Slashdot Mirror

First time accepted submitter sobczakt writes We live in a world flooded by data and information and all realize that if we can't find what we're looking for (e.g. a specific document), there's no benefit from all these data stores. When your data sets become enormous or your systems need to process thousands of messages a second, you need to an environment that is efficient, tunable and ready for scaling. We all need well-designed search technology. A few days ago, a book called Scaling Apache Solr landed on my desk. The author, Hrishikesh Vijay Karambelkar, has written an extremely useful guide to one of the most popular open-source search platforms, Apache Solr. Solr is a full-text, standalone, Java search engine based on Lucene, another successful Apache project. For people working with Solr, like myself, this book should be on their Christmas shopping list. It's one of the best on this subject. Read below for the rest of sobczakt's review. Scaling Apache Solr author Hrishikesh Vijay Karambelkar pages 215 publisher Packt rating 9/10 reviewer sobczakt ISBN 978-1783981748 summary Get an introduction to the basics of Apache Solr in a step-by-step manner with lots of examples Karambelkar is an enterprise architect with a long history in both commercial products and open source technology. As he says, he currently spends most of his time solving problems for the software industry and developing the next generation of products.

The book is divided into 10 chapters. Basically, the first three are an introduction to Apache Solr and cover its architecture, features, configuration and setting up. Chapter One contains many practical cases of Apache Solr, to help beginners understand the topic.

Chapter Four is very interesting and describes a common pattern for enterprise search solutions. These patterns focus on data processing/integration and how to meet the requirements of users (interface, relevancy, general experience).

The rest of the book mainly refers to the central topic, that is distributing search queries and how to scale/optimize a system. The book discusses all Apache Solr concepts like replication, fault tolerance, sharding and illustrates them with helpful examples. The book precisely explains SolrCloud — a bundle of built-in distributed capabilities available from version 4.0.

Chapter 8, dedicated to optimization, drew my attention. It is full of useful tips concerning JVM parameters and manipulating data structures or caching layers as well.

Scaling Apache Solr covers both basic and advanced subjects. The information is well organized, clear and concise. Lots of examples and cases in this book can be absorbed by beginners. I was nicely surprised by the chapter describing integration possibilities. There's some great information about using Solr with Cassandra, MapReduce paradigm or R (programming language for computational statistics) although I would have preferred this subject to be covered in more detail. The book has two more advantages: first, it discusses designing an enterprise search system in general terms and second, it can be treated as an introduction to large volume data processing.

I believe I need to emphasize that many sections related to defining a schema, importing data, running SolrCloud or searching in near real time (NRT) are not just a raw documentation, they also have the author's well-judged advice and comments.

Unfortunately, I felt some of the more advanced topics were not described in enough detail. For example, index merging, documents relevance or using dynamic fields in data structure. Moreover, reading the book, I had a feeling that some parts do not fit the title, such as the section about clustering with Carrot2 or integration with PHP web portal.

I can say that I have read this book with pleasure and satisfaction, which in fact is rare regarding technology publications. For me, as a person who has been working with Solr since version 1.3, it was a great way to review and sort out some of its aspects. On the other hand, I'm pretty sure, that people starting their experience with Apache Solr will take a lot from this book. Although, it is mainly focused on advanced problems, it starts with the basics.

Despite some little imperfections I recommend this book, especially because it describes the concrete technology in an easy-to-read way and also refers to some general architectural patterns.

You can purchase Scaling Apache Solr from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes Most books about cloud computing are either extremely high-level quasi-marketing tomes about the myriad benefits of the cloud without any understanding of how to practically implement the technology under discussion. The other type of cloud books are highly technical references guides, that provide technical details, but for a limited audience. In Architecting the Cloud: Design Decisions for Cloud Computing Service Models, author Michael Kavis has written perhaps the most honest book about the cloud. Make no doubt about it; Kavis is a huge fan of the cloud. But more importantly, he knows what the limits of the cloud are, and how cloud computing is not a panacea. That type of candor makes this book an invaluable guide to anyone looking to understand how to effective deploy cloud technologies. Keep reading below for the rest of Ben's review. Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) author Michael Kavis pages 224 publisher Wiley rating 9/10 reviewer Ben Rothke ISBN 978-1118617618 summary Extremely honest and enlightening book on how to effectively use the cloud The book is an excellent balance of the almost boundless potential of cloud computing, mixed with a high amount of caution that the potential of the cloud can only be manifest with effective requirements and formal security architecture.

The full title of the book is: Architecting the Cloud: Design Decisions for Cloud Computing Service Models: SaaS, PaaS, and IaaS. One of the mistakes of using the cloud is that far too many decision makers rush in, without understanding the significant differences (and they are significant) between the 3 main cloud service models.

In chapter 1, he provides a number of enthusiastic cloud success stories to set the stage. He shows how a firm was able to build a solution entirely on the public cloud with a limited budget. He also showcases Netflix, whose infrastructure is built on Amazon Web Services (AWS).

Chapter 3 is titled cloud computing worst practices and the book would be worth purchasing for this chapter alone. The author has a number of cloud horror stories and shows the reader how they can avoid failure when moving to the cloud. While many cloud success stories showcase applications developed specifically for the cloud, the chapter details the significant challenges of migrating existing and legacy applications to the cloud. Such migrations are not easy endeavors, which he makes very clear.

In the chapter, Kavis details one of the biggest misguided perceptions of cloud computing, in that it will greatly reduce the cost of doing business. That is true for some cloud initiatives, but definitely not all, as some cloud marketing people may have you believe.

Perhaps the most important message of the chapter is that not every problem is one that needs to be solved by cloud computing. He cites a few examples where not going with a cloud solution was actually cheaper in the long run.

The book does a very good job of delineating the differences between the various types of cloud architectures and service models. He notes that one reason for leveraging IaaS over PaaS, is that when a PaaS provider has an outage, the customer can only wait for the provider to fix the issue and get the services back online. With IaaS, the customer can architect for failure and build redundant services across multiple physical or virtual data centers.

For many CIO's, the security fears of the cloud means that they will immediately write-off any consideration of cloud computing. In chapter 9, the author notes that almost any security regulation or standard can be met in the cloud. As none of the regulations and standard dictate where the data must specifically reside.

The book notes that for security to work in the cloud, firm's needs to apply 3 key strategies for managing security in cloud-based applications, namely centralization, standardization and automation.

In chapter 10, the book deals with creating a centralized logging strategy. Given that logging is a critical component of any cloud-based application; logging is one of the areas that many firms don't adequate address in their move to the cloud. The book provides a number of approaches to use to create an effective logging strategy.

The only issue I have with the book is that while the author is a big fan of Representational state transfer (REST), many firms have struggled to obtain the benefits he describes. RESTful is an abstraction of the architecture of the web; namely an architectural style consisting of a coordinated set of architectural constraints applied to components, connectors and data elements, within a distributed hypermedia system. REST ignores the details of component implementation and protocol syntax in order to focus on the roles of components, the constraints upon their interaction with other components, and their interpretation of significant data elements.

I think the author places too much reliance on RESTful web services and doesn't detail the challenges in making it work properly.RESTful is not always the right choice even though it is all the rage in some cloud design circle.

While the book is part of the Wiley CIO Series, cloud architects, software and security engineers, technical managers and anyone with an interest in the cloud will find this an extremely valuable resource.

Ironically, for those that are looking for ammunition why the cloud is a terrible idea, they will find plenty of evidence for it in the book. But the reasons are predominantly that those that have failed in the cloud, didn't know why they were there in the first place, or were clueless on how to use the cloud.

For those that want to do the cloud right, the book provides a vendor neutral approach and gives the reader an extremely strong foundation on which to build their cloud architecture.

The book lists the key challenges that you will face in the migration to the cloud, and details how most of those challenges can be overcome. The author is sincere when he notes areas where the cloud won't work.

For those that want an effective roadmap to get to the cloud, and one that provides essential information on the topic, Architecting the Cloud: Design Decisions for Cloud Computing Service Models is a book that will certainly meet their needs.

Reviewed by Ben Rothke.

You can purchase Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

New submitter GammaKitsune writes: "The Player's Handbook for the fifth edition of Dungeons and Dragons, formerly known as "D&D Next," released today to major bookstores and online retailers across the U.S. The Player's Handbook, which contains core rules for gameplay and character creation, is one of thee core rulebooks that developer Wizards of the Coast plans to release in 2014. The Monster Manual is scheduled to release in late September, and the Dungeon Master's Guide will release in mid November. Also out today is the first of two adventure modules in which players team up to battle against the dragon goddess Tiamat.

Fifth edition has a lot to prove following the highly-controversial fourth edition, the rise of competing roleplaying game Pathfinder, and two years of public playtesting. Initial reviews posted on Amazon appear overwhelmingly positive at the time of writing, but more skeptical gamers may wish to take a look at the free "Basic Rules" posted on the official D&D website. The basic rules contain all the bare essentials needed to create a character or run your own adventure, and will serve both as a free introduction for new players and as a holdover for long time players until the remaining two rulebooks are released.

benrothke writes Cyberwarfare is a controversial topic. At the 2014 Infosec World Conference, Marcus Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again. Whether it was the topic or just Marcus being Marcus, about a third of the participants left within the first 15 minutes. They should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic. In Introduction to Cyber-Warfare: A Multidisciplinary Approach, authors Paulo Shakarian, Jana Shakarian and Andrew Ruef provide an excellent overview of the topic. The book takes a holistic, or as they call it multidisciplinary, approach. It looks at the information security aspect of cyberwarfare, as well the military, sociological and other aspects. Keep reading for the rest of Ben's review. Introduction to Cyber-Warfare: A Multidisciplinary Approach author Paulo Shakarian, Jana Shakarian and Andrew Ruef pages 336 publisher Syngress rating 9/10 reviewer Ben Rothke ISBN 978-0124078147 summary Outstanding overview and guide to cyberwarfare The book is divided into 3 parts and 13 densely packed and extremely well-researched and footnoted chapters. The book provides numerous case studies of the largest cyberwarfare events to date. Issues around China and their use of cyberwarfare constitute a part of the book. Chapter 7 details the Chinese cyber strategy and shows how the Chinese cyber doctrine and mindset is radically different from that of those in the west.

The book compares the board games of chess (a Western game) and Go (a Chinese game) and how the outcomes and strategies of the games are manifest in each doctrine.

The chapter also shows how the Chinese government outlawed hacking, while at the same time the military identified the best and most talented hackers in China, and integrated them into Chinese security firms, consulting organizations, academia and the military.

One of the more fascinating case studies details the cyber war against the corporate world from China. The book provides a number of examples and details the methodologies they used, in addition to providing evidence of how the Chinese were involved.

For an adversary, one of the means of getting information is via social networks. This is often used in parallel by those launching some sort of cyberwarfare attack. LinkedIn is one of the favorite tools for such an effort. The authors write of the dangers of transitive trust; where user A trusts user B, and user B trusts user C. Via a transitive trust, user A will then trust user C based simply on the fact that user B does. This was most manifest in the Robin Sage exercise. This was where Thomas Ryan created a fictitious information security professional names Robin Sage. He used her fake identity and profile to make friends with others in the information security world, both commercial, federal and military and he was able to fool even seasoned security professionals. Joan Goodchild wrote a good overview of the experiment here.

In chapter 10, the book details how Iraqi insurgents viewed Predator drones video feeds. Woody Allen said that eighty percent of success is just showing up. In this case, all the insurgents had to do was download the feed, as it was being transmitted unencrypted. Very little cyberwarfare required.

When the drone was being designed, the designers used security by obscurity in their decision not to encrypt the video feed. They felt that since the Predator video feeds were being transmitted on frequencies that were not publicly known, no access control, encryption or other security mechanisms would be needed.

The downside is that once the precise frequency was determined by the insurgency, in the case of the Predator drone, the Ku-band, the use of the SkyGrabber satellite internet downloader made it possible for them to effortless view the video feeds.

The only negative about the book is a minor one. It has over 100 pictures and illustrations. Each one states: for the color version of this figure, the reader is referred to the online version of the book. Having that after every picture is a bit annoying. Also, the book never says where you can find the online version.

How good is this book? The reality is that this book should indeed be read by everyone in Washington, as they are making decisions on the topic, without truly understanding it.

For most readers, this will be the book that tells them everyone they need to know that their congressman should know. Most people will never be involved with any sort of warfare, and most corporate information security professional will not get involved with cyberwarfare. Nonetheless, Introduction to Cyber-Warfare: A Multidisciplinary Approach is a fascinating read about a most important subject.

Reviewed by Ben Rothke

You can purchase Introduction to Cyber-Warfare: A Multidisciplinary Approach from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available for review from our library please let us know.

An anonymous reader writes: Amazon has waged a constant battle with publishers over the price of ebooks. They've now publicly laid out their argument and the business math behind it. "We've quantified the price elasticity of e-books from repeated measurements across many titles. For every copy an e-book would sell at $14.99, it would sell 1.74 copies if priced at $9.99. So, for example, if customers would buy 100,000 copies of a particular e-book at $14.99, then customers would buy 174,000 copies of that same e-book at $9.99. Total revenue at $14.99 would be $1,499,000. Total revenue at $9.99 is $1,738,000." They argue that capping most ebooks at $9.99 would be better for everyone, with the money split out 35% to the author, 35% to the publisher, and 30% to Amazon.

Author John Scalzi says Amazon's reasoning and assumptions are a bit suspect. He disagrees that "books are interchangeable units of entertainment, each equally as salable as the next, and that pricing is the only thing consumers react to." Scalzi also points out that Amazon asserts itself as the only revenue stream for authors, which is not remotely true. "Amazon's assumptions don't include, for example, that publishers and authors might have a legitimate reason for not wanting the gulf between eBook and physical hardcover pricing to be so large that brick and mortar retailers suffer, narrowing the number of venues into which books can sell. Killing off Amazon's competitors is good for Amazon; there's rather less of an argument that it's good for anyone else."

An anonymous reader writes Promising "an appstore for the physical world," Amazon has just unveiled their new online market for products created using a 3-D printer. "Customization gives customers the power to remix their world," explains the co-founder of Mixee Labs (an Amazon partner), "and we want to change the way people shop online." Amazon's ability to sell you things before they've even been built is currently limited mostly to novelties like iPhone cases, jewelry, and bobbleheads that look like you. But this could be the beginning of mainstream 3D printing.

On June 29, 2014, Timothy started a Slashdot post with these words: 'Last week at Google I/O, the company introduced Cardboard, its cheap-and-cheerful (it's made of cardboard, after all) approach to nearly instant VR viewing.' Several commenters noted that Viewmaster has been doing something similar for over 70 years; that you can get a slicker 3-D adapter for your smartphone from Durovis, with the Vrizzmo VR Goggles and vrAse coming soon; and that you can buy an iPhone/iPod Touch-only 3-D viewer for about $8 (at the time this was typed), which is a whole lot less than the price of most third-party Cardboard kits that are getting ready to hit the market. || The Google person behind The Cardboard is VP Clay Bavor, whose day job is overseeing Google apps. Clay says you are welcome to make your own Cardboard from scratch instead of buying one (or a kit) from someone else, and of course you can write all the software for it you like. || You may (or may not) remember that Timothy ended that June 29 post about Cardboard with a promise that before long we'd have 'a video introduction to Cardboard with Google VP Clay Bavor.' So here it is, as promised. (Alternate Video Link)

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review. Data-Driven Security: Analysis, Visualization and Dashboards author Jay Jacobs and Bob Rudis pages 352 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118793725 summary Superb book for effective use of data for information security The book is meant for a serious reader who is willing to put in the time and effort to learn the programming necessary (mainly in Python and R) to truly understand what information exists deep in the recesses of their logs. As to R, it is a GNU project and a free software programming language and software environment for statistical computing and graphics. The R language is widely used among statisticians and data miners for developing statistical software and data analysis. For analysis the level of which Jacobs and Rudis prescribe, R is a godsend.

After completing the book, the reader will have the ability to know which questions to ask to gain security insights, and use that data to ensure the overall security of their data and networks. Getting to that level is not a trivial at all a trivial task; even if there are vendors who can promise to do that.

For many people performing data analysis, the dependable Excel spreadsheet is their basic choice for data manipulation. The book calls the spreadsheet a gateway tool between a text editor and programming. The book notes that spreadsheets work as long as the data is not too large or complex. The book quotes a 2013 report to shareholders from J.P. Morgan in which parts of their 2012 $6 billion in losses was due in part to problems with their Excel spreadsheets.

The authors suggest using Excel as a temporary solution for quick one-shot tasks. For those that have repeating analytical tasks or models that are used repeatedly, it's best to move to some type of structured programming language, specifically those that the book suggest and for provides significant amounts of code examples; all of which are available on the companion website here.

The goal of all data extraction is to use data analysis to answer real questions. A large part of the book focuses on how to ask the right question. In chapter 1, the authors write that every good data analysis project begins with setting a goal and creating one or more research questions. Without a well-formed question guiding the analysis, you may wasting time and energy seeking convenient answers in the data, or worse, you may end up answering a question that nobody was asking in the first place.

The value of the book is that it shows the reader how to focus on context and purpose of the data analysis by setting the research question appropriately; rather than simply parsing large amounts of data. It's ultimately irrelevant if you can use Hadoop to process petabytes of data if you don't know what you are looking for.

