Slashdot Mirror

brothke writes "When I initially read 15 Minutes Including Q&A: A Plan to Save the World From Lousy Presentations, I enjoyed it and thought it was a good book. It was only a few days later, sitting through yet another tedious vendor briefing, when I reread it and truly appreciated how awesome a book it really is." Read on to see what Ben has to say about this book. 15 Minutes Including Q and A: A Plan to Save the World From Lousy Presentation author Joey Asher pages 112 publisher Persuasive Speaker Press rating 10/10 reviewer Ben Rothke ISBN 0978577620 summary Great book on how to make your presentation heard Author Joey Asher's premise is quite simple and intuitive: if you as a salesperson (or anyone trying to get a message across) can't state your case simply and succinctly, no one is going to get it or care. He notes that a major problem is that far too many salespeople and speakers waste their time on areas they think is important; but not on what the attendee wants to hear.

Asher notes that every day, businesspeople bore listeners with presentations that ramble on, make no clear points and fail to address the attendee 's key concerns. His book lays out a plan for eliminating lousy presentations.

The introduction asks the basic question, why do most presentations stink? The answer Asher gives is that they ramble on, fail to make any points, try to say so many things that they become unwieldy PowerPoint death stars with no impact and ignore key audience concerns.

Asher's answer to the problem is this: keep the presentation short; leave ample time for Q&A and work to get a compelling dialogue and interaction with the attendees. That is the premise of the first two chapters.

The book is divided into 3 sections. Part 1 is about preparing a seven-minute rifle shot presentation. In essence, tell your entire story in about seven minutes. While counter-intuitive at first; the book shows how this can be achieved.

The focus of chapter 3 is to start by focusing on key business challenge. Asher warns against starting a presentation by giving a bunch of background information about the approach. In addition, don't tell the history of the project or do anything other than shine a light on the attendee 's key problems. He suggests using short stories to succinctly illustrate the issue. Just think of how many presentations you have been in where the speaker did not get to the point until 25 minutes and 20 slides into the presentation.

Chapter 11 is titled creating slides to support your message. The book astutely notes that preparing presentations has to a large part become an exercise in preparing PowerPoint slides. The reality is that it should be an exercise in figuring out how to tell your story. Asher notes that if you want to use slides well, you should only prepare your slides after you have figured out the story that you plan to tell your audience. The failure of many presentations is that the PowerPoint drives the story and not the other way around.

Part 2 is about allowing listeners to fill in the blanks and raise questions with Q&A.Asher suggests in chapter 12 to make Q&A a major part of your presentation strategy. He notes that Q&A allows the audience to guide the message and fill in missing information. It also gives the speaker the chance to persuade by responding to objections. And finally, it improves the speaker's communications style.

While he may not realize it, Asher has uncovered what is the Achilles heel of many project problems and failures. It is that the salesperson sells an obtuse problem to a clueless customer who is oblivious to what they want or how they are going to deploy the solution.

The beauty of Q&A is twofold: first, it requires the salesperson to clearly articulate what they are selling, and the customer to articulate what their specific problems are. The answer should be a clear understanding of the issue and how the product can solve it. But the reality is that many companies will deploy expensive hardware or software solutions (often costing millions of dollars) without really understanding why they are embarking on such a venture.

The book concludes with part 3, on delivering the presentation with intensity. Part 3 moves away from the PowerPoint and into areas such as eye contact, voice energy, rehearsal and other important points. These are critical areas as even the best presentation delivered without intensity can turn into a fruitless endeavor.

While the title 15 Minutes Including Q&A: A Plan to Save the World From Lousy Presentations may border on hyperbole, the reality is that the term death by PowerPoint is a real problem. The book shows a clear path in which to stop that. At 104 pages, Asher writes like he talks, clearly, succinctly and to the point. For many people, it is only after reading this important book when they will truly understand how much of their lives are wasted in by viewing pathetic PowerPoint's and listening to rambling sales monologues.

The truth is that Asher's points don't have to be limited to PowerPoint presentations exclusively. Be it e-mail messages, memos, status reports, proposals and more; if you can get to the point, and get your point across, you are often more likely to succeed.

At $7.95, the book is about as inexpensive as they get, which means you can also give ample copies to numerous people in your organization. In fact, it should be required reading to anyone who will be using PowerPoint and giving presentations.

