Slashdot Mirror

An anonymous reader submits: "MIT has released the name of the alleged infringer whose information was subpoenaed by the RIAA. The student's position? He was (1) not in the country at the time of the infringement, (2) he does not own a computer, and (3) he is not, and has never been, associated with the username in question (crazyface@KaZaA). MIT initially opposed the subpeona, but the RIAA refiled with the proper court."

An anonymous reader writes "The Guardian Website is running a story on Cybersyn. An experimental computer network based on cybernetic principles that was used by Chile's revolutionary government between 1971 and 1973 to provide a real-time, decentralized form of economic analysis in the nationalized sector of the Chilean economy. The network has been described as Chile's Internet. There is a photo of the control room which looks something like the deck of the Starship Enterprise. The whole thing was the brainchild of Stafford Beer, a sort of British Buckminster Fuller. All very Orwellian and Big Brother, the whole experiment was brought to an end by the CIA sponsored coup d'etat on the September 11th, 1973."

rende asks: "With school soon starting or having already started for many, this seems like a timely question. The MIT OpenCourseWare project is looking like a great resource for additional information to supplement my own coursework this year. I was very delighted to find this information freely available online, and wish I would have known about it previously. I would like to ask Slashdot: Are there any other resources, offered by other schools or independent sites, that offer such a robust selection of information that would fit in nicely, with the standard classes of a science related major?"

ShinyPlasticBag writes "'Eigenradio makes its optimal music by analyzing in real time dozens of radio stations at once. When our bank of computers has heard enough music, it will go to work on making more just like it. Since we listen to so much music all the time, Eigenradio is always on and always live. What you hear on Eigenradio is the best of the New Music, distilled and de-correlated. One song on Eigenradio is worth at least twenty songs on old radio.' Listen up here or here (SHOUTcast)."

ShinyPlasticBag writes "'Eigenradio makes its optimal music by analyzing in real time dozens of radio stations at once. When our bank of computers has heard enough music, it will go to work on making more just like it. Since we listen to so much music all the time, Eigenradio is always on and always live. What you hear on Eigenradio is the best of the New Music, distilled and de-correlated. One song on Eigenradio is worth at least twenty songs on old radio.' Listen up here or here (SHOUTcast)."

ShinyPlasticBag writes "'Eigenradio makes its optimal music by analyzing in real time dozens of radio stations at once. When our bank of computers has heard enough music, it will go to work on making more just like it. Since we listen to so much music all the time, Eigenradio is always on and always live. What you hear on Eigenradio is the best of the New Music, distilled and de-correlated. One song on Eigenradio is worth at least twenty songs on old radio.' Listen up here or here (SHOUTcast)."

TeachingMachines writes "David Diamond has written a very readable article at Wired News titled MIT Everyware that follows up on MIT's OpenCourseWare initiative (previous story). It turns out that one of the most popular courses has been '6.170 Laboratory in Software Engineering, Fall 2001.' Diamond notes that '[u]ltimately, MIT officials know, OpenCourseWare's success depends on the emergence of online communities to support individual courses.'"

TeachingMachines writes "David Diamond has written a very readable article at Wired News titled MIT Everyware that follows up on MIT's OpenCourseWare initiative (previous story). It turns out that one of the most popular courses has been '6.170 Laboratory in Software Engineering, Fall 2001.' Diamond notes that '[u]ltimately, MIT officials know, OpenCourseWare's success depends on the emergence of online communities to support individual courses.'"

grahamlee writes "It may be a case of 'do as we say, not as we do' over at the Santa Cruz Operation. The Netcraft statistics meter says that for the last year, SCO's web site has been served by Apache on Linux. Indeed, it's been more than a year since the site was ever served from a SCO Unix machine. So what is the possible reason for this? Your humble author suggests that SCO found themselves requiring a multithreaded web server, and as SCO UNIX is based on an ancient version of The UNIX spec it just couldn't cope ;-)." Read on for one of the strangest-yet turns to the SCO story, and several merely insipid ones.

An anonymous reader writes "SCO have made much of how their claims about UNIX code being improperly copied into Linux were verified by 3 teams including 'MIT Mathematicians.' However, MIT can't seem to find the mathematicians concerned!"

(SCO's explanation is that the company is talking about a team made up of people who formerly worked at MIT, rather than a group still associated with the school, but "due to contractual obligations, we cannot specifically name the individuals.")

kuwan writes "SCO has responded to the massive debunking of their 'evidence' last week. Chris Sontag claims that the BPF code was 'not intended to be an example of stolen code, but rather a demonstration of how SCO was able to detect "obfuscated" code.' That, however is a flat-out lie. If you look at their Obfuscated Copying slide (#15), it clearly states 'Obfuscated System V Code Has Been Copied Into Linux Kernel Releases 2.4x and 2.5x,' and then the slide labels the BPF code on the left as 'System V Code.'

At this point I think they realized that their case has been severly weakened and they need to spin it any way they can. And in their case this means more lying."

Captain Beefheart writes "According to this story over at The Inquirer (crediting a special edition of Terry Shannon's Shannon Knows HPC newsletter), SCO has officially announced that HP is safe from their infringement lawsuit brigade ... This leads one to suspect that HP is the Fortune 500 company that SCO claimed recently had paid for a license."

Maybe HP just wants to avoid Microsoft/BSA-style hassles: FatRatBastard writes "According to an article on Commentwire.com SCO has started sending invoices to Linux users. If a company signs up for SCO's 'Intellectual Property License for Linux,' they allow the possibility of being audited at SCO's expense to ensure that the user has been truthful about the number of Linux installations it has. Should the audit reveal that the user has underpaid SCO by 5% or $5,000, whichever is highest, the user also agrees to pay the price for the audit."

Blacklantern writes "The SCO lawsuit has made it into "Halloween Documents" gallery. Eric Raymond takes on the contents of the lawsuit point-by-point. "

An anonymous reader writes "Researchers at MIT have solved the mystery of how water striders propel themselves across water surfaces and in the process have created a robot called Robostrider that mimics the behavior. With cool stuff like this, it's no wonder MIT is number one in engineering."

Thanks to Wired News for their article discussing the increasing use of games to educate and simulate in the learning field. The article discusses the fact that "...video games have come under tremendous political pressure in recent years because of an increase in violent and sexual content. But schools soon may be using the technology that powers those games to help teach America's children." It goes on to mention a number of academic initiatives, including MIT's Games-To-Teach project, currently developing titles such as Biohazard, which uses the Unreal Tournament 2003 engine, and "...helps train emergency workers to deal with a cataclysmic attack. To succeed, teams must forge new communication lines while fighting a toxic accident."

Thanks to the MIT Technology Review for their article discussing the value of videogames in teaching multitasking skills. The opening paragraph posits: "Playing computer games doesn't shorten kids' attention spans - it helps them to manage competing demands in the new era of 'continuous partial attention.'", and goes on to suggest that "...much as earlier civilizations used play to sharpen their hunting skills, we use computer games to exercise and enhance our information processing capabilities", although the article's author, Dr.Henry Jenkins, warns that these new skills "...should not come at the expense of older forms of literacy."

Cyrrin writes "The 2003 Siggraph conference is under way in San Diego, and the Emerging Technologies booth is showcasing several noteworthy projects in the field of human-computer interaction in music production. First, The Continuator system, from Sony Computer Science Laboratory, Paris which learns in real-time the style of a performing pianist, taking into account chord structures, rhythm, and melody, and then renders a musical performance in a similar style. Next is The Augmented Composer Project which uses real-time image processing to read the arrangement and orientation of symbolic cards on a table to allow a composer to assemble components of a musical phrase. Finally, those wizards at the MIT Media Lab bring you Hyperscore, a visual composition program which is intended for childen to be able to easily create complex and fantastic music sequences. (And it's fun for adults too!) Hyperscore is part of the Toy Symphony project and is available for download by going to the Musictoys->Hyperscore-> Showcase page (Windows-only though)."