Visualization is a large part of what this book is about, and in chapter 6 — Visualizing Security Data, the book notes that the most efficient path to human understanding is via the visual sense. It goes on to details the many advantages data visualization has, and the key to making it work.

As important as visualization is, describing the data is equally important. In chapter 7, the book introduces the VERIS(Vocabulary for Event Recording and Incident Sharing) framework. VERIS is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS helps organizations collect useful incident-related information and to share that information, anonymously and responsibly with others.

The book shows how you can use dashboards for effective data visualization. But the authors warn that a dashboard is not an art show. They caution that given the graphical nature of dashboards, it's easy to fall into the trap of making them look like pieces of modern or fringe art; when they are far more akin to architectural and industrial diagrams that require more controlled, deliberate and constrained design.

As to dashboards the authors do not like, they consider the Cyber Security Situational Awarenessto be glitzy but not informative. Personally, I thought the dashboard has a lot of good information.

The book uses the definition of dashboard according to Stephen Few, in that it's a "visual display of the most important information needed to achieve one or more objectives that has been consolidated in a single computer screen so it can be monitored at a glance". The book enables the reader to create dashboards like that.

Data-Driven Security: Analysis, Visualization and Dashboards is a superb book written by two experts who provide significant amounts of valuable information in every chapter. For those that are willing to put the time and effort into the serious amount of work that the book requires, they will find it a vital resource that will certainly help them achieve much higher levels of security.

Reviewed by Ben Rothke.

You can purchase Data-Driven Security: Analysis, Visualization and Dashboards from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

The Skysense website says, 'Save time and manage your drone operations remotely: whenever the batteries run out, land on a Skysense Charging Pad and take off as soon as the batteries are recharged. Without ever leaving the office.' That certainly sounds convenient. Since it looks like everybody and her dog is jumping on the flying drone bandwagon, the next step is obviously charging the things without human intervention. We're talking about battery-powered ones, of course, like the multicopter drones that are starting to be used for things like pipeline inspection, mapmaking, and security alarm response. Sadly, using drones for beer delivery is currently against the law in the USA, as are the Burrito Bomber and the much-ballyhooed Amazon Prime Air drone delivery system. All this may change in the next few years as the FAA figures out how to regulate the many commercial drones that will inevitably be zipping through our skies, landing on pads to recharge themselves, and continuing their missions without human intervention. The next step in drone automation will probably be using driverless ground vehicles as drone launching and control stations. Shockingly, there aren't a dozen Kickstarter projects raising money to build automated ground support systems for automated flying drones already, but surely they'll show up before long. (Alternate Video Link)

Amazon has unveiled the Fire Phone. It runs a modified version of Android, and it will launch exclusively for AT&T's network. The screen is a 4.7" IPS LCD (they tested from 4.3" to 5.5", and decided 4.7" worked best for single-hand use), with an emphasis on brightness. It runs on a quad-core 2.2GHz processor with 2GB of RAM, and an Adreno 330 GPU. It has a rear-facing, 13-megapixel camera using an f/2.0 five-element lens with image stabilization. There's a dedicated physical button on the side of the phone that will turn it on and put it into camera mode when pressed. The phone comes with dual stereo speakers that produce virtual surround sound. Amazon wants the phone to be distinctive for its ability to provide video content, both from a hardware and software perspective.

The Fire Phone runs Mayday, Amazon's live tech support service for devices. They also demonstrated Firefly, software that recognizes physical objects using the phone's camera, as well as TV shows and songs it hears. It runs quickly, often identifying things in less than a second (and it pulls up an Amazon product listing, of course). It can even recognize art. Firefly has its own dedicated physical button on the phone, and Amazon is providing a Firefly SDK to third parties who want to develop with it. Another major feature of the Fire Phone is what Amazon calls "dynamic perspective." Using multiple front-facing cameras, the phone tracks the position of a user's head, and uses that to slightly adjust what's displayed on the screen so content is easier to see from the new angle. It allows for gesture control of the phone — for example, you can tilt the phone to scroll a web page or move your head slightly look around a 2-D stadium image when browsing for available seats. Putting your thumb on the screen acts like a mute button for the head tracking, so it isn't confused when you look up from the screen or turn your head to talk to somebody. It's an impressive piece of software, and they've made an SDK available for it.

Amazon has unveiled the Fire Phone. It runs a modified version of Android, and it will launch exclusively for AT&T's network. The screen is a 4.7" IPS LCD (they tested from 4.3" to 5.5", and decided 4.7" worked best for single-hand use), with an emphasis on brightness. It runs on a quad-core 2.2GHz processor with 2GB of RAM, and an Adreno 330 GPU. It has a rear-facing, 13-megapixel camera using an f/2.0 five-element lens with image stabilization. There's a dedicated physical button on the side of the phone that will turn it on and put it into camera mode when pressed. The phone comes with dual stereo speakers that produce virtual surround sound. Amazon wants the phone to be distinctive for its ability to provide video content, both from a hardware and software perspective.

The Fire Phone runs Mayday, Amazon's live tech support service for devices. They also demonstrated Firefly, software that recognizes physical objects using the phone's camera, as well as TV shows and songs it hears. It runs quickly, often identifying things in less than a second (and it pulls up an Amazon product listing, of course). It can even recognize art. Firefly has its own dedicated physical button on the phone, and Amazon is providing a Firefly SDK to third parties who want to develop with it. Another major feature of the Fire Phone is what Amazon calls "dynamic perspective." Using multiple front-facing cameras, the phone tracks the position of a user's head, and uses that to slightly adjust what's displayed on the screen so content is easier to see from the new angle. It allows for gesture control of the phone — for example, you can tilt the phone to scroll a web page or move your head slightly look around a 2-D stadium image when browsing for available seats. Putting your thumb on the screen acts like a mute button for the head tracking, so it isn't confused when you look up from the screen or turn your head to talk to somebody. It's an impressive piece of software, and they've made an SDK available for it.

Amazon has unveiled the Fire Phone. It runs a modified version of Android, and it will launch exclusively for AT&T's network. The screen is a 4.7" IPS LCD (they tested from 4.3" to 5.5", and decided 4.7" worked best for single-hand use), with an emphasis on brightness. It runs on a quad-core 2.2GHz processor with 2GB of RAM, and an Adreno 330 GPU. It has a rear-facing, 13-megapixel camera using an f/2.0 five-element lens with image stabilization. There's a dedicated physical button on the side of the phone that will turn it on and put it into camera mode when pressed. The phone comes with dual stereo speakers that produce virtual surround sound. Amazon wants the phone to be distinctive for its ability to provide video content, both from a hardware and software perspective.

The Fire Phone runs Mayday, Amazon's live tech support service for devices. They also demonstrated Firefly, software that recognizes physical objects using the phone's camera, as well as TV shows and songs it hears. It runs quickly, often identifying things in less than a second (and it pulls up an Amazon product listing, of course). It can even recognize art. Firefly has its own dedicated physical button on the phone, and Amazon is providing a Firefly SDK to third parties who want to develop with it. Another major feature of the Fire Phone is what Amazon calls "dynamic perspective." Using multiple front-facing cameras, the phone tracks the position of a user's head, and uses that to slightly adjust what's displayed on the screen so content is easier to see from the new angle. It allows for gesture control of the phone — for example, you can tilt the phone to scroll a web page or move your head slightly look around a 2-D stadium image when browsing for available seats. Putting your thumb on the screen acts like a mute button for the head tracking, so it isn't confused when you look up from the screen or turn your head to talk to somebody. It's an impressive piece of software, and they've made an SDK available for it.

benrothke (2577567) writes Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. Keep reading for the rest of Ben's review. Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity author J.J. Stapleton pages 355 publisher Auerbach Publications rating 8/10 reviewer Ben Rothke ISBN 978-1466592148 summary Great guide to enterprise authentication from an expert The premise of the author and the need for the book is that the traditional information security CIA triad (confidentiality, integrity, availability) has led to the situation where authentication has to a large part gotten short shrift. This is a significant issue since much of information security is built around the need for strong and effective authentication. Without effective authentication, networks and data are at direct risk for compromise.

The topic itself is not exactly compelling (that is, unless you like to read standards such as ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, ISO/IEC 9798-1:2010: Information technology — Security techniques — Entity authentication,etc.), so the book is more of a detailed technical reference. Those looking for a highly technical overview, interoperability guidance, and overall reference will find the book most rewarding.

For those who don't have a general background on the topic; it may be a book too deep and technical for those looking for something more in line of a CISSP preparation guide.

For those that want to know the deep underpinnings of how encryption algorithms work; they can simply read the RFC's and standards themselves. What the book brings to the table are details about how to effectively implement the standards and algorithms in the enterprise; be it in applications, policies; or the specific procedures to meet compliance and standards requirements. And that is where Stapleton's many decades of experience provide significant and inestimable value.

There are many reasons why authentication systems fail and many times it is due to interoperability issues. Stapleton details how to ensure to minimize those faults in order to achieve seamless authentication across multiple technologies and operating systems.

The 7 chapters cover a dense amount of information around the 3 core topics. The book is for the reader with a solid technical background. While it may be listed as an exploratory text, it is not like a For Dummies title.

As per its title, it covers confidentiality, authentication and integrity; in addition to other fundamental topics of non-repudiation, privacy and key management.

One of the ways Stapleton brings his broad experience to the book is in the many areas where he compares different types of cryptosystems, technologies and algorithms. This enables the reader to understand what the appropriate type of authentication is most beneficial for the specific requirement.

For example, in chapter 7, the book provides a really good comparison and summary of different cryptographic modules, including how they are linked to various standards from NIST, NSA, ANSI and ISO. It does the same for a comparison of cryptographic key strengths against various algorithms.

An interesting observation the book makes when discussing the DES encryption algorithm, is that all of the talk of the NSA placing backdoors in it are essentially false. To date, no known flaws have been found against DES, and that after being around for over 30 years, the only attack against DES is an exhaustive key attack. This type of attack is where an adversary has to try each of the possible 72 quadrillion key (256permutations – as the key is 56 bits long) until the right key is discovered.

That means that the backdoor rumors of the NSA shortening the length of the substitution ciphers (AKA s-boxes), was not to weaken it necessarily. Rather it was meant to block DES against specific types of cryptanalytic attacks.

While the book is tactical; the author does bring in one bit of trivia when he writes that the ISO, often known as the International Organization for Standardization, does not in truth realty stand for that. He notes that the organizations clearly states on its web page that because International Organization for Standardization would have different acronyms in different languages (IOS in English, OIN in French for Organization internationale de normalization, etc.); its founders decided to give it the short form ISO. ISO is derived from the Greek isos, meaning equal. Whatever the country, whatever the language, the short form of the name is always ISO.

While that is indeed ultimately a trivial issue, I have seen certification exams where they ask what that acronym stands for. Perhaps a lot of CISSP's need to have their credentials revoked.

While Stapleton modifies the CIA triad, the book is not one of a security curmudgeon, rather of a security doyen. For anyone looking for an authoritative text on how to fully implement cross-platform security and authentication across the enterprise, this is a valuable reference to get that job done.

Reviewed by Ben Rothke

You can purchase Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books are available from our review library please let us know.

An anonymous reader writes with an article at InfoWorld that points out that TrueCrypt may have melted down as a project, but hasn't disappeared altogether: Importing and exporting data from Amazon Simple Storage Service still requires TrueCrypt, two weeks after the encryption software was discontinued ... Amazon.com did not immediately respond to an inquiry seeking information on whether it plans to support other data encryption technologies for the AWS import/export feature aside from TrueCrypt in the future. Infrastructure can be complex to upgrade; how long is reasonable?

An anonymous reader writes with an article at InfoWorld that points out that TrueCrypt may have melted down as a project, but hasn't disappeared altogether: Importing and exporting data from Amazon Simple Storage Service still requires TrueCrypt, two weeks after the encryption software was discontinued ... Amazon.com did not immediately respond to an inquiry seeking information on whether it plans to support other data encryption technologies for the AWS import/export feature aside from TrueCrypt in the future. Infrastructure can be complex to upgrade; how long is reasonable?

New submitter fffdddooo (3692429) writes I know it's something that people used to ask every few years, but answers get old so quickly. I'm an electronics teacher, and I'm wondering if it's possible to find some oscilloscope (and why not spectrum analyser?) for recommending to my students, to be able to work at home. I'm thinking of something near $50-$70. Two or three years ago, I'm sure the answer was No, but nowadays? The same reader points out two options spotted on Amazon: one that's "very cheap but Khz" (it's also a kit that requires assembly), and another that aims to be capable of 20MHz, 2-channel operation. What's out there, he'd like to know, that's not junk?

New submitter fffdddooo (3692429) writes I know it's something that people used to ask every few years, but answers get old so quickly. I'm an electronics teacher, and I'm wondering if it's possible to find some oscilloscope (and why not spectrum analyser?) for recommending to my students, to be able to work at home. I'm thinking of something near $50-$70. Two or three years ago, I'm sure the answer was No, but nowadays? The same reader points out two options spotted on Amazon: one that's "very cheap but Khz" (it's also a kit that requires assembly), and another that aims to be capable of 20MHz, 2-channel operation. What's out there, he'd like to know, that's not junk?

tlhIngan (30335) writes "Last week we heard that Amazon was withdrawing Hachette books from its virtual shelves including allowing preorders of the new JK Rowling book. Amazon has responded to these allegations, and confirms that yes, they are purposefully preventing pre-orders and lowering stock in order to get a better deal from Hachette. Amazon recommends that in the meantime, customers either buy a used or new copy from their zShops or buy from a competitor. Amazon admits there is nothing wrong with Hachette's business dealings and that they are a generally good supplier." Here's Hachette's response to the Amazon statement.

benrothke (2577567) writes "The only negative thing to say about Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions is its title. A cursory look at it may lead the reader that this is a book for a script kiddie, when it is in fact a necessary read for anyone involved with payment systems. The book provides a wealth of information that is completely pragmatic and actionable. The problem is, as the book notes in many places, that one is constantly patching a system that is inherently flawed and broken." Keep reading for the rest of Ben's review. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions author Slava Gomzin pages 312 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118810118 summary Superb book on POS, PCI and payment security Often after a major information security breach incidents, a public official (always in front of cameras and with many serious looking people standing in the wings) will go on TV and say something akin to "we have to make sure this never happens again".

Last year, Target was the major victim. This month, it's eBay. But after hundreds of millions of records breached, it's not that anyone is saying it won't happen again. Rather, it's inevitable it will happen many more times.

There are a number of good books on PCI, but this is the first one that looks at the entire spectrum of credit card processing. Author Slava Gomzin is a security and payments technologist at HP and as evident in the book, he lives and breathes payment technology and his expert knowledge is manifest in every chapter. His technical expertise is certain to make the reader much better informed and understand the myriad issues involved.

The book provides an excellent overview to the workings of payment systems and Gomzin is not shy about showing how insecure many payment systems are. Its 9 chapters provide a good combination of deep technical and general detail.

The reader comes out with a very good overview of how payment systems work and what the various parts of it are. For many people, this may be the first time they are made aware of entities such as processors, acquirers and gateways.

An interesting point the book raises is that it has been observed there are less breaches in Europe since they use EMV (also known as chip and pin) instead of insecure magnetic-stripe cards which are used in the US. This leads to a perception that EMV is by default much stronger. But the book notes that EMV was never designed to secure the cardholder data after the point of sale. The recent breaches at Target and Neiman Marcus were such that cardholder data was pilfered after it was in the system.

Another major weakness with EMV is it doesn't provide added security to web and online transactions. When a customer goes to a site and makes a transaction with an EMV card, it is fundamentally the same as if they would have used a magnetic stripe card. What many people don't realize also is that EMV is not some new technology. It's been around for a while. What it did was reduce the amount of fraud for physical use amongst European merchants. But the unintended consequence was that it simply moved the fraud online, where EMV is powerless.

As noted, the book provides the details and vulnerabilities of every aspect of the life of a payment card, including physical security. In chapter 4, he notes that there are numerous features that are supposed to distinguish between a genuine payment card from a counterfeited one. These include logo, embossed primary account number (PAN), card verification values and ultraviolet (UV) marks. Each one of them has their own set of limits. For the supposed security of UV marks, these are relatively easily replicated by a regular inkjet printer with UV ink.

In fact, Gomzin writes that all payment cards as they are in use today are insecure by design due to the fact that there are multiple physical security features that don't provide adequate protection from theft, and that the sensitive cardholder data information is encoded on a magnetic strip in clear text.

Gomzin has numerous PCI certifications and with all that, doesn't see PCI as the boon to payment card security as many do. He astutely observes that PCI places a somewhat myopic approach that data at rest is all that matters. Given that PCI doesn't require payment software vendors or users to encrypt application configuration data, which is usually stored in plaintext and opened to uncontrolled modification; this can allow payment application to be compromised through misconfiguration.

Even with PCI, Gomzin shows that credit card numbers are rather predictable in that their number space is in truth rather small, even though they may be 15-19 digits in length. This is due to the fact that PCI allows the first 6 and last 4 digits to be exposed in plaintext, so it's only 6 digits that need to be guessed. This enables a relatively easy brute force attack, and even easier if rainbow tables are used.

