Slashdot Mirror

Michael Ross writes "An online store is one of the most common use cases for a website nowadays. For those web developers and business owners who choose the current version of Drupal as a basis for such an e-commerce project, the canonical solution is Drupal Commerce. There are numerous online resources for learning Commerce, and yet for the longest time no printed book. Now we have Getting Started with Drupal Commerce, written by Richard Jones." Read below for the rest of Michael's review. Getting Started with Drupal Commerce author Richard Jones pages 152 pages publisher Packt Publishing rating 7/10 reviewer Michael Ross ISBN 978-1783280230 summary An introduction to the leading Drupal e-commerce solution This title was released by Packt Publishing on 24 September 2013, under the ISBN 978-1783280230. (This review is based upon a copy of the book kindly provided by the publisher.) On the book's website, visitors can read information about the book, including its table of contents, errata (none listed, as of this writing), and a sample chapter (the third one, on "Planning Your Store").

At first glance, 152 pages may seem wholly inadequate for explaining how to build an online store using Drupal Commerce. However, the table of contents suggests that, within the book's 10 chapters, the author addresses most of the critical topics: installation of the Commerce project, product catalog and classification, product data, shopping cart functionality, the checkout process, shipping services, taxes, order management, discounts, and coupons. A bonus chapter, "Extending Commerce," is not included in the book itself, but is available as a free download. (Readers should note that the URL provided in the book is incorrect, as it is missing the last underscore.)

Prospective readers do not need to know how to program in PHP or Drupal; however, a working knowledge of Drupal site building through the user interface, would be helpful. Anyone who wishes to follow the steps performed in the book for creating the example Commerce site, must have access to a Drupal 7 installation, with sufficient privileges to install and configure modules and set permissions, as needed.

The first chapter, "Introducing Key Concepts," as the title suggests, introduces the reader to the Drupal Commerce package, its overall capabilities, its submodules, and its dependencies. The module list (on page 6) is missing nine entries. Other than that, the material provides a good sense of what is to come. The first chapter, like all the others in the book, concludes with a brief and utterly useless summary. In this case, it states that the readers now "understand the motivation of the developers," even though that was not discussed in the chapter.

Installing Drupal Commerce is the subject of the next chapter. MySQL is listed as a requisite download, but actually MariaDB, PostgreSQL, and SQLite are equally usable. The author mentions Mac OS X and Windows as possible environments, but neglects Linux. Most of the chapter assumes that the reader has elected to use the Acquia Dev Desktop, and it consequently may prove frustrating to anyone who uses a different distribution to get started, or who installs the needed components individually.

As an e-commerce website is developed and (usually) later modified, the participants discover the value in all of the time and effort invested upfront in planning the information needed to track products, customers, payments, and other facets of the operation. Thus the third chapter is arguably one of the most valuable in the book, and should prompt site designers and developers to ask plenty of questions of their clients.

With Chapter 4, "Products," the author begins describing and illustrating the creation of the example website — in this case, a wholesale coffee and tea store based in the UK. At a critical juncture (page 35), the reader is instructed to enable "Commerce Backoffice (Commerce package)" and "Commerce Backoffice (Product package)," which is odd, since all four Commerce Backoffice submodules are in the "Commerce (contrib)" package, and none have those two exact names. Readers may presume that Commerce Backoffice and Commerce Backoffice Product were intended. It later turns out that "Commerce Backoffice content" was also needed. It is possible that the author was using an earlier version of Commerce that had different names, but that's difficult to ascertain because he apparently does not mention which version of Commerce is used in the book.

Chapters 5 and 6 demonstrate how to set up a shopping cart and configure the checkout process. The material should be comprehensible to the typical reader, and possibly a pleasant relief if his head is still spinning from the terminology soup encountered in the fourth chapter. The author explains how to use PayPal for accepting customer payments, and what permissions to set so that visitors to one's store can check out. Strangely enough, there is no discussion as to what permissions, if any, visitors will need for viewing products and adding them to the shopping cart. This might seem obvious to those experienced with Drupal Commerce, but likely will not be to neophytes.

The next two chapters show how to set up flat rate shipping as an option for one's customers, and how to apply a value added tax to each order, including the use of the Rules module for handling special cases flexibly, such as offering free or discounted shipping when the checkout balance exceeds a certain amount on any order not being shipped internationally. Lastly, readers learn how to set up order tracking.

The last three chapters demonstrate how to apply various tax rates to customer orders, how to manage orders on the back-end (such as setting status codes and viewing payment transactions), and how to define discounts and coupons that can be offered to prospective customers. The 11th chapter, on extending Drupal Commerce, should have been included in the published volume itself, as it certainly would not have pushed the page count beyond a reasonable level.

Throughout the book, almost all of the explanations are clear and straightforward, with the only exceptions being the puzzling reference to a "uid property" (page 10), which is not explained, and the use of several different phrases to describe product display nodes (in the fourth chapter). Unfortunately, all of the material apparently assumes that the reader will encounter no problems in trying to perform the same steps, because no troubleshooting resources are mentioned.

Aside from the aforementioned faulty URL on page 2, this book contains too many errata relative to its size: "out of the box" (page 5; missing three hyphens), "Apache based" (page 13; same problem), a space in the URL (page 15), "than [a] necessity" (16), "to [the] recently" (17), "Specifying [the] language" (25), "to [the] public" (27), "other than helper modules" (35), "Images/" (39; should be lowercase), "fairtrade" and "fair trade" (46 etc.; should read "fair-trade"), "doesn't" (47; should read "isn't"), "top-" (64), "blocks" (67; should read "block"), "rules" (73; should read "rule"), "as [a] page" (76), "as screen" (93), "field_tax_code" (106-107; should read "field_vat_code"), and "cine" (108; movies and Jamaican coffee have the same pricing?).

Like so many other books in the computer field, this one contains other flaws in the writing, such as semicolons used where commas are called for (e.g., page 5), and the mixing of singular and plural terms (e.g., page 28). However, its quality of writing is better than that of the majority of Packt Publishing's offerings.

Most of this book's screenshots are quite helpful, although a few might cause some confusion, mostly in that they do not reflect what the reader will see in her own installation. Consider only a handful of examples: An image field "Progress indicator" is mentioned (page 39), but not evident in any screenshot nor on the "Product image" edit page in my own installation. The screenshot on page 45 does not include the "Description" field that the reader is instructed to create, two pages earlier. A "Product: Tax code" field is shown (page 57), prior to any tax functionality being implemented in the narrative. The checkout web page is missing a field for an e-mail address (page 80). Alert readers will immediately wonder where in Drupal Commerce they would go to modify the billing fields, but that doesn't seem to be covered (but I could be mistaken).

One may level the charge that this book provides only the information needed to create a fairly simple e-commerce website. But that would be missing the point, because this book is not intended as an exhaustive exposition of the subject. Getting Started with Drupal Commerce is a valuable starting point for anyone interested in learning how to build online stores using Drupal 7.

Michael Ross is a freelance web developer and writer.

You can purchase Getting Started with Drupal Commerce from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Nick Kolakowski writes "Here are the lessons imparted by Dave Eggers' The Circle, his new novel about the rise of a fictional technology company clearly modeled on Google or Facebook: 1) Sharing content with people online is a poor substitute for having real-life experiences with, like, kayaking and family gatherings and drinking and stuff. 2) Unless stopped, companies that build social-networking tools will create increasingly intrusive software. 3) The only sure way to stay sane in our increasingly interconnected (Eggers would say over-connected) world is to drive at high speed off a bridge." Read below for the rest of Nick's review. The Circle author Dave Eggers pages 504 publisher Knopf rating 8/10 reviewer Nick Kolakowski ISBN 0385351399 (ISBN-10); 978-0385351393 (ISBN-13) summary Sharing content with people online is a poor substitute for having real-life experiences

The book's eponymous tech firm earns untold billions of dollars off the Unified Operating System, a portal through which virtually the entire world accesses the broader Web. The OS bans anonymous identities; all social information is posted out there for anyone to peruse; currencies such as Bitcoin have been discarded in favor of online banking accounts irrevocably linked to real identities. The Circle itself is headquartered in the Bay Area, on a playful campus that caters to its employees’ every material whim, so long as they're willing to work twenty-plus hours a day.

That the world would accept something like the Circle’s omnipresent software without debate, of course, is the most far-fetched of the book’s assumptions. But Eggers needs that exaggerated scenario to support his larger theme of how we’re slowly but surely letting our privacy slip away from us in exchange for digital baubles, and how online interactions—clicking "Likes," viewing posts—is an imperfect substitution for real life. As one of his characters (who acts as the doomed Voice of Reason) states early on:

“Judgments like ‘like’ and ‘dislike’ and ‘smiles’ and ‘frowns’ were limited to junior high. Someone would write a note and it would say, ‘Do you like unicorns and stickers?’ and you’d say, ‘Yeah, I like unicorns and stickers! Smile!’ That kind of thing. But now it’s not just junior high kids who do it, it’s everyone, and it seems to me sometimes that I’ve entered some inverted zone, some mirror world where the dorkiest shit in the world is completely dominant. The world has dorkified itself.”

The Circle’s employees, of course, have little problem with that world (until the end, of course, when another major character attempts to bring the whole system crashing down). Even if Eggers gets the technology wrong, in order to service his broader point, he perfectly nails the spirit of hubris and incessant self-congratulation that’s gripped many startups and tech behemoths in this era of easy VC money, huge app audiences, and massive acquisitions. That bit of software that makes all the world’s information easily accessible, he’s whispering in the background, is totally missing the point of what constitutes a real, lived-in existence.

In other words, The Circle isn’t much of a cautionary tale for the broader world, as no single commercial firm will ever (hopefully) eradicate our privacy to the degree that the company and its characters accomplish in the novel (although it’s clear that some tech giants will do their level best). But on another level, the text can still act as a cautionary tale to the current generation of developers and entrepreneurs” who think their software will effortlessly change the world for the better.

You can purchase The Circle from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) — to see your own review here, read the book review guidelines, then visit the submission page.

Sally Wiener Grotta and her husband Daniel wrote some of the first books and articles about digital photography. Sally was an award-winning photographer in film days, and has maintained her reputation in the digital imaging age. In this interview, she talks about how to buy a digital camera -- including the radical idea that most people really don't need to spend more than $200 to take quality photos. (We had some bandwidth problems while doing this remote interview, but the sound is clear so we decided to run it "as is" rather than try to remake the video and lose the original's spontaneity.)

benrothke writes "Of the books that author Pete Loshin has written in the past, a number of them are completely comprised of public domain information that he gathered. Titles such as Big book of Border Gateway Protocol (BGP) RFCs, Big Book of IPsec RFCs, Big Book of Lightweight Directory Access Protocol (LDAP) RFCs, and others, are simply bound copies of publicly available information. In two of his latest books, Practical Anonymity: Hiding in Plain Sight Online and Simple Steps to Data Encryption: A Practical Guide to Secure Computing, Loshin doesn't do the wholesale cut and paste like he did from the RFC books, but on the other side, doesn't offer much added information than the reader can get online." Read below for the rest of Ben's review. Simple Steps to Data Encryption: A Practical Guide to Secure Computing/ Practical Anonymity: Hiding in Plain Sight Online author Pete Loshin pages 86/ 128 publisher Syngress rating 1/10 reviewer Ben Rothke ISBN 978-0124114838/ 978-0124104044 summary Avoid these books. Use the free and better online documentation references The software tools detailed in the books are open source tools; and the open source community has done a fantastic job of not only making the software free, but creating documentation that is also free and rivals commercial technical guides.

Practical Anonymity is basically an overview of the basics of Tor. The truth is that all that it takes to use Tor is to download it and then click on Start Tor Browser. For those that want to read the manuals, the Tor documentation repository has detailed information that includes everything a user needs to know about using the product. The Tor site has numerous manuals, FAQ's and more. There is likely enough information there for about 98% of Tor and potential Tor users.

At 130 pages, the book is useful for those that want a hard copy to read on a bus or plane and for whatever reason, don't want to print out the references from the Tor site. Loshin does a decent job of presenting the topic, including why Tor is important, and who it could most benefit.

Tor was first released in 2002. But since it became known that the NSA was viewing data, Tor usage has doubled, as detailed in a recent Washington Post article.

One of the main drawbacks of Tor, as the book notes in chapter 2 (and also detailed in the Tor FAQ) is that Tor is slow; really slow. The FAQ notes that here are many reasons why the Tor network is currently slow. It is first off important to know that Tor is never going to be extremely fast. All Tor traffic is bouncing through volunteers computers in various parts of the world, and bottlenecks and network latency will always be present. The current Tor network is small compared to the number of people trying to use it, and Tor cant always handle file-sharing traffic load.

The book also spends a large amount of space detailing Tails, which is a Linux distro that can booted as a CD or on a USB. The benefit of Tails is that no trace of it will be left on the host it was run off of.

Like Tor, the Tails documentation repository has a large set of documents and FAQs covering all areas of the product. For those on a budget, this site has everything that they need to know about using Tails.

Practical Anonymity: Hiding in Plain Sight Online is a decent start for those who want to be more anonymous. It is far from a comprehensive guide, as using Tor is just the beginning to start being anonymous, but far from the only resource or method.

In Simple Steps to Data Encryption: A Practical Guide to Secure Computing, Loshin attempts to provide an overview of why you need encryption, and how to use it. The book barely succeeds at doing that, but there are certainly other titles that do it either more articulately or at least without charging for it. In addition, the book seems like it was rushed to print, and could have used a better technical editor.

In fact, the book starts with an overview of how to use GnuPG (Gnu Privacy Guard). And like Tor, there are numerous free references at the GnuPG documentation site that provide many useful references.

At $60 for the pair, the books provide little added value to the free online documentation. For those that want a bound hard copy of a book, these two titles may suit them. For other who want to save trees and their money, and get the same and improved information direct from the source, the respective documentation sites are but a click away.

Reviewed by Ben Rothke

You can purchase Simple Steps to Data Encryption: A Practical Guide to Secure Computing and Practical Anonymity: Hiding in Plain Sight Online from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "Of the books that author Pete Loshin has written in the past, a number of them are completely comprised of public domain information that he gathered. Titles such as Big book of Border Gateway Protocol (BGP) RFCs, Big Book of IPsec RFCs, Big Book of Lightweight Directory Access Protocol (LDAP) RFCs, and others, are simply bound copies of publicly available information. In two of his latest books, Practical Anonymity: Hiding in Plain Sight Online and Simple Steps to Data Encryption: A Practical Guide to Secure Computing, Loshin doesn't do the wholesale cut and paste like he did from the RFC books, but on the other side, doesn't offer much added information than the reader can get online." Read below for the rest of Ben's review. Simple Steps to Data Encryption: A Practical Guide to Secure Computing/ Practical Anonymity: Hiding in Plain Sight Online author Pete Loshin pages 86/ 128 publisher Syngress rating 1/10 reviewer Ben Rothke ISBN 978-0124114838/ 978-0124104044 summary Avoid these books. Use the free and better online documentation references The software tools detailed in the books are open source tools; and the open source community has done a fantastic job of not only making the software free, but creating documentation that is also free and rivals commercial technical guides.

Practical Anonymity is basically an overview of the basics of Tor. The truth is that all that it takes to use Tor is to download it and then click on Start Tor Browser. For those that want to read the manuals, the Tor documentation repository has detailed information that includes everything a user needs to know about using the product. The Tor site has numerous manuals, FAQ's and more. There is likely enough information there for about 98% of Tor and potential Tor users.

At 130 pages, the book is useful for those that want a hard copy to read on a bus or plane and for whatever reason, don't want to print out the references from the Tor site. Loshin does a decent job of presenting the topic, including why Tor is important, and who it could most benefit.

Tor was first released in 2002. But since it became known that the NSA was viewing data, Tor usage has doubled, as detailed in a recent Washington Post article.

One of the main drawbacks of Tor, as the book notes in chapter 2 (and also detailed in the Tor FAQ) is that Tor is slow; really slow. The FAQ notes that here are many reasons why the Tor network is currently slow. It is first off important to know that Tor is never going to be extremely fast. All Tor traffic is bouncing through volunteers computers in various parts of the world, and bottlenecks and network latency will always be present. The current Tor network is small compared to the number of people trying to use it, and Tor cant always handle file-sharing traffic load.

The book also spends a large amount of space detailing Tails, which is a Linux distro that can booted as a CD or on a USB. The benefit of Tails is that no trace of it will be left on the host it was run off of.

Like Tor, the Tails documentation repository has a large set of documents and FAQs covering all areas of the product. For those on a budget, this site has everything that they need to know about using Tails.

Practical Anonymity: Hiding in Plain Sight Online is a decent start for those who want to be more anonymous. It is far from a comprehensive guide, as using Tor is just the beginning to start being anonymous, but far from the only resource or method.

In Simple Steps to Data Encryption: A Practical Guide to Secure Computing, Loshin attempts to provide an overview of why you need encryption, and how to use it. The book barely succeeds at doing that, but there are certainly other titles that do it either more articulately or at least without charging for it. In addition, the book seems like it was rushed to print, and could have used a better technical editor.

In fact, the book starts with an overview of how to use GnuPG (Gnu Privacy Guard). And like Tor, there are numerous free references at the GnuPG documentation site that provide many useful references.

At $60 for the pair, the books provide little added value to the free online documentation. For those that want a bound hard copy of a book, these two titles may suit them. For other who want to save trees and their money, and get the same and improved information direct from the source, the respective documentation sites are but a click away.

Reviewed by Ben Rothke

You can purchase Simple Steps to Data Encryption: A Practical Guide to Secure Computing and Practical Anonymity: Hiding in Plain Sight Online from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

theodp writes "This week's NY Times Magazine cover story, We Like You So Much and Want to Know You Better, is an adaptation from The Circle, the soon-to-be-published novel by Dave Eggers which tells the tale of Mae Holland, a young woman who goes to work at an omnipotent technology company and gets sucked into a corporate culture that knows no distinction between work and life, public and private. The WSJ calls it a The Jungle for our own times. And while Eggers insists he wasn't thinking of any one particular company, the NYT excerpt evokes memories of Larry Page's you-will-be-social edict and suggests what the end-game for Google Glass might look like."

cartechboy writes "You knew the day was coming when they started selling diapers. Amazon is now dipping its toe into car sales by selling a single car: the 2014 Nissan Versa Note. Amazon users hit a real live Versa Note product page, but instead of "Add to cart" you provide your ZIP code so Amazon can connect you with a nearby Nissan dealer. The first 100 Versa Note customers whose car purchases are initiated through Amazon receive $1,000 Amazon gift cards. Best part: Customers who end up actually buying the Note *will* receive them via boxed home delivery. Now, that's a big box." (The linked article says that "some" customers will get their Versa boxed; maybe this is only if you specify gift wrapping.)

New submitter casab1anca writes "In classic Amazon fashion, without much fanfare, a bunch of new tablets just popped up on their homepage today. The new range, dubbed HDX, is available in the usual 8.9" and 7" versions, with improved hardware and software, but perhaps equally interesting is the revamped 7" Fire HD from last year, which goes for just $139 now." Compared to the Kindle Fire HD, the new models feature a jump in display density (216 PPI to 323 PPI for the 7" and 254 to 339 PPI for the 9"), a switch from a dual-core TI OMAP Cortex-A9 (at 1.2/1.5GHz) to a quad-core 2.2GHz Qualcomm Snapdragon, and a bump from 1G to 2G of RAM. On the software side, Android has been upgraded from 4.0 to 4.2.2 and Amazon added a few new features to their applications. Businessweek has an interview with Jeff Bezos running today too (starting a bit down the first page).

First time accepted submitter gbrambilla writes "A problem every system administrator has to face sooner or later is to improve the performance of the infrastructure that he administers. This is especially true if the infrastructure is a Citrix XenApp farm that publishes applications to the users, that starts complaining as soon as those applications become slow. A couple of weeks ago I was asked to publish a new ERP application and suddenly all the hosted applications started to suffer performance problems... after some basic tests I looked on Amazon for an help and found the book I'm reviewing: Citrix XenApp Performance Essentials, by Luca Dentella, is a practical guide that helps system administrators to identify bottlenecks, solve performance problems and optimize XenApp farms thanks to best-practices and real-world examples." Read below for the rest of gbrambilla's review. Citrix XenApp Performance Essentials author Luca Dentella pages 126 publisher Packt Publishing rating 8/10 reviewer gbrambilla ISBN 1782170448 summary A practical guide for tuning and optimizing the performance of XenApp farms using real-world examples A well-designed infrastructure may help to solve a lot of headaches when the infrastructure is in production... in chapter 1 the book explains the most important elements of a XenApp infrastructure (session-host servers, datastore servers, web interface servers...), their role, how they work together and how to correctly size them based on the number of users and applications that will be served. This chapter includes not only best practices from Citrix, but also precious suggestions that come from author's experience with real Citrix farms.

When a farm is in production and users start to connect and work with published applications, it's very important to monitor its performance: in chapter 2 Luca explains how to monitor it, from the basic Windows Performance counters to the use of advanced Citrix tools. XenApp offers several advanced settings (CPU Utilization Management, Memory Optimization, Load evaluators ...) to improve the performance: all these features are covered in the second half of this chapter, including the new ones of version 6.5.

A typical complaint about applications published by XenApp is that they start slowly... this is usually caused by slow session start-up. Chapter 3 teaches the most frequent causes of slowness and how to reduce the start-up time, including the use of the new features of XenApp 6.5 (Session Sharing and Lingering).

Multimedia applications are becoming more and more frequently published by XenApp farms, that's why Luca wrote a chapter, the fourth, to explain the technologies Citrix offers under the "HDX" brand and how you can take advantage of them for publishing video/audio/VoIP applications.

The last chapter is about remote users, i.e. users that connect to the farm using WAN (wide-area networks) connections. Citrix offers different optimizations and Citrix administrators can work together with network admins to improve the user-experience with the use of QoS, priorities... It's usually hard to understand how published applications work with slow, laggy links; Luca found an opensource tool, named WanEM, that can simulate every kind of links; in chapter 5 you'll also learn how to use it.

This book is not for people looking for a for dummies manual about Citrix XenApp: it won't teach you what is XenApp, how to install your first XenApp server or how to publish your first application. It's intended for intermediate-expert Citrix administrators that need a pratical, quick guide about an important task of their job: make sure the farms they administer work well. The first chapter is also a must read for all those IT Architects that are designing or planning a new installation: I've seen several projects fail or miss their business goals because of bad-designed architectures (presence of single point of failure, undersized servers...).

This book is also an interesting read for administrators courious about the new features of Citrix XenApp 6.5: some of them (for example session pre-launch) can be a significative improvement in your existing farm.

As the title suggest, this is not a huge book (about 130 pages), this means that not all the topics are deeply explained... sometimes you'll probably need the help of Google to find Citrix how-tos or docs to implement what is suggested: do not expect a step-by-step guide but a book that introduces many advanced features you can implement possibly with the help of Citrix manuals.

A special mention for chapter 5, maybe a good read with the help of a network colleague: it explains what Citrix can do to help the network guys to optimize the connection (Quality of Service, WAN scalers...) for remote users.