Ultimately, the value of 15 Minutes Including Q&A: A Plan to Save the World From Lousy Presentations is best summed up by Scott Leslie who suggests that one keep extra copies of this book in their briefcase at all times. Next time you re forced to listen to someone laboriously narrate bullet points, quietly slip a copy in the presenters briefcase without them noticing and sign it: "Thought you might enjoy reading this. That way, maybe your audience will enjoy your next presentation. "

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase 15 Minutes Including Q&A: A Plan to Save the World From Lousy Presentations from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Peterus7 writes "I'm a student teacher in an 8th grade science classroom, and have noticed that students are very motivated by anything online. After realizing that, I've been looking for ways to incorporate internet resources into my teaching, and trying to find cool citizen science projects, activities, and simulations that would be appropriate for a grade school science class, such as galaxyzoo and fold.it. So, I'm asking slashdot for more resources that could help bring science to their lives. Thanks!"

brumgrunt writes "With Source Code already attracting strong reviews, the signs are good that 2011 will be a solid year for sci-fi. Den Of Geek has tracked down 10 upcoming sci-fi movies worth keeping an eye on" The nice thing about this write up is that it's not about the summer blockbuster brand of sci-fi, but mostly about the (somewhat) more traditional stuff. Here's hoping there's a few gems worth getting a babysitter for.

aarondubrow sends in this snippet from an article at the Texas Advanced Computing Center: "Over billions of years, fungi and bacteria have evolved enzymes to convert abundant cellulosic plant matter into sugars to use as energy sources to sustain life. It's a great trick, but unfortunately, these enzymes don't work fast enough...yet. So computational scientists at NREL, in collaboration with a large experimental enzyme engineering group, set about trying to understand and design enhanced enzymes to ... lower the cost of biomass-derived fuel to serve the global population (abstract)."

brothke writes "One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes 'tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.' Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security." Keep reading for the rest of Ben's review. Social Engineering: The Art of Human Hacking author Christopher Hadnagy pages 408 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 0470639539 summary Definitive text on social engineering With that, Social Engineering: The Art of Human Hacking is a fascinating and engrossing book on an important topic. The author takes the reader on a vast journey of the many aspects of social engineering. Since social engineering is such a people oriented topic, a large part of the book is dedicated to sociological and psychological topics. This is an important area, as far too many technology books focus on the hardware and software elements, completely ignoring the people element. The social engineer can then use that gap to their advantage.

By the time that you start chapter 2 on page 23, it is abundantly clear that the author knows what he is talking about. This is in stark contrast with How To Become The Worlds No. 1 Hacker, where that author uses plagiarism to try to weave a tale of being the world’s greatest security expert. Here, Hadnagy uses his real knowledge and experience to take the reader on a long and engaging ride on the subject. Coming in at 9 chapters and 360 pages, the author brings an encyclopedic knowledge and dishes it out in every chapter.

Two of the most popular books to date on social engineering to date have been Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack.

The book digs deep and details how the social engineer needs to use a formal context for the attack, and breaks down the specific details and line-items on how to execute on that. That approach is much more suited to performing social engineering, than simply reading about social engineering.

Chapter 1 goes though the necessary introduction to the topic, with chapter 2 detailing the various aspects of information gathering. Once I started reading, it was hard to put the book down.

Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet(Pdf) that is uses to assist agents with elicitation.

After elicitation, chapter 4 details the art of pretexting, which is when an attacker creates an invented scenario to use to extract information from the victim.

Chapter 5 on mind tricks starts getting into the psychological element of social engineering. The author details topics such as micro expressions, modes of thinking, interrogation, neuro-linguistic programming and more.

Chapter 6 is on influence and the power of persuasion. The author notes that people are trained from a young age in nearly every culture to listen to and respect authority. When the social engineer takes on that role, it becomes a most powerful tool; far more powerful than any script or piece of software.

The author wisely waits until chapter 7 to discuss software tools used during a social engineering engagement. One of the author’s favorite and most powerful tools is Maltego, which is an open source intelligence and forensics application. While the author concludes that it is the human element that is the most powerful, and that a great tool in the hand of a novice is worthless; the other side is that good tools (of which the author lists many), in the hands of an experienced social engineer, is an extremely powerful and often overwhelming combination.

Every chapter in the book is superb, but chapter 9 – Prevention and Mitigation stands out. After spending 338 pages about how to use social engineering; chapter 9 details the steps a firm must put in place to ensure they do not become a victim of a social engineering attack. The chapter lists the following six steps that must be executed upon:

Learning to identify social engineering attacks

Creating a personal security awareness program

Creating awareness of the value of the information that is being sought by social engineers

Keeping software updated

Developing scripts

Learning from social engineering audits

The author astutely notes that security awareness is not about 45- or 90-minute programs that only occur annually; rather it is about creating a culture and set of information security standards that each person in the organization is committed to using their entire life. This is definitely not a small undertaking. Firms must create awareness and security engineering programs to deal with the above six items. If they do not, they are them placing themselves at significant risk of being unable to effectively deal with social network attacks.