The Target breach was attributed to memory scraping and the book notes that as devastating an attack memory scraping is, there are no existing reliable security mechanisms that would prevent memory scraping.

The appendix includes a POS vulnerability rank calculator which can provide a quick and dirty risk assessment of the POS and associated payments application and hardware. The 20 questions in the calculator can't replace a formal assessment. But the initial results would likely mimic what that formal assessment would enumerate.

So what will it take to fix the mess that POS and payment systems are in now? The book notes that the system has to be completely overhauled for POS security to truly work. He notes that point-to-point encryption is one of the best ways to do that. What is stopping that is the huge costs involved in redoing the payment infrastructure. But until then, breaches will be daily news.

Hacking Point of Sale is an invaluable resource that it highly relevant to a wide audience. Be it those in compliance, information security, development, research or in your payment security group. If you are involved with payment systems, this is a necessary book.

When an expert like Slava Gomzin writes, his words should be listened to. He knows that payment breaches are inevitable. But he also shows you how to potentially avoid that tidal wave of inevitability.

Reviewed by Ben Rothke."

You can purchase Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

First time accepted submitter ericnishio (3641743) writes "Extending Bootstrap is a concise, step by step manual that introduces some of the best practices on how to customize Twitter Bootstrap for your projects. As the title suggests, you will be learning how to extract the good parts of Bootstrap to create a fully customized package. But be advised: the book is not for beginners." Read below for ericnishio's review. Extending Bootstrap author Christoffer Niska pages 110 publisher Packt Publishing rating 8/10 reviewer ericnishio ISBN 1782168419 summary For an intermediate front-end developer or designer who wants to learn the secrets of Bootstrap As a frontend developer who has been working closely with Bootstrap for nearly three years, I would like to point out that the book is certainly not an entry-level guide for novice frontend developers. The preface clearly states this fact by mentioning that the book is intended for intermediate and advanced developers. You are expected to be acquainted with Bootstrap and its applications before delving further into the customization work. To fully appreciate the book, you should already have a solid grasp of CSS, LESS, JavaScript, jQuery, and HTML.

Extending Bootstrap is a fresh addition to the Bootstrap library. Rather than reiterating what other guides and books have said about Bootstrap, Extending Bootstrap distinctly offers an alternative perspective from a contributor's point of view. That is, you will not be told extensively what Bootstrap can be used for, or what kinds of element styles, components and jQuery plugins are available to you. Instead, you will learn how to take those parts, develop your own custom variations of them, and build a fully branded package for your frontend application, ultimately in the form of a unique Bootswatch theme.

Some of the things you will be walked through deal with how to use Bootstrap themes, handpick suitable Bootstrap components, resize the grid, alter Bootstrap variables with LESS, automatically compile LESS files into CSS with Node.js and Grunt, extend Bootstrap's jQuery plugins, and create your own Bootswatch theme. Each section is explored individually and you are also provided with alternative techniques along the way.

All of the techniques are covered one step at a time, but some parts may cause confusion if you have no previous experience with the tools. If you are unfamiliar with Grunt configurations (and although the tutorial does supply an example configuration that works out of the box) the section that deals with automated LESS compilation can be puzzling at first glance. But in case you are interested to know the nuts and bolts of a Gruntfile inside out, you will have to do some independent research on the side.

Overall, Extending Bootstrap adopts a very conversational and informal tone, which is positively welcome. You do not feel as if you were analyzing an academic treatise. The author speaks and delivers assistance directly to you. Christoffer Niska is a seasoned developer whom I have had the privilege of learning from and collaborating with, whose meticulous attention to precision and simplicity can be clearly observed in this manual as well. The book remains faithful to this minimalist methodology and does not try to cover anything that would not be relevant or useful in the context.

Despite its brevity, the book provides many practical code examples throughout the tutorials, supported by screenshots for visual representations of what is produced by the code. Although the examples are helpful for understanding the concepts, the lengthier blocks of code can become cumbersome to follow due to lack of highlighting on the important parts. The quality of the printed grayscale screenshots could also use some refinement.

If you choose to follow the book interactively—that is, reading while doing the exercises—you will need to have a Mac, Windows or Linux development environment in your employ. No other software licenses are required since you will be strictly utilizing open source tools, such as Node.js, Grunt, and Bootstrap itself.

To support and augment the concepts established in the book, Niska also provides a number of links to technical articles for further perusal. I encourage you to check the annotations and study the supporting material that is available for free.

What I would have wanted to read more about is the advised usages of Bootstrap variables and mixins in your LESS files, as opposed to explicitly using Bootstrap's stock classes in HTML. Following this method makes your stylesheets more semantic as well as portable since you are decoupling Bootstrap's CSS classes from your HTML and building your custom classes with the mixins provided by Bootstrap. You might argue that this is beyond the scope of the book, but I regard it as an important detail when bearing extensibility in mind.

To get a thorough picture of the contents of the book, I suggest you head over to the publisher's website for a complete table of contents as well as information on availability and purchasing. Extending Bootstrap is currently available as a printed book as well as an electronic download.

Eric Nishio is a frontend developer who also likes to blog about self-education on his blog Self-Learner.

You can purchase Extending Bootstrap from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke (2577567) writes "Neurologists and brain scientists are in agreement that in truth, we know very little about how the brain works. With that, in the just released second edition of Designing with the Mind in Mind, a Simple Guide to Understanding User Interface Design Guidelines, author Jeff Johnson provides a fascinating introduction on the fundamentals of perceptual and cognitive psychology for effective user interface (UI) design and creation." Keep reading for the rest of Ben's review. Designing with the Mind in Mind, a Simple Guide to Understanding User Interface Design Guidelines author Jeff Johnson pages 240 publisher Morgan Kaufmann rating 9/10 reviewer Ben Rothke ISBN 978-0124079144 summary Excellent reference on the integration of user interface design and the mind Johnson heads up a consulting firm that specialized in evaluating and designing UI and brings significant experience to every chapter. He writes that following user-interface design guidelines is not as straightforward as something like following a cooking recipe; even though people often compare the two. Design rules often describe goals rather than actions, as they are purposefully very general to make them broadly applicable. The downside to that is that it means that their exact meaning and applicability to specific design situations is open to interpretation.

With that, the book provides an exceptional foundation on how to ensure effective usability is successfully implemented. The book spends a long time detailing how users make decisions and choices.

What's really good about the book is that Johnson provides ample details about the topic, but doesn't reduce it to so just a set of rules or mind-numbing (and thusly unreadable) checklists. His synopsis of the topics provides the reader with a broad understanding of the topic and what they need to do in order to ensure effective UI design is executed.

While the focus in the book is heaving on general and cognitive psychology, the book is written for the reader who is a novice in the area, and stays quite practical, without getting in the vague theoretical areas.

The book provides scores of examples of how people relate to an interface, and how to design accordingly. One of many fascinating examples is when the author details the notion of attentional blink. After we see or hear something, either in real-life or on a monitor, for a very brief amount of time following the recognition, between .15 and .45 of a second; we are nearly deaf and blind to other visual stimuli, even though our eyes and ears stay functional. Researchers call this attentional blink and it is thought to be caused by the brain's perceptual and attentional mechanism being briefly fully occupied with processing the first recognition.

What this means for a UI designer is that attentional blink can cause the user to miss information or events if things appear in rapid succession. The book then goes on to describe techniques in which to create an effective UI to deal with the effects of attentional blink. And he does this for scores of other similar issues.

Another fascinating example is around visual hierarchy, which lets people focus on the relevant information. The book notes that one of the most important goals in arranging information presentations is to provide a visual hierarchy, an arrangement that breaks the information into distinct sections, labels each section prominently, and presents the sections and subsections as a hierarchy.

The book details the myriad areas which are crucial for an effective interface. Chapters 4 and 5 provide significant detail about the importance of color for effective visual representation.

As the title suggests, the book takes a deep approach to the neuroscience and psychology in UI design. Other chapters include topics on human vision, sound, task, cognition, memory and more.

As to memory, chapter details issues around the working memory of a user. He gives numerous examples of error boxes and help screens that work and are epic failures, and how to do it right. The classic example he provides is a 4-step Windows XP wireless error message. If the user were to follow the directions, the instructions would close after step 1.

Each chapter provides numerous implications of proper and improper design, and provides the needed recommendations. While the topics may sound dry, Johnson writes in an engaging and often humorous style.

The book clearly and empirically shows how effective UI design makes all the difference on how users interact with an application or web site. The book will certainly be an important reference to software designers, web designers, web application designers and those interested in HCI, and usability.

For the designers that can't understand why their users are frustrated, they can understand why here. For designers that really want to know what is going on in their users minds, one is hard pressed to find a better reference than this.

As the subtitle of the book is Simple Guide to Understanding User Interface Design Guidelines, the book is an invaluable resource for those serious about effective UI design.

Reviewed by Ben Rothke.

You can purchase Designing with the Mind in Mind, a Simple Guide to Understanding User Interface Design Guidelines from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael Ross (599789) writes "Web designers and developers nowadays are familiar with the critical decision they face each time before building an application intended for mobile devices: whether to target a particular device operating system (e.g., iOS) and create the app using the language dictated by the OS (e.g., Objective-C), or try to build an operating system-agnostic app that runs on any device equipped with a modern web browser (primarily using HTML5, CSS3, and JavaScript), or try to do a combination of both (using a library such as PhoneGap). The second option offers many advantages, and is the approach explored in the book Mobile HTML5, authored by Estelle Weyl, an experienced front-end developer." Keep reading for the rest of Michael's review. Mobile HTML5 author Estelle Weyl pages 480 publisher O'Reilly Media rating 8/10 reviewer Michael Ross ISBN 978-1449311414 summary An extensive tutorial and reference on HTML5 and CSS3 This title was published on 14 November 2013 under the ISBN 978-1449311414, by O'Reilly Media (who graciously provided me with a review copy). The book's material, spanning 480 pages, is grouped into 14 chapters and an appendix, as well as an introduction in which the author presents the advantages of web apps versus native apps, a brief history of both categories (focusing on iPhone development), and an even briefer overview of the HTML5 APIs that are covered in depth in the chapters that follow. Prospective readers may want to first check the publisher's website, where they will find the table of contents, book details, author biography, and a list of errata (only eight as of this writing). In addition, the example code used in the book is available on the author's site. Oddly, the introduction does not specify the requisite knowledge that readers should possess to get the most out of the book. However, a solid understanding of HTML, CSS, and JavaScript would be most helpful; but prior exposure to HTML5 and CSS3 is unneeded, as is any knowledge of any JavaScript libraries, because the author intentionally eschews them in her presentation.

The first chapter, titled "Setting the Stage to Learn Mobile HTML5, CSS3, and JavaScript APIs," continues the discussion begun in the Introduction — largely focusing on the development and testing tools used throughout the book and needed by the reader if he desires to replicate the work described in the narrative. The author's sharp words against IE 6 will be especially appreciated by those designers and developers who have lost countless hours — from both their work schedules and possibly their lifespans — as a result of the rage-inducing layout quirks and other flaws of that demonic browser. Some readers may be confused by the author's instructions for accessing the developer tools in Google Chrome (View > Developer > Developer Tools); with the traditional menu bar now gone, the steps would be the menu icon > Tools > Developer tools.

The next two chapters provide fast-paced coverage of the HTML5 syntax and the new elements and attributes introduced in this latest version of the standard. There are only a few minor blemishes: The author sometimes backtracks, repeating information noted earlier, but worded somewhat differently. For instance, in the second chapter, readers are presented with the syntax of an HTML element (page 25), which is repeated ten pages later. More noticeably, the reader is told six times that the "title" element is required. In the next chapter, the discussion of the "details" and "summary" elements is quite repetitive. Incidentally, on page 76, the author mentions that the "iframe" element has a new attribute, "srcdoc," whose values should not include double quotes, which should be escaped with the """ entity; more accurately, they should be replaced entirely with that entity. Lastly, the explanation of the "sandbox" attribute values is inadequate; readers will need to consult other sources to understand the full meaning of those allowed values. Nevertheless, HTML authors of all levels of experience should be able to benefit from these two chapters.

Forms are an essential component of any dynamic website, and are covered in great detail in the fourth chapter, which explicates the many new features introduced in HTML5, such as validation and error messaging, which significantly reduce the prior reliance upon JavaScript for such functionality. The author does a fine job of explaining these promising new improvements to form elements. The only weakness is, again, redundant explanations — for instance, in the first three sections: "Attributes of <input>," "<input> Types and Attributes," and "New Values for <input> Type." A glaring example is found on page 96, where the second reader tip is echoed in the paragraph that follows it. Screenshots are provided showing the specialized keyboards displayed on the leading handheld devices for the email, URL, phone, number, search, and datetime input types. The chapter concludes with a discussion of form field validation (including use of the validity state object) and the remaining form-related elements, both new and old.

The next two chapters focus on the APIs introduced with HTML5 that were relatively well-defined at the time the book was written, beginning with those that implement SVG, canvas, audio, and video functionality within a webpage, and concluding with application cache, local storage, SQL database storage, geolocation, Web workers, microdata, and ARIA. Most of the narrative should be clear to the reader, although one problem is that sometimes the example code does not reflect the recommendations in the text. For instance, on page 136, the author notes that SVG image accessibility can be enhanced by using the "aria-label" attribute, and that the height and width need not be specified in the "embed" and "object" elements — and yet the code presented does not adhere to these guidelines. Also, on page 175, the author refers to forking code, but the code in question is not forked to a different project or revision; rather, she means different code is executed depending upon the chosen HTML5 database.

Chapters 7 through 10 focus on CSS3, including its unique selectors, color values, units of measurement, box model properties, gradients, shadows, transitions, and animations. It all begins with a review of CSS basics, including media queries and best practices — which makes this book even more viable as a single source for learning HTML and CSS coding. Media queries are touched upon only briefly, because they are covered in depth in a later chapter. Readers will likely find interesting the discussion of maximizing website performance by balancing the number of HTTP requests, the use of embedded styles, and the use of local storage of previously-downloaded CSS and JavaScript files. Oddly, there is inconsistency in the formatting of the example CSS code — for instance, three different formats on a single page (205). Nonetheless, the explanations are for the most part quite clear, aside from the "p:first-of-type" (on page 215). The many snippets of example markup and CSS clearly illustrate how cascading works, and how one can avoid overuse of IDs (and any use of !"important"). The coverage of pseudo-classes and pseudo-elements is quite thorough, with plenty of examples.

The last four chapters employ many of the topics covered earlier and apply them to responsive web design (RWD). Chapter 11 demonstrates how to use CSS 2 and CSS3 capabilities for building websites and web apps that can work and appear as best as possible on device viewports of any size — including those that have yet to be implemented. The information is valuable, marred only by a lack of CSS code showing how the examples were created (e.g., on page 343), prior to discussing the allowed property names and values, and their shorthand notation. Readers learn how to utilize multiple columns, border images, flexbox, @supports, and responsive images. That last topic is arguably the most unresolved aspect of RWD images, and perhaps that is the reason why the author does not discuss the emerging "srcset" attribute and "picture" element for handling the challenge of serving images whose file sizes are optimal for the device's viewport and connection speed. The last three chapters discuss various design and performance considerations one should bear in mind when developing for mobile devices. Most of the initial narrative is at a high level, while the later chapters get into the details of screen sizes, hardware, testing, battery life, and latency. Incidentally, the "meta" element on page 386 was probably not intended to be struck out. The book concludes with an appendix devoted to CSS selectors and specificity.

As with most technical books of this length, this one contains numerous errata: "on ithe Phone" (page xiii), "Chapters Chapter" (xxii), "a[n] OOCSS" (xxv), "that [the] Sources" (12), "never[-]used" (42), "developers that" (44; should read "developers who"), "spammers last millennium" (47; we wish!), "When [the] favicon" (51), "favico.ico" (ditto), "at [the] site" (ditto), "so [it] has" (66), "on [the] same" (77), "<detail>" (80; should read "<details>"), "Barn[e]s" (80), "])){" (95; should read "]){"), "seperate" (101), "override [the] default appearance" (102), "rangUnderflow" (121), "form control[']s value" (121), "requiredlist" (124, 125), "an list" (124), "pros of cons" (146), "first from" (149; should read "first frame"), "when [the] game" (168), "function [is] initially" (169), and "via [a] banner" (179). At this point, roughly halfway through the book, I stopped recording errata.

Most of the writing is clear and straightforward. However, some of the phrasing is a bit confusing, e.g., "is in the last call" (page 101). Other phrasing may come across as too flippant, e.g., "Duh!" (page 48). Some terms are used much earlier than when explained, e.g., "shadow DOM" (page 100). A few terms are used that can have various meanings depending upon the context, but in this book their intended meanings are not defined and likely would not be obvious to the average reader. For example, in Chapter 3, several times the author refers to the "outline" of a (presumably HTML) document and a "node" that one might create, but does not explain what is meant by those terms in these cases.

Most books that use some sort of example project to illustrate the ideas being presented, will weave it into the narrative when appropriate and/or as much as possible. The example project for this book, CubeeDoo, is mentioned countless times, but apparently not explained in its entirety, nor is discussed the stitching together of the code snippets into a complete application. As a consequence, the example project adds less instructional value to the book than could be expected given the amount of space devoted to it. Arguably, it would have been better to either make full use of the project as a teaching resource, or use a simpler application if the first option would have been overwhelming, or simply exclude it altogether from the text and, optionally, post it online for readers who wish to examine the code on their own.