I was satisfied about this book and I think it's worth buying: I consider myself an "expert" system administrator but I must admit I didn't know some of the features explained in this book and I realized that I didn't fully understood others: for example Luca gives an excellent explanation about what is DLL collision, a problem that on Windows OSes can cause waste of RAM memory.

You can purchase Citrix XenApp Performance Essentials from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "It has been about 8 years since my friend Richard Bejtlich's (note, that was a full disclosure 'my friend') last book Extrusion Detection: Security Monitoring for Internal Intrusions came out. That and his other 2 books were heavy on technical analysis and real-word solutions. Some titles only start to cover ground after about 80 pages of introduction. With this highly informative and actionable book, you are already reviewing tcpdump output at page 16. In The Practice of Network Security Monitoring: Understanding Incident Detection and Response, Bejtlich takes the approach that your network will be attacked and breached. He observes that a critical part of your security posture must be that of network security monitoring (NSM), which is the collection and analysis of data to help you detect and respond to intrusions." Read below for the rest of Ben's review. The Practice of Network Security Monitoring: Understanding Incident Detection and Response author Richard Bejtlich pages 376 publisher No Starch Press rating 9/10 reviewer Ben Rothke ISBN 978-1593275099 summary Definitive guide to the new world of Network Security Monitoring (NSM) In this book, Bejtlich details how to design a NSM program from the initiation state. Being a big open source proponent, the book lists no proprietary tools and myriad open source solutions. The book is designed for system and security administrators, CIRT managers and analysts with a strong background in understanding threats, vulnerabilities and security log interpretation.

The book is about the inevitable, that attackers will get inside your network. While it's foreseeable they will get in, it's not inevitable that you have to be caught off-guard. For those who are serious about securing their network, this is an invaluable book that provides a unique and very workable model to create a fully-functioning NSM infrastructure.

The book is a hands-on guide to installing and configuring NSM tools. The reader who is comfortable using tools such as Wireshark, Nmap and the like will be quite at home here.

This is a book about how not to be surprised and its 13 chapters detail how to create and manage a NSM program, what to look for, and details myriad tools to use in the process.

The focus of the book is not on the planning and defense phases of the security cycle, hopefully, that is already in place in your organization, rather on the actions to take when handling systems that are already compromised or that are on the verge of being compromised, as detailed in the preface.

In chapter 1, the book details the difference between continuous monitoring(CM) and NSM; since their terms are similar and many people confuse the two. CM is big in the federal computing space and NIST provides an overview and definition of it here. The book notes that CM has almost nothing to do with NSM or even with trying to detect and respond to intrusions. NSM is threat-centric, meaning adversaries are the discussion of the NSM operation; while CM is vulnerability-centric; focusing on configuration and software weaknesses.

Also in chapter 1, Bejtlich asks the important question: is NSM legal? He writes that there is no easy answer to that questions and anyone using or deploying an NSM solution should first consult with their legal counsel; in order not to potentially violate the US Wiretap Act and other laws and regulations. This is especially true for those who are in European Union (EU) countries, as the EU places a high threshold on information security teams who want to monitor network traffic. Something as simple as running Wireshark on a corporate network in the US, would require court approval if done on an EU-based network.

One of the main NSM tools the book references and details is Security Onion (SO). SO is a Linux distro for IDS and NSM. Its based on Ubuntu and the distro contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner and many other useful security tools.

The book details and explains how use these tools in an NSM environment. An important point Bejtlich makes in chapter 9 regarding the tools, is that analysts need tools to find intruders. But methodology is more important than just software tools. Tools collect and interpret data, but methodology provides the conceptual model. He explains that CIRT analysts must understand how to use tools to achieve a particular goal, but it is imperative and important to start with a good operational model first, and then select tools to provide data supporting that model.

The book has a short discussion of how cloud computing effects NSM. In a nutshell, the cloud throws a monkey wrench into an NSM effort. For example, it is generally not an option for SaaS offerings since customers are limited to the back-end logs.

The book closes with the observation that NSM is not just about all the tools that the author spent over 300 pages discussing, rather it is more about the workflows, metrics and collaboration. Unfortunately, this title does not detail the necessary workflows for a NSM and it is hoped that the follow-up to this book will.

The only negative in the book is that as CSO of Mandiant, Bejtlich references his firm's products, mainly their MIR appliance for a CIRT. In the spirit of objectivity and not trying to have the book come across as marketing PR, if an author is going to mention a product their firm sells, they should also mention alternative solutions.

For those looking for a comprehensive guide on the topic of NSM, written by one of the experts in the field, The Practice of Network Security Monitoring: Understanding Incident Detection and Responseis an excellent reference that is certain to make the reader a better information security practitioner, and their network more secure.

Reviewed by Ben Rothke.

You can purchase The Practice of Network Security Monitoring: Understanding Incident Detection & Response from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Bennett Haselton writes: "The ongoing case of New York Times reporter James Risen -- whom the U.S. Department of Justice wants to force to testify against one of his sources for leaking classified CIA information -- brings up a more general question about the Fifth Amendment: Why are criminal defendants allowed to remain silent, but not third-party witnesses like Risen?" You'll find the rest of Bennett's story below.

In my last article about the Fifth Amendment, I tentatively made the argument that I couldn't see a principled reason why defendants should be able to refuse to answer the question of whether they committed the crime or not. My argument was that you're perfectly entitled to keep information private that is none of anybody's business -- you ought to be able to say, "It's none of your beeswax where I was on the night of the murder" -- however the fact of whether you committed the murder or not, is everybody's business, and I didn't see why the state shouldn't be able to make you choose between saying "Yes, I committed the murder," or "No, I didn't." (If you think the state would then try to convict you of lying if they were determined to railroad you, then my answer would be: If the state is going to railroad you anyway, they can convict you of the murder regardless of whether or not you say you're innocent, so that's not an argument in favor of the right to remain silent. I addressed this and several other counter-arguments in the original article.)

However, the argument I'm making this time is different. I'm saying that regardless of how you feel about the Fifth Amendment granting criminal defendants the right to remain silent, there's no consistent argument that would support giving defendants the right to remain silent, that should not also apply to third-party witnesses.

Here's the basic paradox: Suppose Bob may have committed a crime, and Alice is known not to be an accomplice but appears to have been a witness. If the courts ask both Bob and Alice the same question -- "Did Bob do it?" -- and both of them refuse to answer, then Bob's right to remain silent is protected under the Fifth Amendment, but Alice can be sent to jail -- despite the fact that Bob may have been guilty, but Alice is innocent! To me, that sounds crazy. (As explained at Findlaw and elsewhere, generally third-party witnesses can be required to testify in a way that defendants cannot. Witnesses can only plead the Fifth Amendment right against self-incrimination if they believe that by answering they could incriminate themselves. If it's generally agreed that a person is a third-party witness who was not guilty of any wrongdoing themselves, they can be forced to answer.)

In my first article arguing that defendants should not have the right to refuse to answer "Yes" or "No" as to whether they committed a murder, I wasn't sure of the conclusion, and I invited readers to submit arguments as to why I was wrong (I called the article "Seeking Fifth Amendment Defenders", after all, not "Let's Abolish The Fifth Amendment"). I'm still weighing the arguments coming in, and haven't decided what I believe. However, I'm more sure about the point I'm making this time: that there's no principled, consistent reason to give defendants the right to remain silent but not third-party witnesses. This is after talking to multiple lawyers, law students, and law enforcement officers and asking for any argument to the contrary.

There are two counter-arguments that I've received multiple times, that deserve a response:

• "The defendant's rights as a presumed-innocent citizen have to be protected until they're actually convicted." This is absolutely an important principle in a free society, but generally those "rights" refer to rights that free people have as well, and that are preserved even if you've been arrested -- for example, the right to free speech and the right to be presumed innocent, are all rights that the general public enjoys as well. Insofar as the Fifth Amendment says you have the right to refuse to answer questions about the particular incident that got you arrested, that's a right that innocent third-party witnesses don't have. Even in the most progressive societies, generally speaking criminal defendants don't get more rights than the public. Why should they get that special right in this case? Maybe there's an argument why, but you'd have to at least make that argument.

  So all the talk about protecting the rights of a criminal defendant, is valid, but it misses the point: Why shouldn't we also give the same rights to a third-party witness who we know is innocent?

• "It would be very difficult to prosecute many cases without compelling testimony from third-party witnesses." This is true -- particularly in the cases of reporters like Risen, who refuse to divulge their sources' identities, so all you have is the option of compelling the reporter to testify, when you don't even know the defendant's identity yet.

  However, that's really an argument that if you had to choose between having the ability to force defendants to testify, and having the ability to force third-party witnesses to testify, you would choose the ability to question third-party witnesses, simply because there are often more of them and sometimes they're available even when the defendant isn't. But that's not an answer to my question, which is: Is there an argument from moral or legal principles as to why the defendant is allowed to remain silent but third-party witnesses are not? Obviously, we don't actually have to choose between requiring defendants to answer and requiring third-party witnesses to answer. If we place more importance on giving courts the power to gather information, we should empower them to question third-party witnesses -- but wouldn't that argument also apply to requiring answers from the defendant? On the other hand, if we place more importance on individual liberty, we could grant the right to remain silent to defendants who are presumed innocent -- but shouldn't we grant that same right to third-party witnesses that we know are innocent?

  The argument that "it would be too inconvenient to prosecute cases if we couldn't require answers from third-party witnesses", is a bit like saying that if we had to choose between the courts having the power to force Eskimos to testify, and having the power to force non-Eskimos to testify, we would choose having the power to force non-Eskimos to testify, just because there are more of them. But obviously that's not a principled argument as to why we should be able to require answers from non-Eskimos but not from Eskimos.

Of course, many people's sympathy for James Risen might stem not from the fact that he's a third-party witness (to the crime of leaking information), but from the fact that his supporters are sympathetic to the cause of the anonymous leaker, who was exposing what he believed was a corrupt government. (Risen's book is subtitled "The Explosive Book on the Abuse of Power of the Bush Administration", always a way to get fans.) If James Risen knew the identity of someone who had raped and killed a child, but had gone to jail for refusing to name the suspect, probably a lot fewer people would be hailing him as a hero. But that hypothetical just makes the argument from the opposite direction: If we instinctively feel that third-party witnesses to a murder can be forced to answer questions about what they saw, why can't we make a suspect (who is, after all, a special case of a "potential witness") answer questions about what they know as well?

Our courts' current stance on the "right to remain silent" -- that it can be claimed by criminal defendants, but not by innocent third-party witnesses -- seems so absurd to me that I'm going to go out on a limb and say that I think it's an example of groupthink, an assumption that we accept because we're immersed in it, but that few people would ever come up with on their own if they were working from first principles about balancing liberty vs. the rights of the state.

Here's what I mean by that: Suppose you had been raised in a world that was identical to our own, except that our rights under the Fifth Amendment were inverted, so that innocent third-party witnesses could refuse to answer questions, but criminal defendants could at least be required to answer "Yes" or "No" as to whether they committed the crime. My hunch is that that, instead, would seem natural and sensible. You wouldn't scratch your head and say, "Wait, that seems wrong -- it should be the defendants who should have the right to remain silent, not the innocent witnesses."

By contrast, suppose you had been raised in the world that was identical to ours, except that portions of the First Amendment were inverted -- so that we could write any political arguments that we wanted to, but the government demanded prior approval of any fictional stories that we wanted to publish. I would hope that to many people, this would seem like a nagging contradiction, and over time more and more people would point out this inherent hypocrisy and call for restrictions on political thought to be abolished. That's because I think the First Amendment guarantee of free speech is something that can be derived from first principles about individual liberty -- if you want to write something and someone else wants to read it, and neither of you is harming anyone else in the process, it should be nobody else's business, period, full stop. And I just don't see a compelling argument from first principles in support of our current interpretation of the Fifth Amendment -- that we can make third-party witnesses answer questions, but not require the same of a criminal defendant.

Regardless, a court has already ruled that James Risen can be made to testify, and barring a successful appeal, he may choose to go to jail rather than reveal his source. The judge writing the ruling against Risen made an interesting slip-up, though, when he wrote:

The reporter must appear and give testimony just as every other citizen must.

But of course "every other citizen" does not have to give testimony -- if the defendant is ever identified, they won't have to. And that's the inconsistency that I find hard to explain.

benrothke writes "Little did anyone know that when the first Hacking Exposed book came out over 15 years ago, that it would launch a set of sequels on topics from Windows, Linux, web development, to virtualization and cloud computing, and much more. In 2013, the newest edition is Hacking Exposed Mobile Security Secrets & Solutions. In this edition, authors Neil Bergman, Mike Stanfield, Jason Rouse & Joel Scambray provide an extremely detailed overview of the security and privacy issues around mobile devices. The authors have heaps of experience in the topics and bring that to every chapter." Read below for the rest of Ben's review. Hacking Exposed Mobile Security Secrets & Solutions author Neil Bergman, Mike Stanfield, Jason Rouse & Joel Scambray pages 320 publisher McGraw-Hill Osborne Media rating 9/10 reviewer Ben Rothke ISBN 978-0071817011 summary Excellent resource to understand current mobile security threats The power of mobile devices can be understood by the fact that this book came out in July 2013, and just last week, Steve Ballmer announced that he will step down as Microsoft CEO. While mobile has spelled the doom to Ballmer's career and Microsoft's bottom line, mobile has the Apple brand relevant again, and extremely dominant. More of a concern is that mobile is the new avenue of security attacks for a new generation of attackers.

The book provides a great overview of the new threats created by mobile devices. Like the other books in the series, it provides an overview of the issues, shows how attackers will use vulnerabilities to compromise and exploit mobile devices, in addition to showing you how to secure your mobile devices and enterprise mobile platforms against these threats.

One of difference between this book and other Hacking Exposed titles, especially the Windows editions, is that this has a dearth of script kiddie tools. This is due to the fact that such tools don't exist so much for the mobile platforms.

The 9 chapters in the book provide a comprehensive and meticulous synopsis of all of the core areas around security and privacy concerns about mobile computing.

The first two chapters provide a thorough analysis of the mobile risk ecosystem and how the cellular networks operate.

One of the major risks detailed in chapter 1 is that of physical risks. When data resides in physical data centers, a company can have some semblance of assurance of security given the data has multiple layers of physical controls in an enterprise data center or colocation. The authors note that physical access to mobile devices is difficult to defend against for very long, and the entire phenomenon of rooting and jailbreaking certainly proves this.

They also write that they have yet to find a mobile application that they could not defeat when given physical access, including defeating the mobile device management software.

The book astutely notes that if your mobile risk model assumes that information can be securely stored indefinitely on a physical mobile device, then you are starting with a false assumption. The entire book is based on the assumption of an attacker gaining control of the mobile device. To compensate for that, the book provides the requisite countermeasures.

Another bit of sagacious advice in the book is ensuring your developers, and those you outsource your development to, understand the specific risks and vulnerabilities around mobile apps. It is crucial that all programmers developing mobile apps be sufficiently trained in how to write secure mobile apps.

Chapter 3 details iOS, the Apple mobile operating system. An interesting part of the chapter is on how to jailbreak Apple devices. But the authors also note that there are pros and cons to jailbreaking. The main negative is that you expose yourself to a variety of attack vectors that could lead to a complete compromise of the device. A non-jailbroken device obviates that in most cases given the security controls in place.

The book also sheds light on the fact that even those iOS is a closed system with less threat vectors, it is still far from perfect. The Apple App Store, even with its security controls, is far from impervious to attack. The chapter tells the story of a few malicious apps that slipped past security reviews and found themselves on the Apple App Store. While these malicious apps were later removed, they will there long enough to cause damage.

While the book provides ample evidence of the risk and vulnerabilities around mobile devices, it is rich in appropriate countermeasures and methods to compensate for these. The chapters on iOS and Android provide myriad ways in which to secure the devices. Chapter 8 on mobile development security details a framework in which to secure mobile devices. This framework includes requirements from secure communications, effective authentication, preventing information leakage, to platform controls and more.

Appendix A contains a checklist of options that end-users can use to ensure the security of their private data and sensitive information stored on their mobile devices.

Appendix B is a mobile application penetration testing toolkit for performing security assessment of mobile technologies.

The press is full of stories of how the demise of Microsoft is directly related to their misreading the mobile market. The public has responded to buying mobile devices in the billions, and attackers who not so long ago wrote exploits for Windows, are now putting their efforts into iOS and Android. The message is clear, mobile apps need to be written with security in mind and the mobile devices need to be secured.

For those looking for an understanding of current mobile security threats and how to counter them, Hacking Exposed Mobile Security Secrets & Solutions is a uniquely good book.

Reviewed by Ben Rothke

You can purchase Hacking Exposed Mobile Security Secrets & Solutions from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Nerval's Lobster writes "When Ars Technica editor Nate Anderson sat down to write The Internet Police, Edward Snowden hadn't yet decided to add some excitement to the National Security Agency's summer by leaking a trove of surveillance secrets to The Guardian. As a result, Anderson's book doesn't mention Snowden's escapade, which will likely become the security-and-paranoia story of the year, if not the decade. For anyone unaware of the vast issues highlighted by Snowden's leak, however, The Internet Police is a handy guide to the slow and unstoppable rise of the online security state, as well as the libertarian and criminal elements that have done their level best to counter that surveillance." Read below for the rest of Nerval's Lobster's review. The Internet Police: How Crime Went Online, and the Cops Followed author Nate Anderson pages 320 pages publisher W. W. Norton & Company rating 8/10 reviewer Nerval's Lobster ISBN 0393062988 summary How criminals continue to find digital and legal loopholes even as police hurry to cinch them closed. Anderson starts off his book in 2000, with an exploration of HavenCo. The people behind HavenCo had a fascinating idea: build a datacenter on a rusting naval fort in the North Sea, and use it to hold data for customers concerned about the government sniffing around. But the company's dream of constructing a "true libertarian paradise" eventually sank, thanks to a toxic combination of infighting and infrastructure challenges.

HavenCo was an early entrant in a longtime attempt to place a large swath of the Web beyond the reach of governments and corporations, and it definitely wasn't the last: from Silk Road to MegaUpload, the properties dedicated to a "liberated Net" have proliferated in recent years. Some people founded such sites out of high principle; others for the LULZ; and many because they simply wanted to download movies and music and possibly highly illegal drugs for free.

Anderson does an excellent job of tracing the push-and-pull between these Websites and various government and corporate entities. People form peer-to-peer networks to swap copyrighted content, and corporations sue to shut them down; others set up networks to trade pornography or drugs, and law-enforcement agencies unleash all sorts of surveillance tools to track down the perpetrators; spam networks rise, and governments pass legislation (boosted by corporations) to nuke them off the Web, with varying degrees of success. These attempts at control usually prove successful, at least until new and improved versions of those Websites rise from the smoking ruins of the old.

To his credit, Anderson wears his journalist hat to the proceedings, never tipping his sympathies to one side or the other. He acknowledges that government and law enforcement really do want to keep people safe above all else, even as certain legislatures and police departments run roughshod over citizens' privacy; he also details how many software creators built their security and privacy tools out of a genuine desire for people to have as much freedom as possible online, only to watch as criminals and others twisted those tools to their own nefarious ends.

Anderson's conclusion is that society needs an Internet police in order to keep some degree of peace, but that "we need to keep a close eye on them." In this post-Snowden era, when it seems increasingly clear that governments have the ability to monitor virtually every single aspect of our electronic lives, this bit of advice seems more important than ever.

You can purchase The Internet Police: How Crime Went Online, and the Cops Followed from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

New submitter Galaga88 writes "In what is probably another attempt to evade charging sales tax, Amazon's terms of use through Warehouse Deals forbids crossing state lines with certain rented textbooks. The penalty for doing so? Retroactive forced purchase of the book. At least it's yours to keep afterwards. 'Some experts believe the policy is another reflection of the extreme lengths to which the company continues to go in order to avoid collecting state sales taxes. But could Amazon’s use restriction and other complicated rental conditions cause problems for students or lead potential textbook renters to take their business elsewhere? It seems like a policy that would be nearly impossible to enforce. But Richard Hershman, vice president of government relations at the National Association of College Stores, points out that if a student has textbooks sent to her home state and ships them back from a different state where she attends college, Amazon could easily note the new shipping location.'"

New submitter Galaga88 writes "In what is probably another attempt to evade charging sales tax, Amazon's terms of use through Warehouse Deals forbids crossing state lines with certain rented textbooks. The penalty for doing so? Retroactive forced purchase of the book. At least it's yours to keep afterwards. 'Some experts believe the policy is another reflection of the extreme lengths to which the company continues to go in order to avoid collecting state sales taxes. But could Amazon’s use restriction and other complicated rental conditions cause problems for students or lead potential textbook renters to take their business elsewhere? It seems like a policy that would be nearly impossible to enforce. But Richard Hershman, vice president of government relations at the National Association of College Stores, points out that if a student has textbooks sent to her home state and ships them back from a different state where she attends college, Amazon could easily note the new shipping location.'"

An anonymous reader writes "Amazon's just created a new web page where they're officially acknowledging fake reviews posted by their customers — and they've even selected their own favorites . ('I was very disappointed to have my uranium confiscated at the airport. It was a gift for my son for his birthday. Also, I'm in prison now, so that's not good either...') On the front page of Amazon, in big orange letters, Amazon posted 'You guys are really funny.'And then — next to a funny picture of a rubber horse head mask — Amazon's linked to a list of some of the very best satirical reviews their customers have submitted over the years, noting fondly that 'occasionally customer creativity goes off the charts in the best possible way...'"

benrothke writes "Diet books are literally a dime a dozen. They generally benefit only the author, publisher and Amazon, leaving the reader frustrated and bloated. With a failure rate of over 99%, diet books are the epitome of a sucker born every minute. One of the few diet books that can offer change you can believe in is The Healthy Programmer: Get Fit, Feel Better, and Keep Coding. Author Joe Kutner observes that nearly every popular diet fails and the reason is that they are based on the premise of a quick fix without focusing on the long-term core issues. It is inevitable that these diets will fail and the dieters at heart know that. It is simply that they are taking the wrong approach. This book is about the right approach; namely a slow one. With all of the failed diet books, Kutner is one of the few that has gotten it right." Keep reading for the rest of Ben's review. The Healthy Programmer: Get Fit, Feel Better, and Keep Coding author Joe Kutner pages 220 publisher Pragmatic Bookshelf rating 9/10 reviewer Ben Rothke ISBN 978-1937785314 summary A diet and lifestyle guide that works for all, not just for programmers. While the title of the book says it's for programmers, it is germane to anyone whose job requires them to be at a desk for extended amounts of time.

Kutner is himself a programmer who builds Ruby and Rails applications, and a former college athlete and Army Reserve physical fitness trainer.

The book focuses on two areas that require change: regular exercise and proper nutrition; and it details the steps necessary to create a balanced lifestyle.

While popular diet books require rapid and major lifestyle changes and promise quick weight-loss, the book notes that small changes to your habits can provide the long-term effects that can improve your health. The book focuses on incremental changes and sustainability, not about losing x pounds in x weeks.

The book is different (read: effective) as opposed to other diet and lifestyle books, in that its goal is to make your healthy lifestyle pragmatic, attainable, and fun. It is only with those aspects that long-term change be possible.

