mind-numbingly boring, save for Zetter's ability to make it a compelling read.

While a good part of the book details the research Symantec, Kaspersky Lab and others did to debug Stuxnet, the book doesn't have any software code, which makes it readable for the non-programmer. The book is technical and Zetter gets into the elementary details of how Stuxnet operated; from reverse engineering, digital certificates and certificate authorities, cryptographic hashing and much more. The non-technical reader certainly won't be overwhelmed, but at the same time might not be able to appreciate what went into designing and making Stuxnet work.

As noted earlier, the book is extremely well researched and all significant claims are referenced. The book is heavily footnoted, which makes the book much more readable than the use of endnotes. Aside from the minor error of mistakenly calling Kurt Gödel a cryptographer on page 295, he was a logician; Zetter's painstaking attention to detail is to be commended.

Whoever wrote Stuxnet counted on the Iranians not having the skills to uncover or decipher the malicious attacks on their own. But as Zetter writes, they also didn't anticipate the crowdsourced wisdom of the hive — courtesy of the global cybersecurity community that would handle the detection and analysis for them. That detection and analysis spanned continents and numerous countries.

The book concludes with chapter 19 — Digital Pandora — which departs from the details of Stuxnet and gets into the bigger picture of what cyber-warfare means and its intended and unintended consequences. There are no simple answers here and the stakes are huge.

The chapter quotes Marcus Ranum who is outspoken on the topic of cyber-warfare. At the 2014 MISTI Infosec World Conference, Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again. Be it the topic or Marcus just being Marcus, a third of the participants left within the first 15 minutes. But they should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic.

The book leaves two unresolved questions; who did it, and how did it get into the Nantanz enrichment facility. It is thought the US with some assistance from Israel created Stuxnet; but Zetter also writes that Germany and Great Britain may have done the work or at least provided assistance.

It's also unknown how Stuxnet got into the air-gapped facility. It was designed to spread via an infected USB flash drive. It's thought that since they couldn't get into the facility, what needed to be done was to infect computers belonging to a few outside firms that sold devices that would in turn be connected to the facility. The book identified a few of these companies, but it's still unclear if they were the ones, or the perpetrators somehow had someone on the inside.

As to zero day in the title, what was unique about Stuxnet is that it contained 5 zero day exploits. Zero day is also relevant in that Zetter describes the black and gray markets of firms that discover zero-day vulnerabilities who in turn sell them to law enforcement and intelligence agencies.

Creating Stuxnet was a huge challenge that took scores of programmers from a nation state many months to create. Writing a highly readable and engrossing book about the obscure software vulnerabilities that it exploited was also a challenge, albeit one that few authors could do efficaciously. In Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon, Kim Zetter has written one of the best computer security narratives; a book you will likely find quite hard to put down.

Reviewed by Ben Rothke.

You can purchase Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

An anonymous reader writes Amazon today quietly unveiled a new product dubbed Amazon Echo. The $200 device appears to be a voice-activated wireless speaker that can answer your questions, offer updates on what's going in the world, and of course play music. Echo is currently available for purchase via an invite-only system. If you have Amazon Prime, however, you can get it for $100. I've put in a request for one; hopefully we'll get a hands-on look at the Echo soon. It looks useful and interesting for random searches, and for controlling devices, but one small speaker (interesting driver arrangement notwithstanding) doesn't bode well for "fill[ing] any room with immersive sound," as Amazon's promo materials claim.

theodp (442580) writes Late to the table on disclosing workforce demographics, Amazon posted a diversity report to its website on Halloween, revealing that its global work force is 63% male and 37% female, while in the U.S., its work force is 60% white, 15% black, 13% Asian and 9% Hispanic. More lacking in granular detail than the less-than-transparent diversity data provided by its tech peers, Rainbow PUSH said Amazon's numbers were not as good as they appeared, and criticized the company for a lack of candor. "Their general work force data released by Amazon seems intentionally deceptive, as the company did not include the race or gender breakout of their technical work force," PUSH said in a statement. "The broad assumption is that a high percentage of their black and Latino employees work in their warehouses." Following the lead of other tech companies, Diversity at Amazon suggests the e-tailer's undisclosed-but-presumed lack of tech diversity could be blamed on "female students and students of color [who] are opting out of technology and engineering" as early as middle school and high school. Taking a page from Google's playbook, Amazon pointed to its involvement with the Anita Borg Institute, Code.org, Girls Who Code, and the National Center for Women & Information Technology as ways the company's addressing tech diversity deficiencies.