In terms of the layout and presentation of the text, this book, like so many other O'Reilly Media titles, oftentimes has too little space between adjacent words, making it more difficult to read the text at a rapid pace and to quickly locate individual words known to be present on any given page (such as words found in the index). In some cases, attribute names are chopped off midway and continued on the next line, but without the standard hyphen to indicate word continuation (e.g., "ac / cesskey" on page 30). The same is occasionally done for JavaScript method names (e.g., "se / tAttribute" on page 39). Admittedly, for keywords such as element names and attributes, as well as JavaScript names, adding any hyphen might be even more misleading, as some readers might erroneously conclude that the hyphen is part of the name when not broken over two lines.

The book's primary problem is the repetition of information, not just within each chapter, but oftentimes even on the same page. This is true not only within the main text, but also in the reader tips, which sometimes present new and useful information, but far too often repeat the information found in the paragraph preceding the tip — sometimes an almost-verbatim repeat of the paragraph's last sentence. This is not of great consequence, and may be helpful to readers who miss an important point the first time it is presented. Some of it may be unavoidable, given the overlap among the various topics. But it certainly does add to the (nontrivial) length of the book.

Regardless, these are not overly important flaws. Suffused with the author's honest writing style — as well as her obvious experience and enthusiasm — Mobile HTML5 is a substantial and instructive treatment of the primary new techniques for building mobile-ready websites and web apps.

Michael Ross is a freelance web developer and writer.

You can purchase Mobile HTML5 from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Obviously, the first performance enhancement you do on any computer you own is max out the RAM. RAM has gotten cheap, and adding more of it to almost any computer will make it faster without requiring any other modification (or any great skill). The next thing you need to do, says Larry O'Connor, the founder and CEO of Other World Computing (OWC), is move from a "platter" hard drive to a Solid State Drive (SSD). Larry's horse in this race is that his company sells SSDs, mostly for Macs. But he's a real evangelist about SSDs and computer mods in general, even if you buy them from NewEgg, Amazon or another vendor.

A big (vendor-neutral) thing Larry points out is that just because you have a Terabyte drive in your computer now doesn't mean you need a Terabyte SSD, which can easily cost $500. Rather, he says, all you need is a large enough SSD to contain your OS and software and whatever data you're working with at the moment, so you might be able to get by with a 120 GB SSD that costs well under $100. Clone your current main drive, stick in the new SSD, and if your need more storage, get another hard drive (or use your old one). Simple. Efficient. And a lot cheaper than buying a new computer, whether we're talking about home, business or even enterprise use. (Alternate video link.)

benrothke (2577567) writes "When it comes to documenting the history of cryptography, David Kahn is singularly one of the finest, if not the finest writers in that domain. For anyone with an interest in the topic, Kahn's works are read in detail and anticipated. His first book was written almost 50 years ago: The Codebreakers – The Story of Secret Writing; which was a comprehensive overview on the history of cryptography. Other titles of his include Seizing the Enigma: The Race to Break the German U-Boats Codes, 1939-1943. The Codebreakers was so good and so groundbreaking, that some in the US intelligence community wanted the book banned. They did not bear a grudge, as Kahn became an NSA scholar-in-residence in the mid 1990's. With such a pedigree, many were looking forward, including myself, to his latest book How I Discovered World War IIs Greatest Spy and Other Stories of Intelligence and Code. While the entire book is fascinating, it is somewhat disingenuous, in that there is no new material in it. Many of the articles are decades old, and some go back to the late 1970's. From the book description and cover, one would get the impression that this is an all new work. But it is not until ones reads the preface, that it is detailed that the book is simple an assemblage of collected articles." Keep reading for the rest of Ben's review. How I Discovered World War IIs Greatest Spy and Other Stories of Intelligence and Code author David Kahn pages 469 publisher Auerbach Publications rating 8/10 reviewer Ben Rothke ISBN 978-1466561991 summary Very good collection of a large number of excellent articles from David Kahn For those that are long-time fans of Kahn, there is nothing new in the book. For those that want a wide-ranging overview of intelligence, espionage and codebreaking, the book does provide that.

The book gets its title from a 2007 article in which Kahn tracked down whom he felt was the greatest spy of World War 2. That was none other than Hans-Thilo Schmidt, who sold information about the Enigma cipher machine to the French. That information made its way to Marian Rejewski of Poland, which lead to the ability of the Polish military to read many Enigma-enciphered communications.

An interesting question Kahn deals with is the old conspiracy theory that President Franklin Roosevelt and many in is administration knew about the impending attack on Pearl Harbor. He writes that the theory is flawed for numerous reasons. Kahn notes that the attack on Pearl Harbor succeeded because of Japan's total secrecy about the attack. Even the Japanese ambassador's in Washington, D.C., whose messages the US was reading were never told of the attack.

Chapter 4 from 1984 is particularly interesting which deals with how the US viewed Germany and Japan in 1941. Kahn writes that part of the reason the US did not anticipate a Japanese attack was due to racist attitudes. The book notes that many Americans viewed the Japanese as a bucktoothed and bespectacled nation.

Chapter 10 Why Germany's intelligence failed in World War II, is one of the most interesting chapters in the book. It is from Kahn's 1978 book Hitlers Spies: German Military Intelligence In World War II.

In the Allies vs. the Axis, the Allies were far from perfect. Battles at Norway, Arnhem and the Bulge were met with huge losses. But overall, the Allies enjoyed significant success in their intelligence, much of it due to their superiority in verbal intelligence because of their far better code-breaking. Kahn writes that the Germans in contrast, were glaringly inferior.

Kahn writes that there were five basic factors that led to the failure of the Germans, namely: unjustified arrogance, which caused them to lose touch with reality; aggression, which led to a neglect of intelligence; a power struggle within the officer corps, which made many generals hostile to intelligence; the authority structure of the Nazi state, which gravely impaired its intelligence, and anti-Semitism, which deprived German intelligence of many brains.

The Germans negative attitude towards intelligence went all the way back to World War I, when in 1914 the German Army was so certain of success that many units left their intelligence officers behind. Jump to 1941 and Hitler invaded Russia with no real intelligence preparation. This arrogance, which broke Germany's contact with reality, also prevented intelligence from seeking to resume that contact.

Other interesting stories in the book include how the US spied on the Vatican in WW2, the great spy capers between the US and Soviets, and more.

For those that want a broad overview of the recent history of cryptography, spying and military intelligence, How I Discovered World War IIs Greatest Spy and Other Stories of Intelligence and Code, is an enjoyable, albeit somewhat disjointed summary of the topic.

The best part of the book is its broad scope. With topics from Edward Bell and his Zimmermann Telegram memoranda, cryptology and the origins of spread spectrum, to Nothing Sacred: The Allied Solution of Vatican Codes in World War II and a historical theory of intelligence, the book provides a macro view of the subject. The down side is that this comes at the cost of the 30 chapters being from almost as many different books and articles, over the course of almost 40 years.

For those that are avid readers of David Kahn, of which there are many, this title will not be anything new. For those that have read some of Kahn's other works and are looking for more, How I Discovered World War IIs Greatest Spy will be an enjoyable read.

Reviewed by Ben Rothke.

You can purchase How I Discovered World War IIs Greatest Spy and Other Stories of Intelligence and Code from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Dishwasha (125561) writes "Just a few days ago I incidentally discovered a little known secret called free-to-air. Amazingly enough even in the depths of Slashdot, there appear to have been no postings or discussions about it. Just like over-the-air programming, there is free programming available via various satellite systems that only requires a one-time cost of getting a dish and receiver. Both Amazon and Ebay appear to have a plethora of hardware out there. I personally settled on the Geosatpro MicroHD system with a 90cm 26lbs light-weight dish (queue lots of comments about my describing 26 lbs as being light-weight) and I should be receiving that in just a few days. I'm curious, who else is using satellite FTA? What are your setups? Has anyone hacked on any of the DVR/PVR devices available? Besides greater access to international programming, what are your channel experiences?"

jsuda (822856) writes "Most of us know that making money is difficult and saving it is even harder, but understanding money is easy–it's just coins and folding certificates, a mere medium of exchange. That's wrong! according to Felix Martin, author of Money: The Unauthorized Biography. Not only is that understanding wrong but it's responsible (in large part) for the 2007 Great Recession and the pitiful 'recovery' from it as well as a number of previous financial and credit disasters." Keep reading for the rest of Jsuda's review. Money: the Unauthorized Biography author Felix Martin pages 336 publisher Knopf rating 8/10 reviewer jsuda ISBN 0307962431 summary A sweeping historical epic that traces the development and evolution of money Mr. Martin draws a comparison of the orthodox understanding of money as a mere medium of exchange as typified by material objects–coins, gold bars, measuring sticks, and the like and a different way of thinking about it--as a social accounting construction based on mutual trust. That way of thinking acts as a primary social organizing tool. As such, a monetary system is much more sophisticated than just a logical extension of primitive bartering systems. It is imbued with major political aspects which account, in part, for the differences between the haves and have-nots, the policies selected to address financial/economic busts, and the relationship of the state to the monetary/financial systems.

The differing understandings of money underlie even now the varied explanations by economists of the causes of the Great Recession and the varied reactions of political leaders to it. It is also relevant to the deliberate removal of the government from the monetary system in favor of an impersonal computer network, as in the digital coin system now developing.

The author is a professional economist, bond trader, and analyst with the George Soros Institute for Economic Thinking. The book is a very worthwhile look at the concept of money as a (implicit, at least) political and social determinant and is quite topical as alternative monetary systems (mostly digitalized) like Bit Coin and competitors are garnering much attention. While the book does not address those new developments, it's clear that the digitalized coin systems imply acceptance of the orthodox understanding of money as a commodity. Some of Martin's criticism of the limitations of the orthodox view seem to apply to these alternatives, as well.

Mr. Martin writes in a relatively accessible manner relating stories, mostly, about money in historical and global contexts. His approach reminds of Malcolm Gladwell's books which use elaborate historical stories to illustrate relatively complex topics. Gladwell writes better but, arguably, covers simpler issues. However, this book, too, is relatively simple. It is no treatise on money or systems; it doesn't cover every issue which relates to money and exchange; and it seems a bit thin on theory even on those topics it does focus on. The major topic is the nature of money–a medium of exchange or social/political organizing tool and that issue has been theorized differently for centuries.

Mr. Martin starts his critique of the orthodox view of money by explaining how the early Pacific island Yap culture relied upon the symbolism of large stones (known as "fei.") These stones were kept by individuals as value storage devices, even though they had few of the characteristics which typically would be present in money systems–tokens of some sort small enough to carry and to hide, a consistent look, ease of exchange, a readily determinable unit value, etc. None of that was relevant for the Yaps as they understood money as mere transferable obligations, commercial or otherwise, based on mutual trust. The bigger your stone, the more value you had to trade, even though no stones physically moved anywhere. The Yaps had a small community and violations of community trust were easily discouraged. The stones (including a large one on the bottom of the ocean) were only tangential to the much more relevant element of social trust.

Mr. Martin reviews a large handful of other historical situations involving credit collapses, bank runs, recessions, and big bank/governmental associations to make his main point that when money is rigidly understood merely as a commodity of exchange, bad things can happen to financial, credit, economic, and political systems, especially in difficult times. Take, for instance, the Irish potato famine of the mid-19th century where potential government/social aid to the jobless and hungry was stymied by creditor interests who valued the absolute sanctity of (bond and debt) contracts even at the consequences of millions of deaths. As they saw it, those victims were either responsible for their own problems or just losers in a competitive economy. Some economic thinkers at that time believed that those awful consequences were just part of the natural order and represented (unfortunately for the victims) unavoidable consequences of "good" finance.

While Mr. Martin doesn't address it much, most of the little people in America and elsewhere were also victims of the absolute sanctity of debt contracts. They lost jobs, homes, pensions, and savings in the Great Recession while big bondholders who legally had assumed investment risks lost nothing. Their debt contracts were inviolate. (The personal and social contracts of the little people naturally were worth nothing.)

Some of the major policy implications of money deal with: 1) inflation and deflation where a political decision is implied involving the contrary interests of creditors and debtors: 2) social responses to credit collapses and the role (if any) of government in moderating them; 3) who or what entities are or should be guarantors of trustworthiness (i. e., big banks? government? a computer network? 4) the role of formal contract law versus the principle of the good social good, and more. These are not mere abstract matters of formal theory but highly consequential matters of life and death (as the Irish potato farmers and lots of little people have found out.)

The author spends a lot of time explaining how trust works--in small organizations and communities, nations, and in globalized financial systems. At the top of the trust ladder (even for the most libertarian types) is the sovereign, i. e., government. There are important reasons why governments are generally lenders of last resort, stabilize financial and economic systems, and ultimately, the only potential savior for citizens from total economic collapse (as in the Great Recession.) There are various alternatives for the governmental role, none of which please everyone.

Hence, the political dimension of the money-social relationship. Mr. Martin comes down hard in favor of the flexible, social understanding of money. He praises John Maynard Keynes, Walter Bagehot, and even Salon, of centuries ago for their insights. He blames the great liberal philosopher, John Locke, of all people, for having a decidedly ill-liberal and ill-formed understanding of money. Lock was an orthodox monetarist and helped justify the philosophy which is still prominent. Each of the two philosophical approaches discussed here offer both liberal and conservative themes though rarely opposed as such.

That raises one major objection to Martin's thesis that orthodox monetary theory is wrong. He wants to substitute the social tool concept for it, but it seems pretty obvious that both frames of reference have their utility and truth. It's not easy to discredit respect for contract rights. On the other hand, it's hard to accept the starvation of millions of people to maintain them fully intact.

Nearly all such fundamental frames have their truths, even if inconsistent with the other. The better philosophical view is that we are guided (or not) by multiple, logically inconsistent frames. That is a philosophical point which he doesn't address well enough. He does concede that the orthodox theory mostly works well when times are good (but breaks down horribly when circumstances are bad.) This seems to imply a need for high-level judgment somewhere in the system, e. g., democratic political processes, a conclusion which tends to support his position.

He offers a couple of not very well-explained alternative monetary systems designed to remedy the faults of the orthodox approach while maintaining its virtues. He ends the book by suggesting that even if his thesis is correct, that getting the rest of the world to accept it is difficult–most people have rigid orthodox views, fiercely held. He lamely suggests without any elaboration that the power is within each of us to change those views. That would seem to require another book.

There is a lot of good meat, so to speak, to chew on in this book.

You can purchase Money: The Unauthorized Biography from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

destinyland writes "Wednesday the geeky cartoonist behind XKCD announced that he'd publish a new book answering hypothetical science questions in September. And within 24 hours, his as-yet-unpublished work had become Amazon's #2 best-selling book. 'Ironically, this book is titled What If?,' jokes one blogger, noting it resembles an XKCD comic where 'In our yet-to-happen future, this book decides to travel backwards through time, stopping off in March of 2014 to inform Amazon's best-seller list that yes, in our coming timeline this book will be widely read...' Randall Munroe's new book will be collecting his favorite 'What If...' questions, but will also contain his never-before published answers to some questions that he'd found 'particularly neat.'"

An anonymous reader writes with official news that, as expected, "Amazon officially announced that it is increasing Prime Membership fees from $79 to $99. Amazon Students will pay $49, and participants of Amazon Fresh (the grocery shopping service) will continue to have a $299 fee. The price hike in Prime Membership is attributed to rising shipping costs, but some wonder if the 'real question around Prime is whether it's sustainable at all, even at a higher price.'"

benrothke writes "When it comes to measuring and communicating threats, perhaps the most ineffective example in recent memory was the Homeland Security Advisory System; which was a color-coded terrorism threat advisory scale. The system was rushed into use and its output of colors was not clear or intuitive. What exactly was the difference between levels such as high, guarded and elevated? From a threat perspective, which color was more severe — yellow or orange? Former DHS chairman Janet Napolitano even admitted that the color-coded system presented 'little practical information' to the public. While the DHS has never really provided meaningful threat levels, in Threat Modeling: Designing for Security, author Adam Shostack has done a remarkable job in detailing an approach that is both achievable and functional. More importantly, he details a system where organizations can obtain meaningful and actionable information, rather than vague color charts." Read below for the rest of Ben's review. Threat Modeling: Designing for Security author Adam Shostack pages 624 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118809990 summary Invaluable guide to create a formal threat modeling program Rather than letting clueless Washington bureaucrats define threats, the book details a formal system in which you can understand and particularize the unique threats your organizations faces.

In the introduction, Shostack sums up his approach in four questions:
1. What are you building?
2. What can go wrong with it once it's built?
3. What should you do about those things that can go wrong?
4. Did you do a decent job of analysis?

The remaining 600 densely packed pages provide the formal framework needed to get meaningful answers to those questions. The book sets a structure in which to model threats, be it in software, applications, systems, software or services, such as cloud computing.

While the term threat modeling may seem overly complex, the book notes that anyone can learn to threat model. Threat modeling is simply using models to find security problems. The book notes that using a model means abstracting away a lot of the details to provide a look at the bigger picture, rather than the specific item, or piece of software code.