As to programmers, Kutner writes that programming requires intense concentration that often causes them to neglect other aspects of their lives; the most common of which is their health. People's bodies have not evolved to accommodate a lifestyle of sitting and there are many negative health effects from it.

The book takes a start small approach, rather than one of drastic changes. In chapter 2, it notes the myriad benefits of walking. It states that walking is a powerful activity that can stimulate creative thinking (a required trait for a good programmer) and is a great way to bootstrap your health. The chapter details the ways in which a few short walks during the day can have a dramatic positive effect on your life.

Chapter 3 is about the dangers of chairs and sitting for long periods of time. It details a number of ways to counter the dangers of sitting. It also notes that while sometimes you simply can't get away from your chair, and when that happens, you can make sitting less dangerous by forcing your muscles to contract without even getting up. It then details a number of different calisthenics to use to do this.

Chapter 4 – Agile Dieting — is perhaps the best part of the book. It details how to fight the real causes of weight gain and details proven solutions that work. That chapter repeatedly uses terms like iterative, sustainable, slow to show what it really takes to lose weight and achieve a healthy lifestyle.

Kutner notes that most of the popular fad diets are idiosyncratic and unbalanced. They will provide short-term benefits, but ultimately fail miserably. The chapter quotes research data on what needs to be in a balanced diet. It then notes that almost every fad diet violates those needs. Nutrition needs to be rounded and well-balanced and the fad diets for that reason will only work in the short term.

This book is everything the fad diet books are not and this is most manifest in chapter 4 where Kutner writes one should cut calories slowly. This is based on research which shows that quick drastic weight loss is counterproductive. While the fad diets talk about drastic caloric changes, Kutner suggests dropping your intake slower, about 100 calories every two weeks until you get you your targeted caloric intake level.

While much of the book is on fitness and nutrition, it takes a complete body approach. Chapter 5 details the importance of eye health. This is an important topic since the average programmer spends much of their week behind a monitor.

Kutner writes about computer vision syndrome (CVS); an eye condition resulting from focusing the eyes on a monitor for extended amounts of time. Symptoms of CVS include headaches, blurred vision, neck pain, redness in the eyes, fatigue, eye strain, dry eyes, irritated eyes, double vision, vertigo/dizziness, polyopia, and difficulty refocusing the eyes. The book also details methods in which to minimize the effects of CVS, and how not to become a victim of it. Kutner writes that CVS is what most programmers refer to as life. But it does not have to be that way.

The rest of the book covers other physical ailments that plague programmers. This runs the gamut from headaches, backaches, wrist problem, carpel tunnel, head strain and much more. Most of these problems can be obviated if one follows proper ergonomics practices and employs some of the physical conditioning detailed in the book.

Another theme of the book is using goals as an impetus for change. The book lists 16 goals which can be used as a progressive framework to improve your health. These goals include buying a pedometer, finding your resting heart rate, getting a negative result on Reverse Phalens test and other lifestyle changes.

Given the preponderance of obesity, diabetes and other maladies associated with a sedentary lifestyle, this may be one of the most important non-programming books that every developer should read and take to heart.

The book has hundreds of bits of excellent advice and subtle lifestyle suggestions that over time can make a significant difference to your health.

The author has a web site and an iPhone app that can be referenced for additional help. The book is full of sage and pragmatic advice. It has no celebrity endorsement, no gimmicks or false claims; meaning it has a high chance of working.

The book concludes with the observation that programmers often say the hardest part of software development begins when a product is released. The real work, maintenance, continues on, much like your health. You must sustain a stat of wellness for the rest of your life, and you need to continue setting goals, iterating and making small improvements.

For many programmers, they love their job but not the lifestyle problems that come with it. For the programmer that wants the challenges of the professional and the benefits of a healthy lifestyle, The Healthy Programmer: Get Fit, Feel Better, and Keep Coding, may be a life changing book, and should find its rightful place on every programmer's desk.

Reviewed by Ben Rothke.

You can purchase The Healthy Programmer: Get Fit, Feel Better, and Keep Coding from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "SlideShareis a free web 2.0 based slide hosting service where users can upload presentation-based files. Launched in October 2006, it's considered to be similar to YouTube, but for slideshows. It was originally meant to be used for businesses to share slides among employees more easily, but it has since expanded to also become a host of a large number of slides which are uploaded merely to entertain. SlideShare gets an estimated 58 million unique visitors a month and has about 16 million registered users. With such a strong user base, authors Kit Seeborg and Andrea Meyer write in Present Yourself: Using SlideShare to Grow Your Business how SlideShare users can use the site (including other similar collaborative sites such as Prezi and Scribd) to present their story to a worldwide audience. Given that visual presentations are the new language of business, understanding how to maximize their potential can be a valuable asset for the entrepreneur, job seeker and everyone in between." Read below for the rest of Ben's review. Present Yourself - Using SlideShare to Grow Your Business author Kit Seeborg and Andrea Meye pages 224 publisher OReilly Media rating 9/10 reviewer Ben Rothke ISBN 978-1-4493-4236-4 summary Great resource for maximizing the use of SlideShare and your online presentation presence The truth is a book on SlideShare alone would need no more than 15 pages (20 pages if you include the Pro edition). How difficult is it to upload a PowerPoint? As an aside, there is a huge market for publishing freely available content. Check out Emereo Publisherson Amazon. They have mastered the art of taking free Wikipedia content and charging for it. Enough digression – in this valuable book – the authors show not only how to use the product, but how to maximize its use.

Throughout the book, the authors quote liberally from science and research on the power of visualization. With that lies the inherent power of SlideShare, as humans like images and think more efficiently when they use them. The authors quote a study which shows that when carrying out routine office tasks, if the data is displayed more visually (such as through visual maps), individuals are 17% more productive and need to use 20% fewer mental resources. As to the saying that a picture is worth a thousand words; the authors show that it has a basis in biological fact.

The book is worth it just for the sage advice in the quote at the beginning of chapter 3 where Nancy Duarte, author of slide:ology: The Art and Science of Creating Great Presentations states about presentations, that "they didn't come to your presentation to see you. They came to find out what you can do for them. Success means giving them a reason for taking their time, providing content that resonates, and ensures it's clear what they are to do". Using Duarte's call to arms with the guidance in the book can hopefully start a meaningful change in how data is presented.

As to the presentation itself, the book notes that the presenter of today has a huge challenge in keeping the audience engaged. Anyone who has presently recently knows that many, often a majority of the audience will be distracted by their smartphones, Twitter, Facebook, Angry Birds and more. With that, presenters must put in extra effort to compete for the mindshare of a distracted audience. The book shows you how to overcome such obstacles and suggests that one way to win more audience attention is to include engaging visual slides with your presentation and show them intermittently instead of in parallel with your talk.

Throughout the book, it is clear that the authors are passionate about the topic and it lists many resources and uses to make presentation much more effective. The book has numerous real-world examples of such users. One is Adam Tratt of Haiku Deck; a free presentation app for the iPad that makes presentations simple, beautiful, and fun.

Another example is that of Jeremiah Owyang of the Altimeter Group, a research and advisory firm whose reports consistently rank in the top 100 most viewed documents on SlideShare. The amazing thing about their research, which competing firms charge thousands of dollars for, is that it is all free on SlideShare. The example also shows how they use SlideShare Pro for the secure creation of the reports. They view this model of open research as a core asset that has served the firm well, establishing its credibility and reputation as a trusted resource

While the book has business in its title, it still has significant relevance for end-users, specifically in chapter 7. There it details how you can use SlideShare to further your career and find a job. This is crucial regardless of your profession and industry, in that while the traditional resume is still alive and well, the ability to place your experience on-line opens up new horizons. A full professional presence requires both a paper resume and an online presence.

The chapter notes that a comprehensive online presence, especially with a compete profile on LinkedIn, is forty times more likely to receive job opportunities. The authors note that even if a person is not a presenter, there are things they can do on SlideShare to highlight themselves; including a presentation that serves as a visual resume of their career, a portfolio presentation that displays their creative work and more. Even for those who are not speakers, the authors recommend that the serious job searcher consider public speaking as part of their career strategy,

For those that want to take a look, the first chapter of the book is available here. Not surprisingly, it is on SlideShare.

For those that want to learn everything about SlideShare, from the mundane of adding a SlideShare widget to your website, sharing your presentation across social platforms, sharing your content, collaboration, finding a more rewarding job and much more, Present Yourself: Using SlideShare to Grow Your Business is a great resource.

Reviewed by Ben Rothke

You can purchase Present Yourself - Using SlideShare to Grow Your Business from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "SlideShareis a free web 2.0 based slide hosting service where users can upload presentation-based files. Launched in October 2006, it's considered to be similar to YouTube, but for slideshows. It was originally meant to be used for businesses to share slides among employees more easily, but it has since expanded to also become a host of a large number of slides which are uploaded merely to entertain. SlideShare gets an estimated 58 million unique visitors a month and has about 16 million registered users. With such a strong user base, authors Kit Seeborg and Andrea Meyer write in Present Yourself: Using SlideShare to Grow Your Business how SlideShare users can use the site (including other similar collaborative sites such as Prezi and Scribd) to present their story to a worldwide audience. Given that visual presentations are the new language of business, understanding how to maximize their potential can be a valuable asset for the entrepreneur, job seeker and everyone in between." Read below for the rest of Ben's review. Present Yourself - Using SlideShare to Grow Your Business author Kit Seeborg and Andrea Meye pages 224 publisher OReilly Media rating 9/10 reviewer Ben Rothke ISBN 978-1-4493-4236-4 summary Great resource for maximizing the use of SlideShare and your online presentation presence The truth is a book on SlideShare alone would need no more than 15 pages (20 pages if you include the Pro edition). How difficult is it to upload a PowerPoint? As an aside, there is a huge market for publishing freely available content. Check out Emereo Publisherson Amazon. They have mastered the art of taking free Wikipedia content and charging for it. Enough digression – in this valuable book – the authors show not only how to use the product, but how to maximize its use.

Throughout the book, the authors quote liberally from science and research on the power of visualization. With that lies the inherent power of SlideShare, as humans like images and think more efficiently when they use them. The authors quote a study which shows that when carrying out routine office tasks, if the data is displayed more visually (such as through visual maps), individuals are 17% more productive and need to use 20% fewer mental resources. As to the saying that a picture is worth a thousand words; the authors show that it has a basis in biological fact.

The book is worth it just for the sage advice in the quote at the beginning of chapter 3 where Nancy Duarte, author of slide:ology: The Art and Science of Creating Great Presentations states about presentations, that "they didn't come to your presentation to see you. They came to find out what you can do for them. Success means giving them a reason for taking their time, providing content that resonates, and ensures it's clear what they are to do". Using Duarte's call to arms with the guidance in the book can hopefully start a meaningful change in how data is presented.

As to the presentation itself, the book notes that the presenter of today has a huge challenge in keeping the audience engaged. Anyone who has presently recently knows that many, often a majority of the audience will be distracted by their smartphones, Twitter, Facebook, Angry Birds and more. With that, presenters must put in extra effort to compete for the mindshare of a distracted audience. The book shows you how to overcome such obstacles and suggests that one way to win more audience attention is to include engaging visual slides with your presentation and show them intermittently instead of in parallel with your talk.

Throughout the book, it is clear that the authors are passionate about the topic and it lists many resources and uses to make presentation much more effective. The book has numerous real-world examples of such users. One is Adam Tratt of Haiku Deck; a free presentation app for the iPad that makes presentations simple, beautiful, and fun.

Another example is that of Jeremiah Owyang of the Altimeter Group, a research and advisory firm whose reports consistently rank in the top 100 most viewed documents on SlideShare. The amazing thing about their research, which competing firms charge thousands of dollars for, is that it is all free on SlideShare. The example also shows how they use SlideShare Pro for the secure creation of the reports. They view this model of open research as a core asset that has served the firm well, establishing its credibility and reputation as a trusted resource

While the book has business in its title, it still has significant relevance for end-users, specifically in chapter 7. There it details how you can use SlideShare to further your career and find a job. This is crucial regardless of your profession and industry, in that while the traditional resume is still alive and well, the ability to place your experience on-line opens up new horizons. A full professional presence requires both a paper resume and an online presence.

The chapter notes that a comprehensive online presence, especially with a compete profile on LinkedIn, is forty times more likely to receive job opportunities. The authors note that even if a person is not a presenter, there are things they can do on SlideShare to highlight themselves; including a presentation that serves as a visual resume of their career, a portfolio presentation that displays their creative work and more. Even for those who are not speakers, the authors recommend that the serious job searcher consider public speaking as part of their career strategy,

For those that want to take a look, the first chapter of the book is available here. Not surprisingly, it is on SlideShare.

For those that want to learn everything about SlideShare, from the mundane of adding a SlideShare widget to your website, sharing your presentation across social platforms, sharing your content, collaboration, finding a more rewarding job and much more, Present Yourself: Using SlideShare to Grow Your Business is a great resource.

Reviewed by Ben Rothke

You can purchase Present Yourself - Using SlideShare to Grow Your Business from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "Long time /. member maynard has written one of the most obsessively detailed and extensive analyses of Stanley Kubrick's classic 2001: A Space Odyssey seen in some time. At more than 22,000 words, it contains still images, film clips, musical score selections and copious references, including by Piers Bizony, author of Filming the Future, Nietzsche, Foucault, Freud, and film theorists like Bazin, Kracauer and Zizek. It's already gained some notoriety, having been retweeted by Nicholas Jackson, former editor of the Atlantic Monthly and Slate. Anyone who loves the film or SF in general should find this an amazing read!" I don't know whether it can topple my all-time favorite analysis of 2001, Leonard F. Wheat's Kubrick's 2001: A Triple Allegory .

We've already done two video interviews with Peter Wayner. Third time being the charm, his latest book, Future Ride, is now out and available for purchase. If you've followed and possibly even enjoyed this string of interviews with Peter, Future Ride might be valuable reading material for you. It's what I call a "futureproofing" book, and in today's fast-changing world being prepared for tomorrow -- even just in the sense of thinking about the many ways our society might change if our cars and trucks drive themselves -- is valuable for business and career reasons, aside from the sheer joy of speculating about what the future may hold.

Michael Ross writes "Of all the computer programming languages, JavaScript may be enjoying the most unprecedented renaissance ever. Once derided as a toy language suitable only for spawning bothersome popups in browser windows, JavaScript is rapidly developing into a first-choice web technology on both the client side and the server side. One way to get started learning this ubiquitous language is the book Eloquent JavaScript: A Modern Introduction to Programming." Read below for the rest of Michael's review. Eloquent JavaScript: A Modern Introduction to Programming author Marijn Haverbeke pages 224 publisher No Starch Press rating 9/10 reviewer Michael Ross ISBN 978-1593272821 summary A concise and lighthearted tutorial on this popular web programming language. Written by Marijn Haverbeke, the book was published by No Starch Press on 3 February 2011, under the ISBN 978-1593272821. On the publisher's page for the book, visitors will find the table of contents and some reviews. (My thanks to the publisher for a review copy.) The author's book website offers much more, including HTML versions of the book (whose content differ from the print edition), errata (applicable only to the first printing of the paper edition), and an interactive code sandbox where you can run the examples (or at least some of them).

At a slender 224 pages, this volume might at first glance appear inadequate for covering such a sizable and rich language as JavaScript — and yet the table of contents suggests otherwise, with a dozen chapters covering language basics, functions, objects, arrays, error handling, functional programming, object-oriented programming, modularity, regular expressions, web programming, the DOM, browser events, and HTTP requests. In addition, readers may be reminded of how much information Kernighan and Ritchie were able to pack into the 228 pages of the first edition of their classic The C Programming Language.

Following a pleasant introduction, the first three chapters present the basics of JavaScript. In the first one, the author presents the language's fundamental grammar, specifically: values, data types, arithmetic operators, expressions, variables, control statements, the JavaScript environment, and program structure. The material assumes no prior knowledge of computer programming or even data representation.

In the second chapter, the author does a thorough job of explicating all aspects of functions, including definition form and order, variable scope, arguments, the call stack, closure, and other topics. The subsequent chapter addresses an area important to any programming language, namely, data structures — which in JavaScript are of two varieties, objects and arrays. The author illustrates some best practices, such as modularizing code.

Most programming books underemphasize or even completely neglect the critical topic of error handling, and thus it is encouraging to see the author of this book address it, as early as Chapter 4. He focuses on exception handling, and also touches upon the value of unit testing (incorrectly termed "automated testing"). The subsequent chapter describes functional programming, which is not to be confused with procedural programming, but rather refers to combining functions in order to achieve higher levels of abstraction in one's code, thereby reducing its size and better exposing its functionality amidst the syntactical clutter. One apparent technical flaw is the claim that, in HTML documents, the special characters <, >, and & always must be replaced by their entity values, even when surrounded by whitespace characters (page 78). (Incidentally, any book that mentions the KGS Go Server can't be all bad.)

Object orientation is the subject of the sixth chapter, the longest in the book. Despite the author's efforts, this material will likely prove to be the most challenging to readers, given the numerous idiosyncrasies of JavaScript's objects and their built-in methods. The next chapter explores a related topic, modularity, which unfortunately is not supported natively by JavaScript; the author presents some ideas to work around this limitation.

Of all the data processing performed by web sites and apps, a significant portion of it is text manipulation, where the use of regular expressions can be extremely valuable, despite the potential pitfalls. This is tersely covered in Chapter 8, which, in my opinion, should instead be located far earlier in the book, after the discussion on strings. The next chapter is a fast-paced examination of just some of the key aspects of client-side scripting using JavaScript. The only confusing portion is the reference to "the document tag" (page 155), with no explanation as to what that is. The last three chapters continue the discussion of in-browser programming, focusing on the Document Object Model (DOM), browser events, and HTTP requests. Some of the material feels dated, but it is a decent survey of relevant information.

The narrative is well written, aside from the use of long dashes when semicolons are called for and the occasional strange phrasing, such as "two backslashes follow each other" (page 12). Also, the book contains several erratum, most of them a simple mismatch of singular and plural forms: "The example show" (page 11), "executing a statements" (20), "is a special kind of objects" (46), "special type of objects is" (68), "with is em" (89; should read "is em"), "than of an" (90; should read "than an"), "new type of objects" (123), "used as to map" (146), "on [the] current field" (185), and "touched on [in] Chapter 9" (190).

The author wisely makes use of numerous examples, which are of two types: Most if not all of the fundamental concepts are illustrated with pithy examples — particularly in the first half. In Chapters 3, 5, 6, and 11, the author utilizes extended, fictional examples. Some readers may argue that these longer ones are excessively so — especially the terrarium — but there are many nuggets to be found in those pages. In fact, the book overall is largely free of fluff.

In terms of technical information, the book does not attempt to cover all the details of the language itself. Readers will appreciate that the author does not shrink from pointing out the weaknesses in JavaScript, as well as explaining the problems they may cause. One blemish is that many of the small sections of code contain a mixture of complete lines of code as well as standalone expressions (in bold), and usually those expressions are terminated with semicolons, giving them the appearance of lines of code. No doubt some readers will be confused by this convention.

From a production standpoint, the text is quite readable, except for the quite annoying and obvious problem that the font to indicate in-line source code looks almost identical to the non-code text font. There are few diagrams and even fewer screenshots, but that poses no difficulties.

At times this book is even fun to read, partly because of the use of non-silly humor, especially in the two examples of the eccentric (and cat-centric) aunt, and an unsocial reclusive programmer (imagine that).

If you choose to start your JavaScript journey with this book, it can quickly teach you a lot of technical information (relative to its size), and also programming wisdom.

Michael Ross is a freelance web developer and writer.

You can purchase Eloquent JavaScript: A Modern Introduction to Programming from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

First time accepted submitter jasax writes "As an Amazon frequent buyer, I rely quite a lot on reviews of the books I want. However, some caution is in order: the (bad) quality of Amazon's reviews and reviewers under the Amazon Vine program has already been news in Slashdot. Today I was shocked by a practical result of that program. This second edition (published in 2012) of a very specialized system identification book has 12 reviews: the oldest (dated 2007) certainly targets the first edition. The remaining 11 reviews are all from 'Vine Reviewers' (VRs). All seem to be ignorant of what 'System Identification in the Frequency Domain' really is. None of the reviews is tagged with a 'Verified Amazon Purchase'; most (if not all) are 'small talk reviews' peppered with technical phrases cloning the publisher's book description, and some of the reviews are ridiculous, to say the least. If this sample of reviewing by VRs really is the norm, then the bottom line is that the Vine program is totally irrelevant and unreliable — at least for technical books."

First time accepted submitter jasax writes "As an Amazon frequent buyer, I rely quite a lot on reviews of the books I want. However, some caution is in order: the (bad) quality of Amazon's reviews and reviewers under the Amazon Vine program has already been news in Slashdot. Today I was shocked by a practical result of that program. This second edition (published in 2012) of a very specialized system identification book has 12 reviews: the oldest (dated 2007) certainly targets the first edition. The remaining 11 reviews are all from 'Vine Reviewers' (VRs). All seem to be ignorant of what 'System Identification in the Frequency Domain' really is. None of the reviews is tagged with a 'Verified Amazon Purchase'; most (if not all) are 'small talk reviews' peppered with technical phrases cloning the publisher's book description, and some of the reviews are ridiculous, to say the least. If this sample of reviewing by VRs really is the norm, then the bottom line is that the Vine program is totally irrelevant and unreliable — at least for technical books."

First time accepted submitter jasax writes "As an Amazon frequent buyer, I rely quite a lot on reviews of the books I want. However, some caution is in order: the (bad) quality of Amazon's reviews and reviewers under the Amazon Vine program has already been news in Slashdot. Today I was shocked by a practical result of that program. This second edition (published in 2012) of a very specialized system identification book has 12 reviews: the oldest (dated 2007) certainly targets the first edition. The remaining 11 reviews are all from 'Vine Reviewers' (VRs). All seem to be ignorant of what 'System Identification in the Frequency Domain' really is. None of the reviews is tagged with a 'Verified Amazon Purchase'; most (if not all) are 'small talk reviews' peppered with technical phrases cloning the publisher's book description, and some of the reviews are ridiculous, to say the least. If this sample of reviewing by VRs really is the norm, then the bottom line is that the Vine program is totally irrelevant and unreliable — at least for technical books."

benrothke writes "Every organization has external software, hardware and 3rd-party vendors they have to deal with. In many cases, these vendors will have direct access to the corporate networks, confidential and proprietary data and more. Often the software and hardware solutions are critical to the infrastructure and security of the organization. If the vendors don't have effective information security and privacy controls in place, your data is at risk. In addition, when selecting a product to secure your organization, how do you ensure that you are selecting the correct product? All of this is critical in the event of a breach. When the lawyers start circling, they will be serving subpoenas to your company, not your 3rd-party vendors." Keep reading for Ben's review. Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors author Josh More pages 94 publisher Syngress rating 8/10 reviewer Ben Rothke ISBN 978-0124096073 summary Good intro to use to start a vendor assessment program With that, Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendorsis a valuable resource for those looking for a basic introduction on of how to understand the risks involved when sharing data with 3rd-parties, in addition to selecting the appropriate products for your organization.