BandwidthHog writes "MIT student shows off Corporate Fallout Detector. Acts and looks kinda like a Geiger counter, but it's a UPC scanner with an internal, updateable database of corporate misdeeds, with both Pollution and Corporate Ethics modes. I want one."

nicodemus05 writes "Grad students at MIT's Media Lab have come up with an innovative control device called the Audiopad to run their digital music studio. The Audiopad, '...is a composition and performance instrument for electronic music which tracks the positions of objects on a tabletop surface and converts their motion into music.' It's practical, but more importantly it looks really, really cool."

nicodemus05 writes "Grad students at MIT's Media Lab have come up with an innovative control device called the Audiopad to run their digital music studio. The Audiopad, '...is a composition and performance instrument for electronic music which tracks the positions of objects on a tabletop surface and converts their motion into music.' It's practical, but more importantly it looks really, really cool."

An anonymous reader writes "DARPA's OASIS program consists of more than 20 research projects in intrusion-tolerant systems. The basic idea is to concede that systems will be penetrated by malware and hackers, but to keep operating anyway. Other projects take a wide variety of technical approaches to providing intrusion tolerance. MIT's Automatic Trust Management uses models of trust to choose from a variety of ways to achieve system goals; Duke/MCNC's SITAR (Scalable Intrusion Tolerant Architecture) adapts tricks from fault-tolerant systems and distributes decision-making; BBN-Illinois-Maryland-Boeing's ITUA employs unpredictable adaptation. Shutting down the military while waging war is not an option, but the idea of continuing to operating critical defense systems even after known penetration by hostile hackers or damaging worms will take some getting used to."

gbjbaanb writes "Wired News is reporting about the GIA, software inspired by the TIA program. 'Researchers at the MIT Media Lab unveiled the Government Information Awareness, or GIA, website Friday. Using applications developed at the Media Lab, GIA collects and collates information about government programs, plans and politicians from the general public and numerous online sources. Currently the database contains information on more than 3,000 public figures. The premise of GIA is that if the government has a right to know personal details about citizens, then citizens have a right to similar information about the government.'"

Dan writes "Marshall Vale writes on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Marshall says that Kerberos support within OpenSSH may be incomplete and needs more work. In particular, implementing draft-ietf-secsh-gsskeyex in addition to any other Kerberos mechanisms will better serve the needs of Kerberos community. Secondly, he says that they would like to reduce user confusion associated with all of the different options for Kerberos and SSH. He suggests adoption of the GSSAPI key exchange mechanism in the IETF draft (which uses Kerberos to authenticate both parties to each other), in order to avoid man-in-the-middle attacks."

Dan writes "Marshall Vale writes on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Marshall says that Kerberos support within OpenSSH may be incomplete and needs more work. In particular, implementing draft-ietf-secsh-gsskeyex in addition to any other Kerberos mechanisms will better serve the needs of Kerberos community. Secondly, he says that they would like to reduce user confusion associated with all of the different options for Kerberos and SSH. He suggests adoption of the GSSAPI key exchange mechanism in the IETF draft (which uses Kerberos to authenticate both parties to each other), in order to avoid man-in-the-middle attacks."

Peter Wayner writes: "If you're a handicapped Windows user, Microsoft offers suggestions and assistance -- but XBox users were out of luck until Andrew 'Bunnie' Huang finished his book Hacking the XBox. Don't be fooled by the title. Officially, Huang's excellent book is not about helping the differently-abled. That would be against the law. Huang was forced by the DMCA to hide his humanitarianism under the cloak of 'reverse engineering' because this is one of the few legitimate uses given a small amount of protection by the law. But if you've got an urge to help the handicapped or any other reason to tinker with your XBox, buy this book before the Man sees through this ruse." Read on for the rest of Peter's review. Hacking the XBox author Andrew "Bunnie" Huang pages 288 publisher No Starch Press rating 9 reviewer Peter Wayner ISBN 1593270291 summary How and why to crack the seal on your Xbox.

There are many reasons why you might want to take apart your XBox, but one of the best ones I can imagine is making it easier for people who can't see, hear or move too well to play the same video games as the rest of us. Searching Microsoft's web site for documents containing both "handicapped" and "xbox" reveals only a suggestion for how to change the degree of difficulty of your Zoo Tycoon Game.

Someone who might want to retrofit a new pointing device or some other enabling gadget onto the XBox might start with the chapter describing how to fix a real USB cable onto the XBox. The chapter, like most in the book, is heavily illustrated with step-by-step pictures and instructions for clipping the cables in the right place and soldering them back together. Some of this might seem a bit rudimentary, but the detail can't hurt. In many cases, the real challenge is finding a way to take apart the case or the pack of wires in the right way. Smashing it isn't always an option. This is a book about mathematics, electronics, and taking apart plastic boxes.

Alas, just doing a bit of soldering isn't going to be enough unless you can make the right drivers. To help those who might want to reprogram their XBox, Huang devotes much of the book to stripping away the layers of the XBox security system, a story that is part mystery and part journey through the security layers in the system. The book is arranged in a very roughly chronological order. While it is mainly a book that teaches you how to reverse engineer the XBox, it is also a story of how he overcame the obstacles presented by the encryption. He talks as much about the unsuccessful paths as the ones that paid off. (This is, I think, an ideal model for the scientific community. It's much more educational than the terse papers that present the results as fait accompli.)

This part of the book quickly gets quite complicated, because Microsoft obviously tried hard to produce a secure machine that could provide a fair platform for people to play games. Getting the XBox to run any old software is not an easy task, but Huang describes several major techniques for drilling through the various layers of security. Again, he offers detailed pictures and instructions for construction special tools that snarf signals from a bus. Then he explains how he managed to grab the right keys for decrypting some of the most important data. Although it's a technical book, it unfolds like a spy novel.

The book is also very politically thoughtful. While the clueless will equate the word "hacking" in the title with piracy, money laundering, terrorism, and not phoning home on mother's day, Huang frames every step with a discussion of whether it is motivated by good or evil. He's not interested in building a tool to pirate XBox games and points out that many of the modifications aimed at running Linux on the Xbox do not help the pirates in any way. If anything, they make the games entirely unplayable.

Huang does want to defend the right to tinker, citing Ed Felten and others in a defense of something we're rapidly losing. I've heard horror stories from Army Majors about Windows PCs that refused to boot after failing to find a C drive. Do we really want to build machines that can't be retrofitted or fixed in the field? Many war movies are saved by the young private who (like Huang) is willing and able to tinker.

If you don't respond to pulls on the heartstrings, you might want to read one of the concluding chapters from the EFF's Lee Tien about the current legal climate. There are few exemptions for tinkering and many of them are limited. Reverse engineering is okay if you're a big corporation making a competing product, but that didn't help 2600 magazine when they were accused of trying to help people view DVDs on their Linux machine. I can only imagine what they would do to someone with very bad vision who wanted to enable a special zoom feature on their Xbox.

The book was originally going to be published by Wiley, but the company balked when it realized there were stiff legal penalties for helping handicapped people use computers. Even the Massachusetts Institute of Technology felt that it would be better for Huang to disassociate itself from Huang and his humanitarian efforts. The university only relented after pressure from a few good professors who helped the university understand the value in Huang's mission. Huang decided to publish the book himself with the help of his girlfriend, Nikki Justis. The two of them should be commended for turning out such a beautiful, professional book. If you're intrigued by the xbox, interested in helping the handicapped, or just trying to learn how to reverse engineer things before things get worse, check out this book. It's a wonderful contribution to the literature.

To close, I'm offering a pair of cool projects with the hope that Huang's book will inspire people to tinker:

• Sonic Information -- The sound in games like Quake is pretty good, but what if it was rendered with enough precision to let blind people grok the scene? The echoes from the tapping of a white cane already carry plenty of information to the blind. What if they could compete on an equal footing with the sighted? Who would win?
• Eye Movement Measuring tools -- Tools exist for sensing the position of our eyes. A quadriplegic game could just look in the right direction and shoot. Clearly some work would need to be done to encode all of the shift-left-left-down-right maneuvers from the games. This could help all of us. The thumb you save from repetitive motion injuries could be your own.