As to awareness, if nothing else, Social Engineering: The Art of Human Hacking demonstrates the importance of ensuring that social engineering is an integral part of an information security awareness program. This can’t be underemphasized as even the definitive book on security awareness Managing an Information Security and Privacy Awareness and Training Program only has about 10 pages on social engineering attacks.

There are plenty of security books on hardware, software, certification and more. Those were perhaps the easy ones to write. Until now, very few have dealt with the human element, and the costs associated with ignoring that have been devastating. Social Engineering: The Art of Human Hacking is a book that is a long time in coming, but worth every page.

While seemingly geared to the information security staff, this is a book should be read by everyone, whether they are in technology or not. Social engineering is not something that just occurs behind a keyboard. Social attackers know that. It is about time everyone else did also.

Reviewer Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Social Engineering: The Art of Human Hacking from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brumgrunt writes "Why do videogames still treat sex in such a two dimensional way? Why do they snigger at it, or treat it as a reward? Den Of Geek has been taking a look." I always figured it was some combination of games being made by our inner adolescent, marketed to the outer ones, and getting banned whenever they take sex seriously.

superglaze writes "The Business Software Alliance, a lobbying organisation representing the likes of Microsoft, Adobe and Apple, has laid into the UK's recently-adopted policy of mandating the use of open standards wherever possible in government IT systems.The policy describes open standards as being "publicly available at zero or low cost" and having "intellectual property made irrevocably available on a royalty-free basis" The BSA said this would "inadvertently reduce choice [and] hinder innovation", and even went so far as to claim open standards would lead to higher e-government costs, but open-source advocates say the policy reflects how much the European Interoperability Framework is weighted in favour of the proprietary software companies."

brumgrunt writes "Has Syfy fallen out with science fiction altogether? A look at its latest scheduling shows that it's further away from its roots than ever. 'There's still a lot of the older sci-fi content on the airwaves, but it's slowly being phased out, and forget about original programming. After all, this is the programming crew who ruined Caprica by stuffing it into the Friday night death slot and splitting the season into two parts. These are the geniuses who killed off Stargate Atlantis and Stargate Universe. These are the people who wrecked Farscape, one of the most inventive and fun sci-fi shows to ever be on television. They also ended Mystery Science Theater 3000, only the greatest show ever invented by robots in space.' Is this now as good as it gets?"

merlock18 writes "Is it un-natural to talk to a computer? After discussing the outcome of the Jeopardy game with some colleagues, they seem to think it is mildly 'scary' to talk to a computer and have it competently talk back. Is this what everyone thinks? I was thinking to myself how much I would like to be able to even tell my computer to open programs by telling it vocally. A simple idea that I am fairly surprised is not common. Am I a minority in this one? Do people just not like the idea of talking (without cursing) to a computer, let alone have it act or reply? Would anyone else be interested in building their own mini-Watson, or is this just scary?"

sylphsama writes "A company named 'IllusionMage" deceptively resells a 3D open source animation package (Blender) and claims it as their own. The software, dubbed IllusionMage, portrays flagrant similarities with Blender, although outdated compared to the original. The website itself is a patchwork of sorts, using renders from different users and numerous other packages as a way to impress its visitors. Not only is that a breach of copyright, but they intentionally hide that the software is distributed under the GNU GPL license, rendering it free to use. The Blender Foundation itself has spoken out through its chairman Ton Roosendaal." I love that they promise "Free Updates For Life. All From the Thriving Open Source Community, This Software is Forever Improving."

SkinnyGuy writes "Carbon nanofibers and nanotubes are the future of computers, cars, energy and more, but it won't happen until someone figures out how to make carbon nanotubes more efficiently and in formations that can deliver enough energy and functionality to offer practical solutions for real-world problems. Honda's latest breakthrough could be the first step. Of course, Intel is working on similar carbon nanotube fabrication technology. Whoever finally delivers a practical solution, it sounds like a win-win for us."

Globally Mobile writes "The Register has this article concerning GE's announcement that it has been developing a 1 terabyte DVD-size disk that can be read by a modified Blu-ray player. Peter Lorraine, GE's lab manager, talking at an Emerging Tech conference last week, said that license announcements could be expected soon. He also mentioned the notion of disks having the capacity of 100 Blu-ray disks, implying a 2.5TB or even 5TB capacity, gained by increasing the number of layers used for recording. The discs will be used for high-end commercial niches initially and then migrate to consumer markets in 2012-2015. Also here is a video of the technology explained. Wish we could see this sooner! Reminds me of the technology that Bowie's character came up with in The Man Who Fell to Earth."

schwit1 sent us an LA Times article about another step in the seemingly unending media consolidation. This time it's Cable giant Comcast Corp. looking at NBC. NBC owns a slew of channels, including Bravo, USA and Syfy (who might have the single lamest rebranding since Spike). The article says that it would be far cheaper than the Disney deal Comcast tried to pull off 5 years ago.

