Slashdot Mirror

A few weeks back, you asked gaming-world academic and game designer Ian Bogost questions from the business, philosophical, and aesthetic sides of gaming; below, find his responses. Thanks, Ian! Is it all just absurd?
by Anonymous Coward

You satirize the meaninglessness of compulsive-click based games, but what would you say is your larger point in doing so? Do you think that "big" video games (for instance, ones with complex plots and characters, cooperation among players, etc) are all that much better, or would much of the same critique apply?

(Sure, they're not quite as mindless, but they still mean that people are spending time and money to withdraw from reality to some extent, and substituting made-up, arbitrary goals for interacting with other people. Is it purely happenstance and convenience that means you've made a certain point with social games, rather than, say, remade Catch-22 as a FPS?)

Ian Bogost: In my original essay about Cow Clicker, written when the game launched in the summer of 2010, I made a similar observation about "big" videogames: they seem to destroy time. (My exact words were, "Many of today's console games exert a time crush. They demand tens or even hundreds of hours of attention to complete, some or most of which often feels empty"). As I see it, one difference between "traditional" games and social games is that the former don't try to infect the time we spend away from them as well as the time we spend with them. Surely there is something compulsive about console games too, but at least the end. The service-oriented component of social games, along with the fact that companies like Zynga require regularly renewed attention to make money, these are important differences that may not seem fundamental at first.

Still, some cultural trends are more like cracks in a wall than like monuments. It's likely that Cow Clicker is more akin to picking away the plaster to find the veins of a complex structural issue than it is like uncovering a simple fact about its foundation. I don't think that structural issue is limited to games. Whether we noticed or not, we've created a media environment driven by compulsion. Email and instant messaging are examples unbound to specific companies, but Facebook, Twitter, Google+, Pinterest, Instagram — all of these services and many more build value by monetizing our repeated and regular attention, and now we have so many different ways to ask, "Is something new? Am I missing something?" that it's possible never to stop asking those questions, all day long.



Procedural Rhetoric in morally-gray big name games?
by siphonophore

What do you think of AAA studios exploring more moral grey areas (e.g. hostage shooting airport level in COD:MW2 ) as a form of procedural rhetoric? Do you think players' natural tendencies of (in this case) non-violence toward innocents is solidified or shaken by simulating such acts?

IB: For those who don't know the reference, "procedural rhetoric" is a concept I developed in my 2007 book Persuasive Games . We have verbal and written rhetoric, which uses speech and writing to make arguments or express ideas, and we have visual rhetoric, which deals with the way images do so. I suggest procedural rhetoric as a way to describe the use of systems and models to make arguments. Videogames (and software in general) are media that are built largely out of processes, and so we can use this framework to design or evaluate how games make arguments.

Of course, the commercial games industry hasn't been very interested in making arguments with games, in taking strong positions on topics of any sort, let alone controversial ones like politics. We have begun to see some efforts to push harder at this boundary COD:MW2 is one example, but so are Deus Ex, Homefront, Farcry 2, Bioshock. I'm glad to see this progress, but of course I'd like to see more. In particular, we only seem to get the very faintest sense of an argument or position in these games. It's almost like it's just there for the publicity, but not too much publicity, because that might turn some players off.

In fact, that's the usual explanation for why we don't have AAA games with strong positions. They're expensive to make and the publishers are said to be conservative. It's true, of course. I was recently talking to some of the team responsible for securing the publishing deal for Bioshock, and they told me that even they had trouble, and that's for a game that's really just another sci-fi shooter with a very thin layer of contra-Ayn Rand dystopianism wrapped in gorgeous art deco environments.

But to believe that "the market" is the reason we don't see more of these games doesn't tell the full story. The truth is, the AAA game industry doesn't really have much to say about politics or social issues. Not only is traditional sci-fi and fantasy entertainment in books and movies far more political than the average game, even children's animated films are more political than the average game. I mean, there's more political commentary in Wall-E than in the last decade of AAA games. I'm generalizing, but game developers and executives are technolibertarians rather than artists. For them, what's good for the world is what people vote for with their wallets. And once we get enough of that position fed to us over and over again, it's no wonder that AAA shooters risk becoming just the empty power fantasies they are sometimes accused of being.



Skinner Boxes
by Catiline

I have long described both MMO gaming and Facebook social games as being a "well-padded Skinner box" for their staggered/random reward system. Do you see any possibility for anything else to eventually replace this model?

IB: I don't know. Certainly the gold rush associated with a very bare version of these mechanics isn't helping. If anything, the Skinner boxes seem to be finding their way into other genres. I haven't played Diablo III yet, but someone who tried the beta opined that it's "Farmville for hardcore gamers." Then again, I suppose we might have said the same thing about World of Warcraft half a decade ago. These features have always been in games, but there's no question that we've begun refining them in the way one refines oil, making them more pure and useful to drive the engines of commerce rather than experience.

We can't just will ourselves out of this situation. It's not simply a matter of developing a new design philosophy that will replace the old one through pure unfettered rationalism. Since the games industry responds only to economic incentives, perhaps what we need is an implosion. Just as the housing bubble was burst by the revelation of inviable lending and the related artifice of constantly-inflating property values, so perhaps something similar needs to happen to the behaviorist bubble. It may already be starting, thanks to the apparently disappointing performance of Zynga's IPO. Still, it's worth remembering that the founders and executives of today's big tech companies have been enjoying the privilege of making liquid parts of their equity on secondary markets, so the tech investment community may not have the same deterrent to bubblethink that the market in general does.

In any case, this trend should remind us that the whole media ecosystem has been built on this promise of high-leverage value derived from the aggregated behaviors of a very large base of patrons who are actually the product of these services rather than their customers. Google and Facebook are the obvious examples, but Zynga derives all of its revenue from 2.2% of its players. The remainder are there as viral marketing infrastructure. Is it even possible to opt out of this situation? Not if you also want to live productively in contemporary society.



Interesting Mechanics?
by spektre1

Hi Ian! Can you comment about game mechanics that you wish designers explored in more depth?

IB: Certainly I have my own tastes. I've said a bit about them here, such as my interest in games that offer political opinion or commentary. And I tend to prefer "systemy" games to narrative games. But at some point, all of that is just a matter of taste. And as the aphorism goes, there's no accounting for taste.

So instead of specific mechanics or styles or genres, what I'd most like to see is more earnestness and more personality in games. I'd like to see more of the creators expressed in the works, not because I want to "receive" the "messages" they are sending, but so that I can feel like the work is not being stamped out by a machine in a factory. Part of that process would have to include more conversation about and framing of games. If you compare games to other forms of creativity, there's just far less deliberate, public discussion of games than there is of painting or novels or films or even sports. Filmmakers go on talk shows, novelists give interviews in magazines. What do game makers do? They send their lowest-common-denominator PR agencies out to put words in the mouths of the enthusiast press.

I'm often more engaged by games with styles I don't particularly like, for example the games of That Game Company or Tale of Tales, because those creators make an effort to frame and personalize the work, to give players a sense of how they might approach them, an invitation to care about the logic of their weird, tiny world. There was a time when Activision shipped their videogames with photos and notes from their creators. True, that was a time when the equivalent of "AAA" games were created by individuals, but the point stands. Indie games have a greater capacity for this sort of thing, thanks to their smaller and more compact teams, but that doesn't make independent games automatically more inviting than AAA games, either (a lot of indie games are starting get that stamped out in the factory feel, too). In the AAA scene, I think Naughty Dog, Valve, PopCap, and Blizzard offer examples of culturing a style and a design sensibility.



Persuasive game elements
by Anonymous Coward

My question revolves around trends in the "gamification" of tasks as used by government, corporations and others. I am curious what you feel about the persuasive elements that may or may not be used in these endeavors. I've noticed this holiday season to some sites seem to have attempted to use some gaming elements in very persuasive ways. I haven't really looked to closely into government sites lately, but I'm sure governments around the world are already starting to adopt them. Understanding the power of this is kind of disturbing, particularly when you see how governments, etc. can abuse this. So my question is what, if any recommendations would you give to social activists looking to develop counter-gaming or ways to identify and inform others about these elements? Given the subtle nature of some of these elements, how difficult a task is it to identify these elements in games?

IB: I've been a pretty vocal critic of gamification, which I think is bullshit, and which I've suggested we reframe as exploitationware. In both of those articles about the trend, I point out that the thing governments and corporations and other organizations like best about gamification is its facility, how rapidly and undisruptively it can be integrated into their current practices. Whereas, when I write about persuasive games and procedural rhetoric and the like, I'm interested in the idea that games might be particularly useful frames for complex issues, precisely because good games make complexity and ambiguity and trade-offs central, embracing them rather than rejecting them. Systems rather than soundbites.

The problem is, most governments and even most social activists don't really want to concede that point—that hard problems are hard, that simple answers are usually wrong, and that solutions are less likely than messy, stochastic progress. Instead, they are more concerned with reproducing the conditions of their own existence. For example, I've written before about the White House's "Apps for Healthy Kids" contest. On first blush, this effort looks like an earnest attempt to create games and software about an issue of great concern and great complexity—health and nutrition. But the results are trite and meaningless, just more bad kids software about choosing the carrot instead of the candy bar. They contain no admission of the entrenched, intractable issues at the heart of healthy eating, like food subsidies, industrial farming, population growth and density, socioeconomics, and so forth. And that's because the White House didn't really launch the contest to solve anything. They launched it to make themselves appear contemporary, engaged with the current "app economy," able to make websites with big form fields.

So, the most important lesson for governments or activists or anyone else is that the subtlety is very rarely there, in fact. So either we have to show the reasons why explanations are insufficient and not just "earnest attempts" at a reasonable solution, or we have to create the subtlety in our own media, be they games or books or blog posts. We have to do that in the games themselves, but also in relation to the medium of games, which we ought to position as a medium against simplicity in the first place.



Places where 'gamification' is good?
by oneiros27

At the closing plenary for the 2011 IA Summit, Cennydd Bowles called out the whole 'UX' (User Experience) community as a whole, in that the role that most of them play is in trying to get people to spend more time on websites and buy more stuff, rather than doing stuff that really improves the world. You've taken a similar stance on 'gamification', but there's at least two groups (Zooniverse [zooniverse.org] and FoldIt [fold.it]) using it for good as they're helping to advance science. Can you think of any other situations where we could use video games to improve the world at a grand scale, and not just simple 'edutainment'?

IB: Sometimes general explanations are helpful, and other times more specific ones are required. So despite everything I just said about the games as windows into complex systems, there are other ways to think about the usefulness of games. In my most recent book, How to Do Things with Videogames , I try to make this case, showing a couple dozen or so different applications of games, from art to tools.

Zooniverse and FoldIt are what you might call "games for work." They are games deployed in the pursuit of specific outcomes in the case of both of those titles, the outcomes are identification and analysis in very large scientific data sets, for which automated (computational) analysis is unlikely to be successful. Some people have used the name "human computation" to describe this process, and Louis von Ahn at Carnegie Mellon is probably the best known proponent of it. Others use the term "playbor," and they usually mean it derogatorily.

That mind, here's a question: does human computation in games really improve the world? I know what you're thinking: how could scientific progress not be good? Well, projects like FoldIt and Zooniverse are also massive distributed outsourcing efforts, offering free labor to the research establishment. Sure, you could make a utilitarian argument for why such work is progressive and not exploitative. And it may seem reactionary and dystopian even to intimate that collaborative work might lead to a nightmarish prison state in which tiny doses of satisfaction replace both gainful employment and crafted distraction. Or it may not.

This leads me to my answer, which may disappoint: the world gets improved in fits and starts, in small ways more than in large ones, and thanks to the unseen, unthought infrastructures that undergird it more than the civic or scientific or artistic victories we celebrate in the streets or in the theaters.



Start with a 'Facebook' game or a regular website?
by Anonymous Coward

I lead an enthusiastic clan of RuneScape players, and they tend to have a pretty broad interest in gaming and game development. As the lead programmer/IT guy for the clan, I'm frequently asked about programming and how to go about doing it.

I'm considering setting up a fairly basic Mafia wars type of game for them to expand and update, coded in python/html5 and running on google app engine for simplicity's sake. Python has a huge amount of self learning resources out there, and putting a python project on GAE is my go-to method for getting a project up and running quickly.

Should I encourage them to move into building a Facebook app, or should I encourage them to keep it a standalone website?

On the one hand Facebook gives better potential for expanding their user base, but on the other there's the 30% fee for using Facebook credits and their horrible API documentation. While I want to keep things as straightforward as possible for them, I would like to see their game accumulate a decent number of players so they can show it off.

IB: A pragmatic question! For those of you who haven't developed on the Facebook platform, let me tell you: it is a fucking train wreck. Badly documented (really, the worst documentation I can imagine), works in fits and starts, infrastructure changes constantly, updates roll out weekly, features constantly deprecated and removed, support non-existent, opaque bug and issue reporting. It's a nightmare. It's the Great War of software development, with tangled barbed wire and constant cross fire.

But, in exchange for tolerating that terror, you get access to some 800 million people and the promise that the small fraction of those you can reach will bring their friends. The 30% take for Facebook Credits is a lot compared to a credit card transaction fee, but the entire system is automated and works without any need for special merchant accounts or fears of PayPal retribution. Facebook is a piece of infrastructure, and the benefits it offers as infrastructure are undeniable even if the platform's viral free-for-all days are over.

Which to choose? It sounds to me like you can get your project working without Facebook, and then consider strapping in the social and payment features as you need them. That makes you less reliant on the platform, but also allows you to explore its benefits for your situation, if indeed there are any. In any case, I think being reliant on Facebook is a terrible situation for anybody to be in, whether they are a large company or independent creator.



Tabletop Gaming?
by Anonymous Coward

Is there a bridge between tabletop gaming and video gaming?

I design tabletop games and RPGs, and sometimes when I'm designing something I realize it would all work better as a video game. Do you feel the same way sometimes when you're designing real time games to want to make them turn based or tabletop games? Is there a link between the two industries in a professional way? Can workers from either industry cross over?

IB: There are a few different ways to think about videogames. One situates them in the long history of games, from folk games through wargames through tabletop games on to videogames, and to find similarities in design, use, and application. Another places them in the history of computing, asking how videogames relate to other kinds of software and hardware media for productivity and expression. Another compares them to creative media like literature, film, art, theater, opera, puppetry, and so forth, finding opportunities for adaptation across material form, or obstacles to such adaptation. Another asks how videogames participate in cultural traditions of play, like festival, conflict, sport, and ritual. These are just some of the possible vantage points from which one could seek to understand or design games. And of course, they are not mutually exclusive.

There is a fairly strong tradition of inspiration between tabletop games and computer games. The relationship between Dungeons & Dragons and certain genres of videogames, especially adventure, RPG, and MMOs is well-known. But tabletop wargames (like those published by SPI and Avalon Hill) also inspired many computer game designers, as did the type of strategy games sometimes called German-style board games. Games like Carcassonne and Puerto Rico used to be unheard of among the general public, but thanks to the success of Settlers of Catan, thoughtful tabletop games are becoming increasingly popular, even in this age of computerization.

All of which is just to say that there are a number of successful game designers who take the tabletop-to-computer spectrum as their primary creative axis. Rainer Knizia has created many successful tabletop games as well as videogames (many of which were adaptations of his board game designs). Designers like Greg Costikyan, Brenda Brathwaite, Eric Zimmerman, Nick Fortugno, and Frank Lantz are also frequent players and designers of other types of games — not just tabletop but in some cases large-scale "big games" played in urban spaces, and installation games played in museums or galleries. And many other developers in the videogame industry also play and make non-digital games in their spare time.

There's also a technique called paper prototyping advocated by designers like Raph Koster and Stone Librande, which draws a strong material connection between tabletop and computer game design. Designer and USC professor Tracy Fullerton's book Game Design Workshop is based on this method, and a game design workshop is held every year at the Game Developers Conference that uses non-digital materials exclusively. So, in short, there is a lot of cross-over, even if that crossover isn't always expressed through published tabletop games.



What do you think of James Franco?
Anonymous Coward

I understand you may be working on some sort of joint project with him in the academic world. Is he the rockstar that he appears to be?

IB: Perhaps one day I will be fortunate enough to have James Franco nap in my classes. Until then, I'll have to be satisfied to click on his likeness in the post-cowpocalypse version of Cow Clicker.



Re:Yo, Ian!
by Hatta

I actually read your book Racing the Beam. Fantastic book. The only thing I really want to know is when we can expect the NES, SNES, and Sega Genesis to get the same treatment.

IB: Thanks for reading! For those who haven't yet, Racing the Beam is a book I wrote with Nick Montfort about the ways the hardware design of the Atari Video Computer System (VCS, aka the Atari 2600) influenced game design. The book was the first in a series Nick and I edit called Platform Studies [http://platformstudies.com]. Books in the series discuss the relationship between the hardware and software design of computer platforms and the creative works produced on those systems. These books are meant to be technically detailed but in an explanatory and accessible way, one that doesn't require any particular background to read.

We have a number of new books lined up in the series. Two books will be published this spring: Codename Revolution: The Nintendo Wii Platform by Steven E. Jones and George K. Thiruvathukal, and The Future Was Here: The Commodore Amiga, by Jimmy Maher. Other books at various stages of progress do include the NES, SNES, Flash, and a number of other more esoteric platforms. We're actively looking for more books and authors, so if any readers here have projects that match our vision for the series, please get in touch. Keep in mind that we're interested in computer platforms of all kinds, not just videogame systems.

A few weeks back, you asked gaming-world academic and game designer Ian Bogost questions from the business, philosophical, and aesthetic sides of gaming; below, find his responses. Thanks, Ian! Is it all just absurd?
by Anonymous Coward

You satirize the meaninglessness of compulsive-click based games, but what would you say is your larger point in doing so? Do you think that "big" video games (for instance, ones with complex plots and characters, cooperation among players, etc) are all that much better, or would much of the same critique apply?

(Sure, they're not quite as mindless, but they still mean that people are spending time and money to withdraw from reality to some extent, and substituting made-up, arbitrary goals for interacting with other people. Is it purely happenstance and convenience that means you've made a certain point with social games, rather than, say, remade Catch-22 as a FPS?)

Ian Bogost: In my original essay about Cow Clicker, written when the game launched in the summer of 2010, I made a similar observation about "big" videogames: they seem to destroy time. (My exact words were, "Many of today's console games exert a time crush. They demand tens or even hundreds of hours of attention to complete, some or most of which often feels empty"). As I see it, one difference between "traditional" games and social games is that the former don't try to infect the time we spend away from them as well as the time we spend with them. Surely there is something compulsive about console games too, but at least the end. The service-oriented component of social games, along with the fact that companies like Zynga require regularly renewed attention to make money, these are important differences that may not seem fundamental at first.

Still, some cultural trends are more like cracks in a wall than like monuments. It's likely that Cow Clicker is more akin to picking away the plaster to find the veins of a complex structural issue than it is like uncovering a simple fact about its foundation. I don't think that structural issue is limited to games. Whether we noticed or not, we've created a media environment driven by compulsion. Email and instant messaging are examples unbound to specific companies, but Facebook, Twitter, Google+, Pinterest, Instagram — all of these services and many more build value by monetizing our repeated and regular attention, and now we have so many different ways to ask, "Is something new? Am I missing something?" that it's possible never to stop asking those questions, all day long.



Procedural Rhetoric in morally-gray big name games?
by siphonophore

What do you think of AAA studios exploring more moral grey areas (e.g. hostage shooting airport level in COD:MW2 ) as a form of procedural rhetoric? Do you think players' natural tendencies of (in this case) non-violence toward innocents is solidified or shaken by simulating such acts?

IB: For those who don't know the reference, "procedural rhetoric" is a concept I developed in my 2007 book Persuasive Games . We have verbal and written rhetoric, which uses speech and writing to make arguments or express ideas, and we have visual rhetoric, which deals with the way images do so. I suggest procedural rhetoric as a way to describe the use of systems and models to make arguments. Videogames (and software in general) are media that are built largely out of processes, and so we can use this framework to design or evaluate how games make arguments.

Of course, the commercial games industry hasn't been very interested in making arguments with games, in taking strong positions on topics of any sort, let alone controversial ones like politics. We have begun to see some efforts to push harder at this boundary COD:MW2 is one example, but so are Deus Ex, Homefront, Farcry 2, Bioshock. I'm glad to see this progress, but of course I'd like to see more. In particular, we only seem to get the very faintest sense of an argument or position in these games. It's almost like it's just there for the publicity, but not too much publicity, because that might turn some players off.

In fact, that's the usual explanation for why we don't have AAA games with strong positions. They're expensive to make and the publishers are said to be conservative. It's true, of course. I was recently talking to some of the team responsible for securing the publishing deal for Bioshock, and they told me that even they had trouble, and that's for a game that's really just another sci-fi shooter with a very thin layer of contra-Ayn Rand dystopianism wrapped in gorgeous art deco environments.

But to believe that "the market" is the reason we don't see more of these games doesn't tell the full story. The truth is, the AAA game industry doesn't really have much to say about politics or social issues. Not only is traditional sci-fi and fantasy entertainment in books and movies far more political than the average game, even children's animated films are more political than the average game. I mean, there's more political commentary in Wall-E than in the last decade of AAA games. I'm generalizing, but game developers and executives are technolibertarians rather than artists. For them, what's good for the world is what people vote for with their wallets. And once we get enough of that position fed to us over and over again, it's no wonder that AAA shooters risk becoming just the empty power fantasies they are sometimes accused of being.



Skinner Boxes
by Catiline

I have long described both MMO gaming and Facebook social games as being a "well-padded Skinner box" for their staggered/random reward system. Do you see any possibility for anything else to eventually replace this model?

IB: I don't know. Certainly the gold rush associated with a very bare version of these mechanics isn't helping. If anything, the Skinner boxes seem to be finding their way into other genres. I haven't played Diablo III yet, but someone who tried the beta opined that it's "Farmville for hardcore gamers." Then again, I suppose we might have said the same thing about World of Warcraft half a decade ago. These features have always been in games, but there's no question that we've begun refining them in the way one refines oil, making them more pure and useful to drive the engines of commerce rather than experience.

We can't just will ourselves out of this situation. It's not simply a matter of developing a new design philosophy that will replace the old one through pure unfettered rationalism. Since the games industry responds only to economic incentives, perhaps what we need is an implosion. Just as the housing bubble was burst by the revelation of inviable lending and the related artifice of constantly-inflating property values, so perhaps something similar needs to happen to the behaviorist bubble. It may already be starting, thanks to the apparently disappointing performance of Zynga's IPO. Still, it's worth remembering that the founders and executives of today's big tech companies have been enjoying the privilege of making liquid parts of their equity on secondary markets, so the tech investment community may not have the same deterrent to bubblethink that the market in general does.

In any case, this trend should remind us that the whole media ecosystem has been built on this promise of high-leverage value derived from the aggregated behaviors of a very large base of patrons who are actually the product of these services rather than their customers. Google and Facebook are the obvious examples, but Zynga derives all of its revenue from 2.2% of its players. The remainder are there as viral marketing infrastructure. Is it even possible to opt out of this situation? Not if you also want to live productively in contemporary society.



Interesting Mechanics?
by spektre1

Hi Ian! Can you comment about game mechanics that you wish designers explored in more depth?

IB: Certainly I have my own tastes. I've said a bit about them here, such as my interest in games that offer political opinion or commentary. And I tend to prefer "systemy" games to narrative games. But at some point, all of that is just a matter of taste. And as the aphorism goes, there's no accounting for taste.

So instead of specific mechanics or styles or genres, what I'd most like to see is more earnestness and more personality in games. I'd like to see more of the creators expressed in the works, not because I want to "receive" the "messages" they are sending, but so that I can feel like the work is not being stamped out by a machine in a factory. Part of that process would have to include more conversation about and framing of games. If you compare games to other forms of creativity, there's just far less deliberate, public discussion of games than there is of painting or novels or films or even sports. Filmmakers go on talk shows, novelists give interviews in magazines. What do game makers do? They send their lowest-common-denominator PR agencies out to put words in the mouths of the enthusiast press.

I'm often more engaged by games with styles I don't particularly like, for example the games of That Game Company or Tale of Tales, because those creators make an effort to frame and personalize the work, to give players a sense of how they might approach them, an invitation to care about the logic of their weird, tiny world. There was a time when Activision shipped their videogames with photos and notes from their creators. True, that was a time when the equivalent of "AAA" games were created by individuals, but the point stands. Indie games have a greater capacity for this sort of thing, thanks to their smaller and more compact teams, but that doesn't make independent games automatically more inviting than AAA games, either (a lot of indie games are starting get that stamped out in the factory feel, too). In the AAA scene, I think Naughty Dog, Valve, PopCap, and Blizzard offer examples of culturing a style and a design sensibility.



Persuasive game elements
by Anonymous Coward

My question revolves around trends in the "gamification" of tasks as used by government, corporations and others. I am curious what you feel about the persuasive elements that may or may not be used in these endeavors. I've noticed this holiday season to some sites seem to have attempted to use some gaming elements in very persuasive ways. I haven't really looked to closely into government sites lately, but I'm sure governments around the world are already starting to adopt them. Understanding the power of this is kind of disturbing, particularly when you see how governments, etc. can abuse this. So my question is what, if any recommendations would you give to social activists looking to develop counter-gaming or ways to identify and inform others about these elements? Given the subtle nature of some of these elements, how difficult a task is it to identify these elements in games?

IB: I've been a pretty vocal critic of gamification, which I think is bullshit, and which I've suggested we reframe as exploitationware. In both of those articles about the trend, I point out that the thing governments and corporations and other organizations like best about gamification is its facility, how rapidly and undisruptively it can be integrated into their current practices. Whereas, when I write about persuasive games and procedural rhetoric and the like, I'm interested in the idea that games might be particularly useful frames for complex issues, precisely because good games make complexity and ambiguity and trade-offs central, embracing them rather than rejecting them. Systems rather than soundbites.

The problem is, most governments and even most social activists don't really want to concede that point—that hard problems are hard, that simple answers are usually wrong, and that solutions are less likely than messy, stochastic progress. Instead, they are more concerned with reproducing the conditions of their own existence. For example, I've written before about the White House's "Apps for Healthy Kids" contest. On first blush, this effort looks like an earnest attempt to create games and software about an issue of great concern and great complexity—health and nutrition. But the results are trite and meaningless, just more bad kids software about choosing the carrot instead of the candy bar. They contain no admission of the entrenched, intractable issues at the heart of healthy eating, like food subsidies, industrial farming, population growth and density, socioeconomics, and so forth. And that's because the White House didn't really launch the contest to solve anything. They launched it to make themselves appear contemporary, engaged with the current "app economy," able to make websites with big form fields.

So, the most important lesson for governments or activists or anyone else is that the subtlety is very rarely there, in fact. So either we have to show the reasons why explanations are insufficient and not just "earnest attempts" at a reasonable solution, or we have to create the subtlety in our own media, be they games or books or blog posts. We have to do that in the games themselves, but also in relation to the medium of games, which we ought to position as a medium against simplicity in the first place.



Places where 'gamification' is good?
by oneiros27

At the closing plenary for the 2011 IA Summit, Cennydd Bowles called out the whole 'UX' (User Experience) community as a whole, in that the role that most of them play is in trying to get people to spend more time on websites and buy more stuff, rather than doing stuff that really improves the world. You've taken a similar stance on 'gamification', but there's at least two groups (Zooniverse [zooniverse.org] and FoldIt [fold.it]) using it for good as they're helping to advance science. Can you think of any other situations where we could use video games to improve the world at a grand scale, and not just simple 'edutainment'?

IB: Sometimes general explanations are helpful, and other times more specific ones are required. So despite everything I just said about the games as windows into complex systems, there are other ways to think about the usefulness of games. In my most recent book, How to Do Things with Videogames , I try to make this case, showing a couple dozen or so different applications of games, from art to tools.

Zooniverse and FoldIt are what you might call "games for work." They are games deployed in the pursuit of specific outcomes in the case of both of those titles, the outcomes are identification and analysis in very large scientific data sets, for which automated (computational) analysis is unlikely to be successful. Some people have used the name "human computation" to describe this process, and Louis von Ahn at Carnegie Mellon is probably the best known proponent of it. Others use the term "playbor," and they usually mean it derogatorily.

That mind, here's a question: does human computation in games really improve the world? I know what you're thinking: how could scientific progress not be good? Well, projects like FoldIt and Zooniverse are also massive distributed outsourcing efforts, offering free labor to the research establishment. Sure, you could make a utilitarian argument for why such work is progressive and not exploitative. And it may seem reactionary and dystopian even to intimate that collaborative work might lead to a nightmarish prison state in which tiny doses of satisfaction replace both gainful employment and crafted distraction. Or it may not.

This leads me to my answer, which may disappoint: the world gets improved in fits and starts, in small ways more than in large ones, and thanks to the unseen, unthought infrastructures that undergird it more than the civic or scientific or artistic victories we celebrate in the streets or in the theaters.



Start with a 'Facebook' game or a regular website?
by Anonymous Coward

I lead an enthusiastic clan of RuneScape players, and they tend to have a pretty broad interest in gaming and game development. As the lead programmer/IT guy for the clan, I'm frequently asked about programming and how to go about doing it.

I'm considering setting up a fairly basic Mafia wars type of game for them to expand and update, coded in python/html5 and running on google app engine for simplicity's sake. Python has a huge amount of self learning resources out there, and putting a python project on GAE is my go-to method for getting a project up and running quickly.

Should I encourage them to move into building a Facebook app, or should I encourage them to keep it a standalone website?

On the one hand Facebook gives better potential for expanding their user base, but on the other there's the 30% fee for using Facebook credits and their horrible API documentation. While I want to keep things as straightforward as possible for them, I would like to see their game accumulate a decent number of players so they can show it off.

IB: A pragmatic question! For those of you who haven't developed on the Facebook platform, let me tell you: it is a fucking train wreck. Badly documented (really, the worst documentation I can imagine), works in fits and starts, infrastructure changes constantly, updates roll out weekly, features constantly deprecated and removed, support non-existent, opaque bug and issue reporting. It's a nightmare. It's the Great War of software development, with tangled barbed wire and constant cross fire.

But, in exchange for tolerating that terror, you get access to some 800 million people and the promise that the small fraction of those you can reach will bring their friends. The 30% take for Facebook Credits is a lot compared to a credit card transaction fee, but the entire system is automated and works without any need for special merchant accounts or fears of PayPal retribution. Facebook is a piece of infrastructure, and the benefits it offers as infrastructure are undeniable even if the platform's viral free-for-all days are over.

Which to choose? It sounds to me like you can get your project working without Facebook, and then consider strapping in the social and payment features as you need them. That makes you less reliant on the platform, but also allows you to explore its benefits for your situation, if indeed there are any. In any case, I think being reliant on Facebook is a terrible situation for anybody to be in, whether they are a large company or independent creator.



Tabletop Gaming?
by Anonymous Coward

Is there a bridge between tabletop gaming and video gaming?

I design tabletop games and RPGs, and sometimes when I'm designing something I realize it would all work better as a video game. Do you feel the same way sometimes when you're designing real time games to want to make them turn based or tabletop games? Is there a link between the two industries in a professional way? Can workers from either industry cross over?

IB: There are a few different ways to think about videogames. One situates them in the long history of games, from folk games through wargames through tabletop games on to videogames, and to find similarities in design, use, and application. Another places them in the history of computing, asking how videogames relate to other kinds of software and hardware media for productivity and expression. Another compares them to creative media like literature, film, art, theater, opera, puppetry, and so forth, finding opportunities for adaptation across material form, or obstacles to such adaptation. Another asks how videogames participate in cultural traditions of play, like festival, conflict, sport, and ritual. These are just some of the possible vantage points from which one could seek to understand or design games. And of course, they are not mutually exclusive.

There is a fairly strong tradition of inspiration between tabletop games and computer games. The relationship between Dungeons & Dragons and certain genres of videogames, especially adventure, RPG, and MMOs is well-known. But tabletop wargames (like those published by SPI and Avalon Hill) also inspired many computer game designers, as did the type of strategy games sometimes called German-style board games. Games like Carcassonne and Puerto Rico used to be unheard of among the general public, but thanks to the success of Settlers of Catan, thoughtful tabletop games are becoming increasingly popular, even in this age of computerization.

All of which is just to say that there are a number of successful game designers who take the tabletop-to-computer spectrum as their primary creative axis. Rainer Knizia has created many successful tabletop games as well as videogames (many of which were adaptations of his board game designs). Designers like Greg Costikyan, Brenda Brathwaite, Eric Zimmerman, Nick Fortugno, and Frank Lantz are also frequent players and designers of other types of games — not just tabletop but in some cases large-scale "big games" played in urban spaces, and installation games played in museums or galleries. And many other developers in the videogame industry also play and make non-digital games in their spare time.