Many large organizations have formal programs and processes to evaluate the vendors they interact with, in addition to software and hardware procurement. For those that don't, this 80 page reference is a good place to start.

The book shows you how to find the right balance between performing a superficial assessment and one that is way too deep.

While the book has a healthy dose of checklists, it is not about simply filling out the checklists and adding up the totals. Author Josh More writes that robust information assurance processes and regulations aside; successful vendor management involves a wide range of skills; from technical assessment to business communications, to negotiation and much more.

An effective aspect of the book is that it has many questions that you should ask the vendor as part of the assessment process. Too many organizations simply take the vendors word, without performing effective due diligence. Rarely will one find a company where too many questions were asked to the vendor.

Given that the book is only 80 pages, More writes that it focuses mainly on the initial assessment process, with a goal to select a vendor to solve a specific problem that your organization is experiencing, improving an existing process or adding new capabilities. Given its short length, the book does not delve very deeply into the continued operation of a formal vendor management program.

The main thrust of the first chapter is around preliminary vendor research. It shows how to identify vendors for specific products and build criteria for effective vendor selection.

An important point in chapter 1 is that the primary rule in vendor assessment and selection is to always keep your needs first in mind. Far too many organizations let the vendors drive the process, and in turn, the vendor will ensure that their needs are made primary.

One of the topics in chapter 3 is testing confidentiality. When comparing vendors, they will often swear that their product is secure; but will often not provide any details attesting to how secure it really is. The chapter shows how you can perform internal hands-on testing to ensure all of the promised security features do in truth work.

The book provides a lot of common sense advice that may not be intuitive to many people. One bit of invaluable advice to taking the steps to confirm that the vendor you are considering is not selling you gray or black market products. This is especially true for products from Cisco, Check Point and Juniper, which are rampant on the gray and black markets. While buying gray market products may initially be cheaper, they can be much more expensive in the long run when you find out that the warranties you paid for are worthless.

In chapter 4, the book does a good job of showing how to score vendors. It details how you can create questionnaires and use the data to assist in your selection. The chapter stresses that after all of the data is scored, weighted and sorted; you should not expect to find a vendor with a normalized score of 100%. More writes that if you do a good job of creating the right questions on the questionnaire, you will seldom see a vendor higher than the 80-90% range.

A good point the book makes in chapter 5 on testing, is that when a vendor requires you to sign an NDA prior to testing; such a request is a fundamental mark of mistrust. If the vendor is unwilling to negotiate the NDA, it may be worth replacing them with a vendor who is more willing to work with you.

After you have done all of the dirty work of a vendor selection, the book closes with a few pages on how to avoid vendor manipulation. It is not unusual for vendor to fudge the information they provide you with, which will skew the results in their favor.

Another point to consider in the vendor selection process is that vendors benefit greatly from lock-in. The harder they can make it for you to move to another vendor, the more likely they are to get annual renewals.

Selecting a vendor is not a trivial process, and it not intuitive to many organizations. Given the breadth of the topic, the book is a great place to start your work on this important process.

The book doesn't claim to be an all-inclusive resource for the topic. And at 80 pages, one should not expect it to be.

But for those looking to a highly tactical guide to start them on the road to vendor assessments, Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors is a most helpful book to start with.

Reviewed by Ben Rothke.

You can purchase Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael Ross writes "As a hugely popular scripting language with an 18-year history, PHP has been the topic of countless computer language books. One of the most comprehensive offerings has been Programming PHP, published by O'Reilly Media. The first edition appeared in March 2002, and was written by Rasmus Lerdorf (the original developer of PHP) and Kevin Tatroe. A second edition was released in May 2006, and saw the addition of another co-author, Peter MacIntyre. With the many changes to the language during the past seven years, the book has again been updated, to cover all of the major new features made available in version 5 of PHP." Keep reading for the rest of Michael's review. Programming PHP, 3rd Edition author Kevin Tatroe, Peter MacIntyre and Rasmus Lerdorf pages 540 publisher O'Reilly Media rating 8/10 reviewer Michael Ross ISBN 978-1449392772 summary An extensive tutorial of the PHP web programming language. This third edition was published on 22 February 2013, under the ISBN 978-1449392772, with the same three authors at the helm. At a substantial 540 pages, the information is organized into 17 chapters, each focusing on a particular area of the language and its usage. This material precedes an appendix of almost 130 pages, which serves as a reference for all of the language's built-in functions. In fact, not only could this book suffice as a reference guide, it could also serve as a tutorial, because it is accessible to programmers of all levels, including beginners who have never before worked with PHP. The preface notes that the material assumes only "a working knowledge of HTML." However, the example code seems to also assume that the reader is comfortable with fundamental programming concepts, such as conditionals and loops.

To learn more about the book, prospective readers and buyers may wish to visit the publisher's website, where they will find a description of the book, its table of contents, a free copy of its first chapter, and the example code for ten of the chapters. Speaking of formats, the book is available in print and electronic media. (This review is based upon a copy of the print version kindly provided by the publisher.)

The first three chapters explain the bedrock fundamentals of the language, including its lexical structure, data types, variables, expressions, operators, flow-control statements, code inclusion methods, and functions. All of the information appears to be valid, aside from several technical blemishes: In Example 1-1, most of the lines of code are duplicated. Example 1-5, which supposedly creates a PNG file, does not seem to work. The section on constants (page 21) should have mentioned the core predefined constants and also distinguished those from magic ones. The binary literal 0b01100000 is 96, not 1 (page 23). It is claimed that an object is evaluated as false if it contains no values or functions (page 25), and yet: "class C{} assert( new C );." The closure example code (page 29) fails because it includes a function name and no terminating semicolon. The example code in the middle of page 66 contradicts the claim that an inner function "cannot be called from code parsed after the outer function." The example code starting at the end of that page fails because $a in foo() is undefined. Nonetheless, even experienced PHP programmers could pick up knowledge not encountered before, or at least refresh what was learned years ago and since forgotten due to disuse.

The next two chapters explore in detail further essential components of PHP: strings, regular expressions, and arrays. As with the earlier chapters, readers will encounter example code that does not appear to have been tested. For instance, the print_r() output of an object is missing the class name (page 84). On the same page, print_r() and var_dump() of $GLOBALS do indicate "*RECURSION*," but do not loop infinitely or three times, respectively, as claimed. The $record on page 86 is missing its trailing tab character. For these errors and others, it is not clear whether the authors or the technical reviewers are ultimately responsible. Regardless, readers should find useful the tables summarizing regular expression character classes, anchors, quantifiers, and options. On the other hand, the treatment of conditional expressions is sorely in need of examples. Also, readers will be baffled when told that "The preg_match() function takes the same arguments and gives the same return value as the preg_match() function []" (page 112). Lastly, the callback example code is faulty (pages 131, 133, and 141). The sixth chapter, covering object-oriented programming is well-written, aside from the confusing phrase "including it to a different name" (page 160) and the anti-Nietzschean "this will fatal" (page 161).

With Chapter 7, the book shifts gears from the basic underpinnings of PHP to more applied topics, in this case, web techniques — specifically HTTP, global variables, server information, web form processing, sessions, and more. The narrative is quite clear, except when the reader is told that periods in field names are converted to underscores because periods are illegal in PHP variable names (page 178); the connection is not explained. The next chapter looks at server-side data storage, including the topics of PDO, MySQLi, SQLite, and MongoDB. Confusingly, readers are told that the sample SQL database code is available in a file, but they are not told where to find it (http://examples.oreilly.com/0636920012443/).

Chapters 9 through 11 address PHP's support for three specialized file types: graphics, PDF, and XML. The explanations are excellent, and the authors provide numerous examples. The only obvious flaws are in Example 11-1 (page 269), where the echo statement is missing the "<?" and two of the lines have mismatched single and double quotes.

The remaining half dozen chapters cover critical aspects of PHP development. The chapter on security does not attempt to be exhaustive, but instead explains the most common attack vectors and how to block them. The chapter on application techniques discusses code libraries, templating, output buffering and compression, error handling, and performance tuning. Any programmer intrigued by the idea of replacing clunky VBA code with PHP, should be interested in Chapter 14, which explores the differences in running PHP on Windows vs. other platforms, with a brief look at manipulating the contents of Microsoft Word and Excel files using PHP. RESTful web services and XML-RPC are the topics of the next chapter, whose only apparent blemish is that json_encode() does not add spaces between the array values (page 339). The penultimate chapter addresses multiple environments, manual debugging, and the use of an IDE. The last chapter briefly covers PHP support for dates and times, and thus should have been located much earlier in the book, with the other material on fundamental concepts.

Overall, this book is quite approachable. Throughout, one will find programming style recommendations, However, as with any technical work of this size, there are passages that could be made more complete or clear. Occasionally the authors will mention something explained only later — e.g., "short echo tag" (page 60) — which can be frustrating to anyone new to a language.

The concepts of PHP being taught are extensively illustrated with example code. Some of it is concise enough so as not to distract from the narrative flow, but far too many examples involve much more code than necessary. This at first glance might seem to be an advantage, but it actually makes it more difficult for the reader to see the parts of the code relevant to the topic at hand. Also, the authors underutilize whitespace in the code, instead jamming tokens and parentheses together.

In a book of this size, we should not be astonished to find some errata: "Wordpress" (page xv), "try and" (same page; should read "try to"), "tick function registered when register_tick_function()" (55; should read "with" not "when"), "eXtensible" (59), "super-global" (67; should read "superglobal"), "display_classes() function" (vs. "function displayClasses()"; 164), "$var" (294 and 295; should read "$value"), "functions of blocks" (323; should read "functions or blocks"), "retried" (337; should read "retrieved"), and "a.k.a." (350; should read "e.g.").

In terms of the production of the book, like most other O'Reilly titles, this one is nicely put together, with readable font. But sometimes words are jammed together so much that lines appear to be a single word, e.g., "codeitselfbutplentifulenoughthatyoucanusethecommentstotellwhat'shappening" (page 17). Also, the publisher should avoid splitting the function names as if they were English words, e.g., "addc" and "slashes()" on separate lines (page 91). The index is missing some obvious entries, e.g., "closures." Many code snippets are missing the "Example" numbers and captions. This may be fine if the authors do not reference those snippets, but makes it problematic for anyone else to reference them.

Even though this is arguably one of the most comprehensive PHP books on the market, it does not cover all aspects of the language. On page 1, readers learn that PHP can be utilized in three major ways — server-side scripting, command-line scripting, and client-side GUI applications; but only the first is covered in the book. The appendix consumes over 120 pages, and comprises information easily available online in the PHP manual's function reference. Those pages could instead have been devoted to at least introducing command-line scripting and GUI applications. In fact, there are two major changes the authors could take in bringing this book much closer to perfection: Firstly, retest all of the code and root out any technical snafus. Secondly, replace the lengthy appendix with full coverage of the topics of command-line scripting and client-side GUI applications.

Regardless, Programming PHP is both a tutorial and a reference resource packed with information and example code. Benefiting from the author's deep expertise in the language and its usage, the book is the most promising single source for anyone who wishes to learn this ubiquitous web scripting language.

Michael Ross is a freelance web developer and writer.

You can purchase Programming PHP, 3rd Edition from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

14erCleaner writes "Retired Colorado professor Evi Nemeth has been missing between New Zealand and Australia since June 4, along with six others on their racing yacht. Nemeth, 73, is known as the primary author of the definitive Unix systems administration guide and for other works on Unix and Linux system administration and cryptography."

sagecreek writes "If you are in charge of a small network with just a few servers, you may still be doing configuration management primarily by hand. And you may take particular pride in maintaining that 'artisan' role. After all, it's mostly up to you to set up new users and their machines, fix current problems, manage the servers and their software, create databases and their user accounts, and try to keep the network and user configurations as uniform as possible despite running several different brands--and vintages--of hardware and software. However, warns infrastructure consultant John Arundel, '[b]eyond ten or so servers, there simply isn't a choice. You can't manage an infrastructure like this by hand. If you're using a cloud computing architecture, where servers are created and destroyed minute-by-minute in response to changing demand, the artisan approach to server crafting just won't work.' In his new book, Puppet 3 Beginner's Guide, Arundel emphasizes: 'Manual configuration management is tedious and repetitive, it's error-prone, and it doesn't scale well. Puppet is a tool for automating this process.'" Read below for the rest of sagecreek's review. Puppet 3 Beginner's Guide author John Arundel pages 184 publisher Packt Publishing rating 8 out of 10 reviewer sagecreek ISBN 978-1-78216-124-0 summary Learn how to fully utilize Puppet through simple, practical examples Actually, among "UNIX-like systems," there are at least three major configuration management (CM) packages — Puppet, Chef, and CFEngine — plus some other competitors, Arundel notes. He calls them "all great solutions to the CM problem...it's not very important which one you choose as long as you choose one." But he hopes, of course, you will check out Puppet and his new, well-written how-to book.

Puppet 3 Beginner's Guide is structured to help system administrators "start from scratch...and learn how to fully utilize Puppet through simple, practical examples."

Arundel's book places important emphasis on the rapidly closing "divide between 'devs,' who wrangle code, and 'ops,' who wrangle configurations. Traditionally, the skills sets of the two groups haven't overlapped much," he notes. "It was common until recently for system administrators not to write complex programs, and for developers to have little or no experience of building and managing servers."

Today, he points out, system admins are "facing the challenge of scaling systems to enormous size for the web, [and] have had to get smart about programming and automation." Meanwhile, "[d]evelopers, who now often build applications, services, and businesses by themselves, couldn't do what they do without knowing how to set up and fix servers."

Therefore, "[t]he term 'devops' has begun to be used to describe the growing overlap between these skill sets," Arundel emphasizes. "Devops write code, herd servers, build apps, scale systems, analyze outages, and fix bugs. With the advent of CM systems, devs and ops are now all just people who work with code."

Arundel's 184-page Puppet 3 Beginner's Guide has 10 chapters that are smoothly structured with numerous headings, subheadings, short paragraphs, code examples, and other illustrations. He has generated his code examples using the Ubuntu 12.04 LTS "Precise" distribution of Linux. But he explains how to load the software using "Red Hat Linux, CentOS, or another Linux distribution that uses the Yum package system," as well.

Chapter 1, "Introduction to Puppet," explains the software's basic architecture and shows how Puppet deals with large-scale configuration management problems.

In Chapter 2, "First Steps with Puppet," the author details how to install Puppet, create a simple manifest, and apply it to a machine. He also offers some basic Puppet language examples.

Chapter 3, "Packages, Files, and Services," focuses on "how to use these key resource types...and how they work together" and presents "a complete and useful example based on the Nginx web server."

In Chapter 4, "Managing Puppet with Git," Arundel shows "a simple and powerful way to connect machines together using Puppet, and to distribute your manifests and work on them together collaboratively using the version control system Git."

The emphasis in Chapter 5, "Managing Users," is on "good practices for user administration" and implementing them with Puppet. The chapter also covers "how to control access using SSH and manage user privileges using sudo."

The topics covered in Chapter 6, "Tasks and Templates," include using "Puppet's resource types to run commands, schedule regular tasks, and distribute large trees of files." Also covered: "how to insert values dynamically into files using templates."

In Chapter 7, "Definitions and Classes," Arundel explains "how to organize Puppet code into reusable modules and objects. We'll see how to create definitions and classes, and how to pass parameters to them."

Chapter 8, "Expressions and Logic," dives deeper into Puppet code. It "shows how to control flow using conditional statements and logical expressions, and how to build arithmetic and string expressions. It also covers operators, arrays, and hashes."

Chapter 9, "Reporting and Troubleshooting," deals with what the author terms "the practical side of working with Puppet," including diagnosing and solving common problems, debugging the software's operations, and understanding Puppet's error messages.

The final section, Chapter 10, "Moving on Up," wraps up with a range of topics, including how to make Puppet code "more elegant, more readable, and more maintainable." Arundel also offers "links and suggestions for further reading." And he describes nine projects to help you "improve your skills and your infrastructure at the same time." The projects, he says, "provide a series of stepping-stones from your first use of Puppet to a completely automated environment."

Puppet's maker, Puppet Labs, offers some virtual-machine options for learning the software. The choices are: (1) a VXM version recommended for VMware Fusion and VMware Workstation; and (2) an OVF version recommended for VirtualBox "and all other non-VMware virtualization software." Puppet Labs also offers a Puppet Enterprise version of its software that supports up to 10 nodes free.

Along with Linux, Puppet will run on other several platforms, including Windows and Macs,, but you will find little help for those in Arundel's book. You will need to use Puppet Lab's online Mac or Windows documentation. And Windows may not be the greatest of choices. As the documentation notes: "Windows nodes can't act as puppet masters or certificate authorities, and most of the ancillary Puppet subcommands aren't supported on Windows."

It can take a bit of work to get Puppet installed and configured. But once you have it running in a Linux environment, John Arundel's new book can be a solid guide to helping you become both a proficient Puppet user and a more efficient, knowledgeable, and versatile system administrator.

You can purchase Puppet 3 Beginner's Guide from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

gregrolan writes "Evans's Trousers Of Reality series attempts to understand the interplay between neurology, psychology, and sociology in the context of finding a better path through working life. I previously reviewed the first book in the series, Working Life a few years ago, and the second volume The Ingenious Engine Of Reality has now been published. While the first volume outlined the themes for the series and focused on work-life balance, this second volume digs deeper into the science behind knowledge, learning, and mental models.It then uses this background to explore the relationship between knowledge, behavior, and process in a software project setting." Keep reading for the rest of Greg's review. The Ingenious Engine Of Reality author Barry Evans pages 337 publisher Code Green rating 8/10 reviewer Greg Rolan ISBN 978-1907215193 summary Learning, creativity, methodologies, and working life Although approached from the perspective of software development and project management, many of the series' concepts and insights can be applied to any walk of life. Evans is an independent consultant and a valued trainer/coach in agile development. I should disclose that I know Evans, having worked together for a short time almost 20 years ago and kept in touch throughout this time. I also acknowledge the feedback from my prior review and will try to make this one less "impenetrable" and, well, shorter.

The Ingenious Engine Of Reality is divided into three parts; the first, "Perpetually Becoming", is a short discussion about neuroplasticity. Rather than passively accept our consciousness as a final embodiment of 'who we are', Evans shows that we can use the natural adaptability of our brains to pro-actively change what we know and can do, how we learn, what we believe, and, ultimately how we behave. He explains the fallacy of the 'old dog/new tricks' nugget, outlines a personal program for change, and even describes work-related stress in this new context. This is huge topic, and the author only delves deep enough to lay the groundwork for the subsequent parts of the book, referring the reader to the extensive bibliography for a richer understanding of the science behind this section.

The second part entitled "The Nature of Knowledge" discusses how we model the world and deal with the knowledge that we obtain from it. It draws on insights from authors as diverse as Louis CK, Thoreau, and Von Neumann to weave together the threads of an argument that we can consciously control the way we interpret and construct this knowledge. This is not a sociological knowledge management discussion along the lines of Nonaka or Davenport but a deep, neuropsychological exploration. Evans describes how we can proactively use our subconscious to destroy or rework complex equivalences that may not have been serving us well. For example: business models that perpetuate a 'no-pain, no-gain' ethos or one that justifies poor behavior for professional/commercial success.

Section two also introduces the tools of filtering, intersecting, and connecting. In other words, in the face of the information barrage that we all experience, we need to learn how to appropriately filter what we take from the torrent. The word appropriately is important here: we need to be aware of our propensity to distort, delete generalize, extrapolate or approximate in order to support our cognitive biases. Evans links the activity of this filtering to that of finding commonality between concepts or experiences; to find intersections upon which to triangulate and determine the veracity of our knowledge. Finally, the section covers the making of connections to generate new or better knowledge than we had before. I found that the explicit description of these processes, while seemingly obvious, provided a personal framework for conscious reflection in the mode of Argyris and others (What have we learnt? Are we learning the right things? Are we learning the right things in the right way?).

To bring this back to a working-life perspective, Evans ends up drawing a parallel to an iterative and reflective working style (or project management methodology if you like). He argues that receptiveness to new ideas, being able to let go so as to be able to move on, and the deliberate construction of short feedback loops are all helpful techniques for the workplace – from the individual to the organization.

Finally, the third section, "The Art of Knowledge" describes the actual processes of modelling and feedback through which we manage knowledge (i.e. learn). Here Evans describes how to cultivate creativity and discern cause-and-effect relationships, using the culture at Pixar as an example. This then quickly turns into a practical discussion about management techniques, process design, feedback mechanisms, workplace productivity, and the use of metaphors as a modelling technique for problem solving.

In particular, Evans scrutinizes the way that project methodologies (or any corporate processes) come in to being and then dominate thinking even after the world has moved on from the original set of conditions from which they were developed. He suggests a technique, using what, why, and how questioning to understand the real process requirements and return the methodology to a state of subservience to the task/job/mission at hand (rather than the other way round). It is the mechanisms of finding balance and predictability within the chaos of working life – compounded by the interference of workplace 'bullies', politics, marketing, the media, and fashion – that is the real value of this section.

Evans is still brimming with ideas and eager to get them down on paper. Just as importantly, he's passionate about drawing links and inferring relationships between concepts, writing in a rambling, almost conversational style. While this certainly provides for an appealing accessibility, truth be told, his work could do with another editing go-round and tighter prose. Having said that, this series does belong on any IT practitioner's bookshelf, or for that matter, on that of anyone striving for creativity and sanity in a bureaucratic or process-driven environment.

You can purchase The Ingenious Engine Of Reality from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "It's said that truth is stranger than fiction, as fiction has to make sense. Had The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests been written as a spy thriller, it would have been a fascinating novel of international intrigue. But the book is far from a novel. It's a dense, well-researched overview of China's cold-war like cyberwar tactics against the US to regain its past historical glory and world dominance." Read below for the rest of Ben's review. The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests author Dennis Poindexter pages 192 publisher McFarland rating 9/10 reviewer Ben Rothke ISBN 978-0786472710 summary Fascinating overview on the cyberwar with China Author Dennis Poindexter shows that Chinese espionage isn't made up of lone wolves. Rather it's under the directive and long-term planning of the Chinese government and military.

Many people growing up in the 1940's expressed the sentiment "we were poor, but didn't know it". Poindexter argues that we are in a cyberwar with China; but most people are oblivious to it.

Rather than being a polemic against China, Poindexter backs it up with extensive factual research. By the end of the book, the sheer number of guilty pleas by Chinese nationals alone should be a staggering wake-up call.

In February, Mandiant released their groundbreaking report APT1: Exposing One of Chinas Cyber Espionage Units, which focused on APT1, the most prolific Chinese cyber-espionage group that Mandiant tracked. APT1 has conducted a cyber-espionage campaign against a broad range of victims since at least 2006. The report has evidence linking them to China's 2nd Bureau of the People's Liberation Army.

China is using this cyberwar to their supreme advantage and as Poindexter writes on page 1: until we see ourselves in a war, we can't fight it effectively. Part of the challenge is that cyberwar does not fit the definition of what a war generally is because the Chinese have changed the nature of war to carry it out.