EconolineCrush writes "The Tech Report has published the first details describing the architecture behind Nvidia's upcoming Fermi GPU. More than just a graphics processor, Fermi incorporates many enhancements targeted specifically at general-purpose computing, such as better support for double-precision math, improved internal scheduling and switching, and more robust tools for developers. Plus, you know, more cores. Some questions about the chip remain unanswered, but it's not expected to arrive until later this year or early next."

schwit1 writes "The Washington Times reports, 'The problems at the National Science Foundation (NSF) were so pervasive they swamped the agency's inspector general and forced the internal watchdog to cut back on its primary mission of investigating grant fraud and recovering misspent tax dollars.' One senior executive at the National Science Foundation spent at least 331 days looking at pornography on his government computer, records show. The cost to taxpayers: up to $58,000. Why aren't they running a product like Websense?"

gijoel writes "Someone with too much time on their hands and access to Auto-Tune has taken clips from Carl Sagan's Cosmos series to make this fantastic song. Watch for the Stephen Hawking cameo."

tsu doh nimh writes "The Washington Post's Security Fix blog has published a rapid-fire succession of investigative stories on the theft of hundreds of thousands of dollars from companies, schools, and public institutions at the hands of organized cyber thieves and 'money mules,' willing or unwitting people recruited via online job scams. Some businesses are starting to challenge the financial industry's position that they are not responsible for online banking losses from things like keystroke logging malware that attacks customer PCs. Last week, a Maine firm sued its bank, saying the institution's lax approach to so-called multi-factor authentication failed after thieves stole $588,000 from the company, sending the money to dozens of money mules. The same group is thought to have taken $447,000 from a California wrecking company, whose bank also is playing hardball. Most recently, the Post's series outlined a sophisticated online system used by criminals to recruit, track and manage money mules."

BJ_Covert_Action writes "SpaceX announced recently that it would be integrating a stripped-down test version of its own Dragon cargo capsule as the payload for its first Falcon 9 test launch. The Falcon 9 rocket is currently scheduled to launch on November 29 of this year if everything goes according to plan. However, Elon Musk admits that launch day will likely slip to sometime early next year. The Falcon 9 is the heavy launch vehicle designed by SpaceX to be used as a cheap, commercial alternative to existing United States launch platforms. Having launched a few successful light missions with the Falcon 1 rocket, SpaceX is going to launch the Falcon 9 as its next milestone in commercializing the space industry. Utilizing its own cargo capsule as the first Falcon 9 payload will effectively give SpaceX double the tests for one launch slot on the Cape Canaveral range. The capsule that will be used is a test version of the full Dragon capsule that encompasses primarily the structure and a few components of the full version. It served originally as a ground test platform for the Dragon design team and now will double as an orbital testbed. If nothing else, the announcement upped the ante in the commercial space market by showing the SpaceX is capable and willing to push the envelope on its development schedules. It should serve as a proper motivator for other commercial competitors such as Orbital Sciences with their Cygnus capsule, which is also under development."

sertsa writes "Earlier this year a group of researchers at the University of Washington came up with a scheme to use peer-to-peer networks to store and, ultimately, to forget the keys for encrypted messages, causing them to 'Vanish.' Now a group from researchers from UT Austin, Princeton, and the University of Michigan has come up with a way to break this approach, by making a single computer appear to be many nodes on the p2p network. 'In our experiments with Unvanish, we have shown that it is possible to make Vanish messages reappear long after they should have disappeared nearly 100 percent of the time...'"

Busshy writes "Darkchen has released a Gameboy Advance emulator for the Nintendo DS/DSi that plays full speed with frameskip. This can only be played with the homebrew dev cart, the DS iPlayer. The emulator adds save states, cheats and tools to GBA games, and for DSi Fans the ability to finally get over the loss of the GBA Slot on the DSi."

ZipK writes with an update to last month's FCC inquiry that landed Apple and AT&T in hot water over the apparent rejection of a Google Voice app for the iPhone. All three companies submitted statements to the FCC — Apple claimed the app hadn't been rejected at all, that they were simply "studying" it further. The public version of Google's statement contained a redacted section, which they politely referred to as "sensitive," but after seeing Apple's comments, they decided to reveal the entire document. Google's FCC filing directly contradicts what Apple said: "Apple's representatives informed Google that the Google Voice application was rejected because Apple believed the application duplicated the core dialer functionality of the iPhone. The Apple representatives indicated that the company did not want applications that could potentially replace such functionality." (PDF, page 4.) Apple quickly released a statement reiterating that they did not reject the app.