Note: Since this review was written, Hacking the Xbox has found a publisher in the form of No Starch Press. The original self-published version will probably be a sought-after collectable ;)

Peter Wayner is the author of Translucent Databases and ten other books. None rely on the DMCA. Hacking the Xbox is due in July at bn.com; you can also go directly to the book's page at No Starch Press. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Peter Wayner writes: "If you're a handicapped Windows user, Microsoft offers suggestions and assistance -- but XBox users were out of luck until Andrew 'Bunnie' Huang finished his book Hacking the XBox. Don't be fooled by the title. Officially, Huang's excellent book is not about helping the differently-abled. That would be against the law. Huang was forced by the DMCA to hide his humanitarianism under the cloak of 'reverse engineering' because this is one of the few legitimate uses given a small amount of protection by the law. But if you've got an urge to help the handicapped or any other reason to tinker with your XBox, buy this book before the Man sees through this ruse." Read on for the rest of Peter's review. Hacking the XBox author Andrew "Bunnie" Huang pages 288 publisher No Starch Press rating 9 reviewer Peter Wayner ISBN 1593270291 summary How and why to crack the seal on your Xbox.

There are many reasons why you might want to take apart your XBox, but one of the best ones I can imagine is making it easier for people who can't see, hear or move too well to play the same video games as the rest of us. Searching Microsoft's web site for documents containing both "handicapped" and "xbox" reveals only a suggestion for how to change the degree of difficulty of your Zoo Tycoon Game.

Someone who might want to retrofit a new pointing device or some other enabling gadget onto the XBox might start with the chapter describing how to fix a real USB cable onto the XBox. The chapter, like most in the book, is heavily illustrated with step-by-step pictures and instructions for clipping the cables in the right place and soldering them back together. Some of this might seem a bit rudimentary, but the detail can't hurt. In many cases, the real challenge is finding a way to take apart the case or the pack of wires in the right way. Smashing it isn't always an option. This is a book about mathematics, electronics, and taking apart plastic boxes.

Alas, just doing a bit of soldering isn't going to be enough unless you can make the right drivers. To help those who might want to reprogram their XBox, Huang devotes much of the book to stripping away the layers of the XBox security system, a story that is part mystery and part journey through the security layers in the system. The book is arranged in a very roughly chronological order. While it is mainly a book that teaches you how to reverse engineer the XBox, it is also a story of how he overcame the obstacles presented by the encryption. He talks as much about the unsuccessful paths as the ones that paid off. (This is, I think, an ideal model for the scientific community. It's much more educational than the terse papers that present the results as fait accompli.)

This part of the book quickly gets quite complicated, because Microsoft obviously tried hard to produce a secure machine that could provide a fair platform for people to play games. Getting the XBox to run any old software is not an easy task, but Huang describes several major techniques for drilling through the various layers of security. Again, he offers detailed pictures and instructions for construction special tools that snarf signals from a bus. Then he explains how he managed to grab the right keys for decrypting some of the most important data. Although it's a technical book, it unfolds like a spy novel.

The book is also very politically thoughtful. While the clueless will equate the word "hacking" in the title with piracy, money laundering, terrorism, and not phoning home on mother's day, Huang frames every step with a discussion of whether it is motivated by good or evil. He's not interested in building a tool to pirate XBox games and points out that many of the modifications aimed at running Linux on the Xbox do not help the pirates in any way. If anything, they make the games entirely unplayable.

Huang does want to defend the right to tinker, citing Ed Felten and others in a defense of something we're rapidly losing. I've heard horror stories from Army Majors about Windows PCs that refused to boot after failing to find a C drive. Do we really want to build machines that can't be retrofitted or fixed in the field? Many war movies are saved by the young private who (like Huang) is willing and able to tinker.

If you don't respond to pulls on the heartstrings, you might want to read one of the concluding chapters from the EFF's Lee Tien about the current legal climate. There are few exemptions for tinkering and many of them are limited. Reverse engineering is okay if you're a big corporation making a competing product, but that didn't help 2600 magazine when they were accused of trying to help people view DVDs on their Linux machine. I can only imagine what they would do to someone with very bad vision who wanted to enable a special zoom feature on their Xbox.

The book was originally going to be published by Wiley, but the company balked when it realized there were stiff legal penalties for helping handicapped people use computers. Even the Massachusetts Institute of Technology felt that it would be better for Huang to disassociate itself from Huang and his humanitarian efforts. The university only relented after pressure from a few good professors who helped the university understand the value in Huang's mission. Huang decided to publish the book himself with the help of his girlfriend, Nikki Justis. The two of them should be commended for turning out such a beautiful, professional book. If you're intrigued by the xbox, interested in helping the handicapped, or just trying to learn how to reverse engineer things before things get worse, check out this book. It's a wonderful contribution to the literature.

To close, I'm offering a pair of cool projects with the hope that Huang's book will inspire people to tinker:

• Sonic Information -- The sound in games like Quake is pretty good, but what if it was rendered with enough precision to let blind people grok the scene? The echoes from the tapping of a white cane already carry plenty of information to the blind. What if they could compete on an equal footing with the sighted? Who would win?
• Eye Movement Measuring tools -- Tools exist for sensing the position of our eyes. A quadriplegic game could just look in the right direction and shoot. Clearly some work would need to be done to encode all of the shift-left-left-down-right maneuvers from the games. This could help all of us. The thumb you save from repetitive motion injuries could be your own.

Note: Since this review was written, Hacking the Xbox has found a publisher in the form of No Starch Press. The original self-published version will probably be a sought-after collectable ;)

Peter Wayner is the author of Translucent Databases and ten other books. None rely on the DMCA. Hacking the Xbox is due in July at bn.com; you can also go directly to the book's page at No Starch Press. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Peter Wayner writes: "If you're a handicapped Windows user, Microsoft offers suggestions and assistance -- but XBox users were out of luck until Andrew 'Bunnie' Huang finished his book Hacking the XBox. Don't be fooled by the title. Officially, Huang's excellent book is not about helping the differently-abled. That would be against the law. Huang was forced by the DMCA to hide his humanitarianism under the cloak of 'reverse engineering' because this is one of the few legitimate uses given a small amount of protection by the law. But if you've got an urge to help the handicapped or any other reason to tinker with your XBox, buy this book before the Man sees through this ruse." Read on for the rest of Peter's review. Hacking the XBox author Andrew "Bunnie" Huang pages 288 publisher No Starch Press rating 9 reviewer Peter Wayner ISBN 1593270291 summary How and why to crack the seal on your Xbox.

There are many reasons why you might want to take apart your XBox, but one of the best ones I can imagine is making it easier for people who can't see, hear or move too well to play the same video games as the rest of us. Searching Microsoft's web site for documents containing both "handicapped" and "xbox" reveals only a suggestion for how to change the degree of difficulty of your Zoo Tycoon Game.

Someone who might want to retrofit a new pointing device or some other enabling gadget onto the XBox might start with the chapter describing how to fix a real USB cable onto the XBox. The chapter, like most in the book, is heavily illustrated with step-by-step pictures and instructions for clipping the cables in the right place and soldering them back together. Some of this might seem a bit rudimentary, but the detail can't hurt. In many cases, the real challenge is finding a way to take apart the case or the pack of wires in the right way. Smashing it isn't always an option. This is a book about mathematics, electronics, and taking apart plastic boxes.

Alas, just doing a bit of soldering isn't going to be enough unless you can make the right drivers. To help those who might want to reprogram their XBox, Huang devotes much of the book to stripping away the layers of the XBox security system, a story that is part mystery and part journey through the security layers in the system. The book is arranged in a very roughly chronological order. While it is mainly a book that teaches you how to reverse engineer the XBox, it is also a story of how he overcame the obstacles presented by the encryption. He talks as much about the unsuccessful paths as the ones that paid off. (This is, I think, an ideal model for the scientific community. It's much more educational than the terse papers that present the results as fait accompli.)

This part of the book quickly gets quite complicated, because Microsoft obviously tried hard to produce a secure machine that could provide a fair platform for people to play games. Getting the XBox to run any old software is not an easy task, but Huang describes several major techniques for drilling through the various layers of security. Again, he offers detailed pictures and instructions for construction special tools that snarf signals from a bus. Then he explains how he managed to grab the right keys for decrypting some of the most important data. Although it's a technical book, it unfolds like a spy novel.