Poindexter makes his case in fewer than 200 pages and provides ample references in his detailed research; including many details, court cases and guilty verdicts of how the Chinese government and military work hand in hand to achieve their goals.

The book should of interest to everyone given the implications of what China is doing. If you are planning to set up shop in China, be it R&D, manufacturing or the like, read this book. If you have intellectual property or confidential data in China, read this book as you need to know the risks before you lose control of your data there.

Huawei Technologies, a Chinese multinational telecommunications equipment and services firm; now the largest telecommunications equipment maker in the world is detailed in the book. Poindexter details a few cases involving Huawei and writes that if Huawei isn't linked to Chinese intelligence, then it's the most persecuted company in the history of international trade.

The book details in chapter 2 the intersection between cyberwar and economic war. He writes that any foreign business in China is required to share detailed design documents with the Chinese government in order to do business there. For many firms, the short-term economic incentives blind them to the long-term risks of losing control of their data. The book notes that in the Cold War with Russia, the US understood what Russia was trying to do. The US therefore cut back trade with Russia, particularly in areas where there might be some military benefit to them. But the US isn't doing that with China.

Chapter 2 closes with a damming indictment where Poindexter writes that the Chinese steal our technology, rack up sales back to us, counterfeit our goods, take our jobs and own a good deal of our debt. The problem he notes is that too many people focus solely on the economic relations between the US and China, and ignore the underpinnings of large-scale cyber-espionage.

Chapter 6 details that the Chinese have developed a long-term approach. They have deployed numerous sleepers who often wait decades and only then work slowly and stealthily. A point Poindexter makes many times is that the Chinese think big, but move slow.

Chapter 7 is appropriately titles The New Cold War. In order to win this war, Poindexter suggest some radical steps to stop it. He notes that the US needs to limit trade with China to items we can't get anywhere else. He says not to supply China with the rope that will be used to hang the US on.

He writes that the Federal Government has to deal with the issue seriously and quickly, to protect its telecommunications interests so that China isn't able to cut it all off one day. He also notes that national security must no longer take a backseat to price and cheap labor.

Poindexter writes that the US Government must take a long-view to the solution and he writes that it will take 10 years to build up the type of forces that that would be needed to counter the business and government spying that the Chinese are doing.

Rachel Carson's Silent Spring is the archetypal wake-up call book. Poindexter has written his version of Silent Spring,but it's unlikely that any action will be taken. As the book notes, the Chinese are so blatantly open about their goals via cyber-espionage, and their denials of it so arrogant, that business as usual simply carries on.

The Chinese portray themselves as benevolent benefactors, much like the Kanamits in To Serve Man. Just as the benevolence of the Kanamits was a façade, so too is what is going on with the cold cyberwar with China.

The book is an eye-opening expose that details the working of the Chinese government and notes that for most of history, China was the world's dominating force. The Chinese have made it their goal to regain that dominance.

The book states what the Chinese are trying to accomplish and lays out the cold facts. Will there be a response to this fascinating book? Will Washington take action? Will they limit Chinese access to strategic US data? Given Washington is operating in a mode of sequestration, the answer should be obvious.

The message detailed in The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests should be a wake-up call. But given that it is currently ranked #266,881 on Amazon, it seems as if most of America is sleeping through this threat.

Reviewed by Ben Rothke

You can purchase The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

New submitter sker writes "Mind hackers, self-help junkies, even regular people have heard wild promises of the power of neurofeedback — namely the process of watching a visual representation of your own brain's activity to influence what your brain is doing. Folks are using it to cure ADHD, PTSD, or even to supposedly improve mindfulness meditation. Previously the sole domain of costly hospital and research equipment, the necessary EEG equipment is making its way into the home. From newagey Deepak Chopra-endorsed kits to the for-engineers-only OpenEEG project, the options are rapidly getting unwieldy for curious bystanders to make sense of. Have you had experience with EEG or neurofeedback at home? Do you have advice?"

eldavojohn writes "Core HTML5 Canvas is a book that focuses on illuminating HTML5 game development for beginning and intermediate developers. While HTML and JavaScript have long been a decent platform for displaying text and images, Geary provides a great programming learning experience that facilitates the canvas element in HTML5. In addition, smatterings of physics engines, performance analysis and mobile platform development give the reader nods to deeper topics in game development." Read below for the rest of eldavojohn's review. Core HTML5 Canvas author David Geary pages 723 publisher Prentice Hal rating 9/10 reviewer eldavojohn ISBN 9780132761611 summary An introduction to game development in HTML5's canvas that brings the developer all the way up to graphics, animation and basic game development. This book is written with a small introduction to HTML and JavaScript. While Geary does a decent job of describing some of those foundational skill sets, I fear that a completely novice developer might have a hard time getting to the level required for this text. With that in mind, I would recommend this book for people who already have at least a little bit of HTML and JavaScript development in their background. This book may also be useful to veteran developers of an unrelated language who can spot software patterns easily and aren't afraid to pick up JavaScript along the way. You can read all of Chapter One of the book here if you want to get a feeling for the writing. Geary also has sample chapters available on his site for the book, corehtml5canvas.com and maintains the code examples on Github. If you already write games, this book is likely too remedial for you (especially the explanations of sprites and collision detection) and the most useful parts would be Geary's explanation of how to produce traditional game elements with the modern HTML5 standards.

I have very few negative things to say about this text – many of which may be attributed to personal preferences. This book is code heavy. It starts off with a sweet spot ratio for me. I found I spent about twenty to thirty percent of my time scanning over HTML and JavaScript snippets inserted occasionally into passages. However, by the last chapters, I found myself poring over lengthier and lengthier listings that made me feel like I was spending sixty to seventy percent of my time analyzing the JavaScript code. To be fair, the author does do a good job of simply referencing back to concepts learned in other chapters but I wouldn't mind a re-explanation of those topics or a more in depth analysis of how those concepts interoperate. I also feel that it is risky to put so much code into print as that greatly impacts the shelf life of an unchanging book. The book itself warns on page 51 that toBlob() was a new specification added to HTML5 between writing the book and the book being published. I feel like this would warrant much more English explaining what you're accomplishing and why so that the book does not age as much from being tightly coupled to a snapshot of the specifications.

The code listings in this book are wonderfully colored to indicate quickly to the eye what part of the JavaScript language each piece is. I'm not sure how many copies suffer from this but my book happened to have a problem on some of the pages whereby the comprising colors did not line up. Here is a good example and a bad example just a few pages apart.

This was infrequent but quite distracting as the code became more and more predominant. Lastly, Geary briefly introduces the reader to amazing performance tools (jsPerf in Chapter 1 and again Browserscope in Chapter 4) early on and demonstrates how to effectively exercise it on small pieces of JavaScript. In the particular example he shows how subtle differences in handling image data can affect the performance inside different browsers (even different versions of the same browser as I'm sure the JavaScript engines are repeatedly tweaked). Since games are always resource intensive, I wondered why the author didn't take these examples to the next level and show the reader how to write unit tests (not really covered in the book). That way each of these functions could be extracted to a common interface where it would be selectively chosen based on browser identification. While this might be unnecessary for images, it would be a nod toward addressing the long pole in the tent when you look to squeeze cycles out of your code. Oddly, as more concepts are established and combined, these performance exercises disappear. I understand this book was an introduction to these side quests with a focus on game development but this was one logical step I wish had been taken further (especially in Chapter 9: The Ungame).

About a year ago, I started a hobby project to develop a framework for playing cards in the browser on all platforms. The canvas element would be the obvious tool of choice for accomplishing this goal. Unfortunately I began development using a very HTML4 attitude with (what I now recognize) was laughable resource management. This book really helped me further along in getting that hobby project to a more useable state.

The first chapter of the book introduces the reader to the basics of HTML5 and the canvas element. The author covers things like using clientX and clientY for mouse events instead of x and y. A simple clock is built and shows how to correctly use the basic drawing parts of the HTML5 specification. For readers unfamiliar with graphics applications, a lot of ground is covered on how you programmatically start by constructing an invisible path that will not be visually rendered until stroke() or fill() is called. The chapter also covers the basic event/listener paradigm employed by almost anything accepting user input. Geary explains how to properly save and restore the surface instead of trying to graphically undo what was just done.

An important theme through this book is how to use HTML elements alongside a canvas. This was one of the first follies of my "everything goes in canvas" attitude. If you want a control box in your application, don't reinvent the partially transparent box with paths and fills followed by mouse event handling over your canvas (actually covered in Chapter 10) – simply use an HTML div and CSS to position it over your canvas. Geary shows how to do this and would have saved me a lot of time. Geary discusses and shows how to manage off-screen canvases (invisible canvases) in the browser which comes in mighty handy when boosting performance in HTML5. The final parts of Chapter One focus on remedial math and how to correctly handle units of measure when working in the browser.

Chapter Two shows the reader how to build a rudimentary paint application with basic capabilities. It does a great job of showing how to expand on the basic functions provided by HTML5 and covers a little bit of the logic behind the behavior. Geary goes so far as to show the reader how to extend some of the core components of HTML5 like CanvasRenderingContext2D with an additional function. He also cautions that this can lead to pitfalls in JavaScript. This chapter does an excellent job of exploiting and enumerating core drawing functionality to achieve the next level in using these lines and objects for a desired user effect. Prior to reading this chapter, I hadn't viewed clip() in the correct light and Geary demonstrates the beginnings of its importance in building graphics. In Chapter Three, text gets the same extensive treatment that the basic drawing elements did in Chapter Two. In reading this chapter, it became apparent hat HTML5 has a lot of tips and tricks (perhaps that comes with the territory of what it's trying to achieve) like you have to replace the entire canvas to erase text. Being a novice, I'm not sure if the author covered all of such things but I was certainly appreciative for those included.

Chapter Four was an eye opener on images, video and their manipulation in canvas. The first revelation was that drawImage() can also render another canvas or even a video frame into the current canvas. The API name was not indicative to me but after reading this chapter, it became apparent that if I sat down and created a layout of my game's surface, I could render groups of images into one off-screen canvas and then continually insert that canvas into view with drawImage(). This saved me from considerable rerendering calls. The author also included some drag and drop sugar in this chapter. The book helped me understand that sometimes there are both legacy calls to old ways of doing things and also multiple new ways to accomplish the same goal. When you're trying to develop something as heavy as a game, there are a lot of pitfalls.

Chapter Five concentrates on animations in HTML5 and first and foremost identifies a problem I had struggled with in writing a game: don't use setInterval() or setTimeout() for animations. These are imprecise and instead the book guides the reader with instructions on letting the browser select the frame rate. Being a novice, the underlying concepts of requestAnimationFrame() had eluded me prior to reading this book. Geary's treatment of discussing each browser's nuances with this method may someday be dated text but helped me understand why the API call is so vital. It also helps you build workarounds for each browser if you need them. Blitting was also a new concept to me as was the tactic of double buffering (which the browser already does to canvas). This chapter is heavy on the hidden caveats to animation in the browser and builds on these to implement parallax and a stopwatch. The end of this chapter has a number of particularly useful "best practices" that I now see as crucial in HTML5 game development.

Chapter Six details sprites and sprite sheets. Here the author gives us a brief introduction to design patterns (notably Strategy, Command and Flyweight) but it's curious that this isn't persisted throughout the text. This chapter covers painters in good detail and again how to implement motion and timed animation via sprites with requestNextAnimationFrame(). This chapter does a great job of showing how to quickly animate a spritesheet.

Chapter Seven gives the user a brief introduction to implementing simple physics in a game engine like gravity and friction. It's actually just enough to move forward with the upcoming games but the most useful section of this chapter to me was how to warp time. While this motion looks intuitive, it was refreshing to see the math behind ease-in or ease-out effects. These simple touches look beautiful in canvas applications and critical, of course, in modeling realistic motion.

Naturally the next thing needed for a game is collision detection and Chapter Eight scratches the surface just enough to build our simple games. A lot of fundamental concepts are discussed like collision detection before or after the collision happens. Geary does a nice job of biting off just enough to chew from the strategies of ray casting, the separating axis theorem (SAT) and minimum translation vector algorithms for detecting collisions. Being a novice to collision detection, SAT was a new concept to me and I enjoyed Geary's illustrations of the lines perpendicular to the normal vectors on polygons. This chapter did a great job of visualizing what the code was achieving. The last thing this chapter tackles is how to react or bounce off during a collision. It provided enough for the games but it seemed like an afterthought to collision detection. Isn't there a possibility of spin on the object that could influence a bounce? These sort of questions didn't appear in the text.

And Chapter Nine gets to the main focus of this book: writing the actual game with all our prior accumulated knowledge. Geary calls this light game engine "the ungame" and adds things like multitrack sound, keyboard event handling and how to implement a heads-up display to our repertoire. This chapter is very code heavy and it confuses me why Geary prints comments inlined in the code when he has a full book format to publish his words in. The ungame was called as such because it put together a lot of elements of the game but it was still sort of missing the basic play elements. Geary then starts in on implementing a pinball game. It may sound overly complicated for a learning text but as each piece of the puzzle is broken down, the author manages to describe and explain it fairly concisely. While this section could use more description, it is basically just bringing together and applying our prior concepts like emulating physics and implementing realistic motion. The pinball board is merely polygons and our code there to detect collisions with the circle that is the ball. It was surprisingly how quickly a pinball game came together.

Chapter Ten takes a look at making custom controls (as mentioned earlier about trying to use HTML when possible). From progress bars to image panners, this chapter was interesting and I really enjoyed the way the author showed how to componentize and reuse these controls and their parts. There's really not a lot to say about this chapter, as you may imagine a lot of already covered components are implemented in achieving these controls and effects.

Geary recognizes HTML5's alluring potential of being a common platform for developing applications and games across desktops and mobile devices. In the final chapter of the book, he covers briefly the ins and outs of developing for mobile — hopefully without having to force your users to a completely different experience. I did not realize that native looking apps could be achieved on mobile devices with HTML5 but even with that trick up its sleeve, it's hard to imagine it becoming the de facto standard for all applications. Geary appears to be hopeful and does a good job of getting the developer thinking about the viewport and how the components of their canvas are going to be viewed from each device. Most importantly, it's discussed how to handle different kinds of input or even display a touch keyboard above your game for alphabetic input.

This was a delightful book that will help readers understand the finer points of developing games in HTML5's canvas element. While it doesn't get you to the point of developing three dimensional blockbuster games inside the browser, it does bite off a very manageable chunk for most readers. And, if you're a developer looking to get into HTML5 game design, I heavily recommend this text as an introduction.

You can purchase Core HTML5 Canvas from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "Phil Lapsley calls his book 'the untold story of the teenagers and outlaws who hacked Ma Bell.' The story is an old one, going back to the early 1960's. Lapsley was able to track down many of the original phone phreaks and get their story. Many of them, even though the years have passed, asked Lapsley not to use their real names." Read below for the rest of Ben's review. Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell author Phil Lapsley. Foreword by Steve Wozniak pages 416 publisher Grove Press rating 9/10 reviewer Ben Rothke ISBN 978-0802120618 summary Fascinating story of the early phone phreaks While parts of the story have been told before, Lapsley's far-reaching research brings many of the central characters into a single read, resulting in an extremely interesting and engrossing read.

When Alexander Graham Bell created his harmonic telegraph, which would later turn into the telephone, it was like the Internet, built for functionality, with no inherent security controls. Those security vulnerabilities were begging to be found, and when they were discovered by the phone phreaks, it was a wake-up call to AT&T.

Defining a phone phreak is like defining a hacker; it means different things to different people. Lapsley defines it as "someone who loves exploring the telephone system and experimenting with it to understand how it works.

What the phone phreaks did was to spend endless hours dialing different numbers to understand how the inner-workings of the telephone system operated. Meaningless sounds to most people were music to the phreaks as they could determine how calls were routed via these tones.

Many of the phreaks practiced what is today known as social engineering and would impersonate phone company employees and technicians.

The devices that enabled them to make phone calls were called black boxes, blue boxes, and red boxes. The book notes that Steve Wozniak (who wrote the forward to the book) and Steve Jobs sold blue boxes before they started Apple. In fact, Jobs is quoted as saying that if they hadn't built blue boxes, there wouldn't have been an Apple.

The book has many layers to it. One part is an interesting history of the telephone and long-distance communications. It then segues into phone phreaks, who much like early computer hackers, used the phone network as a portal for exploration and hacking. The vast majority of the phone phreaks did it for the thrill, rather than just to make free phone calls.

One of the things the phone phreaks did was to read as much corporate documentation and manuals (obtained both legally and serendipitously) as they could. Lapsley notes that many of the technical documents that the phone company shared were in truth highly confidential.

As AT&T was a monopoly with zero competition, the notion that someone would use their own technical documentation against them was unheard of. Lapsley writes that for reasons of corporate pride, national service and public relations, AT&T felt an obligation to share its latest and greatest technical feats with the public. For that reason, the Bell System Technical Journal was required reading for every phone phreak.

The web site for the book has available many of the technical documents detailed in the book that played a role in the development of phone phreaking.

The book details many similarities between the phone phreaks and the early Internet hackers. While law enforcement stated that Kevin Mitnick could launch missiles via whistling into the phone, law enforcement called the phone phreaks a public menace, mentally unstable, a national threat and much more.

Like early hackers, the phone phreaks showed how engineering insiders are often the last to know what is actually possible with the systems they design. Lapsley noted that part of the problem was pride, in that Bell Labs had created the public telephone switching network, and they didn't want to admit how vulnerable it was. Its engineers were spring-loaded to disbelieve reports to the contrary.

Another advantage the phone phreaks, like hackers, had is that the Bells Labs engineers only looked at the systems as how it was supposed to work. That blinded them to how the system actually did work and how it could be made to do things it was never designed to do,

The results were that they couldn't see the holes in their own network; holes that a blind teenager found. Even when that blind teenage told them of the problem, (the book tells the story of Joe Engressia), they didn't understand it when first described to them.

The book describes another major technical security oversight made by AT&T in 1970 with the introduction of the telephone credit card. Lapsley writes that fraud was epidemic as AT&T's credit card numbering system was a bad joke from a security perspective. The card numbers were easy to guess and highly predictable resulting in millions of dollars of related fraudulent calls.

One of the main recurring characters in the book is John Draper, better known as Captain Crunch. Draper made a lot of money as a legitimate software engineer, but lost it due to his business naiveté and personal demons. Draper had numerous arrests related to phone phreaking and served time in prison.

The book notes that Draper's arrest in 1976 is a textbook case of how not to deal with the FBI when arrested. One of the incredulous things Draper did when he was read his rights was to waive them. While the FBI didn't have a search warrant, he voluntarily allowed them to search his apartment and Volkswagen Van, where incriminating evidence was indeed discovered.

While Draper was later convicted, the book quotes a fascinating observation by a phone company employee in that 90% of the phone phreak and hacker cases, law enforcement in fact had no criminal case. Most of the evidence they had was things they couldn't be prosecuted for. Either there was no legitimate crime on the books or all they had was the phone phreaks confession, but no tangible evidence.

It wasn't just the phone phreaks who were raising havoc on the phone company networks. The book writes of others who used black boxes and blue boxes for free calls. From Mafia bookies, to the Hare Krishna movement making fraudulent long-distance phone calls.

The book closes in 1982 when the US Dept. of Justice and AT&T came to an agreement to break up Ma Bell in the Baby Bells.

Lapsley has a degree in electrical engineering from UC. Berkeley so he as a deep first-hand understanding of the technology he is writing about. He also has the unique ability to write about bland technical topics and make them both engaging and comprehensible. He understands directly the curiosity the phone phreaks had and the passion to understand the inner workings of the phone system.

For a book that ends over 30 years ago, Phil Lapsley does a superb job of writing the story of the glory days of phone phreaking. In 2013, the notion of a domestic long-distance call is for the most not in anyone's lexicon. But making free long-distance calls was the mantra of the phone phreaks.

Exploding the Phoneis the first comprehensive history of the era of phone phreaking and Lapsley has done a masterful job a making the story fascinating and readable.

Reviewed by Ben Rothke.

You can purchase Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "Amazon today announced an initiative to help indie game developers promote and sell their games: the Indie Games Store. The dedicated storefront is a new category in Amazon's Digital Video Games Store, designed specifically to help indie games for PC, Mac, and the Web get noticed. The store appears to be US-only, but if you don't live there you should be able to get away with just putting in an American address. Most of the games are Steam downloads, so where you are in the world shouldn't matter too much."

An anonymous reader writes "Amazon today announced an initiative to help indie game developers promote and sell their games: the Indie Games Store. The dedicated storefront is a new category in Amazon's Digital Video Games Store, designed specifically to help indie games for PC, Mac, and the Web get noticed. The store appears to be US-only, but if you don't live there you should be able to get away with just putting in an American address. Most of the games are Steam downloads, so where you are in the world shouldn't matter too much."

Peter Wayner is no stranger to Slashdot. Not only that, he's written a bunch of books, plus articles for InfoWorld, PC World, the New York Times, and many other publications. Now he's working on a book about Autonomous Cars. Last year Peter wrote an article for Car & Driver about the privacy implications of vehicle recorders. Driverless cars will bring us a whole new set of problems, questions, and -- no doubt -- legislation. We're hoping to have more conversations on this topic (and others) with Peter in the future, so with any luck this video will be the first of a long series. With all that said, take it away, interviewer Timothy Lord... Update: 06/05 21:56 GMT by T : Peter's book is still in progress, but it's got a website, if you'd like an early glance.

theodp writes "Q. What do Chris Brown and Steve Ballmer have in common? A. They both want you to Beg for It. GeekWire reports that Microsoft is touting its new Chip In program, a crowdfunding platform that allows students to 'beg' for select Windows 8 PCs and tablets that they can't afford on their own. Blair Hanley Frank explains, 'Students go to the Chip In website and choose one of the 20 computers and tablets that have been pre-selected by Microsoft. Microsoft chips in 10% of the price right off the bat, and then students are given a link to a "giving page" to send out to anyone they think might give them money. Once their computer is fully funded, Microsoft ships it to them.' Hey, what could go wrong?"

sagecreek writes "You can judge this book, at least in part, by the lengthy tagline on its cover: 'Learn to make practical, unique, real-world sites that span a variety of industries and technologies with the world's most popular mobile development library.' jQuery might not be your favorite framework on the long, long list of JavaScript possibilities. But Shane Gliser unabashedly describes himself as a jQuery 'fanboy...if it's officially jQuery, I love it.' Gliser is an experienced mobile developer and blogger who operates Roughly Brilliant Digital Studios. He also has some background in mobile UX (user experience), and both qualities show in this smoothly written, well-illustrated, 234-page how-to book that focuses on jQuery Mobile, a 'touch-optimized' web framework for smartphones and tablets." Read below for the rest of sagecreek's review. Creating Mobile Apps With JQuery Mobile author Shane Gliser pages 234 pages publisher Packt Publishing rating 9/10 reviewer sagecreek ISBN 9781782160069 summary Takes the reader from mobile prototyping and creating templates to mobile development and creating versatile mobile sites, with a project in each chapter. Don't be surprised when you extract the book's code examples and related items from a ZIP file that is almost 100MB in size. Gliser covers a lot of ground, and he covers it well in his 10 chapters. And each chapter contains a project.

