Slashdot Mirror

Reo Strong writes "Yahoo Finance is reporting that Infogrames isn't making enough money and as part of an announcement it was revealed they are selling the rights to the Civilization series. "Bonnell also said that Infogrames recently sold the franchise for the game Civilization, making a capital gain of 15.5 million euros, which should help second-half accounts."

Job Diogenes Ribeiro Borges writes "The Smart Package Manager is an intelligent tool that works on the 'dependency hell' of software upgrading and installation on linux. Works with all major distributions (APT, APT-RPM, YUM, URPMI, etc), supporting multiple sources and technologies concurrently. Yes, you could install from multiple sources, from deb, rpm, tgz at same time! Smart Package Manager is being developed by Conectiva and is the tool that makes the Magic of CrossPlatform package management, behind the recently announced 'Four Linux Vendors Agree On An LSB Implementation.' You can get screenshots here (portuguese texts) and a README here."

Karma Star writes "There is a news article on a new device called a BrainPort, which is special device that is worn like a helmet, with a strip of tape containing an array of 144 microelectrodes hanging off the headset which is placed on the tongue. The BrainPort then sends signals to the tongue which are then picked up by the brain, allowing the user to regain otherwise lost sensory input. More at the NY Times (soul stealing subscription required)."

Thanks to Laurie W, who writes "Sudhain.com has a great comparison of D3 vs. HL2 (funny, too)." From the article: "Since Half Life 2 was released this week, I thought it'd make a good time to take the two games head to head and see which came out on top. I've spent a few hours in the beginning of each, playing through the first few levels. Although I haven't completed either, I've spent enough time in each (I think) to develop a feel for what the later sections of each game will be like. Given that each has been fairly consistent thus far, it'd take a major shift for my opinion of either to change significantly."

BatonRogue writes "Apparently ATI provided a few Half Life 2 benchmarks to the press and some websites are actually using the benchmarks for their Half Life 2 performance reviews. AnandTech and HardOCP seem to be the only reputable sources of Half Life 2 performance data as they both put together their own benchmarks representative of Half Life 2 gameplay. AnandTech apparently went through every Half Life 2 level and put together a list of the 11 most stressful levels and then created 5 demos, while HardOCP put together two long benchmarks for their review. AnandTech and HardOCP's results appear to agree with each other, while the ATI-backed benchmarks show ATI with a huge performance lead in Half Life 2. Apparently (according to the AnandTech article), ATI was allowed to make their demos while at Valve before Half Life 2 was released, while Valve would not let NVIDIA remove any data from their time at Valve until the game was released. Politics at work as usual."

ourcoolroom asks: "I work for a small regional ISP and we are facing a problem which I'm sure anyone who has tried to read a slashdotted article is well aware of. There are times when a large amount of bandwidth is needed for a short period of time. In our case, a few years ago we had a little 250kB Shockwave Christmas card developed. Any suggestions for hosting something that needs a pile of bandwidth for only 4 weeks or so a year would be appreciated." "We weren't particularly impressed with the results so we didn't distribute it, but we did have it on a sub-domain of our website. It sat around for a year or so, and then about the first week of December all of our data circuits were buried. Apparently a link to the card had started to make its way around in an email. We were able to find a place to host the Shockwave file last year, and towards Christmas transferred around 230GB a day just of the Shockwave file. We don't really stand to make any profit so we can't put a huge bankroll on this project, but we would like to have it up for holiday goodwill (that and it's really cool for a company our size to have a page with over 1,000,000 hits/day). We have thought about distributed downloading via BitTorrent, etc, but we feel many of the people who would view the card would not be that savvy."

Tycoon Guy writes "With CSI: Crime Scene Investigation airing its 100th episode this week, I wonder, how do Slashdot readers feel about the show, and its two spinoffs? On the one hand, they've caused a boom in the popularity of forensic science college courses, and they glamorize geeks bent over microscopes, rather than smarmy lawyers. On the other hand, they may also promote an inaccurate view of science: prosecutors throughout the country now worry about juries that refuse to accept eyewitness accounts or even outright confessions, and instead exclusively demand the kind of forensic evidence they see on CSI. But of course, in the real world, you don't get a test like that in mere seconds - or without spending a substantial amount of money. So where does CSI rate on the geek scale for you?"

iman1003 writes "According to an article on Wired, the Senate may soon pass a bill labeled HR2391, a bill which lumps many other copyright bills. If passed the bill would "would criminally punish a person who 'infringes a copyright by ... offering for distribution to the public by electronic means, with reckless disregard of the risk of further infringement.'" In addition the bill would "permit people to use technology to skip objectionable content -- like a gory or sexually explicit scene -- in films, a right that consumers already have. However, under the proposed law, skipping any commercials or promotional announcements would be prohibited." The bill would also punish people "who bring a video camera into a movie theater to make a copy of the film for distribution" with up to three years imprisonment and fines. If any of this worries you please contact your Senators and Representatives and voice your concern."