theodp writes With an 11.6" screen, Windows 8.1, and free Office 365 for a year, the $199.99 solid-state HP Stream 11 laptop is positioned to make people think twice about Chromebooks (add $30 for the HP Stream 13). But will it? "The HP Stream 11 is clearly both inexpensive and a great value," writes Paul Thurrott. "At just $200, it's cheap, of course. But it also features a solid-feeling construction, a bright and fun form factor, a surprisingly high-quality typing experience and a wonderful screen. This isn't a bargain bin throwaway. The Stream 11 is something special." The HP Stream Family also includes the HP Stream 7, a $99.99 Windows 8.1 Tablet that includes the Office 365 deal. By the way, at the other end of the price spectrum, HP has introduced the Sprout, which Fast Company calls a bold and weird PC that's bursting at the seams with new ideas, from 3-D scanning to augmented reality. (We mentioned the Sprout a few days ago, too; HP seems to be making some interesting moves lately, looks like they're getting on the smartwatch bandwagon, too.) If you're looking at the Stream as a cheap platform for OSes other than Windows, be cautious: one of the reviews at the Amazon page linked describes trouble getting recent Linux distributions to install.

theodp writes With an 11.6" screen, Windows 8.1, and free Office 365 for a year, the $199.99 solid-state HP Stream 11 laptop is positioned to make people think twice about Chromebooks (add $30 for the HP Stream 13). But will it? "The HP Stream 11 is clearly both inexpensive and a great value," writes Paul Thurrott. "At just $200, it's cheap, of course. But it also features a solid-feeling construction, a bright and fun form factor, a surprisingly high-quality typing experience and a wonderful screen. This isn't a bargain bin throwaway. The Stream 11 is something special." The HP Stream Family also includes the HP Stream 7, a $99.99 Windows 8.1 Tablet that includes the Office 365 deal. By the way, at the other end of the price spectrum, HP has introduced the Sprout, which Fast Company calls a bold and weird PC that's bursting at the seams with new ideas, from 3-D scanning to augmented reality. (We mentioned the Sprout a few days ago, too; HP seems to be making some interesting moves lately, looks like they're getting on the smartwatch bandwagon, too.) If you're looking at the Stream as a cheap platform for OSes other than Windows, be cautious: one of the reviews at the Amazon page linked describes trouble getting recent Linux distributions to install.

theodp writes With an 11.6" screen, Windows 8.1, and free Office 365 for a year, the $199.99 solid-state HP Stream 11 laptop is positioned to make people think twice about Chromebooks (add $30 for the HP Stream 13). But will it? "The HP Stream 11 is clearly both inexpensive and a great value," writes Paul Thurrott. "At just $200, it's cheap, of course. But it also features a solid-feeling construction, a bright and fun form factor, a surprisingly high-quality typing experience and a wonderful screen. This isn't a bargain bin throwaway. The Stream 11 is something special." The HP Stream Family also includes the HP Stream 7, a $99.99 Windows 8.1 Tablet that includes the Office 365 deal. By the way, at the other end of the price spectrum, HP has introduced the Sprout, which Fast Company calls a bold and weird PC that's bursting at the seams with new ideas, from 3-D scanning to augmented reality. (We mentioned the Sprout a few days ago, too; HP seems to be making some interesting moves lately, looks like they're getting on the smartwatch bandwagon, too.) If you're looking at the Stream as a cheap platform for OSes other than Windows, be cautious: one of the reviews at the Amazon page linked describes trouble getting recent Linux distributions to install.

benrothke writes It's hard to go a day without some sort of data about information security and risk. Research from firms like Gartner are accepted without question; even though they can get their results from untrusted and unvetted sources. The current panic around Ebola shows how people are ill-informed about risk. While stressing over Ebola, the media is oblivious to true public health threats like obesity, heart disease, drunk driving, diabetes, and the like. When it comes to information security, it's not that much better. With myriad statistics, surveys, data breach reports, and global analyses of the costs of data breaches, there is an overabundance of data, and an under abundance of meaningful data. In Measuring and Managing Information Risk: A FAIR Approach, authors Jack Freund and Jack Jones have written a magnificent book that will change the way (for the better) you think about and deal with IT risk. Keep reading for the rest of Ben's review. Measuring and Managing Information Risk: A FAIR Approach author Jack Freund and Jack Jones pages 408 publisher Butterworth-Heinemann rating 10/10 reviewer Ben Rothke ISBN 978-0124202313 summary Superb overview to the powerful FAIR risk management methodology The book details the factor analysis of information risk (FAIR) methodology, which is a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. An Open Group standard, FAIR is a methodology and a highly effective quantitative analysis tool.