The first thing you don't do in Chapter 1, "Prototyping jQuery Mobile," is work at a computer. In the true spirit of UX, Gliser briefly has you work with a pen and some 3x5 note cards. (Remember those?) Your initial goal is to roughly sketch out some designs for a jQuery Mobile website for a new pizzeria. But why the ancient technology? "We are more willing to simply throw out a drawing that took less than 30 seconds to create," Gliser writes. And: "Actually sketching by hand uses a different part of the brain and unlocks our creative centers." Furthermore, those on your team who are not coders can contribute comments, suggestions, and corrections to the emerging design.

In Chapter 2, "A Mom-and-Pop Mobile Website," you step over to your computer with Chapter 1's paper prototype in hand. You start converting the sketched design "into an actual jQuery Mobile (jQM) site that acts responsively and looks unique." You also begin building "a configurable server-side PHP template," and you work with custom fonts, page curl effects using CSS, and other aspects of creating and optimizing a mobile site.

"Mobile is a very unforgiving environment," Gliser cautions, "and some of the tips in this section will make more difference than any of the 'best coding practices.'" Indeed, he wants you to be aware of optimization "at the beginning. You are going to do some awesome work and I don't want you or your stakeholders to think it's any less awesome, or slow, or anything else because you didn't know the tricks to squeeze the most performance out of your systems. It's never too early to impress people with the performance of your creations."

Chapter 3, "Analytics, Long forms, and Front-end Validation," moves beyond "dynamically link[ing] directly into the native GPS systems of iOS and Android." Instead, Gliser introduces how to work with Google static maps, Google Analytics, long and multi-page forms, and jQuery Validate. As for static maps, he says, "Remember to always approach things from the user's perspective. It's not always about doing the coolest thing we can." Indeed, a static map may be all the user needs to decide whether to drive to a business, such as a pizzeria, or just call for delivery. And, as for Google Analytics: "Every website should have analytics. If not, it's difficult to say how many people are hitting your site, if we're getting people through our conversion funnels, or what pages are causing people to leave our site."

Meanwhile, desktop users are familiar with (and frequently irritated by) long forms and multi-page forms. Lengthy forms can be real deal-breakers for users trying to negotiate them on mobile devices. The author presents some ways to shorten long forms and break them "into several pages using jQuery Mobile." And he emphasizes the importance of using the jQuery Validate plug-in to add validation to any page that has a form, so the user can see quickly and clearly that an entry has a problem.

The focus in Chapter 4, "QR Codes, Geolocation, Google Maps API, and HTML5 Video," is on handling concepts that can be "applied to any business that has multiple physical locations." Gliser uses a local movie theater chain as his development example. It is "considering throwing its hat into the mobile ring," so a site is created that makes use of QR codes, geolocation, Google Maps, and linking to YouTube movie previews. Then, he shows how to use embedded video to keep users on the movie chain's site rather than sending them off to YouTube.

In Chapter 5, the goal is "to create an aggregating news site based off social media." So the emphasis shifts to "Client-side Templating, JSON APIs, and HTML5 Web Storage." Notes Gliser: "Honestly, from a purely pragmatic perspective, I believe that the template is the perfect place for code. The more flexible, the better. JSON holds the data and the templates are used to transform it. To draw a parallel, XML is the data format and XSL templates are used to transform. Nobody whines about logic in XSL; so I don't see why it should be a problem in JS templates."

Next, he shows how to patch into Twitter's JSON API to get "the very latest set of trending topics" and "whittle down the response to only the part we want...and pass that array into JsRender for...well...rendering" in a manner that will be "a lot cleaner to read and maintain" than looping through JSON and using string concatenation to make the output.

Other topics in Chapter 5 include programmatically changing pages in jQuery Mobile, understanding how jQuery Mobile handles generated pages and Document Object Model (DOM) weight management, and working with RSS feeds. Gliser points out that there is still "a lot more information out there being fed by RSS feeds than by JSON feeds." The chapter concludes with looks at how to use HTML5 web storage (it's simple, yet it can get "especially tricky on mobile browsers"), and how to leverage the Google Feed API. Explains Gliser: "The Google Feeds (sic) API can be fed several options, but at its core, it's a way to specify an RSS or ATOM feed and get back a JSON representation."

Chapter 6 jumps into "the music scene. We're going to take the jQuery Mobile interface and turn it into a media player, artist showcase, and information hub that can be saved to people's home screens," Gliser writes. He proceeds to show how "ridiculously simple it can be to bring audio into your jQuery Mobile pages." And he explains how to use HTML5 manifest "and a few other meta tags" to save an app to the home screen. Furthermore, he discusses how to test mobile sites using "Google Chrome (since its WebKit) or IE9 (for the Windows Phone)" as browsers that are shrunken down to mobile size. "Naturally, this does not substitute for real testing," he cautions. "Always check your creations on real devices. That being said, the shrunken browser approach will usually get you 97.5 percent of the way there. Well...HTML5 Audio throws that operating model right out the window."

Since "mobile phones are quickly becoming our photo albums," Gliser's Chapter 7, "Fully Responsive Photography," begins with creating a basic gallery using Photoswipe. Then, in a section focused on "supporting the full range of device sizes," he shows how to start using responsive web design (RWD), "the concept of making a single page work for every device size." The issues, of course, range from image sizes and resolutions to text sizes and character counts per line, on screens as small as smart phones and tablets, or larger.

In Chapter 8, "Integrating jQuery Mobile into Existing Sites," three topics are key: (1) "Detecting mobile — server-side, client-side, and the combination of the two"; (2) "Mobilizing full site pages — the hard way"; and (3) Mobilizing full site pages — the easy way." Gliser avoids some potential "geek war" controversies over "browser sniffing versus feature detection" when detecting mobile devices. He zeroes in first on detection using WURFL for "server-side database-driven browser sniffing." He also shows how to do JavaScript-based browser sniffing, which he concedes may be "the worst possible way to detect mobile but it does have its virtues," especially if your budget is small and you want to exclude older devices that can't handle some new JavaScript templating. He also describes JavaScript-based feature detection using Modernizer, plus some other feature-detection methods.

As for mobilizing full-site pages "the hard way," he states that there is really "only one good reason: to keep the content on the same page so that the user doesn't have one page for mobile and one page for desktop. When emails and tweets and such are flying around, the user generally doesn't care if they're sending out the mobile view or the desktop view and they shouldn't." He focuses on how "it's pretty easy to tell what parts of a site would translate to mobile" and how to add data attributes to existing tags "to mobilize them. When jQuery's libraries are not present on the page, these attributes will simply sit there and cause no harm. Then you can use one of our many detection techniques to decide when to throw the jQM libraries in."

Mobilizing full-size pages "the easy way" involves, in his view, "nothing easier and cleaner than just creating a standalone jQuery Mobile page...and simply import the page we want with AJAX. We can then pull out the parts we want and leave the rest." His code samples show how to do this.

Chapter 9, "Content Management Systems and jQM" looks at the pros and cons of using three different content management systems (CMS) with jQuery Mobile: WordPress, Drupal, and Adobe Experience Manager. "The key to get up and running quickly with any CMS is, realizing which plugins and themes to use," Gliser writes. "For WordPress, I would not recommend a jQuery Mobile plugin. As I was experimenting for this chapter, it broke the admin interface and was, in general, a miserable experience. However, there are several jQuery Mobile themes that will serve you well. Some are free, some paid." He explains how to use mobile theme switchers.

Meanwhile, Drupal offers some standard plugins that provide contact forms, CAPTCHA, and custom database tables and forms, and enable you to "create full blown web apps, not just brochureware sites." But: "The biggest downside to Drupal is that it has a bit of a learning curve if yo want to tap its true power, Also, without some tuning, it can be a little slow and can really bloat your page's code," he says.

As for Adobe Experience Manager (AEM), Gliser merely introduces it as a "premier corporate CMS" and a "major CMS player that comes with complete jQuery Mobile examples." He doesn't show "how to install, configure, or code for AEM. That's a subject for several training manuals the size of this book." He adds: "If you work for a company that can afford AEM, you'll already be well-versed in the mobile implementation. The power this platform gives to content authors is astounding."

Chapter 10, the final chapter, is titled "Putting It All Together — Flood.FM." Using what you've learned in the book, including paper prototyping the interfaces, you create "a website where listeners will be greeted with music from local, independent bands across several genres and geographic regions."

Along the way, Gliser introduces Balsamiq, "a very popular UX tool for rapid prototyping." He discusses using Model-View-Controller (MVC), Model-View-ViewModel (MVVM), and Model-View-Whatever (MV*) development structures with jQuery Mobile. He introduces how to work with the Web Audio API , and he illustrates how to prompt users to download the Flood.FM app to their home screens. He finishes up with brief discussions of accelerometers, cameras, "APIs on the horizon," plus "To app or not to app, that is the question" and whether you should compile an app or not. Finally, he shows PhoneGap Build, the "cloud-based build service for PhoneGap."

Shane Gliser's book does indeed cover a lot of ground, clearly and with good examples. If you truly demand that some nits must be picked, I can report that an occasional dash is missing or a comma sometimes shows up out of place, such as this example in Chapter 2: "A practice is only best until a new practice, [misplaced comma] comes along that is better." In the printed book's table of contents, there are style and spelling glitches in the heading for Chapter 3. "Analytics, long forms, and frontend validation" should be "Analytics, Long Forms, and Front-end Validation." And, in Chapter 5, Gliser refers to the "Google Feeds API" when it's actually "Google Feed API." But the term "Google Feeds API" commonly is misused by developers on Stack Overflow and other sites.

I am not a mobile developer. I am a tech writer, frequent book reviewer, and occasional coder. I have played with some of the code examples in this book, but I have not tried them all. So I can't say if there are code glitches. However, the book was reviewed before publication by at least four software professionals with impressive resumes.

Aside from occasional spots where the text needed tighter editing, this book is, in my view, well written and rich with information, examples, sources, and tips for working effectively with jQuery Mobile. I intend to put it to good use as I continue learning.

You can purchase Creating Mobile Apps with jQuery Mobile from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "How would humanity fare in a universe filled with other sentient races and the technology for all of them to interact? If human history is any indication there would be conflict. That conflict would be between many groups that saw themselves as people and the rest as monsters. What that universe and those interactions would look like is a key theme in John Scalzi's Old Man's War series. The latest offering, The Human Division continues to dig deeply into a wide range of questions about what makes someone a person and how people treat one another at their best and worst." Keep reading for the rest of stoolpigeon's review. The Human Division author John Scalzi pages 432 publisher Tor Books rating 9/10 reviewer stoolpigeon ISBN 978-0765333513 summary Following the events of The Last Colony, John Scalzi tells the story of the fight to maintain the unity of the human race It's been five years since the publication of the last book in John Scalzi's Old Man's War series, Zoe's Tale. That entry saw Scalzi explore new ground with his first juvenile. The newest Old Man's War book is another first for Scalzi. The Human Division was released on the web as a serial prior to being published in a complete volume in hardback and as an e-book. This was planned from the start and made for an interesting experience as those who chose to purchase chapters as they came out worked through the book together.

I have to admit I skipped out on reading the chapters as they were released. It seemed like a fun thing to do but I wanted to see what it would all cost in the end. Scalzi repeatedly said that the fully compiled story would cost the same as buying it in parts but I wanted to see how it would play out. So I avoided on-line discussion of the chapters as they were released and when it became available about a week ago I purchased the e-book version. The price was basically the same, though buying the complete book was a couple bucks cheaper and did include some extra content. I'd already read a big part of that extra content as it had been available earlier via Tor.com.

From what I've read on Scalzi's blog, his experiment with serializing the book was a success from a business standpoint. And I got the impression that most readers enjoyed the process as they went along, though I did try to avoid most discussion as it was happening to avoid spoilers. Publishing stories in this manner has been around for a long time, but I think the results may encourage others to do the same and we may see more of this in the near future. Scalzi has already agreed to do season 2, or the next book, in the same fashion.

Reading it all at once, I could still appreciate that it was written this way. Each chapter is self contained to a large extent. There are glimpses into the lives of various characters, changes of setting, and some wonderful storytelling. It all fits together and is certainly a novel, not a collection of short stories, but much more episodic. I thought it allowed for a nice amount of flexibility in the flow of the story and I appreciated the end result even if I got it all in one package at the end.

Aside from interest in the method of delivery, I was very excited to read The Human Division for the story itself. I hadn't enjoyed Scalzi's last sci-fi outing, Redshirts and was really looking forward to his return to my favorite universe he has created. The Old Man's War series, fitting into the military sci-fi genre, has of course brought many comparisons between Scalzi and Heinlein. I imagine part of the enjoyment I get from Scalzi's books are that he does have some commonality with R.A.H. who is one of my favorite authors. But really Scalzi does have his own voice, style and message and this comes more and more to the fore as the series moves on. The Human Division has all of the excitement, action and wit that makes reading Scalzi so fun. I think his ability to put together strong dialogue is unparalleled. And it is still military sci-fi, with our main protagonist being a soldier. Yet the world is so much more complex and rich than a simple kill or be killed scenario that moves from one point of action to the next. And even what would be slow points in a book that used action to carry a lack of plot, are full of rewarding interaction. We get to know and care about characters, lose some all too quickly and feel a sense of real people engaging one another as opposed to cardboard cutouts.

I wouldn't put the Old Man's War books into the hard sci-fi category but they aren't just fantasy dropped into space either. Scalzi obviously gives some thought to settings and technology and so I find it easy to overlook some of the issues that are skipped over for the sake of story. In the end it is entertainment and interesting questions about people and society that draw me to these books, more than a desire to learn more about physics or astronomy.

I did read follow on comments after the series was complete and noticed a few people who felt that there was a cliffhanger ending. While the book does end with some larger scale issues unresolved, I think that to call it a cliffhanger is not really accurate. I found the ending to be an appropriate point of closure, to step away from the characters. As I would tell me kids if they have to pause a movie, it was a "good place to stop." If we followed everyone to the completion of all that was going on in their lives, the book would be immense. As it is, it is already a solid read. It might feel a bit abrupt to some as it does set up some questions that are left unanswered that normally would be in a more formulaic treatment, but I'm glad Scalzi left them rather than a hasty or awkward finish.

As I mentioned, there are two extra stories in the newly published compilation of all 13 chapters. They are After the Coup and Hafte Sorvalh Eats a Churro and Speaks to the Youth of Today and both can be downloaded for free at Tor.com. After the Coup actually takes place prior to the events in The Human Division and was originally made available earlier. It can be read before or after the book. Hafte Sorvalh Eats a Churro and Speaks to the Youth of Today is shorter but very sweet and let me finish the book with a smile.

I've enjoyed every entry in the OMW series and I am very pleased to see it continue strongly. While reading the previous books is not necessary to enjoying this one, I can't imagine not wanting to read the other four. If someone is unsure, feel free to start with The Human Division and if they enjoy it, jumping back and reading the others will still be very enjoyable. There will be some spoilers but I don't think they'll take much away from Scalzi's real strengths in these stories, which are much more driven by character than plot. I think Scalzi will stand as a sci-fi great for some time to come and it is a lot of fun to get to watch it happen rather than just idolizing the masters of the past.

You can purchase The Human Division from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "Had Locked Down: Information Security for Lawyers not been published by the American Bar Association (ABA) and 2 of its 3 authors not been attorneys; one would have thought the book is a reproach against attorneys for their obliviousness towards information security and privacy. In numerous places, the book notes that lawyers are often clueless when it comes to digital security. With that, the book is a long-overdue and valuable information security reference for anyone, not just lawyers." Read below for the rest of Ben's review. Locked Down: Information Security for Lawyers author Sharon Nelson, David Ries, John Simek pages 319 publisher American Bar Association rating 9/10 reviewer Ben Rothke ISBN 978-1614383642 summary Required reading for all lawyers Such a title is needed as the legal field has embraced digital technology. Wireless (often insecure) networks are pervasive in corporate offices throughout legal America.

The underlying problem is that while attorneys often know the intricacies of tort law, court proceedings and the like; they are utterly unaware of the information security and privacy risks surrounding the very technologies they are using. In many firms, the lawyers think that someone is protecting their data, but don't understand their requirements around those areas of data protection.

Legal IT systems are a treasure trove of personal data. Many small law firms are extremely attractive to identity thieves gives their systems have significant amount of personal information via social security numbers, credit card information, birth dates, financial information and much more. Small law firms are notorious for weak information security controls and attackers will scan those systems and networks for vulnerabilities.

A pervasive aspect of the book is ABA rule 1.6 regarding the confidentiality of information regarding client-lawyer relationships. The rule requires that a lawyer not reveal information relating to the representation of a client unless the client gives informed consent. The lawyer though can reveal information relating to the representation of a client to the extent the lawyer reasonably believes necessary. The myriad details of 1.6 can be left to the bar association to enforce, suffice to say that a lawyer can find themselves on the wrong side of the law if they are not careful with information security controls.

The authors note that although lawyers are all well aware of rule 1.6, the challenge is how to keep client data secure in the digital age. In a world of paper, things were much easier and cheaper This is why the authors note that so many otherwise competent layers fails so miserably in reference to their duty to maintain the confidentiality of digital client data.

The book quotes an ABA 2011 technology survey in which 21% of large law firms reported that their firm had experiences some sort of security breach, and 15% of all firms reported that they suffered a security breach. It is figures like those which show that attorneys really need to read this book and take the information to heart.

The books 17 chapters are in a readable 150 pages, with an additional 120 pages of appendices. Written in an easily understandable style and non-technical for the technologically challenge lawyer.

When it comes to the security of client data, in chapter 4 the authors write that encryption is a topic that most attorneys don't want to touch with a ten-foot pole. But it has reached a point where attorneys must understand how and when encryption should be used. Just as important, they need to know about key managements, and what good encryption is. The chapter provides a high-level detail on what needs to be done regarding encryption.

Chapter 13 is on secure disposal, is an important topic to everyone, and not just lawyers. Digital media needs to be effectively disposed of; and for many lawyers, they often think that means reformatting a hard drive or simply erasing files. The chapter effectively details the issues and offers numerous valuable hardware and software-based solutions.

Chapter 14 on outsourcing and cloud computing is an area where too many attorneys are oblivious to of the security and privacy risks. For example, the authors advise attorneys against the use of the free Gmail service since the terms of service allow Google to do anything it wants with the data. That opens a Pandora's Box when it comes to securing client data. The authors advise to use premium Google business versions, so attorneys can stay in control of their data with added security and privacy features.

Two omissions in chapters 13 and 14 are that the authors don't reference NAID (National Association for Information Destruction) or the CSA (Cloud Security Alliance (CSA).

Firms that outsource their digital disposal to non-NAID certified firms run the risk of having a glorified recycler do their work. As to NAID, it is an international trade association for companies providing information destruction services. NAIDs mission is to promote the information destruction industry and the standards and ethics of its member companies; while the mission of the CSA is to promote the use of best practices for providing security assurance within cloud computing and to provide education on the uses of cloud computing to help secure all other forms of computing.

The authors include many real-world stories and case law to reinforce their point.

The book closes with a number of appendices on various rules from the FTC, state information protection regulations, the SANS Institute glossary of security terms and more.

For the lawyer looking for an easy to read introduction to nearly everything they need to know about information security and privacy, the book is a great resource.

The book closes with the note that since lawyers have an ethical duty to protect their client's data, they have no choice but to keep themselves as well educated as possible.

For the attorney that wants to ensure their requirements remain current and are looking for an easy to read introduction about information security and privacy Locked Down: Information Security for Lawyers should be considered required reading.

Reviewed by Ben Rothke.

You can purchase Locked Down: Information Security for Lawyers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "One of the challenges in reading The Plateau Effect: Getting from Stuck to Success is figuring how to classify it. Amazon has it ranked mainly in applied psychology, but also time management and inexplicable personal finance. In some ways it is all of the above and more. In fewer than 300 pages, the authors reference myriad different areas of science, mathematics, psychology and more; in the effort to show the reader how they can elevate themselves from the stuff in life that glues them to the status quo." Read below for the rest of Ben's review. The Plateau Effect: Getting from Stuck to Success author Bob Sullivan and Hugh Thompson pages 320 publisher Dutton rating 8/10 reviewer Ben Rothke ISBN 978-0525952800 summary Book shows how to learn to identify plateaus and break through any stagnancy in your life. Full disclosure: I am friends with Hugh Thompson, one of the authors of this book.

With that, the premise of the book is that the plateau effect is something that affects everyone. We all have our ups and down in life, relationships, work and more. The book attempts to help the reader identify plateaus in their life, in order to break through them.

While a plateau is often simply flat terrain, the authors are all over the terrain in the book. They quote and reference liberally from science, statistics, life sciences, psychology, ethics, information technology and much more. From that end, the book is a fascinating and insightful read.

At the start of the book, the authors use the term acclimation to refer to the plateaus that many of us reach. This is the inability to notice changes in the environment around us. To a degree, acclimation is a critical element of our lives. If everything was brand new, life would be overwhelming; both to our senses and psyche. The downside is that this acclimation often leads us to accepting things the way they are, staying at the plateau, getting stuck and the inability to move forward.

The authors note that a real plateau means that you have stopped growing and that your mind and senses are being dulled by sameness; by a routine that sucks the life and soul out of you. Plateaus force you to make bad decisions and feel desperate. By understanding the force and tapping into it, you can get more out of life with less effort, and feel more in tune to your existence. If this scares you that the book sounds like a new-age title, relax, it is far from it, thankfully.

Chapter 3 is one of the many fascinating sections in the book where the authors detail the greedy algorithm, where the locally optimal choice is what is generally preferred. They tie this into the Gekko mantra of greed being good. But note that research has shown that long-term greed is good, but short-term greed, the type that maximizes the here and now seems to work for a while but almost always leads to a plateau. And as you realize, plateaus are bad.

Chapter 5 details flow mechanisms, step functions and choke points. Author Hugh Thompson is a mathematician and it's obvious this chapter is his baby. A choke point is a part of a system that breaks first and slows everything else down. The book notes that a common cause of plateaus is not recognizing when and where choke points will occur.

Chapter 6 is another fascinating chapter that details people's inability to effectively deal with risk. The example given is around shark attacks. While the risk of shark attack is extraordinarily low, the media often makes it seem like an epidemic, and the gullible populace overreacts. The authors give many examples of where people don't comprehend risk and statistics. The authors note that people buy lottery tickets, often described as a tax on the mathematically disinclined, despite knowing the odds. They also write that due to various factors, people and society have become overly risk-averse, not realizing how risky that is.

While not new, chapter 7 details the problems with multitasking and its illusions of productivity. The authors quote Jordon Grafman, chief of the cognitive neuroscience section of the National Institute of Neurological Disorders and Stroke who states that multitasking is actually a misnomer. He terms it rapid toggling between tasks. The downside to this rapid toggling is that people become less effective and productive. The reality they show is that people can't multitask.

While the book is indeed a fascinating and valuable read, some readers may find it somewhat frustrating that the authors at times can seem like they are all over the place, quoting and integrating different facets of science and psychology. While the theme of the book is plateaus, there is not always a discernible sense of unity between all of the examples.