There's also a technique called paper prototyping advocated by designers like Raph Koster and Stone Librande, which draws a strong material connection between tabletop and computer game design. Designer and USC professor Tracy Fullerton's book Game Design Workshop is based on this method, and a game design workshop is held every year at the Game Developers Conference that uses non-digital materials exclusively. So, in short, there is a lot of cross-over, even if that crossover isn't always expressed through published tabletop games.



What do you think of James Franco?
Anonymous Coward

I understand you may be working on some sort of joint project with him in the academic world. Is he the rockstar that he appears to be?

IB: Perhaps one day I will be fortunate enough to have James Franco nap in my classes. Until then, I'll have to be satisfied to click on his likeness in the post-cowpocalypse version of Cow Clicker.



Re:Yo, Ian!
by Hatta

I actually read your book Racing the Beam. Fantastic book. The only thing I really want to know is when we can expect the NES, SNES, and Sega Genesis to get the same treatment.

IB: Thanks for reading! For those who haven't yet, Racing the Beam is a book I wrote with Nick Montfort about the ways the hardware design of the Atari Video Computer System (VCS, aka the Atari 2600) influenced game design. The book was the first in a series Nick and I edit called Platform Studies [http://platformstudies.com]. Books in the series discuss the relationship between the hardware and software design of computer platforms and the creative works produced on those systems. These books are meant to be technically detailed but in an explanatory and accessible way, one that doesn't require any particular background to read.

We have a number of new books lined up in the series. Two books will be published this spring: Codename Revolution: The Nintendo Wii Platform by Steven E. Jones and George K. Thiruvathukal, and The Future Was Here: The Commodore Amiga, by Jimmy Maher. Other books at various stages of progress do include the NES, SNES, Flash, and a number of other more esoteric platforms. We're actively looking for more books and authors, so if any readers here have projects that match our vision for the series, please get in touch. Keep in mind that we're interested in computer platforms of all kinds, not just videogame systems.

A few weeks back, you asked gaming-world academic and game designer Ian Bogost questions from the business, philosophical, and aesthetic sides of gaming; below, find his responses. Thanks, Ian! Is it all just absurd?
by Anonymous Coward

You satirize the meaninglessness of compulsive-click based games, but what would you say is your larger point in doing so? Do you think that "big" video games (for instance, ones with complex plots and characters, cooperation among players, etc) are all that much better, or would much of the same critique apply?

(Sure, they're not quite as mindless, but they still mean that people are spending time and money to withdraw from reality to some extent, and substituting made-up, arbitrary goals for interacting with other people. Is it purely happenstance and convenience that means you've made a certain point with social games, rather than, say, remade Catch-22 as a FPS?)

Ian Bogost: In my original essay about Cow Clicker, written when the game launched in the summer of 2010, I made a similar observation about "big" videogames: they seem to destroy time. (My exact words were, "Many of today's console games exert a time crush. They demand tens or even hundreds of hours of attention to complete, some or most of which often feels empty"). As I see it, one difference between "traditional" games and social games is that the former don't try to infect the time we spend away from them as well as the time we spend with them. Surely there is something compulsive about console games too, but at least the end. The service-oriented component of social games, along with the fact that companies like Zynga require regularly renewed attention to make money, these are important differences that may not seem fundamental at first.

Still, some cultural trends are more like cracks in a wall than like monuments. It's likely that Cow Clicker is more akin to picking away the plaster to find the veins of a complex structural issue than it is like uncovering a simple fact about its foundation. I don't think that structural issue is limited to games. Whether we noticed or not, we've created a media environment driven by compulsion. Email and instant messaging are examples unbound to specific companies, but Facebook, Twitter, Google+, Pinterest, Instagram — all of these services and many more build value by monetizing our repeated and regular attention, and now we have so many different ways to ask, "Is something new? Am I missing something?" that it's possible never to stop asking those questions, all day long.



Procedural Rhetoric in morally-gray big name games?
by siphonophore

What do you think of AAA studios exploring more moral grey areas (e.g. hostage shooting airport level in COD:MW2 ) as a form of procedural rhetoric? Do you think players' natural tendencies of (in this case) non-violence toward innocents is solidified or shaken by simulating such acts?

IB: For those who don't know the reference, "procedural rhetoric" is a concept I developed in my 2007 book Persuasive Games . We have verbal and written rhetoric, which uses speech and writing to make arguments or express ideas, and we have visual rhetoric, which deals with the way images do so. I suggest procedural rhetoric as a way to describe the use of systems and models to make arguments. Videogames (and software in general) are media that are built largely out of processes, and so we can use this framework to design or evaluate how games make arguments.

Of course, the commercial games industry hasn't been very interested in making arguments with games, in taking strong positions on topics of any sort, let alone controversial ones like politics. We have begun to see some efforts to push harder at this boundary COD:MW2 is one example, but so are Deus Ex, Homefront, Farcry 2, Bioshock. I'm glad to see this progress, but of course I'd like to see more. In particular, we only seem to get the very faintest sense of an argument or position in these games. It's almost like it's just there for the publicity, but not too much publicity, because that might turn some players off.

In fact, that's the usual explanation for why we don't have AAA games with strong positions. They're expensive to make and the publishers are said to be conservative. It's true, of course. I was recently talking to some of the team responsible for securing the publishing deal for Bioshock, and they told me that even they had trouble, and that's for a game that's really just another sci-fi shooter with a very thin layer of contra-Ayn Rand dystopianism wrapped in gorgeous art deco environments.

But to believe that "the market" is the reason we don't see more of these games doesn't tell the full story. The truth is, the AAA game industry doesn't really have much to say about politics or social issues. Not only is traditional sci-fi and fantasy entertainment in books and movies far more political than the average game, even children's animated films are more political than the average game. I mean, there's more political commentary in Wall-E than in the last decade of AAA games. I'm generalizing, but game developers and executives are technolibertarians rather than artists. For them, what's good for the world is what people vote for with their wallets. And once we get enough of that position fed to us over and over again, it's no wonder that AAA shooters risk becoming just the empty power fantasies they are sometimes accused of being.



Skinner Boxes
by Catiline

I have long described both MMO gaming and Facebook social games as being a "well-padded Skinner box" for their staggered/random reward system. Do you see any possibility for anything else to eventually replace this model?

IB: I don't know. Certainly the gold rush associated with a very bare version of these mechanics isn't helping. If anything, the Skinner boxes seem to be finding their way into other genres. I haven't played Diablo III yet, but someone who tried the beta opined that it's "Farmville for hardcore gamers." Then again, I suppose we might have said the same thing about World of Warcraft half a decade ago. These features have always been in games, but there's no question that we've begun refining them in the way one refines oil, making them more pure and useful to drive the engines of commerce rather than experience.

We can't just will ourselves out of this situation. It's not simply a matter of developing a new design philosophy that will replace the old one through pure unfettered rationalism. Since the games industry responds only to economic incentives, perhaps what we need is an implosion. Just as the housing bubble was burst by the revelation of inviable lending and the related artifice of constantly-inflating property values, so perhaps something similar needs to happen to the behaviorist bubble. It may already be starting, thanks to the apparently disappointing performance of Zynga's IPO. Still, it's worth remembering that the founders and executives of today's big tech companies have been enjoying the privilege of making liquid parts of their equity on secondary markets, so the tech investment community may not have the same deterrent to bubblethink that the market in general does.

In any case, this trend should remind us that the whole media ecosystem has been built on this promise of high-leverage value derived from the aggregated behaviors of a very large base of patrons who are actually the product of these services rather than their customers. Google and Facebook are the obvious examples, but Zynga derives all of its revenue from 2.2% of its players. The remainder are there as viral marketing infrastructure. Is it even possible to opt out of this situation? Not if you also want to live productively in contemporary society.



Interesting Mechanics?
by spektre1

Hi Ian! Can you comment about game mechanics that you wish designers explored in more depth?

IB: Certainly I have my own tastes. I've said a bit about them here, such as my interest in games that offer political opinion or commentary. And I tend to prefer "systemy" games to narrative games. But at some point, all of that is just a matter of taste. And as the aphorism goes, there's no accounting for taste.

So instead of specific mechanics or styles or genres, what I'd most like to see is more earnestness and more personality in games. I'd like to see more of the creators expressed in the works, not because I want to "receive" the "messages" they are sending, but so that I can feel like the work is not being stamped out by a machine in a factory. Part of that process would have to include more conversation about and framing of games. If you compare games to other forms of creativity, there's just far less deliberate, public discussion of games than there is of painting or novels or films or even sports. Filmmakers go on talk shows, novelists give interviews in magazines. What do game makers do? They send their lowest-common-denominator PR agencies out to put words in the mouths of the enthusiast press.

I'm often more engaged by games with styles I don't particularly like, for example the games of That Game Company or Tale of Tales, because those creators make an effort to frame and personalize the work, to give players a sense of how they might approach them, an invitation to care about the logic of their weird, tiny world. There was a time when Activision shipped their videogames with photos and notes from their creators. True, that was a time when the equivalent of "AAA" games were created by individuals, but the point stands. Indie games have a greater capacity for this sort of thing, thanks to their smaller and more compact teams, but that doesn't make independent games automatically more inviting than AAA games, either (a lot of indie games are starting get that stamped out in the factory feel, too). In the AAA scene, I think Naughty Dog, Valve, PopCap, and Blizzard offer examples of culturing a style and a design sensibility.



Persuasive game elements
by Anonymous Coward

My question revolves around trends in the "gamification" of tasks as used by government, corporations and others. I am curious what you feel about the persuasive elements that may or may not be used in these endeavors. I've noticed this holiday season to some sites seem to have attempted to use some gaming elements in very persuasive ways. I haven't really looked to closely into government sites lately, but I'm sure governments around the world are already starting to adopt them. Understanding the power of this is kind of disturbing, particularly when you see how governments, etc. can abuse this. So my question is what, if any recommendations would you give to social activists looking to develop counter-gaming or ways to identify and inform others about these elements? Given the subtle nature of some of these elements, how difficult a task is it to identify these elements in games?

IB: I've been a pretty vocal critic of gamification, which I think is bullshit, and which I've suggested we reframe as exploitationware. In both of those articles about the trend, I point out that the thing governments and corporations and other organizations like best about gamification is its facility, how rapidly and undisruptively it can be integrated into their current practices. Whereas, when I write about persuasive games and procedural rhetoric and the like, I'm interested in the idea that games might be particularly useful frames for complex issues, precisely because good games make complexity and ambiguity and trade-offs central, embracing them rather than rejecting them. Systems rather than soundbites.

The problem is, most governments and even most social activists don't really want to concede that point—that hard problems are hard, that simple answers are usually wrong, and that solutions are less likely than messy, stochastic progress. Instead, they are more concerned with reproducing the conditions of their own existence. For example, I've written before about the White House's "Apps for Healthy Kids" contest. On first blush, this effort looks like an earnest attempt to create games and software about an issue of great concern and great complexity—health and nutrition. But the results are trite and meaningless, just more bad kids software about choosing the carrot instead of the candy bar. They contain no admission of the entrenched, intractable issues at the heart of healthy eating, like food subsidies, industrial farming, population growth and density, socioeconomics, and so forth. And that's because the White House didn't really launch the contest to solve anything. They launched it to make themselves appear contemporary, engaged with the current "app economy," able to make websites with big form fields.

So, the most important lesson for governments or activists or anyone else is that the subtlety is very rarely there, in fact. So either we have to show the reasons why explanations are insufficient and not just "earnest attempts" at a reasonable solution, or we have to create the subtlety in our own media, be they games or books or blog posts. We have to do that in the games themselves, but also in relation to the medium of games, which we ought to position as a medium against simplicity in the first place.



Places where 'gamification' is good?
by oneiros27

At the closing plenary for the 2011 IA Summit, Cennydd Bowles called out the whole 'UX' (User Experience) community as a whole, in that the role that most of them play is in trying to get people to spend more time on websites and buy more stuff, rather than doing stuff that really improves the world. You've taken a similar stance on 'gamification', but there's at least two groups (Zooniverse [zooniverse.org] and FoldIt [fold.it]) using it for good as they're helping to advance science. Can you think of any other situations where we could use video games to improve the world at a grand scale, and not just simple 'edutainment'?

IB: Sometimes general explanations are helpful, and other times more specific ones are required. So despite everything I just said about the games as windows into complex systems, there are other ways to think about the usefulness of games. In my most recent book, How to Do Things with Videogames , I try to make this case, showing a couple dozen or so different applications of games, from art to tools.

Zooniverse and FoldIt are what you might call "games for work." They are games deployed in the pursuit of specific outcomes in the case of both of those titles, the outcomes are identification and analysis in very large scientific data sets, for which automated (computational) analysis is unlikely to be successful. Some people have used the name "human computation" to describe this process, and Louis von Ahn at Carnegie Mellon is probably the best known proponent of it. Others use the term "playbor," and they usually mean it derogatorily.

That mind, here's a question: does human computation in games really improve the world? I know what you're thinking: how could scientific progress not be good? Well, projects like FoldIt and Zooniverse are also massive distributed outsourcing efforts, offering free labor to the research establishment. Sure, you could make a utilitarian argument for why such work is progressive and not exploitative. And it may seem reactionary and dystopian even to intimate that collaborative work might lead to a nightmarish prison state in which tiny doses of satisfaction replace both gainful employment and crafted distraction. Or it may not.

This leads me to my answer, which may disappoint: the world gets improved in fits and starts, in small ways more than in large ones, and thanks to the unseen, unthought infrastructures that undergird it more than the civic or scientific or artistic victories we celebrate in the streets or in the theaters.



Start with a 'Facebook' game or a regular website?
by Anonymous Coward

I lead an enthusiastic clan of RuneScape players, and they tend to have a pretty broad interest in gaming and game development. As the lead programmer/IT guy for the clan, I'm frequently asked about programming and how to go about doing it.

I'm considering setting up a fairly basic Mafia wars type of game for them to expand and update, coded in python/html5 and running on google app engine for simplicity's sake. Python has a huge amount of self learning resources out there, and putting a python project on GAE is my go-to method for getting a project up and running quickly.

Should I encourage them to move into building a Facebook app, or should I encourage them to keep it a standalone website?

On the one hand Facebook gives better potential for expanding their user base, but on the other there's the 30% fee for using Facebook credits and their horrible API documentation. While I want to keep things as straightforward as possible for them, I would like to see their game accumulate a decent number of players so they can show it off.

IB: A pragmatic question! For those of you who haven't developed on the Facebook platform, let me tell you: it is a fucking train wreck. Badly documented (really, the worst documentation I can imagine), works in fits and starts, infrastructure changes constantly, updates roll out weekly, features constantly deprecated and removed, support non-existent, opaque bug and issue reporting. It's a nightmare. It's the Great War of software development, with tangled barbed wire and constant cross fire.

But, in exchange for tolerating that terror, you get access to some 800 million people and the promise that the small fraction of those you can reach will bring their friends. The 30% take for Facebook Credits is a lot compared to a credit card transaction fee, but the entire system is automated and works without any need for special merchant accounts or fears of PayPal retribution. Facebook is a piece of infrastructure, and the benefits it offers as infrastructure are undeniable even if the platform's viral free-for-all days are over.

Which to choose? It sounds to me like you can get your project working without Facebook, and then consider strapping in the social and payment features as you need them. That makes you less reliant on the platform, but also allows you to explore its benefits for your situation, if indeed there are any. In any case, I think being reliant on Facebook is a terrible situation for anybody to be in, whether they are a large company or independent creator.



Tabletop Gaming?
by Anonymous Coward

Is there a bridge between tabletop gaming and video gaming?

I design tabletop games and RPGs, and sometimes when I'm designing something I realize it would all work better as a video game. Do you feel the same way sometimes when you're designing real time games to want to make them turn based or tabletop games? Is there a link between the two industries in a professional way? Can workers from either industry cross over?

IB: There are a few different ways to think about videogames. One situates them in the long history of games, from folk games through wargames through tabletop games on to videogames, and to find similarities in design, use, and application. Another places them in the history of computing, asking how videogames relate to other kinds of software and hardware media for productivity and expression. Another compares them to creative media like literature, film, art, theater, opera, puppetry, and so forth, finding opportunities for adaptation across material form, or obstacles to such adaptation. Another asks how videogames participate in cultural traditions of play, like festival, conflict, sport, and ritual. These are just some of the possible vantage points from which one could seek to understand or design games. And of course, they are not mutually exclusive.

There is a fairly strong tradition of inspiration between tabletop games and computer games. The relationship between Dungeons & Dragons and certain genres of videogames, especially adventure, RPG, and MMOs is well-known. But tabletop wargames (like those published by SPI and Avalon Hill) also inspired many computer game designers, as did the type of strategy games sometimes called German-style board games. Games like Carcassonne and Puerto Rico used to be unheard of among the general public, but thanks to the success of Settlers of Catan, thoughtful tabletop games are becoming increasingly popular, even in this age of computerization.

All of which is just to say that there are a number of successful game designers who take the tabletop-to-computer spectrum as their primary creative axis. Rainer Knizia has created many successful tabletop games as well as videogames (many of which were adaptations of his board game designs). Designers like Greg Costikyan, Brenda Brathwaite, Eric Zimmerman, Nick Fortugno, and Frank Lantz are also frequent players and designers of other types of games — not just tabletop but in some cases large-scale "big games" played in urban spaces, and installation games played in museums or galleries. And many other developers in the videogame industry also play and make non-digital games in their spare time.

There's also a technique called paper prototyping advocated by designers like Raph Koster and Stone Librande, which draws a strong material connection between tabletop and computer game design. Designer and USC professor Tracy Fullerton's book Game Design Workshop is based on this method, and a game design workshop is held every year at the Game Developers Conference that uses non-digital materials exclusively. So, in short, there is a lot of cross-over, even if that crossover isn't always expressed through published tabletop games.



What do you think of James Franco?
Anonymous Coward

I understand you may be working on some sort of joint project with him in the academic world. Is he the rockstar that he appears to be?

IB: Perhaps one day I will be fortunate enough to have James Franco nap in my classes. Until then, I'll have to be satisfied to click on his likeness in the post-cowpocalypse version of Cow Clicker.



Re:Yo, Ian!
by Hatta

I actually read your book Racing the Beam. Fantastic book. The only thing I really want to know is when we can expect the NES, SNES, and Sega Genesis to get the same treatment.

IB: Thanks for reading! For those who haven't yet, Racing the Beam is a book I wrote with Nick Montfort about the ways the hardware design of the Atari Video Computer System (VCS, aka the Atari 2600) influenced game design. The book was the first in a series Nick and I edit called Platform Studies [http://platformstudies.com]. Books in the series discuss the relationship between the hardware and software design of computer platforms and the creative works produced on those systems. These books are meant to be technically detailed but in an explanatory and accessible way, one that doesn't require any particular background to read.

We have a number of new books lined up in the series. Two books will be published this spring: Codename Revolution: The Nintendo Wii Platform by Steven E. Jones and George K. Thiruvathukal, and The Future Was Here: The Commodore Amiga, by Jimmy Maher. Other books at various stages of progress do include the NES, SNES, Flash, and a number of other more esoteric platforms. We're actively looking for more books and authors, so if any readers here have projects that match our vision for the series, please get in touch. Keep in mind that we're interested in computer platforms of all kinds, not just videogame systems.

brothke writes "In the classic poem Inferno, Dante passes through the gates of Hell, which has the inscription abandon all hope, ye who enter here above the entrance. After reading The Tangled Web: A Guide to Securing Modern Web Applications, one gets the feeling the writing secure web code is akin to Dante's experience." Read below for Ben's review. The Tangled Web: A Guide to Securing Modern Web Applications author Michal Zalewski pages 320 publisher No Starch Press rating 10/10 reviewer Ben Rothke ISBN 1593273886 summary Incredibly good and highly technical book on browser security coding In this incredibly good and highly technical book, author Michal Zalewski writes that modern web applications are built on a tangled mesh of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. In the book, Zalewski dissects those subtle security consequences to show what their dangers are, and how developers can take it to heart and write secure code for browsers.

The Tangled Web: A Guide to Securing Modern Web Applications is written in the same style as Zalewski's last book - Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, which is another highly technical and dense book on the topic. This book tackles the issues surrounding insecure web browsers. Since the browser is the portal of choice for so many users; its inherent secure flaws leaves the user at a significant risk. The book details what developers can do to mitigate those risks.

This book starts out with the observation that while the field of information security seems to be a mature and well-defined discipline, there is not even a rudimentary usable framework for understanding and assessing the security of modern software.

In chapter 1, the book provides a brief overview of the development of the web and how so many security issues have cropped in. Zalewski writes that perhaps the most striking and nontechnical property of web browsers is that most people who use them are overwhelmingly unskilled. And given the fact that most users simply do not know enough to use the web in a safe manner, which leads to the predicament we are in now.

Zalewski then spends the remainder of the book detailing specific problems, how they are exploited, and details the manner in which they can be fixed.

In chapter 2, the book details that something as elementary as how the resolution of relative URL's is done isn't a trivial exercise. The book details how misunderstandings occur between application level URL filters and the browser when handling these types of relative references can lead to security problems.

For those that want a feel for the book, chapter 3 on the topic of HTTP is available here.

Chapter 4 deals with HTML and the book notes that HTML is the subject of a fascinating conceptual struggle with a clash between the ideology and the reality of the on-line world. Tim Berners-Lee had the vision of a semantic web;namely a common framework that allows data to be shared and reused across applications, companies and the entire web. The notion though of a semantic web has not really caught on.

Chapter 4 continues with a detailed overview of how to understand HTML parser behavior. The author writes that HTML parsers will second-guess the intent of the page developer which can leads to security problems.

In chapter 12, the book deals with third-party cookies and notes that since their inception, HTTP cookies have been misunderstood as the tool that enables online advertisers to violate users privacy. Zalewski observes that the public's fixation on cookies is deeply misguided. He writes there is no doubt that some sites use cookies as a mechanism for malicious use. But that there is nothing that makes it uniquely suited for this task, as there are many other equivalent ways to sore unique identifiers on visitor's computes, such as cache-based tags.

Chapter 14 details the issue of rogue scripts and how to manage them. In the chapter, the author goes slightly off-topic and asks the question if the current model of web scripting is fundamentally incompatible with the way human beings works. Which leads to the question of it if is possible for a script to consistently outsmart victims simply due to the inherent limits of human cognition.

Part 3 of the book takes up the last 35 pages and is a glimpse of things to come. Zalewski optimistically writes that many of the battles being fought in today's browser war is around security, which is a good thing for everyone.

Chapter 16 deals with new and upcoming security features of browsers and details many compelling security features such as security model extension frameworks and security model restriction frameworks.

The chapter deals with one of the more powerful frameworks is the Content Security Policy (CSP) from Mozilla. CSP is meant to fix a large class of web application vulnerabilities, including cross site scripting, cross site request forgery and more. The book notes that as powerful as CSP is, one of its main problems is not a security one, in that it requires a webmaster to move all incline scripts on a web page to a separately requested document. Given that many web pages have hundreds of short scripts; this can be an overwhelmingly onerous task.

The chapter concludes with other developments such as in-browser HTML sanitizers, XSS filtering and more.

Each chapter also concludes with a security engineering cheat sheetthat details the core themes of the chapter.

For anyone involved in programming web pages, The Tangled Web: A Guide to Securing Modern Web Applications should be considered required reading to ensure they write secure web code. The book takes a deep look at the core problems with various web protocols, and offers effective methods in which to mitigate those vulnerabilities.

Michal Zalewski brings his extremely deep technical understanding to the book and combines it with a most readable style. The book is an invaluable resource and provides a significant amount of information needed to write secure code for browsers. There is a huge amount of really good advice in this book, and for those that are building web applications, this is a book they should read.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The Tangled Web: A Guide to Securing Modern Web Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "In the classic poem Inferno, Dante passes through the gates of Hell, which has the inscription abandon all hope, ye who enter here above the entrance. After reading The Tangled Web: A Guide to Securing Modern Web Applications, one gets the feeling the writing secure web code is akin to Dante's experience." Read below for Ben's review. The Tangled Web: A Guide to Securing Modern Web Applications author Michal Zalewski pages 320 publisher No Starch Press rating 10/10 reviewer Ben Rothke ISBN 1593273886 summary Incredibly good and highly technical book on browser security coding In this incredibly good and highly technical book, author Michal Zalewski writes that modern web applications are built on a tangled mesh of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. In the book, Zalewski dissects those subtle security consequences to show what their dangers are, and how developers can take it to heart and write secure code for browsers.

The Tangled Web: A Guide to Securing Modern Web Applications is written in the same style as Zalewski's last book - Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, which is another highly technical and dense book on the topic. This book tackles the issues surrounding insecure web browsers. Since the browser is the portal of choice for so many users; its inherent secure flaws leaves the user at a significant risk. The book details what developers can do to mitigate those risks.

This book starts out with the observation that while the field of information security seems to be a mature and well-defined discipline, there is not even a rudimentary usable framework for understanding and assessing the security of modern software.

In chapter 1, the book provides a brief overview of the development of the web and how so many security issues have cropped in. Zalewski writes that perhaps the most striking and nontechnical property of web browsers is that most people who use them are overwhelmingly unskilled. And given the fact that most users simply do not know enough to use the web in a safe manner, which leads to the predicament we are in now.

Zalewski then spends the remainder of the book detailing specific problems, how they are exploited, and details the manner in which they can be fixed.

In chapter 2, the book details that something as elementary as how the resolution of relative URL's is done isn't a trivial exercise. The book details how misunderstandings occur between application level URL filters and the browser when handling these types of relative references can lead to security problems.

For those that want a feel for the book, chapter 3 on the topic of HTTP is available here.

Chapter 4 deals with HTML and the book notes that HTML is the subject of a fascinating conceptual struggle with a clash between the ideology and the reality of the on-line world. Tim Berners-Lee had the vision of a semantic web;namely a common framework that allows data to be shared and reused across applications, companies and the entire web. The notion though of a semantic web has not really caught on.

Chapter 4 continues with a detailed overview of how to understand HTML parser behavior. The author writes that HTML parsers will second-guess the intent of the page developer which can leads to security problems.

In chapter 12, the book deals with third-party cookies and notes that since their inception, HTTP cookies have been misunderstood as the tool that enables online advertisers to violate users privacy. Zalewski observes that the public's fixation on cookies is deeply misguided. He writes there is no doubt that some sites use cookies as a mechanism for malicious use. But that there is nothing that makes it uniquely suited for this task, as there are many other equivalent ways to sore unique identifiers on visitor's computes, such as cache-based tags.

Chapter 14 details the issue of rogue scripts and how to manage them. In the chapter, the author goes slightly off-topic and asks the question if the current model of web scripting is fundamentally incompatible with the way human beings works. Which leads to the question of it if is possible for a script to consistently outsmart victims simply due to the inherent limits of human cognition.

Part 3 of the book takes up the last 35 pages and is a glimpse of things to come. Zalewski optimistically writes that many of the battles being fought in today's browser war is around security, which is a good thing for everyone.

Chapter 16 deals with new and upcoming security features of browsers and details many compelling security features such as security model extension frameworks and security model restriction frameworks.

The chapter deals with one of the more powerful frameworks is the Content Security Policy (CSP) from Mozilla. CSP is meant to fix a large class of web application vulnerabilities, including cross site scripting, cross site request forgery and more. The book notes that as powerful as CSP is, one of its main problems is not a security one, in that it requires a webmaster to move all incline scripts on a web page to a separately requested document. Given that many web pages have hundreds of short scripts; this can be an overwhelmingly onerous task.

The chapter concludes with other developments such as in-browser HTML sanitizers, XSS filtering and more.

Each chapter also concludes with a security engineering cheat sheetthat details the core themes of the chapter.

For anyone involved in programming web pages, The Tangled Web: A Guide to Securing Modern Web Applications should be considered required reading to ensure they write secure web code. The book takes a deep look at the core problems with various web protocols, and offers effective methods in which to mitigate those vulnerabilities.

Michal Zalewski brings his extremely deep technical understanding to the book and combines it with a most readable style. The book is an invaluable resource and provides a significant amount of information needed to write secure code for browsers. There is a huge amount of really good advice in this book, and for those that are building web applications, this is a book they should read.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The Tangled Web: A Guide to Securing Modern Web Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

asgard4 writes "In recent years GPUs have become powerful computing devices whose power is not only used to generate pretty graphics on screen but also to perform heavy computation jobs that were exclusively reserved for high performance super computers in the past. Considering the vast diversity and rapid development cycle of GPUs from different vendors, it is not surprising that the ecosystem of programming environments has flourished fairly quickly as well, with multiple vendors, such as NVIDIA, AMD, and Microsoft, all coming up with their own solutions on how to program GPUs for more general purpose computing (also abbreviated GPGPU) applications. With OpenCL (short for Open Computing Language) the Khronos Group provides an industry standard for programming heavily parallel, heterogeneous systems with a language to write so-called kernels in a C-like language. The OpenCL Programming Guide gives you all the necessary knowledge to get started developing high-performing, parallel applications for such systems with OpenCL 1.1." Keep reading for the rest of asgard4's review. OpenCL Programming Guide author Aaftab Munshi, Benedict R. Gaster, Timothy G. Mattson, James Fung, Dan Ginsbur pages 603 publisher Addison-Wesley Pearson Educatio rating 9/10 reviewer asgard4 ISBN 0321749642 summary A solid introduction to programming with OpenCL. The authors of the book certainly know what they are talking about. Most of them have been involved in the standardization effort that went into OpenCL. Munshi, for example, is the editor of the OpenCL specification. So all the information in the book is first-hand knowledge from experts in OpenCL. The reader is expected to be familiar with the C programming language and basic programming concepts. Some experience in parallelizing problems is a benefit but not a requirement.

The book consist of two major parts. The first part is a detailed description of the OpenCL C language and the API used by the host to control the execution of programs written in that language. The second part is comprised of various case studies that show OpenCL in action.
The authors get straight to the point in the introduction, discussing the conceptual foundations of OpenCL in detail. They explain what kernels are (basically functions that are scheduled for execution on a compute device), how the kernel execution model works, how the host manages the command queues that schedule memory transfers or kernel execution on compute devices, and the memory model.

While this first chapter is all prose, the second chapter dives right in with some code and a first HelloWorld example. The following chapters introduce more and more of the OpenCL language and API step-by-step. All API functions are described in somewhat of a reference style with a lot of detail, including possible error codes. However, the text is not a reference. There is always a good explanation with examples or short code listings, the only notable exception being chapter three, which presents the OpenCL C language. A few more examples would have made the text less dry in this chapter.

An important chapter is chapter nine on events and synchronization between multiple compute devices and the host. This chapter is important because — as any experienced parallel programmer knows — getting synchronization right is often tricky but obviously essential for correct execution of a parallel program.

An interesting feature in OpenCL is the built-in interoperability with OpenGL and, surprisingly, Direct3D. Various functions in the OpenCL API allow creating buffers from OpenGL/Direct3D objects, such as textures or vertex buffers, that can be used by an OpenCL kernel. This opens up interesting possibilities for doing a lot more work on the GPU in graphics applications, such as running a fluid simulation on the GPU in OpenCL, which directly writes its results into vertex buffers or textures to be used directly for rendering without the host CPU having to intervene.

Before delving into the case studies the book briefly discusses the embedded profile that is available for OpenCL and the standardized C++ API that the Khronos Group provides in addition to the regular OpenCL API (which is defined exclusively as C functions). The C++ API makes using some of the OpenCL objects a little bit easier and somewhat nicer.

The second part of the book contains various interesting case studies that show off what OpenCL can be used for, such as computing a sobel filter or a histogram for an image, computing FFTs, doing cloth simulation, or multiplying dense and sparse matrices. The choice and variety of case studies is definitely interesting and most will be immediately applicable to the reader when going forward developing applications using OpenCL. All the code for the examples and the case studies in the book are available for download on the book's website.

Overall, the OpenCL Programming Guide succeeds in being a great introduction to OpenCL 1.1. The book covers all of the specification and more, has an easy to read writing style and yet provides all the necessary details to be an all-encompassing guide to OpenCL. The good selection of case studies makes the book even more appealing and demonstrates what can be done with real-life OpenCL code (and also how it needs to be optimized to get the best performance out of current OpenCL platforms, such as GPUs).

Martin Ecker has been involved in real-time graphics programming for more than 15 years and works as a professional game developer for Sony Computer Entertainment America in sunny San Diego, California.