The book is also very politically thoughtful. While the clueless will equate the word "hacking" in the title with piracy, money laundering, terrorism, and not phoning home on mother's day, Huang frames every step with a discussion of whether it is motivated by good or evil. He's not interested in building a tool to pirate XBox games and points out that many of the modifications aimed at running Linux on the Xbox do not help the pirates in any way. If anything, they make the games entirely unplayable.

Huang does want to defend the right to tinker, citing Ed Felten and others in a defense of something we're rapidly losing. I've heard horror stories from Army Majors about Windows PCs that refused to boot after failing to find a C drive. Do we really want to build machines that can't be retrofitted or fixed in the field? Many war movies are saved by the young private who (like Huang) is willing and able to tinker.

If you don't respond to pulls on the heartstrings, you might want to read one of the concluding chapters from the EFF's Lee Tien about the current legal climate. There are few exemptions for tinkering and many of them are limited. Reverse engineering is okay if you're a big corporation making a competing product, but that didn't help 2600 magazine when they were accused of trying to help people view DVDs on their Linux machine. I can only imagine what they would do to someone with very bad vision who wanted to enable a special zoom feature on their Xbox.

The book was originally going to be published by Wiley, but the company balked when it realized there were stiff legal penalties for helping handicapped people use computers. Even the Massachusetts Institute of Technology felt that it would be better for Huang to disassociate itself from Huang and his humanitarian efforts. The university only relented after pressure from a few good professors who helped the university understand the value in Huang's mission. Huang decided to publish the book himself with the help of his girlfriend, Nikki Justis. The two of them should be commended for turning out such a beautiful, professional book. If you're intrigued by the xbox, interested in helping the handicapped, or just trying to learn how to reverse engineer things before things get worse, check out this book. It's a wonderful contribution to the literature.

To close, I'm offering a pair of cool projects with the hope that Huang's book will inspire people to tinker:

• Sonic Information -- The sound in games like Quake is pretty good, but what if it was rendered with enough precision to let blind people grok the scene? The echoes from the tapping of a white cane already carry plenty of information to the blind. What if they could compete on an equal footing with the sighted? Who would win?
• Eye Movement Measuring tools -- Tools exist for sensing the position of our eyes. A quadriplegic game could just look in the right direction and shoot. Clearly some work would need to be done to encode all of the shift-left-left-down-right maneuvers from the games. This could help all of us. The thumb you save from repetitive motion injuries could be your own.

Note: Since this review was written, Hacking the Xbox has found a publisher in the form of No Starch Press. The original self-published version will probably be a sought-after collectable ;)

Peter Wayner is the author of Translucent Databases and ten other books. None rely on the DMCA. Hacking the Xbox is due in July at bn.com; you can also go directly to the book's page at No Starch Press. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Cecil Esquivel asks: "I'm looking for ways to increase the quality of video by using super-resolution algorithms which use the visual information across multiple frames of video to increase the resolution of individual frames. I have found very little on the web that can do this effectively for the entire length of video. There is commercial software, VideoFOCUS, which produces hi-res stills from video, but doesn't seem to have a product for producing hi-res video from video. There is a thesis from Duke U. which is 6 years old, monochrome only and is mostly proof of concept.) Anybody out there have more information or is willing to help me develop some software that can do this? Darwin/Mac OS X solution that can work with QuickTime DV, preferred." Typically, super-resolution uses image samples generated from low-resolution and high-resolution samples of the same source, which is then converted into source independent information that can be used to increase detail for other low resolution sources. Has anyone seen programs that use super-resolution techniques for increasing the resolution of your typical digital video clip?

pioneer writes "An article on MSNBC.com reports that a Danish study has found that computer use is not a significant risk factor for carpal tunnel syndrome. Not sure about you, but I spent a lot of time learning dvorak and kinesis to prevent just that... the 'inevitable' onslaught of RSI/carpal tunnel/etc."

Peristaltic writes "MIT's Haystack project has released the source for it's "Universal Information Client", Haystack. In their words: 'Haystack looks into the use of artificial intelligence techniques for analyzing unstructured information and providing more accurate retrieval.' Unlike some attempts I've seen in the past to pull it all together on my desktop, Haystack shows some promise -- One of it's more useful features allows you to take the information you've been wallowing through, and have Haystack continually refine a 'dynamic hierarchy' until you get what you need. Haystack also performs some neat tricks such as combining Email, IM, web pages, etc. into a single inbox."

pioneer writes "MIT is looking to replace its introductory core EE (electrical engineering) curriculum with more hands-on classes. MIT Professors Abelson and Sussman discuss the new class, which replaces equations with actual circuit building, tours of electrical plants, and classes taught by famous professors."

pioneer writes "MIT is looking to replace its introductory core EE (electrical engineering) curriculum with more hands-on classes. MIT Professors Abelson and Sussman discuss the new class, which replaces equations with actual circuit building, tours of electrical plants, and classes taught by famous professors."

You asked nmap creator Fyodor many excellent questions, and his answers (below) are just as excellent. You'll want to set aside significant time to read and digest this interview, because Fyodor didn't just toss off a few words, but put some real time and energy into his answers.

1) Interesting stories involving nmap?
by Neologic

Nmap has obviously become a huge success in the *nix world. I would wager that practically all sysadmins and security folk use nmap. With this sort of use by such creative and lazy people, there must have been some interesting stories involving nmap, perhaps unusual uses of it, or funny anecdotes. Are there any you would like to share?

Fyodor

The coolest use ever was undoubtedly when Trinity used it to try and save the human race :). But the use I find most gratifying are the Chinese students and residents who have written me about how they use Nmap to locate open proxies. These proxies allow for surfing the uncensored Internet, including the news, educational, pornographic, religious, open source software, government, political, search engine, and human rights sites that are blocked by the Great Firewall of China.

Many of the best features in Nmap came from the user community in ideas if not implementation. For example, the protocol scan (-sO) determines what IP protocols (TCP, UDP, GRE, etc.) a host is listening for. I had not thought of this, but the idea and patch came out of the blue one day in an email from Gerhard Rieger. On another day, a guy named Saurik sent a patch called Nmap+V that allows Nmap to do basic service/version fingerprinting against open ports. It has attracted a cult following, and I plan to add similar functionality to Nmap this year. The initial Windows port by eEye arrived similarly. Despite all these great suggestions, certain other user-contributed ideas are not on the agenda.

Then there are a small handful of users who detect problems nobody else would ever notice, like 4 byte/host memory leaks. They send me error messages with notes saying the bug happens "about once per 700,000 IPs". I have no idea what these guys are up to, but some have been sending me this kind of mail for years. They can't be spammers, as they are intelligent and also use more sophisticated scan techniques than you would need to just find SMTP servers.

2) Recent increases in anal-retentiveness...?
by Zeriel

There's been a marked increase in system administrators thinking that anything even remotely resembling a network scan is eeeeevil (case in point, last year I almost got kicked out of college for scanning port 80 on my dorm subnet looking for interesting websites to read)...

What do you think can be done to make scanning IP addresses/ports have less of a negative stigma? This is in the same sort of category as legit vs. illegit uses of anything else (P2P, whatever)--what's the rationale for punishing something that could maybe lead to criminal activity, and how can we make network scanning tools have practical uses again?

Fyodor

That is an excellent question, and one that concerns me as well. But first, I think your final statement is too extreme. I would guess 90% of network scanning is non-controversial. You will rarely be badgered for scanning your own machine or the networks you administer. The controversy comes when scanning other networks. There are a lot of (good and bad) reasons for doing this sort of network exploration. Perhaps you are scanning the other systems in your {dorm, department, cable LAN, conference LAN} to look for publicly shared files (FTP, SMB, WWW, etc.). Or perhaps your just trying to find the IP of a certain printer. Maybe you scanned your favorite web site to see if they are offering any other services, or because you are curious what OS they run. Perhaps you are just trying to test connectivity, or maybe you wanted to do a quick security sanity-check before handing off your credit card details to that ecommerce company. You might be conducting Internet research, or be bored on a rainy afternoon. Or are you conducting reconnaissance in preparation for a breakin attempt?

The remote administrators rarely know your true intentions, and do sometimes get suspicious. The best approach is to get permission first. I've seen a few people with non-administrative roles land in hot water after deciding to "prove" network insecurity by launching an intrusive scan of the entire company or campus. Admins tend to be more cooperative when asked in advance than when woken up at 3AM by an IDS alarm claiming they are under massive attack.