Pointing to Assistant Professor of Law Susan Crawford's blog, iman1003 writes "The FCC has filed a brief where it claims regulatory power over all instrumentalities, facilities, and apparatus 'associated with the overall circuit of messages sent and received' via all interstate radio and wire communication according to a blog published by Susan Crawford. The blog can be found here and the brief here (in PDF format). Kind of scary if you ask me." Ars Technica has good commentary on this, also referencing Crawford's findings.

BatonRogue writes "I didn't see this anywhere else, but it looks like Intel has quietly launched their Pentium 4 570J running at 3.8GHz. The J denotes Intel's Execute Disable Bit support, which they have also quietly introduced (it seems to save face of being 2nd to support it behind AMD). AnandTech seems to be the only place to have a review of the 570J. It performs reasonably well and even better than AMD in some areas, while falling behind in things like games. AnandTech has a nice one page benchmark comparison of the 570J to AMD's 4000+ as a quick reference."

andrewuoft points out this BusinessWeek article on the budding technology sector of Ukraine; the article points out that Ukraine has -- "after the U.S., India, and Russia -- the fourth largest number of computer programmers in the world" and that "Even today, scientific institutes each year churn out some 50,000 science or technology graduates. Not surprisingly, Ukrainians don't see why their country can't become a big player in the global technology market, like India."

EconolineCrush writes "ATI has released the first Athlon 64 chipset with DirectX 9-class integrated graphics and PCI Express. The Tech Report has an in-depth review of the Radeon Xpress 200 that highlights the chipset's impressive performance and surprisingly competent integrated graphics. It looks like the Radeon Xpress 200 could be the missing link that helps AMD crack Intel's dominance of the consumer and corporate desktop markets."

Ben Rothke writes "Outsourcing information technology has been the rage over the last decade, to the degree that there are not enough bodies in Bangalore and Mumbai for companies such as Wipro, Infosys and Tata to hire. The problem is that many companies have gone down the road of outsourcing without performing the proper due diligence. Rather than saving money, many organizations have found that outsourcing ultimately is much more expensive than keeping security functions in-house, in addition to other negative consequences." Read on for the rest of Rothke's review of Outsourcing Information Security. Outsourcing Information Security author C. Warren Axelrod pages 248 publisher Artech House rating 10 reviewer Ben Rothke ISBN 1580535313 summary Examines security risks related to IT security outsourcing

When it comes to the outsourcing of information security functions specifically, the situation is even worse. Far too few organizations know the inherent risks involved with outsourcing security, and don't properly investigate what they are getting into. The same company that makes it nearly impossible for an employee to enter the office supply closet to get much needed toner cartridge will outsource their intrusion detection, email and firewall systems without a blink.

One of the many reasons companies turn to security outsourcing and managed security services providers (MSSP) is to use their limited internal security staff for more interesting areas such as web development, VPN and e-commerce applications. They will then outsource the boring activities such as firewall and IDS monitoring and maintenance to a MSSP.

Given that activities such as firewall monitoring and administering an IDS in large enterprise requires 24/7 support, it is not unusual for a company to want to outsource such activities; monitoring and administering are not core functions of most organizations.

The trouble comes from the lack of due care often given to choosing a MSSP. With that, Outsourcing Information Security is a long-overdue book that asks the questions that are necessary before an organization decides to outsource any information security function.

The author's general tone is against the outsourcing of information security; but provides readers with the various benefits and risks involved in outsourcing security, and let's them ultimate decide if outsourcing security is right for their organization. It is the reader who must define, evaluate and manage those risks and determine if outsourcing is a viable solution. These include technology, business and legal risks.

The book comprises nine chapters and three appendices totaling a bit under 250 pages. The first two chapters provide a good introduction to and overview of outsourcing and information security, and the associated security risks.

Chapter 3 details various reasons why outsourcing information security makes sense. The chapter includes various tables and references to the many reasons why a company would want to outsource security.