Combat Wombat writes with this excerpt from the Register: "New data breach rules for US healthcare providers have come under criticism from a security firm that specialises in encryption. As part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which comes into effect from 23 September, health organisations in the US that use encryption will no longer be obliged to notify clients of breaches."

chalkyj writes "NCSoft has announced that they will be dropping GameGuard from the western launch of their upcoming MMORPG, Aion. The flawed Korean anti-cheat software has been heavily criticized for employing root-kit like techniques and conflicting with many hardware configurations. The final straw is thought to have been the stability issues experienced by players during open beta and the community outcry it caused. The decision makes Aion, which recently announced over 400,000 western pre-orders, a real contender in the western MMO market."

Lucas123 writes "Three-year-old start-up Pliant Technology today announced the general availability of a new class of enterprise SAS solid state disk drives that it claims without using any cache can achieve up to 180,000 IOPS for sustained read/write rates of 500MB/sec and 320MB/sec, respectively. The company also claims an unlimited number of daily writes to its new flash drives, guaranteeing 5 years of service with no slowdown. 'Pliant's SSD controller architecture is not vastly different from those of other high-end SSD manufacturers. It has twelve independent I/O channels to interleaved single level cell (SLC) NAND flash chips from Samsung Corp. The drives are configured as RAID 0 for increased performance.'"

NiteMair writes "The Haiku project has finally released an official R1 alpha, after 8 years of development. This marks a significant milestone for the project, and it also debuts the first official/publicly available LiveCD ISO image that can be easily booted and used to install Haiku on x86 hardware. Haiku is a desktop operating system inspired by BeOS after Be, Inc. closed its doors in 2001. The project has remained true to the BeOS philosophy while integrating modern hardware support and features along the way." Eugenia adds this link to an article describing the history of the OS, along with a review of the alpha version."

Dagondanum writes "Armadillo Aerospace has officially won the 2009 Northrop Grumman Lunar Lander Challenge Level 2, on a rainy day at Caddo Mills, Texas. Reports came in from various locations during the day and spectators posted videos and images using social networking tools such as Twitter. The Level 2 prize requires the rocket to fly for 180 seconds before landing precisely on a simulated lunar surface constructed with craters and boulders. The minimum flight times are calculated so that the Level 2 mission closely simulates the power needed to perform a real descent from lunar orbit down to the surface of the Moon. First place is a prize of $1 million while second is $500,000."

Hynee writes "As tweeted, NASA has released 10 new images, all from the new WFC3 instrument and others, including the Cosmic Origins Spectrograph. Images include NGC 6302, Carina Nebula, Stephan's Quintet, Markarian 817, Abell 370, and a few others. Great looking stuff, the WFC3 has twice the resolution of the WF/PC2, on the CCD at least, if memory serves correctly. Eta Carina is a fascinating object, and there are at least two releases in this 'Early Release Observations' set." Here is a video about the new images at Hubblesite.org, and a full HubbleSite.org release page with 56 images.

griffjon writes "OLPCNews covers the sneak-preview of the updated One Laptop Per Child 1.5 hardware version. The good news is: full-screen YouTube videos, Java, and access to the gnome desktop. Read more about the updated hardware and chipsets in the fine article."

RobotsDinner writes "Illinois Governor Pat Quinn has signed into law a bill that bans all registered sex offenders from using social networks. '"Obviously, the Internet has been more and more a mechanism for predators to reach out," said Sen. Bill Brady (R-Bloomington), a sponsor of the measure and a governor candidate. "The idea was, if the predator is supposed to be a registered sex offender, they should keep their Internet distance as well as their physical distance."'"

RobotsDinner writes "After Monday's story about intrusive, loading-screen ads being retroactively added to the PSN racing title Wipeout HD, the popular uproar has indeed succeeded in getting Sony to pull them. You can put your pitchforks down; your voice has been heard! A Sony spokesman said, 'The ad has been removed from Wipeout HD and we are investigating the situation to ensure that any in-game advertising does not affect gameplay.'"

RobotsDinner writes "Anil Dash has a thoughtful exploration of Apple's notorious devotion to secrecy, and argues that not only is there a limit to its feasibility, but that recent events show Apple has reached that limit already. 'If the ethical argument is unpersuasive, then focus on the long-term viability of your marketing and branding efforts, and realize that a technology company that is determined to prevent information from being spread is an organization at war with itself. Civil wars are expensive, have no winners, and incur lots of casualties.'"

Dr_Ken writes to mention recent coverage of a Harvard Cyber-Law study on Techdirt that analyzes the uses of copyright in the academic world. Some are claiming that the applications of copyright in academia are stifling and that we should perhaps go so far as to abolish copyright in the academic world entirely. "I've even heard of academics who had to redo pretty much the identical experiment because they couldn't even cite their own earlier results for fear of a copyright claim. It leads to wacky situations where academics either ignore the fact that the journals they published in hold the copyright on their work, or they're forced to jump through hoops to retain certain rights. That's bad for everyone."

