Slashdot Mirror

MrSeb writes "Over the weekend, developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. GitHub uses the Ruby on Rails application framework, and Rails has been weak to what's known as a mass-assignment vulnerability for years. Basically, Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. From here, he could effectively do anything, including deleting the entire project from the web; instead, he posted a fairly comical commit. GitHub summarily suspended Homakov, fixed the hole, and, after 'reviewing his activity,' he has been reinstated. Homakov could've gained administrative access to the master branch of any project on GitHub and deleted the history, committed junk, or closed or opened tracker tickets."

Despite Apple's protestation that the iBooks Author EULA was misinterpreted, the idea of a book publishing system that could be used to grab copyright of the prepared text is annoying — like the sort of EULAs that seem to give photo-sharing sites unlimited re-use rights of hosted personal photos. New submitter rohangarg points out a publishing system which shouldn't have such problems, and is nicely cross-platform besides: "A new open-source digital writing and publishing platform has been launched by non-profit group Sourcefabric. Booktype allows for collaborative editing and writing of books that can be easily outputted to on-demand print services and eReaders such as the Amazon Kindle, Nook, iPad, and more with a few simple clicks. Booktype source can be found here." The online demo also leads to some downloadable examples (as PDFs).

Andy Hefner has a detailed blog post covering his quest to program an NES with the assistance of Common Lisp. He developed a new 6502 assembler, a mini-language for composing musical sequences, and a neat demo (rom image).

Andy Hefner has a detailed blog post covering his quest to program an NES with the assistance of Common Lisp. He developed a new 6502 assembler, a mini-language for composing musical sequences, and a neat demo (rom image).

An anonymous reader writes "The Desura game distribution client for Windows and Linux and developed by ModDB is now open source software. The open source version of the client is called Desurium and is hosted on GitHub."

alecclews writes "After weeks of waiting, the Raspberry Pi foundation, who are creating a $25 computer to bootstrap computing education, has flipped the switch on manufacturing. They had wanted to build the board in the UK but it turns out to be uneconomic."

GuerillaRadio writes "Cory Doctorow's keynote at 28C3 was about the upcoming war on general-purpose computing driven by increasingly futile regulation to appease big content. 'The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race.'" If you don't have time for the entire 55-minute video, a transcript is available that you can probably finish more quickly.

gzipped_tar writes "The 'Chinese Software Developer Network' (CSDN), operated by Bailian Midami Digital Technology Co., Ltd., is one of the largest networks of software developers in China. A text file with 6 million CSDN user credentials including user names, password, emails, all in clear text, got leaked to the Internet. The CSDN has issued a letter of apology to its users. In the letter, it is explained that passwords created before April 2009 had been stored in plain text, while later passwords were encrypted. Users created between September 2010 and January 2011 may still suffer from email address leaks. A summary of the most frequent passwords without the corresponding usernames is available at GitHub. Somewhat surprisingly, the cryptic sounding password 'dearbook' ranks 4th with 46053 accounts using it."

itwbennett writes "Following last month's acquisition of Whisper Systems, Twitter is open sourcing 'some' of the company's Android security products. First up: TextSecure, a text messaging client that encrypts messages. Souce code is on GitHub now. 'Offering the technology to the community so soon after the acquisition could indicate that Twitter made the acquisition primarily for the developer talent,' writes IDG News Service's Nancy Gohring."

aglider writes "Phoronix has an interesting piece of news about a new emerging desktop environment. And it's Qt based! From the project home page: 'Razor-Qt is an advanced, easy-to-use, and fast desktop environment based on Qt technologies. It has been tailored for users who value simplicity, speed, and an intuitive interface. Unlike most desktop environments, Razor-Qt also works fine with weak machines.' Someone has already tagged Razor-Qt as 'a KDE ripoff.' What we have so far is version 0.4, ... and ... a number of easy ways to install and test it on a few main Linux distributions. Maybe time has come for something really new in the desktop environment arena almost completely occupied by GNOME and KDE." The project site has a few screenshots, and the source is available under a mixture of the GPL and LGPL. It looks pretty pedestrian in its current form, but then XFCE wasn't much to look at in its early stages either.

angry tapir writes, quoting a Techworld article: "In its continuing endeavor to serve its 800 million users as quickly as possible, Facebook is once again revamping the way it handles its PHP-based Web pages. Facebook has posted ... its HipHop Virtual Machine (HHVM), which the company's engineers call a just-in-time PHP compiler. According to Facebook, this PHP execution engine is 60 percent faster than its current PHP interpreter and uses 90 percent less memory." Facebook has a weblog post with a more technical description.

MrSeb writes with an article in Extreme Tech about progress toward getting an AOSP build working on the Nexus S. From the article: "Over the past week, ROM Manager extraordinaire Koush has been frantically working on making a working build of CyanogenMod 9 (Ice Cream Sandwich) for the Samsung Nexus S. The custom ROM, which is built purely from the Android Open Source Project, has now reached 'alpha 11.' All major features are present and no significant bugs remain. It's too early to say that the build is ready for prime time or mission-critical work — the final release of CM9 is due in the new year — but it's certainly stable enough for daily use. The most significant feature, if you can call it that, is that Koush's build of ICS is really very smooth — it's as nimble as Gingerbread, if not more so. Unlike the previous, non-CM build that was released last week, this alpha build of CM9 has every feature enabled, including Google Wallet, and setting a mobile data limit. As usual, the custom ROM is pre-rooted, has ROM Manager installed, and absolutely no bloatware. "

alteveer writes "Just like Quake 3 before it, the Doom 3 source code has been released to the public (minus rendering of stencil shadows via the 'depth fail' method, a functionality commonly known as 'Carmack's Reverse')."

With his first accepted submission, billakay writes "A recently open-sourced experimental Linux infrastructure created by Bell Labs researchers allows 3D rendering to be performed on a GPU and displayed on other devices, including DisplayLink dongles. The system accomplishes this by essentially creating 'Virtual CRTCs', or virtual display output controllers, and allowing arbitrary devices to appear as extra ports on a graphics card." The code and instructions are at GitHub. This may also be the beginning of good news for people with MUX-less dual-GPU laptops that are currently unsupported.

With his first accepted submission, billakay writes "A recently open-sourced experimental Linux infrastructure created by Bell Labs researchers allows 3D rendering to be performed on a GPU and displayed on other devices, including DisplayLink dongles. The system accomplishes this by essentially creating 'Virtual CRTCs', or virtual display output controllers, and allowing arbitrary devices to appear as extra ports on a graphics card." The code and instructions are at GitHub. This may also be the beginning of good news for people with MUX-less dual-GPU laptops that are currently unsupported.

wiredmikey writes "A new open source scanning tool has been released by engineers at independent security testing firm NSS Labs that can be used to detect Duqu drivers installed on a system. The tool was developed with the goal of discovering any additional drivers, and to enable researchers to learn more about the functionality, capabilities and ultimate purpose of the Duqu malware."

First time accepted submitter misterbarnacles writes "The Microtouch is a mobile media device that aims to become an open-source alternative to the iPod Touch." Deeper investigation reveals that the Microtouch is a nifty little device. Powered by an 8-bit microcontroller with only 2.5K of RAM there is an example ebook reader application. A primitive application framework (for some definition of the phrase) is available as Free Software, and for the hardware hackers the EagleCAD PCB files are published under a CC attribution-share-alike license.