You can purchase OpenCL Programming Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "The last few years have seen the emergence of several significant advances in web technologies, including HTML5 and CSS3 — all impacting the development of traditional and mobile-centric web sites. In turn, various technical book publishers have released titles addressing one or more of these technologies. While one book may focus on HTML5 and the new JavaScript APIs, another might include extensive coverage of CSS3, with little mention of JavaScript. A recent title, Sams Teach Yourself HTML5 Mobile Application Development in 24 Hours, focuses on some of the more commonly employed elements introduced with HTML5, and how they can be used for creating mobile sites and applications." Read below for the rest of Michael's review. Sams Teach Yourself HTML5 Mobile Application Development in 24 Hours author Jennifer Kyrnin pages 496 pages publisher Sams Publishing rating 8/10 reviewer Michael J. Ross ISBN 978-0672334405 summary A tutorial on building web sites and apps with HTML5. This book was authored by Jennifer Kyrnin, who has plenty of experience in using as well as teaching web design techniques, and who curates the Web Design / HTML section of About.com. The book was put out by Sams Publishing (an imprint of Pearson Education) on 25 November 2011, under the ISBN 978-0672334405. On the publisher's page, visitors will find the book's description and table of contents, and some sample content in a PDF document, including the first chapter, "Improving Mobile Web Application Development with HTML5." The page appears to not list any reported errata. This book is available in both print and electronic formats (EPUB and PDF), but prospective buyers should be warned that the e-book is less than seven dollars cheaper than the print version ($25.59 versus $31.99), despite the huge disparity in production and distribution costs. The author's web site offers additional information, primarily in the form of a newsletter devoted to HTML5. The preface claims that this second web site has the example source code from the book, as well as ways to ask questions and report errata; but if so, they are well hidden, as of this writing.

Spanning 496 pages in total, the book's material is organized into two dozen chapters, as is usual with any of the books in the "Sams Teach Yourself X in 24 Hours" series. Readers may well wonder if this artificial constraint causes the various authors to structure their books in a way that does not always make sense. In the case of this title, there does appear to be some forced splitting of material between two chapters, namely, "Building a Mobile Web Application" and "Converting Web Apps to Mobile." Conversely, three topics that may deserve their own chapters are lumped together, in "WebSockets, Web Workers, and Files." Moreover, it is arguably unrealistic to expect that the typical reader will be able — or would even attempt — to read and comprehend a technical book of such length and subject matter in only 24 hours — to say nothing of the time required to type in the sample code (in order to test it and reinforce the information learned). This "teach yourself in 24 hours" format borders on "brain surgery in three easy steps." Lastly, it leads to silly phrasing such as: "a result of reading the hour" (page xvii).

The chapters and appendices are grouped into four parts, the first of which is titled "Building Web Pages and Applications with the Open Web Standard." The structure of the first chapter is replicated in all of the other chapters: The author briefly lists what the reader will learn, and then begins explicating the concepts, illustrated with example code wherever appropriate. Each chapter concludes with a summary (which is of no value), several FAQs (whose material should instead be folded into the main chapter content), and a workshop section comprising quiz questions and exercises for the reader to tackle. Part I's eight chapters introduce HTML5, web applications, the W3C Open Web Standard, the new HTML5 elements and their attributes, CSS3 (with justifiably limited coverage), mobile browser detection, JavaScript, and jQuery. Then the author presents the basics of how to build mobile web apps, both from scratch and from using a non-mobile web site as a starting point.

Part II, "Learning the HTML5 Essentials," goes into greater detail of numerous basic aspects of HTML5: the new HTML5 sectioning, heading, and semantic elements; the semantic repurposing of some HTML 4 elements; the new canvas element (with limited coverage of this extensive topic); new typography support; audio and video elements; new form capabilities; HTML editable content, spell checking, and other user interactivity; microformats, microdata, and RDFa; in-page drag and drop; and new functionality for linking (the <a>, <area>, and <link> elements). Readers should note that the discussion in the ninth chapter on the new sectioning elements starts off rather confusingly, but soon improves, making it well worth reading.

The third part of the book, "HTML5 for Mobile and Web Applications," begins with an introduction to web apps, as well as the HTML5 application programming interfaces (APIs) and data sets upon which they may rely. The author then discusses specific APIs that can be of great use in web apps — specifically, the WebSockets, Web Workers, and File APIs, which allow one to make asynchronous connections between the app and a remote host, perform scripted background processing, and access local files. The remaining chapters show how to: make a web app usable even when it is disconnected from the Internet; save data on the client side (using local storage, session storage, Web SQL, and IndexedDB); control the browser history; geolocate the client; and convert an HTML5 application into a native mobile app, with detailed information on using PhoneGap. Aside from the index, the book concludes with three appendices that cover: answers to the end-of-chapter quizzes; a list of the HTML5 elements and their more commonly-employed attributes; and a list of other books and web sites that address HTML5 and mobile design and development.

The average programming book — particularly one of this size, and in a first edition — will contain some errata, and this one is no exception: "shortcut style" should read "shorthand style" (page 37); "Specific[,] Measurable" (87); "complimentary" should read "complementary" (93); the "By the Way" section on page 131 is missing a close parenthesis; "html5elmeents" (136); "will [be] eventually" (184); "a straight line [] they" (184); "makes build[ing] forms" (223); "method[s] exist" (362); "the page [it] is on" (383); and "()creates" (390).

There are some other parts of the text where either the author or the editorial team may have been careless — for instance, the figcaption and figure tags repeated on pages 16 and 18. Fortunately, such cases are few and far between. The HTML, CSS, and JavaScript code is generally of decent quality, except much of the HTML markup is not indented properly. In the JavaScript code, most if not all of the string concatenation is jammed together, making the elements difficult to distinguish (e.g., page 72). Also, some of the HTML does not utilize the more streamlined attributes of HTML5, such as <script type="text/javascript"> (e.g., page 20), or is not well formed, such as </li> tags missing (e.g., pages 236 and 250).

The author occasionally uses terminology that would be comprehensible only to someone who already has the knowledge that the narrative presents for the first time, without providing at least a quick explanation, e.g.: the !"!" JavaScript operator (page 55); the terms "rollover" and "user agent" (page 69 for both); and "the manifest comes up 404 or 410" (page 342). Some of the advice may be true, but is rather outdated, such as the admonitions in the first chapter to not use frames, nor to use tables or spacer images for layout. Those principles were validated and disseminated many years ago. Some statements could easily be misinterpreted by beginners, e.g., "As long as your HTML file is in the same folder as your style sheet file, it will load your styles when your page is loaded" (page 36). Other statements are not explained in detail or substantiated, and consequently the reader will probably not understand the reasoning behind it, e.g., "using the min- and max- extensions is more effective" (page 61), and "a separate mobile domain [] makes your mobile site easier to find" (page 10). Readers may disagree completely with some of the claims, e.g., "XHTML [is] very difficult to write" (page 2).

There are only two discernible problems with the production of the book: In some of the HTML code, curly quotes are used (e.g., page 303). Secondly and more importantly, the san-serif font used to indicate keywords looks much too similar to the serif font of the regular text, causing the keywords to blend into the surrounding material.

Yet the main problem with the narrative is the somewhat erratic manner in which the author skips from one topic to the next, often providing just a few paragraphs or even sentences for each topic — giving the impression that critical information may have been neglected as a result of the less-than-methodical organization of the material. Most of those topics are discussed again, in varying levels of detail, in later chapters. This is not optimal, because technical readers generally hope to find full coverage of any given topic in one place; hence, it can be frustrating if the information is scattered throughout a book. This is especially true if the reader has already read the book in full, and is now returning to it in order to utilize it as a reference source. For instance, in many cases, attributes are presented, but without detailed explanation or examples. Fortunately, the worst of it seems to be confined to Part I of the book, which contains most of the introductory material. Most if not all of the key concepts appear to be addressed to at least some extent. Lastly, some of the information that should have been presented right up front, is not, e.g., the definitions of HTML5 on pages xiv, 1, and 52.

Unlike most programming books nowadays, this one has few instances of phrasing that would baffle the reader for long, and there are no goofy attempts at humor. For most of the topics, the information provided is the minimum to achieve the bulk of the desired results. The advantage to this is that the narrative is generally concise and quick to read, and the author is able to cover a lot of ground without having to package such a broad topic in a (more expensive) tome. Some of the narrative is quite good, such as the explanations of the various browser exceptions involved in the HTML5 drag-and-drop functionality.

Despite the aforementioned blemishes, this book is definitely worth a look, because it is currently one of the most complete tutorials for learning how to use HTML5 for creating mobile apps and web sites.

Michael J. Ross is a freelance web developer and writer.

You can purchase Sams Teach Yourself HTML5 Mobile Application Development in 24 Hours from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

theodp writes "If you're the giver or recipient of presents gift-wrapped by Amazon, you may want to take a gander at U.S. Patent No. 8,060,463, granted to Amazon last month for Mining of User Event Data to Identify Users with Common Interests. Among other things, Amazon explains the invention can be used to identify recipients of gifts as Christian or Jewish based on wrapping paper. From the patent: 'The gift wrap used by such other users when purchasing gifts for this user, such as when the gift wrap evidences the user's religion (in the case of Christmas or Hanukkah gift wrap, for example.)'"

brothke writes "If there ever was a book that should not be judged by its title, Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It, is that book. Even if one uses the definition in The New Hackers Dictionary of 'a collection of arcane, unpublished, and (by implication) mostly ad-hoc techniques developed for a particular application or systems area', that really does not describe this book. The truth is that hacking is none of the above. If anything, it is a process that is far from mysterious, but rather aether to describe. With that, the book does a good job of providing the reader with the information needed to run a large set of hacking tools." Read below for the rest of Ben's review. Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It author Jesse Varsalone, Matthew Mcfadden, Michael Schearer, Sean Morrissey pages 412 publisher CRC Press rating 7/10 reviewer Ben Rothke ISBN 1439821194 summary Good reference for someone experienced in the topic who wants to improve their skills Defense against the Black Arts is another in the line of hacking overview books that started with the first edition of Hacking Exposed. Like Hacking Exposed, the book walks the reader through the process of how to use hacking tools and how to make sense of their output.

Defense against the Black Arts is written for the reader with a good technical background who is looking for a nuts and bolts approach to ethical hacking. Its 14 chapters provide a comprehensive overview of the topic, with an emphasis on Windows.

But for those looking for an introductory text, this is not the best choice out there. The book is written for the reader that needs little hand-holding. This is in part due to its somewhat rough around the edges text and the use of more advanced hacking tools and techniques.

By page 4, the author has the reader downloading BackTrack Linux. BackTrack is a Ubuntu distro which has a focus on digital forensics and penetration testing. BackTrack is currently in a 5 R1 release, based on Ubuntu 10.04 LTS and Linux kernel 2.6.39.4. BackTrack comes with a significant amount of security and hacking tools preloaded, which the authors reference throughout the book.

After showing how to install BackTrack, chapter 1 shows how to log into Windows without knowing the password. Much of that is around the Kon-Boot tool, which allows you to change the contents of the Windows kernel in order to bypass the administrator password. Tools like Kon-Boot though will only work when you have physical access to the machine.

Chapter 3 gets into the details of digital forensics and highlights a number of popular tools for forensic imaging. While the book provides a good overview of the topic, those looking for the definitive text on the topic should read Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet.

Chapter 5 deals with web application penetration testing. The authors describe a number of tools that can be used to assess the security of web sites, and offer ways to attempts to manipulate data from a web page or web application.

One is likely hard pressed to find a large web site that will be vulnerable to such web attacks, given that most of them have already checked for those errors via validation control testing. Smaller vendors may not be so proactive, and find out that those $99- items are being sold for .99 cents. With that, the chapter details a number of tools developers can use to test for SQL injection, XSS and other types of web vulnerabilities.

Chapter 8 is about capturing network traffic. There are two perspective to collecting traffic. For the attacker, it is about identifying holes and avenues for attack. For those trying to secure a network, collecting network traffic is an exercise in identifying, thwarting and defending the network against attacks.

Chapter 10 provides a brief overview of Metasploit. For those looking for a comprehensive overview of Metasploit, Metasploit: The Penetration Testers Guide is an excellent resource. This chapter like many of the others provides the reader with detailed step-by-step instructions, including screen prints, on how to use the specific tool at hand.

Chapter 11 provides a long list of attack and defense tools that can be used as a larger part of a penetration tester's toolkit.

Chapter 12 is interesting is that it details how social engineering can be used. The authors show how public domain tools like Google Maps can be used in to mount an attack.

Chapter 13 – Hack the Macs– is one of the shorter chapters in the book and should really be longer. One of the reasons pen testers are increasingly using Macs is that the newer Macs run on the Intel platform, and can run and emulate Windows and Linux. The increasing number of tools for the Mac, and significant Mac vulnerabilities, mean that the Mac will increasingly be used and abused in the future.

Just last week, Dr. Mich Kabay wrote in Macintosh Malware Erupts that malware specifically designed for Mac is on the rise. This is based on progressively more and more serious malware for the Mac since 2009 where given that Apple products have been increasing their market share for laptops and workstations but especially for tablets and phones.

The article notes that one of the reasons Mac OS X is perceived as superior to Windows is because of its appearance of having integrated security. But although the design may be sound, the operating system does not prevent people from being swayed into thinking that the malicious software they are downloading is safe. With that, Apple will have to concentrate more on security and vulnerability within their operating system.

The book ends with about 30 pages on wireless hacking. The chapter provides an overview of some of the weaknesses in Wi-Fi technology and how they can be exploited. The chapter focuses on the airmon tool, part of BackTrack that you can use to set your wireless adapter into monitor mode, to see all of the traffic traversing the wireless network.

Overall, Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It is a really good reference for someone experienced in the topic who wants to improve their expertise.

Ben Rothkei s the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "If there ever was a book that should not be judged by its title, Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It, is that book. Even if one uses the definition in The New Hackers Dictionary of 'a collection of arcane, unpublished, and (by implication) mostly ad-hoc techniques developed for a particular application or systems area', that really does not describe this book. The truth is that hacking is none of the above. If anything, it is a process that is far from mysterious, but rather aether to describe. With that, the book does a good job of providing the reader with the information needed to run a large set of hacking tools." Read below for the rest of Ben's review. Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It author Jesse Varsalone, Matthew Mcfadden, Michael Schearer, Sean Morrissey pages 412 publisher CRC Press rating 7/10 reviewer Ben Rothke ISBN 1439821194 summary Good reference for someone experienced in the topic who wants to improve their skills Defense against the Black Arts is another in the line of hacking overview books that started with the first edition of Hacking Exposed. Like Hacking Exposed, the book walks the reader through the process of how to use hacking tools and how to make sense of their output.

Defense against the Black Arts is written for the reader with a good technical background who is looking for a nuts and bolts approach to ethical hacking. Its 14 chapters provide a comprehensive overview of the topic, with an emphasis on Windows.

But for those looking for an introductory text, this is not the best choice out there. The book is written for the reader that needs little hand-holding. This is in part due to its somewhat rough around the edges text and the use of more advanced hacking tools and techniques.

By page 4, the author has the reader downloading BackTrack Linux. BackTrack is a Ubuntu distro which has a focus on digital forensics and penetration testing. BackTrack is currently in a 5 R1 release, based on Ubuntu 10.04 LTS and Linux kernel 2.6.39.4. BackTrack comes with a significant amount of security and hacking tools preloaded, which the authors reference throughout the book.

After showing how to install BackTrack, chapter 1 shows how to log into Windows without knowing the password. Much of that is around the Kon-Boot tool, which allows you to change the contents of the Windows kernel in order to bypass the administrator password. Tools like Kon-Boot though will only work when you have physical access to the machine.

Chapter 3 gets into the details of digital forensics and highlights a number of popular tools for forensic imaging. While the book provides a good overview of the topic, those looking for the definitive text on the topic should read Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet.

Chapter 5 deals with web application penetration testing. The authors describe a number of tools that can be used to assess the security of web sites, and offer ways to attempts to manipulate data from a web page or web application.

One is likely hard pressed to find a large web site that will be vulnerable to such web attacks, given that most of them have already checked for those errors via validation control testing. Smaller vendors may not be so proactive, and find out that those $99- items are being sold for .99 cents. With that, the chapter details a number of tools developers can use to test for SQL injection, XSS and other types of web vulnerabilities.

Chapter 8 is about capturing network traffic. There are two perspective to collecting traffic. For the attacker, it is about identifying holes and avenues for attack. For those trying to secure a network, collecting network traffic is an exercise in identifying, thwarting and defending the network against attacks.

Chapter 10 provides a brief overview of Metasploit. For those looking for a comprehensive overview of Metasploit, Metasploit: The Penetration Testers Guide is an excellent resource. This chapter like many of the others provides the reader with detailed step-by-step instructions, including screen prints, on how to use the specific tool at hand.

Chapter 11 provides a long list of attack and defense tools that can be used as a larger part of a penetration tester's toolkit.

Chapter 12 is interesting is that it details how social engineering can be used. The authors show how public domain tools like Google Maps can be used in to mount an attack.

Chapter 13 – Hack the Macs– is one of the shorter chapters in the book and should really be longer. One of the reasons pen testers are increasingly using Macs is that the newer Macs run on the Intel platform, and can run and emulate Windows and Linux. The increasing number of tools for the Mac, and significant Mac vulnerabilities, mean that the Mac will increasingly be used and abused in the future.

Just last week, Dr. Mich Kabay wrote in Macintosh Malware Erupts that malware specifically designed for Mac is on the rise. This is based on progressively more and more serious malware for the Mac since 2009 where given that Apple products have been increasing their market share for laptops and workstations but especially for tablets and phones.

The article notes that one of the reasons Mac OS X is perceived as superior to Windows is because of its appearance of having integrated security. But although the design may be sound, the operating system does not prevent people from being swayed into thinking that the malicious software they are downloading is safe. With that, Apple will have to concentrate more on security and vulnerability within their operating system.

The book ends with about 30 pages on wireless hacking. The chapter provides an overview of some of the weaknesses in Wi-Fi technology and how they can be exploited. The chapter focuses on the airmon tool, part of BackTrack that you can use to set your wireless adapter into monitor mode, to see all of the traffic traversing the wireless network.

Overall, Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It is a really good reference for someone experienced in the topic who wants to improve their expertise.

Ben Rothkei s the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

First time accepted submitter TomOfAmalfi writes "People are concerned about government use of domestic surveillance drones, but how is that different than what happens when people make their own drones, or buy them at a toy store? These units don't have the endurance or performance of the 'professional' models, but they can be useful and will get better. I can hear the police now when they realize the protesters are tracking them with toys."

First time accepted submitter BenLinders writes "The Economics of Software Quality provides solutions to quantify software quality, helping you to manage software development and maintenance. It contains software quality data that you can use to build a business case to improve the quality of your software, and decide upon processes and techniques that can help to implement the needed improvements in your organization." Read below for the rest of Ben's review. The Economics of Software Quality author Capers Jones and Olivier Bonsignour pages 587 publisher Addison-Wesley rating 8/10 reviewer Ben Linders ISBN 978-0-13-258220-9 summary To build your Business Case for Software Quality Improvement Quantifying software quality is not an easy thing. Several measurements exist, for instance estimating and tracking the number of defects that are found (both within development/maintenance and from customers), measuring software quality with static analysis tools (complexity, fan in/fan out), or measuring the effectiveness of software development methods and techniques (like inspections, test, and Cost of Poor Quality). This book covers software quality factors that influence the quality of software products as perceived (and believed!) by customers. An extensive list of factors is provided, where the authors have selected those factors that they consider most significant to achieve quality.

Many software development processes and techniques are covered in this book, from a quality and economic point of view. This also includes agile methods, where a body of data is available about the effects of agile techniques like user stories, Test Driven Design, Scrum Sessions, Measuring Technical Debt, and Pair Programming. For instance, about agile user stories the book states "... the user story method seems to be concise and fairly trouble-free, User stories average below 0.5 pages per function point and seem to contain fewer than 0.5 defects per function point`. This kind of information can be very helpful to build a business case for using agile methods in your organization.

Most of the data on software quality that the book provides is in "Defects per Function Point". A backfiring table is also provided, to translate language statements/lines to function points. So if you are not using function point, but programming in Java, Ruby, C++ or any other popular programming language, the data can still be used.

There is a full chapter covering defect prevention. Methods like Reuse, Formal Inspections and Quality Function Deployment are the most effective in preventing defects, and also techniques like Root Cause Analysis and PSP/TSP are claimed to be very effective. Given that the top ten techniques reduce defects with 40% — 85%, makes it interesting for many organizations to investigate the business case to improve the quality of their products, using these methods and techniques.

Additional information is provided on how to measure the effects on quality from a given method or technique. The book also provides warning for quality measurements that can be unreliable. An example is measuring cost-per-defect. When the quality of your development activities increases, for instance by improving requirements practices and implementing defect prevention for design and coding, the number of defects that testing finds will go down. Since test case preparation is a fixed cost, the cost per defect for testing will go up when the software has fewer defects. This makes such a measurement potentially unreliable. I believe that the main benefits will come when you can reduce your testing activities, based upon measurements that quantify the quality of your products before testing starts. Techniques like risk based testing can also reduce your testing hours, thus saving time and money on tests that are not needed.

Defects measurements and tracking are used in more then 55% of the military and defense software applications (using CMMI, TSP, QFD, etc), but in less then 15% of IT, commercial, web or embedded applications. Given their prevention effectiveness of -35%, and removal effectiveness of 25%, it is still surprising to me that this is not used more often. The data needed for these kinds of measurements is usually available in the defect management systems, though some addition effort is needed to classify defects and to do Root Cause Analysis. The benefits of using these kinds of measurements, combined with estimations of the expected quality at release, to decide and steer software development and prevent defects during the development and before release are significant.

The book also gets into methods to quantify structural quality issues that are not exactly "defects" but have an important impact – "Technical Debt" being one of these methods of quantification. These kind of measurements help to manage the quality of your code base, being able to see the impact on quality from changes, and take action to get quality back on the desired level when needed.

Reviews and inspections are very effective ways to remove defects before testing. Several techniques are described, both informal and formal techniques. Several of them are also usable within agile methods, supporting teams in developing better quality software. Applying these techniques effectively requires training, and arrangements within your company that enable employees to use them. The book makes clear that if you want to reduce post release defects and lower your maintenance costs, the work needs to start with early software development activities, like using better techniques for managing requirements, software modeling and design, reviews and inspections, and automatic code analysis. Testing alone is not sufficient to improve quality, and is also very costly.

The relationship between quality and risks is also explored. Many major software problems are related to the quality of the software products, e.g. outages, data loss, security issues or regulatory non compliances. Investigating such issues, for instance with Audit or Root Cause Analyses, and taking action to prevent similar problems in the future can be essential for your business. Measuring the losses and estimating potential benefits from preventive actions helps you to select the right improvements, and acquire commitment and funding to implement them.

The capabilities and skills of the staff that develops the software have significant impact on the quality. The benefits of training, skill development, and sharing of experiences to develop a learning organization can be huge. Software methods like Agile and RUP include mechanisms to continuously evaluate, learn and improve the capabilities of your staff. E.g. using retrospectives and scrum boards, to identify and follow up with improvement actions.

Overall the book covers the economic perspective of quality. The information provided can be overwhelming for some readers. If you need to improve your product quality, and are limited in time and money to do it, this book helps you to select effective quality methods and techniques, and to measure and track your progress when implementing improvements.

Ben Linders is a specialist in quality, process improvement and organizational development.

You can purchase The Economics of Software Quality from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Web designers and developers alike are increasingly enthused about the capabilities offered by HTML5, which is generally considered the combination of the latest version of the Web's primary markup language and its related technologies. Consequently, publishers have rushed to market a wide variety of books that purport to explore the inner mysteries of HTML5, even as the standards — and how browsers implement them — are still in flux. In characteristic fashion, O'Reilly Media took the time to wait for some of the dust to settle, and attempted to create a resource more approachable and solid than those thrown together quickly. The final result is Head First HTML5 Programming." Read on for the rest of Michael's review. Head First HTML5 Programming author Eric Freeman and Elisabeth Robson pages 608 pages publisher O'Reilly Media rating 7/10 reviewer Michael J. Ross ISBN 978-1449390549 summary A heavily-illustrated introduction to building web pages and web apps with HTML5. The release of this book is quite timely, given the current developments in web technologies. As one of the underpinning components, HyperText Markup Language (HTML) has undergone tremendous change during its two-decade history — with new element names and attributes being added to try to keep up with the latest multimedia formats, design techniques, and other factors in the Internet's evolution. Even though this newest major revision, HTML5, is still not completely supported by most browsers, much of its capabilities are already available, to one extent or another. Also, forward-thinking designers and developers are not waiting for the final blessing by the W3C to begin learning what they can do with it now and in the future.

This book was written by Eric Freeman and Elisabeth Robson, both of whom possess a lot of experience with the subject matter. This title was released on 18 October 2011, under the ISBN 978-1449390549. Its considerable size, 608 pages, is partly due to the extensive use of humorous pictures, actors, scenarios, clever drawings, and a generous use of whitespace — characteristic of other titles in the Head First series. At first glance, these elements might seem like cartoonish gimmicks, meant only to boost the page count or keep graphics employees busy. Actually, these methods are intended to help readers retain the new knowledge, and make the learning process more pleasant. This approach is covered in more detail in the book's introduction.

The material is organized into ten chapters, followed by an appendix. The only technical prerequisite, for prospective readers to get the most out of the book, is a solid understanding of HTML and CSS. Some JavaScript knowledge would be helpful, but is not necessary. On the publisher's page, visitors will find more details about the book, a couple reader reviews, some brief author bios, links to purchase the print and electronic versions (PDF is the only format), and the reported errata (of which there are eight, as of this writing). The example code and other files for the book can be obtained from WickedlySmart.

The first chapter introduces HTML5, at a high level and a fast pace, focusing on the new features that it offers, such as the new JavaScript APIs: embedded video and audio (without the use of plug-ins), client-side data storage, off-line web apps and caching, geolocation, canvases, sockets, Web Workers, and advanced capabilities for forms and drag-and-drop. JavaScript is also introduced, with some simple example code. Much more detail is presented in the subsequent chapter. The only confusing point is, on page 53, when the authors state that there are three different ways to add JavaScript code to a web page, but the figure shows four permutations. The third chapter explains how to work with events and handlers, using a simple music playlist app to illustrate the ideas. In the subsequent chapter, functions and objects are explored in much greater detail, and the presentation is quite methodical and comprehensible.

With Chapter 5, "Geolocation," the authors shift from establishing a foundation of basic JavaScript knowledge, to showing how to apply it for constructing web applications. In the case of geolocation, readers are stepped through the process of building a simple web app that detects the user's current position, displays it on a Google map, and tracks any changes in the position. The next chapter shows how to make one's code work with web services, using the JavaScript communication APIs, and why JSONP bypasses the problems with XMLHttpRequest requests being blocked for security reasons by the JavaScript same-origin policy. The presentation is solid, except for the claim on page 257 that the callback receives an object, when actually it receives an array of objects. Chapter 7 explicates the new canvas element, which offers capabilities encroaching upon the realm of Adobe's Flash. The next chapter, titled "Video," is a logical continuation of the discussion on the canvas element, because the latter allows one to do a lot more with the video API. The authors demonstrate how to do that, after discussing the different video formats and techniques for writing robust HTML to accommodate as many brands and versions of browsers as possible.

HTML5 has taken the venerable browser cookie, and extended its storage capacity tremendously, in the form of the local storage API (a.k.a. "Web Storage"), which is addressed in the penultimate chapter. Sadly, no troubleshooting information is provided in case the reader finds that the example code does not work in Firefox, even when using a web server (i.e., "http://" instead of "file://") — and instead fails quietly with an error message "localStorage is null" in the JavaScript error console. (For those who are interested, one source of the problem is when the Firefox configuration preference "dom.storage.enabled" has somehow been set to "false.") The tenth and final chapter, "Web Workers," shows how to utilize multithreading in JavaScript code to improve its performance, when possible. Readers using Firefox 8.0 (the latest version as of this writing) will likely find that the example code does not work on a localhost, throwing a "Could not get domain" error message, as a result of a known bug. The appendix briefly covers ten additional topics not discussed in the chapters, including Modernizr, the audio element, jQuery, XHTML, SVG, and more.

With a book this size, it is inevitable that it will contain various blemishes. Some of them are a result of the book production process: In the text, JavaScript tokens are not distinguished from English words in any manner (such as a monospace font or bolding), which can trip up the reader. On some of the two-page spreads, the portions of the images and arrows get lost in the book's gutter. In the many illustrations involving one or more persons saying something, their statements are shown in thought bubbles, which is mildly but invariably disconcerting. Other flaws are results of the writing and/or editing: Commas are oftentimes used where semicolons or periods were called for, or just missing altogether — especially in the mock interviews. Sometimes the conversational style — characteristic of the Head First series — becomes a bit too casual, and in some places the authors are trying too hard, such as the repeated use of "skool."

The example code is generally of good quality, but not always consistent; for instance, is employed in some places, but elsewhere — leaving the reader to wonder why. Also, there's at least one case of (incorrect) curly quotes in the code (page 454). It is helpful to have the example code available for download, although it would have been decidedly better had the root directory of the archive file contain an index.html pointing to all of the included apps, so readers could bookmark that single starting point, rather than having to modify their browser's URL each time. In addition, it is oftentimes not obvious as to which chapter subdirectory corresponds to any given location in the book.

However, the main problem with this book is the sloppy editing, evidenced by the notably high number of errata: "pin point" (page xiv), "test editor" (xxii; should read "text editor"), "iPhone" (xxv; should read "HTML5" or something similar), "folks that" (xxxi; should read "folks who"), "get [a] sense" (1), "on the page 2" (3), "can you get a long way" (21), "assign it [the] empty" (26), "you can also thrown in" (40), "its got" (46), "Your job is the act like" (57), "lets concentrate" (58), "get [the] length" (68), "Go ahead an open up" (90), "What you can" (129; should read "What can you"), "a object" (142), "an new object" (147), "to to" (158), "you [are] saying" (158), "users location" (166), "south" (167), "three properties" (177; should read "four properties"), "google" (186), "including [the] last two methods" (192), "give it a try it" (218), "will use" (220; should read "we'll use"), "take a 90 milliseconds" (221), "the this code" (249), "with out with" (268), "HTML =" (271; should read "HTML5 ="), and "an drawable region" (285). These are just the errata found in the first half of the book. Fortunately, they are in the narrative, and not the example code, which would have had a much more negative impact upon the reader.

This book is definitely an introductory tutorial, and by no means a reference. Not all of the new HTML5 elements are covered, nor is CSS3 provided full coverage. The repetition of concepts may aggravate experienced or impatient programmers: For people with some experience with these technologies, and for people who readily glean information from technical books upon first exposure to the given concept, the frequent repetition in this book would border on tiresome, if it weren't presented so pleasantly, oftentimes with humor. On the other hand, the Head First books are predicated on the approach of presenting information in different formats, to maximize learning. Any newbie should appreciate this volume's clear explanations, even if they are presented multiple times, but differently. Also, there is plenty of testing of one's knowledge, to reinforce what has been learned.

Head First HTML5 Programming is an entertaining yet instructive and compelling tutorial on how beginners can learn to use many of the advanced new techniques in HTML, CSS, and JavaScript.

Michael J. Ross is a freelance web developer and writer.

You can purchase Head First HTML5 Programming from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products. Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws. Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely. With that The CERT Oracle Secure Coding Standard for Javais an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits." Read on for the rest of Ben's review. The CERT Oracle Secure Coding Standard for Java author Fred Long, Dhruv Mohindra, Robert Seacord, Dean Sutherland, David Svoboda pages 744 publisher Addison-Wesley Professional rating 10/10 reviewer Ben Rothke ISBN 0321803957 summary Definitive guide on the topic The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.

The first 100 pages of the book are available here. After reading it, you will be likely to want to see the next 650 pages.

This book provides a set of guidelines for secure programming in Java SE 6 and 7 environments. It is primarily targeted at software developers and computer security practitioners. While Java is inherently designed to be relatively secure as compared with other languages, it requires the developer to understand the security controls and language features thoroughly before he can implement them correctly. The book illustrates insecure coding practices and suggests corresponding safe alternatives to enable a developer to have an optimal blueprint.

Software developers are constantly under pressure to accommodate feature requests and have to strike a fine balance between enhancing delivery excellence and releasing a software product in consonance with deadlines. At the same time they routinely tackle technical challenges and often document their experience for the benefit of others. This book is one such effort, in that, several programmers and reviewers have contributed the contents. It encourages a developer to think beyond programming logic and enables him to produce clear, concise, maintainable and secure code – a mandatory requirement for today's dynamic software industry which is plagued by a spectrum of security threats and attrition's.

This book isn't for a Java beginner. The introductory chapter expects an intermediate or seasoned Java professional to identify the gamut of security vulnerabilities that frequently manifest in code and design. The chapter briefly explains injections attacks, unintended information disclosure, denial of service and issues involving concurrency and class loaders. Summary tables have been provided to assist the reader to easily locate representative secure coding rules for each category.