Chapter 4 takes the other side and analyzes the risks of outsourcing. The chapter details the traditional risks, in addition to other factors such as hidden costs, broken promises, phantom benefits and more. The book shows that while many organizations hand over information security responsibility to their MSSP, when things go wrong, they can't effectively blame the MSSP. When things go wrong -- and they will -- all of the fingers in the world can be pointed at the MSSP, but the ultimate responsibility falls on the organization itself. With outsourced security, if something goes wrong, those fingers will point back to the company's security manager, not the incompetent firewall administrator in Bangalore.

The chapter provides a balanced look at the risk of outsourcing, and while calm in its overall approach, the chapter should at least make the person considering outsourcing information security think twice. In fact, the author concludes the chapter by stating "when all of the risks of outsourcing are considered, one wonders how anyone ever makes the decision to use a third party." Nonetheless, there is plenty of evidence that many security activities are indeed outsourced to MSSP, and are often satisfactory from both the buyer's and seller's perspective.

Chapters 5 and 6 provide a thorough summary of the costs and benefits of outsourcing, and provides a method with which to categorize them. The chapter is well suited for a CFO with its discussion of direct vs. indirect costs, controllable vs. non-controllable costs, and much more. These two chapters show that creating meaningful financial numbers to see if outsourcing makes financial sense is not such an easy task. It is important to understand that outsourcing sometimes makes financial sense, but certainly not all the time. For those organizations that don't crunch the numbers seriously at the beginning, these costs can later come back to haunt them in a big way.

Chapters 7 and 8 detail the processes involved in commencing an outsourcing project, from requirements gathering to placing policy against the outsourced company. A mistake many organizations make is failure to ensure that the MSSP is abiding by the client's information security policies, rather than their own.

Similarly, one of the most overlooked areas of outsourcing information security functionality is regulation. A U.S. company may be under numerous regulations, from HIPAA to Sarbanes-Oxley, GLBA, SEC and more; when they outsource their security functionality, the remote technician may not be under the jurisdiction of the SEC; but the corporate data still must be protected according to those regulations.

The main part of the book concludes with chapter 9, which provides a 20-step process to determine if an outsourced security solution is appropriate. In seven pages, the author specifies the various events, tasks and steps that make up the typical outsourcing project.

Appendix A provides a breakdown of the various services that can be outsourced, with Appendices B & C providing brief histories of IT Outsourcing and Information Security.

The only downside to the book is its $85.00 price, which is at the high-end for technology and business books. While the price is high, the book is a huge value for anyone considering outsourcing security. The book asks the questions that are often never asked, and details how the outsourcing of information security is not the slam-dunk that the MSSPs often portray it to be.

For those who know what their security issues are and look to outsource their security functionality to a trusted MSSP, Outsourcing Information Security shows how it can be done. On the other side, for those who are drunk with the panacea that outsourcing security is supposed to provide, Outsourcing Information Security will be a sobering wake-up call.

You can purchase Outsourcing Information Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

red_ed writes "The Noise Report have an interview with Keith Kowal from VIA technologies' Audio division about the future of PC audio. Here's a snippet: 'I think the next big thing will be the widespread adoption of wireless speakers and headphones--cause none of us like a tangle of wires. From a PC infrastructure point of view I can easily see support for these devices being integrated right into the PC.'"

An anonymous reader writes "Electoral-vote.com (and mirrors electoral-vote2.com through electoral-vote8.com) seem to be very slow at the moment. Votemaster ( A. Tanenbaum) just posted 'All the servers appear to be under attack now, also DNS. I added another large multiprocessor but it doesn't seem to help much. I don't this is going to work. Sorry.' Massive attack or just a large flash crowd? Anybody up for some mirroring so votemaster can concentrate on the polls?" Reader fishwack writes with word that as of 3:46GMT (10:46 PM Eastern time in the U.S.) "the Federal Electoral Commission's Web site is down."

Rob Westervelt writes "Computer Associates is making its open sourced Ingres DBMS widely available today on Windows and Linux, pitching its mature features and 64-bit support at Oracle and SQL Server customers."

rtphokie writes "In an article covering bringing wireless and high speed internet connectivity several rural counties near Fredericksburg, VA, a county commissioner comments that transportation issues were once considered the top issue in economic development discussion, now it's the lack of high-speed Internet." Reader Darmok0685 writes "UGO has an interesting feature that explores the future of broadband, with in-depth sections that explore such technologies as Broadband Over Power Lines, WiMax, Fiber to the Home, Stratellite, and ADSL2/ADSL2+. It delves into the pros and cons, as well as giving backgrounds on each."