First time accepted submitter misterbarnacles writes "The Microtouch is a mobile media device that aims to become an open-source alternative to the iPod Touch." Deeper investigation reveals that the Microtouch is a nifty little device. Powered by an 8-bit microcontroller with only 2.5K of RAM there is an example ebook reader application. A primitive application framework (for some definition of the phrase) is available as Free Software, and for the hardware hackers the EagleCAD PCB files are published under a CC attribution-share-alike license.

Riskable writes "Dan McDougall (full disclosure: That's me) just publicly released the source code to Gate One, which is an HTML5-powered terminal emulator and SSH client. It is unique in that it doesn't require any browser plugins (it uses WebSockets) and supports multiple simultaneous terminals/SSH sessions in a single browser tab. It can resume users' sessions after being disconnected, and supports both client and server-side session recording/playback (view as a log or like a video). Gate One can also be embedded into other web-based applications such as administration interfaces, serial port concentrators, virtual appliances, or whatever."

In his first accepted submission, MaxShaw writes "repl.it is an online REPL that supports running code in 15+ languages, from Ruby to Scheme to QBasic, in the browser. It is intended as a tool for learning new languages and experimenting with code on the go. All the code is open sourced under the MIT license and available from GitHub." A few of the languages are supported by reusing existing "Foolang in Javascript" interpreters, but a number of them are built using Emscripten (previously used to build Doom for the browser). All evaluation occurs client side, but saved sessions are stored on their server.

In his first accepted submission, MaxShaw writes "repl.it is an online REPL that supports running code in 15+ languages, from Ruby to Scheme to QBasic, in the browser. It is intended as a tool for learning new languages and experimenting with code on the go. All the code is open sourced under the MIT license and available from GitHub." A few of the languages are supported by reusing existing "Foolang in Javascript" interpreters, but a number of them are built using Emscripten (previously used to build Doom for the browser). All evaluation occurs client side, but saved sessions are stored on their server.

In his first accepted submission, MaxShaw writes "repl.it is an online REPL that supports running code in 15+ languages, from Ruby to Scheme to QBasic, in the browser. It is intended as a tool for learning new languages and experimenting with code on the go. All the code is open sourced under the MIT license and available from GitHub." A few of the languages are supported by reusing existing "Foolang in Javascript" interpreters, but a number of them are built using Emscripten (previously used to build Doom for the browser). All evaluation occurs client side, but saved sessions are stored on their server.

mikejuk writes "Intel has just announced River Trail, an extension of JavaScript that brings parallel programming into the browser. The code looks like JavaScript and it works with HTML5, including Canvas and WebGL, so 2D and 3D graphics are easy. A demo video shows an in-browser simulation going from 3 to 45 fps and using all eight cores of the processor. This is the sort of performance needed if 3D in-browser games are going to be practical. You can download River Trail as a Firefox add-on and start coding now. Who needs native code?"

An anonymous reader writes "A new type-safe query language for the popular full-text search platform Solr, called Slashem (a Rogue-like), has just been released. Slashem is implemented as a domain-specific language in Scala, providing compile time type-safety, allowing you do things like date range queries against date fields but keeping you from trying to do a date range query against a string field. Hopefully this trend catches on, resulting in fewer invalid queries exploding at runtime."

An anonymous reader writes "A new type-safe query language for the popular full-text search platform Solr, called Slashem (a Rogue-like), has just been released. Slashem is implemented as a domain-specific language in Scala, providing compile time type-safety, allowing you do things like date range queries against date fields but keeping you from trying to do a date range query against a string field. Hopefully this trend catches on, resulting in fewer invalid queries exploding at runtime."

An anonymous reader writes "Linus Torvalds has announced that he will be distributing the Linux kernel via Github until kernel.org servers are fully operational following the recent server compromise. From the announcement: 'But hey, the whole point (well, *one* of the points) of distributed development is that no single place is really any different from any other, so since I did a github account for my divelog thing, why not see how well it holds up to me just putting my whole kernel repo there too?'"

First time accepted submitter Mensa Babe writes "Oliver Morgan, the original author of the JavaScript Toolkit, or just 'The Toolkit' as it is known in the JavaScript community, has just announced the release of the long awaited version 1.1.0, with better documentation and added function support. Quoting the project documentation: '[JavaScript] Toolkit offers a large number of integrated methods and utilities to help enrich the javascript object library. Javascript was built originally for browsers and as such lacks a large number of data utility methods with are seen in languages such as Python and Ruby. However times have changed and JavaScript is being used more and more in backend platforms. JS Toolkit aims to bridge that gap and provide everyone a modern developer needs to produce fast, secure and tidy code quick and easily.' The Toolkit fully supports ECMAScript 5 and runs on the most important virtual machines that we have today, including Node.JS, V8, Rhino, RingoJS, and many others. It continues to be actively developed."

First time accepted submitter Mensa Babe writes "Oliver Morgan, the original author of the JavaScript Toolkit, or just 'The Toolkit' as it is known in the JavaScript community, has just announced the release of the long awaited version 1.1.0, with better documentation and added function support. Quoting the project documentation: '[JavaScript] Toolkit offers a large number of integrated methods and utilities to help enrich the javascript object library. Javascript was built originally for browsers and as such lacks a large number of data utility methods with are seen in languages such as Python and Ruby. However times have changed and JavaScript is being used more and more in backend platforms. JS Toolkit aims to bridge that gap and provide everyone a modern developer needs to produce fast, secure and tidy code quick and easily.' The Toolkit fully supports ECMAScript 5 and runs on the most important virtual machines that we have today, including Node.JS, V8, Rhino, RingoJS, and many others. It continues to be actively developed."

First time accepted submitter Mensa Babe writes "Oliver Morgan, the original author of the JavaScript Toolkit, or just 'The Toolkit' as it is known in the JavaScript community, has just announced the release of the long awaited version 1.1.0, with better documentation and added function support. Quoting the project documentation: '[JavaScript] Toolkit offers a large number of integrated methods and utilities to help enrich the javascript object library. Javascript was built originally for browsers and as such lacks a large number of data utility methods with are seen in languages such as Python and Ruby. However times have changed and JavaScript is being used more and more in backend platforms. JS Toolkit aims to bridge that gap and provide everyone a modern developer needs to produce fast, secure and tidy code quick and easily.' The Toolkit fully supports ECMAScript 5 and runs on the most important virtual machines that we have today, including Node.JS, V8, Rhino, RingoJS, and many others. It continues to be actively developed."

Michael J. Ross writes "For decades, programmers have written computer code in one language, and then programmatically translated that code into another, lower-level form (typically machine code that can be run directly by a microprocessor, or some sort of bytecode that can be interpreted by a virtual machine). For instance, source code written in C or C++ is compiled and assembled into machine code. In web programming, there are emerging languages and other tools for translating code into JavaScript. For instance, Google Web Toolkit allows the programmer to create web apps in Java. The latest addition to this category is CoffeeScript, a language that can be compiled into JavaScript, and is intended to reduce source code size and clutter by incorporating some of the best operators from other Web scripting languages, particularly Ruby. It is also the topic of a new tutorial, CoffeeScript: Accelerated JavaScript Development." Read on to learn what Michael thinks of this book. CoffeeScript: Accelerated JavaScript Development author Trevor Burnham pages 138 pages publisher Pragmatic Bookshelf rating 5/10 reviewer Michael J. Ross ISBN 978-1934356784 summary A fast-paced tutorial of CoffeeScript. This book is authored by Trevor Burnham, who is credited as one of the early contributors to the project by Jeremy Ashkenas (the creator and project lead of CoffeeScript) in his foreword to the book. Published by Pragmatic Bookshelf on 3 August 2011, under the ISBN 978-1934356784, CoffeeScript: Accelerated JavaScript Development fills only 138 pages, which is certainly a change of pace from the majority of programming tomes now being released. This book's material is grouped into six chapters, plus four appendices — aside from a preface, which introduces CoffeeScript as well as a word game, which is used as the example project throughout the book. Oddly enough, the preface mentions jQuery, but not as one of the well-known attempts to streamline JavaScript code.