The examples presented primarily encompass the lang and util libraries of Java SE and also cover collections, concurrency, logging, management, reflection, regex, zip, I/O, JMX, JNI, math, serialization and JAXP libraries. No particular Java platform or technology has been favored; the set of rules is generic and independent of whether a mobile, enterprise, desktop or web application is being developed.

Notably, the layout enables the practitioner to pick up any chapter or rule at random without requiring him to read the preceding pages. Each rule has a short description of a unique problem and one or more non-compliant and compliant code examples. Risk assessment and references to other coding standards along with bibliography are also provided.

Unfortunately, the suggested tips for automatic detection of described problems aren't very practical because no automated bug detection tools have been vetted. Some rules also have a related vulnerabilities section that preys on weaknesses in commonplace software in context of the described problem.

Chapter 2 focuses on input validation and data sanitization. It highlights attacks such as SQL, XML, and OS injection and XML External Entity (XXE) and suggests corresponding mitigation techniques. It mentions but doesn't elaborate on web-based attacks such as cross-site scripting and CSRF, to avoid being too domain specific. The chapter advises developers to normalize strings, canonicalize and validate path names, refrain from logging unsanitized input, use appropriate internationalization and globalization APIs, avoid string encoding misgivings and other issues.

Chapters 3, 4 and 5 deal with declarations and class initialization, expressions, and numeric operations respectively. Dangers of auto-boxing, side-effects in assertions, integer overflow, and vagaries of floating point arithmetic are discussed at length.

The examples are short, to the point and intellectually challenging for the advanced reader. For example, one rule – don't use denormalized numbers dissects a vulnerability in Java 1.6 and earlier that allows an attacker to perform a denial of service attack by sending a crafted input to the JVM.

The book devotes a chapter to object-oriented programming and stresses on limiting extensibility of classes, encapsulating data, ensuring that code refactoring doesn't result in broken class hierarchies, using generics for fun and profit and so on.

Another chapter discusses Java methods, for example, one rule suggests that subclasses mustn't increase the accessibility of an overridden method. There is some useful information about using methods of Object class properly. This information is standard advice that can also be found in other books. This book offers all that and more. For example, one rule documents a convincing and exhaustive list of reasons why you shouldn't use finalizers.

The book also highlights misconstrued exception handling practices through examples akin to the shortcuts programmers invent, to save themselves from the trouble of having to handle exceptions. It explains why doing that can be insidious. Information disclosure arising from ill-conceived exception handling strategies is also discussed. Some may disagree with the advice on the pretext that exception handling when done the right way leads to unreadable code, however, the features presented from Java 7 convincingly offer a middle path. Further, when compliance with a certain rule is believed to be challenging and costly, the standard allows documented deviations and even lists valid exceptions for each rule.

Chapters 9, 10, 11, 12 and 13 are reserved for concurrency related issues. There are more than 30 rules in these chapters; the set could qualify as a handbook of concurrency issues and solutions. At a high level, the chapters cover visibility and atomicity, locking, thread class APIs, thread pools and thread safety in multi-threaded Java programs. The chapters don't assume that the reader has any familiarity with multi-threaded programming.

The next few chapters highlight input-output (I/O) risks such as working with shared directories, using files securely, closing resource handles properly, serialization and more. The book doesn't assume that the reader has a sophisticated background in serialization and builds from the basics. It cites examples of vulnerabilities that necessitate understanding the role of serialization.

A chapter on platform security follows, and is meant for advanced Java users. This chapter leads to another on runtime environment that cautions against signing code, granting permissions frivolously and permitting insecure deployment configurations. The final chapter captures miscellaneous rules that forbid hardcoding sensitive information, leaking memory, generating weak random numbers and writing insecure singletons among other topics.

Many other leading security standards delineate high-level measures that must be taken to ensure compliance but most fall short of prescribing the exact recipe to get there. This book fills that gap by approaching security from the ground-zero level upwards. However, it doesn't clearly specify to what extent the rules will help organizations meet the compliance goals proposed by other security standards. All the same, the eighteen crisp chapters of this book undeniably have the potential to help the software developer win the battle against software insecurity on his own terms.

For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Javais a very useful resource that no programmer should be without.

Ben Rothkeis the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The CERT Oracle Secure Coding Standard for Java from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "It has been a decade since Oracle started their unbreakable campaign touting the security robustness of their products. Aside from the fact that unbreakable only refers to the enterprise kernel; Oracle still can have significant security flaws. Even though Java supports very strong security controls including JAAS (Java Authentication and Authorization Services), it still requires a significant effort to code Java securely. With that The CERT Oracle Secure Coding Standard for Javais an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits." Read on for the rest of Ben's review. The CERT Oracle Secure Coding Standard for Java author Fred Long, Dhruv Mohindra, Robert Seacord, Dean Sutherland, David Svoboda pages 744 publisher Addison-Wesley Professional rating 10/10 reviewer Ben Rothke ISBN 0321803957 summary Definitive guide on the topic The book is from CERT, and like other CERT books, provides both the depth and breadth necessary to gain mastery on the topic.

The first 100 pages of the book are available here. After reading it, you will be likely to want to see the next 650 pages.

This book provides a set of guidelines for secure programming in Java SE 6 and 7 environments. It is primarily targeted at software developers and computer security practitioners. While Java is inherently designed to be relatively secure as compared with other languages, it requires the developer to understand the security controls and language features thoroughly before he can implement them correctly. The book illustrates insecure coding practices and suggests corresponding safe alternatives to enable a developer to have an optimal blueprint.

Software developers are constantly under pressure to accommodate feature requests and have to strike a fine balance between enhancing delivery excellence and releasing a software product in consonance with deadlines. At the same time they routinely tackle technical challenges and often document their experience for the benefit of others. This book is one such effort, in that, several programmers and reviewers have contributed the contents. It encourages a developer to think beyond programming logic and enables him to produce clear, concise, maintainable and secure code – a mandatory requirement for today's dynamic software industry which is plagued by a spectrum of security threats and attrition's.

This book isn't for a Java beginner. The introductory chapter expects an intermediate or seasoned Java professional to identify the gamut of security vulnerabilities that frequently manifest in code and design. The chapter briefly explains injections attacks, unintended information disclosure, denial of service and issues involving concurrency and class loaders. Summary tables have been provided to assist the reader to easily locate representative secure coding rules for each category.

The examples presented primarily encompass the lang and util libraries of Java SE and also cover collections, concurrency, logging, management, reflection, regex, zip, I/O, JMX, JNI, math, serialization and JAXP libraries. No particular Java platform or technology has been favored; the set of rules is generic and independent of whether a mobile, enterprise, desktop or web application is being developed.

Notably, the layout enables the practitioner to pick up any chapter or rule at random without requiring him to read the preceding pages. Each rule has a short description of a unique problem and one or more non-compliant and compliant code examples. Risk assessment and references to other coding standards along with bibliography are also provided.

Unfortunately, the suggested tips for automatic detection of described problems aren't very practical because no automated bug detection tools have been vetted. Some rules also have a related vulnerabilities section that preys on weaknesses in commonplace software in context of the described problem.

Chapter 2 focuses on input validation and data sanitization. It highlights attacks such as SQL, XML, and OS injection and XML External Entity (XXE) and suggests corresponding mitigation techniques. It mentions but doesn't elaborate on web-based attacks such as cross-site scripting and CSRF, to avoid being too domain specific. The chapter advises developers to normalize strings, canonicalize and validate path names, refrain from logging unsanitized input, use appropriate internationalization and globalization APIs, avoid string encoding misgivings and other issues.

Chapters 3, 4 and 5 deal with declarations and class initialization, expressions, and numeric operations respectively. Dangers of auto-boxing, side-effects in assertions, integer overflow, and vagaries of floating point arithmetic are discussed at length.

The examples are short, to the point and intellectually challenging for the advanced reader. For example, one rule – don't use denormalized numbers dissects a vulnerability in Java 1.6 and earlier that allows an attacker to perform a denial of service attack by sending a crafted input to the JVM.

The book devotes a chapter to object-oriented programming and stresses on limiting extensibility of classes, encapsulating data, ensuring that code refactoring doesn't result in broken class hierarchies, using generics for fun and profit and so on.

Another chapter discusses Java methods, for example, one rule suggests that subclasses mustn't increase the accessibility of an overridden method. There is some useful information about using methods of Object class properly. This information is standard advice that can also be found in other books. This book offers all that and more. For example, one rule documents a convincing and exhaustive list of reasons why you shouldn't use finalizers.

The book also highlights misconstrued exception handling practices through examples akin to the shortcuts programmers invent, to save themselves from the trouble of having to handle exceptions. It explains why doing that can be insidious. Information disclosure arising from ill-conceived exception handling strategies is also discussed. Some may disagree with the advice on the pretext that exception handling when done the right way leads to unreadable code, however, the features presented from Java 7 convincingly offer a middle path. Further, when compliance with a certain rule is believed to be challenging and costly, the standard allows documented deviations and even lists valid exceptions for each rule.

Chapters 9, 10, 11, 12 and 13 are reserved for concurrency related issues. There are more than 30 rules in these chapters; the set could qualify as a handbook of concurrency issues and solutions. At a high level, the chapters cover visibility and atomicity, locking, thread class APIs, thread pools and thread safety in multi-threaded Java programs. The chapters don't assume that the reader has any familiarity with multi-threaded programming.

The next few chapters highlight input-output (I/O) risks such as working with shared directories, using files securely, closing resource handles properly, serialization and more. The book doesn't assume that the reader has a sophisticated background in serialization and builds from the basics. It cites examples of vulnerabilities that necessitate understanding the role of serialization.

A chapter on platform security follows, and is meant for advanced Java users. This chapter leads to another on runtime environment that cautions against signing code, granting permissions frivolously and permitting insecure deployment configurations. The final chapter captures miscellaneous rules that forbid hardcoding sensitive information, leaking memory, generating weak random numbers and writing insecure singletons among other topics.

Many other leading security standards delineate high-level measures that must be taken to ensure compliance but most fall short of prescribing the exact recipe to get there. This book fills that gap by approaching security from the ground-zero level upwards. However, it doesn't clearly specify to what extent the rules will help organizations meet the compliance goals proposed by other security standards. All the same, the eighteen crisp chapters of this book undeniably have the potential to help the software developer win the battle against software insecurity on his own terms.

For those using Java on Oracle and hoping to build secure applications, The CERT Oracle Secure Coding Standard for Javais a very useful resource that no programmer should be without.

Ben Rothkeis the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The CERT Oracle Secure Coding Standard for Java from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

MackieChan writes with a piece of news that slipped past earlier this month: "Barnes & Noble receives a lot of credit from the Slashdot community for standing up to Microsoft and for allowing the Nook to be so easy to root, but perhaps Amazon releasing the source code to the Kindle will help it gain back supporters it lost after remotely removing ebooks."

Michael J. Ross writes "With more people accessing the Internet using mobile devices than computers, web designers and developers are challenged to make sites that work well on both categories of hardware — or resign themselves to the greater costs and other disadvantages of maintaining two versions of each web site (a mobile-ready version as well as one for much larger screens). Fortunately, recent advances in web technologies are making it easier to build web pages whose contents and their positioning are automatically modified to match the available screen space of the individual user. These techniques are explored in detail in a recent book, Responsive Web Design, written by Ethan Marcotte, a veteran web designer and developer." Keep reading for the rest of Michael's review. Responsive Web Design author Ethan Marcotte pages 143 pages publisher A Book Apart rating 9/10 reviewer Michael J. Ross ISBN 978-0984442577 summary A pithy tutorial on responsive web design. This title was published on 7 June 2011, under the ISBN 978-0984442577, by A Book Apart, as the fourth in their series of "brief books for people who make web sites." On the publisher's page, visitors will find brief descriptions of the book and its author, links to purchase the print and e-book versions (or the two combined, at a substantial discount), and three promotional blurbs also used on the back cover of the print version. The e-book package consists of six files: the book in EPUB, MOBI, and PDF formats; an EPUB document on responsive design for video; a letter from Jeffrey Zeldman (the book's publisher), Jason Santa Maria (its designer), and Mandy Brown (its editor); and the previous five files zipped into an archive. This book is also available in French, perhaps reflecting the publisher's greater awareness of internationalization relative to mainstream technical publishing houses.

Readers of the print version will likely be first struck by its diminutive size — just 143 pages. In fact, the book is so slender that only half of the spine title actually fits on the spine. (It's either a bold design statement against conventional publishing practices, or an even bolder typographical error committed inexplicably by a well-regarded design firm.) Flipping through the glossy pages, readers will also notice the judicious use of text color to indicate HTML and CSS code, and highlighted fragments therein. Even more visually impressive are the full-color screen shots and other figures. The book begins with the previously mentioned letter, as well as a short yet delightful foreword by Jeremy Keith; it ends with the author's acknowledgments, suggested resources, references by chapter, and a suspiciously brief index, not much longer than the author bio that follows it.

The bulk of the information is organized into five chapters — the first of which, "Our Responsive Web," presents a high-level rationale for architecting web sites that can be maximally useful on a wide range of devices, with screen sizes ranging from the smallest found on smartphones, up to widescreen TVs attached to web-enabled game consoles. Throughout the book, to illustrate the principles of responsive design, the author utilizes a fictional example web site, "Robot or Not", designed to assist users in identifying robots masquerading as humans (which would have been helpful to the crew of the spaceship Nostromo!). This short chapter is essentially just an introduction.

The author gets down to business in the second chapter, titled "The Flexible Grid," which demonstrates how grid-based layouts can be used to more easily position page elements for greater visual consistency. He goes into detail in showing how such layouts can be made flexible, with font sizes specified in character widths and positioning specified in proportions of containing elements. Experienced designers will probably not encounter any new concepts in this material. These techniques are extended in the subsequent chapter, "Flexible Images," which explains how to use percentages when working with images (both markup and CSS) and other media types — including workarounds for the browser most despised by web designers, Internet Explorer.

Media queries, introduced to the world in CSS2, are now a key technology in responsive design, and are discussed in Chapter 4, which forms the core of the book. The author shows how to use them to cause the browser to apply CSS rules selectively based upon such factors as the width of the browser viewport. All of the narrative is clear, except for the statement on page 66 that the example web site's logo is "scaled down to a nearly microscopic size" in Figure 4.2, when in fact it appears unchanged. Readers may wonder why — after noting that mobile devices do not consistently use "handheld" or "screen" as their media types — the author does not explain why the recommended media queries use "@media screen," and not "@media all" to be more encompassing. Nonetheless, the discussion of media query techniques is instructive. It continues with a look at how to use them in older browsers, using JavaScript libraries, css3-mediaqueries-js and Respond.js. Lastly, the author shows how incorporating some fixed widths into a flexible design may be an optimal approach.

The fifth and final chapter, "Becoming Responsive," discusses real world implications of responsive design. The author counters an interesting contention: web sites on mobile devices should not simply be the desktop content scaled down to a smaller screen, but instead should offer different content, more appropriate for the individual on the go. He then touches on the topic of designing sites first for mobile, rather than the traditional approach of trying to shoehorn a full-size site onto a small screen. The bulk of the chapter is devoted to presenting a workflow employed by the author in creating actual client sites. It concludes with a demonstration of how to add a slideshow using a jQuery plug-in and some custom code, so it abides by the principles of progressive enhancement.

In terms of the physical book, the quality is top-notch, and the full-color images are quite compelling. Sadly, each figure tends to bleed through to the other side of its page, but fortunately not enough to inhibit reading the text on the other side, or appreciating any of the images. The e-books are also quite readable — probably more so compared to the electronic versions of other programming books, given the smaller line lengths.

In terms of the narrative, Ethan Marcotte has a somewhat goofy writing style, replete with nerdy side comments and jokes, which some readers may regard as padding, particularly in those sections where they are quite numerous. The same may be said for the hyperbole in some spots, such as "Marvelous. Wonderful. Stupendous, even." (page 33). On the other hand, many readers may enjoy the lighthearted style, especially those jokes that work well. More importantly, the explanations are generally comprehensible and thorough. I was able to find only one erratum ("or a maybe an animation," on page 119), and the only grammatical error was the frequent use of the term "that" to refer to people, instead of "who." Otherwise, there were no glitches in the writing, and most techies will find this book a fairly quick read.

From a higher-level perspective, one sometimes hears an objection raised against web design/development books such as this one — namely: all of the book's information is freely available in articles, blog posts, forums, IRC channels, and other resources for programmers. So why purchase a static book whose author probably started writing it months if not years in the past? Such technical information is scattered among numerous websites, thereby forcing us to spend time searching around, and in many cases skipping over redundant material. Also, the advice tends to vary in quality, and hence we must distinguish what information is out of date or simply invalid. Likely every experienced developer has been tempted by an article titled such that it sounded as though it would contain the exact solution to the problem at hand — only to discover that the title was quite misleading, or the people contributing to the comments were equally befuddled (and frustrated). Technical books geared toward the working professional can obviate these problems, because they bring together most of the information known by the industry, into a cohesive whole, that is then vetted by technical reviewers and editors. In the case of this monograph, Ethan Marcotte's well-regarded seminal article, in conjunction with the other most popular articles on responsive web design, would still not be a sufficient substitute for this resource.

For web designers and developers alike, Ethan Marcotte's book is a neatly-crafted and authoritative single-source tutorial on how to build responsive web sites that will likely prove robust on a wide range of platforms.

Michael J. Ross is a freelance web developer and writer.

You can purchase Responsive Web Design from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes:"The book Digital Assassination: Protecting Your Reputation, Brand, or Business Against Online Attacks says businesses that take days to respond to social media issues are way behind the curve. Social media operates in real-time, and responses need to be almost as quick. In a valuable new book on the topic, Securing the Clicks Network Security in the Age of Social Media, Gary Bahadur, Jason Inasi and Alex de Carvalho provide the reader with a comprehensive overview on how not to be a victim of social media based security problems." Read on for the rest of Ben's review. Securing the Clicks Network Security in the Age of Social Media author Gary Bahadur, Jason Inasi and Alex de Carvalho pages 368 publisher McGraw-Hill Osborne Media rating 9/10 reviewer Ben Rothke ISBN 0071769056 summary Definitive guide around social network security Social media is now mainstream in corporate America, and even though it is hot, the security and privacy issues around it are even hotter. In the past, many firms simply said no to social media at the corporate level. But as Natalie Petouhoff of Weber Shandwick has observed, that will no longer work, as "social media isn't a choice anymore; it's a business transformation tool".

The main security and privacy issue around social media is that users will share huge amounts of highly confidential personal and business information with people they perceive to be legitimate. Besides that, issues such as malware, vulnerabilities (cross site scripting, cross site request forgery, etc.), corporate espionage, phishing, spear phishing and more; are just a few of the many security risks around social media that need to be taken into consideration.

In the book, the authors detail a framework for analyzing the corporate threats that arise from social media. The book uses the H.U.M.O.R methodology (Human resources, Utilization of resources and assets, Monetary considerations, Operations management, Reputation management) a matrix that outlines a systematic approach for developing the necessary security plans, policies and processes to mitigate social media risks.

At 325 pages, the books 5 parts and 18 chapters provide the reader with a comprehensive overview of all of the critical areas around social media secure, that can be used to safeguard its assets and digital rights, in addition to defending their reputation from social network-based attacks. The book covers all of the core topic areas, from assessing social media security, to monitoring in the social media landscape, threat assessments, reputation management: strategy and collaboration and more; the authors provide the reader with an enlightening overview of all of the core areas.

In chapter 1 the authors astutely note that no company today is immune to the many threats posted by a single individual, let alone a socially engaged and networked population. No firm should engage in social media before they fully understand the security and privacy risks that are being introduced. This book not only effectually does that; it also provides an all-inclusive framework around social media security.

As to the notion of the inherent security risks around social media, this was recently proven when Chris Hadnagy (author of Social Engineering: The Art of Human Hacking) and James O'Gorman detailed in their Social Engineering Capture the Flag results from Defcon 19 observed that information leakage via social media is a difficult problem to solve due to how it is used and the frequency it is used in today's society. Having access to social media from computers and cell phones means that people can update their accounts instantaneously, from anywhere. The ease of which an employee can share data can contribute heavily to information leakage.

Chapter 4 on threat assessments provides an exhaustive list of the different types of attackers and threat vectors that need to be considered when using social media. The attacks in the social media space are often different from typical IT attackers. As to threat vectors, there are a number of different vectors, both internal and external that can impact an organization. The chapter lists those vectors and details them.

Chapter 9 – monetary considerations – strategy and collaboration– is a fascinating chapter in that it notes that in many firms, IT security budgets have not yet clearly defined the line item for social media security. In addition, trying to retrofit the IT security budget by assuming that tools already purchased for data loss prevention will also cover social media security concerns will likely be inadequate.

Chapter 11 deals with reputation management – which has the goal to build and protect a positive Internet-based reputation, and not let it get subterfuge via social media. This is a significant issue as the risk to a firm's reputation is significant and growing with the increased use of social networks.

One very helpful feature of the book that effectively brings home the message is numerous real-world case studies in every chapter. One fascinating example in chapter 13 is about the Cooks Source infringement controversy and the nature of how notto respond to a social media issue.

The book also lists numerous amounts of tools. Chapter 13 has a comprehensive list of monitoring tools and the appendix has a list of nearly 100 tools for activity tracking, analytics, geolocation, plagiarism checking and more. These lists are extremely helpful, and the reader can start using many of these tools to get an initial pulse on the level of security around how their firm uses social media.

Chapter 14 provides excellent guidance on how to execute social media security on a limited budget. The authors suggest the use of free or inexpensive software and other resources that can be used to help a company monitor the impact of their social media infrastructure. The chapter also details how social media security can be executed on a bugger budget, via the use of more sophisticated tools that can be used to secure manage the data flows within an organization.

It will not be long until Facebook has its 1 billionth user. Given that a New York court recently referred to a user's reasonable expectation of privacy on sites like Facebook and MySpace as wishful thinking, the importance of Securing the Clicks Network Security in the Age of Social Media can't be overemphasized.

For those firms that are looking to securely use social media, and not get abused by it, this book should be required reading.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Securing the Clicks Network Security in the Age of Social Media from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes:"The book Digital Assassination: Protecting Your Reputation, Brand, or Business Against Online Attacks says businesses that take days to respond to social media issues are way behind the curve. Social media operates in real-time, and responses need to be almost as quick. In a valuable new book on the topic, Securing the Clicks Network Security in the Age of Social Media, Gary Bahadur, Jason Inasi and Alex de Carvalho provide the reader with a comprehensive overview on how not to be a victim of social media based security problems." Read on for the rest of Ben's review. Securing the Clicks Network Security in the Age of Social Media author Gary Bahadur, Jason Inasi and Alex de Carvalho pages 368 publisher McGraw-Hill Osborne Media rating 9/10 reviewer Ben Rothke ISBN 0071769056 summary Definitive guide around social network security Social media is now mainstream in corporate America, and even though it is hot, the security and privacy issues around it are even hotter. In the past, many firms simply said no to social media at the corporate level. But as Natalie Petouhoff of Weber Shandwick has observed, that will no longer work, as "social media isn't a choice anymore; it's a business transformation tool".

The main security and privacy issue around social media is that users will share huge amounts of highly confidential personal and business information with people they perceive to be legitimate. Besides that, issues such as malware, vulnerabilities (cross site scripting, cross site request forgery, etc.), corporate espionage, phishing, spear phishing and more; are just a few of the many security risks around social media that need to be taken into consideration.

In the book, the authors detail a framework for analyzing the corporate threats that arise from social media. The book uses the H.U.M.O.R methodology (Human resources, Utilization of resources and assets, Monetary considerations, Operations management, Reputation management) a matrix that outlines a systematic approach for developing the necessary security plans, policies and processes to mitigate social media risks.

At 325 pages, the books 5 parts and 18 chapters provide the reader with a comprehensive overview of all of the critical areas around social media secure, that can be used to safeguard its assets and digital rights, in addition to defending their reputation from social network-based attacks. The book covers all of the core topic areas, from assessing social media security, to monitoring in the social media landscape, threat assessments, reputation management: strategy and collaboration and more; the authors provide the reader with an enlightening overview of all of the core areas.

In chapter 1 the authors astutely note that no company today is immune to the many threats posted by a single individual, let alone a socially engaged and networked population. No firm should engage in social media before they fully understand the security and privacy risks that are being introduced. This book not only effectually does that; it also provides an all-inclusive framework around social media security.

As to the notion of the inherent security risks around social media, this was recently proven when Chris Hadnagy (author of Social Engineering: The Art of Human Hacking) and James O'Gorman detailed in their Social Engineering Capture the Flag results from Defcon 19 observed that information leakage via social media is a difficult problem to solve due to how it is used and the frequency it is used in today's society. Having access to social media from computers and cell phones means that people can update their accounts instantaneously, from anywhere. The ease of which an employee can share data can contribute heavily to information leakage.

Chapter 4 on threat assessments provides an exhaustive list of the different types of attackers and threat vectors that need to be considered when using social media. The attacks in the social media space are often different from typical IT attackers. As to threat vectors, there are a number of different vectors, both internal and external that can impact an organization. The chapter lists those vectors and details them.

Chapter 9 – monetary considerations – strategy and collaboration– is a fascinating chapter in that it notes that in many firms, IT security budgets have not yet clearly defined the line item for social media security. In addition, trying to retrofit the IT security budget by assuming that tools already purchased for data loss prevention will also cover social media security concerns will likely be inadequate.

Chapter 11 deals with reputation management – which has the goal to build and protect a positive Internet-based reputation, and not let it get subterfuge via social media. This is a significant issue as the risk to a firm's reputation is significant and growing with the increased use of social networks.

One very helpful feature of the book that effectively brings home the message is numerous real-world case studies in every chapter. One fascinating example in chapter 13 is about the Cooks Source infringement controversy and the nature of how notto respond to a social media issue.

The book also lists numerous amounts of tools. Chapter 13 has a comprehensive list of monitoring tools and the appendix has a list of nearly 100 tools for activity tracking, analytics, geolocation, plagiarism checking and more. These lists are extremely helpful, and the reader can start using many of these tools to get an initial pulse on the level of security around how their firm uses social media.

Chapter 14 provides excellent guidance on how to execute social media security on a limited budget. The authors suggest the use of free or inexpensive software and other resources that can be used to help a company monitor the impact of their social media infrastructure. The chapter also details how social media security can be executed on a bugger budget, via the use of more sophisticated tools that can be used to secure manage the data flows within an organization.

It will not be long until Facebook has its 1 billionth user. Given that a New York court recently referred to a user's reasonable expectation of privacy on sites like Facebook and MySpace as wishful thinking, the importance of Securing the Clicks Network Security in the Age of Social Media can't be overemphasized.

For those firms that are looking to securely use social media, and not get abused by it, this book should be required reading.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Securing the Clicks Network Security in the Age of Social Media from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

rsk writes "Amazon Web Services' Elastic Load Balancer is a dynamic load-balancer managed by Amazon. Load balancers regularly swapped around with each other which can lead to surprising results; like getting millions of requests meant for a different AWS customer. Using ELBs can result in AWS unintentionally introducing a man-in-the-middle (attack) into your application environment. Most AWS users do not realize this can happen and have not secured against it."

rsk writes "Amazon Web Services' Elastic Load Balancer is a dynamic load-balancer managed by Amazon. Load balancers regularly swapped around with each other which can lead to surprising results; like getting millions of requests meant for a different AWS customer. Using ELBs can result in AWS unintentionally introducing a man-in-the-middle (attack) into your application environment. Most AWS users do not realize this can happen and have not secured against it."

rsk writes "Amazon Web Services' Elastic Load Balancer is a dynamic load-balancer managed by Amazon. Load balancers regularly swapped around with each other which can lead to surprising results; like getting millions of requests meant for a different AWS customer. Using ELBs can result in AWS unintentionally introducing a man-in-the-middle (attack) into your application environment. Most AWS users do not realize this can happen and have not secured against it."

Michael J. Ross writes "If you need a theme for a web site based on Drupal 7, then you have a few options for obtaining one. You could go with an existing theme, but the current crop of prebuilt themes is even more limited for Drupal 7 than its predecessor. You could hire a dedicated Drupal themer to create one for you. Or, to avoid the expense, you could try to build your own. In that case, you will need to get up to speed on the changes in the Drupal presentation layer. Unfortunately, most of the Drupal 7 books devote only one or two chapters to the topic. Several Drupal training firms offer video instruction, but the bulk of their material is still geared to version 6, or even 5. The online documentation is of little help. Yet there is a book that is wholly dedicated to the topic: Drupal 7 Themes, authored by Ric Shreves." Read on for the rest of Michael's review. Drupal 7 Themes author Ric Shreves pages 320 pages publisher Packt Publishing rating 7/10 reviewer Michael J. Ross ISBN 978-1849512763 summary A guide on how to work with and create themes in Drupal 7. This title was released by Packt Publishing on 24 May 2011, under the ISBN 978-1849512763. This review is based on a print version of the book, kindly provided by the publisher. An e-book version — in both the PDF and Mobipocket formats — is available from the publisher's page. Visitors will also find a book description, the table of contents, a sample chapter (the seventh one, "Dynamic Theming"), and, elsewhere on their site, the reported errata (only one at this time). None of the example code presented in the book appears to be downloadable — probably because there is little of it. Like so many Packt Publishing titles, this one is relatively slender compared to other publishers' Drupal books, at 320 pages. The material is organized into ten chapters, as well as an extensive appendix occupying a quarter of the book. The preface notes that the only requisite knowledge is "basic experience of working with Drupal," as well as HTML, CSS, and, optionally, some basic knowledge of PHP. This book is a revised and expanded edition of his previous book, Drupal 6 Themes.

The first chapter provides an overview of the basic concepts of Drupal theming, including its purpose, its customization capabilities, the intercept/override paradigm, sub-themes, some online resources, theme engines, theming output, front-end versus admin themes, the default Drupal 7 themes, and theme files. It is a decent introduction, but would likely be more helpful to theming newbies if the basic concepts — such as what themes are — were discussed prior to more advanced topics — such as intercepting and overriding. All of the material is clear, except for the reference on page 21 to "the Add Shortcut icon," which is not identified or apparently even present in the referenced screenshot. Chapter 2 covers the basics of the configuration settings for themes (global and specific), blocks, and regions, as well as how to install and uninstall themes. It can be safely skipped by anyone familiar with administering a Drupal site.

PHPTemplate has become the de facto templating engine in Drupal, and is introduced in the third chapter. The author focuses on the key files that compose a Drupal theme, and for illustrative purposes uses two themes built into Drupal 7: Seven and Bartik. The author of the latter, Jen Simmons, a female web designer, is oddly referenced in the masculine (page 80). The subsequent chapter gets off to a poor start with nine paragraphs that essentially state the same thing, over and over. But it eventually delves into the critical topics of default templates, themeable functions, individual styles, and whole stylesheets, as well as how they can be overridden using custom CSS and PHP code, including template preprocessing functions. The theory is later illustrated with a focused examination of Bartik. It is with this material that the author begins digging into the technical details of how custom Drupal theming is accomplished.

Chapter 5, "Customizing an Existing Theme," demonstrates how to create a sub-theme, in order to leverage the functionality of a base theme. Readers may be confused as to why the author chose to not present his list of recommended base themes, until the next chapter. After all, readers presumably would want to know the optimal candidates for starter themes while first learning how to select and use them. This confusion could have been avoided had the author explained that those are not just base themes, but starter themes. More importantly, the narrative contains a technical error: On page 115, readers are told that "This is a requirement for a valid sub-theme; you need at least one stylesheet." Testing shows that assertion to be untrue; only a .info file is required. Four pages later, readers are told to refresh Drupal's cached registry to see changes to the template files and theme functions, which contradicts the tip on page 94 that such refreshes are only needed when theme functions or templates are added or removed, but not if they are changed. Aside from these blemishes, the material presented is more than adequate to help get readers started with sub-theming.

Some readers will likely be disappointed that the first half of Chapter 6 discusses how to build a theme using a base theme — the previous chapter's topic — except instead of Bartik as the base theme, a more basic starter theme, Fusion, is used. Aside from that, it's the same process, and large chunks of the text are duplicated — even the erroneous claim of a stylesheet being required (page 130). Finally, the reader arrives at the second half of the chapter, which explains how to create a new theme from scratch. Other sections of the book are referenced heavily, which is possible because the first five chapters have set the stage for this topic.

With Chapter 7, the author takes the earlier introductions to theme templates, and explores them in much greater detail, showing how to separately theme specific groups of pages, including a site's homepage, as well as regions, blocks, and specific elements on a page. The author states (page 158) that all the theming baseline variables are documented inside of the page.tpl.php file, but that only seems to be true for the Bartik and Zen themes. Also, the concept of a block delta is not adequately explained or illustrated. Otherwise, this chapter provides more content and less repetition than most of the others. It concludes with a discussion of CSS classes dynamically generated by Drupal.