The power of FAIR is immense: it enables the risk practitioner to make well-informed decisions based on meaningful measurements. While that seems obvious, in practicality, it is a challenging endeavor.

FAIR is invaluable in that it helps the risk professional understand the language that the corporate board and senior executives speak. Understanding that and communicating in their language can make it much easier for information security to be perceived as a valued asset, as opposed to using Chicken Little statistics.

FAIR takes the risk professional out of the realm of the dealing with risk via the checklist; which only serves to produce meaningless measurements, into the world of quantitative, defendable results.

For those that are looking for a tool to create pretty executive summary charts with lots of colors, FAIR will sorely disappoint them. For those that are looking for a method to understand how to calculate qualitative risk to support a formal enterprise risk management program, they won't find a better guide than this book.

The book is an incredibly good reference that will force you to look again at how you view risk management. Jones writes in the preface that the book is not about checklists and formulas, but about critical thinking. The authors note that information security and operational risk has operated for far too long as an art, with not enough science. This is the gap that FAIR attempts to fill.

The authors write that risk decision making quality boils down to the quality of information decision makers are operating from, and the decision makers themselves. The book does a remarkable job of showing how a person can become a much better decision maker.

A subtle but important point the book makes early on is that many risk professionals confuse risk possibilities with risk probabilities. The FAIR method forces you to focus on probabilities and not to obsess with Ebola like possibilities. Such a quantitative analysis approach is what makes FAIR so beneficial.

The book spends a few chapters on going through FAIR risk ontology and terminology. Inconsistent and poorly defined terminology is one of the most significant challenges the information security and operational risk profession faces. Having a consistent set of logical terms and definitions that make up the FAIR framework significantly improves the quality of risk relations communications within an organization.

The value of having a consistent set of logical terms and definitions is significant. For example, the book notes that many people use the term threat. In the context of risk analysis, it might not be a real threat if there is no resulting loss. In that case, it would be considered a vulnerability event.

The challenge of FAIR is acclimating to its dialect. But once done, it creates an extremely powerful methodology for risk communication and management. And therein lays its power. Setting up a common framework for risk management becomes and invaluable tool to present risk ideas. In addition, it makes the findings much more objective and defendable.

In chapter 5, the authors address the biggest objections to quantitative risk management that it can't be measured or is simply unknowable. They agree that risk can't be measured at the micro level, but it can be effectively measured to the degree to reduce management's uncertainly about risk. They also importantly note that risk is a forward-looking statement about what may or come to pass in the future. With that, perfect accuracy is impossible; but effective quantitative risk management is very possible.

The power of FAIR is that is helps add clarity to ambiguous risk situations by giving you the tools to add data points to a situation that is purported to be unknowable.

Chapter 8 is an extremely enlightening chapter in that it provides 11 risk analysis examples. The examples do a great job of reinforcing the key FAIR concepts and methods.

In chapter 10, the authors write that the hardest part of learning FAIR is having to overcome bad habits. For most people, FAIR represents a recalibration of your mental model about what risk is and how it works. The chapter deals with common mistakes and stumbling blocks when performing a FAIR analysis. The 5 high-level categories of mistakes the chapter notes are: checking results, scoping, data, variable confusion and vulnerability analysis.

FAIR is a powerful methodology that can revolutionize risk management. The challenge is that it takes a village to make such a change. Management may be reticent to invest in what is perceived as yet another risk management framework.

But once you start using the language of FAIR and validate your findings, astute management will likely catch on. Over time, FAIR can indeed be a risk management game changer.

The book is flawless in its execution and description of the subject. The only critique is that in that the author's should have been a bit more transparent in the text when (especially in chapter 8) mentioning the FAIR software, in that it is their firm that makes the software.

For those that are willing to put in the time to understanding FAIR, this book it will make their jobs much easier. It will help them earn the trust of senior management, and make them much better risk management professionals in the process.

Reviewed by Ben Rothke.

You can purchase Measuring and Managing Information Risk: A FAIR Approach from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know

An anonymous reader writes with this excerpt from VentureBeat: Google today announced it is beefing up its two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. The feature is available in Chrome: Instead of typing in a code, you can simply insert Security Key into your computer's USB port and tap it when prompted by Google's browser. "When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished," Google promises. While Security Key works with Google Accounts at no charge, you'll need to go out and buy a compatible USB device directly from a Universal 2nd Factor (U2F) participating vendor.