The first chapter, "Getting Started," begins by briefly explaining how to install Node and npm (Node Package Manager). These instructions assume that you are following along in a Linux environment or some emulation thereof. They also seem to assume that nothing goes wrong in any of the steps, because no troubleshooting guidance or references are provided. Given the number of moving parts required to get CoffeeScript running, as well as the technical pitfalls that could ensnare a Windows or Mac user, the author should have provided more clear and detailed installation instructions. Also, readers unfamiliar with Linux/Unix may be puzzled by some of the instructions. For instance, page 3 appears to state that the way to check that those two aforesaid packages are on your path, is to simply type in "PATH" (whereas what is needed is "echo $PATH"). From that point forward, the narrative gradually becomes more opaque, with cursory coverage of text editor plug-ins, the "coffee" command line compiler, REPL, "the soak" (an existential chain operator), and the limitations of trying to debug CoffeeScript code. It is quite possible that by the end of this chapter, many readers will decide to not bother trying to learn CoffeeScript, and instead to stick with plain JavaScript, possibly supplemented with jQuery (which is not to say that jQuery code is any easier to read).

In the next three chapters, the author presents the basics of CoffeeScript, including how to: define and use functions and their arguments; test conditionals; throw and catch exceptions; understand variable scoping and context; create arrays using splats; accept input from the console; create objects, arrays, and soaks (in more detail than before); iterate over collections; match patterns; define namespaces using modules; and create prototypes and classes. He makes extensive use of examples, which thankfully are concise (unlike some programming books whose example code span far too many lines, and sometimes even multiple pages — forcing the reader to dig through the code, trying to find the important lines). Also, the brevity of CoffeeScript syntax is undoubtedly a factor. However, his concise style extends to the narrative as well, and will likely cause newbies to have to read the material several times — and even then wonder whether they fully grasp the concepts. It seems that the author understands CoffeeScript extremely well, but is not always able to communicate that knowledge to the reader in a patient and comprehensible manner.

Chapter 5 is a primer on jQuery, and is apparently included in the book so that the example application (the word game) can be made to work in a web browser — since none of the code or narrative (aside from the example app) appears to be related to CoffeeScript. It would have been more efficient to simply point the reader to an online jQuery tutorial, and then present only the CoffeeScript-specific differences — or just briefly explain how to load CoffeeScript files in an HTML file, which could have been done in a sidebar. The last chapter demonstrates how to run CoffeeScript on a web server, utilizing Node.js, and also explores how the lack of threads in JavaScript can impact Node programming. The example project is made multiplayer using Node, Connect, and WebSocket.

The appendices provide answers to the end-of-chapter exercises, alternative methods of running CoffeeScript code, a JavaScript cheat sheet, and a list of a half dozen bibliographic references. This book concludes with a suspiciously-short index, at less than three pages long, which appears to provide only the first or earliest occurrences of the major terms. Consequently, anyone who tries to use this book as a reference work for looking up key terms quickly — or for finding their later occurrences — will likely need to obtain an electronic version of the book, since all e-readers have search functionality. Furthermore, the index is missing some key terms used in the text, such as "function callbacks" and "arbitrary expressions" — heck, it's even missing "expressions," a fundamental concept in any programming language.

Prospective readers who wish to learn more about the book, can visit Pragmatic Bookshelf's page, which offers brief descriptions of the book and its author — as does O'Reilly Media's page. But, as of this writing, only the former makes available an e-book version, pre-publication reader comments, a discussion forum, the example source code used in the book, and a link to a page for reporting errata, which already has more than half a dozen items listed. More are present in the text: "add [a] multiplayer capability" (page xx); a lone ")" missing its matching "(" (in Exercise 6, page 34); "in a lot in functions" (page 107; should read "in a lot of functions"); "a[n] overhead" (page 110); "everyone and their dog is" (page 116).

The author's writing style is sometimes quirky, which in most cases adds a bit of levity, but occasionally leads to the misuse of terms, e.g., array ranges usage described as "fantastical" (page 43). "BDFL" (page xiii) will prove puzzling at first to most readers. On page xvi, the reader is told that JavaScript "contains multitudes." — multitudes of what? And nothing can excuse the groan-inducing "automagically" (page 100).

In terms of the ordering of the topics, one of the most exasperating aspects of this book is the way that many language concepts — such as chained comparisons, and variables being true or false (or "truthy" or "falsy") — are not presented up front, on their own, but mixed in with discussions of other topics, including development of the game application, and even in the answers to the chapter questions (Appendix 1). This makes the book generally unsuitable as a reference, especially when combined with a disappointing index.

One might assume that the modest size of this book is a result of the small size of the language itself. But another factor is surely the pithy presentation style for even some of the most important concepts in the language. Perhaps worst of all — especially from the perspective of someone relatively new to programming — some basic concepts are not addressed, or the example code does not address common use cases. For instance, in CoffeeScript, how does one create a block consisting of multiple lines of code? On page 17, indentation is briefly mentioned, but the sample code shows single-line blocks only. Other important ideas are "saved as an exercise" (which may induce flashbacks to exasperating technical college textbooks). Some readers may conclude that the author didn't want to make the effort of fully describing the language, in a more canonical fashion, which would have resulted in a much longer, but more valuable book.

It is unclear as to how much of the likely mystification and frustration of the average reader will be due to the writing choices made by the author, and how much can be blamed on the sometimes cryptic syntax of CoffeeScript, evident in the discussion of topics such as function binding (Chapter 2) and keywords (e.g., from page 106, "what.x and @x are, of course, equivalent if and only if what is this." Of course!). Readers are told in the introduction that they do not need to be experts in JavaScript to understand the book's material, and can be amateurs (page xviii). But there are several places in the book where intermediate-level knowledge, at a minimum, would be needed. That sort of difficult material may be another point in the CoffeeScript journey where some readers will decide to eschew learning the language.

The production quality of the book is fine, except that the chosen font's ratio of height to width is more than what is usually found in books nowadays; when combined with inadequate spacing among the words within many of the sentences, it makes it difficult for the reader to rapidly scan the material. The e-book version reflects the same minor problem. Yet it makes excellent use of color for syntactically highlighting the code — a feature not seen in the print version.

So if you would like to do some JavaScript programming, but without writing any JavaScript, then one possible place to start your journey is CoffeeScript: Accelerated JavaScript Development. As of this writing, it is the only CoffeeScript book on the market. Yet should the language continue growing in popularity, then more substantial and recommendable books will probably become available.

Michael J. Ross is a freelance web developer and writer.