You compared Nmap to P2P tools in having a "negative stigma". In both cases, one effective way to fight the stigma is to limit your own use to "legitimate" purposes. Use BitTorrent to download RedHat ISOs, but not Matrix Reloaded. Use Nmap to secure and monitor your computers, but not to attack other networks. And if you decide to attack other networks anyway, please be courteous and set the evil bit.

Now I'll admit that I don't always obtain explicit permission before scanning other networks. I don't believe (but IANAL) that a simple port/OS scan of a remote system is or should be illegal. Any machine connected to the Internet will be scanned so often that most admins ignore such "white noise" anyhow. But scan other networks often enough, and someone will eventually complain. So my advice would be:

1. Don't do anything controversial from your work or school connections. Even though your intentions may be good, you have too much to lose if someone in power (boss, dean) decides you are a malicious cracker. Do you really want to explain your actions to someone who may not even understand the terms "port scanner" or "packet"? Spend $10 bucks a month for a dialup or shell account. You didn't really violate this rule, as scanning your dorm subnet for just port 80 should not even be remotely controversial!
2. Target your scan as tightly as possible. If you are only looking for web servers, specify -p80 rather than scanning all 65,535 TCP ports on each machine. If you are only trying to find available hosts, do an Nmap ping scan. Don't scan a /16 when a /24 will suffice. The random scan mode now takes an argument specifying the number of hosts, rather than running forever. So consider -iR 1000 rather than -iR 10000 if the former is sufficient. Use the default timing (or even "-T Polite") rather than "-T Insane".
3. Nmap offers many options for stealthy scans, including source-IP spoofing, decoy scanning, and the more recent Idle Scan technique. But remember there is always a trade-off. You will be harder to detect if you launch scans from an open WAP far from your house, with 17 decoys, while doing followup probes through a chain of 9 open proxies. But if anyone (such as Tsutomu Shimomura) does track you down, they will be mighty suspicious of your intentions.

I occasionally consider adding some sort of "notification packet" prior to a scan that would give hosts the chance to respond and opt-out. This would be like the /robots.txt directives currently used to control polite Web robots. Perhaps the format could even include a text string that IDS systems could log, like: nmap -sS -p- -O -m "Direct questions about this scan to ops at x3512" 192.168.0.0/16 nmap -sS -p- -O -m "mY n4m3 iZ Zer0 |<00L and I'll 0wn j0o%#@" targetcompany.com/24 Of course Nmap would have an option to omit the notification or to send it and ignore any negative responses. Some scanners, such as ISS Internet Scanner already send out NetBIOS popup messages to scanned hosts by default, and other scanners use syslog. I won't be adding any features like this to Nmap unless I see substantial demand and the obvious issues are worked out.

3) OS fingerprinting
by neoThoth

What are the latest advances in fingerprinting networked devices that seem most promising to you? I have started reading papers on HTTP fingerprinting and such and wonder how these will figure into the NMAP architecture. What are the most elusive OS's that aren't on the NMAP OS fingerprint database?

Fyodor

There are a number of OS detection techniques I hope to add this year. One is to guess (or calculate) the initial TTL of response packets, since this varies by OS. Some operating systems also "reflect" your own chosen TTL under various circumstances. Then there are some newer TCP options, such as selective ack that I might test for. Explicit Congestion Notification (RFC 2481/3168) also shows promise. I'll probably add all of these at once later this year, after discussions with the Nmap-dev list. If you wish to participate, you can join that list by sending a blank email to nmap-dev-subscribe@insecure.org. There is also a low volume, moderated list for announcements about Nmap, Insecure.org, and related projects. You can join the 15,000 current members by mailing nmap-hackers-subscribe@insecure.org [archives].

While adding new fingerprinting techniques is fun and exciting, improving the signature database often ads more value. The DB now contains more than 850 signatures, from the Acorn RISC OS and Aironet wireless LAN bridge to the ZoomAir wireless gateway and Zyxel Prestige routers. We're talking gaming consoles, phones, PBX systems, PDAs, webcams, networked power switches, you name it! New fingerprints are submitted daily.

Application level fingerprinting (including HTTP) is coming. I usually regret stating dates, but I hope to develop this functionality within the next 3 months.

4) Stepping into a network security career
by Anonymous Coward

I'll be graduating this month with a shiny new BS in Computer Science. I've done plenty of Unix sysadmin work throughout college and even deployed some high-interaction honeynets. I'm very interested in network security and systems programming. Do you have any advice for people in my situation who want to head into a career in network security?

Fyodor

Congratulations on your graduation! Unfortunately (for newcomers), the security field is one that often expects substantial experience and references. This is partly because these jobs require extraordinary trust, and also because of an aversion to mistakes. Everyone makes mistakes, but they can be extraordinarily costly in security and neophytes tend to make more of them. But don't lose hope! Talented security minds are still in very high demand, just be aware that you will have to work even harder to prove yourself.

Here are my suggestions for anyone starting out in network security, whether for fun or profit:

Step 1: Learn everything you can

1. You may wish to start with reading a general overview of security, such as Practical Unix and Internet Security 3rd Edition.
2. Reading alone won't teach you much. Hands-on experience is critical, so I would set up at least a basic test network. At the very minimum you should have a Unix box or two and a Windows machine (because these are very common in the real world). You can use very cheap machines, or even emulate a large network with virtualization software such as VMWare.
3. Next you should learn more about how attacks are performed. Take a look at the excellent and free Open Source Security Testing Methodology Manual (OSSTMM). This document aims to provide a comprehensive framework for security testing. But it mostly lists tasks to perform, without specifying how to do so. You will gain a lot from this manual if you research the tasks you don't know how to complete, and if you actually try performing the tasks on your test network. If this manual is too curt or hard to follow, you could try a more verbose book on vulnerability assessment, such as Hacking Exposed 4th Edition.
4. Now that you understand many of the general security ideas, it is time to get current. This is one area that has actually become easier in the last decade. The thinking used to be that vulnerability information should only be distributed to well-known and trusted administrators and security researchers through private digests such as Zardoz. This was a disaster for many reasons, and the full disclosure movement was born. In the last couple of years things have started to shift toward more limited ("responsible") disclosure and there is also a disturbing pay-money-for-early-disclosure trend. But information is still much more available than it used to be. Most of the news is carried on mailing lists, and I archive the ones I consider the best at Lists.Insecure.Org. You must subscribe to Bugtraq, and I would also highly recommend pen-test, vuln-dev, and security-basics. Read at least the last 6-12 months of archives. Choose other lists that correspond to your interests. SecurityFocus also offers a security-jobs list which is an excellent resource for finding jobs or just understanding what employers desire.

   There are two major reasons for reading Bugtraq. One is that you must react quickly to new vulnerabilities by patching your servers, notifying your clients, etc. You can get this by simply scanning the subject lines or advisory summaries for bugs that directly apply to you. But then you will miss out on another crucial purpose of Bugtraq. Actually understanding a vulnerability helps you defend against it, exploit it, and identify/prevent similar bugs in the future. When you are lucky, the advisory itself will provide full details on the bug. Check out this excellent recent advisory by Core Security Technologies. Note how they describe exactly how the Snort TCP Stream Reassembly vulnerability works in detail and even include a proof-of-concept demonstration. Unfortunately, not all advisories are so forthcoming. For bugs in Open Source software, you can understand the problem by reading the diff. The next step is to actually write and test an exploit. I would recommend writing at least one for each general class of bug (buffer overflow, format string, SQL injection, etc.) or whenever a bug is particularly interesting.

   Be sure to read the latest issues of Phrack and the research papers posted to the mailing lists. Send your comments and questions to the authors and you may start interesting discussions. Read well-regarded books on the security topics that interest you most.