Levonn Lawrence writes "Moving into day four of seven, The Speed Gamers (TSG) continue to play a Final Fantasy marathon for an unusual reason: charity. The guys at TSG are playing through every main Final Fantasy game, from one to twelve, over a period of seven days in hopes or raising $50,000 for ACT Today (Autism Care and Treatment). The marathon is streamed live for people to watch. ACT is a charity helping to financially support families effected by Autism. The marathon started 6pm CST, Friday, July 17th, 2009 and is going until Friday, July 24th 2009. So far they've raised over $26,000 (not a typo) and they're only 89 hours in."

SoaringIsAwesome writes "Dan Edwards, a student at NC State University, is attempting to break two records by creating an autonomous glider. The project goal is a 142-mile cross country flight and a 25-mile flight (with return) without human intervention. The glider finds thermal updrafts and automatically circles them to gain altitude, much like birds and insects do. Recently, the glider flew in the desert for 4.5 hours, covering 70.5 miles by itself using only air currents to stay aloft. Since the NC State demonstration vehicle does not have a motor, this shows real promise for unmanned aerial vehicles (UAVs) that actually have a motor, with possibilities of extending flight duration considerably. Combine daytime soaring with a solar energy system to charge batteries for the night, such as the 84-hour flight by QinetiQ's Zephyr, and you might just get an answer to flying for months on end. With this kind of endurance, the eye in the sky that the city of Lancaster is considering might be even more practical."

William Gibson's Neuromancer was first published 25 years ago. Dr_Ken writes with an excerpt from an article at MacWorld that delves into the current state of some of the technology that drives the book: "'Neuromancer is important because of its astounding predictive power. Gibson's core idea in the novel is the direct integration of man and computer, with all the possibilities (and horrors) that such a union entails. The book eventually sold more than 160 million copies, but bringing the book to popular attention took a long time and a lot of word-of-mouth. The sci-fi community, however, was acutely aware of the novel's importance when it came out: Neuromancer ran the table on sci-fi's big three awards in 1984, winning the Hugo Award, the Philip K. Dick Memorial Award, and the Nebula Award.'"

Dr_Ken writes "According to this news story in Ananova, the Indian Defense Ministry is looking into a cheaper and simpler form of tear gas agent for riot dispersal and crowd control. From the article: 'Defense researchers say the idea is to replace explosives in small hand grenades with a certain variety of red chili to immobilize people without killing them, reports the BBC. The chili, known as Bhut Jolokia, is said to be 1,000 times hotter than commonly used kitchen chili. Probably much cheaper to fabricate than conventional CN or CS gases and way less toxic, too.'"

incognito84 writes "The development team responsible for the creation of the freeware game America's Army 3 has been canned, days after the launch of the highly flawed game, which was distributed mostly via Steam. 'The anonymous America's Army 3 developers in touch with Kotaku unsurprisingly didn't sound too pleased with the current situation, venting that "a lot of good people [worked] insanely long hours on this game that was butchered by outside sources.' The game's launch was plagued by massive server authentication issues which inhibited most players from playing it even two days afterward. One of the developers made a post on the official forums saying they were 'effectively stabbed in the back,' and that much of the funding was filtered to the bureaucracy. A patch has been released to address some of the game's issues."

Dr_Ken writes "The Tactical Corset — It's leather, for that post-apocalyptic fashion style that all pop-culture hipsters love, it lifts and separates, has garters, and includes a pistol holster and an attached equipment pouch for 'interrogation gear' too. Practical, tactical, stylish and kinky. What more could a geek like you ask for?"

Life2Death writes "I've been working with computers for a long time, and every once and a while someone close to me has a drive go belly up on them. I know there are big, expensive recovery houses that specialize in mission-critical data recovery, like if your house blew up and you have millions of files you need or something, but for the local IT group, what do you guys use? Given that most people are on NTFS (Windows XP) by the numbers, what would you use? I found a ton of tools when I googled, and everyone and their brother suggests something else, so I want to know what software 'just works' on most recoveries of bad, but partially working hard drives. Free software always has a warm spot in my heart."

superglaze writes "Google has unveiled a distributed, P2P-based collaboration and conversation platform called Wave. Developers are being invited to join an open source project that has been formed to create a Google Wave Federation Protocol, which will underlie the system. Anyone will be able to create a 'wave,' which is a type of hosted conversation, Google has said. Waves will essentially incorporate real-time dialogue, photos, videos, maps, documents and other information forms within a single, shared communications space. Developers can also work on embedding waves into websites, or creating multimedia robots and gadgets that can be incorporated within the Google Wave client." Jamie points out this more informative link.

superglaze writes "Jon von Tetzchner, Opera's CEO, has claimed that the open standards in HTML 5 will make it unnecessary to deliver rich media content using the proprietary Flash. '"You can do most things with web standards today," von Tetzchner said. "In some ways, you may say you don't need Flash." Von Tetzchner added that his comments were not about "killing" Flash. "I like Adobe — they're a nice company," he said. "I think Flash will be around for a very, very long time, but I think it's natural that web standards also evolve to be richer. You can then choose whether you'd like [to deliver rich media content] through web standards or whether you'd like to use Flash."'"