You can purchase CoffeeScript: Accelerated JavaScript Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

phy_si_kal writes "Opa, a new open source programming language aiming to make web development transparent, has been publicly launched. Opa automatically generates client-side JavaScript, and handles communication and session control. The ultimate goal of this project is to allow writing distributed web applications using a single programming language to code application logic, database queries and user interfaces. Among existing applications already developed in Opa, some are worth a look. Best place to start is the project homepage which contains extensive documentation, while the code of the technology is on GitHub. A programming challenge ends October 17th."

cdance writes "Traditional Lava Lamps, and of course email, are the tools of choice to notify your dev team that the build in your continuous integration system is broken. However, lava lamps, just like pink curtains and shag pile, don't really fit into the culture of many modern development teams. There is now a solution. Retaliation is a new Jenkins CI build monitor that automatically coordinates a foam missile counter-attack against the developer who breaks the build. It does this by playing a pre-programmed control sequence to a USB Foam Missile Launcher to target the offending code monkey."

Michael J. Ross writes "With the proliferation of handheld devices that allow access to the Web, more business owners and other technology decision-makers are demanding that their organizations' websites be fully accessible on those devices, and even be repackaged as new web-based applications. But designers and developers who may be quite proficient in making non-mobile websites and web apps, can feel uncertain as to how to craft those products, or even where to start the process of learning how to do so. Recently, several books have been published to address this need, including Build Mobile Websites and Apps for Smart Devices, authored by Earle Castledine, Myles Eftos, and Max Wheeler." Read on for the rest of Michael's review Build Mobile Websites and Apps for Smart Devices author Earle Castledine, Myles Eftos, Max Wheeler pages 300 pages publisher SitePoint rating 8/10 reviewer Michael J. Ross ISBN 978-0987090843 summary An approachable guide to getting started building mobile web apps. This title was published by SitePoint on 29 June 2011, under the ISBN 978-0987090843. The book's contents span 300 pages, and are organized into a preface, eight chapters, an appendix, and an index. The preface contains the usual meta information about a technical book; but what really shines is its intro section, which enthusiastically entices the reader to jump into the burgeoning field of mobile web development. The appendix, comprising little more than two pages, presents only the most basic information on how to utilize whatever native web server might be running on the reader's Linux, OS X, or Windows Vista/7 machine. The more than 49 percent of computer owners still using Windows XP (as of this writing), will need to look elsewhere for information on installing and configuring Apache, IIS, or some other web server, should they want to test their apps locally. In terms of prerequisites for this book, readers are expected to be proficient in HTML, CSS, and JavaScript, but not necessarily HTML5 and CSS3, whose concepts are explained as needed throughout the text.

The publisher maintains a web page for the book, where visitors can find the table of contents, errata (none as of this writing), the book's index, and three free sample chapters (Chapters 1, 2, and 4) in PDF format. Visitors can order the print version of the book, the electronic version (in three different formats: PDF, EPUB, and MOBI), and an online course hosted by Learnable (comprising lessons, video tutorials, Q&A sessions, and the example code).

The first chapter introduces the basic concepts and rationale of mobile apps, as well as some of the key decisions one will face in creating them, such as whether to make a web app versus a native app, and the options for providing a mobile experience. The authors briefly describe the example app — a tool for recording and sharing celebrity sightings — which is designed and created sequentially in the material that follows. But the chapter does not fulfill the promise made for it in the preface, where the reader is told he will "be guided through the process of designing and building a mobile web application"; on the contrary, the chapter does not explain how to design and build one.

That effort begins in the second chapter, where the authors discuss some high-level considerations for designing the user interfaces of mobile devices, as well as the benefits and drawbacks of various navigation and content structuring options. The bulk of the narrative involves wireframing the design for the example app, selecting colors and fonts, and crafting an appropriate icon for it. Readers learn of the advantages of using relative units in their CSS, but not how to get all the elements positioned properly regardless of the target device's resolution, when mixing relative units for text and pixel units for images. The section "Scalable Images," later in the subsequent chapter, is a start, but is not sufficient for non-SVG images.

Chapter 3, "Markup for Mobile," is the longest of them all, primarily because it presents much if not all of the source code written by the authors for the initial version of their example app. The majority of the code is in HTML and CSS, with a focus upon the effects made possible using HTML5 and CSS3. Also discussed are the resource limitations of typical mobile devices, content and menu display options, image techniques and scalability, viewport meta element settings, icons, multimedia, and more. Oddly, on pages 71-72, the resource limitations of iOS are repeated, with only slightly different wording. How could the proofreaders have missed this glaring redundancy?

The fourth chapter, "Mobile Web Apps," addresses the logical next step: enhancing a mobile website so it can function as a web app — for which JavaScript is used extensively. After briefly mentioning a couple of the better-known mobile development frameworks, the authors select jQuery as a library for working with the DOM, to speed development and make the example code more platform neutral. There follows an interesting discussion of touch events on mobile devices, how they compare to mouse events, and techniques for best handling them. But the main goal is to show how to load, swap, and go back to pages so as to most closely simulate the snappy behavior of native apps. The extensive code and narrative in this chapter are the most complex of any in the book, and thus will likely be the most challenging for any reader who is not adept with JavaScript and/or jQuery, or who does not have the patience to work through the example code.

At first glance, it would appear that native apps have a huge advantage over web apps, in that they can access information from their mobile devices' capabilities — such as accelerometers and cameras — historically unavailable to mobile web browsers. Fortunately, an increasing number of standard interfaces are allowing web apps to access that data — and this is the topic of the fifth chapter. The reader is shown how to capture and utilize geolocation data, device rotation and acceleration, as well as shake and touch gestures. The chapter concludes with coverage of how to use HTML5 Offline Web Applications API for enabling an app to work when no network access is available. The subsequent chapter, "Polishing up Our App," shows the reader how to do just that — specifically, preventing the navigation header from scrolling off the screen, handling click processing delays, displaying dialog boxes, storing data on the client device, and other differences. The narrative is clear, except for a perplexing ornithological expression, "Duck-type" (page 182). Experienced developers will appreciate the section on mobile coding best practices, based on controllers and custom events — for minimizing programming headaches as a project's code becomes sizable.

The last two chapters explain how to convert a web app into a native app, using PhoneGap, an HTML5 application platform that allows a Web app to access those resources of the mobile device that would otherwise be unavailable, such as data in the filesystem and images from any built-in camera. Before demonstrating the details of how to implement those capabilities, the authors show how to install the development environments for all of the supported platforms (including Apple iOS and Google Android), and then PhoneGap itself. Lastly, readers learn how to try to monetize their finished web apps by uploading them to the various app stores.

The authors make extensive use of example source code, to illustrate the ideas being discussed, which works well, partly because the code is generally explained clearly and commented as needed. A code archive is available containing the source code used in the book, except that of the first two chapters and the last two, which collectively is minimal. (Look for the "Downloads" button on that GitHub page to avoid having to download all the files separately.) Beware that some of the sample code appears to be incorrect or incomplete, e.g., stars.html in the directories "ch3" and "ch4" appear to be unstyled, and "javascripts/ch3/untitled file" is empty. Readers who elect to type in any code directly from the book, should watch out for "curly quotes" (e.g., page 230), and instead substitute the corresponding straight equivalents.

In terms of the physical presentation of the book, at 9.9 x 8 inches, it is taller and wider than the standard nowadays, allowing for what appears to be a relatively larger font, which makes the text more readable. The attractive color figures are a welcome change from the usual black-and-white screenshots found in most computer books. They enhance the overall appearance of the book's interior and the experience of reading the narrative.