Another lacking is the shortage of prescriptive actions the reader can take. For the reader who may be indifferent to their need for change, the book may not be of full value to then. It would have been appreciated if the authors could have created action items and exercises for each chapter.

But perhaps the best advice is on the 3rd to the last page of the book. The authors note that if your company is stuck and has plateaued, and unable to get past some vexing problems. What should you do? Tell the type A's in the room to be quiet for a while and set out some frontline introvert an ask for their advice. Giving voice to the quietest person in the room might be the most unique exercise a firm undertakes.

With that, The Plateau Effect: Getting from Stuck to Success is an extremely stimulating read. For the reader who wants to grow and move off their plateau, this will certainly help them. The book promises to help the reader unstick themselves from the things in life that weigh them down. It certainly lives up to its promise and makes for a fascinating read.

About the reviewer: Ben Rothke.

You can purchase The Plateau Effect: Getting from Stuck to Success from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Nerval's Lobster writes "Eric Schmidt and Jared Cohen begin their new nonfiction book, The New Digital Age, with a rather bold pronouncement: 'The Internet is the largest experiment involving anarchy in history.' Subsequent chapters deal with how that experiment will alter life in decades to come, as more and more people around the world connect to the Internet via cheap mobile phones and other devices." Keep reading to see what Nerval's Lobster has to say about the book. The New Digital Age: Reshaping the Future of People, Nations and Business author Eric Schmidt, Jared Cohen pages 336 publisher Knopf rating 7/10 reviewer Nerval's Lobster ISBN 0307957136 summary A survey of how the coming technological revolutions could look. The authors aren’t shy in suggesting that the Internet will ultimately change lives for the better. In fact, any other position would have been odd: Schmidt is chairman of Google, and Cohen director of Google Ideas. While they quote a number of very opinionated people throughout the book—including Henry Kissinger, who offers the realpolitik version of “Get off my lawn,” and Android designer Andy Rubin—the pair always come back to the same conclusion: that the cloud will grow, that the cloud will store more data, that the cloud will offer more features, that the cloud is good, good, good.

Of course, Schmidt and Cohen extolling the virtues of the cloud is like two corporate board-members of McDonald’s insisting that burgers are delicious and everyone in the world should eat them three times a day. They talk about data permanence and its effect on attempts to safeguard privacy, but they never suggest IT companies find a way to delete data in a permanent way (even though a number of entities are debating “right to be forgotten” legislation). They suggest that future governments could upload all their data to the cloud for safekeeping, but never really delve into the privacy and security concerns that would come with such a move. One wonders how much the pair’s respective tenures at Google, which profits enormously from data permanence and cloud storage, have affected their vision in these pages.

Indeed, the authors remain so wedded to their thesis—that the Internet will reach the majority of the world’s population in coming years, forcing massive but ultimately positive changes—that they end up making contrarian arguments at moments, depending on context. Midway through the book, for example, they suggest that the prevalence of mobile devices and the cloud will reduce the number of “massacres on a genocidal scale,” although “discrimination will likely worsen and become more personal.” Several pages later, however, the authors suggest that connectivity “encourages and enables altruistic behavior,” and that activism will increase when more people realize they can simply click or tap an onscreen button to contribute to a cause.

Smoothing out these colliding positions would have been a simple matter of acknowledging that human beings are complex, and that different groups will engage in wildly different behaviors with the same tools. But Schmidt and Cohen never dip into the human side of things, or explore the effect of technology on psychology; and as a result, the book at times feels disjointed.

They also fail to mention how the coming ubiquity of the Internet will flood the world with more data “noise.” Instead, they imply that all interactions are useful, regardless of the information being shared. “Activists in the future will benefit from the collective knowledge of other activists and people around the world,” they write at one point, without really digging into the main issue that comes with that connectivity: deciding which 1 percent of inbound “knowledge” is actually useful at that moment.

Along those same lines, they tout crowdsourcing as something that can “produce more comprehensive and accurate information, help track down wanted criminals and create demand for accountability,” without mentioning how such a tool can fail in spectacularly messy ways—witness what happened in the wake of the Boston Marathon bombings, in which the hive-mind on Reddit seized on innocent bystanders as suspects.

That’s not to say that Schmidt and Cohen avoid all the negatives that will surely come with the next generation of technology. They devote considerable space to the dank underbelly of the future Internet, from virtual “identity kidnappings” to state-sponsored cyber-attacks. Yet they never plunge into some of the thornier ethical and philosophical conundrums attached to some of those situations. Even the ramifications of drone warfare are largely waved away: “Asymmetric encounters in combat will continue to pose unpredictable challenges for even the most sophisticated technologies.” That’s pretty dry language for collateral damage and death.

The New Digital Age is worth reading as a survey of how the future could look. But it may leave you wishing for a book that explored, in a more thorough manner, the inevitable mess that the coming technological revolutions will leave in their wake.

You can purchase The New Digital Age: Reshaping the Future of People, Nations and Business from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

"Quirky.com has generated a lot of buzz," writes frequent contributor Bennett Haselton, "but it's hard to see how it could ever be more than a novelty unless they change two key features of their process. Fortunately, they already have all the infrastructure in place for bringing inventions to fruition, so that with these two changes, Quirky really could deliver on their early promise to change the way products get invented." Read on for Bennett's thoughts — which seem more sensible than quirky.

You've probably read about Quirky in one of many articles that read like valentines to the company and the concept. I do think the vision is brilliant — regular people who have smart ideas, but no experience with patents or marketing, partner with an invention company that manufacturers the product and splits the profits with them. But the hype seems oddly out of proportion to what Quirky actually makes — if you received a catalog in the mail with pictures of these products, would you remember the catalog a week later?

OK, I know, the hype is based not on the products, but on the process — regular people getting a shot at inventor stardom. Certainly the fairy tale has come true for some of the community inventors (who, not surprisingly, are spotlighted by Quirky quite a bit). But if you look at the overall numbers, the "About Quirky" page claims a community of "399,000 inventors" and "325 products developed," a pair of statistics that may reveal more than they intended — and indeed the odds are even worse than that, since only 74 of those products are being sold in their store and making the inventors any money, and only about half of those have made the inventor $10,000 or more. (For reasons explained here, some products selected by Quirky never actually get manufactured.) If you're tempted to think that it's a meritocracy and those 74 products really are the best ones anyone has ever submitted -- do you really think the Glide knife cleaner (12 units sold so far) is more useful than the nearly 400,000 other ideas people have sent in?

So if the products themselves are not changing the world, and from the "community inventor's" point of view it's a lottery that most of them have no chance of winning, then what is the big deal about Quirky?

Not surprisingly, there is an undercurrent of frustration that keeps bubbling to the surface on the Quirky message boards — frustration with the high odds against winning, and the lack of transparency about what products do make it. But I think the frustration can be traced back to two key problems with Quirky's process — both of which could be fixed (one of them quite easily), and which could take the arbitrariness and lack of transparency out of the selection process, and result in more inventions getting selected, all while making Quirky more money.

First, in the existing system, a user submitting a new idea probably doesn't realize that less than 1 in 1000 submissions goes on to be selected by Quirky as one of that week's "winners," and only about 1 in 10,000 ideas has ever gone on to make the inventor more than $10,000. On this page you can see a scrolling list of the most recent submissions; I wrote a script to poll that feed and count up the new submissions as they appeared, and the total averages about 1,500 per week. Of these, only two get selected by Quirky at their weekly staff meeting, and, as noted above, most of the selected winners do not end up in their store anyway.

Quirky also charges $10 for each idea submission, which comes to $15,000 per week, or about $150 per employee — hardly enough for each of them to live on, but not trivial. According to the text I copied from an old version of Quirky's FAQ: "We ask for $10 when submitting an idea for three simple reasons: to make sure you are serious about your submission, to be sure that you're an actual human, and most importantly: to assure that the quality of submissions remains high." Notably missing from that list was "To make Quirky some extra money." But from my experience when running a paid service that offered the first month at a reduced rate, asking for $1 and asking for $10 achieved about the same goal of filtering out the people who weren't serious.

Now, however, Quirky's FAQ answers that question by saying:

Well, you've got to ante up to give your idea the fair shot it deserves. Best case scenario? Your $10 investment takes your idea from a tiny sketch to a professionally manufactured product found on shelves worldwide, earning you a heckuva lot more. Worst case? That 10 bucks gets you extensive community feedback on who liked and didn't like your idea, which serves as focused consumer market research. You then have the option to resubmit your idea, or you can use the feedback you received to make it on your own.

That's not a trivial change, because that statement is actually wrong — the $10 doesn't "get you" any "community feedback". Which brings me to the next problem with Quirky's current system.

When I gave Quirky a test drive by submitting an idea for a standalone smartphone-battery recharger (something I wished for in my article about the usefulness of spare batteries), after I submitted the idea and my payment, I was left on a page without any information about what to do next. How, I wondered, was I supposed to get "votes" for my idea without spamming the message boards or other users? The FAQ didn't — and still doesn't — answer this question, odd for something that would be one of the first things on every submitter's mind. But it referred me to the forums, where I found a post by quirky user Matthew Fleming, whose invention was actually picked up by Quirky, summarizing advice from himself and other Quirky experts on how to get votes (and, presumably, how he himself did it):

"(1) Posting your idea is the designated Pimping Zone. [dead link]
(2) Getting your Facebook friends or Twitter followers to check out your idea.
(3) Promoting to all other people off site (including Google Adwords, Facebook Ads, Reddit, emailing, texting & calling your friends, finding relevant forums elsewhere online).
(4) Putting links to your idea in your profile, then being active in other areas of the site, such as helping other people's. People may check out your profile and look at your ideas.
(5) When adding a link to your submission in # 1 or 4, make sure your link is clickable typing in the html code (OR you can use this handy link generator to generate the HTML code to then paste directly into your post).
(6) Promote in other Quirky hangouts, like:
Quirky Inventors on Facebook
As Seen On Facebook [dead link]
Quirky Products on Facebook"

My heart sank like a rock when I read those words. Here I had really believed that — despite the considerable odds against any given submission making it into the production stage — Quirky at least had a system in place for identifying the best ones. But it turned out that those who had played the game successfully were basically admitting that the only way to win was to act as an unpaid Quirky promoter to your friends. And more to the point, it meant that the winners would not be the best inventions, but rather just the inventions that met the minimum requirement of not being embarrasingly stupid, whose inventors were the best at playing the promotion game.

So it is in fact misleading to say that the $10 entry fee "gets you" any community feedback. The only way to get community feedback is to try bringing up your idea in forum threads (which risks pissing people off if you violate some rules that are never clearly explained), to post it in designated areas where idea flooding is encouraged (which are clogged to the point of uselessness from everybody else doing the same thing), or to recruit new people under you in the Quirky pyramid.

I didn't do any of those things, so my idea got a grand total of 8 views and 3 votes, before expiring at the end of the 30-day vote-gathering window. Far from being surprised that I got so few views, on the contrary I don't even have any idea where those 8 views came from, since I didn't rope in any of my friends to sign up and vote for me.

If Quirky wants to essentially limit the winners to people who agree to promote Quirky to their friends, that's their right, but then they shouldn't claim that their system actually identifies the best new ideas, or even what "the community" thinks are the best new ideas.

Meanwhile, the products that do make it into production, seem to bear out the prediction above — they're good, but not great, and many of them look like they made it as a result of a combination of luck and playing the promotion game. The $13 "Pluck" egg yolk separator looks cool, but do you really need it when the grocery store sells an egg separator for $1.59? Well, I don't cook much, so maybe I'm more qualified to evaluate electronics accessories. I actually did just order one of Quirky's "Cordies" for holding cord extensions on your desktop (if it works out, I can let you know in a follow-up to my much-beloved article about low-tech hacks!), but there are gizmos on Amazon that do the same thing. The Pivot Power Strip also looks cool, but it seems simpler to me just to use power strip liberators, which are cheaper per-plug, can be divided across multiple rooms, and light up to show when the power is running.

And the truth is that of all the gadgets I saw in the Quirky store, there's nothing I would choose over having a portable charger for spare cell phone batteries. I may be biased, but what would you rather have — effectively unlimited phone battery life, or an egg yolk separator that happens to look like an egg?

What's frustrating about all of this is that there are two simple changes that Quirky could make to their selection system, which would immediately make the "promotion game" obsolete, and almost by definition would select the inventions that the greatest number of people would actually buy. The first change is the same basic system that I've advocated for reforming the White House "We The People" website, for halting cheating on news aggregator sites, for detecting abusive content on Facebook, and multiple other problems: random-sample voting. In other words, when you submit a new idea to Quirky, the idea would also be presented to, say, 20 other users selected at random. Each user votes on whether they would buy the product if it went into production. (Quirky could simply require that, as a condition of keeping your account active, you have to vote when they ask you to.) The ideas that get the most "yes" votes out of those 20 randomly selected users, are judged to be the most marketable. (Well, 20 is a small enough sample that some would get high ratings just as a statistical fluke, but an invention that cleared the first hurdle could then be sent to a voting panel of 100 users.)

Of course, users who have expertise in particular fields, could weigh in at any time to point out that an invention would be impractical, illegal, in violation of someone else's patent, or redundant given another product already on the market. But to answer the basic question of how many people would buy a product if it cleared all those other hurdles, asking a random sample of users is a rather more valid research method than "texting & calling your friends".

Unusually for one of my "random-sample-voting" lobbying efforts, someone has already made essentially the same point on the Quirky message boards — community inventor Clinton Fleenor wrote a post making essentially the same argument. I would quibble with him in a couple of points (there's no reason to bring in "a million+ impartial, non-submitting voters" per day, since a smaller sample size is good enough), but he got the key point exactly right:

"What happens if the system is distributing the submissions to voters one at a time instead of allowing voters to self-select?
Answer: No submissions are buried."

(Clinton's posts since that date have expressed an increasing disgust with the process, most recently calling Quirky "glaze-eyed lazy asses" — and this was from someone who actually won at their game. You can imagine how the people feel who don't win.)

In fact, you could even use the random sampling method to ask people not just whether they would buy a product, but to give them the option to pre-order it, Kickstarter-style, with the money to be returned if the product doesn't get enough pre-orders to justify production. Which leads to the second change that could revolutionize how Quirky works: Rather than picking two "winning" products every week, put every product into production that receives enough votes and/or pre-orders to indicate that it would be profitable.

For example, suppose you have an idea that can be made and sold for $10 per unit, but only if the product sells 10,000 units or more. Assume there are 100,000 Quirky users who can be polled to ask if they are potential buyers. Quirky takes your idea and presents it to 100 randomly selected users, and asks them to pre-order it for $10 if they're interested. If 20 of those 100 users do in fact pre-order, then Quirky presents the idea to all of their 100,000 product-buying user base. Assuming that the original sample of 100 was representative of the population of 100,000, then they would expect that 20,000 users would also pre-order. Now you've exceeded the minimum required order of 10,000 and the product can go into production. On the other hand, suppose only 5 people pre-order out of that sample of 100. Then Quirky could expect that out of their total population of 100,000, only about 5,000 would pre-order the product — not enough to justify production, so they never push the pre-order to the rest of their customers, and the original 5 who placed their pre-order would get their money back.

More realistically, suppose Quirky makes most of their sales through retail and not to their own users, but they also know that sales to their own users are a good predictor of retail sales — for example, that they sell 3 times as many of a product through retailers as they do to their own built-in user base. Then if a product has to sell 10,000 units to be profitable, they put it into production if they determine, via random sampling, that they would sell at least 2,500 units to their own users, and count on roughly 7,500 more orders from retail shoppers.

This system has several desirable features:

• If an idea doesn't appeal to a high enough percentage of the user base (as determined by asking the random sample that are asked to pre-order), then the vast majority of users never get bothered with the pre-order request, since it dies after not making it past the hurdle of the initial 100.
• On the other hand, if there are enough potential buyers among the user population, then barring any statistical flukes, the initial sample of 100 randomly selected users will reveal that. Thus almost all of the time, any idea that does get pushed to the entire user population, will get enough pre-orders at that point to go into production.
• The system can't be "gamed" by promotional shenanigans like "texting & calling your friends".
• It's scalable — any product that receives enough pre-orders to guarantee the desired profit, can go into production, no matter how many such products clear that threshold in any given week.

(If Quirky's patent lawyers are in danger of getting overwhelmed from all the ideas that clear the pre-order hurdle every week, the idea is still scalable for any invention where there's enough profit to pay for the lawyers. Suppose it takes $2,000 worth of lawyer-time to clear all the patents and other paperwork to market an invention. Then any invention that gets enough pre-orders to pay for the production cost, plus $2,000 for the lawyer, can still go to manufacturing. That process can be repeated as many times per week if you want, as long as there are lawyers who want the work.)

Kickstarter doesn't use random-sample-voting to identify the best ideas on their site, but they do use pre-orders to solve the scalability problem -- if enough people make a pre-order pledge on Kickstarter to meet the project's minimum funding requirements, the project goes ahead (and if the fundraising goal is not met, everyone who pledged gets their money back). Kickstarter doesn't pick "winners"; if you meet your funding requirement, you "win," and there's no limit on how many projects can be successfully funded in a given week. So I wasn't surprised to see that Kickstarter has funded over 39,000 projects successfully compared to Quirky's 326. (Yes, that's apples and oranges, since many Kickstarter projects are easier to complete than putting a Quirky invention into production — but still, given the buzz that both companies are receiving these days, would you have guessed that one of them has funded over 100 times more projects successfully than the other one?)

So those are my suggestions to Quirky: Use random-sample voting to get an initial reading for the merits of an idea (very easy), and then use Kickstarter-style pre-orders to secure funding for any marketable invention, not just a limited number of weekly "winners" (a much bigger overhaul, but a good long-term goal). If they appropriate my suggestions, I promise not to organize any protest demonstrations outside their headquarters demanding credit. In fact, given how unfair their current system is to the inventors ponying up $10 each to play their lottery, we should probably stage a protest outside their office if they don't take these ideas.

"Quirky.com has generated a lot of buzz," writes frequent contributor Bennett Haselton, "but it's hard to see how it could ever be more than a novelty unless they change two key features of their process. Fortunately, they already have all the infrastructure in place for bringing inventions to fruition, so that with these two changes, Quirky really could deliver on their early promise to change the way products get invented." Read on for Bennett's thoughts — which seem more sensible than quirky.

You've probably read about Quirky in one of many articles that read like valentines to the company and the concept. I do think the vision is brilliant — regular people who have smart ideas, but no experience with patents or marketing, partner with an invention company that manufacturers the product and splits the profits with them. But the hype seems oddly out of proportion to what Quirky actually makes — if you received a catalog in the mail with pictures of these products, would you remember the catalog a week later?

OK, I know, the hype is based not on the products, but on the process — regular people getting a shot at inventor stardom. Certainly the fairy tale has come true for some of the community inventors (who, not surprisingly, are spotlighted by Quirky quite a bit). But if you look at the overall numbers, the "About Quirky" page claims a community of "399,000 inventors" and "325 products developed," a pair of statistics that may reveal more than they intended — and indeed the odds are even worse than that, since only 74 of those products are being sold in their store and making the inventors any money, and only about half of those have made the inventor $10,000 or more. (For reasons explained here, some products selected by Quirky never actually get manufactured.) If you're tempted to think that it's a meritocracy and those 74 products really are the best ones anyone has ever submitted -- do you really think the Glide knife cleaner (12 units sold so far) is more useful than the nearly 400,000 other ideas people have sent in?

So if the products themselves are not changing the world, and from the "community inventor's" point of view it's a lottery that most of them have no chance of winning, then what is the big deal about Quirky?

Not surprisingly, there is an undercurrent of frustration that keeps bubbling to the surface on the Quirky message boards — frustration with the high odds against winning, and the lack of transparency about what products do make it. But I think the frustration can be traced back to two key problems with Quirky's process — both of which could be fixed (one of them quite easily), and which could take the arbitrariness and lack of transparency out of the selection process, and result in more inventions getting selected, all while making Quirky more money.

First, in the existing system, a user submitting a new idea probably doesn't realize that less than 1 in 1000 submissions goes on to be selected by Quirky as one of that week's "winners," and only about 1 in 10,000 ideas has ever gone on to make the inventor more than $10,000. On this page you can see a scrolling list of the most recent submissions; I wrote a script to poll that feed and count up the new submissions as they appeared, and the total averages about 1,500 per week. Of these, only two get selected by Quirky at their weekly staff meeting, and, as noted above, most of the selected winners do not end up in their store anyway.

Quirky also charges $10 for each idea submission, which comes to $15,000 per week, or about $150 per employee — hardly enough for each of them to live on, but not trivial. According to the text I copied from an old version of Quirky's FAQ: "We ask for $10 when submitting an idea for three simple reasons: to make sure you are serious about your submission, to be sure that you're an actual human, and most importantly: to assure that the quality of submissions remains high." Notably missing from that list was "To make Quirky some extra money." But from my experience when running a paid service that offered the first month at a reduced rate, asking for $1 and asking for $10 achieved about the same goal of filtering out the people who weren't serious.

Now, however, Quirky's FAQ answers that question by saying:

Well, you've got to ante up to give your idea the fair shot it deserves. Best case scenario? Your $10 investment takes your idea from a tiny sketch to a professionally manufactured product found on shelves worldwide, earning you a heckuva lot more. Worst case? That 10 bucks gets you extensive community feedback on who liked and didn't like your idea, which serves as focused consumer market research. You then have the option to resubmit your idea, or you can use the feedback you received to make it on your own.

That's not a trivial change, because that statement is actually wrong — the $10 doesn't "get you" any "community feedback". Which brings me to the next problem with Quirky's current system.

When I gave Quirky a test drive by submitting an idea for a standalone smartphone-battery recharger (something I wished for in my article about the usefulness of spare batteries), after I submitted the idea and my payment, I was left on a page without any information about what to do next. How, I wondered, was I supposed to get "votes" for my idea without spamming the message boards or other users? The FAQ didn't — and still doesn't — answer this question, odd for something that would be one of the first things on every submitter's mind. But it referred me to the forums, where I found a post by quirky user Matthew Fleming, whose invention was actually picked up by Quirky, summarizing advice from himself and other Quirky experts on how to get votes (and, presumably, how he himself did it):

"(1) Posting your idea is the designated Pimping Zone. [dead link]
(2) Getting your Facebook friends or Twitter followers to check out your idea.
(3) Promoting to all other people off site (including Google Adwords, Facebook Ads, Reddit, emailing, texting & calling your friends, finding relevant forums elsewhere online).
(4) Putting links to your idea in your profile, then being active in other areas of the site, such as helping other people's. People may check out your profile and look at your ideas.
(5) When adding a link to your submission in # 1 or 4, make sure your link is clickable typing in the html code (OR you can use this handy link generator to generate the HTML code to then paste directly into your post).
(6) Promote in other Quirky hangouts, like:
Quirky Inventors on Facebook
As Seen On Facebook [dead link]
Quirky Products on Facebook"

My heart sank like a rock when I read those words. Here I had really believed that — despite the considerable odds against any given submission making it into the production stage — Quirky at least had a system in place for identifying the best ones. But it turned out that those who had played the game successfully were basically admitting that the only way to win was to act as an unpaid Quirky promoter to your friends. And more to the point, it meant that the winners would not be the best inventions, but rather just the inventions that met the minimum requirement of not being embarrasingly stupid, whose inventors were the best at playing the promotion game.