An important point the book makes is that there is more than one way to model threats. People often place too much emphasis on the specifics of how to model, rather than focusing on what provides them the most benefit. Ultimately, the best model for your organization is the one that helps you determine what the main threats are. Finally, the point is not just to find the threats; the key is to address them and fix them.

The beauty of the book is that it focuses on gaining empirical data around threats for your organization. Rather than simply taking an approach based on Gartner, USA Today or industry best practices.

While the author states a few times that threat modeling is not necessarily a complex endeavor, it nonetheless does take time. He writes that threat modeling requires involvement from many players from different departments in an organization to provide meaningful input. Without broad input, the threat model will be lacking, and the output will be incomplete.

For those organizations that are willing to put the time and effort into threat modeling, the benefits will be remarkable. At the outset, they will have confidence that they understand the threats their organization is facing, likely spend less on hardware and software, and will be better protected.

Chapter 18 quotes programmer Henry Spencer who observed that "those who do not understand Unix are condemned to reinvent it, poorly". Shostack writes that the same applies to threat modeling. The point he is making is that there are ways to fail at threat modeling. The first is simply not trying. The chapter then goes on into other approaches which can get in the way of an effective threat modeling program.

Why should you threat model for your IT and other technology environments? It should be self-evident from an architecture perspective. When an architect is designing an edifice, they first must understand their environment and requirements. A residence for a couple in Manhattan will be entirely different from the design for a residence for a family in Wyoming. But far too many IT architects take a monolithic approach to threats and that's precisely the point the book is attempting to obviate.

As noted, threat modeling is not overly complex. But even if it was indeed complex, it is far too important not to be done. The message of the book is that organizations need to stop chasing vague threats and industry notions of what threats are, and customize things so they deal with their threats.

For those that still think the topic is complex, the book references Elevation of Privilege (EoP), an easy way to get started threat modeling. EoP is a card game that developers, architects or security teams can play to easily understand the rudiments of threat modeling.

Risk modeling is so important that it must be seen as an essential part of a formal and mature information security program. Having firewalls, IDS, DLP and myriad other infosec appliances can be deceptive in thinking they provide protection. But if they are deployed in an organization that has not defined the threats these devices are expected to address, they only serve the purpose of giving an aura of infosec protection, and not real protection itself.

Amazon has over 800 Disney World guide books. Anyone who is going to invest their time and money to spend a few days at Disney World knows they have to do their research in order to get the most out of their visit.

There are only a handful of books on this topic and Threat Modeling: Designing for Security is perhaps the finest of them. No tourist would be so naïve to go to Disney World uninformed. And conversely, no one should go into the IT world without adequate threat information.

Threat modeling provides compelling benefits in the ability to make better information security decisions, better focus on often limited resources, all while designing a model to protect against current and future threats.

For those serious about the topic, Threat Modeling: Designing for Security will be one of the most rewarding information security books they could hope for.

Reviewed by Ben Rothke.

You can purchase Threat Modeling: Designing for Security from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Saint Aardvark writes "If you're a Unix or Linux sysadmin, you know sudo: it's that command that lets you run single commands as root from your own account, rather than logging in as root. And if you're like me, here's what you know about configuring sudo:

1.) Run sudoedit and uncomment the line that says "%wheel ALL=(ALL) ALL".
2.) Make sure you're in the wheel group.
3.) Profit!

If you're a sysadmin, you need to stop people from shooting themselves in the foot. There should be some way of restricting use, right? Just gotta check out the man page.... And that's where I stopped, every time. I've yet to truly understand Extended Backus-Naur Form, and my eyes would glaze over. And so I'd go back to putting some small number of people in the 'wheel' group, and letting them run sudo, and cleaning up the occasional mess afterward. Fortunately, Michael W. Lucas has written Sudo Mastery: User Access Control for Real People." Keep reading for the rest of Saint Aardvark's review. Sudo Mastery: User Access Control For Real People author Michael W. Lucas pages 144 publisher Tilted Windmill Press rating 10/10 reviewer Saint Aardvark ISBN 1493626205 summary Teaches all there is to know about sudo If his name sounds familiar, there's a reason for that: he's been cranking out excellent technical books for a long time, on everything from FreeBSD to Cisco routers to DNSSEC. He takes deep, involved subjects that you don't even know you need to know more about, and he makes them understandable. It's a good trick, and we're lucky he's turned his attention to sudo.

The book clocks in at 144 pages (print version), and it's packed with information from start to finish. Lucas starts with the why and how of sudo, explaining why you need to know it and how sudo protects you. He moves on to the syntax; it's kind of a bear at first, but Chapter 2, "sudo and sudoers", takes care of that nicely. Have you locked yourself out of sudo with a poor edit? I have; I've even managed to do it on many machines, all at once, by distributing that edit with CFEngine. Lucas covers this in Chapter 3, "Editing and Testing Sudoers", a chapter that would have saved my butt. By the time you've added a few entries, you're probably ready for Chapter 4, "Lists and Aliases".

sudo has lots of ways to avoid repeating yourself, and I picked up a few tricks from this chapter I didn't know about — including that sudo can run commands as users other than root. Need to restart Tomcat as the tomcat user? There's a sudoers line for that. I'm ashamed to admit that I didn't know this.

There is a lot more in this book, too. You can override sudo defaults for different commands or users. You can stuff sudo directives into LDAP and stop copying files around. You can edit files with sudoedit. You can record people's sudo commands, and play them back using sudoreplay. The list goes on.

Sounds like a lot, doesn't it? It is. But the book flies by, because Lucas is a good writer: he packs a lot of information into the pages while remaining engaging and funny. The anecdotes are informative, the banter is witty, and there's no dry or boring to be found anywhere.

Shortcomings: Maybe you don't like humor in your tech books; if so, you could pass this up, but you'd be missing out. There wasn't an index in the EPUB version I got, which I always miss. Other than that: I'm mad Lucas didn't write this book ten years ago.

You can purchase The Plateau Effect: Getting from Stuck to Success from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

jsuda writes "In a world of intractable wars and conflicts, spiteful and persistent political gridlock dominating (at least) American politics, rampant bare-knuckle capitalist competition and exploitation, and haters everywhere, Stephen Klein tries to convince us why it pays to get along. In Survival of the Nicest he says that we can be, and ought to be, 'nice' for our personal and social benefits." Read below for jsuda's review. Survival of the Nicest: How Altruism Made Us Human and Why It Pays to Get Along author Stefan Klein pages 272 publisher The Experiment rating 8/10 reviewer jsuda ISBN 1615190902 summary Asserts that the key to achieving lasting personal and societal success lies in helping others. Mr. Klein constructs arguments deriving from current brain research and genetics; economics, history, and social psychology; game theory; and behavioral and anthropological experiments which are intriguing, to say the least. Klein is an acclaimed science writer and writes about complex ideas in an accessible (if not always coherent) manner. He has a remarkable synthetic overview of a large number of elements which condition human economic decisions and behavior. He draws upon individual human stories, social science research, and especially game theory and economic logic to show that purely rational self-interested behavior is rare and probably impossible on a broad, societal level. He implies that the macroeconomic theories of the Austrian school of essential self-interest are reductionist at best. Society would eventually collapse and die off without a substantial amount of altruism particularly when under stress from environmental or competitive pressures.

Emotions, psychology, and cultural conditioning play a huge role in how people interact with each other in terms of selfish versus social decisions and behaviors. He cites natural and social science research which suggests that giving and altruism are essential for happiness itself. (There's even a biochemical basis for this in oxytocin and other substances.) Elements of community-level trust and fairness are probably more prominent than naked economic calculations. He gives many examples of how these elements of trust and fairness run counter and (or are complementary) to what ought to be expected from pure self interested logic and calculation.

He also points out that even the perceived effectiveness of reason and logic strategies depends on often-ignored assumptions like differences in consequences over short, medium, and long terms, the presence of imperfect knowledge, and the like. He sprinkles numerous examples of how game theory favorites like The Prisoner's Dilemma, The Free Rider Game, Ultimatum, and the amazingly effective Tit-for-Tat strategy (where a certain short-term level of--irrational--trust is essential to its success) are relevant for a whole host of social and economic situations.

There are intricate arguments about how game-like stratagems combined with tribalist elements condition self-interest and social-interest behaviors. Surprisingly, he argues how the success of generosity and good-naturedness depend on the presence of some degree of self-interest. Community-wide mores depend on an us-them competitive situation where the tribal effects unify people into efficient social structures where altruism is essential for the group to compete with and/or defeat outsiders. If and when that competition subsides, the group may then develop "freeloaders" who will increase in number in effect and collapse the social interest by rejecting its mores of trust and fairness.

The historical perspective on all of this is not very well developed or very coherent nor are the references to evolutionary theory. Mr. Klein sides with the proponents of the current controversy over group genetic selection position versus the more established individual selection position. He argues that generosity is hardwired into the human species at both the individual and group levels. Nevertheless, Klein shows that the selfish-vs-social attitudes have evolved over the centuries due to advanced philosophical concepts and the influence of condensing world geography, cultural shifts, and globalization-like elements.

He draws upon this evolutionary process to propose that we are in a historical period (The Global Village) where people are becoming more and more interdependent, unified by communication and transportation developments, and less tribal (at the national and cultural levels, at least) than before. These events will likely promote greater elements of trust, converging senses of fairness, and a recognition of the long term efficiencies of social behavior versus that of the mere self-interested personal attitude.

As a better educated society (mainly in economic efficiency theory and morality) we can change our thinking about how we relate to one another. We will recognize the evolutionary advantages to altruism. We can practice habits of fairness and altruism. Interestingly, he refers to science which categorizes humans as comprised of three main groups: about one third are consistently self interested, one-fifth are consistently altruists, and the rest are pragmatic opportunists who act depending on the environmental variables. Optimistically, he states "The Future Belongs to the Altruists."

I don't know how convincing this book can or will be given the enormous tidal wave of selfishness and narcissism which seemingly has infected our world. It seems right that a new way of thinking is a start towards something different, anyway, and this book certainly is intriguing and thought provoking.

You can purchase Survival of the Nicest: How Altruism Made Us Human and Why It Pays to Get Along from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "At first glance, The Art of the Data Center: A Look Inside the Worlds Most Innovative and Compelling Computing Environments appears like a standard coffee table book with some great visuals and photos of various data centers throughout the world. Once you get a few pages into the book, you see it is indeed not a light-read coffee table book, rather a insightful book where some of the brightest minds in the industry share their insights on data center design and construction." Read below for the rest of Ben's review. The Art of the Data Center: A Look Inside the Worlds Most Innovative and Compelling Computing Environments author Douglas Alger pages 368 publisher Prentice Hall rating 9/10 reviewer Ben Rothke ISBN 978-1587142963 summary Some of the smartest guys in the data center share their build and design advice The book takes a holistic view of how world-class data centers are designed and built. Many of the designers were able to start with a greenfield approach without any constraints; while others were limited by physical restrictions.

Some of the firms profiled in the book are Citi, Digital Realty Trust (who run the world's largest data center in Chicago), eBay, Facebook, IBM, Intel and Yahoo!.

One of the interesting things about hearing 18 different viewpoints, both from the US and Europe-based firms, is that it shows there is not just one way to build a data center. Fundamental data center components such as raised floors are reconsidered in some of the data centers in the book. From UPS, to cooling systems and more, Alger details how the nuances of various data centers have influenced their design.

It is an unfortunate reality that many expensive data center builds and expansions fail.The book profiles those that have succeeded, and it is hoped the reader will take the advice to heart in their build and design.

The book is written in an interview style, where Alger asked the designers various question on how their came to their design, the rationale behind it, what their strategy was, what constraints they ran into, and more

The book highlights a broad range of data centers; from those built into a century old church in Spain, a former Swedish underground military bunker renovated into a modern data center with artificial daylight, manmade waterfalls and submarine engines providing standby power, to those powered by all solar energy.

Many of the data centers that he showcases are designed in order to be LEED (Leadership in Energy and Environmental Design) and Energy Star certified. LEED is a rating systems for the design, construction, operation and maintenance of green buildings, homes and neighborhoods, created by the US Green Building Council (USGBC). It should be noted that as of now, the USGBC hasn't set specific criteria for data center LEED certification.

An important point about LEED made in the book is that for those designers that are thinking about LEED certification, it must be done in the design stage and not as an addendum. Obtaining LEED certification must start at design and end with a formal certification after project completion. It was noted that consulting with a qualified LEED professional or consulting firm at the start of the planning process is a must.

While this is not a coffee table book, it does make good use of photos to highlight the nuances and layouts of the various data centers. There are many pictures that show the various types of equipment in use.

As noted, the book showcases many different aspects and often counterintuitive notions of data center design. One of the most significant is ACT, Inc., a nonprofit that runs the ACT test – a college admissions and placement test taken by more than 1.3 million high school graduates every year, who decided to runs their active and backup data centers in Iowa City, Iowa just 5 miles apart. The book details the designer's rationale behind that. Similar case studies are detailed in the book.

One of the major methods in the book used to reduce power consumption and cost is via the use of virtualization, which many of the data centers have used and optimized.

One topic lacking in the book is that Alger did not ask detailed questions around the physical security of the buildings. Why power, UPS, flooring and the like are critical to the efficacy of a data center; physical security components such as mantraps, access control systems, bollards, surveillance and the like are necessary to ensure all of the previous design items are not placed at risk.

One of the questions he asked every designer is if they could go back and design the data center all over again, what; if anything would they do different. Surprisingly, everyone one of them said that they put a lot of planning in and there was nothing major they would change. Most of the designers did though say each data center had small items though could have been revisited to make the center better. Bu most agreed that many of them are so minor in some respects, that it would not be meaningful to go through them.

An interesting point the data venter architect at Syracuse University stated is that one of the things they did in constructing their data center was to not necessarily be driven by rules of thumb or best practices. Rather they looked at their own requirements and how they could best optimize everything that they could in the design of the facility.

One common metric used throughout the book is power usage effectiveness (PUE). It is a measure of how efficiently a computer data center uses energy; specifically, how much energy is used by the computing equipment, as opposed to cooling and other data center overhead. The lower the number, closest to 1.0, the more of its power is used for computing.

Poor data center planning leads to poor use of valuable capital, can significantly increase operational expense and obviate any computation gains. Many organizations get overwhelmed on the design and focus far too much on speed and power, without taking a larger holistic view of their data center needs.

For those looking for guidance on how to design a world-class data center, The Art of the Data Center: A Look Inside the Worlds Most Innovative and Compelling Computing Environments should be the place you start.

Reviewed by Ben Rothke.

You can purchase The Art of the Data Center: A Look Inside the Worlds Most Innovative and Compelling Computing Environments from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "With Adobe Flash, it's possible to quickly get a pretty web site up and running; something that many firms do. But if there is no content behind the flashy web page, it's unlikely anyone will return. In The Digital Crown: Winning at Content on the Web, author Ahava Leibtag does a fantastic job on showing how to ensure that your web site has what it takes to get visitors to return, namely great content." Read below for the rest of Ben's review. The Digital Crown: Winning at Content on the Web author Ahava Leibtag pages 358 publisher Morgan Kaufmann rating 10/10 reviewer Ben Rothke ISBN 978-0124076747 summary Invaluable resource and reference for building an effective web content strategy Make no mistake, creating good content for a large organization is a massive job. But for those organizations that are serious about doing it right, the book provides the extensive details all of the steps required to create content that will bring customers back to your web site.

Leibtag writes in the introduction that the reason so many websites and other digital strategy projects fail is because the people managing them don't focus on what really matters. They begin changing things for the sake of change and to simply update, without first asking why. They also forget to ask what the updates will accomplish. What this does is create a focus on the wrong priorities. Leibtag notes that the obvious priority is content.

So what is this thing called content? The book defines it as all of the information assets of your company that you want to share with the world.

The book is based around 7 rules, which form the foundation of an effective and comprehensive content strategy, namely:

1. Start with Your Audience

2. Involve Stakeholders Early and Often

3. Keep it Iterative

4. Create Multidisciplinary Content Teams

5. Make Governance Central

6. Workflow that Works

7. Invest in Professionals and Trust Them

Chapter 1 (freely available here) takes a high-level look at where branding and content meet, and details the need for a strategic content initiative.

An interesting point the book makes in chapter 2 which is pervasive throughout the book is to avoid using the term users. Rather refer to them as customers. Leibtag feels that the term users as part of a content strategy, makes them far too removed and abstract. Dealing with them as customers makes them real people and changes the dynamics of the content project. Of course, this transition has to be authentic. Simply performing a find/replace of user/customer in your documentation is not what the author intended; nor will such an approach work.

The book is heavy on understanding requirements and has hundreds of questions that need to be asked before creating content. The book is well worth it for that content alone.

It also stresses the importance of getting all stakeholders involved in the content creation process. As part of the requirements gathering process, the book details 3 roadmap steps which much be done in order to facilitate an effective strategy.

The book notes that content is much more than web pages. Content includes various formats, platforms and channels. An effective strategy must take al lof these into account. The book notes that there are hundreds of possible formats for content. While it is impossible to deal with every possible option; an organization must know what they are in order to ensure they are creating content that is appropriate for their customers.