Traditionally, one of the most problematic areas of web design is the styling of forms — the focus of Chapter 8. The forms that are built into Drupal by default — user, search, poll, and administration — are presented from a functional standpoint. It is then shown how they can be modified using half a dozen techniques, with varying levels of control over the output and the amount of complexity in achieving that control. The next chapter looks more broadly at other difficult aspects of Drupal theming — including cross-browser compatibility, accessibility, validation, theming the output of various core modules, and many more topics. Some of the tips provided could be quite valuable if and when the reader is stymied by one such problem or another. The final chapter, "Useful Extensions for Themers," introduces a number of helpful tools, most of which are contributed modules. The book concludes with a lengthy and detailed appendix that lists the files, paths, and descriptions for all of the theming system-wide functions and mostly the core module-specific templates.

The author's writing style is conversational, with generally comprehensible explanations. But there are a few baffling phrases, such as "displayed in courtesy of a conditional statement" (page 70); and the common phrase "you likely need to" is twisted into "you are likely needed to" (page 119), which actually has a different meaning. All sorts of phrases are set in title case, without reason, such as "Dev Server" (page 111). Something else that may be difficult to fathom, is that the book's code does not reflect the fact that Drupal.org transitioned from CVS to Git for version control, in February 2011, three months before publication of Drupal 7 Themes.

There is a fair amount of redundant information, even on the same page — such as the theme settings instructions, in duplicate on page 36, and partly repeated again on the next page. Each chapter concludes with a summary, which in most cases is of no benefit to the reader, given how short most of the chapters are. Far too much of the text is presented in bracketed and indented warnings and tips. For instance, page 180 has no fewer than four such blocks of text, and they take up most of the page. In fact, there are several places where a paragraph of the main narrative is inexplicably turned into a warning, indented with large brackets (e.g., pages 71 and 95).

Punctuation is another area where this book could be improved. Most computer programmers use far too few commas in their writing, but this book demonstrates the opposite problem in several places, such as twice on page 71. On the other hand, there are places where a comma could have made the narrative more clear upon first reading. Fortunately, this problem is not nearly as prevalent as seen in the preface, which appears to have been written by someone whose first language is not English. As with most books written by techies, this one contains too many exclamation marks — invariably an indication that the author is trying to make a dull subject seem more exciting. Fortunately, most of this is limited to the early material, and dissipates as the author settles into the important topics. Lastly, there are many spots where the wrong punctuation symbol is used, e.g., a comma trying to perform the duties of a semicolon.

Seemingly every Packt title contains a long list of errata, and this one is no exception: "focuses is on" (page 2), "you Drupal 7 site" (2), "Identifying" (2), "access to [a] Drupal 7 installation" (3), "Addition[al] tools" (3), "function [of] Drupal themes" (11), "an as" (24; should read "as an"), "Supports [a] four-column area" (24), "all/ themes" (30), "those global setting[s]" (40), "<none>" (49; should read "- None -"), "jump[ ]start" (56), "a temporary CSS files" (87), "in [the] last style sheet" (89), "go ahead [and] make" (100), "Why it is" (113; should read "Why is it"), "functionbartik_menu_tree" and "functionjeanb_menu_tree" (123; similar mistakes are seen on pages 181, 189, and 195), "be name[d]" (124), "cssto" (130), "the advantages" (147), "is it" (151; should read "it is"), and "different appearance[s]" (153). At this point, roughly halfway through the book, I stopped recording errata. Packt Publishing's copyeditors should have spotted and fixed these problems, as well as those scattered throughout the rest of the manuscript.

Yet the major weakness of this book is the extensive repetition of material — ranging from the paragraph level (one paragraph repeating information from earlier, nearby ones) to the chapter level (e.g., Chapter 6's wholesale copy-and-paste of material from the previous chapter). Also, the book would have been more current if it addressed the critical web design topics of responsive design, media queries, and how they can be employed in Drupal theming. But it is possible that constraints of space and available time for this project, prevented the inclusion of these advanced topics.

Aside from these problems, and those mentioned earlier, this book does a fine job of explaining the key concepts, and demonstrating them in sample code. Drupal 7 Themes is possibly the best available resource for anyone who wants to learn how Drupal themes work, and how to build custom themes.

Michael J. Ross is a freelance web developer and writer.

You can purchase Drupal 7 Themes from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Nate the greatest writes "It looks like Amazon won't be adopting Epub after all. [Thursday] Amazon released some technical details on the new Kindle ebook format, which they are calling Kindle 8. There are a lot of interesting changes to the file, including new formatting and SVG images. The new tags are going to open up a whole lot of new possibilities for making Kindle ebooks."

Nate the greatest writes "It looks like Amazon won't be adopting Epub after all. [Thursday] Amazon released some technical details on the new Kindle ebook format, which they are calling Kindle 8. There are a lot of interesting changes to the file, including new formatting and SVG images. The new tags are going to open up a whole lot of new possibilities for making Kindle ebooks."

eldavojohn writes "The Information: A History, a Theory, a Flood by James Gleick has a rather nebulous title and the subtitle doesn't really help one understand what this book hopes to be about. The extensive citations are welcomed as the author barely scratches the surface of any theory of information. It also cherry picks odd and interesting facets of the history of information but presents them in a chronologically challenged order. This book is, however, a flood and as a result it could best be described as a rambling, romantic love note to Information — eloquently written and at times wondrously inspiring but at the same time imparting very little actual knowledge or tools to the reader. If I were half my age, this book would be the perfect fit for me (just like Chaos was) but knowing all the punchlines and how the story ends ahead of time rather ruined it for me. While wandering through interesting anecdotes, Gleick masks the reader from most of the gory details." Read on for the rest of eldavojohn's review. The Information: A History, a Theory, a Flood author James Gleick pages 544 publisher Pantheon rating 5/10 reviewer eldavojohn ISBN 978-0375423727 summary A wandering well-written historical who's who of Information Theory salted with references to hot topics. The book starts out with an introduction to the hero of The Information: Claude Shannon. It also introduces the hero's sidekick: Alan Turing. Aside from our initial introduction to Shannon's work at Bell Labs and his monumental paper from 1948, the author drops many names — a foreshadowing of what is to come in the book. George Campbell, George Boole, Norbert Wiener, Vannevar Bush, John Archibald Wheeler, Richard Dawkins and many many more. This sets the tone for the rest of the book as each chapter jumps around in time and grabs many quotations and excerpts to provide a gem studded narration by Gleick.

Chapter one provided me a piece of anecdotal information that I had actually never come across. It concerns the talking drums of Africa, an apparently ill-documented form of communication that existed in Africa. Rather, I had heard of the talking drums but never considered it in a context of information theory. It appears to be one of the earliest forms of long distance communication, predating all telegraphs. A drummer in one village would drum out the syllables and nuances in a lengthy sentence and often repeat it a few times. Drummers in distant villages would hear this and try to parse out what the drums were saying. As a result of this, they wouldn't just say 'moon' they would say something like 'the shiny white face that rises in the night' or something lengthier to ensure that the message was interpreted correctly. An ingenuous method of communicating, the chapter oddly never mentions parity bits or error detection, two things I basically equated with the additional words that were redundant. It does, of course, return to our hero Shannon who would later investigate the redundancy in the English language.

The next chapter concerns Walter J. Ong and his work concerning the persistence of information. Gleick discusses the find at Uruk and the subsequent deciphering of the cuneiform tablets. What was interesting about these tablets, however, is that they were inane things like bills and recipes. But when Donald Knuth saw one at a museum, he called what he read 'an algorithm.' The third chapter jumps to 1604 and the publishing of the very first dictionaries. Although amusing, this chapter merely extrapolates how difficult it was for us to codify our language (and still is nigh impossible). At the end Gleick translates this effort to cyberspace and similar problems.

The next chapter introduces Charles Babbage and his difference engine. To keep it interesting, Gleick includes excerpts from Charles Dickens, Edgar Allan Poe, Oliver Wendell Holmes and Lord Byron. And oddly enough there was some mentor relationship between Charles Babbage and Augusta Ada Byron King, Countess of Lovelace. Concerning Babbage, Gleick calls Ada 'first his acolyte and then his muse' for some reason this odd relationship is preserved in The Information. Lady Lovelace had many intuitions into how symbolic logic and algorithms would work in the future but I found much of this chapter to be concerning relationships and excerpts from letters. To give you an example of what I'm talking about, I learned that Ada died many years before Babbage of cancer of the womb and she took laudanum and cannabis to ease the pain. What does this have to do with The Information? You also learn that Babbage told a friend before his death that he would gladly give up whatever time he had left if he could spend three days five centuries in the future. Only one of the many stories of foolishly optimistic hope this book sells to the reader.

The next chapter involves the evolution of the telegraph. And the bulk of it concentrated on a telegraph that was quite unknown to me. The French Telegraph — or rather system of signs from high buildings — that could send messages by signaling from village to village. Aside from being an extrapolation of a binary signal from ages of yore like the lighting of fires on elevated land or smoke signals, I didn't really understand why the politics and problems of these devices were explored so in depth. When we finally get to the electric telegraph, we get some odd (albeit interesting) details about it instead of the theory. From the abbreviation of common sentences down to codewords to the fight of patenting the signaling mechanism, Gleick again avoids any sort of real numerical or even technical analysis of how humans were progressing from one bandwidth level to another. Cost per letter drove some odd advancements like acronyms and the investigation of how words could be encoded into less symbols. It ends with a reference to George Boole and logic as these symbolic representations lead the way for words to be replaced and turned into equations.

The book moves on to Claude Shannon and briefly touches on his work on signal noise. It jumps around to Russell and Whitehead's Principia Mathematica and Gödel's subsequent destruction of any dreams of representing everything with symbols by way of his famous Incompleteness Theorem. It goes on to talk about Weyl, Nyquist, Hartley, etc continuing the veritable who's who while providing very little actual knowledge of their work. Who could mention Gödel without also talking about Nazis? Certainly not Gleick. The politics of the time, the references back to Lovelace and Babbage dominate this chapter leaving very little room for any actual Information Theory. On page 201 you'll find H = n log s. Although you won't find more than a paragraph of explanation nor any extrapolations on that formula. Thsi chapter did yield something interesting — a piece of paper from Shannon's estimates of data storage on a logarithmic scale. While some estimates are close, others are very far off but he was already thinking of DNA as information storage. The anecdotes and quotations from peers of the time are impressively researched and cross referenced but at what cost?

The next chapter concentrates on the enemy: Norbert Wiener from MIT. He comes across as a cigar smoking, condescending, self involved, snobby professor who's primary contribution is a now defunct 'science' once called Cybernetics. He's quick to identify other's works as derivatives as his own and is presented as the antithesis to Claude Shannon who is portrayed as modest, cautious, well spoken. On top of that, not only is Shannon's work not defunct it is the basis of so much of everything that is useful today. Gleick portrays Wiener so negatively I almost wondered if the condescending label 'wiener' was somehow related to Norbert. This chapter delves into conferences once held and the interactions between the participants. While it lead for great humor in Shannon/Wiener interactions, I don't understand why they were relayed to the reader. Shannon's rat and its demonstration resulted in interesting remarks but I don't understand why the reader is given so much insight into these proceedings of Cybernetics when the field turned out to be little more than buzzwords. An interesting note, however, is how some of the members would let the media run away with phrases that the scientist had never actually said. They would do this almost strategically to both validate this new field and provide interest from Universities and funding sources ... but should anyone corner them and ask for clarifications they could always truthfully say that they never said that verbatim. I wonder how often this happens today?

This next chapter on Maxwell's demon and entropy was actually a little enlightening in that it provided a fairly clear discussion of entropy (physics) and entropy (information). In addition to this correlation, it discusses why it's often negentropy or negative entropy. Leo Szilárd's work is discussed as well as this concept that 'information is not free.' Although Maxwell's demon is simply a exercise in physics philosophy, this chapter begins what will be finished later: an English explanation of how information is fundamentally tied to matter and the universe.

Gleick now reaches biological information: DNA. He spends a chapter on the origins of DNA and how contemporaries of information theory approached it upon its inception. Of course Dawkins and Gould had interesting things to say in this chapter but also Hofstadtler and Gamow had perhaps the most interesting things to add. That DNA is essentially a number and that number represents a machine that can replicate and say things about itself. One thing this book does well is build this sort of interesting relationship between information and humans. This chapter takes a stab at establishing that we are all at our cores just information in the universe. As biological beings we are feeding off of negative entropy.

The book takes a bizarre twist now into memes. That's right, chain letters and lolcats. And how they replicate and infect our brain despite being nothing more than information. I found this chapter to be obvious and boring — worthy of complete removal from the text. This interjection is out of place entirely and I'm still scratching my head wondering what merit it had in this book. Since it is such an odd assortment and arrangement of the history of information, this could be skipped by the reader.

The chapter on randomness opens with an individual I've never heard of before: Gregory Chaitin. Gleick seems to imply that Incompleteness and Quantum Physics are somehow tied together by way of Turing's Uncomputability Proof — or so Chaitin (once?) thought. Because they were both related to entropy (the word I guess) and the connection was randomness. I didn't understand why this was in here if not to mislead the reader. What follows are some of the giants work and quotes about randomness and random numbers. While mildly interesting, there's not a whole lot to be gleaned from this chapter. I did appreciate the references to Andrei Nikolaevich Kolmogorov who did some original and even parallel work on information theory behind the iron curtain. Of course the text is rife with political situations and anecdotes (i.e. Kolmogorov's run in with one of Stalin's favorite pseudo-scientists). Oh and what book on information would be complete without G. H. Hardy visiting Srinivasa Ramanujan and remarking on the boring number of his taxi? The oft repeated story of the number 1,729. This anecdote feels out of place but Gleick uses it to probe the reader deeper into what randomness really means. Throw in Bach's Well-Tempered Clavier and I almost wondered if Gleick had re-read Gödel, Escher, Bach before writing this chapter.

The next chapter did actually touch on work that ties information to physics in that very basic sense of information is unable to be destroyed in our universe. The famous Preskill Hawking wager is discussed as well as the thermodynamics of computation and the resulting implications for quantum mechanics. The chapter wanders around to quantum cryptography (feeling a bit out of place) to qubits to RSA to ... well, it all (as it does throughout the book) comes back to Shannon. The chapter does end with an interesting quote from John Wheeler who apparently advocated translating the quantum versions of string theory and Einstein's geometrodynamics 'from the language of the continuum to the language of bit.' Sounds pretty interesting, right? Too bad all you get is the quote.

Was that chapter too technical for you? Don't worry, the text moves back to Wikipedia (shouldn't this have been addressed in the early chapters of dictionaries?) and actually talks about deletionism versus inclusionism and the Wikipedia debates on Pokemon articles. Of course, our old friends Babbage, Turing, Shannon, et al are brought back to somehow comment on this modern encyclopedia with quotes from Gleick like 'The universe is computing its own destiny' (for added drama that sentence is its own paragraph on page 377). Strangely enough there is no reference to Edward Fredkin throughout this book. Gleick jumps to domain name saturation on the internet and hits up 'the cloud' at the very end. I almost marvel at how many bases he can touch in one chapter. The penultimate chapter covers our inundation with news every single day of our lives probably from now to eternity. Unsurprisingly, Gleick conjures up quotes of ages long past (almost to the dark ages) of people complaining of the printing press or telegraph or newspaper or internet ruining their lives by assaulting them with information and news. Turns out 'Information Overload' is not a new concept. A chapter devoted to people complaining about too much information in a book on information seems to be too much credit for them, in my opinion.

The book really fizzles out as it tries to wrap up. Far from finalizing anything, the reader is given the concept of 'the library of babel' alongside the famous six degrees of separation. We are now more interconnected than ever before thanks to ... information!

Luckily this book has almost fifty pages of references to other books that contain far more complete and far more organized thoughts on information. I would not recommend this book to any of my colleagues unless they never went to college and never once picked up another book on Information. That said, I felt it was very well written and will no doubt continue to be sold en masse in bookstores. If anyone else read this book and came away with some very deep and profound understanding of the subject matter, I would love to hear it. Right now, the audience for this book is very small in my mind. It might best be given to a young engineer who has yet to go to college but has the vim and vigor to track down the real sources of The Information.

You can purchase The Information: A History, a Theory, a Flood from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Most computer and web programming books are written entirely by a single author, while the remaining are written by more authors, typically with each one tackling several chapters. The latter approach can suffer from redundant material undetected by editors, and inconsistency in the writing style from one chapter to the next. Yet it offers the significant advantage that the subject matter of each chapter can be presented by an authority on that topic — who can focus on making that explication the best possible, without the burden of completing an entire book. That was one of my first thoughts (and hopes) when hefting the 1112 pages and 4.1 pounds of the Definitive Guide to Drupal 7." Read on for the rest of Michael's review. Definitive Guide to Drupal 7 author A cast of thousands. pages 1112 pages publisher Apress rating 8/10 reviewer Michael J. Ross ISBN 978-1430231356 summary A wide-ranging exploration of the latest version of Drupal. This tome was published on 19 July 2011, under the ISBN 978-1430231356, by Apress (who kindly provided a review copy). As of this writing, it appears to be the longest Drupal book in existence — more than 400 pages longer than the nearest two contenders. Fortunately, no single author ended up in an insane asylum as a consequence of trying to write such an extensive work on his own. Rather, this book is largely due to the efforts of 34 writers in total — more specifically, 30 authors (listed on the front cover, roughly in descending order of how many of the pages they wrote) and four more contributors (added to the list on the title page). This may be a new record in technical book publishing. The entire authorial crew won't be listed here, but it should be mentioned that Benjamin Melançon was the lead author, and contributed to many of the chapters.

The book's material is organized into 38 chapters and nine appendices — all grouped into eight parts: Getting Started, Site Building Foundations, Making Your Life Easier, Front-End Development, Back-End Development, Advanced Site-Building Topics, Drupal Community, and Appendix. The chapter and appendix titles won't be listed here, but can be found on the publisher's book page, which also offers a description of the book, a section for reported errata (none as of this writing), links to purchase the print and electronic versions of the book, and a downloadable archive of the source code. Unfortunately, the code is apparently available only as a Git repository, and thus is inaccessible if you cannot — or do not want to — install Git on your computer. Consequently, it would be more difficult for such a reader to follow along and implement the example code while reading the book.

The authors have created their own website for the book, where visitors can sign up for e-mail notification of updates and free chapters, view a chapter outline (which features some bonus material), see author photos and bios, offer suggested changes for future editions, and learn of reported errata (three, at this time). Throughout the book, readers are told to access that site for additional information related to the chapters' topics; yet there does not appear to be any such information, even after registering a new account and logging in. This will be most disappointing in those cases where the reader is enticed by the promise of valuable information, only to find that it is absent. The authors state (page lv) that there are forums, one per chapter; but those do not yet exist. In general, there seems to be a huge disconnect between that website and the claims made in the book as to what extra material readers will find there.

The book begins with some introductory material, consisting of three mini-chapters: "What's New in Drupal 7" briefly describes some of the terrific improvements over version 6. "How to Use the Book" reassures the prospective reader that the book "does not presume any specific prior curriculum", although this seems inconsistent with the back cover's user level of "Intermediate-Advanced". Also, readers may be perplexed by the claim that the URL path admin/people/permissions/rules will go to admin/help (page lv). The last section, "How Drupal Works", oddly does not explain how Drupal works, but instead discusses some common terms and the typical phases of a website development project.

The first part of the book comprises two chapters, the first of which has the promising title of "Building a Drupal 7 Site", and provides a cursory summary of site planning, wireframing, Drupal installation, the Administration menu, the Shortcut toolbar, color schemes, and modules. The chapter continues with sections on content types, blocks, taxonomy, and other key concepts — all grouped under the chapter head "Allowing People to Register and Log in with OpenID", even though those topics are unrelated to OpenID. All of the chapter's topics are illustrated by stepping the reader through building, from scratch, the beginnings of the Drupal 7 website — namely, one similar to the authors' site mentioned earlier. Unfortunately, some of the instruction in the book does not match the actual website design, e.g., no introductory text (page 20). Readers may be amused by the tip on page 11, which refers to "the remaining 800 pages of the book". Perhaps the remaining 1101 pages can be chalked up to scope creep! The second chapter explains the basics of how to install and use Drush and Git, but not for Windows users. Readers should find the material instructive and consistent, except for the claim that Git is "easy(ish)" even though "getting the hang of Git [is] a lifelong learning process".

The half dozen chapters that compose Part II first introduce some of the most commonly-used Drupal modules, with extensive coverage of Views and later Organic Groups. A couple chapters explain how to keep one's site secure, partly by updating Drupal core and modules. The last chapter continues the development of the example site, using modules presented earlier. All of these chapters' narrative is valuable, although a couple pronouncements are too severe (e.g., "User input is evil", on page 127); but overall the advice is well warranted. Yet the chapter that will most likely aggravate readers is the eighth one. It seems to presume that the reader's test site was not affected by the exercises of the previous chapters, such as the Organic Groups. Secondly, some key information is incorrect, e.g., "Content: Image" (page 159) should be "Content: Headshot". Lastly, the authors refer to items not yet created as though they were, e.g., a "Table of Contents" menu link, an "Outline of Chapters" menu, and a "Twitter" field (pages 162-164). Unfortunately, the effects of all these problems compound, and, combined with the changes in Views since Drupal 7.0, make it increasingly difficult to follow along and implement the instructions.

Part III offers another half dozen chapters, in this case devoted to higher-level, less technical matters — specifically, how to: best participate in the Drupal community, plan and manage a Drupal-based project, craft effective documentation for your sites' end users and support staff, set up a workable Drupal development environment, launch and back up a new website, and stay sane while doing all of this. The information presented is worthwhile, with only a couple peculiarities: Firstly, why is the book organized so that some technical information is presented in the early chapters, as well as later chapters, while a group of "softer" topics are sandwiched in between? Secondly, for Chapter 12, why is the reader told, halfway through the chapter, that she will need "A computer able to connect to the Internet" and "An Internet connection" (page 233)? No one who has worked through the preceding dozen chapters needs to be reminded of this. Perhaps this chapter, on how to set up a development environment, should be made an appendix, as was the other installation and setup topics (Appendices F-I).

The next few chapters, Part IV, explore front-end development — namely, theming and jQuery. The first two chapters were penned by Jacine Luisi, who heads up the HTML5 initiative for Drupal 8. Readers learn about Drupal's core themes, theme engines, theme administration, metadata files, regions, layout, template files, global template variables, theme functions and hooks, preprocess and process functions, render arrays, theming forms, and more. The discussion is competent and thorough, as well as comprehensible, aside from the repeated use of the verb "print" to apparently mean "display". Chapter 17 demonstrates the use of JavaScript and jQuery in Drupal, and finishes by showing how to use jQuery UI to implement animations, such as accordions and progress bars.

Part V, "Back-End Development", comprises seven chapters that explain how to develop custom Drupal modules using the APIs. Because they provide an introduction to Drupal's system of hooks and overrides, they probably should have been located before the earlier chapters on theming, which rely upon those features of Drupal. Regardless, Chapters 18-20, by Benjamin Melançon, attempt to demystify the key topics in module development. Because this subject area is so critical to real-world Drupal development, and because the concepts can be quite intimidating to neophytes, any presentation of it must proceed at a reasonable pace, with clear explanation of how each aspect relates to the next. Like similar discussions in other Drupal books, this one begins quite approachable, but becomes more daunting, with a few places where readers will likely be perplexed — such as the hook_form_alter() discussion (page 411), which doesn't seem to match the resultant HTML. Yet this is such a challenging subject area that entire books have been devoted to it, and this one ventures into areas untouched by other books, such as how to create new database tables. Drupal coding standards are presented, although apparently not always followed in the example code (e.g., preceding internal function names with underscores). Part V is rounded out with chapters on porting modules to Drupal 7, writing "glue" modules, performing functional testing, and writing extendable/API modules.

Part VI, "Advanced Site-Building Topics", consists of ten chapters covering a variety of topics: building an online store using Commerce module (authored by the project's founder and lead, Ryan Szrama); Drush (which overlaps with Chapter 2); caching and storage mechanisms (MySQL and MongoDB); RDFa and the Semantic Web; Drupal's routing system; Drupal's internal operations for presenting a requested page; Solr module; UX enhancements in Drupal 7; completing the book's website; and Drupal distributions. All of the information and guidance appears correct, except for a couple problems: The instructions (page 568) to install Commerce Physical Product module, which does not have a Drupal 7 release, as of this writing, and certainly as of the book's publication date. Drune is a music player used as an example throughout Chapter 34, but its website, drune.org (pages 805 and 817), appears to be dead at this time.

Throughout this book, one will find a strong sense of community, with frequent encouragement for the reader to participate and contribute. This is evidenced by Part VII, which comprises four chapters that present: Drupal's history, how to make a living as a Drupal developer, how to maintain a contributed project, and further thoughts on how to contribute to the overall Drupal community. The book concludes with Part VIII, consisting of nine appendices, most of which focus on how to install Drupal on various platforms. This part is strangely titled "Appendix", yet contains multiple appendices (more scope creep?).

Given the somewhat stunning length of this book, its multitude of authors, and its wide coverage of most aspects of Drupal, it should be expected that the book has both strengths and weaknesses. Consider first that latter category. The authors and publisher should have sought ways to reduce the length of the book. For instance, the overview of PHP in Chapter 18 is not needed for this book's audience, and could be replaced by references to outside, more-detailed resources. The same is true of the section on Drupal coding standards. The book does not need to be made any longer than it already is, without good reason. Speaking of which, most of the longer chapters end with summaries, which are not worth the extra space taken up. Drupal's hook system is explained in at least three different chapters, and Git in two. The many authors should have been aware of this, had they been referencing the book's website, which was presumably built before the text describing it was written. Furthermore, the publisher and its chosen technical reviewers should have also spotted this.

The remarkably large number of authors is probably the primary reason for the book's noticeable unevenness, from one chapter to the next, in the quality of the writing — including the clarity of the explanations, which is arguably the most important factor. In a book written by advanced Drupal developers, it is to be expected that they will use Drupal-specific terminology. That is fine, but such terms should be defined at least once, before encountered by any readers unfamiliar with them. For instance, page xxxv alone mentions "d.o", "D8", and "contrib" — all meaningless to someone learning Drupal. There are places in the text where the descriptions do not match the corresponding screenshots (e.g., the "Required field" on page 18), and where, in the narrative, the lack of quotation marks around field labels makes it jarring and difficult to understand (e.g., throughout Chapter 8). There are some inconsistencies in spelling (e.g., "web site" and "website", even in the same sentence, on page lii), some inconsistencies in italicizing menu links (e.g., page 13), some misused phrases (e.g., "cannot be understated", on pages lix and 225, when "cannot be overstated" was called for), some baffling allusions (e.g., "aiee-the-alligator-is-going-to-get-me", on page 492), curly quotes in the code (e.g., pages 277 and 356-9), a repeated paragraph (page 507), an oxymoron ("libertarian communism"; xlvi), and the obligatory conflation of "depreciated" and "deprecated" (page 495) found in countless programming books.

This book contains numerous errata: "co-maintainer [f]or Drupal 7" (page xxxiv), "and." (xxxv), "bi-lingual" (xxxviii), "able [to] handle" (xlix), "don' think" (lv), "criteria[:] type" (lviii), "able [to] fill" (11), "th[r]ough the" (14), "an a" (19), "ask question questions" (29), "install [the] X-ray" (38), "You [] requests nuggets" (49), "you want to you" (56), "on [the] system" (57), "menu of option[s]" (57), "Rather [than] saving" (57), "menu(" (58), "you[r] Views" (59), "These setting[s]" (61), "that what" (66; should read "than what"), "might for use" (67), "you would chose" (67), "the next sort criteria" (67; should read "the next sort criterion"), "by click[ing]" (74), "you are make" (85), and "have [to] click" (85). At this point, not even 8% of the way in, I stopped recording them — although an amusing one is worth mentioning: "gather shook information" (452). Lastly, how did "Drurpal.org" (854) make it past the spelling check? It turns out that the entire book is peppered with such errors, and that first batch was merely the beginning. It is difficult to believe that so many obvious errata could have made it through any professional copy editing process.

Readers who are following along, and likely using the latest version of Drupal (7.8 as of this writing), will notice some differences between what they see on their screens and what is shown in the book's screenshots — most if not all of which are based upon Drupal 7.0. This is especially noticeable in Chapter 3, which covers Views, a module affected by ongoing enhancement. For instance, Views exporter submodule (page 52) is now gone; "Access all views" (page 53) has been altered; "Display Status" (page 62) is gone; there are no broken link icons to indicate overrides; "views/edit" (in the URL, page 71) is now "views/view"; and the Fields configuration dialog (page 75) is different. Fortunately, none of these cases of obsolescence should have any impact on the value of the information as a whole.

On the positive side of the ledger, this book offers much to be commended. As with any worthwhile programming book, this one makes extensive use of code snippets and screenshots to illustrate concepts discussed. These appear to be correct, except in the flowchart of Figure 30-3, where the conditional symbol's arrows are missing values. The text contains some welcome humor (e.g., a kittens photo request, on page 43) and some apt phrases (e.g., Permission module's "wall of checkboxes", on page 156). Some of the chapters were written by the contrib module developers/maintainers, i.e., those who arguably know those modules best. This is unique among the growing list of Drupal books, in that it devotes entire chapters to topics neglected by its competitors — such as documentation, installation profiles, module porting, Drush, Git, and working profitably as a Drupal professional. Some of this information emphasizes the value of project management (both for your individual projects, and Drupal as a whole).

On balance, the pluses outweigh the minuses. The book has a lot of good information, and many of the problems stem from sloppy writing that should have been caught by the publisher's editing team. It may not be the best source for some key subject areas, such as security or site building options. But if you seek a sole source that offers more information in total, then this is your book. For some topics — such as upgrading Drupal, crafting and testing modules, building installation profiles, and the inner secrets of the menu system — it goes into far more detail than any other. Definitive Guide to Drupal 7 is an impressive attempt to be just that, and no other single book currently matches it.

Michael J. Ross is a freelance web developer and writer.

You can purchase Definitive Guide to Drupal 7 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

destinyland writes "Amazon's going to disable 3G web browsing on their upcoming 'Kindle Touch 3G' — even though it was a prominent feature of the last generation of Kindles. Amazon will still allow web browsing on the Kindle Touch 3G using a local Wi-Fi connection, but it's one of many unsettling details emerging from Amazon's announcement last week. Apparently Amazon's cloud will now also include a list of personal documents that you're mailing to your Kindle. And the on-screen keyboard for Amazon's bargain $79 Kindles won't be a touchscreen keyboard, so users will have to nudge the controller repeatedly to gradually navigate from one key to the next."

New submitter quax writes "Michael Nielsen, who co-authored the book on Quantum Computing, released a set of short video lectures on his blog this summer (link to Google cache). They make a great introduction to the subject. But here's the catch: Due to other work responsibilities, he stopped short of completing the course, and will only complete it if he sees enough interest in the videos. Let's show him some numbers."

eldavojohn writes "As a web developer in the 'Agile' era, I find myself making (or recognizing) more and more important decisions being made in developing for the web. Scalability Rules cemented and codified a lot of things I had suspected or picked up from blogs but failed to give much more thought to and had difficulty defending as a member of a team. A simple example is that I knew state is bad if unneeded but I couldn't quite define why. Scalability Rules provided this confidence as each of the fifty rules is broken down in a chapter that is divided into what, when, how, why and key takeaways. A strength of the book is that these rules cover all aspects of web development; but that became a double edged sword as I struggled through some rules meant for managers or technical operators." Read below for the rest of eldavojohn's review. Scalability Rules: 50 Principles for Scaling Web Sites author Martin L. Abbot and Michael T. Fisher pages 272 publisher Addison-Wesley Professional rating 8/10 reviewer eldavojohn ISBN 978-0321753885 summary 50 Principles for Scaling Web Sites You might recognize the authors as two of the three partners of AKF Partners which means that the book pushes a lot of their concepts like the AKF Cube. A bonus is that they have a very long list of clients and aren't afraid to remind the reader that they have consulted to hundreds of companies so when they say they see these rules solving problems frequently, there's weight to that. Also, they have two books but don't confuse Scalability Rules with The Art of Scalability as the latter focuses on people, processes and technology instead of the rules of scaling.

First off this book gives you a primer of rules for you to start with depending on whether you are mostly a manager, software developer or technical operations personnel. I'll concentrate on the specifics of the software developer chapter and summarize the others at the end of this review. Also note that aside from some SQL, I only saw PHP code in this book. Luckily there's only a handful of snippets presented and they are easy to follow. Additionally each chapter ends with solid references (usually online resources) to back up the claims listed in those sets of rules.