So it is in fact misleading to say that the $10 entry fee "gets you" any community feedback. The only way to get community feedback is to try bringing up your idea in forum threads (which risks pissing people off if you violate some rules that are never clearly explained), to post it in designated areas where idea flooding is encouraged (which are clogged to the point of uselessness from everybody else doing the same thing), or to recruit new people under you in the Quirky pyramid.

I didn't do any of those things, so my idea got a grand total of 8 views and 3 votes, before expiring at the end of the 30-day vote-gathering window. Far from being surprised that I got so few views, on the contrary I don't even have any idea where those 8 views came from, since I didn't rope in any of my friends to sign up and vote for me.

If Quirky wants to essentially limit the winners to people who agree to promote Quirky to their friends, that's their right, but then they shouldn't claim that their system actually identifies the best new ideas, or even what "the community" thinks are the best new ideas.

Meanwhile, the products that do make it into production, seem to bear out the prediction above — they're good, but not great, and many of them look like they made it as a result of a combination of luck and playing the promotion game. The $13 "Pluck" egg yolk separator looks cool, but do you really need it when the grocery store sells an egg separator for $1.59? Well, I don't cook much, so maybe I'm more qualified to evaluate electronics accessories. I actually did just order one of Quirky's "Cordies" for holding cord extensions on your desktop (if it works out, I can let you know in a follow-up to my much-beloved article about low-tech hacks!), but there are gizmos on Amazon that do the same thing. The Pivot Power Strip also looks cool, but it seems simpler to me just to use power strip liberators, which are cheaper per-plug, can be divided across multiple rooms, and light up to show when the power is running.

And the truth is that of all the gadgets I saw in the Quirky store, there's nothing I would choose over having a portable charger for spare cell phone batteries. I may be biased, but what would you rather have — effectively unlimited phone battery life, or an egg yolk separator that happens to look like an egg?

What's frustrating about all of this is that there are two simple changes that Quirky could make to their selection system, which would immediately make the "promotion game" obsolete, and almost by definition would select the inventions that the greatest number of people would actually buy. The first change is the same basic system that I've advocated for reforming the White House "We The People" website, for halting cheating on news aggregator sites, for detecting abusive content on Facebook, and multiple other problems: random-sample voting. In other words, when you submit a new idea to Quirky, the idea would also be presented to, say, 20 other users selected at random. Each user votes on whether they would buy the product if it went into production. (Quirky could simply require that, as a condition of keeping your account active, you have to vote when they ask you to.) The ideas that get the most "yes" votes out of those 20 randomly selected users, are judged to be the most marketable. (Well, 20 is a small enough sample that some would get high ratings just as a statistical fluke, but an invention that cleared the first hurdle could then be sent to a voting panel of 100 users.)

Of course, users who have expertise in particular fields, could weigh in at any time to point out that an invention would be impractical, illegal, in violation of someone else's patent, or redundant given another product already on the market. But to answer the basic question of how many people would buy a product if it cleared all those other hurdles, asking a random sample of users is a rather more valid research method than "texting & calling your friends".

Unusually for one of my "random-sample-voting" lobbying efforts, someone has already made essentially the same point on the Quirky message boards — community inventor Clinton Fleenor wrote a post making essentially the same argument. I would quibble with him in a couple of points (there's no reason to bring in "a million+ impartial, non-submitting voters" per day, since a smaller sample size is good enough), but he got the key point exactly right:

"What happens if the system is distributing the submissions to voters one at a time instead of allowing voters to self-select?
Answer: No submissions are buried."

(Clinton's posts since that date have expressed an increasing disgust with the process, most recently calling Quirky "glaze-eyed lazy asses" — and this was from someone who actually won at their game. You can imagine how the people feel who don't win.)

In fact, you could even use the random sampling method to ask people not just whether they would buy a product, but to give them the option to pre-order it, Kickstarter-style, with the money to be returned if the product doesn't get enough pre-orders to justify production. Which leads to the second change that could revolutionize how Quirky works: Rather than picking two "winning" products every week, put every product into production that receives enough votes and/or pre-orders to indicate that it would be profitable.

For example, suppose you have an idea that can be made and sold for $10 per unit, but only if the product sells 10,000 units or more. Assume there are 100,000 Quirky users who can be polled to ask if they are potential buyers. Quirky takes your idea and presents it to 100 randomly selected users, and asks them to pre-order it for $10 if they're interested. If 20 of those 100 users do in fact pre-order, then Quirky presents the idea to all of their 100,000 product-buying user base. Assuming that the original sample of 100 was representative of the population of 100,000, then they would expect that 20,000 users would also pre-order. Now you've exceeded the minimum required order of 10,000 and the product can go into production. On the other hand, suppose only 5 people pre-order out of that sample of 100. Then Quirky could expect that out of their total population of 100,000, only about 5,000 would pre-order the product — not enough to justify production, so they never push the pre-order to the rest of their customers, and the original 5 who placed their pre-order would get their money back.

More realistically, suppose Quirky makes most of their sales through retail and not to their own users, but they also know that sales to their own users are a good predictor of retail sales — for example, that they sell 3 times as many of a product through retailers as they do to their own built-in user base. Then if a product has to sell 10,000 units to be profitable, they put it into production if they determine, via random sampling, that they would sell at least 2,500 units to their own users, and count on roughly 7,500 more orders from retail shoppers.

This system has several desirable features:

• If an idea doesn't appeal to a high enough percentage of the user base (as determined by asking the random sample that are asked to pre-order), then the vast majority of users never get bothered with the pre-order request, since it dies after not making it past the hurdle of the initial 100.
• On the other hand, if there are enough potential buyers among the user population, then barring any statistical flukes, the initial sample of 100 randomly selected users will reveal that. Thus almost all of the time, any idea that does get pushed to the entire user population, will get enough pre-orders at that point to go into production.
• The system can't be "gamed" by promotional shenanigans like "texting & calling your friends".
• It's scalable — any product that receives enough pre-orders to guarantee the desired profit, can go into production, no matter how many such products clear that threshold in any given week.

(If Quirky's patent lawyers are in danger of getting overwhelmed from all the ideas that clear the pre-order hurdle every week, the idea is still scalable for any invention where there's enough profit to pay for the lawyers. Suppose it takes $2,000 worth of lawyer-time to clear all the patents and other paperwork to market an invention. Then any invention that gets enough pre-orders to pay for the production cost, plus $2,000 for the lawyer, can still go to manufacturing. That process can be repeated as many times per week if you want, as long as there are lawyers who want the work.)

Kickstarter doesn't use random-sample-voting to identify the best ideas on their site, but they do use pre-orders to solve the scalability problem -- if enough people make a pre-order pledge on Kickstarter to meet the project's minimum funding requirements, the project goes ahead (and if the fundraising goal is not met, everyone who pledged gets their money back). Kickstarter doesn't pick "winners"; if you meet your funding requirement, you "win," and there's no limit on how many projects can be successfully funded in a given week. So I wasn't surprised to see that Kickstarter has funded over 39,000 projects successfully compared to Quirky's 326. (Yes, that's apples and oranges, since many Kickstarter projects are easier to complete than putting a Quirky invention into production — but still, given the buzz that both companies are receiving these days, would you have guessed that one of them has funded over 100 times more projects successfully than the other one?)

So those are my suggestions to Quirky: Use random-sample voting to get an initial reading for the merits of an idea (very easy), and then use Kickstarter-style pre-orders to secure funding for any marketable invention, not just a limited number of weekly "winners" (a much bigger overhaul, but a good long-term goal). If they appropriate my suggestions, I promise not to organize any protest demonstrations outside their headquarters demanding credit. In fact, given how unfair their current system is to the inventors ponying up $10 each to play their lottery, we should probably stage a protest outside their office if they don't take these ideas.

benrothke writes "When I first heard about the book The Death of the Internet, it had all the trappings of a second-rate book; a histrionic title and the fact that it had nearly 50 contributors. I have seen far too many books that are pasted together by myriad disparate authors, creating a jerry-rigged book with an ISBN, but little value or substance. The only negative thing about the book is the over the top title, which I think detracts from the important message that is pervasive in it. Other than that, the book is a fascinating read. Editor Markus Jakobsson (Principal Scientist for Consumer Security at PayPal) was able to take the collected wisdom from a large cross-section of expert researchers and engineers, from different countries and nationalities, academic and corporate environments, and create an invaluable and unique reference." Read below for the rest of Ben's review. The Death of the Internet author Markus Jakobsson pages 392 publisher Wiley-IEEE Computer Society Press rating 9/10 reviewer benrothke ISBN 978-1118062418 summary Excellent reference on current Internet security threats The premise of the book is that the Internet is a cesspool of inefficient management and vulnerabilities that threaten to undermine its use.

In the preface, Jakobsson asks the obvious question: is the title a joke? He writes that ultimately, if the Internet can't be secured, and that the underlying amount of crime and fraud make the Internet useless and dangerous, then it indeed will lead to the tipping point where the result would be the death of the Internet. Where is that point? Nobody knows.

Chapter 1 observes that if a hostile country or organization wants to hurt us, they may find that the easiest way of doing so is by attacking the Internet, and our very dependence on the Internet invites attacks. We are more vulnerable to these attacks as our dependence on the Internet grows.

Chapter 3 provides an in-depth look at how criminals profit off the Internet and provides an intriguing overview of how click fraud works. While the click fraud rate at one point was as high as 30%, it is still in the range of 20%. The book notes that while the overall click fraud rate has been on the decline, there is the emergence of new schemes and those that focus on display ads. The click fraud schemes are so effective that the fraudsters are operating large scale automated attacks in a way that is difficult for the ad networks to distinguish between fraudulent and real clicks, thus producing high revenue for the fraudsters.

The chapter also provides an interesting look at the malware industry. It notes that malware development and distribution is highly organized and controlled by criminal groups that have formalized and implemented business models to automate cybercrime. The authors detail the interaction between the various components in a typical cybercrime business model, in which individual groups of criminals coordinate their efforts. The outcome is a product known as CaaS – crimeware as a service.

Many have often called the Internet the Wild West. Chapter 4 details the Internet infrastructure and cloud, in which the amorphous cloud images may help fuel the false perception that the Internet is a lawless and unaccountable entity that exists beyond policy. The book notes that what is breaking the Internet is not lack of policy, but lack of enforcement and accountability. Internet criminals appears to exists outside the policy structure when the reality is that they are embedded in it and their livelihood in fact depends on the Internet functioning regularly, quickly and efficiently.

While much of the book is focused on cybercrime and fraud, the book also points fingers at ICANN (Internet Corporation for Assigned Names and Numbers) for in some ways facilitating this Internet crime wave. ICANN is the organization that coordinates the Domain Name System (DNS), Internet Protocol (IP) addresses, space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions. Their premise is that ICANN is more interested in generating revenue and profits than in security.

Due to systemic failures, cybercriminals often hide behind false WHOIS information held by Registrars who do not perform adequate due diligence or enforcement. This is primarily due to the fact that the more domain names that are sold create more revenue for the Registrars. Chapter 4 notes that this weak oversight by ICANN is also one of the biggest threats to the stability of the Internet. The chapter quotes a Godaddy executive who stated that proactive measures to make Internet registries more accurate would not be affordable or useful.

The book provides an analysis of social spam, which has become more pervasive with the emergence of Web 2.0. People are sharing vast amounts of personal data that opens them to these spam attacks. Since the defining characteristic of Web 2.0 is its social nature, it encourages people to share information, collaborate and form social links. These features of social media have the implication that they create a large network of connections between users and content that is controlled almost entirely by the users. This places great power in the hands of well-intentioned users to engage with others and express themselves. But it also provides an opportunity for spammers to exploit the social web for their own interests. As a result, social web applications have become tempting targets for spam and other forms of Internet pollution.

Another fascinating observation around Web 2.0 is that the authors were able to perform use analysis, in which they were able to identify pieces of information about the users which are not necessarily shared directly by their profiles. Items such as sleeping patterns, daily routines, physical locations, and much more are able to be extracted via metadata and other external analysis.

By the time one gets to chapter 5, they have read 200 pages detailing the problems with security and privacy around the Internet core. Exacerbating this is the role of the end user where the chapter notes that if people are offered the choice of convenience or security, then security will lose. The average Internet user is more lazy than security aware; not at all an encouraging observation.

Chapter 7 details one of the banes that have plagued information security; poor user interfaces. It details the four sins of security application user interfaces: popup assault, security by verbosity, walls of checkboxes and all or nothing switches. The book is worth purchasing just for this section.

The book ends with some thoughts for the future, but there is no magic wand or quick happy endings that Jakobsson and his band of ultra-smart contributors offer. Throughout the book, the contributors do though write how there are ways to secure the Internet, but those take thorough and comprehensive strategies and design. There are countermeasures for most of the threats and vulnerabilities detailed and the book provides an unparalleled view of the current state of Internet security.

Situational awarenessis defined as the perception of environmental elements with respect to time and/or space, the comprehension of their meaning, and the projection of their status after some variable has changed. For those looking for a book to gain situation awareness about the dangers of the Internet, one is hard pressed to find a better title than The Death of the Internet.

Reviewed by Ben Rothke.

You can purchase The Death of the Internet from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

First time accepted submitter matria writes "MODx is a free, open-source Content Management System and Framework, developed and supported by MODX LLC and a global community. The latest iteration of MODx, called Revolution, is entirely object-oriented. To take advantage of the power of MODx, the developer needs to learn how MODx works and how to use its building blocks to extend it to satisfy his purpose. While there is official documentation and a number of websites with tips and tutorials, as well as an active and friendly forum, for the dedicated developer one of the publications that it is good to be aware of is W. Shawn Wilkerson's MODX Revolution — Building the Web Your Way." Read below for the rest of matria's review. MODX Revolution - Building the Web Your Way: A Journey Through a Content Management Framework author W. Shawn Wilkerson pages 622 publisher Sanity Press rating 9/10 reviewer matria ISBN 0985853204 summary an extensive look at an amazing and extensible Content Management Platform Known to the MODx community as "sottwell", I've been a developer and contributor to MODx since its beginnings, so I'm well-familiar with W. Shawn Wilkerson's contributions to the MODx community over the past six years. He is the founder of Sanity LLC, a technology integration company, and holds 9 degrees in programming and web design. His book on MODx Revolution, subtitled A Journey Through a Content Management Framework, was published in August of 2012 by Sanity Press, with ISBN 978-0985853204. It has some 600 pages, with 19 chapters divided into 5 sections.

This begins with the obligatory introduction to what MODx is (and is not). Use MODx as it installs for nearly instant, fully-functional sites, or turn it into a framework for complex web applications.

The second chapter introduces the Manager interface. This is an excellent place to start for new MODx users. We are taken step-by-step through the Manager, with each feature and function explained. Of special importance is the tree structure that lists the content Resources that provide the main content elements for each page, this tree structure reflecting the overall site structure.

Shawn explains how the Manager itself is built on the core MODx framework, and so it is customizable and even totally replaceable

The next five chapters discuss the basic building-block elements that are used to build a MODx site. The coverage of these elements is by no means superficial, everything from customizing the Manager forms for creating and editing them to how they are stored in the database to how to format and manipulate their final output on your web page is explained. Plenty of actual useful code samples and in-depth explanations make it easier to understand how MODx builds up a site using these modular blocks of content and content-generating elements. One entire chapter on Output Modifiers caught my attention here, as it covers a topic often overlooked or, conversely, overused.

The Quick Start chapter walks through the simple procedure to create a basic website after installing MODx, from a few basic System Settings such as a name for your site, through setting up the Template for your pages and assigning it to the Resources that will provide the main content for the pages, using Chunks, Snippets and Template Variables to add dynamic content to your pages, and installing and using third-party add-ons via the handy Package Manager. A complete site, with a dynamic menu structure, search functionality and a contact form can be set up in less than an hour, using any one of thousands of free HTML templates as the base Template.

The rest of this section goes on to show how common Web essentials such SEO, AJAX, friendly URLs and .js and .css minification can be easily arranged, to how a full-blown blogging platform can be added to your site with the Articles package.

One of the more frequent questions that comes up in the forums is how to use JQuery or other libraries, or how to handle AJAX in MODx. Basically, MODx doesn't interfere with your css or javascript in any way. But there are speed and optimization considerations in how and where Javascript links and code should be inserted, and MODx APIs can make processing AJAX requests or inserting data into Javascript functions clean and easy. A chapter on Javascript, CSS and JQuery works through several examples of how various features of MODx can be leveraged to automate best practices for everything from a simple JQuery slideshow to a complete AJAX-driven web application.

The MODx Revolution user management system is a complex network of users, user groups, roles and policies, based on the ACL model of user management. This section is vital to understanding how to control and manage user access to both protected sections of your front-end site and limit Manager functionality. With plenty of screen shots and examples, the reader is gently guided through the whole inter-related subject of organization and controls.

The chapter on Contexts explains how this feature can be used for dividing the site into sections. Contexts can be used to manage separate domains, allowing multiple websites to be managed from one MODx installation. They are also used to provide virtual subdomains or subdirectories for easy management of multi-language sites. Again, plenty of screen shots and examples open up the possibilities of using Contexts. Some of the limitations and pitfalls of using Contexts are explained and resolved.

Since this is not exactly a beginner's tutorial on OOP, the section begins with a brief overview of what OOP is, with some useful links to OOP and OOP in PHP tutorial sites. Then it continues by describing the fully object-oriented MODx Revolution API and the basic $modx object. MODx, like most CMS applications, relies heavily on the database, so there is an emphasis on understanding the database access methods and how MODx stores and caches data. Using the API simplifies just about every facet of MODx development, and the explanations and examples here make this a good reference to keep close at hand.

The foundation of MODx Revolution, the xPDO ORB/ORM object library, is extensively discussed. Coding best-practices are discussed. Real-world, complete, functioning and useful examples abound.

The section ends with how to install and use third-party add-on packages, and how to create your own packages.

Everything from MODx Revolution terminology through system settings and how the MODx parser works, ending with an interesting set of "rules", shared nuggets of hard-won programmer philosophy, make the Appendix another useful resource.

The book is clearly based on a deep understanding and love of programming, web development, and of MODx Revolution itself. One thing I especially appreciated about the layout of the book is the extra large font used for the code examples. It does't make for a pretty layout, but it's a great improvement in usablity over the usual prettier blocks of small, often hard-to-read text. This is even more significant when considering that Shawn is the founder and CEO of Sanity/Sanity Press. While typos and grammatical errors are common, this was understandably explained by the need to get such a book published and available before the fast movement of the web development world in general and MODx in particular make it at least partially obsolete. A year later, it's still covering material well within the leading edge of MODx Revolution functionality. The occasional personal ramblings actually give us an insight into Shawn's programming philosophy, and make the whole book seem more like a personal message, almost a conversation, than a cold presentation of facts. Overall, this is an excellent book, I very much enjoy it, use it, and recommend it.

You can purchase MODX Revolution - Building the Web Your Way: A Journey Through a Content Management Framework from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "On October 25, 2012, as residents of the U.S. east coast made frantic preparations for the arrival of Hurricane Sandy, the captain of the HMS Bounty (a replica tall ship constructed fifty years earlier for the Marlon Brando film Mutiny on the Bounty) made a foolish decision, with the assent of his crew, to proceed with a scheduled voyage from New London, CT for St. Petersburg FL. CNN's Thom Patterson has written a long story with the benefit of survivor testimony to the NTSB and U.S. Coast Guard. Captain Robin Walbridge thought he could outrun the hurricane, and besides, he'd 'sailed into hurricanes before.' The crew (officially there were no passengers, a fact that allowed the ship to evade certain safety regulations) consisted of tall ship enthusiasts with widely varying amounts of nautical experience, perhaps taken by the vast historical literature on the great age of sailing. A day and a half into the voyage, Captain Walbridge altered his plan of sailing east of the storm, to sailing south and west of it. A day later, the Bounty was less than 200 miles from the eye of the storm; the engine room started to flood, and the pumps were jammed with debris being torn off by the storm's 70 mph winds. The end came early next day, the Bounty was knocked down by a huge wave, tossing the captain and several crew members overboard. The Coast Guard rescued fourteen of the crew members, but Claudene Christian (an adventure-loving novice who had enlisted as crew a few months before) was dead, and Captain Walbridge's body has not been found."

An anonymous reader writes "On October 25, 2012, as residents of the U.S. east coast made frantic preparations for the arrival of Hurricane Sandy, the captain of the HMS Bounty (a replica tall ship constructed fifty years earlier for the Marlon Brando film Mutiny on the Bounty) made a foolish decision, with the assent of his crew, to proceed with a scheduled voyage from New London, CT for St. Petersburg FL. CNN's Thom Patterson has written a long story with the benefit of survivor testimony to the NTSB and U.S. Coast Guard. Captain Robin Walbridge thought he could outrun the hurricane, and besides, he'd 'sailed into hurricanes before.' The crew (officially there were no passengers, a fact that allowed the ship to evade certain safety regulations) consisted of tall ship enthusiasts with widely varying amounts of nautical experience, perhaps taken by the vast historical literature on the great age of sailing. A day and a half into the voyage, Captain Walbridge altered his plan of sailing east of the storm, to sailing south and west of it. A day later, the Bounty was less than 200 miles from the eye of the storm; the engine room started to flood, and the pumps were jammed with debris being torn off by the storm's 70 mph winds. The end came early next day, the Bounty was knocked down by a huge wave, tossing the captain and several crew members overboard. The Coast Guard rescued fourteen of the crew members, but Claudene Christian (an adventure-loving novice who had enlisted as crew a few months before) was dead, and Captain Walbridge's body has not been found."

An anonymous reader writes "On October 25, 2012, as residents of the U.S. east coast made frantic preparations for the arrival of Hurricane Sandy, the captain of the HMS Bounty (a replica tall ship constructed fifty years earlier for the Marlon Brando film Mutiny on the Bounty) made a foolish decision, with the assent of his crew, to proceed with a scheduled voyage from New London, CT for St. Petersburg FL. CNN's Thom Patterson has written a long story with the benefit of survivor testimony to the NTSB and U.S. Coast Guard. Captain Robin Walbridge thought he could outrun the hurricane, and besides, he'd 'sailed into hurricanes before.' The crew (officially there were no passengers, a fact that allowed the ship to evade certain safety regulations) consisted of tall ship enthusiasts with widely varying amounts of nautical experience, perhaps taken by the vast historical literature on the great age of sailing. A day and a half into the voyage, Captain Walbridge altered his plan of sailing east of the storm, to sailing south and west of it. A day later, the Bounty was less than 200 miles from the eye of the storm; the engine room started to flood, and the pumps were jammed with debris being torn off by the storm's 70 mph winds. The end came early next day, the Bounty was knocked down by a huge wave, tossing the captain and several crew members overboard. The Coast Guard rescued fourteen of the crew members, but Claudene Christian (an adventure-loving novice who had enlisted as crew a few months before) was dead, and Captain Walbridge's body has not been found."