Speaking of which, most of the narrative is quite clear. However, one critical topic for mobile design is screen resolution, including how to best defensively account for that in one's design and coding. This book's coverage of the topic is divided into at least two different places (pages 40 and 55), and should have been consolidated, in the third chapter. Unlike most programming books littered with chapter summaries, this one appears to have only one section with a summary, which oddly does not summarize the information presented in the section, but instead offers some interpretation thereof. Also, American readers might stumble over a few of the words that use the English/Australian spelling, e.g., "license" (page 239).

Some of the phrasing will likely befuddle the majority of readers, especially in cases where the authors fail to define their terms, e.g., the first bullet point on page 47. There are a few minor inconsistencies in the writing, such as "fill out forms" and "fill in a form" (on the same page, 32), but nothing that would cause confusion on the reader's part. The overall writing style is friendly, although sometimes overdone with an excessive use of exclamation marks (e.g., page 40). The text contains some errata (including several that suggest that the SitePoint copyeditors are unfamiliar with the ability of even a common word processor such as Microsoft Word to detect duplicate words): "to thank to" (page xxi), "the the" (pages 8 and 84), "for for" (13), "look at [in] Chapter 6" (34), "let[']s break" (44), ", (" (54 and 142), "no way to we can used" (55), "[up] to this point" (82), "try and" (82, 93, 131, and 167; should read "try to"), "support [for] standalone mode" (89), "are are" (139), "it's" (162; should read "its"), "if there are" (172; should read "if there were"), "ultimately .depend" (196), "On[c]e you've installed" (203), "we're yet" (212; should read "we've yet"), "an an" (225), "more detail that" (238; should read "more detail than"), and "a a" (240).

Yet none of the aforementioned problems are of great significance, and do not detract from the value of the material presented. All three authors have extensive experience in designing and developing mobile web applications, and this is reflected in the authority with which they not only offer the technical details, but also make recommendations to the reader. This book would serve as an excellent starting point for any web programmer who wishes to learn how to create mobile web sites and applications.

Michael J. Ross is a freelance web developer and writer.

You can purchase Build Mobile Websites and Apps for Smart Devices from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

bhaak1 writes "The first — and hopefully annual — NetHack Cross-Variant Summer Tournament called Junethack started last Sunday and runs until the end of August 14th.This tournament features Vanilla NetHack and several of its forks: SporkHack, UnNethack, AceHack and as a special bonus game — never seen on a public server before — NetHack 1.3d, the first version of the game called NetHack, released 1987. There are various achievements to gain, even for those poor souls that can't win this complex and sadistic game. The source code of the tournament management and website software is available for hacking on GitHub if you prefer hacking code to hacking monsters."

An anonymous reader writes "Using Firefox, and a new (open source) add-on called Collusion, you can see for yourself just how extensive the third-party behavior-tracking system is. Simply leave the Collusion website open, browse the web for a bit, and then return to see that your favorite websites are letting at least four or five behavior tracking companies follow you around the web."

An anonymous reader writes "The introduction of HTML5 and super-fast JavaScript engines to the latest web browsers has brought with it a wealth of new functionality. The focus seems to have been put on the ability to play video in a browser without Flash, or making games. But a project born out of a Music Hackday in Berlin is just as exciting. It's called jsmad and is a pure JavaScript decoder that allows you to play MP3s in a browser without Flash. So, for example, a music artist could create a website and upload songs for visitors to listen to without need of any plug-ins. Alternatively, why not have an MP3 jukebox that can play songs off your hard drive or Dropbox folder just by loading a website? You can try out the decoder by visiting the jsmad.org website where there is a sample song, on the same site you can browse for your own local file to play. Be warned, it only works in Firefox 4+ at the moment, but Chrome support is coming and already works in some cases." Another reader tips news of a JavaScript PDF viewer.

Prosthetic_Lips writes "A programmer named Grant Galitz has released a GameBoy Color emulator written in HTML5/JavaScript, and it will run ROM images stored locally. What's amazing is that it runs the games at a playable speed. We discussed a different, but similar project six months ago, but it seems like this one is pretty complete at this point. It's also open source."

azop writes "Almost a year ago Slashdot covered the story of a MPEG-4 multiple input capture card with a GPL Video4Linux licensed driver. Earlier this year, Ben Collins added H.264 support into the solo6x10 Video4Linux2 GPL driver. The H.264 PCIe cards are finally released and shipping to customers. The new cards support faster frame rates and sport a PCIe interface. The driver is available for forkin' on Github."

azop writes "Almost a year ago Slashdot covered the story of a MPEG-4 multiple input capture card with a GPL Video4Linux licensed driver. Earlier this year, Ben Collins added H.264 support into the solo6x10 Video4Linux2 GPL driver. The H.264 PCIe cards are finally released and shipping to customers. The new cards support faster frame rates and sport a PCIe interface. The driver is available for forkin' on Github."

kripkenstein writes "Ever since Id Software released the Doom source code under the GPL, it's been ported to platform after platform. Now, you can play Doom compiled to JavaScript on the web, using standard web technologies like Canvas and without any plugins. If your browser has trouble running it, here's a screencast." The translation was accomplished using Emscripten, a Javascript backend for LLVM. As per the GPL, full source code is available. Pretty neat.

seamus1abshere writes "In the latest twist from Big Data, MasterCard and Brighter Planet today announced that cardholder transaction data will be mined for clues about CO2 emissions. Initial coverage will be of flights, car rentals, hotels and other purchases for which the credit card company stores extra metadata. Interestingly, the science behind the offering is all open source."

seamus1abshere writes "In the latest twist from Big Data, MasterCard and Brighter Planet today announced that cardholder transaction data will be mined for clues about CO2 emissions. Initial coverage will be of flights, car rentals, hotels and other purchases for which the credit card company stores extra metadata. Interestingly, the science behind the offering is all open source."

lekernel writes "After years of passionate and engaging development, the video synthesizer from the Milkymist project is expected to go out of beta in August. Dubbed 'Milkymist One,' it features as central component a system-on-chip made exclusively of IP cores licensed under the open source principles, and is aimed at use by a general audience of video performance artists, clubs and musicians. It is one of the first consumer electronics products putting forward open source semiconductor IP, open PCB design and open source software at the same time. The full source code is available for download from Github, and a few hardware kits are available from specialized electronics distributors."

Several readers have sent in follow-up articles to Wednesday's news that iPhone location data was being tracked and stored. First, it seems Android shares a similar problem, though the file containing the location data is "only accessible on devices that have been rooted and opened up to installation of unsigned apps." Developer Magnus Eriksson has created an app to flush this data. Next: the iPhone tracking file is not new, just in a different place than it used to be. Reader overThruster then points out a CNet story indicating that law enforcement has been aware of this file for some time, and has used it in a forensics context. This story is a growing concern for Apple, particularly now that Senator Al Franken (PDF) and Rep. Ed Markey (PDF) have both written letters to Steve Jobs demanding details about the location tracking. Finally, PCMag explains how to view the location data present on your iPhone, should you so desire.