The first chapter is devoted to reducing the equation and focuses on removing needless complexity from your solution. You can find this chapter here if you want to see how the layout looks. They give a lot of solid reasons for this and also a lot of good examples like understanding what your users care about. Why build a prompt to export a blog post as a PDF if 99% of the users don't care about it? Next up they say the rule to design to scale means designing for 20x capacity, implementing for 3x capacity and deploying to 1.5x capacity. A strength of the book are the grids that illustrate what is low, medium or high cost and impact through the chapters. Every time they discuss options at different parts of the solution development process, the user is given a chart to understand why. The next rule stresses that you can usually identify 80% of your benefit achieved from 20% of the work (80-20 rule). Rule 4 is strangely specific and implores the reader to simply reduce DNS lookups. However — and this is the first of many — they remind the reader that this rule must be balanced with putting your system all on one server just to reduce DNS lookups. Such a strategy can result in that becoming a choke point. Rule 5 quite simply instructs the reader to use as few objects as possible in your webpage.

The final rule of chapter one is the first one I disagree with in the book. The rule says "Don't mix the vendor networking gear." And this goes against every fiber of my being. Why even have networking standards if you are not to mix the vendor networking gear? Looking to upgrade one component? Better stick to brand X no matter how crappy they have become. This results in being nickeled and dimed and vendor lockin. If scalability is your sole goal than perhaps this is sound instructions. But I cannot understand how anyone would indicate lockin to a vendor — especially in today's networking gear.

Chapter two is incredibly short but potent. It covers some basic database concepts like why ACID properties of databases make them difficult to split. This chapter is spot on and calls upon the AKF cube for dimensions of scalability. Three dimensions are: You can clone things, split different things and split similar things (like by country region). This cube reappears throughout the book and it should be noted that the book does a good job of giving examples of when each dimension is a good choice for scaling and when it is a bad choice compared to the other two. In my line of work, massive scaling solutions have implemented all three.

Skipping to the next developer chapter on not duplicating your work, the text ranged from the incredibly obvious "Don't double check your work" to relaxing temporal constraints. The chapter is short like chapter two and didn't offer me a whole lot. A third rule was again oddly specific in saying not to do redirects and even getting down into the very fine specifics of what HTTP codes are and how they affect your response times.

The next chapter for developers is chapter ten on avoiding or distributing state. Rule 40 actually came in useful at my job as it simply states "Strive for Statelessness." There was an easy solution to a problem in one of our projects that involved storing an object in the session to keep track of what was being displayed to the user. Having read the book, I instead made this web application nearly stateless (except user authentication and the like). Later on, as we started testing the application in multi-tabbed browsing and users began opening many search tabs and viewed several objects at once to compare them, I was glad that I had not gone down this path. Doesn't have much to do with scalability but I think all web developers should read this chapter as it really does pay to avoid state when possible.

As the rules grew closer to 50, they lost their potency. The authors did a good job of trying to put a bit of ranking in the appearance to these rules. The final developer chapter on asynchronous communication and message buses is probably the most specific and was the least useful for me. While all the rules in this chapter are true, they again border on the banal with examples like "Avoid Overcrowding Your Message Bus."

Having read this book cover to cover, it is a very short book with extremely succinct and organized summaries (the final chapter is a short review of each rule). The manager and operations chapters didn't really do a lot for me overall but would occasionally have very interesting chapters that opened up a lot of the logic behind content delivery services to me. Occasionally I would take slight issue with some rules but the most egregious rule I read was Rule 28 "Don't Rely on QA to Find Mistakes" and then the chapter opens with calling the title of this rule "ugly and slightly misleading and controversial." Because it is and could probably be replaced with another sentence from the chapter: "You can't test quality into your system." Why rely on sensational headlines when I'm already holding your book? I think this book would have been a solid 9/10 if not for this oddity in the large rule set.

I've given each of these rules a decent amount of thought and will keep them at the back of my mind as I write code in an agile environment. Mistakes made early on can be very costly in scaling terms. This book will definitely be kept around at work when I need a solid argument for those design decisions that might take more work but save in the future when it needs to scale.

You can purchase Scalability Rules: 50 Principles for Scaling Web Sites from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "When it comes to a physical crime scene and the resulting forensics, investigators can ascertain that a crime took place and gather the necessary evidence. When it comes to digital crime, the evidence is often at the byte level, deep in the magnetics of digital media, initially invisible from the human eye. That is just one of the challenges of digital forensics, where it is easy to destroy crucial evidence, and often difficult to preserve correctly." Read on for the rest of Ben's review. Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet author Eoghan Casey pages 840 publisher Academic Press rating 10/10 reviewer Ben Rothke ISBN 978-0123742681 summary Definitive reference on the subject of digital evidence and computer crime For those looking for an authoritative guide,Digital Evidence and Computer Crimeis an invaluable book that can be used to ensure that any digital investigation is done in a formal manner, that can ultimately be used to determine what happened, and if needed, used as evidence in court.

Written by Eoghan Casey, a leader in the field of digital forensics, in collaboration with 10 other experts, the book's 24 chapters and nearly 800 pages provide an all-encompassing reference. Every relevant topic in digital forensics is dealt with in this extraordinary book. Its breadth makes it relevant to an extremely large reading audience: system and security administrators, incident responders, forensic analysts, law enforcement, lawyers and more.

In the introduction, Casey writes that one of the challenges of digital forensics is that the fundamental aspects of the field are still in development. Be it the terminology, tools, definitions, standards, ethics and more, there is a lot of debate amongst professionals about these areas. One of the book's goals is to assist the reader in tackling these areas and to advance the field. To that end, it achieves its goals and more.

Chapter 1 is appropriately titled Foundation of Digital Forensics,and provides a fantastic overview and introduction to the topic. Two of the superlative features in the book are the hundreds of case examplesand practitioners' tips. The book magnificently integrates the theoretical aspects of forensics with real-world examples to make it an extremely decipherable guide.

Casey notes that one of the most important advances in the history of digital forensics took place in 2008 when the American Academy of Forensic Sciences created a new section devoted to digital and multimedia sciences. That development advanced digital forensics as a scientific discipline and provided a common ground for the varied members of the forensic science community to share knowledge and address current challenges.

In chapter 3 – Digital Evidence in the Courtroom– Casey notes that the most common mistake that prevents digital evidence from being admitted in court is that it is obtained without authorization. Generally, a warrant is required to search and seize evidence. This and other chapters go into detail on how to ensure that evidence gathered is ultimately usable in court.

Chapter 6 – Conducting Digital Investigations – is one of the best chapters in the book. Much of this chapter details how to apply the scientific method to digital investigations. The chapter is especially rich with tips and examples, which are crucial, for if an investigation is not conducted in a formal and consistent manner, a defense attorney will attempt to get the evidence dismissed.

Chapter 6 and other chapters reference the Association of Chief Police Officer's Good Practice Guide for Computer-Based Electronic Evidence as one of the most mature and practical documents to use when handling digital crime scenes. The focus of the guide is to help digital investigators handle the most common forms of digital evidence, including desktops, laptops and mobile devices.

The Good Practice Guideis important in that digital evidence comes in many forms, including audit trails, application, badge reader and ISP and IDS logs, biometric data, application metadata, and much more. The investigator needs to understand how all of these work and interoperate to ensure that they are collecting and interpreting the evidence correctly.

Chapter 9 — Modus Operandi — by Brent Turvey is a fascinating overview of how and why criminals commit crimes. He writes that while technologies and tools change, the underlying psychological needs and motives of the offenders and their associated criminal behavior has not changed through the ages.

Chapter 10 – Violent Crime and Digital Evidence — is another extremely fascinating and insightful chapter. Casey writes that whatever the circumstances of a violent crime, information is key to determining and thereby understanding the victim-offender relationship, and to developing an ongoing investigative strategy. Any details gleaned from digital evidence can be important, and digital investigators must develop the ability to prioritize what can be overwhelming amounts of evidence.

Chapter 13 – Forensic Preservation of Volatile Data — deals with the age-old forensic issue: to shut down or not to shut down? It provides a highly detailed sample volatile data preservation process for an investigator to follow to preserve volatile data from a system. There is also a fascinating section on the parallels between arson and digital intrusion investigations.

Part 4 of the book is Computers, in which the authors note that although digital investigators can use sophisticated software to recover deleted files and perform advanced analysis of computer hard drives, it is important for them to understand what is happening behind the scenes. A lack of understanding of how computers function and the processes that sophisticated tools have automated make it more difficult for digital investigators to explain their findings in court and can lead to incorrect interpretations of digital evidence.

Chapter 17 – File Systems– has an interesting section on dates and times. Given the importance of dates and times when investigating computer-related crimes, investigators need an understanding of how these values are stored and converted. The chapter has a table of the date-time stamp behavior on both FAT and NTFS file systems. Time stamps are not a trivial issue, as there are many different actions involved (file moved, deletion, copy, etc.) that can affect the date-time stamp in very different ways.

A better title for Digital Evidence and Computer Crime might be the Comprehensive Guide to Everything You Need to Know About Digital Forensics. One is hard pressed to find another book overflowing with so many valuable details and real-world examples.

The book is also relevant for those who are new to the field, as it provides a significant amount of introductory material that delivers a broad overview to the core areas of digital forensics.

The book progresses to more advanced and cutting-edge topics, including sections on various operating systems, from Windows and Unix to Macintosh.

This is the third edition of the book and completely updated and reedited. When it comes to digital forensics, this is the reference guide that all books on the topic will be measured against.

With a list price of $70.00, this book is an incredible bargain given the depth and breadth of topics discussed, with each chapter written by an expert in the field. For those truly serious about digital forensics,Digital Evidence and Computer Crime is an equally serious book.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "When it comes to a physical crime scene and the resulting forensics, investigators can ascertain that a crime took place and gather the necessary evidence. When it comes to digital crime, the evidence is often at the byte level, deep in the magnetics of digital media, initially invisible from the human eye. That is just one of the challenges of digital forensics, where it is easy to destroy crucial evidence, and often difficult to preserve correctly." Read on for the rest of Ben's review. Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet author Eoghan Casey pages 840 publisher Academic Press rating 10/10 reviewer Ben Rothke ISBN 978-0123742681 summary Definitive reference on the subject of digital evidence and computer crime For those looking for an authoritative guide,Digital Evidence and Computer Crimeis an invaluable book that can be used to ensure that any digital investigation is done in a formal manner, that can ultimately be used to determine what happened, and if needed, used as evidence in court.

Written by Eoghan Casey, a leader in the field of digital forensics, in collaboration with 10 other experts, the book's 24 chapters and nearly 800 pages provide an all-encompassing reference. Every relevant topic in digital forensics is dealt with in this extraordinary book. Its breadth makes it relevant to an extremely large reading audience: system and security administrators, incident responders, forensic analysts, law enforcement, lawyers and more.

In the introduction, Casey writes that one of the challenges of digital forensics is that the fundamental aspects of the field are still in development. Be it the terminology, tools, definitions, standards, ethics and more, there is a lot of debate amongst professionals about these areas. One of the book's goals is to assist the reader in tackling these areas and to advance the field. To that end, it achieves its goals and more.

Chapter 1 is appropriately titled Foundation of Digital Forensics,and provides a fantastic overview and introduction to the topic. Two of the superlative features in the book are the hundreds of case examplesand practitioners' tips. The book magnificently integrates the theoretical aspects of forensics with real-world examples to make it an extremely decipherable guide.

Casey notes that one of the most important advances in the history of digital forensics took place in 2008 when the American Academy of Forensic Sciences created a new section devoted to digital and multimedia sciences. That development advanced digital forensics as a scientific discipline and provided a common ground for the varied members of the forensic science community to share knowledge and address current challenges.

In chapter 3 – Digital Evidence in the Courtroom– Casey notes that the most common mistake that prevents digital evidence from being admitted in court is that it is obtained without authorization. Generally, a warrant is required to search and seize evidence. This and other chapters go into detail on how to ensure that evidence gathered is ultimately usable in court.

Chapter 6 – Conducting Digital Investigations – is one of the best chapters in the book. Much of this chapter details how to apply the scientific method to digital investigations. The chapter is especially rich with tips and examples, which are crucial, for if an investigation is not conducted in a formal and consistent manner, a defense attorney will attempt to get the evidence dismissed.

Chapter 6 and other chapters reference the Association of Chief Police Officer's Good Practice Guide for Computer-Based Electronic Evidence as one of the most mature and practical documents to use when handling digital crime scenes. The focus of the guide is to help digital investigators handle the most common forms of digital evidence, including desktops, laptops and mobile devices.

The Good Practice Guideis important in that digital evidence comes in many forms, including audit trails, application, badge reader and ISP and IDS logs, biometric data, application metadata, and much more. The investigator needs to understand how all of these work and interoperate to ensure that they are collecting and interpreting the evidence correctly.

Chapter 9 — Modus Operandi — by Brent Turvey is a fascinating overview of how and why criminals commit crimes. He writes that while technologies and tools change, the underlying psychological needs and motives of the offenders and their associated criminal behavior has not changed through the ages.

Chapter 10 – Violent Crime and Digital Evidence — is another extremely fascinating and insightful chapter. Casey writes that whatever the circumstances of a violent crime, information is key to determining and thereby understanding the victim-offender relationship, and to developing an ongoing investigative strategy. Any details gleaned from digital evidence can be important, and digital investigators must develop the ability to prioritize what can be overwhelming amounts of evidence.

Chapter 13 – Forensic Preservation of Volatile Data — deals with the age-old forensic issue: to shut down or not to shut down? It provides a highly detailed sample volatile data preservation process for an investigator to follow to preserve volatile data from a system. There is also a fascinating section on the parallels between arson and digital intrusion investigations.

Part 4 of the book is Computers, in which the authors note that although digital investigators can use sophisticated software to recover deleted files and perform advanced analysis of computer hard drives, it is important for them to understand what is happening behind the scenes. A lack of understanding of how computers function and the processes that sophisticated tools have automated make it more difficult for digital investigators to explain their findings in court and can lead to incorrect interpretations of digital evidence.

Chapter 17 – File Systems– has an interesting section on dates and times. Given the importance of dates and times when investigating computer-related crimes, investigators need an understanding of how these values are stored and converted. The chapter has a table of the date-time stamp behavior on both FAT and NTFS file systems. Time stamps are not a trivial issue, as there are many different actions involved (file moved, deletion, copy, etc.) that can affect the date-time stamp in very different ways.

A better title for Digital Evidence and Computer Crime might be the Comprehensive Guide to Everything You Need to Know About Digital Forensics. One is hard pressed to find another book overflowing with so many valuable details and real-world examples.

The book is also relevant for those who are new to the field, as it provides a significant amount of introductory material that delivers a broad overview to the core areas of digital forensics.

The book progresses to more advanced and cutting-edge topics, including sections on various operating systems, from Windows and Unix to Macintosh.

This is the third edition of the book and completely updated and reedited. When it comes to digital forensics, this is the reference guide that all books on the topic will be measured against.

With a list price of $70.00, this book is an incredible bargain given the depth and breadth of topics discussed, with each chapter written by an expert in the field. For those truly serious about digital forensics,Digital Evidence and Computer Crime is an equally serious book.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

eldavojohn writes "The Metasploit Framework has come a long way and currently allows just about anyone to configure and execute exploits effortlessly. Metasploit: The Penetration Tester's Guide takes current documentation further and provides a valuable resource for people who are interested in security but don't have the time or money to take a training class on Metasploit. The highlights of the book rest on the examples provided to the reader as exercises in exploiting several older versions of operating systems like Windows XP and Ubuntu while at the same time avoiding triggering antivirus or detection. The only weak point of this book is that a couple chapters refer the reader to external texts (on stacks and registers) in order to meet requirements for crafting exploits. The book also gives the reader a brief warning on ethics as many of these exploits and techniques would most likely work on many sites and networks. If you're wondering how seemingly inexperienced groups like lulzsec constantly claim victims, this would be an excellent read." Keep reading for the rest of eldavojohn's review. Metasploit The Penetration Tester's Guide author David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni pages 300 publisher No Starch Press, Inc. rating 10/10 reviewer eldavojohn ISBN 978-1593272883 summary A thorough guide to penetration testing with the Metasploit Framework. In 2007, Metasploit was migrated from Perl to Ruby. The book opens with a brief history of the framework and mentions this but does not address any complaints of performance loss. Instead, the authors argues that this increased contributions and adoptions. As a result, all the code in this book (which the exception of some SQL payloads) is written in Ruby. If you don't know Ruby but you know many other languages, it's a fairly simple language to pick up.

The first chapter of this book clearly indicates that the objective is to empower white hat hackers and researchers. They lay down a predefined set of phases that one takes while pen testing a target. They are Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation and Reporting. Chapter two covers the terminology that is used across the Metasploit Framework so if you're unfamiliar with concepts like 'shellcode' or 'payload' this chapter will set you straight. It also mentions a UI for Metasploit called Armitrage but my personal tastes kept me using the minimal MSFConsole and MSFcli.

Chapter three begins to cover intelligence gathering and covers everything from the basic whois tool to writing your own custom scanner. The chapter does a great job of carefully explaining in detail the difference between passive and active scanning. The stealth TCP scan that nmap provides was a new thing for me and the chapter also details how Metasploit can use several database technologies to record and store the results of your scans to be used later on. The chapter shows how to use Metasploit to scan ports, server message blocks, MS SQL servers, SSH servers, FTP and simple network management protocol sweeping. Most of these techniques are a few quick commands in Metasploit's console and with Ruby mixins the chapter illustrates how to write your own scanner for use in Metasploit in about 20 lines of code. But all of this is just to get a grasp of what's up and running on the server.

Chapter four starts to get interesting with actual vulnerability scanning. Banner grabbing is an important technique in pen testing and the book suggests using NeXpose community edition (also a Rapid7 tool). This is covered in more detail in the appendix but NeXpose is a web GUI interface for scanning, storing and managing site scans. This provides great reporting features, it's intuitive and reduces everything to point-and-click for the user. But luckily this tool can also be run from the console (something I preferred). The chapter also covers another popular scanner called Nessus and shows to import the results to Metasploit for use. The chapter also includes noisy options like SMB login scanning or just looking for open VNC or X11 servers. Mentioned here first (but also frequently later in the book) is Back|Track for connecting to such targets. Something neat about this chapter is that if you don't care that your target knows you're attacking them, you can just move from these results collected with NeXpose, Nessus or OpenVAS and drop them into the 'autopwn' tool in Metasploit. It's three commands on the console and apparently works more often than it should.

Chapter five familiarizes the reader with the MSFConsole and its basic commands like showing all the exploits, payloads and targets available in the Metasploit Framework installed. These are constantly updated and maintained so they often change. With that information, the chapter proceeds to step the reader through an exploit in a Windows XP SP2 (MS08-067) and then a Samba exploit in Ubuntu 9.04.

Chapter six spices things up by introducing Meterpreter that extends the Metasploit Framework to serve a shell to the exploited system and from there perform additional attacks. The chapter shows how to brute force an MS SQL server and use the stored procedure xp_cmdshell to gain remote access. Meterpreter has a lot of neat features like keystroke logging, capturing screenshots and dumping password hashes (including the pass-the-hash technique). Simple commands in meterpreter can allow the user to easily and effortlessly accomplish many things: privilege escalation, token impersonation, pivoting to another system, process migration, killing antivirus software, system scraping, the list goes on. The chapter finishes by briefly mentioning an intriguing tool called Railgun that I wish they had spent more time on.

Chapter seven covers avoiding antivirus detection through tools like msfencode (to avoid your exploit being fingerprinted). Even better is encoding it many many times. If you know what antivirus your target uses, you can simply run the antivirus on your encoded exploit on your local machine to see if it's picked up. The chapter also covers the basics on continuing normal execution of a backdoored executable and packers that compress an executable for you with decompression code built in.

The book gets progressively more technical with chapter eight focusing on client side attacks. The chapter covers the NOP slide technique and also introduces the Immunity Debugger. It covers the Internet Explorer Aurora Exploit (MS10.002) as an end of chapter exercise for the reader to do. Chapter nine takes a quite look at Metasploit's auxiliary modules that allow the user to do many other things than just exploits. They run through the source of a mischievous Foursquare Location Poster that can make you appear to be everywhere on Foursquare. They also cover heap spraying attacks in web browsers — a topic that was particularly discomforting for me considering how long I often leave my browser open for.

Chapter ten was probably one of the more boring for me but a very important tool for pen testers. It shows how to turn the Metasploit Framework into a social exploitation tool that can be used to send templated e-mails to distribution lists. The intent of this, of course, is to get one user in a large company to click on a site that looks like their company's homepage and perhaps enter their credentials. By just selecting from lists of options, you can create java applet exploits that appear to be legitimately signed, clone a website like gmail and harvest credentials, tabnabbing, webjacking, man-left-in-the-middle and finally mixing those all together in a multipronged attack. The next chapter is just more exploits via Fast-Track (an open source Python based tool that builds on top of Metasploit).

Chapter twelve covers Karmetasploit, a Metasploit implementation of the wireless security tool Karma. The strategy of this exploit is to present your machine as a wireless access point. When a user connects, you can use karmetasploit to host fake webpages and grab their credentials or even gain shell access through a client side attack. Knowing how frequently people attach to anything in coffee shops and airports, this sort of attack could be particularly brutal and extremely easy to execute given Metasploit's simplicity for users.

The final chapters do an okay job of showing you how to first build your own module for Metasploit in chapter thirteen. Then in fourteen, the book looks at building your own exploit and goes into detail about fuzzing applications on your local machine and using the Immunity Debugger to look at what's happening given the fuzzed input. What follows is a lengthy discussion of the Structured Exception Handler (SEH) and the Next SEH (NSEH) and how you can manipulate registers and utilize JMPs to hit a NOP slide into your shellcode. This is one of the longest and most complicated chapters with probably the most technically intensive writing. I would like to see further editions of this book expand on things like this as it was important for me as a software developer to understand how these attacks are manufactured.

Chapter fifteen was similar to fourteen but showed how to port exploits to the metasploit framework. This chapter covers more so the general guidelines for writing exploits for the metasploit framework and doing it so that you leverage metasploit's flexibility. Chapter sixteen covers the scripting abilities of meterpreter and customizing that to execute further exploits once you have access to a target machine with meterpreter.

The final chapter brings the key steps together for a simulated penetration testing of a preconfigured system with web server (the book lists the Pirate Bay as a source of this torrent). As you work through this chapter, the phases of pen testing are exercised with all the aforementioned strategies employed.

This book was a real eye opener to read for a software developer. I haven't done formal pen testing aside from testing my own code so a lot of these advanced concepts were new to me. I enjoyed how the code was laid out with circled numbers marking code (instead of every line being numbered) that were referenced later in the text. I hope future editions of this book provide progressively more and more material as there's clearly a lot of sections that are condensed into a few paragraphs but could be expanded upon almost endlessly. I'm glad this sort of tool didn't exist during my younger more mischievous years as this book demonstrates that it could be used for gaining access to just about anything (depending on how much free time and skill you have).

You can purchase Metasploit: The Penetration Tester's Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

frisket writes "The JIRA issue-tracking system has been around for seven years and has proved popular in commercial as well as open-source environments owing to its licensing arrangements (free of charge to certain classes of organizations, and source code available to developers). The release of v.4 in 2009 (now at 4.4) brought some major changes to the UI and searching, a new plugin architecture, and the ability to share project dashboards outside the system. Patrick Li's JIRA 4 Essentials is a comprehensive guide to the interface and facilities that both presents the material straightforwardly and avoids the trap of just being a guide to the menus. Although it is aimed mainly at the administrator, it will also be useful for the desktop user wanting a standalone system." Read on for the rest of Peter's review. JIRA 4 Essentials: Track bugs, issues, and manage your software development projects with JIRA author Patrick Li pages 333 publisher PACKT rating 7 reviewer Peter Flynn ISBN 978-1-849681-72-8 summary A step-by-step tutorial and is packed with practical examples that will make learning JIRA easy. JIRA is an tracking system for issues arising in software project management and development (the vendor, Australian software company Atlassian, seems to avoid the use of the phrase "bug-tracker".) It's written in Java and runs on all three main platforms, and can be downloaded for server or desktop, or run hosted, and there is a 30-day trial period.

Pricing is scaled by number of users in bands, and is for a perpetual license with a year's support. Although it is commercial software, Atlassian provides it free of charge to open source projects — one reason for its popularity in the movement — and a limited set of non-profit organization types. Academic and developer licenses are also available at a reduced rate.

JIRA 4 Essentials: Track bugs, issues, and manage your software development projects with JIRA is aimed at the administrator who needs a comprehensive description, explanation, and reference to JIRA that goes beyond the online documentation. Patrick Li has also provided a book that the end user can use and learn from (I administer systems, but not JIRA; but I use it for several applications).

So why this book? JIRA's online documentation is very good, and fine for reference and searching, but the book explains the features in much more detail, with more background on factors like why you might want to use one particular feature rather than another. Patrick Li has done what few authors of the "About..." style of book do: produce a readable yet detailed explanation of how to use an application, without simply reproducing each menu in turn.

The book is divided into ten chapters, approaching the topic from the project management and issue management point of view. This approach means that newcomers learns why they might want to do something rather than just how.

Chapter 1 covers getting started: a description of the JIRA architecture (I did say this was for admins and developers), followed by installation options and the installation process itself (Java, MySQL, and JIRA). The examples and screenshots here are for Microsoft Windows users of the standalone version (which comes bundled with Tomcat): experienced admins on Unix-based systems are assumed to know how to install Tomcat and deploy an application. Very sensibly it includes a section on installing HTTPS, something neglected by many web-based systems.

Chapters 2 and 3 are on project management and issue management as dealt with in JIRA. They take an outward-in approach, describing the overall management facilities (project administration and configuration) before going on to the finer detail of components, issues, priorities, and resolutions. This can be a little frustrating for the admin taking over a running system, and needing to perform individual tasks; or for the user wanting to add an issue rather than configure an entire project, but the four-level table of contents provides enough overview to let you find the right section. The running example used for illustration is a project support desk, and the many screenshots are detailed and accurate. Chapter 3 ("Issue Management") in particular is very detailed: this is one area where most users will spend most of their time, so it merits this approach.

Chapters 4 and 5 deal with field and screen management respectively. The fields available in any interface are always an annoyance to the end user: the one you need is never there, and there are dozens that you can't imaging ever wanting. Getting the fields and their configuration right is critical to the success of any installation, and Li rightly spends a lot of the chapter on customizing the field set. A similar approach pays off in Chapter 5 on screen management, although it would have been useful to cover some of the concepts of usability such as field order logic, data entry types, and flow logic between screens, which tend to be neglected by busy admins, only to raise issues later with the interface to the issue management software itself.

Chapter 6 is on workflows and business processes: how to adapt the concepts of Chapters 4 and 5 to the business logic of your organization. This is possibly one of the most important configurations, as it forms the interface with the rest of the company, but it is the only chapter I would take issue with, as the writing seems to be less coherent and convincing than elsewhere, as if it was done in haste. It's perfectly accurate, so far as I can tell, and the screenshots are carefully detailed; it's just slightly less easy to read, particularly the central part on transitions and conditions. But this is a small defect overall.

Chapter 7 is on setting up email notification and SMTP. As with most collaborative systems, email can be used both as an input and an output, and there is a set of templates that can be edited to reflect the way your company wants users to be notified. (I live in hope that some company will say "Thanks for submitting ticket XYZ. I'm sorry we screwed up on that one: we're fixing it and we'll let you know." which would be much more honest than the usual marketing claptrap.) Mail submission is an often-neglected way of communicating, and it's good to see it get decent attention.

I mentioned earlier that it was good to see HTTPS being covered: the same is true of Chapter 8 ("Securing your JIRA") which covers the benefits and shortfalls of signup, captchas, the permission hierarchy, and the roles of JIRA sysadmin and JIRA admin.

The final two chapters cover searching and general administration. Searching is one of the biggest bugbears in bug^H^H^Hissue submission: people have so many different ways of expressing what they feel to be the matter that no amount of urging will make them write the same topic when they submit the same bug. Dev teams have to deal with repeated duplicate submissions which would be avoided if search engines would only let people find earlier reports of the same thing, but this magic continues to elude us. JIRA introduced JQL in an attempt to help: this is based on a field=value query syntax which is fine for token list fields, but not much use for freetext searches, where a thesaurus would be more useful. However, Li explains the problem and the solutions available, and also covers setting up stored filters, and creating dashboards and reports. The last chapter (10) deals with customizing the general look and feel, colors, logos, date and time configs, and the use of plugins (the Google Docs Connector is illustrated).

Each chapter has a summary, but they are rather short. It would be more useful to see a whole page summarizing the material covered, rather than just a few lines: this would then provide a valuable resource when using the book for training. Perhaps a re-issue of the book for v.5 could address this.

There are some minor cultural/linguistic problems with the use of "a software" and "softwares" as nouns, and the occasional appearance of "manual" for "manually", which indicates that some tighter copy-editing might be appropriate for a future edition. There is a good two-level index, but it is unclear from simple capitalization what the semantics of entries are (a reserved word or phrase? a key value? a prompt or GUI widget?). A minor annoyance is the otherwise very good Table of Contents, which appears to have been done by a PowerPoint user, with the font-size continually shrinking and the margin indenting as the depth increases (for the page numbers as well as the entries!): better control of the design is needed.

Overall, I found the book both readable and useful. It is well illustrated with very clear screenshots, using tooltip-yellow callouts to explain fields and prompts. The writing style is light and illustrative, explaining why an action is needed before how to do it.

On the subject of training, the book would probably be useful to trainers for the same of its detailed procedures (go here, click this, type that, click there). Li does state that JIRA can be used for managing issues outside the software issue-tracking field, which implies that it could be used by non-IT people at some stage, and training would certainly be needed. The HelpDesk application example, which recurs throughout, will probably be a useful point of reference for the majority of readers. If the future plans for JIRA are to extend its reach outside the IT issue-tracking field, it might be useful to develop a non-IT application example for another edition.

You can purchase JIRA 4 Essentials from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "For decades, programmers have written computer code in one language, and then programmatically translated that code into another, lower-level form (typically machine code that can be run directly by a microprocessor, or some sort of bytecode that can be interpreted by a virtual machine). For instance, source code written in C or C++ is compiled and assembled into machine code. In web programming, there are emerging languages and other tools for translating code into JavaScript. For instance, Google Web Toolkit allows the programmer to create web apps in Java. The latest addition to this category is CoffeeScript, a language that can be compiled into JavaScript, and is intended to reduce source code size and clutter by incorporating some of the best operators from other Web scripting languages, particularly Ruby. It is also the topic of a new tutorial, CoffeeScript: Accelerated JavaScript Development." Read on to learn what Michael thinks of this book. CoffeeScript: Accelerated JavaScript Development author Trevor Burnham pages 138 pages publisher Pragmatic Bookshelf rating 5/10 reviewer Michael J. Ross ISBN 978-1934356784 summary A fast-paced tutorial of CoffeeScript. This book is authored by Trevor Burnham, who is credited as one of the early contributors to the project by Jeremy Ashkenas (the creator and project lead of CoffeeScript) in his foreword to the book. Published by Pragmatic Bookshelf on 3 August 2011, under the ISBN 978-1934356784, CoffeeScript: Accelerated JavaScript Development fills only 138 pages, which is certainly a change of pace from the majority of programming tomes now being released. This book's material is grouped into six chapters, plus four appendices — aside from a preface, which introduces CoffeeScript as well as a word game, which is used as the example project throughout the book. Oddly enough, the preface mentions jQuery, but not as one of the well-known attempts to streamline JavaScript code.

The first chapter, "Getting Started," begins by briefly explaining how to install Node and npm (Node Package Manager). These instructions assume that you are following along in a Linux environment or some emulation thereof. They also seem to assume that nothing goes wrong in any of the steps, because no troubleshooting guidance or references are provided. Given the number of moving parts required to get CoffeeScript running, as well as the technical pitfalls that could ensnare a Windows or Mac user, the author should have provided more clear and detailed installation instructions. Also, readers unfamiliar with Linux/Unix may be puzzled by some of the instructions. For instance, page 3 appears to state that the way to check that those two aforesaid packages are on your path, is to simply type in "PATH" (whereas what is needed is "echo $PATH"). From that point forward, the narrative gradually becomes more opaque, with cursory coverage of text editor plug-ins, the "coffee" command line compiler, REPL, "the soak" (an existential chain operator), and the limitations of trying to debug CoffeeScript code. It is quite possible that by the end of this chapter, many readers will decide to not bother trying to learn CoffeeScript, and instead to stick with plain JavaScript, possibly supplemented with jQuery (which is not to say that jQuery code is any easier to read).