SilentBob4 writes "Mad Penguin has the first review of the latest VectorLinux release. Vector is based on Slackware Linux, but is built on a newer 2.6.7 kernel (Slackware 10 was still built on a 2.4 kernel with the option of using 2.6) and is optimized to run well on older hardware. Even old Pentium PCs run well on this distro. Complete review with screenshots."

Cloud Fangirl writes "Advent Children.net has updated with their complete report of the 20 minute preview of the film which was shown in Montreal over the weekend. The report covers the screening from beginning to end, with part 2 containing many spoilers. Advent Children is set two years after the events of the popular PlayStation game Final Fantasy VII. It is a CG movie sequel and is expected to be released in 2005." Great follow-up to the background material covered earlier.

BEI01 writes "From windowmaker.org: After years without a release, we are glad to announce that Window Maker 0.90.0 is out! Highlights are NetWM support (thanks to Peter). This means wmaker should work fine with GNOME 2.x and KDE 3.x. UTF-8 support, antialiased text support via Xft2, Xinerama support, enhanced Alt-Tab window switching, Font configuration in WPrefs, and many fixes."

ZIA writes "In response to the continued trend of games being warezed before release, inXile Entertainment, developers of the forthcoming action role-playing game The Bard's Tale, have sent out an amusing press release that pokes fun at the issue. "The Bard's Tale is a highly original game in the same category as a Grand Theft Auto: San Andreas, Half-Life 2 and Halo 2 so we feel some sort of leak that sounds similar to what they have experienced may be the next logical step in our launch plans."

foQ writes "I work in the IS department for a ~2000 networked computer environment across 10 locations. As with most people, we have experienced serious problems with spyware/adware. We have SpyBot and Ad-Aware installed on most computers, but this doesn't prevent the computers from getting these programs and only sometimes properly removes all of them. Is there a tool that we could push out to all the PCs to basically do what anti-virus programs do and block these programs from running and clean them from the computer?"

NerdOfPrey writes "I'm nearing completion of development and testing of my first self-produced commercial application, but just beginning to appreciate the full bevy of other associated tasks ahead. There are help files to compile, end user license agreements to write, a website to create - and a secure online payment system to identify and integrate, automated installers to build, logos to design, marketing, and so on. Are there any good web-based single sources of information covering these sorts of issues? I've never had to do all of these things myself in the past; a comprehensive 'small developers guide' would be of considerable benefit." So is there anything besides "imitate, guess and pray" for all the tasks that come after the app is written?

elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "

Ben Rothke writes "As Henry David Thoreau observed 'The mass of men lead lives of quiet desperation.' That being the case, novels are written, to briefly take such men, out of that quiet desperation, even for a short while. Novels therefore require a certain melodrama and fantasy element. For if the novels lacked such exaggerated drama, it would suffice to read the New York Times, and not Tom Clancy. It is with such a backdrop that The Mezonic Agenda: Hacking the Presidency was written. The book is billed as an interactive techno-thriller novel." Read on for the rest. The Mezonic Agenda: Hacking the Presidency author Dr. Herbert Thompson, Spyros Nomikos pages 448 publisher Syngress rating 7 reviewer Ben Rothke ISBN 1931836833 summary A melodramatic exploration of the dangers of combining unscrupulous electronic voting system makers with a political machine willing to overlook the systems' flaws.

The book chronicles the final week before security expert Professor Chad Davis is to testify before Congress on the security of a commercial e-voting software product made by a fictitious company, Advice Software, Inc.

Davis' testimony will ultimately determine if the software will be implemented for use during the United States' 2004 presidential election, and therefore create a huge windfall for the company. The company will do anything and everything it can to ensure that Davis provides positive testimony. Advice will stop at nothing to complete their mission; that means they'll engage in multiple murders, kidnapping and a slew of other nefarious activities. All of this is addition to simultaneously attempting to corner the video chip market, and create video drivers that send subliminal messages about which candidate to vote for.

As Albert Einstein said, "Make everything as simple as possible, but not simpler." The plot could have been made much simpler to mimic reality and the current state of insecure e-voting systems. As in real life, the e-voting companies are getting away with providing insecure e-voting systems; under the nose of the Federal Election Commission (FEC) and an unsuspecting and apathetic voting public. The idea that an e-voting software company would resort to murder is where the book demonstrates it is a novel.