   I can't emphasize enough that you should intersperse hands-on work with all of this reading. Install unpatched RedHat 8 (or whatever) and run Nmap and Nessus against it. Then compromise it remotely, maybe via the latest Samba hole. Start out with a prewritten exploit from Bugtraq, which isn't quite as easy as it sounds. You may have to modify the 'sploit to compile, brute force the proper offset, etc. Then break in again using a different technique, and your own exploit. Install Ethereal and/or tcpdump and ensure you understand the traffic on your network during both your exploitation and normal network activity. Install Snort on an Internet-facing machine and watch the attacks and probes you'll experience. Wander around your neighborhood with Kismet, Netstumbler, or Wellenreiter on your Laptop or PDA to look for open WAPs. Install DSniff and execute an active MITM attack on an SSH or SSL connection between two of your computers. Take a look at my Top 75 Tools List and ensure you understand what each does and when it would be useful. Try out as many as you can.

5. Take a vacation, or at least a weekend camping! You deserve it! The steps above would probably take at least 3-12 months full-time, depending on your motivation level and the depth and breadth of your research.

Step 2: Now apply your newfound knowledge

Now you have learned enough to be dangerous. At this point, you would have little trouble obtaining most certifications, after studying the specifics of each topic. If your main goal is to find a job quickly, perhaps adding these extra feathers to your cap might be worthwhile. But I think your best bet is to prove your knowledge by joining and contributing to the security community. While this does indeed help others, it isn't an entirely selfless act. It improves your skills, leads to important contacts, and demonstrates your knowledge and ability in a constructive way. The latter is important if securing a career is one of your goals. These steps should also be fun! If not, perhaps you should keep looking at other fields. Here are some ideas:

Start participating with insightful comment and answers on the mailing lists. This is very easy and serves as a great learning experience, way to meet people, and garners some name recognition. If a security manager with a stack of 60 resumes recognizes your name, that is a huge win!

When a new worm or a big new vulnerability comes out, everyone wants to know the details. If you stay up all night disassembling the worm/patch and write the first comprehensive analysis, many folks will find that valuable. And you will learn a lot. Let your first priority be quality - if someone beats you to it, just compare your results with theirs to see if you (or they) missed (or misinterpreted) anything. You can also post your own exploits, although that is more of a political hot potato.

Attending security conferences is a great way to learn, party with fellow hackers, and network (in every sense of the word). Much better is to speak at these conferences. This field changes rapidly so there are always new topics and technologies to discuss. You don't have to be a well-known expert with a long history - just learn your topic well and put in the effort for a quality presentation. You could present at Defcon, at one of the more commercial events, or at a smaller regional con like ToorCon, CodeCon, Hivercon, etc. Among other advantages (often free admission/travel/hotel), this is a great way to meet people with similar interests. I spoke at the latest CanSecWest and have submitted a proposal for the next Defcon.

Now that you've seen and understand a wide variety of software vulnerabilities from your Bugtraq research, start finding your own. You can start by downloading any PHP app from Sourceforge. Most of those are hopelessly vulnerable to Cross-Site-Scripting, SQL injection, and/or remote code execution by "remote include" directives. Many (if not most) Windows shareware daemons are also vulnerable to simple buffer overflows and format-string bugs. Notify the authors and then write an advisory. After a few of these "easy targets", try breaking some more widely deployed programs.

Write a security tool! I could list some suggestions, but by this point you will have many of your own ideas as to what is needed. Scratch an itch.

I hope this helps. If you want more suggestions, Ask Slashdot. From that story, I found this post particularly insightful, especially the emphasis on "people skills". I don't claim to have any, but understand the value :).

5) Have you ever been tempted to use your gifts...
by Tim_F

...in a negative manner?

Have you ever hacked into someone else's computer? Have you ever considered it? What would cause you to think of doing this? Would your tools (nmap, etc.) be enough to allow you to do this?

And if you haven't, why is that the case?

Fyodor

I never do script-kiddie style "hack any random vulnerable box on the Internet" cracking. But sometimes I will launch targeted attacks at specific companies. I'll usually start with just a web browser and various search engines to learn everything I can about my target. I need to understand what the company does, who it partners with, and whether it has any corporate siblings, subsidiaries, or parents. Beyond that, posts by individual employees can be a gold mine. Besides providing names and titles for social engineering and brute force password attacks, the IPs in the mail/news routing headers can be very valuable. One of the reasons I run my own mailing list archive is to maintain access to the raw mail folders which contain the routing info and X-no-archive posts that web archives strip out. Another advantage to locating employees is that you can send them trojan executable attachments, which can be a very effective way into the network.

Next I'll gather known IP network information on the companies via DNS, whois, regional registries like ARIN, routing info, Netcraft, etc. Then comes the scanning (I tend to use Nmap), application-probing, vulnerability discovery, and exploitation stages.

Of course, I only do this when the company is paying me to do so. Performing these pen-tests offers several advantages over blackhat activity:

1. You don't go to jail (If you've worded your contract carefully.)
2. Instead of having to keep your übertechniques secret to avoid prosecution, you get to demonstrate them to management.
3. They actually pay you for this! And you are helping to protect them and the privacy of their customers.

Now some people might ask how you gain these skills without practicing on other networks first. Cheap hardware and the evolution of free UNIX operating systems have made this much easier than in the past. See the previous answer for some suggestions. And remember that you can always work together with friends, or participate in hacking contests like Defcon's Capture the Flag.

6) You'll have seen a lot of breakins.
by Hulver

During your time running Honeypots, you'll have seen a lot of compromised systems. Is there any incident that's really stuck in your mind because of the audacity of the attempt, or the stupidity of the person attempting the breakin.

Fyodor

On the humorous front, one attacker was was running a public webcam during his exploits, so we were able to watch him crack into our boxes in real time :). I will resist the urge to link a screenshot. His rough location was determined when we noticed Mrs. Doubtfire playing on his TV and correlated that with public schedule listings. He was working with a Pakistani group, but was actually on the US East Coast.

In the "disturbing audacity" front, this year we found that a group of crackers had broken into an ecommerce site and actually programmed an automated billing-sytem-to-IRC gateway. They could obtain or validate credit card numbers by simply querying the channel bot! Expect a more detailed writeup soon.

7) What makes a honey net enticing?
by cornice

It seems that many of the honey nets that the average hobbyist would run are built to attract a lesser cracker. What I mean is that ports are left open that normally would not be left open. Services are running that normally should not, etc. I think that a really smart fish would see this as nothing but a cheap lure and refuse the bait. Do you think it's possible to fool the really smart fish? Is is possible to bait with something enticing enough without tipping off the big fish? Does publication of your work make this task more difficult?

Fyodor

Excellent question, and I had many of the same concerns upon joining the project. Then I remembered that most of the attacks and real-world compromises are committed by these marginally skilled script kiddies. So there is still a lot of value in understanding their tools, tactics, and motives. Despite this apparent limitation, I have been surprised by some of the sophisticated things we have found. For example, the first known "in the wild" attack using the Solaris dtspcd vulnerability was caught by one of our honeynets and resulted in this CERT advisory. Then one of our Honeynet Alliance members had their Win2K honeypot compromised and joined into a botnet with 18,000 machines! Attackers on such a grand scale won't even know all of the companies they have compromised, much less whether any of the systems are honeynets.

I do believe baiting the "smart fish" might be possible, but I have never done this. Is not legally entrapment, as we aren't any sort of police force, but I am not very comfortable with the idea. If someone attacks my box that is just unobtrusively sitting on the network, I believe the attacker should have no expectation of privacy for his activities on the system. Things become more complex if I try to lure the attacker.

8) IPv6
by caluml

Do you think that with the very large address space of IPv6 that random scanning for a certain port will die off? (I notice nmap doesn't support random IPv6 address scanning - maybe you've already come to the same conclusion?) Simply put, the chances of finding a machine if it's not advertised anywhere will be very much reduced. Will this make people lazy and complacent, trusting on the large numbers involved to protect them?

Fyodor

Finding a machine by by pinging a completely random 128-bit address will probably never be effective. Fortunately, we won't have to! Nmap does not even do that for 32-bit IPv4 addresses - it is smart enough to skip huge blocks of address space that are unallocated or used for private (RFC1918, localhost) addresses. We will also see patterns emerge for IPv6. For example, they may often be allocated sequentially so that finding one leads to many others. I am waiting until adoption rises and we start seeing these patterns emerge before I can implement them appropriately in Nmap. Certain new DNS features may also prove useful for locating IPv6 machines and networks.