In the next three chapters, the author presents the basics of CoffeeScript, including how to: define and use functions and their arguments; test conditionals; throw and catch exceptions; understand variable scoping and context; create arrays using splats; accept input from the console; create objects, arrays, and soaks (in more detail than before); iterate over collections; match patterns; define namespaces using modules; and create prototypes and classes. He makes extensive use of examples, which thankfully are concise (unlike some programming books whose example code span far too many lines, and sometimes even multiple pages — forcing the reader to dig through the code, trying to find the important lines). Also, the brevity of CoffeeScript syntax is undoubtedly a factor. However, his concise style extends to the narrative as well, and will likely cause newbies to have to read the material several times — and even then wonder whether they fully grasp the concepts. It seems that the author understands CoffeeScript extremely well, but is not always able to communicate that knowledge to the reader in a patient and comprehensible manner.

Chapter 5 is a primer on jQuery, and is apparently included in the book so that the example application (the word game) can be made to work in a web browser — since none of the code or narrative (aside from the example app) appears to be related to CoffeeScript. It would have been more efficient to simply point the reader to an online jQuery tutorial, and then present only the CoffeeScript-specific differences — or just briefly explain how to load CoffeeScript files in an HTML file, which could have been done in a sidebar. The last chapter demonstrates how to run CoffeeScript on a web server, utilizing Node.js, and also explores how the lack of threads in JavaScript can impact Node programming. The example project is made multiplayer using Node, Connect, and WebSocket.

The appendices provide answers to the end-of-chapter exercises, alternative methods of running CoffeeScript code, a JavaScript cheat sheet, and a list of a half dozen bibliographic references. This book concludes with a suspiciously-short index, at less than three pages long, which appears to provide only the first or earliest occurrences of the major terms. Consequently, anyone who tries to use this book as a reference work for looking up key terms quickly — or for finding their later occurrences — will likely need to obtain an electronic version of the book, since all e-readers have search functionality. Furthermore, the index is missing some key terms used in the text, such as "function callbacks" and "arbitrary expressions" — heck, it's even missing "expressions," a fundamental concept in any programming language.

Prospective readers who wish to learn more about the book, can visit Pragmatic Bookshelf's page, which offers brief descriptions of the book and its author — as does O'Reilly Media's page. But, as of this writing, only the former makes available an e-book version, pre-publication reader comments, a discussion forum, the example source code used in the book, and a link to a page for reporting errata, which already has more than half a dozen items listed. More are present in the text: "add [a] multiplayer capability" (page xx); a lone ")" missing its matching "(" (in Exercise 6, page 34); "in a lot in functions" (page 107; should read "in a lot of functions"); "a[n] overhead" (page 110); "everyone and their dog is" (page 116).

The author's writing style is sometimes quirky, which in most cases adds a bit of levity, but occasionally leads to the misuse of terms, e.g., array ranges usage described as "fantastical" (page 43). "BDFL" (page xiii) will prove puzzling at first to most readers. On page xvi, the reader is told that JavaScript "contains multitudes." — multitudes of what? And nothing can excuse the groan-inducing "automagically" (page 100).

In terms of the ordering of the topics, one of the most exasperating aspects of this book is the way that many language concepts — such as chained comparisons, and variables being true or false (or "truthy" or "falsy") — are not presented up front, on their own, but mixed in with discussions of other topics, including development of the game application, and even in the answers to the chapter questions (Appendix 1). This makes the book generally unsuitable as a reference, especially when combined with a disappointing index.

One might assume that the modest size of this book is a result of the small size of the language itself. But another factor is surely the pithy presentation style for even some of the most important concepts in the language. Perhaps worst of all — especially from the perspective of someone relatively new to programming — some basic concepts are not addressed, or the example code does not address common use cases. For instance, in CoffeeScript, how does one create a block consisting of multiple lines of code? On page 17, indentation is briefly mentioned, but the sample code shows single-line blocks only. Other important ideas are "saved as an exercise" (which may induce flashbacks to exasperating technical college textbooks). Some readers may conclude that the author didn't want to make the effort of fully describing the language, in a more canonical fashion, which would have resulted in a much longer, but more valuable book.

It is unclear as to how much of the likely mystification and frustration of the average reader will be due to the writing choices made by the author, and how much can be blamed on the sometimes cryptic syntax of CoffeeScript, evident in the discussion of topics such as function binding (Chapter 2) and keywords (e.g., from page 106, "what.x and @x are, of course, equivalent if and only if what is this." Of course!). Readers are told in the introduction that they do not need to be experts in JavaScript to understand the book's material, and can be amateurs (page xviii). But there are several places in the book where intermediate-level knowledge, at a minimum, would be needed. That sort of difficult material may be another point in the CoffeeScript journey where some readers will decide to eschew learning the language.

The production quality of the book is fine, except that the chosen font's ratio of height to width is more than what is usually found in books nowadays; when combined with inadequate spacing among the words within many of the sentences, it makes it difficult for the reader to rapidly scan the material. The e-book version reflects the same minor problem. Yet it makes excellent use of color for syntactically highlighting the code — a feature not seen in the print version.

So if you would like to do some JavaScript programming, but without writing any JavaScript, then one possible place to start your journey is CoffeeScript: Accelerated JavaScript Development. As of this writing, it is the only CoffeeScript book on the market. Yet should the language continue growing in popularity, then more substantial and recommendable books will probably become available.

Michael J. Ross is a freelance web developer and writer.

You can purchase CoffeeScript: Accelerated JavaScript Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "During the 1990's when Kevin Mitnick was on the run, a cadre of people were employed to find him and track him down. Anyone who could have an angle on Mitnick was sought after by the media to provide a sound bite on the world's most dangerous computer hacker. Just one example is John Markoff, who became a star journalist for his work at The New York Times, and a follow-up book and series of articles based on Mitnick. In Ghost in the Wires: My Adventures as the Worlds Most Wanted Hacker, the first personal account of what really happened; Mitnick says most of the stories around him were the result of the myth of Kevin Mitnick, and nothing more. In the book, he attempts to dispel these myths and set the record straight." Read below for the rest of Ben's review. Ghost in the Wires: My Adventures as the World's Most Wanted Hacker author Kevin Mitnick pages 432 publisher Little, Brown and Company rating 9/10 reviewer Ben Rothke ISBN 0316037702 summary Kevin Mitnick's fascinating firsthand story Some of the myths were that he was responsible for the phone of actress Kristy McNichol to be disconnected, and perhaps the most preposterous of them all, that he could whistle into a telephone and launch missiles from NORAD. The latter myth was responsible for him spending a year in solitary confinement. Mitnick notes that he thinks it was the federal prosecutor who got that idea from the movie WarGames.

But no one really knew Mitnick or what he was about. Left on his own, he would likely have been harmless. All he wanted to do was get into corporate sites, download code, play with the code and then move on to the next target. It is undeniable that Mitnick committed crimes; but it was unreasonable for the FBI to have made him a top priority for capture.

Perhaps the most widely stated myth about him is that he was strictly a social engineer without significant technical experience. While it was his gift of social engineering that facilitated his ability to get a significant amount of information from unsuspecting individuals; in many places in the book, Mitnick details technical Unix exploits that he carried out. The book makes it clear that Mitnick had the deep technical skills necessary to execute on the information he illicitly obtained.

While the book does have a lot of technical details, it mainly is about the human side of Mitnick. Chapter 1 is appropriately titled "Rough Start." He details his early days of growing up in the Los Angeles area.

These formative years as a hyperactive child, growing up with a single mom who had boyfriends that abused him and one who worked in law enforcement that molested him; may have been what led Mitnick to find solace behind a keyboard.

Mitnick writes how his first hack and entry into the world of dumpster diving was to forge bus transfers so he could ride around Los Angeles to occupy his time while his mother was at work.

In numerous places, Mitnick sincerely expresses his contrition for the pain he subjected his mother, grandmother, aunt, wife and others to.

Above and beyond his rough start, Mitnick also notes how he had his share of bad luck. He writes that too many times when he was growing up, including having to deal with various probation officers, unexplained failures in technology anywhere would be attributed to him. When the phone of his probation officers went dead, he was assumed to be the culprit.

The reality is that the world did not know what to make of Mitnick or what to do with him. It is pretty clear from the book and from every other account that Mitnick was never it in for the money. He simply was a hacker whose goal was to gain root, and nothing more. Such a notion was incredulous to law enforcement, and even to Ivan Boesky who Mitnick met in prison. When he briefly sat with Boesky on a prison bench, he writes that when Boesky found out he did it for the hacking thrill, Boesky replied that "you're in prison and you didn't make any money. Isn't that stupid?"

It is worthy to point out that Mitnick's escapades were radically different from that of Frank Abagnale, whom Mitnick is often compared to. In Catch Me If You Can: The True Story of a Real Fake, Abagnale writes that he impersonated an airline pilot, masqueraded as the supervising resident of a hospital, practiced law without a license, passed himself off as a college sociology professor and cashed over $2.5 million in forged checks; all before he was twenty-one. For those myriad offenses, Abagnale served five years in prison, roughly the same amount of time that Mitnick served.

In chapter 31, it details how Mitnick's world turned upside down and the myth of Kevin Mitnick took hold with the now infamous Markoff 1994 New York Times article Cyberspaces Most Wanted: Hacker Eludes F.B.I. Pursuit. Mitnick writes that the article is what put the myth of Kevin Mitnick into overdrive, and would later embarrass the FBI into making the search for him a top priority. It also provided a fictional image that would later influence prosecutors and judges into treating him as a danger to national security.

Mitnick's eventual capture is detailed in chapter 35 — "Game Over." He notes that Assistant US attorney Kent Walker made a secret arrangement to provide Tsutomu Shimomura with confidential trap-and-trace information as well as confidential information from Mitnick's FBI file. This was done so Shimomura could intercept Mitnick's communications without a warrant, under the premise that Shimomura was not assisting the agency, rather he was working for the ISP.

Mitnick writes that he was never charged with hacking Shimomura, as it would have exposed the gross misconduct of the FBI, who apparently violated Federal wiretapping statues in the rush to track him down.

Overall, Ghost in the Wires: My Adventures as the Worlds Most Wanted Hacker is a most interesting read. While the book does goes into technical details of how Mitnick carried out his attacks, editor William Simon provides the editorial assistance needed and makes the book extremely readable and enjoying. Much of the books readability is due to Simon, and Mitnick acknowledges this.

When a convicted felon writes a book emotions run high. In some ways, Mitnick's story is that of redemption. He did wrongs, paid his dues and is trying to move forward. Something like that should be admired. Never does Mitnick downplay his guilt or make Dan White-like excuses.

But some people will never let a person like Mitnick let go of the past. In his review of the book, Rich Jaroslovsky, a technology columnist for Bloomberg News shows no sympathy for Mitnick when he pretentiously writes that "genius comes in many forms. Kevin Mitnick has at least two, neither particularly admirable".

The book ends with Mitnick's release from prison and provides the reader with a fascinating story of one of the most recognized information security personalities. Ghost in the Wires is an interesting account of one of the most well-known information security personalities.

Mitnick's years on the run were simply a media circus and the years after his parole he found the terms of his probation so restricted that he could not touch a keyboard. Ghost in the Wires: My Adventures as the Worlds Most Wanted Hackeris an autobiography long in coming and worth the wait.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Ghost in the Wires: My Adventures as the World's Most Wanted Hacker from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "During the 1990's when Kevin Mitnick was on the run, a cadre of people were employed to find him and track him down. Anyone who could have an angle on Mitnick was sought after by the media to provide a sound bite on the world's most dangerous computer hacker. Just one example is John Markoff, who became a star journalist for his work at The New York Times, and a follow-up book and series of articles based on Mitnick. In Ghost in the Wires: My Adventures as the Worlds Most Wanted Hacker, the first personal account of what really happened; Mitnick says most of the stories around him were the result of the myth of Kevin Mitnick, and nothing more. In the book, he attempts to dispel these myths and set the record straight." Read below for the rest of Ben's review. Ghost in the Wires: My Adventures as the World's Most Wanted Hacker author Kevin Mitnick pages 432 publisher Little, Brown and Company rating 9/10 reviewer Ben Rothke ISBN 0316037702 summary Kevin Mitnick's fascinating firsthand story Some of the myths were that he was responsible for the phone of actress Kristy McNichol to be disconnected, and perhaps the most preposterous of them all, that he could whistle into a telephone and launch missiles from NORAD. The latter myth was responsible for him spending a year in solitary confinement. Mitnick notes that he thinks it was the federal prosecutor who got that idea from the movie WarGames.

But no one really knew Mitnick or what he was about. Left on his own, he would likely have been harmless. All he wanted to do was get into corporate sites, download code, play with the code and then move on to the next target. It is undeniable that Mitnick committed crimes; but it was unreasonable for the FBI to have made him a top priority for capture.

Perhaps the most widely stated myth about him is that he was strictly a social engineer without significant technical experience. While it was his gift of social engineering that facilitated his ability to get a significant amount of information from unsuspecting individuals; in many places in the book, Mitnick details technical Unix exploits that he carried out. The book makes it clear that Mitnick had the deep technical skills necessary to execute on the information he illicitly obtained.

While the book does have a lot of technical details, it mainly is about the human side of Mitnick. Chapter 1 is appropriately titled "Rough Start." He details his early days of growing up in the Los Angeles area.

These formative years as a hyperactive child, growing up with a single mom who had boyfriends that abused him and one who worked in law enforcement that molested him; may have been what led Mitnick to find solace behind a keyboard.

Mitnick writes how his first hack and entry into the world of dumpster diving was to forge bus transfers so he could ride around Los Angeles to occupy his time while his mother was at work.

In numerous places, Mitnick sincerely expresses his contrition for the pain he subjected his mother, grandmother, aunt, wife and others to.

Above and beyond his rough start, Mitnick also notes how he had his share of bad luck. He writes that too many times when he was growing up, including having to deal with various probation officers, unexplained failures in technology anywhere would be attributed to him. When the phone of his probation officers went dead, he was assumed to be the culprit.

The reality is that the world did not know what to make of Mitnick or what to do with him. It is pretty clear from the book and from every other account that Mitnick was never it in for the money. He simply was a hacker whose goal was to gain root, and nothing more. Such a notion was incredulous to law enforcement, and even to Ivan Boesky who Mitnick met in prison. When he briefly sat with Boesky on a prison bench, he writes that when Boesky found out he did it for the hacking thrill, Boesky replied that "you're in prison and you didn't make any money. Isn't that stupid?"

It is worthy to point out that Mitnick's escapades were radically different from that of Frank Abagnale, whom Mitnick is often compared to. In Catch Me If You Can: The True Story of a Real Fake, Abagnale writes that he impersonated an airline pilot, masqueraded as the supervising resident of a hospital, practiced law without a license, passed himself off as a college sociology professor and cashed over $2.5 million in forged checks; all before he was twenty-one. For those myriad offenses, Abagnale served five years in prison, roughly the same amount of time that Mitnick served.

In chapter 31, it details how Mitnick's world turned upside down and the myth of Kevin Mitnick took hold with the now infamous Markoff 1994 New York Times article Cyberspaces Most Wanted: Hacker Eludes F.B.I. Pursuit. Mitnick writes that the article is what put the myth of Kevin Mitnick into overdrive, and would later embarrass the FBI into making the search for him a top priority. It also provided a fictional image that would later influence prosecutors and judges into treating him as a danger to national security.

Mitnick's eventual capture is detailed in chapter 35 — "Game Over." He notes that Assistant US attorney Kent Walker made a secret arrangement to provide Tsutomu Shimomura with confidential trap-and-trace information as well as confidential information from Mitnick's FBI file. This was done so Shimomura could intercept Mitnick's communications without a warrant, under the premise that Shimomura was not assisting the agency, rather he was working for the ISP.

Mitnick writes that he was never charged with hacking Shimomura, as it would have exposed the gross misconduct of the FBI, who apparently violated Federal wiretapping statues in the rush to track him down.

Overall, Ghost in the Wires: My Adventures as the Worlds Most Wanted Hacker is a most interesting read. While the book does goes into technical details of how Mitnick carried out his attacks, editor William Simon provides the editorial assistance needed and makes the book extremely readable and enjoying. Much of the books readability is due to Simon, and Mitnick acknowledges this.

When a convicted felon writes a book emotions run high. In some ways, Mitnick's story is that of redemption. He did wrongs, paid his dues and is trying to move forward. Something like that should be admired. Never does Mitnick downplay his guilt or make Dan White-like excuses.

But some people will never let a person like Mitnick let go of the past. In his review of the book, Rich Jaroslovsky, a technology columnist for Bloomberg News shows no sympathy for Mitnick when he pretentiously writes that "genius comes in many forms. Kevin Mitnick has at least two, neither particularly admirable".

The book ends with Mitnick's release from prison and provides the reader with a fascinating story of one of the most recognized information security personalities. Ghost in the Wires is an interesting account of one of the most well-known information security personalities.

Mitnick's years on the run were simply a media circus and the years after his parole he found the terms of his probation so restricted that he could not touch a keyboard. Ghost in the Wires: My Adventures as the Worlds Most Wanted Hackeris an autobiography long in coming and worth the wait.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Ghost in the Wires: My Adventures as the World's Most Wanted Hacker from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

thatpythonguy writes "Addison-Wesley publishers has released The Python Standard Library By Example, another Python book that strategically fits in between programming cookbooks and library reference manuals. It brings the Python standard library that much closer to Python programmers and helps make them more proficient in their trade." Read below for Ahmed's first Slashdot review. The Python Standard Library by Example author Doug Hellmann pages 1344 publisher Addison-Wesley Professional rating 8 of 10 reviewer Ahmed Al-Saadi ISBN 978-0-321-76734-9 summary A unique guide to the Python standard library that is between a cookbook and a reference manual There has been an explosion in the availability of published titles for the Python programming language in the past few years. This has been driven by the rising popularity of this multi-paradigm language that has proven useful in domains spanning web, games, graphics, financial, science, automation and others. Many large and small corporations, universities and governmental organizations are using Python in their respective fields with seeming success.

One of the main reasons for the success of Python is the quality, breadth, and depth of its standard library. Unfortunately, this library is not documented sufficiently in titles that serve as introductory or reference material due to the nature of introductory texts that deal with the basics; on the other hand, reference texts are often too concise and lack sufficient examples. The title at hand is a library-centric tutorial/reference that can be a great tool when you need to learn how to solve certain problems using Python.

The book addresses itself to intermediate Python programmers and covers versions 2.7 and 3.x of the language. Although an experienced programmer coming from another language can learn a lot about Python by reading this book, I personally favor the traditional top-down, gradual method of learning a new language which involves an introductory, tutorial-style, and verbose introductory book. However, realizing that others might not like my cup of tea, I can envision, for example, someone familiar with socket programming picking up this book and writing a network application without prior Python experience. He or she might still need to look up language features on the way, but that should not be too hard as the language is easy to understand and there is a rich library of on-line (and printed) content for basic language constructs.

This title comes in a hefty 1300-plus-page, soft-cover book (or eBook) that is organized around thematic grouping of library modules. The groups are: text, data structures, algorithms, dates and times, mathematics, file system, data persistence and exchange, data compression and archiving, cryptography, processes and threads, networking, the Internet, email, application building blocks, internationalization and localization, developer tools, runtime features, language tools, modules and packages.

Each group contains the relevant modules from the standard library. For example, the text group contains the string, textwrap, re and difflib modules. Each of these modules is briefly described first and then its use is demonstrated in various ways under an appropriate heading. For example, the socket module (networking group) has sections covering addressing, TCP/IP client/Server, UDP clients/servers, UNIX domain sockets and multicast, among others. The code is written in such a way as to focus on the topic being discussed while not overlooking good practices such as wrapping a socket connection call with a try/finally block to ensure that the connection is closed in case of error.

A more advanced module, that is also described in the networking group, is SocketServer. This is a higher-level (on top of the socket layer) facility that enables the creation of network servers (e.g., HTTP or AMQP). It is nice to see that the book demonstrates the creation of an echo server using this module while incorporating more advanced topics such as threading and asynchronous I/O which are necessities in real-life, production code.

Although the content covers quite a bit of ground that surpasses many other sources in terms of coverage, the Python standard library is so vast that any one-volume book attempting to provide comprehensive coverage will necessarily fail! Nonetheless, you will find at the end of each section pointers to other material such as on-line resources, RFCs, and related books that can be used for a deeper study of the relevant topics.

I think that the text could use some typographical features to enhance the clarity of the content. These include highlighting the code using indents or an alternative font to set it apart from the text that surrounds it as I found it hard to visually distinguish the two. The code should also have the name of the file at the top of the listing so that when that name is used subsequently to invoke the code, it would be easy to reference the file contents. Also,I find the general typesetting not as pleasing nor as easy to read as titles from certain other publishers. This latter point is somewhat subjective and, in any case, does not detract from the utility of the content.

Despite the caveat above, I have to say that I like this class of documentation that is between a cookbook and a reference manual. I find it useful that the examples are not so terse nor overly verbose. I also appreciate the quality of the code and the references for further readings. I think that this book fills a void that will make many Python programmers more proficient.

Ahmed Al-Saadi is the Principal Software Consultant for Solea Research, a software consultancy and development company based in Montreal, Canada. He spends his free time writing, contemplating software architecture and playing his Flamenco guitar."

You can purchase The Python Standard Library by Example from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

wiredmikey writes "Amazon Web Services today announced 'AWS GovCloud,' a new AWS Region designed to allow U.S. government agencies and contractors to move IT applications and systems into the cloud by addressing their specific regulatory and compliance requirements. Previously, government agencies with data subject to Compliance regulations such as the International Trade and Arms Regulation (ITAR), which governs how organizations manage and store defense-related data, were unable to process and store data in the cloud that the federal government mandated be accessible only by U.S. persons. AWS said that it will screen customers prior to providing access to the AWS GovCloud, helping to ensure customers are 'U.S. Persons,' not subject to export restrictions."

MassDosage writes "Getting Started with Audacity 1.3 by Bethany Hiitola covers the basics of using the Audacity software package for recording and editing audio. This book is written in a tutorial style and stays true to its title by covering Audacity from a newcomer's perspective with lots of diagrams and detailed explanations of how to install and setup Audacity and use its most essential features. This is all very much aimed at people who are new to audio software and are looking for a simple way to get started and be guided through creating and editing an audio recording. On the whole it achieves this but is occasionally let down by overly simplistic content and shoddy editing." Read below for the rest of Mass Dosage's review. Getting started with Audacity 1.3 author Bethany Hiitola pages 220 publisher Packt Publishing rating 6/10 reviewer Mass Dosage ISBN 1847197647 summary Create your own podcasts, edit music and more with this open source audio editor Audacity 1.3 is the latest version of this well known free and open source software program that runs on GNU/Linux, Windows, Macs and any other operating system that an aspiring techy gets the source code to compile on. The author has done a good job of keeping the software's cross-platform nature in mind by minimizing anything operating system specific and describing alternative approaches where necessary. I followed along with the book's examples using Linux and didn't run into any platform-specific issues.

I've personally had a fair amount of experience with many different audio editors over the years but haven't worked that much with Audacity so I was interested in what this book had to offer me. To be honest most of what is covered I had already figured out myself just from playing with Audacity in the past. This book is really targeted at complete newbies — if you've used an audio editor of any form in the past and are comfortable recording or importing audio and applying some basic filters and effects to it, then the very basic, tutorial nature of this book probably won't be of much interest to you. However, for those who don't know much about audio editing and are looking for somewhere to start then this might just be what you're looking for.

It may not be the prettiest audio tool on the planet, but Audacity really is "good enough" for those wanting to do simple editing. The fact that it is totally open and free for anyone to download and use means that the software itself is a great starting point for an aspiring audio editor or creator as the barriers to entry are very low. The first few chapters of the book take one through installing Audacity and explaining how the program works and how its user interface is laid out. The minimal equipment needed to make a vocal recording (i.e. a microphone, soundcard and headphones) is touched on and again it is very clear that there is a low barrier to creating something simple. If you want to make state of the art recordings then you may need to spend a fortune on equipment but for the purposes of getting started one really doesn't need much.

The main example in the book covers creating a podcast from scratch which is a good choice as its something that many casual users are probably interested in. This also provides an opportunity to discuss most of the important aspects of recording audio and doing common tasks like removing noise, splitting up tracks, adding background music, fading sound in and out and applying various effects.This is all done with lots of diagrams and step-by-step explanations of the menu items and buttons to push to achieve this. Strangely enough the author mentions keyboard shortcuts (which is good) but instead of describing probably the most useful shortcut of all (CTRL-S to save) she describes going to the file menu and selecting "Save" each time.

The podcast example is expanded upon to show how audio can be cut, pasted, silenced and made louder or quieter. Noise removal is covered in a bit more depth than the other topics which is a good thing as the filter that is used to do this isn't very user friendly — after selecting the noise profile it vanishes with no information on what to do next. This is also something most users will probably need at some point as are the steps on how to normalize and compress the audio. The effects and filters covered are also the ones that a new user is most likely to want to start playing with. The bare essentials are wrapped up in a chapter explaining how to export audio to MP3 (or other formats) and some suggestions are given as to how to make this publicly available via an RSS feed or by uploading the audio to iTunes. It would have been nice to have some pointers to alternative ways of doing this, especially some more open form of publishing than Apple's proprietary and closed platform. There is even a whole section on how to circumvent Apple's DRM by converting locked iTunes audio files to CD and then importing from there into Audacity which is probably useful to some but feels a bit out of place in a book about an open tool like this.

The book also covers a number of other topics which are assembled somewhat randomly but are generally useful. These include adding background music, time shifting, adjusting pitch and tempo as well as various options for aligning, splitting, joining and moving multiple tracks around. Every effect that ships with Audacity is covered and this is serves as a reference guide for what each of them does. Adding more functionality to Audacity via the use of plugins is touched on but this is really just a teaser and isn't covered in much depth (probably due to the platform-specific nature of their installation).

I was a bit disappointed in the book as I didn't learn as much as I would have liked, this is really more of a "how to do the basics" and doesn't provide much depth on Audacity or audio concepts in general. It would have been nice if the book had wrapped up with some pointers for those wanting to know more or go further with their audio editing skills. The overall tone of the book is friendly which suits its "for beginners" approach but at times it is let down by not sounding very authoritative or convincing. The bad grammar and silly typos that weren't caught by the editors don't help much in this regard either. Give it a go if you're the type of person who needs a tutorial guide to get started, otherwise you can probably figure out most of the topics covered by just playing with the software yourself.

You can purchase Getting Started with Audacity 1.3 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

1sockchuck writes "A lightning strike has caused power outages at the major cloud computing data hubs for Amazon and Microsoft in Dublin, Ireland. The incident has caused downtime for many sites using Amazon's EC2 cloud computing platform and Microsoft's BPOS (Business Productivity Online Suite)."

Michael J. Ross writes "With the proliferation of handheld devices that allow access to the Web, more business owners and other technology decision-makers are demanding that their organizations' websites be fully accessible on those devices, and even be repackaged as new web-based applications. But designers and developers who may be quite proficient in making non-mobile websites and web apps, can feel uncertain as to how to craft those products, or even where to start the process of learning how to do so. Recently, several books have been published to address this need, including Build Mobile Websites and Apps for Smart Devices, authored by Earle Castledine, Myles Eftos, and Max Wheeler." Read on for the rest of Michael's review Build Mobile Websites and Apps for Smart Devices author Earle Castledine, Myles Eftos, Max Wheeler pages 300 pages publisher SitePoint rating 8/10 reviewer Michael J. Ross ISBN 978-0987090843 summary An approachable guide to getting started building mobile web apps. This title was published by SitePoint on 29 June 2011, under the ISBN 978-0987090843. The book's contents span 300 pages, and are organized into a preface, eight chapters, an appendix, and an index. The preface contains the usual meta information about a technical book; but what really shines is its intro section, which enthusiastically entices the reader to jump into the burgeoning field of mobile web development. The appendix, comprising little more than two pages, presents only the most basic information on how to utilize whatever native web server might be running on the reader's Linux, OS X, or Windows Vista/7 machine. The more than 49 percent of computer owners still using Windows XP (as of this writing), will need to look elsewhere for information on installing and configuring Apache, IIS, or some other web server, should they want to test their apps locally. In terms of prerequisites for this book, readers are expected to be proficient in HTML, CSS, and JavaScript, but not necessarily HTML5 and CSS3, whose concepts are explained as needed throughout the text.

The publisher maintains a web page for the book, where visitors can find the table of contents, errata (none as of this writing), the book's index, and three free sample chapters (Chapters 1, 2, and 4) in PDF format. Visitors can order the print version of the book, the electronic version (in three different formats: PDF, EPUB, and MOBI), and an online course hosted by Learnable (comprising lessons, video tutorials, Q&A sessions, and the example code).

The first chapter introduces the basic concepts and rationale of mobile apps, as well as some of the key decisions one will face in creating them, such as whether to make a web app versus a native app, and the options for providing a mobile experience. The authors briefly describe the example app — a tool for recording and sharing celebrity sightings — which is designed and created sequentially in the material that follows. But the chapter does not fulfill the promise made for it in the preface, where the reader is told he will "be guided through the process of designing and building a mobile web application"; on the contrary, the chapter does not explain how to design and build one.

That effort begins in the second chapter, where the authors discuss some high-level considerations for designing the user interfaces of mobile devices, as well as the benefits and drawbacks of various navigation and content structuring options. The bulk of the narrative involves wireframing the design for the example app, selecting colors and fonts, and crafting an appropriate icon for it. Readers learn of the advantages of using relative units in their CSS, but not how to get all the elements positioned properly regardless of the target device's resolution, when mixing relative units for text and pixel units for images. The section "Scalable Images," later in the subsequent chapter, is a start, but is not sufficient for non-SVG images.

Chapter 3, "Markup for Mobile," is the longest of them all, primarily because it presents much if not all of the source code written by the authors for the initial version of their example app. The majority of the code is in HTML and CSS, with a focus upon the effects made possible using HTML5 and CSS3. Also discussed are the resource limitations of typical mobile devices, content and menu display options, image techniques and scalability, viewport meta element settings, icons, multimedia, and more. Oddly, on pages 71-72, the resource limitations of iOS are repeated, with only slightly different wording. How could the proofreaders have missed this glaring redundancy?

The fourth chapter, "Mobile Web Apps," addresses the logical next step: enhancing a mobile website so it can function as a web app — for which JavaScript is used extensively. After briefly mentioning a couple of the better-known mobile development frameworks, the authors select jQuery as a library for working with the DOM, to speed development and make the example code more platform neutral. There follows an interesting discussion of touch events on mobile devices, how they compare to mouse events, and techniques for best handling them. But the main goal is to show how to load, swap, and go back to pages so as to most closely simulate the snappy behavior of native apps. The extensive code and narrative in this chapter are the most complex of any in the book, and thus will likely be the most challenging for any reader who is not adept with JavaScript and/or jQuery, or who does not have the patience to work through the example code.

At first glance, it would appear that native apps have a huge advantage over web apps, in that they can access information from their mobile devices' capabilities — such as accelerometers and cameras — historically unavailable to mobile web browsers. Fortunately, an increasing number of standard interfaces are allowing web apps to access that data — and this is the topic of the fifth chapter. The reader is shown how to capture and utilize geolocation data, device rotation and acceleration, as well as shake and touch gestures. The chapter concludes with coverage of how to use HTML5 Offline Web Applications API for enabling an app to work when no network access is available. The subsequent chapter, "Polishing up Our App," shows the reader how to do just that — specifically, preventing the navigation header from scrolling off the screen, handling click processing delays, displaying dialog boxes, storing data on the client device, and other differences. The narrative is clear, except for a perplexing ornithological expression, "Duck-type" (page 182). Experienced developers will appreciate the section on mobile coding best practices, based on controllers and custom events — for minimizing programming headaches as a project's code becomes sizable.

The last two chapters explain how to convert a web app into a native app, using PhoneGap, an HTML5 application platform that allows a Web app to access those resources of the mobile device that would otherwise be unavailable, such as data in the filesystem and images from any built-in camera. Before demonstrating the details of how to implement those capabilities, the authors show how to install the development environments for all of the supported platforms (including Apple iOS and Google Android), and then PhoneGap itself. Lastly, readers learn how to try to monetize their finished web apps by uploading them to the various app stores.

The authors make extensive use of example source code, to illustrate the ideas being discussed, which works well, partly because the code is generally explained clearly and commented as needed. A code archive is available containing the source code used in the book, except that of the first two chapters and the last two, which collectively is minimal. (Look for the "Downloads" button on that GitHub page to avoid having to download all the files separately.) Beware that some of the sample code appears to be incorrect or incomplete, e.g., stars.html in the directories "ch3" and "ch4" appear to be unstyled, and "javascripts/ch3/untitled file" is empty. Readers who elect to type in any code directly from the book, should watch out for "curly quotes" (e.g., page 230), and instead substitute the corresponding straight equivalents.