By the time you hit page 100, it becomes quite clear that content is something that Leibtag is both passionate about and has extensive experience with. An important point she makes is that it is crucial not for focus on design right away in the project, as it eats up way too much time. The key is to focus the majority of your efforts on the content.

The dilemma that the book notes is that during the requirements gathering process, far too many organizations are imagining a gorgeous web site with all kinds of bells and whistles, beautiful colors and pictures. That in turn moves them to spend (i.e., waste) a tremendous amount of time on design; which leads them to neglect contact creation and migration.

The book details multichannel publishing, which is the ability to publish your content on any device and any channel. This is a significant detail, as customers will be accessing your site from desktops with huge screens and bandwidth to mobile devices with smaller screens and often limited bandwidth. This requires you to adapt and change your content publishing process. This is clearly not a trivial endeavor. But doing it right, which the book shows how to do, will payoff in the long run.

Another mistake firms make is that they often think content can be done by just a few people. The book notes that it is an imperative to create multidisciplinary content teams, since web content will touch every part of the organization, and needs their respective input.

One of the multidisciplinary content teams that must be involved is governance. The book notes that governance standards help you set a consistent customer experience across all channels. By following them, you can avoid replicating content, muddying your main messages and confusing your customers. Governance is also critical in setting internal organizational controls.

Leibtag lays out what needs to be done in extreme detail. She makes it quite clear that there are no quick fixes that can be done to create good content. Creating an effective content marketing strategy and architecture is complex, expensive and challenging. But for most organizations, it is also absolutely necessary for them in order to compete.

The author is the head of a content strategy and content marketing consultancy firm. Like all good consultants, they focus on getting answers to the questions clients often don't even know to ask. With that, the book has myriad questions and requirements that you must answer before you embark on getting your content online.

The book also provides numerous case studies of sites that understand the importance of content and designed their site accordingly. After reading the book, the way you look at web sites will be entirely different. You will likely find the sites you intuitively return to coincidentally happened to be those very sites that have done it right and have the content you want.

My only critique of the book is that the author quotes herself and references other articles she wrote far too often. While these articles have valid content, this can come across as somewhat overly promotional. Aside from that, the book is about as good as anything could get on the topic.

For firms that are serious about content and looking for an authoritative reference on how to build out their content and do it right, The Digital Crown: Winning at Content on the Web is certain to be an invaluable resource.

Reviewed by Ben Rothke.

You can purchase The Digital Crown: Winning at Content on the Web from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Emmett has a good rep as a video game music composer, and he's worked on a number of Star Trek-related projects, including the recently-released audio book, How to Speak Klingon: Essential Phrases for the Intergalactic Traveler. Emmett freely admits that he has no experience with RPG games. The closest he's come was running a major D&D meetup some years back. But he has experience and contacts developed from many years working online not only within the Star Trek community but (years ago) on Slashdot and as editor for Linux.com. And, he says, when he was a teenager he ran comic book stores. So is Emmett suited to run an RPG company? Possibly. He's actively looking for games to publish. Sales aren't going to start for six months or so, so there is no website for Arrakeen Tactical quite yet. Until there is one, you can contact Emmett about his game venture by emailing angelaATclockworkjetpack.com.

benrothke writes "The book Digital Archaeology: The Art and Science of Digital Forensics starts as yet another text on the topic of digital forensics. But by the time you get to chapter 3, you can truly appreciate how much knowledge author Michael Graves imparts. Archaeology is defined as the study of human activity in the past, primarily through the recovery and analysis of the material culture and environmental data that they have left behind, which includes artifacts, architecture, biofacts and cultural landscapes. The author uses archeology and its associated metaphors as a pervasive theme throughout the book. While most archeology projects require shovels and pickaxes; digital archeology requires an entirely different set of tools and technologies. The materials are not in the ground, rather on hard drives, SD cards, smartphones and other types of digital media." Keep reading for the rest of Ben's review. Digital Archaeology: The Art and Science of Digital Forensics author Michael Graves pages 600 publisher Addison-Wesley Professional rating 9/10 reviewer Ben Rothke ISBN 978-0321803900 summary Excellent introductory text to digital forensics In the preface, Graves writes that in performing an investigation that explores the use of computers or digital data, the investigator is embarking on an archaeological expedition. In order to extract useful artifacts, information when dealing with our topic at hand; the investigator must be exceedingly careful in how he approaches the site. The similarities between a digital investigation and an archaeological excavation are much closer than you might imagine. Data, like physical artifacts, gets dropped into the oddest places. The effects of time and environment are just as damaging, if not more so, to digital artifacts as they are physical mementos.

The book shows you precisely how to extract those artifacts effectively. And in a little over 500 pages, the books 21 chapters, provides a comprehensive overview of every area relevant to digital forensics. The author brings his experience to every page and rather than being a dry reference, Graves writes an interesting reference guide for the reader who is serious about becoming proficient in the topic.

Rather than provide dry overview of the topics and associated hardware and software tools. The books take a real-world approach and provides a detailed narrative of real-world scenarios.

An important point Graves makes is that a digital investigator who does not understand the basic technology behind the systems they are investigating is going to be at a distinct disadvantage. Understanding the technology assists in the investigative process and ensures that the evidence can be held up in court.

The need to a proficiency in digital forensics is manifest in the recent attack against Target stores. After an aggressive attack, the store called in external digital forensics consultants to help them make sense of what happened.

The book starts with an anatomy of a digital investigation, including the basic model an investigator should use to ensure an effective investigation. While the author is not a lawyer; the book details all of the laws, standards, constitutional issues and regulations that an investigator needs to be cognizant of.

The author notes that Warren Kruse and Jay Heiser wrote in Computer Forensics: Incident Response Essentials that the basic computer investigation model was a four-part model with the following steps: assess, acquire, analyze and report. Graves breaks those into more detailed and granular level levels that represent processes that occur within each step. These steps are: identification and assessment, collection and acquisition, preservation, examination, analysis and reporting.

Chapter 2 has a section on the constitutional implications of forensic investigation, of which is the topic is also pervasive throughout the book.

As noted, a significant portion of the book is dedicated to the legal aspects around digital investigations. Graves spends a lot of time on these needed issues such as search warrants and subpoenas, basic elements of obtaining a warrant, the plain view doctrine, admissibility of evidence, keeping evidence authentic, defining the scope of the search, and when the Constitution doesn't apply.

The only chapter that was deficient was chapter 13 – Excavating a Cloud. Graves writes that the rapid emergence of cloud computing has added a number of new challenges for the digital investigator. The chapter does a good job of detailing the basic implications of cloud forensics. But it unfortunately does not dig any deeper, and does not provide the same amount of extensive tool listings as do other chapters.

Each chapter closes with a review of the topic and various exercises. Those wanting to see a sample chapter can do so here.

For those looking for an introductory text on the topics of digital forensics, Digital Archaeology: The Art and Science of Digital Forensics is an excellent read. Its comprehensive overview of the entire topic combined with the authors excellent writing skills and experience, make the book a worthwhile reference.

Reviewed by Ben Rothke.

You can purchase Digital Archaeology: The Art and Science of Digital Forensics from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Preston Gralla hasn't really been following Microsoft since 1820, but he's been doing it so long that it sometimes seems as if he has. His popular Seeing Through Windows blog on Computerworld.com or possibly his IT World blog, The Power of One, may be the main reasons his name is familiar to a lot of people, but he's also written an amazing stack of IT-related books. Obviously, if you look at the lists of blog posts and books Preston has written, he writes about plenty besides Microsoft, and isn't particularly pro-Microsoft. In fact, when we asked him for tablet-buying advice, he recommended iOS tablets if you have plenty of budget, and maybe an Android tablet (specifically the Nexus 7) if your budget is a little tight. Windows? He didn't recommend Windows at all in this context. (Sorry, Microsoft.)

First time accepted submitter totally_mad writes "The New York Times reports that Google has acquired Boston Dynamics, a company that is primarily a concept robot maker for the military. The robot wars appear to be heating up between the big corporations, with Amazon recently announcing plans to have 30-minute home deliveries using drones. Perhaps Boston Dynamics', or now Google's, Cheetah will outrun the drone!"

Jah-Wren Ryel writes "What do you get when you train a Markov chain on the King James Bible and a copy of Structure and Interpretation of Computer Programs? King James Programming — a tumblr of auto-generated pseudo-scripture (or pseudo-compsci lessons). Some examples: -- 'The LORD is the beginning (or prefix) of the code for the body of the procedure.' -- 'More precisely, if P and Q are polynomials, let O1 be the order of blessed.' -- ''In APL all data are represented as arrays, and there shall they see the Son of man, in whose sight I brought them out.'"

Z80xxc! writes "Amazon CEO Jeff Bezos revealed during a CBS 60 Minutes interview that the company is working on a service called 'Prime Air' to deliver packages by autonomous octocopter drones within 30 minutes of hitting the 'buy' button. The plan still requires more testing and FAA approval, but Bezos predicts it'll be available to the public in the next 4-5 years. With a lot of backlash against drones, and some towns even offering bounties to shoot them down, will this technology ever take off, or is this just another one of Amazon's eccentric CEO's fantastical flight ideas?"

An anonymous reader writes "Over the last couple years, I have taught myself the basic concepts behind Computational Neuroscience, mainly from the book by Abbott and Dayan. I am not currently affiliated with any academic Neuroscience program. I would like to take a DIY approach and work on some real world problems of Computational Neuroscience. My questions: (1) What are some interesting computational neuroscience simulation problems that an individual with a workstation class PC can work on? (2) Is it easy for a non-academic to get the required data? (3) I am familiar with (but not used extensively) simulators like Neuron, Genesis etc. Other than these and Matlab, what other software should I get? (4) Where online or offline, can I network with other DIY Computational Neuroscience enthusiasts? My own interest is in simulation of Epileptogenic neural networks, music cognition networks, and perhaps a bit more ambitiously, to create a simulation on which the various Models of Consciousness can be comparatively tested."

Bennett Haselton has in years previous made some canny suggestions for tech-oriented holiday gifts; you can look forward to another one. Today, though, Bennett writes about one cool toy in particular: a kit to make your own creepy robot: "For over 20 years, Dutch inventor Theo Jansen has been building truck-sized sculptures that crab-walk eerily across the beach, using only the power of the wind to turn fan blades that power the gears and crankshafts and enable the walking motion. This kit allows you to assemble your own working model that 'walks' sideways across your desktop." Read on for the rest.

The Strandbeest Model Kit is a home run in multiple categories. The box says "Ages 8 and up", and that seems about right (adult supervision recommended to make sure you're following all the assembly instructions exactly). It takes about 90 minutes to assemble (I timed it), which is enough to feel like a rewarding journey in itself, and not just an extra thing you have to do after you open the box. The work can be easily split between multiple people to make a family night out of it. The assembly instructions are reasonably clear and actually work. And the finished product actually does what the videos show it doing. (Most demo videos show the Strandbeest moving under the power of an air hose, but it works perfectly fine if you just blow on the fan.) When you can see all of the individual plastic parts moving in concert, it gives such an uncanny impression of an inanimate object come to life, that a few people that I showed the walking Strandbeest to, said that it "creeped them out". Like I said, home run.

And the kit provides a portal into the world of the full-sized Strandbeests, built from PVC pipe and corrugated cardboard by Dutch "kinetic sculptor" Theo Jansen. Of all of the links and videos that we keep sending each other about "amazing things around the world that you've never seen before", how could we have missed this?

Before or after you put the kit together, you and your kids can gorge on the over 20,000 Youtube videos showing the walking creatures. According to the BBC One piece, "Theo Jansen is evolving such clever designs that one day, he hopes they'll be able to leave home, and live permanently in the Dutch sand dunes." In the printed interview that comes with the assembly kit, Jansen says, "My ultimate goal is that the strandbeests stroll, eat, reproduce, and survive as as group on the beach without me," and I can't quite tell if he's kidding. The "reproduce" and "eat" parts are probably impossible, but as for "stroll" and "survive" -- if a future design becomes "smart" enough to change direction when it hit an incline, or to walk across uneven terrain, then couldn't they keep wandering in the sand dunes under the power of the wind, until one of the parts broke? Well, why not? I can imagine the full-size Strandbeests "in the wild" becoming such a tourist draw that they would need human volunteers at the beach just to stop visitors from getting too close and damaging them.

Until then, if you want to go in person to see one of the full-size Strandbeests walking alongside the ocean under the power of the wind, you'll probably have to check Theo Jansen's public event schedule when it ramps up again in the summer of 2014. According to his website, the studio is also open to the public year-round, where you can operate one of the non-wind-powered full-sized Strandbeests which has to be pushed or pulled manually. I'd be willing to go quite far out of my way to see one of these things up close, next time I'm anywhere in or near Holland.

The kit to build your own mini-beest is $35 from ThinkGeek. (When I wrote my gift guide last year, some people accused me of shilling for ThinkGeek, Slashdot's corporate cousin, but this year, they're owned by different parent companies, so suck it haterz.) Earlier versions of the kit cost about $70 and came only with Japanese instructions. Adam Savage from Mythbusters put one together in 45 minutes just from reading the diagrams, since he doesn't speak Japanese, but the rest of us will probably do better with the English version that is now finally available.

The kit comes with a "science and history guide" which, along with the interview with Jansen, describes the successive "generations" of Strandbeests he has built, and the new features that were added over the years, The models are described eerily like living creatures:

"Animals that can utilize wind energy to live do not need to eat food. This type of creature can dominate sandy beaches where there is an abundance of wind but not very much nutrients. This is a tremendous advantage to the strandbeests since they do not need to compete with the other animals in the nature."

In the "Vaporum period", Jansen added the ability for Strandbeests to harness energy from the wind and store it in the form of compressed air in plastic bottles attached to the bodies, which he calls "muscles". In the most recent "Cerebrum period", Jansen added the ability for different parts of the body to communicate using compressed air in polyurethane tubes, which he calls "nerves":

"When a sensory appendage, a polyurethane tube dragged behind on the ground, touches water, the beest turns itself around and walks away from the water, saving itself from drowning in the ocean. Furthermore, the beest is built with a step counter and a system to record its experience. From the second time around, the beest stops three steps in front of the memorized water line and turns itself around before its antenna hits the water."

To a steampunk fan, this must sound like one of their dreams come to life.

(Apparently a $60 coffee table book by Theo Jansen, describing the evolution of his designs and including a DVD with more video footage, also exists, but is currently out of stock.)

If you get hooked after putting your first Strandbeest together, there is at least one other model available, the mini Rhinoceros, currently only with Japanese assembly instructions. If the first English-language assembly kit is a hit, hopefully the instructions for the mini Rhinoceros kit will be translated into English some time in the next year.

In fact, judging from the quality of the "Engrish" on the box and in the "science and history" guide (presumably translated from Dutch by way of Japan), it looks as if the English-language translation was probably rushed in order to make the Christmas 2013 selling deadline -- the right decision, no doubt. (The assembly instructions, on the other hand, were clearly written by a native English speaker, and are easy to understand all the way through.) At first I the broken English detracted from the quality of the product, but now I kind of like the effect, since the writing gives the eerie feeling that the brilliantly designed object in your hands is a touchstone to a foreign culture much smarter than ours. All your beest are belong to us!

Bennett Haselton has in years previous made some canny suggestions for tech-oriented holiday gifts; you can look forward to another one. Today, though, Bennett writes about one cool toy in particular: a kit to make your own creepy robot: "For over 20 years, Dutch inventor Theo Jansen has been building truck-sized sculptures that crab-walk eerily across the beach, using only the power of the wind to turn fan blades that power the gears and crankshafts and enable the walking motion. This kit allows you to assemble your own working model that 'walks' sideways across your desktop." Read on for the rest.

The Strandbeest Model Kit is a home run in multiple categories. The box says "Ages 8 and up", and that seems about right (adult supervision recommended to make sure you're following all the assembly instructions exactly). It takes about 90 minutes to assemble (I timed it), which is enough to feel like a rewarding journey in itself, and not just an extra thing you have to do after you open the box. The work can be easily split between multiple people to make a family night out of it. The assembly instructions are reasonably clear and actually work. And the finished product actually does what the videos show it doing. (Most demo videos show the Strandbeest moving under the power of an air hose, but it works perfectly fine if you just blow on the fan.) When you can see all of the individual plastic parts moving in concert, it gives such an uncanny impression of an inanimate object come to life, that a few people that I showed the walking Strandbeest to, said that it "creeped them out". Like I said, home run.

And the kit provides a portal into the world of the full-sized Strandbeests, built from PVC pipe and corrugated cardboard by Dutch "kinetic sculptor" Theo Jansen. Of all of the links and videos that we keep sending each other about "amazing things around the world that you've never seen before", how could we have missed this?

Before or after you put the kit together, you and your kids can gorge on the over 20,000 Youtube videos showing the walking creatures. According to the BBC One piece, "Theo Jansen is evolving such clever designs that one day, he hopes they'll be able to leave home, and live permanently in the Dutch sand dunes." In the printed interview that comes with the assembly kit, Jansen says, "My ultimate goal is that the strandbeests stroll, eat, reproduce, and survive as as group on the beach without me," and I can't quite tell if he's kidding. The "reproduce" and "eat" parts are probably impossible, but as for "stroll" and "survive" -- if a future design becomes "smart" enough to change direction when it hit an incline, or to walk across uneven terrain, then couldn't they keep wandering in the sand dunes under the power of the wind, until one of the parts broke? Well, why not? I can imagine the full-size Strandbeests "in the wild" becoming such a tourist draw that they would need human volunteers at the beach just to stop visitors from getting too close and damaging them.