9) standalones and small home nets
by zogger

it seems like most of the emphasis is on enterprise networks, but that still leaves millions and millions of home machines and small home networks just stuck. What do you see as some of the trends and solutions for those people? Their data and system integrity is just as important to them as any corporations is, and usually not having the appropriate skill set, is even harder to implement.

Fyodor

I am afraid the focus by security companies on enterprise networks will continue, as that is where the money is. The good news is that securing small home networks is far easier. But that doesn't make it simple, nor mean that many people will bother. I would categorize the risks into 3 categories:

Traditional network server vulnerabilities: Your average home user doesn't need to run any network daemons or have any TCP/UDP ports open to the Internet. Most of the time they only have 1 IP, used either by a standalone PC or a NAT device (e.g. "broadband router") in front of their small network. This is a good configuration, as it limits what attackers can reach directly. But you need to be sure that the IP doesn't have any unnecessary ports open. You can verify this by running 'netstat' on the Windows or UNIX machine using the IP. I would also recommend confirming using a port scanner such as Nmap. Here are example commands:

nmap -p- -sS -T4 -v -O [your IP]
nmap -p- -sU -v [ your IP ]

The TCP and UDP scans could be combined into one execution, but are listed separately since the TCP scan may go much faster. Remote UDP scans are also less reliable against some heavily filtered hosts. You may have to rely on the netstat info or configuration details in this case.

Any open ports found should be evaluated with extreme prejudice. Unless clearly necessary, close Windows file sharing, external NAT device admin ports, and everything else found.

Don't forget the wireless backdoor! Blocking the Internet link from your private machines is insufficient if anyone can hop on your open WLAN and attack your machines. WEP isn't perfect, but the 104-bit (so-called 128-bit) version should at least keep people from accidentally connecting to your network or sniffing your data. Be sure to set a good password and upgrade to recent firmware for your WAP and other network devices.

Subscribe to the security advisory lists for all the operating systems (and devices, if available) you run. Major vendors such as RedHat, Debian, FreeBSD, Mandrake, and Microsoft all offer these. Most even offer automatic updates if you desire that.

Client vulnerabilities: Once you close the services you don't need (ideally all of them), client vulnerabilities must be addressed. Keeping your web browser and mail reader up-to-date is particularly crucial. Also harden them as much as possible. For example, IE is full of holes but at least has a good interface for site-by-site security policies (Tools -> Internet Options -> Security). Go through and neuter the "Internet zone" settings by disabling ActiveX and Java. In the rare case that sites need this, find an alternative site or add them to the trusted zone. If your are really serious about security, neuter "trusted sites" and "local intranet" privileges as well. Many recent IE vulnerabilities trick the browser into using the wrong zones. Consider using a different browser. Also configure your mailer to disregard HTML and JavaScript.

Remember to pay careful attention to security warnings, whether they come from IE, Mozilla, your ssh client, or anything else. Don't just click OK. And don't shoot yourself in the foot when configuring your apps. It is hard to entirely blame the vendor when users tell P2P apps or Windows filesharing to share their whole drive without any password. Failing to change default passwords or enable basic restrictions on X Window or FTP servers is only slightly more forgivable. All of these errors happen frequently! The apps/devices should be secure by default, but you have the ultimate responsibility for protecting your data.

Malware: This is what I consider the biggest problem on desktops: people running applications they can't trust. Email borne viruses, worms and trojans are an obvious example. Be very careful what you click on. Unfortunately, it is very difficult to know what to trust. Mail is trivial to forge, and even the "proper" installers for many P2P applications infest your computer with loads of invasive spyware. Even Intuit TurboTax was caught writing to customers' boot information track.

What can you do? My honest suggestion is to run peer-reviewed open source applications on a free OS such as Linux or FreeBSD. You still have to be careful, but these problems are far less prevalent on UNIX platforms, which also have better tools and procedures to deal with them.

What if dumping Windows is not an option? Run NT/2K/XP instead of Win9X/ME, and try to run everything you can as an unprivileged (non-administrator) user. Be extraordinarily careful about what you install and run, and make frequent backups. You might also want to look into a personal firewall such as Zone Alarm (limited free version.

10) What is your favourite tool?
by Noryungi

I have just read your top 75 security tools list. Thank you for posting all this information, which I am going to study very carefully.

One question though: in all these tools, which one is your personal favourite? (This excludes Nmap, of course).

Fyodor

I have far too many favorites among this great group to choose just one! But here are a few developers and tools that are particularly worthy of mention:

One of the people I most admire in the security field is Solar Designer. He is a guru in networking, security, and low level kernel/assembly/architecture details. He has also created many tools that security professionals use daily. Yet he never exhibits the arrogance, elitism, and egotism that sadly characterizes so many "stars" of the security community.

Among SD's tools is John the Ripper, my longtime favorite local password hash cracker. It has been around forever, but was written with a flexible and powerful interface while keeping extensibility in mind. So it is still as useful in these days of shadowed password files and MD5/Blowfish hashes as it was back in the days of crypt() and unprotected /etc/passwd. Lately SD has been working on the Owl secure GNU/Linux distribution, which can be installed on disk for hardened systems like firewalls, or booted and run from CD as an easy way to run security tools such as John and Nmap.

Another of those "brilliant yet still nice" security developers is Dug Song. Even after the seminal "Insertion, Evasion, and Denial of Service" paper by Ptacek and Newsham, many IDS vendors continued to ignore the problem. When Doug released Fragrouter (now fragroute), which implements some of these attacks, vendors finally took notice! He has also written the excellent libdnet library, but my favorite of his tools is DSniff, a suite of tools for advanced network sniffing and "monkey-in-the-middle" attacks. It even handles ARP poisoning and other techniques for sniffing hosts on a switched LAN.

While I'm on this topic, let me also give "mad props" to the Hping2 packet prober, Kismet wireless stumbler, Ethereal packet decoder, Netcat, recent THC releases, Snort IDS, the Nessus vulnerability scanner, and all the other great Open Source tools out there!

I would also like to thank Slashdot for granting me this interview and to everyone who asked such excellent questions. I only wish I had time to answer more of them. Then again, I have probably rambled on enough. Now it is your turn to ramble in the comments :).

Cheers,
Fyodor

TheMadReaper asks: "I recently had to replace my laptop battery and couldn't decide whether to go for a new battery or a refurbished one. The refurbished ones are sold at a lot of places, but then I ran across this article that claims that refurbished batteries suck. For sure a bunch of you out there have tried refurbished batteries. So tell me, are they a good buy or a scam?"

jhigh writes "Marvin Minsky, co-founder of the MIT Artificial Intelligence Labratories is displeased with the progress in the development of autonomous intelligent machines. I found this quote more than a little amusing: '"The worst fad has been these stupid little robots," said Minsky. "Graduate students are wasting 3 years of their lives soldering and repairing robots, instead of making them smart. It's really shocking."'"

Sayten241 writes "Wired is running an article about a program from UC Berkeley in which website developers can literally sketch out a webpage using a tablet. The article states that Berkley felt that since so many web-developers sketch things out on paper before they begin, why not allow them to sketch on the computer? This program is not limited to websites however. It has also been used to help MIT design a Linux Interface (click the blue parts of the image to navigate through interface)."

cscx writes "Well, they've done it again. The boys at MIT have designed a video game that's playable by doing your business at a urinal . The game resembles "Duck Hunt" from the Nintendo days, except instead of the Zapper gun, the game is controlled by your stream hitting a multitude of sensors placed on the back wall of the urinal. Weird? Yes. Still cool? You bet." The accompanying document (PDF link, here's an HTML version from Google) explains how this game could lead to improved sanitation, since you won't want to miss, and may even increase personal hydration, since getting rid of all that water is now so much fun.

cscx writes "Well, they've done it again. The boys at MIT have designed a video game that's playable by doing your business at a urinal . The game resembles "Duck Hunt" from the Nintendo days, except instead of the Zapper gun, the game is controlled by your stream hitting a multitude of sensors placed on the back wall of the urinal. Weird? Yes. Still cool? You bet." The accompanying document (PDF link, here's an HTML version from Google) explains how this game could lead to improved sanitation, since you won't want to miss, and may even increase personal hydration, since getting rid of all that water is now so much fun.