In terms of the physical presentation of the book, at 9.9 x 8 inches, it is taller and wider than the standard nowadays, allowing for what appears to be a relatively larger font, which makes the text more readable. The attractive color figures are a welcome change from the usual black-and-white screenshots found in most computer books. They enhance the overall appearance of the book's interior and the experience of reading the narrative.

Speaking of which, most of the narrative is quite clear. However, one critical topic for mobile design is screen resolution, including how to best defensively account for that in one's design and coding. This book's coverage of the topic is divided into at least two different places (pages 40 and 55), and should have been consolidated, in the third chapter. Unlike most programming books littered with chapter summaries, this one appears to have only one section with a summary, which oddly does not summarize the information presented in the section, but instead offers some interpretation thereof. Also, American readers might stumble over a few of the words that use the English/Australian spelling, e.g., "license" (page 239).

Some of the phrasing will likely befuddle the majority of readers, especially in cases where the authors fail to define their terms, e.g., the first bullet point on page 47. There are a few minor inconsistencies in the writing, such as "fill out forms" and "fill in a form" (on the same page, 32), but nothing that would cause confusion on the reader's part. The overall writing style is friendly, although sometimes overdone with an excessive use of exclamation marks (e.g., page 40). The text contains some errata (including several that suggest that the SitePoint copyeditors are unfamiliar with the ability of even a common word processor such as Microsoft Word to detect duplicate words): "to thank to" (page xxi), "the the" (pages 8 and 84), "for for" (13), "look at [in] Chapter 6" (34), "let[']s break" (44), ", (" (54 and 142), "no way to we can used" (55), "[up] to this point" (82), "try and" (82, 93, 131, and 167; should read "try to"), "support [for] standalone mode" (89), "are are" (139), "it's" (162; should read "its"), "if there are" (172; should read "if there were"), "ultimately .depend" (196), "On[c]e you've installed" (203), "we're yet" (212; should read "we've yet"), "an an" (225), "more detail that" (238; should read "more detail than"), and "a a" (240).

Yet none of the aforementioned problems are of great significance, and do not detract from the value of the material presented. All three authors have extensive experience in designing and developing mobile web applications, and this is reflected in the authority with which they not only offer the technical details, but also make recommendations to the reader. This book would serve as an excellent starting point for any web programmer who wishes to learn how to create mobile web sites and applications.

Michael J. Ross is a freelance web developer and writer.

You can purchase Build Mobile Websites and Apps for Smart Devices from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

raceBannon writes "The authors, Steve Winterfield and Jason Andress, cover everything you will want to consider when thinking about how to use cyberspace to conduct warfare operations. The primary concepts have been bouncing around US military circles for over a decade but they have never been collected into one tome before. Clarke and Knake's book, Cyber War: The Next Threat to National Security and What to Do about It, discusses how weak the US network defenses are and offers suggestions about how to improve. Carr's book, Inside CyberWarfare: Mapping the Cyber Underworld, presents threat examples and nation state capabilities. Libicki's book, Cyberdeterrence and Cyberwar, attacks cyberwar from a policy viewpoint and does not really address operational considerations. Stiennon's book, Surviving Cyberwar, is a good place to start if you are new to the subject and is almost a prerequisite for this book." Read on for the rest of raceBannon's review. Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners author Jason Andress and Steve Winterfield pages 289 publisher Syngress rating 10 reviewer raceBannon ISBN 1597496375 summary A consolidation of the current thinking around the topic of cyber warfare. Although the content has been around for a while, it is striking how little the main concepts have changed. In a world where new innovations completely alter the popular culture every eighteen months, the idea that Cyber Warfare's operational principals remain static year after year is counter-intuitive. After reading through the various issues within though, you begin to understand the glacial pace. These difficult concepts spawn intractable problems and the authors do a good job of explaining them.

I do have a slight issue with the subtitle though: "Techniques, Tactics and Tools for the Security Practitioners." The way I read this book, the general purpose (GP) Security Practitioner will not find this book very useful except as background information. Aside from the chapters on Logical Weapons, Social Networking and Computer Network Defense, most of the material has to do with how a nation state, mostly the US, prepares to fight in cyber space. There is overlap for the GP security practitioner, but this material is covered in more detail in other books.

The book is illustrated. Some of the graphics are right out of military manuals and have that PowerPoint Ranger look about them. Some are screenshots of the various tools presented. Others are pictures of different equipment. One graphic stood out for me in the Cyberspace Challenges chapter (14). The graphic in question is a neat Venn Diagram that encapsulates all of the Cyber Warfare issues mentioned in the book, categorizes the complexity of each issue and shows where they overlap in terms of Policy, Processes, Organization, Tech, People and Skills. My only ding on the diagram is that in the same chapter, the authors discuss how much each issue might cost to overcome. It would have been very easy to represent that information on the Venn diagram and make it more complete.

One last observation about the graphics that I really liked is the author's use of "Tip" and "Note" boxes throughout the book. Scattered throughout the chapters are grayed-out text boxes that talk about some technology or procedure that is related to the chapter information but not directly. For example, in the Social Engineering chapter (7), the authors placed a "Note" describing the various Phishing forms. You do not need the information to understand the chapter but having it nearby provides the reader with a nice example to solidify the main arguments. The book is full of these examples.

The first three chapters are my favorites. Winterfield and Andress do agood job of wrapping their heads around such entangled concepts as the definition of cyber warfare, the look of a cyber battle space and an international view of current doctrine It is fascinating.

In the middle of the book, the authors take on the task of describing the Computer Network Operations (CNO) Spectrum; a spectrum that ranges from the very passive form of Computer Network Defense (CND) through the more active forms of Computer Network Exploitation (CNE) and Computer Network Attack (CNA). It is indeed a spectrum too because the delineation between where CND, CNE and CNA start and stop is not always clean and precise. There is overlap. And somewhere along that same spectrum is where law enforcement organizations and counter-intelligence groups operate. You can get lost fairly quickly without a guide and the authors provide that function admirably. The only thing missing from these chapters is a nice diagram that encapsulates the concept.

Along the way the reader gets a nice primer on the legal issues surrounding Cyber Warfare, the ethics that apply, what it takes to be a cyber warrior and a small glimpse over the horizon about what the future of Cyber Warfare might bring. In the end, Winterfield and Andress get high marksfor encapsulating this complex material into an easy-to-understand manual; a foundational document that most military cyber warriors should have at their fingertips and a book that should reside on the shelf of anybody interested in the topic.

Full Disclosure: One of the authors, Steve Winterfield, used to work for me when he and I were both in the US Army wrestling with all of these ideas right after 9/11. I ran the Army Computer Emergency Response Team (ACERT) and Steve ran the Army's Southern Regional CERT (RCERT South). He and I have been friends ever since and he even quoted me in one of the back chapters.

You can purchase Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nk497 writes "Amazon has unveiled a new digital textbook rental service, allowing students to choose how long they'd like access to an eBook-version of a textbook via their Kindle or app — with the retailer claiming savings as high as 80%. Kindle Textbook Rental will let students use a text for between 30 and 360 days, adding extra days as they need to. Any notes or highlighted text will be saved via the Amazon Cloud for students to reference after the book is 'returned.' Amazon said tens of thousands of books would be available to rent for the next school year."

brothke writes "Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times." Read below for the rest of Ben's review. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies author Susan Landau pages 360 publisher MIT Press rating 10/10 reviewer Ben Rothke ISBN 9780262015301 summary Definitive text on the topic of surveillance, security and privacy read. Surveillance or Security? is one of the most pragmatic books on the topic in that the author never once uses the term Big Brother. Far too many books on privacy and surveillance are filled with hysteria and hyperbole and the threat of an Orwellian society. This book sticks to the raw facts and details the current state, that of insecure and porous networks around a surveillance society.

In this densely packed work, Susan Landau, a fellow at the Radcliffe Institute for Advanced Study at Harvard University details the myriad layers around surveillance, national security, information security and privacy. Landau writes that her concern is not about legally authorized law enforcement and nationally security wiretapping; rather about the security risks of building surveillance into communications infrastructures.

Landau details numerous reasons why communications security is hard to do right; but an imperative for our ultimate security, privacy and digital wellbeing.

In 250 pages, Landau makes a compelling case. In addition to her superb handle on the topic, the book has over 80 pages of footnotes, where everyquote, statement and claim is verified and confirmed. The book is a great launching pad for a much deeper analysis on the topic.

The main theme of the book is that digital communications have revolutionized the way in which society interacts. The Internet is now the lifeblood of many businesses and governments, including a significant part of our critical infrastructure. The fact that this infrastructure lacks comprehensive security and privacy controls are a troubling concern.

In 11 dense chapters, Landau notes that since security and privacy have not been fully integrated into this infrastructure; this leaves us exposed and vulnerable to cyberattacks.

In the introduction, Landau notes that with this new computing and telecommunications paradigm, the job of law enforcement has become much more challenging. In previous years, surveillance was relatively easy. Once law enforcement had physical access to a phone line, they were in. Today, with cell phones, VoIP, Internet cafes, anonymizing services and more, the dynamics have changed and this has caused quite a shock for law enforcement; who are often struggling to deal with this new paradigm.

Landau notes that the surveillance and eavesdropping technologies that have been deployed since 9/11 are being used to catch one set of enemies. But other antagonists may be posed to turn these tools against us, and we are putting into place something for our enemies to use that they could not afford to do on their own. As to this and other difficult questions that Landau brings up; there are no simple answers.

Chapter 3 — Securing the Internet is Difficult — notes that the original creators of TCP/IP did not have security in their design. Their concerns were more along the lines of traffic breakdowns, packet loss, robustness and more; but not security and privacy. In some ways, this may be been a blessing, as Dennis Jennings, who ran the NFSNET; states that "had we known what was to come, we'd have been terrified and the Internet would never have happened.

In chapter 5 — The Effectiveness of Wiretapping– Landau notes that the biggest use of wiretapping tools is not actually the capture of conversation. But something that is not really wiretapping at all: the capture of transactional information.

Chapter 7 – Who are the Intruders? What are They Targeting?– is one of the best chapters in the book. Landau details both the internal threat and industrial espionage, and it is not a pretty picture. Landau provides numerous cases where nation-states used networks, rather than people to infiltrate US interests, governmental, industrial and scientific areas. She notes that these insider attacks are often the most difficult to detect; the reason being that insiders know the systems, know where the important data is, and what the auditors are looking at. This ultimately makes insiders attack particularly pernicious.

So how significant are nation-states infiltrating US networks? Landau quotes a confidential government source that the NASA network was "completely open to the Chinese".

Landau makes her message loud and clear in chapter 8 when she notes that it does not help to tell people to be secure; rather security must be built into their communications systems. Security must be ubiquitous, from the phone to the central office and from the transmission of a cell phone to its base station to the communications infrastructure itself.

In chapter 9 – Policy Risks Arising from Wiretapping – Landau details how deep packing inspection (DPI) is used by ISP's. It is the ISP's who have the capability to know what you are browsing, what your email says, your VoIP conversation and much more. In a short amount of time, the ISP can develop a dossier on the user, and as noted, it has the ability to amass data to an amount that the Stasi could only dream of. This surveillance ability is what is most troubling to the author.

Landau continues that the only way for a person to avoid the risk from ubiquitous uses of DPI by an ISP would be to encrypt everything. While not completely done now, Gmail and Skype do bulk encryption.

The book closes with chapter 11 – Getting Communications Security Right– and there are no easy answers. Landau notes that across the globe, there are projects on clean-slate network architectures. But our current infrastructure is quite insecure and porous.

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is an extremely important book on the topic of the many risks posed by new wiretapping technologies. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner. The book should be seen as the starting point for discussion on a most important topic.

Landau does an excellent job of detailing how unwarranted surveillance can undermine security and affect our rights, while noting that security for every citizen is paramount to the very spirit of the Constitution.

The book closes with the very principles of what it means to get communications security rightand that adhering to these principles cannot guarantee that we will be completely secure. But failure to adhere to them will guarantee that we will not.

As to Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, required reading it is, but that term does not do justice to the importance of this book. Simply put, this book is the definitive text on the topic and it is a title that needs to be read.

Reviewer Ben Rothke (@benrothke) is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Surveillance or Security?: The Risks Posed by New Wiretapping Technologies from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times." Read below for the rest of Ben's review. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies author Susan Landau pages 360 publisher MIT Press rating 10/10 reviewer Ben Rothke ISBN 9780262015301 summary Definitive text on the topic of surveillance, security and privacy read. Surveillance or Security? is one of the most pragmatic books on the topic in that the author never once uses the term Big Brother. Far too many books on privacy and surveillance are filled with hysteria and hyperbole and the threat of an Orwellian society. This book sticks to the raw facts and details the current state, that of insecure and porous networks around a surveillance society.

In this densely packed work, Susan Landau, a fellow at the Radcliffe Institute for Advanced Study at Harvard University details the myriad layers around surveillance, national security, information security and privacy. Landau writes that her concern is not about legally authorized law enforcement and nationally security wiretapping; rather about the security risks of building surveillance into communications infrastructures.

Landau details numerous reasons why communications security is hard to do right; but an imperative for our ultimate security, privacy and digital wellbeing.

In 250 pages, Landau makes a compelling case. In addition to her superb handle on the topic, the book has over 80 pages of footnotes, where everyquote, statement and claim is verified and confirmed. The book is a great launching pad for a much deeper analysis on the topic.

The main theme of the book is that digital communications have revolutionized the way in which society interacts. The Internet is now the lifeblood of many businesses and governments, including a significant part of our critical infrastructure. The fact that this infrastructure lacks comprehensive security and privacy controls are a troubling concern.

In 11 dense chapters, Landau notes that since security and privacy have not been fully integrated into this infrastructure; this leaves us exposed and vulnerable to cyberattacks.

In the introduction, Landau notes that with this new computing and telecommunications paradigm, the job of law enforcement has become much more challenging. In previous years, surveillance was relatively easy. Once law enforcement had physical access to a phone line, they were in. Today, with cell phones, VoIP, Internet cafes, anonymizing services and more, the dynamics have changed and this has caused quite a shock for law enforcement; who are often struggling to deal with this new paradigm.

Landau notes that the surveillance and eavesdropping technologies that have been deployed since 9/11 are being used to catch one set of enemies. But other antagonists may be posed to turn these tools against us, and we are putting into place something for our enemies to use that they could not afford to do on their own. As to this and other difficult questions that Landau brings up; there are no simple answers.

Chapter 3 — Securing the Internet is Difficult — notes that the original creators of TCP/IP did not have security in their design. Their concerns were more along the lines of traffic breakdowns, packet loss, robustness and more; but not security and privacy. In some ways, this may be been a blessing, as Dennis Jennings, who ran the NFSNET; states that "had we known what was to come, we'd have been terrified and the Internet would never have happened.

In chapter 5 — The Effectiveness of Wiretapping– Landau notes that the biggest use of wiretapping tools is not actually the capture of conversation. But something that is not really wiretapping at all: the capture of transactional information.

Chapter 7 – Who are the Intruders? What are They Targeting?– is one of the best chapters in the book. Landau details both the internal threat and industrial espionage, and it is not a pretty picture. Landau provides numerous cases where nation-states used networks, rather than people to infiltrate US interests, governmental, industrial and scientific areas. She notes that these insider attacks are often the most difficult to detect; the reason being that insiders know the systems, know where the important data is, and what the auditors are looking at. This ultimately makes insiders attack particularly pernicious.

So how significant are nation-states infiltrating US networks? Landau quotes a confidential government source that the NASA network was "completely open to the Chinese".

Landau makes her message loud and clear in chapter 8 when she notes that it does not help to tell people to be secure; rather security must be built into their communications systems. Security must be ubiquitous, from the phone to the central office and from the transmission of a cell phone to its base station to the communications infrastructure itself.

In chapter 9 – Policy Risks Arising from Wiretapping – Landau details how deep packing inspection (DPI) is used by ISP's. It is the ISP's who have the capability to know what you are browsing, what your email says, your VoIP conversation and much more. In a short amount of time, the ISP can develop a dossier on the user, and as noted, it has the ability to amass data to an amount that the Stasi could only dream of. This surveillance ability is what is most troubling to the author.

Landau continues that the only way for a person to avoid the risk from ubiquitous uses of DPI by an ISP would be to encrypt everything. While not completely done now, Gmail and Skype do bulk encryption.

The book closes with chapter 11 – Getting Communications Security Right– and there are no easy answers. Landau notes that across the globe, there are projects on clean-slate network architectures. But our current infrastructure is quite insecure and porous.

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is an extremely important book on the topic of the many risks posed by new wiretapping technologies. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner. The book should be seen as the starting point for discussion on a most important topic.

Landau does an excellent job of detailing how unwarranted surveillance can undermine security and affect our rights, while noting that security for every citizen is paramount to the very spirit of the Constitution.

The book closes with the very principles of what it means to get communications security rightand that adhering to these principles cannot guarantee that we will be completely secure. But failure to adhere to them will guarantee that we will not.

As to Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, required reading it is, but that term does not do justice to the importance of this book. Simply put, this book is the definitive text on the topic and it is a title that needs to be read.

Reviewer Ben Rothke (@benrothke) is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Surveillance or Security?: The Risks Posed by New Wiretapping Technologies from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times." Read below for the rest of Ben's review. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies author Susan Landau pages 360 publisher MIT Press rating 10/10 reviewer Ben Rothke ISBN 9780262015301 summary Definitive text on the topic of surveillance, security and privacy read. Surveillance or Security? is one of the most pragmatic books on the topic in that the author never once uses the term Big Brother. Far too many books on privacy and surveillance are filled with hysteria and hyperbole and the threat of an Orwellian society. This book sticks to the raw facts and details the current state, that of insecure and porous networks around a surveillance society.

In this densely packed work, Susan Landau, a fellow at the Radcliffe Institute for Advanced Study at Harvard University details the myriad layers around surveillance, national security, information security and privacy. Landau writes that her concern is not about legally authorized law enforcement and nationally security wiretapping; rather about the security risks of building surveillance into communications infrastructures.

Landau details numerous reasons why communications security is hard to do right; but an imperative for our ultimate security, privacy and digital wellbeing.

In 250 pages, Landau makes a compelling case. In addition to her superb handle on the topic, the book has over 80 pages of footnotes, where everyquote, statement and claim is verified and confirmed. The book is a great launching pad for a much deeper analysis on the topic.

The main theme of the book is that digital communications have revolutionized the way in which society interacts. The Internet is now the lifeblood of many businesses and governments, including a significant part of our critical infrastructure. The fact that this infrastructure lacks comprehensive security and privacy controls are a troubling concern.

In 11 dense chapters, Landau notes that since security and privacy have not been fully integrated into this infrastructure; this leaves us exposed and vulnerable to cyberattacks.

In the introduction, Landau notes that with this new computing and telecommunications paradigm, the job of law enforcement has become much more challenging. In previous years, surveillance was relatively easy. Once law enforcement had physical access to a phone line, they were in. Today, with cell phones, VoIP, Internet cafes, anonymizing services and more, the dynamics have changed and this has caused quite a shock for law enforcement; who are often struggling to deal with this new paradigm.

Landau notes that the surveillance and eavesdropping technologies that have been deployed since 9/11 are being used to catch one set of enemies. But other antagonists may be posed to turn these tools against us, and we are putting into place something for our enemies to use that they could not afford to do on their own. As to this and other difficult questions that Landau brings up; there are no simple answers.

Chapter 3 — Securing the Internet is Difficult — notes that the original creators of TCP/IP did not have security in their design. Their concerns were more along the lines of traffic breakdowns, packet loss, robustness and more; but not security and privacy. In some ways, this may be been a blessing, as Dennis Jennings, who ran the NFSNET; states that "had we known what was to come, we'd have been terrified and the Internet would never have happened.

In chapter 5 — The Effectiveness of Wiretapping– Landau notes that the biggest use of wiretapping tools is not actually the capture of conversation. But something that is not really wiretapping at all: the capture of transactional information.

Chapter 7 – Who are the Intruders? What are They Targeting?– is one of the best chapters in the book. Landau details both the internal threat and industrial espionage, and it is not a pretty picture. Landau provides numerous cases where nation-states used networks, rather than people to infiltrate US interests, governmental, industrial and scientific areas. She notes that these insider attacks are often the most difficult to detect; the reason being that insiders know the systems, know where the important data is, and what the auditors are looking at. This ultimately makes insiders attack particularly pernicious.

So how significant are nation-states infiltrating US networks? Landau quotes a confidential government source that the NASA network was "completely open to the Chinese".

Landau makes her message loud and clear in chapter 8 when she notes that it does not help to tell people to be secure; rather security must be built into their communications systems. Security must be ubiquitous, from the phone to the central office and from the transmission of a cell phone to its base station to the communications infrastructure itself.

In chapter 9 – Policy Risks Arising from Wiretapping – Landau details how deep packing inspection (DPI) is used by ISP's. It is the ISP's who have the capability to know what you are browsing, what your email says, your VoIP conversation and much more. In a short amount of time, the ISP can develop a dossier on the user, and as noted, it has the ability to amass data to an amount that the Stasi could only dream of. This surveillance ability is what is most troubling to the author.

Landau continues that the only way for a person to avoid the risk from ubiquitous uses of DPI by an ISP would be to encrypt everything. While not completely done now, Gmail and Skype do bulk encryption.

The book closes with chapter 11 – Getting Communications Security Right– and there are no easy answers. Landau notes that across the globe, there are projects on clean-slate network architectures. But our current infrastructure is quite insecure and porous.

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is an extremely important book on the topic of the many risks posed by new wiretapping technologies. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner. The book should be seen as the starting point for discussion on a most important topic.

Landau does an excellent job of detailing how unwarranted surveillance can undermine security and affect our rights, while noting that security for every citizen is paramount to the very spirit of the Constitution.

The book closes with the very principles of what it means to get communications security rightand that adhering to these principles cannot guarantee that we will be completely secure. But failure to adhere to them will guarantee that we will not.

As to Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, required reading it is, but that term does not do justice to the importance of this book. Simply put, this book is the definitive text on the topic and it is a title that needs to be read.

Reviewer Ben Rothke (@benrothke) is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Surveillance or Security?: The Risks Posed by New Wiretapping Technologies from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

melbenson writes "The open-source software Moodle has become one of the most popular Learning Management Systems around the world. The release of Moodle 2.0 came with hundreds of changes, new features and even completely rewritten features. Because of these major changes and potential issues when upgrading from Moodle 1.9, there has been a lot of fear and uncertainty among Moodle admins in the Moodle Community when it comes to Moodle 2.0. I am one of those admins and that is why I chose to read Mary Cooch's book, Moodle 2.0 First Look. Keep reading for the rest of Melissa's review. Moodle 2.0 First Look author Mary Cooch pages 255 publisher Packt Publishing rating 9/10 reviewer Melissa Benson ISBN 978-1-849511-94-0 summary Discover what's new in Moodle 2.0, how the new features work, and how it will impact you Moodle is a free and open-source Course Management System (CMS), also known as a Learning Management System (LMS) that was created by Martin Dougiamas. There are currently 50,000+ registered Moodle sites with over 1 million registered users in the moodle.org community, which creates a lot of discussion and debate especially around the topic of Moodle 2.0 . The long awaited release came after several delays resulting in a much later release date than expected. Perhaps the reason for the all of the delays was because of the scope and amount of changes in Moodle 2.0. I am currently a Moodle admin in a K-12 school district and I plan to upgrade our Moodle 1.9 site to 2.0 in this summer. I read this book hoping to learn about the new features, relieve any fear and to gain confidence in upgrading. In Mary Cooch's book, Moodle 2.0 First Look, the cover accurately describes the book, "Discover what's new in Moodle 2.0, how the new features work, and how it will impact you".

First, this book is for everyone, although not all chapters will pertain to a non-admin user. Readers should have intermediate level knowledge of Moodle features and how they work. Throughout the entire book the author describes what's new and changed in Moodle 2.0 by comparing it with version 1.9. Second, I believe it to be most useful for readers who are currently using 1.9 and will be upgrading to 2.0. However, it can be somewhat helpful for Moodle users just starting off with 2.0 because it does describe Moodle 2.0 and it's features (although it could get distracting when the author mentions 1.9). Finally, although it's not required, I highly suggest having a Moodle 2.0 site to work with when going through the book. I found the book's examples easy to follow which consisted of step by step directions and illustrations for each example. Moodle is a free software which an be downloaded at moodle.org and can be installed on a host or your local computer (Mac, Windows or Linux).

Chapter 1 acts as a teaser to the rest of the book, giving a brief overview of Moodle 2.0 and the new features which will be discussed in the the following chapters. Chapter 2 jumps right into the quite significant changes in Navigation and Blocks. To help the reader get an idea of different perspectives the author introduces 3 characters which you will follow throughout the book — a student, teacher and administrator. Being able to see a Moodle page at 3 different permission levels lets the reader see which blocks and settings are available depending on the user, which gives the reader a better understanding of the big picture. In the Navigation and Blocks chapter the author shows the differences of navigating between the Moodle Front Page, My Moodle and a Course page along with how the new Blocks and block settings integrate with the process of navigating throughout Moodle.

Chapter 3 tackles another big change which is the new WYSIWYG Editor and File Management. I highly recommend paying close attention and following along on an actual Moodle site in the chapter. There are some big changes in file management and the book does a good job of showing the reader how the new File Picker works and looks. The book covers a new concept when uploading and storing files that users will need to know and the book provides nice screenshots and examples allowing the reader to follow along on their own site. File management in Moodle 2.0 works totally different than in 1.9 and could cause confusion for users. The author gives some tips and advice on how to make the transition of this change easier for your users. New integrations with services like YouTube, Flickr and Google Docs are examined and explained. As an admin I will definitely need to do more research when it comes to the back-end, file structure concept issues and changes. The book covers the how-tos and interface changes

Chapters 4 and 5 cover what's new in Activities and Resources. These two chapters cover the changes and small new features nicely, but it's an easy read as there is nothing too complicated in the differences. The Resource names in 2.0 are different and some have been combined. A nice image comparing 1.9 to 2.0 is shown to the reader. One notable feature rewrite is the Workshop Activity and improvements have been made to the Wiki and Quiz.

For me, the most complex section was Chapter 6 "Managing the Learning Path" which introduced the powerful new feature of conditional activities. The author dedicated a large section to this topic and it is imperative that the reader follows along on their own Moodle site. The author goes through a few real life examples to test your knowledge. Chapter 7 eases up and describes the significant improvements in Blogs and Commenting. The final chapter named "Admin Issues" covered a lot of essential and commonly used material. The author goes over each item in the Admin Block on the front page. The topics of users, permissions and plugins were covered most extensively. A must read for all Moodle admins to show what to expect in Moodle 2.0, but as the author points out at the beginning of the chapter, it is in no way meant to be a complete administration guide.

I believe the book delivered exactly what it said it would — a "First Look". As expected, the book was an overview of Moodle 2.0 that introduced but only touched on the new and changed features. However, as mentioned in my review some features were discussed in more depth than others. The book does a good job of comparing version Moodle 1.9 to 2.0 to show the differences and how it could potentially impact me and my Moodle site. Although there is still fear and much more research needed before an upgrade it did give that "first look" and I'm much more comfortable with how Moodle 2.0 works — the hurdle for me and other admins will be the upgrade process. I believe this book is a great first step in a long journey to moving to Moodle 2.0.

Full disclosure: I was given a copy of this book free of charge by the publisher for review purposes. They placed no restrictions on what I could say and left me to be as critical as I wanted so the above review is my own honest opinion.

You can purchase Moodle 2.0 First Look from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

MassDosage writes "Software Build Systems by Peter Smith is a well written, albeit rather lengthy book that covers the intricacies of systems used to build software. It tries to do this in a technology-neutral manner where possible but covers existing tools like Ant, Make and Scons as a means of illustrating the various concepts covered instead of just focusing on theory. The real world examples illustrate building Java, C/C++, C# and Python software and cover scaling up from small builds with tens of source files up to massive builds with tens of thousands. All of the technologies used are introduced in some depth which newcomers should find useful but experienced build developers may want to skim over." Read below for the rest of MassDosage's review. Software Build Systems: Principles and Experience author Peter Smith pages 583 publisher Addison Wesley rating 7/10 reviewer MassDosage ISBN 978-0-321-71728-3 summary Principles and Experience Software Build Systems weighs in at a hefty 580 odd pages and covers a lot of ground. It is targeted at developers, managers and build engineers and while there is definitely something for all of these groups, each of them will most likely find themselves skipping sections which are either not of interest to them or are too basic. It is also important to note that this book is not a hands-on tutorial of how to set up a build system from scratch but instead uses a variety of detailed examples to illustrate its concepts with pointers to external documentation for those wanting to actually implement a complete build system of their own.

The book is clearly divided into parts which move from "The Basics" to "The Build Tools" and then on to "Advanced Topics" and finally "Scaling Up". "The Basics" really is basic and most build engineers and developers worth their salt can probably skim read most of this. The fundamentals of C/C++, Java and C# are also covered illustrating a major theme in this book in that it tries to be programming language neutral and just use the different languages as examples to explain various concepts. While this is an inclusive, worthwhile aim it does mean that someone only interested in say, building Java software, will find large parts of the book irrelevant. This applies particularly to the chapters on the various build tools where Make, Ant, SCons, CMake and Eclipse are all covered in painstaking detail. The pros and cons of each of these tools are discussed in a non-biased manner using real world examples where possible. Anyone who has actually written a build system using one of these tools probably won't find much they don't already know but for a manager or someone new to any of these technologies the author provides a a good introduction with mentions of similar tools and pointers for finding out more about each of them.

"Advanced Topics" is where things start to get interesting as concepts like dependency graphs, change detection and version management that the build tools rely on to function are discussed in depth. A lot of the advice in these chapters feels like it comes from practical experience and the best parts are where tool-neutral tips are provided. There is a bit too much detail here as well as the odd digression which feels unnecessary in a book of this length. Do we really need to know the details of lex and yacc in order to create a build system? The author clearly has an understanding of open source development and competently discusses the wild world of building software that may run on a plethora of machines and platforms that the developers have little or no control over as well as software that is built in a more clinical manner for a limited set of environments.

Build systems for massive software projects are covered in "Scaling Up" and the author acknowledges that this probably isn't relevant for everyone. I however think that the first chapter in this section ("Reducing complexity for end users") is the best in the whole book and applies to all build systems, regardless of size or technology. A better title for this chapter would have been "Best practices for build systems" as it doles out plenty of good tips such as how to automatically detect dependencies, what not to keep in a source control system, when to abort a build (early), why to ensure there is always a way to clean up all build-generated artifacts and so on. The gist here is to try to reduce complexity wherever possible and the advice is all very well reasoned and practical. The book wraps up by covering methods for reducing the size of a build and ways to speed up and optimize builds.

Overall this is a very well written, edited and structured book but it does suffer from attempting to cover too much and going into detail on topics which aren't going to be of interest to everyone. A prime example of this is the section on packaging technologies where I doubt that someone concerned with creating Debian packages will find the information on the Nullsoft Scriptable Install System very useful, or vice versa. The same applies to the varying levels of technical detail in the book — a manager may find the introductions to concepts like compiled versus scripted languages enlightening but to most developers this will be old hat. Conversely the intricacies of how Make calculates its dependency graph is probably interesting to a build engineer but most managers will be out of their depth.

This isn't the kind of book most people will read from cover to cover. Instead I recommend skimming through the sections that aren't immediately applicable and just focusing on the parts that discuss the particular build technologies the reader is interested in as well as the more technology neutral parts towards the end. It is obvious that years (if not decades) of real world experience have been distilled in Software Build Systems. It is just a shame that this process wasn't a bit more focused as this could have been a great book, instead of just a good book with some great sections and some sections that most readers will find themselves skimming over.

I was given a copy of this book free of charge by the publisher for review purposes. They placed no restrictions on what I could say and left me to be as critical as I wanted so the above review is my own honest opinion.

You can purchase Software Build Systems: Principles and Experience from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

destinyland writes "Amazon.com is quietly trying to resurrect the failed business models of WebVan and HomeGrocer — two dotcoms which had offered home delivery of fresh groceries — with a new service called Amazon Fresh. Last week at a shareholder's meeting, Amazon CEO Jeff Bezos fielded questions about the current tests being conducted in Seattle. Bezos admitted Amazon is 'tinkering' with the economics of it, adding that 'we continue to think about that...We like the idea of it, but we have a high bar of what we expect in terms of the business economics for something like Amazon Fresh in terms of profitability and return on invested capital.' No further details were forthcoming, but Bezos still acknowledged that 'we continue to think about that.'"