Until then, if you want to go in person to see one of the full-size Strandbeests walking alongside the ocean under the power of the wind, you'll probably have to check Theo Jansen's public event schedule when it ramps up again in the summer of 2014. According to his website, the studio is also open to the public year-round, where you can operate one of the non-wind-powered full-sized Strandbeests which has to be pushed or pulled manually. I'd be willing to go quite far out of my way to see one of these things up close, next time I'm anywhere in or near Holland.

The kit to build your own mini-beest is $35 from ThinkGeek. (When I wrote my gift guide last year, some people accused me of shilling for ThinkGeek, Slashdot's corporate cousin, but this year, they're owned by different parent companies, so suck it haterz.) Earlier versions of the kit cost about $70 and came only with Japanese instructions. Adam Savage from Mythbusters put one together in 45 minutes just from reading the diagrams, since he doesn't speak Japanese, but the rest of us will probably do better with the English version that is now finally available.

The kit comes with a "science and history guide" which, along with the interview with Jansen, describes the successive "generations" of Strandbeests he has built, and the new features that were added over the years, The models are described eerily like living creatures:

"Animals that can utilize wind energy to live do not need to eat food. This type of creature can dominate sandy beaches where there is an abundance of wind but not very much nutrients. This is a tremendous advantage to the strandbeests since they do not need to compete with the other animals in the nature."

In the "Vaporum period", Jansen added the ability for Strandbeests to harness energy from the wind and store it in the form of compressed air in plastic bottles attached to the bodies, which he calls "muscles". In the most recent "Cerebrum period", Jansen added the ability for different parts of the body to communicate using compressed air in polyurethane tubes, which he calls "nerves":

"When a sensory appendage, a polyurethane tube dragged behind on the ground, touches water, the beest turns itself around and walks away from the water, saving itself from drowning in the ocean. Furthermore, the beest is built with a step counter and a system to record its experience. From the second time around, the beest stops three steps in front of the memorized water line and turns itself around before its antenna hits the water."

To a steampunk fan, this must sound like one of their dreams come to life.

(Apparently a $60 coffee table book by Theo Jansen, describing the evolution of his designs and including a DVD with more video footage, also exists, but is currently out of stock.)

If you get hooked after putting your first Strandbeest together, there is at least one other model available, the mini Rhinoceros, currently only with Japanese assembly instructions. If the first English-language assembly kit is a hit, hopefully the instructions for the mini Rhinoceros kit will be translated into English some time in the next year.

In fact, judging from the quality of the "Engrish" on the box and in the "science and history" guide (presumably translated from Dutch by way of Japan), it looks as if the English-language translation was probably rushed in order to make the Christmas 2013 selling deadline -- the right decision, no doubt. (The assembly instructions, on the other hand, were clearly written by a native English speaker, and are easy to understand all the way through.) At first I the broken English detracted from the quality of the product, but now I kind of like the effect, since the writing gives the eerie feeling that the brilliantly designed object in your hands is a touchstone to a foreign culture much smarter than ours. All your beest are belong to us!

Bennett Haselton has in years previous made some canny suggestions for tech-oriented holiday gifts; you can look forward to another one. Today, though, Bennett writes about one cool toy in particular: a kit to make your own creepy robot: "For over 20 years, Dutch inventor Theo Jansen has been building truck-sized sculptures that crab-walk eerily across the beach, using only the power of the wind to turn fan blades that power the gears and crankshafts and enable the walking motion. This kit allows you to assemble your own working model that 'walks' sideways across your desktop." Read on for the rest.

The Strandbeest Model Kit is a home run in multiple categories. The box says "Ages 8 and up", and that seems about right (adult supervision recommended to make sure you're following all the assembly instructions exactly). It takes about 90 minutes to assemble (I timed it), which is enough to feel like a rewarding journey in itself, and not just an extra thing you have to do after you open the box. The work can be easily split between multiple people to make a family night out of it. The assembly instructions are reasonably clear and actually work. And the finished product actually does what the videos show it doing. (Most demo videos show the Strandbeest moving under the power of an air hose, but it works perfectly fine if you just blow on the fan.) When you can see all of the individual plastic parts moving in concert, it gives such an uncanny impression of an inanimate object come to life, that a few people that I showed the walking Strandbeest to, said that it "creeped them out". Like I said, home run.

And the kit provides a portal into the world of the full-sized Strandbeests, built from PVC pipe and corrugated cardboard by Dutch "kinetic sculptor" Theo Jansen. Of all of the links and videos that we keep sending each other about "amazing things around the world that you've never seen before", how could we have missed this?

Before or after you put the kit together, you and your kids can gorge on the over 20,000 Youtube videos showing the walking creatures. According to the BBC One piece, "Theo Jansen is evolving such clever designs that one day, he hopes they'll be able to leave home, and live permanently in the Dutch sand dunes." In the printed interview that comes with the assembly kit, Jansen says, "My ultimate goal is that the strandbeests stroll, eat, reproduce, and survive as as group on the beach without me," and I can't quite tell if he's kidding. The "reproduce" and "eat" parts are probably impossible, but as for "stroll" and "survive" -- if a future design becomes "smart" enough to change direction when it hit an incline, or to walk across uneven terrain, then couldn't they keep wandering in the sand dunes under the power of the wind, until one of the parts broke? Well, why not? I can imagine the full-size Strandbeests "in the wild" becoming such a tourist draw that they would need human volunteers at the beach just to stop visitors from getting too close and damaging them.

Until then, if you want to go in person to see one of the full-size Strandbeests walking alongside the ocean under the power of the wind, you'll probably have to check Theo Jansen's public event schedule when it ramps up again in the summer of 2014. According to his website, the studio is also open to the public year-round, where you can operate one of the non-wind-powered full-sized Strandbeests which has to be pushed or pulled manually. I'd be willing to go quite far out of my way to see one of these things up close, next time I'm anywhere in or near Holland.

The kit to build your own mini-beest is $35 from ThinkGeek. (When I wrote my gift guide last year, some people accused me of shilling for ThinkGeek, Slashdot's corporate cousin, but this year, they're owned by different parent companies, so suck it haterz.) Earlier versions of the kit cost about $70 and came only with Japanese instructions. Adam Savage from Mythbusters put one together in 45 minutes just from reading the diagrams, since he doesn't speak Japanese, but the rest of us will probably do better with the English version that is now finally available.

The kit comes with a "science and history guide" which, along with the interview with Jansen, describes the successive "generations" of Strandbeests he has built, and the new features that were added over the years, The models are described eerily like living creatures:

"Animals that can utilize wind energy to live do not need to eat food. This type of creature can dominate sandy beaches where there is an abundance of wind but not very much nutrients. This is a tremendous advantage to the strandbeests since they do not need to compete with the other animals in the nature."

In the "Vaporum period", Jansen added the ability for Strandbeests to harness energy from the wind and store it in the form of compressed air in plastic bottles attached to the bodies, which he calls "muscles". In the most recent "Cerebrum period", Jansen added the ability for different parts of the body to communicate using compressed air in polyurethane tubes, which he calls "nerves":

"When a sensory appendage, a polyurethane tube dragged behind on the ground, touches water, the beest turns itself around and walks away from the water, saving itself from drowning in the ocean. Furthermore, the beest is built with a step counter and a system to record its experience. From the second time around, the beest stops three steps in front of the memorized water line and turns itself around before its antenna hits the water."

To a steampunk fan, this must sound like one of their dreams come to life.

(Apparently a $60 coffee table book by Theo Jansen, describing the evolution of his designs and including a DVD with more video footage, also exists, but is currently out of stock.)

If you get hooked after putting your first Strandbeest together, there is at least one other model available, the mini Rhinoceros, currently only with Japanese assembly instructions. If the first English-language assembly kit is a hit, hopefully the instructions for the mini Rhinoceros kit will be translated into English some time in the next year.

In fact, judging from the quality of the "Engrish" on the box and in the "science and history" guide (presumably translated from Dutch by way of Japan), it looks as if the English-language translation was probably rushed in order to make the Christmas 2013 selling deadline -- the right decision, no doubt. (The assembly instructions, on the other hand, were clearly written by a native English speaker, and are easy to understand all the way through.) At first I the broken English detracted from the quality of the product, but now I kind of like the effect, since the writing gives the eerie feeling that the brilliantly designed object in your hands is a touchstone to a foreign culture much smarter than ours. All your beest are belong to us!

benrothke writes "Many of us have experimented with what it means to be disabled, by sitting in a wheelchair for a few minutes or putting a blindfold over our eyes. In Digital Outcasts: Moving Technology Forward without Leaving People Behind, author Kel Smith details the innumerable obstacles disabled people have to deal with in their attempts to use computers and the Internet. The book observes that while 1 in 7 people in the world have some sort of disability, (including the fact that 1 in every 10 U.S. children has been diagnosed with ADHD), software and hardware product designers, content providers and the companies who support these teams often approach accessibility as an add-on, not as a core component. Adding accessibility functionality to support disabled people is often seen as a lowest common denominator feature. With the companies unaware of the universal benefit their solution could potentially bring to a wider audience. " Read below for the rest of Ben's review. Digital Outcasts: Moving Technology Forward without Leaving People Behind author Kel Smith pages 288 publisher Morgan Kaufmann rating 9/10 reviewer Ben Rothke ISBN 978-0124047051 summary Manifesto for technology accessibility for all One of the many examples of this which the book provides is how sidewalk ramps are often an easier access method to streets; not just for those in wheelchairs, but for those simply walking and desiring an easier method.

In the book, Smith details how digital outcasts often rely on technology for everyday things that we take for granted. The problem is that poorly designed products create an abyss for these outcasts, who number in the hundreds of millions.

So just what is this digital outcast? Smith notes that the term was first introduced by Gareth White of the University of Sussex to describe people who are left behind the innovation curve with respect to new advances in technology. The term is also relevant to today's Internet user who can't perform a simple function such as making an e-commerce purchase or checking their financial statement; due to inaccessibility of the content, platform or device. These outcasts represent large swaths of forgotten populations.

In the first chapter, Smith makes the chilling observation that all of us, at some point or another, will find that our capabilities have diminished. Today's disabled users are not outliers of the able-bodied population – they are a prototype of what our future looks like.

The book provides a detailed overview of how people with disabilities use technology. More importantly, it shows that creating effective user interfaces for those with disabilities is beneficial for all users.

It showcases numerous application and case studies, including how iPad apps have been used for cognitive therapy, video games to help many types of illnesses and more.

An important point the book makes is that there are no easy answers or silver-bullet solutions. There are no quick add-ons which a firm can use to quickly make their user interfaces outcast compliant. Rather it takes a concerted effort from senior management to make accessibility work.

A key point Smith makes many times is that students with disabilities are left behind. There are many students who fail in antiquated educational systems since the administration can't restructure their curricula around a child's individual talents or aptitudes. He writes that students with disabilities get stigmatized into special education programs, some of which are very good, but can be socially ostracizing.

Throughout the book, Smith quotes many studies and significant amounts of data that shows the power of how software can make significantly positive impacts on the lives of those with disabilities. In chapter 7, he writes that at the Center for Brain Health at The University of Texas, they used virtual worlds and avatars to help autistic children. That form of therapy has proven to be successful and that 4 or 5 sessions using that technology, is worth 2 or 3 years of real world training.

As detailed in many parts of the book, many doctors say the best high-tech treatments are in fact the ones you can download from an app store.

As the end of the book, Smith writes that for accessibility to work, it has to be an enterprise initiative. He provides 8 strategic steps to doing that, including creating an accessibility task force (and engaging them from the very beginning of the project), knowing the legal landscape (and not to be driven solely by law), to designing mobile applications to be run universally, and more.

Smith sadly writes at the end of the book that while Apple has been at the forefront of accessibility, in 2012, despite having no legal mandate, Apple removed the Speak for Yourself (SFY) application; which was an extremely popular and helpful augmentative and alternative communication app. It seems that SFY is now once again available in the App Store, but with legal maneuvering what it is, that could change at any moment.

While the accessibility of technology is getting better every year, there are still many challenges to ahead. Digital Outcasts: Moving Technology Forward without Leaving People Behind articulately and passionately details the groundwork, itemizes what needs to be done, and implores the reader to do something to ensure this trend continues.

This book is an important read for everyone. As there are two types of people, those that are currently digital outcasts, and those that will be sometime in the future.

The book closes with a most accurate observation: digital outcasts are not a biological model for a future we should fear, they are an inspiration for what we can all become.

Reviewed by Ben Rothke.

You can purchase Digital Outcasts: Moving Technology Forward without Leaving People Behind from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Hugh Pickens DOT Com writes "Joseph Stromberg writes at the Smithsonian that one afternoon in October 2005, neuroscientist James Fallon was sifting through thousands of PET scans to find anatomical patterns in the brain that correlated with psychopathic tendencies in the real world. 'Out of serendipity, I was also doing a study on Alzheimer's and as part of that, had brain scans from me and everyone in my family right on my desk,' writes Fallon. 'I got to the bottom of the stack, and saw this scan that was obviously pathological.' When he looked up the code, he was greeted by an unsettling revelation: the psychopathic brain pictured in the scan was his own. When he underwent a series of genetic tests, he got more bad news. 'I had all these high-risk alleles for aggression, violence and low empathy,' he says, such as a variant of the MAO-A gene that has been linked with aggressive behavior. It wasn't entirely a shock to Fallon, as he'd always been aware that he was someone especially motivated by power and manipulating others. Additionally, his family line included seven alleged murderers, including Lizzie Borden, infamously accused of killing her father and stepmother in 1892. Many of us would hide this discovery and never tell a soul, out of fear or embarrassment of being labeled a psychopath. Perhaps because boldness and disinhibition are noted psychopathic tendencies, Fallon has gone in the opposite direction, telling the world about his finding in a TED Talk, an NPR interview and now a new book published last month, The Psychopath Inside. 'Since finding all this out and looking into it, I've made an effort to try to change my behavior,' says Fallon. 'I've more consciously been doing things that are considered "the right thing to do," and thinking more about other people's feelings.'"

Many of today's adult video gamers grew up with a gaming industry that was still trying to figure itself out. In the early-to-mid 1990s, most of the gaming genres we're familiar with today were still indistinct, half-formed concepts waiting for that one game necessary to define them. Thus, many players sat up and took notice when a relatively unknown company named Blizzard managed to exemplify not one, but two separate types of game in quick succession. Warcraft: Orcs and Humans put real-time strategy on the map, and Diablo set the standard for action RPGs. The two games immediately elevated Blizzard to the top of the industry, and many gamers wondered how one studio could put out two games like these so quickly. As it turns out, it wasn't one studio; it was a blending of two very different but extremely creative groups who had a passion for making video games. In Stay Awhile and Listen, author David Craddock lays out the history of the two groups, from how they first got into the gaming business to their eventual success launching now-legendary games. Read on for our review of the book. Stay Awhile and Listen author David Craddock pages 399 publisher DM Press rating 9/10 reviewer Jeff Boehm ISBN 978-0-9884099-0-3 summary A look into the humble beginnings of Blizzard

Before going into the content of the book, I want to discuss its form. Stay Awhile and Listen, unlike most books that chronicle past events, flows almost like a documentary film. Craddock conducted years worth of interviews with former Blizzard staff, and the story of what happened is tightly interwoven with actual quotes from those interviews. The effect is illustrative; during the narrative parts, it's easy to imagine, for example, a group of young developers hunched in front of faintly glowing screens. During the quotations, you can picture the older and wiser industry veterans sitting in front of a camera and explaining those early days with smiles on their faces.

The structure of the book itself is rather unusual as well. Because of the author's extensive research, the sheer volume of historical material is almost overwhelming. In order to keep it focused on the development of Blizzard's early games, Craddock narrowed down the main story to only the most relevant events. However, to preserve all of the extra background information without cluttering the pages with endless footnotes, he added a secondary section appropriately named "Side Quests." When the author or the one of the developers mention a side-topic, there's a small link noting the availability of a Side Quest. Hitting the link takes you to the exact page it's on, and when you're done, there's a link returning you to the exact page you left. Some of these excerpts are even sourced with shortened URLs, in case you want to dive even more deeply into the history.

The Side Quests contain anecdotes, lessons on game design, technical bits from early development, and even information on content that never made it into the games. When reading Stay Awhile and Listen, I was struck by how nice it was for somebody to finally take advantage of the flexibility of digital books. One of the advantages of real books over ebooks is that it's much easier to flip backward or forward with a physical copy. The links within this book made that a non-issue. In addition to the Side Quests, there are a few extra chapters called Bonus Rounds, which contain background on the parts of the gaming industry that supported Blizzard during its rise.