An anonymous reader writes "The Guardian reports that researchers have found a hidden file on all iPhones, iPads and any computers to which they synchronize, logging timestamped latitude and longitude coordinates of the user since June 2010. A tool is available on their website to check on your own."

eldavojohn writes "Test-Driven JavaScript Development by Christian Johansen is a book that thoroughly guides the user through some of the more advanced aspects of the JavaScript language and into Test-Driven Development (TDD). Throughout it, Johansen introduces great methods and utilities like libraries to accomplish all aspects of TDD in JavaScript. The book begins with Johansen demonstrating and teaching the reader some of the more advanced aspects of JavaScript to ensure that the following lessons in TDD are well understood. The best part of the book is in the last half where Johansen builds a chat client and server completely out of JavaScript using TDD right before the readers' eyes." Keep reading for the rest of eldavojohn's review. Test-Driven JavaScript Development author Christian Johansen pages 475 publisher Addison-Wesley Professional rating 9/10 reviewer eldavojohn ISBN 978-0-321-683915 summary An in depth look at Test Driven Development in JavaScript. First off the audience for this book are JavaScript developers interested in TDD. More specifically, I would identify the audience being the poor developers that have slaved over JavaScript for endless hours only to find out that there are 'discrepancies' in how their JavaScript functions in one browser versus another (or even across versions of the same browser). If you've ever came into work one day to learn that the latest version of Internet Explorer or Mozilla Firefox now throws errors from the deep recesses of your code and you have absolutely no idea where to start, then this book may be an item of interest to you. After all, wouldn't it be great to pull up the new browser and simply watch all your tests complete code coverage with glaring red results listing specific problematic locations?

Secondly, I'd like to establish that I'm writing this review with two key assumptions. The first assumption is that JavaScript is not in and of itself evil. You might hate JavaScript (as did I at one time) but it's a very flexible and enjoyable language when you're not battling some crazy 'feature' that a particular JavaScript engine exhibits or some issue with the dreaded Document Object Model (DOM). The second assumption is that TDD is a net positive when done correctly. To some, it may be a hard sell and the author of the book is no blind preacher. TDD has its pitfalls and the book adequately notes these claiming that TDD can actually work against you if used improperly. Feel free to wage wars in the comments debating whether or not the average JavaScript monkey is capable of avoiding pitfalls and learning to write good unit tests — I'm not getting sidetracked in this review on those topics.

This book is divided into four parts. The first part of the book gives you a slight taste of testing right off the bat in chapter one (Automated Testing). Johansen starts by showing a strftime function written in JavaScript and demonstrates briefly the very clumsy standard method of testing the method in a browser. From there he introduces Assertions, Setup, Teardown and Integration Tests. What I particularly enjoyed about this book is that these key components are not forgotten after introducing them, Johansen constantly nods to the reader when duplicate code could be moved to Setup or Teardown.

Chapter two is devoted to 'turning development upside-down.' This chapter analyzes the mentality of writing a test, running the test, watching it fail, making the test pass and then refactoring to remove duplication (if necessary). Johansen stresses and restresses throughout the book that the simplest solution should be added to pass the test. Fight the urge to keep coding when you are sure what comes next and just make sure you have unit tests for that new code. The third chapter runs through many test frameworks in JavaScript and settles in on JsTestDriver weighing the pros and cons of each option. Lastly, it is demonstrated how to use JsTestDriver both inside Eclipse and from the command line (something I deeply appreciated). Chapter Four expands on this by proposing learning tests which are tests that you keep around to try out on new browsers to investigate what you depend on. I'm not entirely sold on this practice but this chapter is definitely worth the look at performance testing it provides in a few of the more complete aforementioned frameworks.

The next 145 pages are devoted to the JavaScript language itself. The reader will find out in later chapters why this was necessary but this second part felt too long and left me starving for TDD. There's a ton of great knowledge in these chapters and Johansen demonstrates an impressive display in his understanding of ECMAScript standards (all versions thereof) and all the JavaScript engines that implement them. In the following four chapters, the reader is shown the ins and outs of scope, functions, this, closures, anonymous functions, bindings, currying, namespaces, memorization, prototypical inheritance, tons of tricks with properties, mixins, strict mode and even the neat features of tddjs and JSON. What I was most impressed with in this chapter was how much care Johansen took with noting performance pitfalls in all of the above. Example: "closures in loops are generally a performance issue waiting to happen" and on for-in arrays he says "the problem illustrated above can be worked around, as we will see shortly, but not without trading off performance." Johansen seems tireless in enumerating the multitude of ways to accomplish something in JavaScript only to dissect each method critically. If you skip these sections, at least look at 6.1.3 as the bind() implementation developed there becomes critical throughout much of the book's code.

Chapter nine provides yet more dos and do nots in JavaScript with a tabbed panel example that demonstrates precisely what obtrusive JavaScript is and why it is labeled as such. Chapter ten is definitely not to be skipped over as it provides feature detection methods (specifically with regard to functions and properties) that are seen in later code snippets. Part two is devoid of any TDD yet rich in demonstrating the power of JavaScript. This is where the book loses a point for me as this seemed too long and a lot of these lessons — though informative — really seemed like they belonged in another book on the JavaScript language itself. I constantly wondered when I would start to see TDD but to a less experienced developer, these chapters are quite enlightening.

In the third part, we finally get to some TDD in which an Observer Pattern (pub/sub) is designed using tests with incremental improvements in true TDD fashion. Most importantly to the audience, we encounter our first browser inconsistencies that are tackled using TDD. This chapter illustrates how to make your first tdd.js project using the book's code and build your first tests followed up with the isolation of the code into setup and teardown functions. Rinse, wash, repeat for adding observers, checking for observers and notifying observers (all key functionality in the common observer paradigm). This is a great pragmatic example for TDD and the chapter wraps up with error checking and a new way to build a constructor. As we do this, we have to make changes to the tests and Johansen illustrates another critical part of TDD: fixing the tests after you've improved your code.

The twelfth chapter takes our Ajax friend the XMLHttpRequest object and gives it the same treatment as above. Of course, you might know it as the Msxm12.XMLHTTP.6.0 object or a variety of names so this is where our browser differences are exposed. On top of that, we're exposed to stubbing in order to test such an object. The author explores three different ways of stubbing it while building tests for GET requests. After building helpers to successfully stub this, we move on to POST, finally send data in a test and then pay attention to the testing of headers. Personally these two chapters were some of the best in the book and illustrated well a common method of utilizing TDD and stubbing to build up functional JavaScript.

Chapter thirteen builds on the previous chapter by examining polling data in JavaScript and how we might keep open a constant stream of data. Before jumping to the solution, the author investigates strategies like polling intervals and long polling which have their downfalls. We eventually come to the Comet client (which uses JSON objects) and build up our test cases that support our development of our new streaming data client. One important aspect brought up is the trick of using the Clock object to fake time. This was completely new to me and very interesting in simulating time with tick() to quickly fake and test expected lengths of time.

Chapter fourteen was definitely outside of my comfort zone. JavaScript on the server-side? Blasphemy! Johansen begins to bring together the prior elements to form a fully functional chat server all in JavaScript through TDD. In this chapter the reader is introduced to node.js and a custom version of Nodeunit the author modified to make a little more like JsTestDriver. The controller emerges through the TDD cycles. Responses to POST, adding messages, the domain model and even storage of data are given test cases to insure we are testing feature after tiny feature. Toward the end of the chapter, an interesting problem arises with our asynchronous interface. In testing it, how do we know what will result from a nested callback? Johansen introduces the concept of a Promise which is a placeholder that eventually provides a value. Instead of accepting a callback, the asynchronous method returns a promise object which is eventually fulfilled. We can now test adding messages in asynchronous manner to our chat room. The chapter builds on the chat server to passable functionality — all through TDD.