The reason e-voting companies and their insecure software can run roughshod through the FEC is that voting-system flaws do not have the same immediate tragic consequences that other product failures can. Plane crashes and adverse drug effects spur the FAA and FDA to take drastic actions and often overreact to an event; poorly written and insecure voting software is clearly not as newsworthy as a burning jet.

Combine this with a public that is utterly apathetic to voting in general and the situation is ripe for the situation where e-voting can have a near hypnotic effect on most people involved. Because voter turnout for U.S. presidential elections is quite low (60% of eligible voters cast their ballots in the November 2000 presidential election), and most people are completely unaware of the dangers of insecure voting applications, an under-funded federal agency can be manipulated by the e-voting vendors to roll out insecure voting software.

The international intrigue of the novel takes the reader to the RSA security conference in Amsterdam, where Davis is given a cryptic CD-ROM by Baff Lexicon, a notorious international hacker. Lexicon suggests there is serious problems with the software and will brief Davis at midnight that night at the Amsterdam Hard Rock Cafe on the details. Unfortunately, Lexicon is being trailed by undercover agents from Advice, and is murdered a few hours later by a Yugoslavian hit man that the company seems to have on retainer.

Davis now has the difficult job of unlocking the cryptic information on the CD-ROM on his own. That same CD-ROM is included with the book, and the reader is invited to join Davis in attempting to decrypt the contents of the CD and the conspiracy that Advice Software is attempting to perpetrate; namely the outcome of the 2004 election.

(If you are not interested in buying the book, anyone can download the software without having to buy the book. The software is actually part of a contest and the winner will receive a free pass to the BlackHat 2005 conference.)

A good section of the novel then details how Davis attempts to decipher the secrets that Baff Lexicon was attempting to convey to him. The two authors of The Mezonic Agenda have, respectively, a PhD in applied mathematics and a Master's in chemical engineering, and write in a someone choppy style representative of their technical backgrounds. Occasional errors in grammar and spelling are excused, save for the egregious misspelling of Learjet on page 154.

The story concludes with a moral dilemma that Davis faces: with his wife and daughter kidnapped by the Advice Software hit man, does he provide favorable, yet dishonest testimony about the software and watch his family set free; or tell the truth and watch them die?

The novel itself takes up 240 of the books 370 pages, with the last five parts dedicated to a history of voting, reverse engineering, cryptography, buffer overflows and steganography.

As a standalone novel, the book (while entertaining and enjoyably readable) is somewhat overpriced at $34.95, especially since the enclosed CD-ROM is freely downloadable and the plot is somewhat thin. The non-fiction final section, though, is quite informative and effectively complements the novel.

This novel does a good job of explaining how software can be cracked, and provides the reader with a good overview of security concepts such as buffer overflows, reverse engineering, cryptography, and more. It is hoped that the book will find itself in the hands of members of Congress and the FEC, who truly need to be educated in such fundamental security topics.

As a novel, The Mezonic Agenda will not compete with books from Tom Clancy or Robert Ludlum. But because insecure e-voting is one of the greatest threats to democracy today, it is a much needed title.

You can purchase The Mezonic Agenda: Hacking the Presidency from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

pillageplunder writes "Businessweek offers a pretty balanced read on what challenges Intel faces in the upcoming year. Rivals Samsung and AMD are making inroads on Intels core businesses, an expected cyclical industry downturn looms next year, and with several critical delays in new (for Intel) markets puts its strategy at risk. A neat read."

pillageplunder writes "CNN is reporting that Marvel Enterprises has cut a deal with Frances Antefilms Productions to make an animated TV Series based on the Marvel superheros.

A 'music thief' (apparently) writes "According to Steve Ballmer, CEO of Microsoft: "The most common format of music on an iPod is 'stolen'." He appears convinced Microsoft will lead the way in Digital Rights Management and also believes Microsoft will steal a march on Apple in making the digital home a reality because Apple "doesn't have the volumes". "There is no way that you can get there with Apple. The critical mass has to come from the PC, or a next-generation video device," he said."

Gildor writes "The small town of Riverside, Iowa has long billed itself as the birthplace of James T. Kirk. So they were thrilled when William Shatner came there to film a Star Trek prequel about the early life of Kirk. Except there was no movie. After about 9 days, Shatner announced they were actually filming a reality TV mini-series."