For somebody who played a lot of the early Blizzard games, I was still surprised by a lot of the information in this book. I remember years ago firing up Diablo and seeing the Blizzard North logo. I wondered what made that group different from the "normal" Blizzard developers. It's easy to look at a company and assume uniform identity or uniform goals, but Stay Awhile and Listen makes clear that Blizzard Entertainment and Blizzard North were two fundamentally different studios that had their own ways of doing things, and strong opinions about how their games should work. Fortunately for them (and for us), the biggest thing they had in common was a real love for gaming, and for making the best game they could. This let them work well together despite their frequent and contentious debates.

Getting a look into the development of Diablo and Warcraft was interesting as well. Usually, when we think about design decisions, we imagine the developers debating the finer points of the finished product. (Do we let players use a rail gun or a rocket launcher? Is our last class a Paladin or a Mage?) So, learning that some of the most basic aspects of these games were almost very different was fascinating and perplexing. For example, Dave Brevik conceived of Diablo as a graphical interpretation of the text-based dungeon crawlers of the 80s. These games were largely turn-based — and so was the earliest incarnation of Diablo. Looking back on it now, it's jarring to think of Diablo as a turn-based game. It's like finding out that Looney Tunes was almost stop-motion animated, or that pizza was almost salad. Stay Awhile and Listen provides perspectives on the game's transition, and a fascinating description of how, once the decision was made, Brevik sat down and hammered out the code necessary to turn the game into the Diablo we now.

It was also nice to read about some of the technical details behind the games. Strip away the last 20 years worth of lessons in how to develop software, and you end up with talented programmers putting out brilliant, but ugly and hard-to-maintain code. I'm always curious to know what technologies underpin the software I use; if you're the same way, you'll enjoy reading about what they used and how they decided to use it. (Necessity is a powerful thing.) At the same time, you'll get a feel for how shaky the whole business proposition was to start. Nowadays, Blizzard is largely inscrutable as a business. But budding game developers will be heartened to see how a successful company arose from humble beginnings.

Stay Awhile and Listen is incredibly well sourced. Over three dozen former Blizzard employees contributed to this book. This goes all the way to the top — Dave Brevik, Erich Schaefer, and Max Schaefer were the three co-founders of Condor Inc., which became Blizzard North, and all three feature prominently. We also hear from Mike Morhaime, Frank Pearce, and Allen Adham, who founded Silicon & Synapse, which went on to become Blizzard Entertainment. There are also discussions with Blizzard veterans like Pat Wyatt (whose anecdotes we've discussed before), Bill Roper, and composer Matt Uelmen.

The book is well-written, and the story flows well. If you played these games when you were younger and you're interested in how they came to be, Stay Awhile and Listen is well worth picking up. It'd also be useful to anybody jumping into game development (probably start-up software development, too), as it gives a perspective on how Blizzard adopted the ideals it still holds to this day, like "we'll release when it's finished," and "if you can defend your idea, everybody will consider it." It's also the first in a series documenting Blizzard's history; future volumes will focus on StarCraft, World of Warcraft, and the continuation of each franchise.

Stay Awhile and Listen is published by DM Press on the Kindle and iBooks platforms, and will soon be available for the Nook as well. Slashdot welcomes readers' book reviews (sci-fi included) — to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "David Mitchell Smith wrote in the Gartner report Hype Cycle for Cloud Computing last year that while clearly maturing and beyond the peak of inflated expectations, cloud computing continues to be one of the most hyped subjects in IT. The report is far from perfect, but it is accurate in the sense that while cloud computing is indeed ready for prime time, the hype with it ensures that too many firms will be using it with too much hype, and not enough reality and detailed requirements. While there have been many books written about the various aspects of cloud computing, Testing Cloud Services: How to Test SaaS, PaaS & IaaS is the first that enables the reader to successfully make the transition from hype to actuality from a testing and scalability perspective." Read on for the rest of Ben's review. Testing Cloud Services: How to Test SaaS, PaaS &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; IaaS author Kees Blokland, Jeroen Mengerink, Martin Pol pages 184 publisher Rocky Nook rating 9/10 reviewer Ben Rothke ISBN 978-1-937538-38-5 summary Brings to light the imperative of testing cloud services before deployment The book is an incredibly effective and valuable guide that details the risks that arise when deploying cloud solutions. More importantly, it provides details on how to test cloud services, to ensure that the proposed cloud service will work as described.

It is a great start to the topic. The 6 chapters detail a paradigm that cloud architects, managers and designers can use to ensure the success of their proposed cloud deployments.

The first two chapters are a very brief introduction to cloud computing. In chapter 3, the authors detail the role of the test manager. They write that the book is meant to give substance to the broadening role of the test manager within cloud computing. They encourage firms to make sure the test manager is involved in all stages of cloud computing; from selection to implementation. In fact, they write that it is only a matter of time until this service will be available in the cloud, in the form of TaaS – Testing as a Service.

Besides the great content, the book is valuable since it has many checklists and questions to ask. One of the reasons cloud hype is so overly pervasive, is that the customers believe what the marketing people say, without asking enough questions. It would have been an added benefit if these questions and checklists would be made available in softcopy to the reader.

In chapter 4, the book details performance risks. As to performance, an important aspect of selecting the correct cloud provider is scalability of the service. This then requires a cloud specific test to determine if the scaling capacity (also known as elasticity) of the provider will work efficiently and effectively in practice.

An extremely important point the authors make is that when choosing a cloud service, many firms don't immediately think of having a test environment, because the supplier will themselves test the service. The absence of a test environment is a serious risk.

About 2/3 of the book is in chapter 5 – Test Measures. The chapter mostly details the test measures for SaaS, but also does address IaaS and PaaS testing. The chapter spends a lot of time on the importance of performance testing.

An important point detailed in the chapter is that of testing elasticity and manual scalability. This is an important topic since testing elasticity is a new aspect of performances testing. The objectives of elasticity tests are to determine if the performance of the service meets the requirements across the load spectrum and if the capacity is able to effective scale. The chapter details various load tests to perform.

In the section on guarantees and SLAs, the authors make numerous excellent points, especially in reference to cloud providers that may guarantee very high availabilities, but often hide behind contract language. They provide a number of good points to consider in regards to continuity guarantees, including determining what is meant exactly by up- and down-time; for example, is regular maintenance considered downtime or not.

Another key topic detailed is testing migration. The authors write that when an organization is going to use a service for an existing business process, a migration process is necessary. This includes the processes of going into the cloud, and backing the service out of the cloud.

With all of the good aspects to this book, a significant deficiency in it is that it lacks any mention of specific software testing tools to use. Many times the authors write that "there are many tools, both open source and commercial, that can" but fail to name a single tool. The reader is left gasping at a straw knowing of the need to perform tests, but clueless as to what the best tools to use are. Given the authors expertise in the topic, that lacking is significant.

The only other lacking in the book is in section 5.3 on testing security, the authors fail to mention any of the valuable resources on the topic from the Cloud Security Alliance. Specifically the Cloud Controls Matrix (CCM) and Consensus Assessments Initiative (CAI) questionnaire.

With that, Testing Cloud Services: How to Test SaaS, PaaS & IaaS should be on the required reading list of everyone tasked with cloud computing. This is the first book to deal with the critical aspect of testing as it related to cloud computing. The ease of moving to the cloud obscures the hard reality of making a cloud solution work. This book details the hard, cold realities of turning the potential of cloud computing, in the reality of a working solution.

Had the designers of the Obamacare website taken into consideration the key elements of this book, it is certain that the debacle that ensued would have been minimize and the administration would not have had to send out a cry for help. The Obamacare website will turn into the poster child of how to not to create a cloud solution. Had they read Testing Cloud Services: How to Test SaaS, PaaS & IaaS, things would have been vastly different.

Reviewed by Ben Rothke.

You can purchase Testing Cloud Services: How to Test SaaS, PaaS & IaaS from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

First time accepted submitter Sara Konrath writes "The App Generation gives an overview of how digital media and technology may affect young people's perceptions of themselves, their ability to relate to others, and their creativity. As the director of the Interdisciplinary Program on Empathy and Altruism Research (iPEAR), my research finds that there have been generational changes in personality traits related to social functioning. For example, we find that narcissism has been rising while dispositional empathy has been declining in recent generations. I also study the relationship between such traits and the use of social media. Considering this, I was excited to get a copy of the book ahead of its release date." Keep reading for the rest of Sara's review. The App Generation: How Today's Youth Navigate Identity, Intimacy, and Imagination in a Digital World author Howard Gardner, Katie Davis pages 256 publisher Yale University Press rating 7/10 reviewer Sara Konrath ISBN 978-0300196214 summary How life for this generation differs from life before the digital era. The book does a good job of outlining the latest research on the topic of how digital technology and media have changed fundamental aspects of the way young people relate to themselves and others. Considering that the authors are academics, I commend them for adopting an everyday conversational style, although at times this comes across as awkward. The book title is not quite right, since it's really about the broader topic of how new technology and media affect us, unfortunately forcing the authors to squeeze in the app metaphor whenever possible to make the title work. The larger point of the book is that it is easy to become "app-dependent," allowing ourselves to be controlled and limited by technology, rather than "app-enabled," using it to reach our highest potential selves – to creativity connect and engage with ideas and other people. The historical examples from other times of technological change are amusing, and provide an interesting context for their discussion.

Howard and Katie (as they call themselves in the book) argue that the new media landscape indeed affects the way young people see themselves, or at least present themselves – what they call identity. In the early days of the internet, there was a feeling that one could go online and be someone else. With chat rooms and multiplayer role play games (and their customizable avatars), the internet allowed people to safely play with their identities and perhaps discover new aspects of themselves. Sherry Turkle, covered this topic quite early (1995) in her book, Life on the Screen: Identity in the age of the internet, and The App Generation gives her an appreciative nod. But the authors suggest that although this type of identity play still occurs, it is more common for young people to use social media to be "themselves, only better," considering that social networking sites often use people's real names.

In terms of intimacy, Howard and Katie cite much research (including my own) finding that young people today may have more difficulty deeply connecting with others than those in past generations. The authors suggest that new media might be in part to blame for such changes in social interactions. Again, a book by Sherry Turkle (Alone Together: Why we expect more from technology and less from each other) has both preceded them and gone into more satisfying depth on the topic. The problem Howard and Katie acknowledge is that it is hard to conduct experimental studies, the gold standard for making causal claims. Yet I wish the authors would have discussed the vast amount of research on the effects of other media (e.g. television, violent video games), which has grappled with these problems for decades and has come up with some solutions.

The most novel and interesting part of the book, which alone makes it worth reading, is the chapter on creativity (which they self-consciously label imagination, in order to have three neat "Is" in the subtitle). This chapter is refreshingly different from the others, partly because the authors draw on their own research expertise here, rather than simply providing a cursory review of others' work. But here again, the discussion is too brief and superficial, as if the book is intended to be read on a screen. Still, I was intrigued by their finding that while the visual art of young people seems to be increasing in creativity and complexity in recent years, their written work shows marked declines in the same domains. This reminded me of Leonard Shlain's book, The Alphabet versus the Goddess, which posited that there would be a rise in the dominance visual images (which he sees as signifying feminine preeminence) over the written word (signifying masculine hierarchical systems of power).

Overall, The App Generation seems to be packaged directly to the "app generation," in its tendency to skim across facts rather than using them as a starting point for further analysis. But despite my criticisms, I still enjoyed reading it and it made me think more about how such technologies could be designed to help enhance social relationships rather than diminish them. My criticisms come partly from my experience studying this topic, and what seems like a criticism could actually be a strength for more novice readers. The book accurately gives an overview of scientific research on this topic, and with all of the electronic research tools available in recent years, it is up to the reader to "google it" if they want to go deeper.

You can purchase The App Generation: How Today's Youth Navigate Identity, Intimacy, and Imagination in a Digital World from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Nick Kolakowski writes "Amazon CEO Jeff Bezos regarded Apple co-founder Steve Jobs as a rival, but the men had more in common than they might have believed. Like Jobs, Bezos had a vision of a tech company, started it on a small budget with a tight cluster of coworkers, and fought to grow it into an industry giant. And as detailed in The Everything Store, a new book about the rise of Amazon.com, Bezos also boasts a Jobs-like temper, riddling his subordinates with withering insults when he feels a project is imperfect or falling behind schedule." Read on for the rest of his review. The Everything Store: Jeff Bezos and the Age of Amazon author Brad Stone pages 392 publisher Little, Brown and Company rating 9/10 reviewer Nick Kolakowski ISBN 0316219266 (ISBN-10); 978-0316219266 (ISBN-13) summary The rise of Amazon and its CEO Jeff Bezos

Brad Stone spent years researching Amazon as a journalist, speaking to Bezos a handful of times in the process. His footwork clearly shows in the book, which is exhaustively detailed without ever feeling bogged down. The most surprising thing, perhaps, is that Bezos didn’t start Amazon.com out of an all-consuming love for books, although he reads voraciously; in the early 1990s, realizing that the Internet was the Next Big Thing, he drew up a list of potential products that best fit the nascent e-commerce model in his head, including computer software and music.

“The category that eventually jumped out at him as the best option was books,” Stone writes. “They were pure commodities; a copy of a book in one store was identical to the same book carried in another, so buyers always knew what they were getting.” At the time, only two major distributors actually handled shipping books, which would make it easier for Bezos to set up a supply chain; and in reasonably short order, his growing team figured out how to get each volume to the customer relatively intact.

Much of the book details Amazon’s rapid growth in the years preceding the dot-com bubble. In his quest to create an “everything store” capable of shipping a wide variety of products to nearly anywhere in the world with a mailing address, Bezos pushed his employees relentlessly; many couldn’t take the pace. Even as customers ordered books, movies, and other goods from a handsome and smoothly running Website, the underlying infrastructure strained to handle all that traffic; meanwhile, the warehouse and distribution operations (headed up by executives poached from WalMart) evolved into a lab of sorts, as the company did its best to figure out how to ship products in the quickest and most efficient ways. (Praise today’s startups all you want, but most of them never have to handle real-world logistics on a massive scale.)

The book paints a nuanced portrait of the hard-driving Bezos, who comes off as a spectacularly unsentimental individual more than willing to fight to the bitter end with pretty much anyone to get what he wants. Stone offers up a bit about Bezos’ childhood—even as a youngster he was ambitious, and technically inclined—and tracks down his biological father, who was unaware that his son had grown up to become a billionaire businessman. (When they finally communicate, it’s by email; Bezos writes a quick message that he bears the old man no ill will for leaving him as a baby, and wishes him “the very best.”) But the overall focus here is on Bezos the Businessman, plunging into the details of everything from the Kindle to free shipping, and determined above all else to conquer the world’s marketplaces.

This is one of those biographies that will probably end up on the shelf of every self-styled “entrepreneur” and Internet CEO looking for a role model. For those who’re merely interested in Amazon, e-commerce, or stories about people who bulldoze their way to success, The Everything Store is a highly entertaining read.

You can purchase from... the everything store. Slashdot welcomes readers' book reviews (sci-fi included) — to see your own review here, read the book review guidelines, then visit the submission page.

Nick Kolakowski writes "Markus 'Notch' Persson is the famous indie-game developer behind Minecraft, which is also the name of the new book about his life and work by Daniel Goldberg and Linus Larsson. (The effect is slightly odd, like naming the Steve Jobs biography iPhone.) Minecraft traces Persson’s development from an isolated young man building simple PC games in his bedroom, to a frustrated game developer who feels the software conglomerates are stifling his creativity, to a multimillionaire who's had some trouble coming to grips with his gamer-land fame. The Persson described in the book is an introvert's introvert, far more interested in coding than partying, although he does display flashes of entrepreneurial aggression that would make Steve Jobs or Jeff Bezos proud: at one point, he confesses that he wants to build a gaming behemoth on the scale of Valve." Read below for the rest of Nick's review. Minecraft: The Unlikely Tale of Markus &amp;amp;lsquo;Notch&amp;amp;rsquo; Persson and the Game that Changed Everything author Daniel Goldberg and Linus Larsson (translated by Jennifer Hawkins) pages 256 publisher Seven Stories Press rating 7/10 reviewer Nick Kolakowski ISBN 1609805372 (ISBN-10); 978-1609805371 (ISBN-13) summary Markus 'Notch' Persson's development from isolated coder to famous game developer.

He certainly has the money to make many of his empire dreams come true, as Minecraft remains a strong seller more than four years after its Alpha debut. The game features a "survival" mode, in which the blocky hero attempts to survive against hordes of enemies, as well as a "creative" mode where players can mine blocks and use them to build pretty much any structure. The latter mode has unleashed some spectacular displays of creativity, including enormous replicas of the Egyptian Pyramids and the Empire State Building.

While the authors clearly had some access to Persson, they didn’t use that face-to-face time to plunge deeply into his character: there’s precious little insight into how his occasionally messy childhood informed his worldview, for example, or the duality that clearly exists between his more insular self and his ambition to build a massive company that, at its heart, rests on interactions between millions of people. On the other hand, by avoiding the plunge into that psychological thicket, they also prevent their work from falling into the tedious armchair-psychiatry that’s doomed many a biography.

The book is at its best when describing the Swedish gaming industry (from its giants down to the indie studios), and how Minecraft went from bedroom-developer project to worldwide phenomenon. That’s almost enough to overlook how much of a cipher Persson remains, even in the final pages.

You can purchase Minecraft from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) — to see your own review here, read the book review guidelines, then visit the submission page.