Chapter fifteen concentrates on building the chat client to the above server and in doing so provides the reader with TDD in regards to DOM manipulation and event handling. This chapter finally covers some of the more common problematic aspects of client-side JavaScript. Again, this chapter yielded many tricks that were new to me in TDD. JsTestDriver actually includes two ways to include HTML in a test and Johansen shows how to manipulate the user form on a page in order to test it automatically. The client is developed through TDD and node-paperboy is called in to serve up static files through http with Node.js. The message list displayed in the client is developed through TDD and then the same process used on the user form is done with the message form submission. The author brings in some basic CSS, Juicer and YUI Compressor to reduce all our work down into a 14kB js file containing an entire chat client. With gzip enabled it downloads at about 5kB. Potent stuff.

I was sad that more pages weren't spent on the final section. Chapter sixteen further expounds upon mocking, spies and stubbing. It lists different strategies and how to inject trouble into your code by creating stubs that blow up on purpose during testing. And we get a sort of abbreviated dose of Sinon, a mocking and stubbing library for JavaScript. The author repeats a few test cases from chapter eleven and moves on to mocking. Mocking is mentioned throughout the book but is passed over due to the amount of work required to manually mock something. The chapter ends with the author saying 'it depends' on whether you should use stubbing or mocks but it's pretty clear the author provides stubbing as he enumerates the pros and cons of each.

Chapter seventeen provides some pretty universal rules of thumb to employ when using TDD. From the obvious revealing intent by clear naming to strategies for isolating behavior, it's got good advice for succeeding with TDD. This advice aims to improve readability, generate true unit tests that stay at the unit level and avoid buggy tests. It's worth repeating that he gives a list of 'attacks' for finding deficiencies in tests: "Flip the value of the boolean expressions, remove return values, misspell or null variables and function arguments, introduce off-by-one errors in loops, mutate the value of internal variables." Introduce one deficiency and run the tests. Make sure they break when and where you would expect them to or your testing isn't as hardened as you might expect. Lastly the author recommends using JsLint (like lint for C).

There's a lot of information in this book but I think that the final examples were actually too interesting for my tastes. Often I grapple with the mundane and annoying parts of client side DOM — nothing on the server side. While this might change at some point in the future, I couldn't help but feel that the book would have been better with additional examples of more common problems than a chat client in JavaScript. I was certainly impressed with this example and it will hold the readers' attention much more than what I desire so I feel comfortable recommending this book with a 9/10 to anyone suffering from browser inconsistencies or looking to do TDD in JavaScript.

You can purchase Test-Driven JavaScript Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Plombo writes "Sony's war against PS3 hacking continues. On January 27, Sony Computer Entertainment America sent a DMCA takedown notice to GitHub demanding the removal of 6 repositories under the 'circumvention device' clause of the DMCA. All of the repositories in question were related to jailbreaking or homebrew development for the PS3."

An anonymous reader writes "Vladimir Romanov has released what he claims is a polynomial-time algorithm for solving 3-SAT. Because 3-SAT is NP-complete, this would imply that P==NP. While there's still good reason to be skeptical that this is, in fact, true, he's made source code available and appears decidedly more serious than most of the people attempting to prove that P==NP or P!=NP. Even though this is probably wrong, just based on the sheer number of prior failures, it seems more likely to lead to new discoveries than most. Note that there are already algorithms to solve 3-SAT, including one that runs in time (4/3)^n and succeeds with high probability. Incidentally, this wouldn't necessarily imply that encryption is worthless: it may still be too slow to be practical."

Kramer747 writes "to share a new tool I've developed for neuroscience that uses optogenetics to remotely control the neurons of a worm as it swims or crawls. Its called CoLBeRT, Controlling Locomotion and Behavior in Real Time. With the instrument I can induce the worm to stop, accelerate, lay eggs or experience the illusion of touch. All source code to run the instrument is GPLd and available. Science News and Scientific American both have stories. The project homepage is at colbert.physics.harvard.edu." I hope that name also constitutes a successful bid to get on the actual Colbert show!

Michael J. Ross writes "While it is possible to create a simple website using a base installation of Drupal, the real power of this content management system is achieved through the use of modules, which can be thought of as add-ons that extend the capabilities of Drupal in specific ways — oftentimes in conjunction with other modules. These modules are developed and contributed by PHP programmers who understand how to use one or more of the Drupal application programming interfaces (APIs) to access information stored in a Drupal database, such as content, user profiles, and theme settings. These APIs have changed with Drupal version 7, and thus Drupal coders could benefit from a book that explains how to create Drupal 7 contrib modules." Read on for the rest of Michael's review. Drupal 7 Module Development author Matt Butcher, Greg Dunlap, Matt Farina, Larry Garfield, Ken Rickard, John Albin Wilkins pages 420 pages publisher Packt Publishing rating 8/10 reviewer Michael J. Ross ISBN 978-1849511162 summary A thorough guide to module building for intermediate to advanced Drupal coders. One such resource, titled Drupal 7 Module Development, was made available by Packt Publishing on 3 December 2010, under the ISBN 978-1849511162. It has half a dozen authors, all of whom are highly experienced Drupal programmers and contributors to this burgeoning open source project: Matt Butcher, Greg Dunlap, Matt Farina, Larry Garfield, Ken Rickard, and John Albin Wilkins. This team effort spans 420 pages, organized into a dozen chapters, and two appendices. Angie Byron, the Release Manager for Drupal 7, starts it off with an interesting and upbeat foreword that concisely summarizes the primary goals of this latest release of Drupal. Following it is a preface whose chapter summaries are poorly written — almost as though the writer knew nothing about Drupal. Speaking of technical knowledge, readers are expected to be familiar with Drupal, PHP, HTML, and CSS — the more so, the better. For the jQuery material, an understanding of that library and JavaScript itself would be valuable. Packt Publishing hosts a book Web page that offers a detailed description of the book, links for purchasing the print and electronic copies of the book (or the two combined, for a large discount), and the example source code for nine of the chapters (also available from the book's GitHub repositories). As with all of its other titles, the chapters end with summaries, which provide no value and simply waste space.

This book's first chapter, "Developing for Drupal 7," provides an overview of the purpose of custom modules, the practical approach that the authors will take in explaining how to create such modules, the Web technologies underpinning Drupal, the Drupal architecture, its major subsystems, and various tools commonly used for Drupal programming. Oddly, the authors hope "that the code mentioned in this chapter can serve as a foundation for your bigger and better applications," and yet no code per se is mentioned. Nonetheless, the chapter does serve as a decent introduction for PHP programmers new to "the Drupal way." The second chapter, "Creating Your First Module," shows the reader how to do exactly that, using a very simple module to illustrate the basics, such as the files that typically compose a Drupal module, as well as some Drupal coding standards. Unfortunately, regarding the code on page 38 that checks whether the $path variable is "admin/help#first," no explanation is provided as to why the "#" is not a "/," given that the URL path in the reader's browser will be "/admin/help/first," and the "#first" does not refer to a page anchor. After a worthwhile detour into Drupal internationalization and the t() function, the authors introduce both the Block API and the Testing module, through example. Incidentally, readers trying out the sample code will want to add "static" to "public function getInfo()" in first.test — as is done in all of the other Drupal 7 core test files — to avoid a PHP "strict" warning of a static call to getInfo() in simpletest_result_form().

The next two chapters focus on theming — specifically, Drupal's theme layer and techniques for theming a custom module. The material in both chapters is arguably comprehensive, and thus ideal for a reader already well-versed in Drupal 6 module development. But, for anyone else, it will likely be overwhelming in its dense detail and in the fast pace at which it is presented — and thus will discourage most newcomers. The former chapter presents numerous high-level concepts, while the latter is intended to illustrate those ideas by focusing on module theming. Yet even if the reader carefully examines and implements the sample code — usually the best way to learn any sort of programming — these chapters will probably prove quite difficult for readers to comprehend thoroughly, unless they have prior experience along these lines. Oddly, the Chapter 4 summary tells the reader that she should have "learned a little bit about contributing your experiences [sic] and knowledge back to the Drupal community," but the material does not explain how to do so. (More on that topic later.)