Anonymous Coward writes "The facility that has earned three scientists Nobel prizes, provided the impetus for Berners-Lee's hypertext program (aka the WWW), oh and has also helped answer some fundamental questions regarding the universe has turned fifty today! And with the LHC in development, here's hoping for another 50!"

EhobaX writes "BBC News reports, 'Swiss scientists have found what they say may be Europe's biggest mushroom - covering an area about the size of 35 football pitches.'"

Myrmi writes "It looks as if Hotmail have started to upgrade free Hotmail accounts to 250Mb of space as promised. The account the screenshot is from is an old account - created August 1999 - so I guess they're upgrading the accounts in chronological order. Hopefully they'll get round to newer ones soon."

EconolineCrush writes "If graphics cards that cost more than a mortgage payment make your wallet quiver, it's worth checking out ATI's Radeon X700 and NVIDIA's GeForce 6600 series. Both are based on cut down versions of latest and greatest graphics chips, but at under $200, they sell for a fraction of the price of high-end cards. What's more, these $200 wonders outperform last year's $500 cards, sometimes by embarrassingly large margins. The Tech Report has in-depth reviews of both the GeForce 6600GT and Radeon X700 XT if you're in the market for a next-gen graphics card that's a little more affordable."

Zugok writes "Wordcount.org has an interactive presentation of the 86,800 most frequently used English words. In addition they have Query Count which is a dynamic database of what are the most queried words on Wword Count. Then there is the conspiracy corner where certain words seems to end up in some sort of eerie order. Cowboy comes 14834 and Neal comes 18928. Bebop comes 70673."

Joel Dutt writes "IBM... 'the corporation known as Big Blue has seen its reputation in the global open-source community shift from suspect sugar daddy to knight in shining armor.' Newsweek has an interesting article in its latest issue, discussing the relationship between the open-source community and the corporate giant."

qm_37 asks: "I work for a small software company with a growing customer base. Our current support desk system has worked well for us in the past, but is going to become very unwieldy if it has to grow any more than it already has. We're looking for a more automated system that will do things like filter and direct incoming support e-mails to the support worker assigned to that task, assign and track support issue numbers, and give us a nice searchable database of previous customer issues. We've looked at various solutions ranging from commercial software packages to PHP/CGI-based server scripts, and nothing has really grabbed our attention. We have also considered writing our own system, but the trade-off is that we need to find the time to do it. Does anyone have any experience with a situation like this? Which route do you think we should take for our support system?"

pillageplunder writes "CNN has an interesting article on how different supercomputers from around the world are working to predict large storms tracks. The 3 days it takes now has been cut in half. Cool read."

Oxidation writes "Space.com is reporting that the Genesis satellite crash isn't as bad as it appeared to be in the first place. Furthermore, a prime particle-gathering device "appears intact" states Don Sevilla. (Genesis payload recovery leader at NASA's JPL)"

HunahpuMonkey writes "BBC News is reporting that 'scientists using the Cassini probe have found a new ring and one, possibly two, new objects orbiting Saturn.' The article also notes that the discoveries are in the planet's contorted F-ring region. The ring of new material seems to be associated with Saturn's moon Atlas."

Love to Learn Linux asks: "My company is making the move to Linux. I've been a Windows admin the last 5 years and have been asked to learn Linux. I've got some O'Reilly books but I need some hands on experience. My company will pay for any Linux training I choose. I'd prefer an online course to one of those 4 day classroom courses since I'd like to take my time and really learn it. So far, I've been recommended the Red Hat eLearning course and the O'Reilly Learning Lab. Would you recommend either of these over the other, or are there some better choices?"

Ben Rothke writes "There is a very simple albeit unscientific two-step test to see if a book about security assessments is for the serious security practitioner or for the script kiddie. Step one: Does the book use the term bulletproof or hacker-proof? Such nebulous terms are utterly meaningless. Especially since bulletproof deals with physical objects, and nothing, not anything, can ever be made hacker-proof. The second step is to see the books discussion and placement of the nmap tool within the book. While nmap is a invaluable and important security tool; it is nonetheless but one tool in a large security toolbox. Books that place the bulk of their discussion of nmap at the beginning of a book are generally focused on the blind running of tools without insight or analysis. Those that place nmap towards the latter parts of the book generally focus on the big picture." Rothke reviews below Chris McNab's book Network Security Assessment; read on to see how it handles his assessment. Network Security Assessment author Chris McNab pages 396 publisher O'Reilly rating 8 reviewer Ben Rothke ISBN 059600611X summary To-the-point and practical book for testing your own network, an important tool in the fight to keep out malicious electronic visitors.