Parz writes "The recent announcement that the upcoming Ghostbusters game will be a timed PlayStation exclusive in the PAL territories — revealed a mere month before release — has set a nasty precedent which could have long-term repercussions for the industry. This Gameplayer article explores how this generation of gaming has spiraled into a tit-for-tat war on third-party exclusivity deals instigated by Sony and Microsoft, and the effect it is having on the psychology of the consumers. The Ghostbusters developers aren't pleased by Sony's deal, and the Guardian questions whether the game will be big enough to really affect console sales."

jchrisos writes "Microsoft is planning to disable autorun in the next Release Candidate of Windows 7 and future updates to Windows XP and Vista. In order to maintain a 'balance between security and usability,' non-writable media will maintain its current behavior however. In any case, if it means no more autorun on flash drives, removable hard drives and network shares, that is definitely a step in the right direction. Will be interesting to see what malware creators do to get around this ..."

Parz writes with word that new information is emerging about the much-anticipated BioShock 2. Eurogamer has a detailed write-up about the game, saying that it raises curiosity and exhibits plot-depth in a manner similar to the first game. Gamespot has a video interview with some of the developers, in which they talk about some of the new environments and how they're able to do more with the story in a sequel by not having to explain the fundamental characteristics of the setting. In an interview with Gameplayer, Lead Level Architect Hogarth de la Plante said, "You'll see locations in BioShock 2 that are completely flooded interior structures that you can walk through out in the ocean." A gameplay trailer was recently released, and screenshots are available as well.

CrustyFace writes "Cybernit reports that the Starter Edition version of Windows 7 will only allow the user to run 3 applications at once. Targeted at notebooks, this doesn't seem like such a bad limitation, however it is a bold move from Microsoft, and it will be interesting to see how the operating system sells."

Parz writes "In June, Nintendo will be releasing a peripheral called MotionPlus. This small device attaches to the bottom of the Wii-mote and acts as a more sophisticated motion-sensor to the controller as it currently stands. Its goal is to bring greater parity between a user's movements and the animations that they bring to life on-screen. Gameplayer got some hands-on time with the device, and they are extremely impressed." The MotionPlus will only affect new games; Nintendo has said they have no plans to add support for older titles. Virtua Tennis 2009 will be the first game to support it, and Eurogamer has a look at the game both with and without the MotionPlus.

Nicola Hahn writes "One of the first things I noticed while flipping through this hefty book is the sheer number of topics covered. Perhaps this is a necessity. As the author puts it, rootkits lie "at the intersection of several related disciplines: computer security, forensics, reverse-engineering, system internals, and device drivers." Upon closer inspection, it becomes clear that great pains have been taken to cover each subject in sufficient depth and to present ideas in a manner that's both articulate and well organized. This accounts for the book's girth; it weighs in at roughly 900 pages." Keep reading for the rest of Nicola's review. The Rootkit Arsenal author Reverend Bill Blunden pages 916 publisher Wordware Publishing rating 5 Shuriken reviewer Nicola Hahn ISBN 1598220616 summary A solid treatment of rootkits and anti-forensics This book is comprehensive enough to appeal to both novices and journeymen. To set the stage, the Rootkit Arsenal begins with a review of foundation material: the IA-32 execution environment, memory management, kernel-mode subtleties, call hooking, detour patching, and so forth. Yet, while the author devotes a significant amount of effort to explaining prerequisites and customary rootkit techniques, there's an abundance of more sophisticated content to engage more experienced members of the audience. For example, his explanation of how to use the WSK API and the most recent incarnation of the NDIS library (version 6.0) to construct covert channels over DNS is worth a read. I also appreciated his meticulous discussion of how to properly install Call Gates and handle the foibles of multi-processor systems.

One of the book's strong points is that there's coverage of issues which traditionally haven't appeared in books on this subject. For instance, there are several sections devoted to the Windows startup process and how it relates to the operation of bootkits. Part 3 of the book, which consists of four chapters, focuses on anti-forensics, with an emphasis on defeating file system analysis and the examination of an unknown executable. To this end, Reverend Bill ventures off into the tactics used to implement binary armoring, FISTing, obfuscation, code morphing, file scrubbing, and data contraception.