Chapter 5, "Building an Admin Interface," provides a detailed survey of the Drupal menu system, the Form API (including how form data is saved, which is inadequately covered by some other books), Drupal's built-in e-mail system, and the use of tokens therein. The coverage is again detailed, and would be even better had the remaining commonly-used HTML form elements — such as list boxes and radio buttons — been shown in the example code. For those readers whose heads are still spinning from the previous two chapters, this material may be a welcome change, in that the explanations are slower paced, with seemingly greater attention given to whether the Drupal newbie will be able to learn what is being taught, step by step. However, any reader who is using this chapter as a reference when creating a custom implementation of hook_menu(), will doubtlessly become frustrated by the inadequate advice on determining the valid possibilities to be used in the access arguments array: "[check] the hook_perm() implementation of the module in question." But what module? The reader is presumably creating a new one from scratch, with no permissions already set; so the authors must be referring to an existing module — but which one? If the reader were to search through all of the core and example modules, he would find no hook_perm() functions. Do the authors mean hook_permission()? This illustrates how critical it is for authors and technical editors of books purportedly for beginners, to strive to put themselves in the shoes of the poor reader, who does not possess their knowledge and experience.

As with any CMS, "content is king" for sites built using Drupal. Thus it is critical for Drupal module developers to know how to dynamically create and manage all of the elements required by a module working with content: node, entities, fields, etc. In earlier versions of Drupal, the familiar "node" concept did not encompass all of the non-node data types, such as users and comments — forcing developers to create workarounds in their modules and in their sites as a whole. Version 7 introduces "entities" and "bundles" (which can be thought of as sub-entities), to allow greater flexibility for programmers. Chapters 6 and 7 delve into these concepts, with plenty of example code and explanations thereof. Readers learn how to create database tables indirectly using the Schema API, define new entities, give users the capability to manage them, encapsulate multiple database operations into transactions, and define new field types, widgets, and formatters.

Chapter 8, which focuses on how to set and use permissions within modules, is straightforward, and includes sections on the secure use of regular form processing, as well as AJAX callbacks (for interactive form behavior that avoids the necessity of reloading the current page). Incidentally, there appears to be an error in the code on page 221: "function example_menu() example_menu() {." Chapter 9 continues in the same realm of security, specifically, use of the Node Access system within Drupal. The coverage is quite thorough, and the only problem is that some of the "tips" blocks repeat information found in the regular text. The chapter concludes with some valuable advice on how to test and debug node access modules, which can be especially difficult.

The last three chapters of the book cover some interesting and worthwhile topics: JavaScript, file management, and installation profiles. Readers learn how to add JavaScript and CSS to a site, how to use the Drupal Library API, and related matters. Sadly, readers may be perplexed by the numerous poorly-constructed sentences — especially near the beginning Chapter 10 — such as "JavaScript within a group and within the sub-group of being or not being included in every page are ordered by weight" (page 291), which sounds like a joint effort by Hamlet and the IRS publications department. The next chapter demonstrates how to use the new files and images API that was introduced in Drupal 7, and which allows developers to reduce the number of contrib modules required for building even the most basic website. Confusingly, the reader is told that, when installing Drupal (presumably version 7), he will probably see three error messages resulting from missing sites/default/files directories; but I certainly did not see this when installing any of the beta or release candidate versions, nor heard this from anyone else. The authors also explain stream wrappers, the Image API, and image styles (and the effects they can utilize). The last chapter shows how to set up custom Drupal profiles, their tasks, and the distributions that can make use of them. The reader is told that "input formats" are now referred to as "text filters," but Drupal 7 appears to have standardized on the term "text formats." The book's two appendices discuss Drupal 7's improved database layer, and security techniques applicable to all versions.

Packt's website states that there are no known errata, so one can only assume that the publisher's editors failed to spot many obvious flaws: "a[n] introduction" (page 1), "eXtensible" (page 10), "However, Not" (page 16), "it's own data" (page 17), "though means" (page 18), "architecture advanced" (page 25; it presumably should read "advanced architecture"), "( a," (page 28), "an[d] equal sign" (29), "the the" (41 and 146), "exercising [of] every" (49), "test[,] absolutely" (53), "a child element[s]" (78), "its" (84; should read "their"), "short-coming" (85), "then" (90 and 98; should read "than"), "you will be passed to" (108), "lets" (120 and 129; should read "let's"), "FormsAPI" (235), "to post spam [to] the site" (254), "ever[y] page" (291), "html" (311; twice), "is to" (318; should read "to"), "how to we" (326), "let's make create" (326), "is [a] result" (365), and "many [of] types" (376). The reviewers section lacks page numbers, but does not lack errors: ", (," "and [a] bug," and "including[,] reviewing."

The writing quality varies from chapter to chapter, and some passages are awkwardly phrased and confusing, such as "each of these two lines were split on to one line" (page 57). Scattered throughout the book, one will find cases of semicolons used where dashes are called for, commas where semicolons are called for, title case used when inappropriate or missing when appropriate (the book's preface is a veritable minefield), compound adjectives missing hyphens, adjectives incorrectly tied to nouns using hyphens, needed commas missing (Appendix A has some egregious examples), and the term "was" used where the subjunctive "were" is called for — in other words, the usual grammatical flaws found in books written by techies. Fortunately, the material is livened up with a few welcome bits of humor, and not the overreaching kind found in many programming books. Even more admirable is the attention to internationalization, unit testing, and other good practices.

The example code within the text may be intimidating to those new to Drupal, but it really helps demonstrate the concepts discussed in the text. The downloadable source code is helpful for avoiding retyping that code from the text, but needs to be cleaned up. For instance, the code for Chapter 4 is in a directory named "1162_04_All code," which suggests that it contains all three versions, but it does not. The code for Chapter 5 is split between a subdirectory named "old," which contains the newest code, and in another directory, "1162_05," which contains older code. The directory "1162_07_Code" contains no fewer than six different (and possibly differing) copies of its example module. How can the reader know which is the correct copy to use for following the book's discussion? Moreover, for some of the chapters, such as 5, the source code listed and discussed in the book does not fully match that provided in the downloadable archive file.

Overall, this book is a substantial contribution to the Drupal literature, but it is weakened by two obvious problems: Firstly, it lacks a chapter or appendix to explain how the reader could contribute a newly-created module to the Drupal community — specifically, Drupal.org's Modules section. This is a glaring omission, particularly in light of the (laudable) encouragement to the reader to participate in the community, as well as the authors' many contributions to the same. Secondly, because this book is supposedly suitable for Drupal beginners, and given the complexity of Drupal's APIs and their code requirements, the authors should have presented the concepts in more digestible chunks, at a slower pace, so as to be easily comprehended by someone new to Drupal programming using APIs. This is especially true of the second and third chapters.

The aforementioned problems could be corrected in a subsequent edition, which would be well worth the effort: Drupal 7 Module Development is an information-packed and wide-ranging resource for experienced Drupal programmers who want to enhance their existing module-building skills, and transfer them to version 7.

Michael J. Ross is a freelance Web developer and writer.

You can purchase Drupal 7 Module Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.