With those two tests in mind, Network Security Assessment (NSA) passes with honors. The terms bulletproof or hacker-proof are not found at all. And at 355 pages in length, the book's discussion of nmap starts on page 324; a good sign indeed. NSA is written for a person who needs a thorough introduction to performing network assessments, but does not need the elaborate background that the Hacking Exposed series offers. The book's technical requirements are not that extensive; a basic understanding of security, IP networks, and generic networking is enough to understand the core concepts of the book.

The book's preface starts out with a simple fact, one that is not always obvious to many: It is never impossible for a hacker to break into a computer system, only improbable. When designing and security a network, it is the job of the security architect to maximize that level of improbability as much as possible. Anyone who makes their network even a little bit more security resilient will quickly find a drop in the number of security breaches.

The publication of Hacking Exposed a few years ago started a new era in books about network scanning. Hacking Exposed was the first popular book that detailed how to go about performing a penetration test. In a similar vein, NSA is comparable to Hacking Exposed in that it provides a framework for doing security assessments. The big difference is that NSA provides a much more structured approach to performing the assessment, whereas Hacking Exposed lacked that formal approach. Hacking Exposed also goes into more details in many areas, and its initial title has morphed into many other different titles.

This more formal approach is manifest in the books 14 chapters. The first two chapters of NSA start out with the fundamental need and requirements for performing a network security assessment, and then details the tools and methodologies required to bring that assessment to fruition.

Chapter 3 details the ins and outs of network enumeration and also shows how to use standard utilities such as whois and nmap for network enumeration. Perhaps one of the most beneficial features of the book is the selection of countermeasures that are found at the end of each chapter. These countermeasures are very useful in ensuring that any vulnerabilities are appropriately fixed.

Besides listing methods which an intruder might use to elude common security applications, the book also goes into numerous hacking tools. While some may see this as providing fuel to the fire, it is clear that the tools are readily available (and have been for years). Listing of such tools won't make hacking easier for miscreants and script kiddies; rather it provides a level playing field for systems administrators who need to defend against such hackers.

After network and host enumeration, NSA steps forward into topics such as dealing with web servers and CGI, remote access issues, and ftp and database security issues. Chapter 9 does a good job of focusing on Microsoft Windows security issues. While entire books have been written about weak Windows security protocols such as NetBIOS, SMB and CIFS, NSA does a good job encapsulating ways to keep vulnerabilities here in check. Readers are highly advised to put the Windows networks services countermeasures listed at the end of the chapter into use.

Chapters 10-12 deal with the myriad security issues with email, VPN and RPC issues. While most of the information in these chapters (and the book as a whole) has been elucidated elsewhere, there is nonetheless a lot of valuable information contained in the chapters.

Chapter 13, "Application-Level Risks," is important in that many organizations put far too much emphasis on security the perimeter and forgetting about the application. The need for more emphasis on application-level security is eloquently put by Marcus Ranum when he notes that "these days, with the kind of plug-ins that come in your typical browser, combined with all the bizarre undocumented protocols used by new Internet applications, make it highly unlikely that a firewall is doing anything more complex than a thin layer of policy atop routing. As such, the applications behind the firewall are now more critical to security than the firewall itself. Which should scare the holey moley out of you."

Chapter 14 closes the book with a methodology for running a network security assessment. The author notes that running an assessment requires more thought than simply running security tools in a haphazard manner.

Overall, Network Security Assessment provides a good framework for anyone who is serious about running network security scans to security his perimeter and interior networks. The book is written in a style that is readable and understandable style; while more of an introductory text, it does not treat the reader as a dummy.

When it comes to running a network security assessment, the methodology is often more important than the running of the tools. While there is nothing radically new detailed in NSA, it does provide an effective and comprehensive overview of the issues involved in only 355 pages. If you are looking for a to-the-point book that does not get bogged down with screen prints and meaningless hacker stories and myths, Network Security Assessment is a good place to start.

You can purchase Network Security Assessment from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Skab writes "CNN money is building a case for hypothesizing that John Carmack's next project may be the programmer's last."