Not content to merely explain the basic mechanics of a particular scheme, Reverend Bill often illustrates how he derived his results and encourages the reader to verify what they've seen with a kernel debugger. This is a recurring theme throughout the book. Rather than just teach the reader a collection of tricks, the author demonstrates how the reader can identify new ones independently. After all, specific holes come and go, but the art of finding new ones will always have utility. This more than justifies the lengthy discussion of kernel debugging earlier on in the book.

All told, the book is reasonably self-contained. The source code examples are clean, instructive, and have been included in the book's appendix. As Reverend Blunden notes, the "Rootkit Arsenal" isn't about a specific rootkit that someone wrote (though such books exist). It's really about the rootkit that the reader will construct, such that the focus is on the nature of the tactics rather than a proof-of-concept rootkit. In this spirit, examples are long enough to illuminate potential sticking points but not so long that the reader feels like they're wading through mud in search of diamonds.

The author also exhibits good form in terms of giving credit where it's due. In the book's preface he specifically acknowledges a number of researchers who have made lasting contributions to the collective repository of knowledge (Mark Ludwig, Greg Hoglund, the grugq, Sven Schreiber, Joanna Rutkowska, Richard Bejtlich, etc.). While the author admits that many of the book's ideas can be unearthed by skulking about obscure regions of the internet, the real service that this book provides is to consolidate all of this disparate information together into one place, offering working implementations of each concept, and doing so in a remarkably lucid manner.

Yet, is this a responsible thing to do? Is it wise to show aspiring Black Hats how to manipulate forensic evidence so that they can implicate innocent people? Will publicizing the finer points of system modification make life easier for aspiring bad guys? Is he basically handing the reader a loaded gun and teaching them the nuances of a kill shot?

To a degree, Reverend Blunden sidesteps this issue as irrelevant. In the end he claims that he's just a broker of information, and that he doesn't care who uses the information or how they use it. If you asked me, this is a bit of a cop out (he sounds a little like an arms dealer). Furthermore, he accuses other authors (the ones who fall back on the traditional argument that they're bolstering security by encouraging vendors to improve their products) of churching up their books in "ethical window dressing." In the eyes of Reverend Bill, this book is what it is ...without apology: another source of useful data.

If I had one complaint about the Rootkit Arsenal, it's that the author sticks primarily to software-based rootkit technology. For instance, he eschews BIOS-based tools. At one point the author states:

"In my opinion, a firmware-based rootkit is essentially a one-shot deal that should only be used in the event of a high-value target where the potential return would justify the R&D required to build it. Also, because of the instance-specific nature of this technique, I'd be hard pressed to offer a single recipe that would a useful to the majority of the reading audience. Though a firmware-related discussion may add a bit of novelty and mystique, in the greater scheme of things it makes much more sense to focus on methods which are transferable from one motherboard to the next."

Last but not least, the author's tendency towards the political arena, which defined a couple of his previous books, rears its head again in The Rootkit Arsenal's final chapter. Here, the good Reverend suggests that if it's possible to control a sprawling operating system like Windows with a relatively small rootkit binary, then perhaps the metaphor carries over into the body politic of the United States. Could a small segment of the population be quietly influencing the trajectory that society takes? Dave Emory and Noam Chomsky look out!

Readers interested in getting a closer look at the book's organization and table to contents can visit the author's web site.

You can purchase The Rootkit Arsenal from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

slreboy writes "The sunspot cycle is behaving a little like the stock market. Just when you think it has hit bottom, it goes even lower. The year 2008 was a bear. There were no sunspots observed on 266 of the year's 366 days (73 percent). To find a year with more blank suns, you have to go all the way back to 1913, which had 311 spotless days. Prompted by these numbers, some observers suggested that the solar cycle had hit bottom in 2008. Maybe not. Sunspot counts for 2009 have dropped even lower. As of March 31st, there were no sunspots on 78 of the year's 90 days (87 percent)..."

wiryd writes "A new ICANN proposal would allow applications for almost any TLD. From the article: 'Tourists might find information about the Liberty Bell, for example, at a site ending in .philly. A rapper might apply for a Web address ending in .hiphop. "Whatever is open to the imagination can be applied for," says Paul Levins, ICANN's vice president of corporate affairs. "It could translate into one of the largest marketing and branding opportunities in history."'"

strongmantim writes "I manage an internal help desk (25-30 people) for a medium-large company in the healthcare industry. We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo. Transmission of Protected Health Information is a sensitive issue, so the server has to be able to log any conversations that occur. It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them. All of the computers that will connect run Windows XP. The system should be scalable up to ~100 people (in case we decide to include our entire office in the roll-out). Hardware and OS for the server are not an issue. Oh, and one more thing: It has to be free. Suggestions?"