Digital_Quartz writes "This week's I, Cringely discusses possible plans for ensuring your data survives Hurricane Frances. I've always though remote backups would be the best solution to a problem like this. Maybe even something as simple as hiding a DVD-R under your desk at work, with all your worldly data on it. How do you secure your precious data against earthquakes, hurricanes, and swarms of locusts?" Reader pillageplunder writes "CNN is reporting: 'Scientists say more storms like Frances -- both very intense and very large -- are likely.' They theorize that warming oceans natural cycles are setting the stage. Some interesting facts throughout the article... Forecasting has gotten better, with a 3 day forecast now having a margin of error or 'only' 200 miles." And an anonymous reader writes "For those peer-2-peer geeks stuck in hurricane Frances, you can now listen to Central Florida Indymedia's coverage of the hurricane. In addition to giving updates about the hurricane, they are playing music, interviews, and relaying other radio stations. Possibly more interesting than the content to Slashdot readers will be the fact that it is being done via peer-2-peer. The java program p2p-radio from p2p-radio.sourceforge.net is being used in conjunction with shoutcast to deliver the content. Details on how to connect are available here on Tampa Indymedia's Website."

aidanpryde asks: "In the weirdest situation I've ever seen. My DVD player died on Saturday while watching the episodes of a favorite sci-fi series. I was watching disk 5 with my wife and noticed that it was getting jumpy. I took the disk out to see if it was dirty or scratched, but seeing nothing, we put the disk back in. Now the DVD player won't read anything, not the Season 5 disk, none of our other disks...nothing! So, we take the DVD player as a loss. Hardware failure happen all of the time, right? So I go downstairs with my wife on another day and try it on her DVD player in her computer. We get through one episode of the disk and it starts to jump again. We take it out, try another disk and sure enough -- nothing works. Has anyone ever run into DVD's that kill DVD players? Is there any way that I can get compensation for my dead DVD players? Is there any ideas as to why this has happened. Can I download firmware updates for the computer drive that may fix the problem?"

neile writes "I stumbled across a fascinating paper over at the Microsoft Typography site today that provides a really nice overview of the different theories on how humans read. If you thought we read by recognizing word shapes, think again! With the assistance of fancy eye-tracking cameras researchers have been able to devise several clever experiments to give us new insight into how reading works." We've linked to some of Larson's work previously.

ChilyMack writes "In a CNet article, Apple senior vice president Bertrand Serlet says, 'A lot of security problems derive from the core ... [With open source code,] thousands of people look at the critical portions of source code and ... check those portions are right. It's a major advantage to have open-source code.'"

Didion Sprague writes "News.com is reporting that XM has decided to "quietly discontinue" the XMPCR -- a tiny USB satellite radio receiver for XM radio. Slashdot readers may remember last week's story about TimeTrax -- homebrewed software that allows XMPCR users to automatically record and tag each song. Now, XMPCR receivers are going for almost $400 on ebay. The RIAA, it should be noted, claims that they weren't "behind the discontinuation of the PCR"."

Mshift2x writes "Like many others, I'm shipping off to college for the first time in a few days. I'm excited, nervous, and a whole array of emotions at the same time. I'm sure many slashdotters have gone through this already, and I'd appreciate any wisdom, suggestions, or thoughts the community could provide." More specifically, phrogeeb writes "Per our earlier Slashdot article on laptop lock insecurity, I've been looking around recently for other options as far as keeping track of my laptop and other semi-expensive and certainly valuable (for a college student) stuff in a dorm room setting. Any ideas? I'm looking for both laptop-specific and comprehensive solutions. Locks? Alarms? Video cameras? Trip wire? (A few serious suggestions would be appreciated.)"

gpmcdermott writes "What does a man with too much time, a jet engine, and his mother-in-law's wheelchair, do? The BBC is reporting on the results on the Beeb."

Warrior-GS writes "According to GameSpy, Gabe Newell has announced that Half-Life 2 is going gold on Monday. Numerous retail outlets have Sept. 1 or Sept. 2 as a shelf-date for the game, so a gold announcement now seems to mean those dates are fairly close to reality." Given that HL2 is already available on Steam, this doesn't sound too far-fetched. Update: 08/28 19:27 GMT by T : Kraiger writes "According to HL2 Fallout the announcement of the futuristic FPS, "Half-Life 2", going Gold is a complete hoax! According to HL2 Fallout, the announcement from Gabe Newell, a Valve Software employee, was created by someone who was able to guess the simple password of "gaben" for Gabe's forum account."