Slashback brings you another source for the Unix Haters' Handbook, along with more news on the Caldera v. IBM lawsuit and other updates on topics from XPde to creating a stained-glass computer. Read on below for the details.

Why Yes, you can sell the Free books. ProteusQ writes "Project Gutenberg has released a 'Best Of' CD, April 2003 Edition. The CD compilation is copyrighted and licensed under a Creative Commons license that allows unlimited non-commercial duplication and distribution. You can even sell it, provided that you share 20% of the gross profits with Project Gutenberg. It contains almost 500 books, and the 'Best Of' project itself based on the Open Source model. All of the work was performed by volunteers (mostly by me, in this case), with the goal of building a volunteer base to create about three editions per year."

Welcome to the American legal system, mind your footing. An anonymous reader submits: "In an e-mail discussion that took place 24 and 25 April, SCO-Caldera Senior Vice President Chris Sontag told MozillaQuest Magazine that there is SCO-owned code in Red Hat and SuSE Linux distributions. He also told MozillaQuest Magazine that the tainted code is not in the Linux kernel that Linus [Torvalds] and others have helped develop. We're talking about what's on the periphery of the Linux kernel."

On this topic, Random BedHead Ed writes "IBM has released its denial of SCO Group's charges that it borrowed proprietary UNIX code in its development of the GNU/Linux system. Story at News.com.com.com.etc. The battle continues.

Also, check out PCLinuxOnline.com for a good summary of the events thus far. They also have a Boycott SCO page if you're interested."

The height of practicality. Jerami Campbell writes "I just saw your article in Slashdot 'Building a stained glass computer case?' I have made several stained glass computer cases, I thought you might be interested in checking them out. You can see all of my cases at lucentrigs.com. I will have a new one finished in a couple of days. It is black glass with a red lava lamp mounted in the front."

Gun buffs have well-adjusted sights. In regards to the MP3-player-in-a-rifle-magazine posted the other day, Mat S. writes "I would be reaaaaally surprised if this fit a standard AK-47, as it is an SVD (Russian infantry rifle, as opposed to the AK, which is in fact a carbine, although called an assault rifle) mag. It accommodates much more powerful ammo, and the cartridges are about 50% longer than the AK's. Thank you for your attention. I still WANT this player. Might be a bit on the heavy side, though. this case is stamped steel, about 3 mm thick :)"

Fair and balanced, naturally. An anonymous reader writes "For those of you who were unable to obtain the Microsoft propaganda about Unix, it's up at MIT."

Note for the humorless: the UHH is not "Microsoft propaganda."

The best Congress money can buy. If you thought Hilary Rosen writing Iraq's copyright law was an isolated incident, don't worry, she's not alone. theodp writes "The RIAA paid $18,000 for the chairman of the House Judiciary Committee to travel to Taiwan and Thailand to make it clear to government officials that the pressure to enforce U.S. laws against pirating of music and movies 'is a unified message coming from all levels of the U.S. government.' Watchdog groups say the trip may have violated House ethics rules, and one is calling for a House Ethics Committee investigation. Rep. Jim Sensenbrenner, R-Wis., said he could have used committee funds to pay for the trip but, 'I thought I would save the taxpayers some money on this.'"

Thanks a bundle.

A considerate way to fool your friends and family. We've mentioned the blink-twice Trompe L'Oeil Windows-looking desktop XPde a few times before; now xexen writes "On April 26th 2003, I received an email. The XPde Team released XPde 0.3.5, a major upgrade to the XPde desktop environment and window manager. Check out the announcement, view the screenshots, or read the detailed ChangeLog."

Build up your frequent flyer miles. A few weeks ago we mentioned that the proceedings of the most recent linux.conf.au (a Linux gathering Down Under) were available as an ISO; hemos, who was on hand at the conference, passes on word that the CDs have been sent out, and points to some more info on the next LCA.

nickmontfort writes "The New Media Reader is out now from MIT Press. The book tries to shed light on how people have used computers to create and communicate. Also included is a cross-platform CD with original programs from the past four decades, some documented, some running in emulation." With a book and CD including vintage articles and classic titles like Spacewar!, Hunt The Wumpus, Yar's Revenge, and Karateka, this is an interesting, if quite theory-skewed look at computer interactivity - check out excerpts at the official website.

TheSync writes "ScienceNews has a story about digital DNA circuits. The circuits use proteins that activate or deactivate genes on the DNA for control. Since an inverter and an AND gate have been created, any digital logic circuit can now be done in DNA. Moreover, evolution can help make circuit elements work better. There is even a "databook" of BioBricks circuit elements and BioSPICE for biocircuit simulation."

rjnagle writes "When Marc Prensky asked a colleague who had just returned from a training course how it was, she replied, 'AFTRB.' (Another #$#$^&# Three Ring Binder) . In his book, Digital Game-Based Learning , Prensky, an instructional game designer and founder of games2train, argues that computer games are more effective learning tools because they sustain interest and attention in settings where people are normally bored." To follow that train of thought (or if you just liked Ender's Game), read on below for Nagle's lengthy review of the book. Digital Game Based Learning author Marc Prensky pages 442 publisher McGraw-Hill Trade rating 5/5 reviewer Robert Nagle (aka Idiotprogrammer) ISBN 0071363440 summary Visionary book on instructional design and game design.

Digital Game-Based Learning (DGBL) consists of two parts. In the first part, Prensky argues that the prevalence of video games has actually rewired our brains and made traditional learning methods less effective. In the second part, Prensky makes the case that DGBL can be used successfully by corporations to train people and offers practical advice (based on vast experience) about how to deploy game-based training methods. Throughout the book, Prensky examines aesthetic, cognitive and pedagogical questions surrounding such games and provides dozens of case studies to illustrate his points.

Prensky argues that current learning methods for young learners fail to engage learners used to interactive media. Learners now expect interactivity. Prensky writes:

Games Generation workers rarely even think of reading a manual. They'll just play with the software, hitting every key if necessary, until they figure it out. If they can't, they assume the problem is with the software, not with them--software is supposed to teach you how to use it. This attitude is almost certainly a direct result of growing up with Sega, Sony, Nintendo, and other video games where each level and monster had to be figured out by trial and error, and each trial click could lead to a hidden surprise. Games are almost all designed to teach as you go.

Prensky believes that the instructor-led classroom and the teach-test method are actually historical artifacts no more than 200 or 300 years old. The teach-test instructor-led class and its instructional methods arose partially from the rise of the printing press and the widespread availability of reading material.

Why then does the teach-test method still prevail? One reason may be the generation gap and technology gap between learners and teachers. Even technologically savvy educators have biases towards methods that worked while they were learners themselves. The way we learn is to some extent a byproduct of the cultural and technological milieu we mature in. Twenty years ago educators were extolling the virtues of reading books while youngsters (including me) were "wasting" their time before the boob tube. Nowadays, undoubtedly, there is a tension between educators pushing "media literacy" (media, in this case, often equaling conventional TV broadcasting) and students too busy making additions to their online Sims house or watching webcams of friends to care. No matter how much you may try to keep up, I once told a group of middle-aged Ukrainian teachers, your students will always be more hip to the technology than you.

This is not merely a matter of age but of comfort level. Growing up with a technology (especially at an early ago) makes using it second nature. According to the neurology and psychology research that Prensky cites, the brain reorganizes and rewires itself in response to cultural stimuli, so a child who plays videogames at night is bored at class not because of "short attention span" or bad study habits but because the child's brain has programmed itself to respond better to "twitchspeed" interactivity. Prensky cites John Bruer's statement that achieving this kind of brain reorganization requires students to spend "100 minutes a day, 5 days a week, for 5 to 10 weeks to create desired changes because "it takes sharply focused attention to rewire a brain." Then Prensky adds, "Several hours a day, five days a week, sharply focused attention--does that remind you of anything? Oh yes -video games!" (p 43) . Interestingly, Prensky cites research about how children with attention deficit disorder are using video games to retrain their brain and help them to concentrate. For the game-playing child, going to school means having to "power down" and endure teaching methods ill-suited to him. (p44).

After Sesame Street showed that you could educate children by entertaining them (and sustaining their interest), games (and sometimes even instructional technology) have focused on how to sustain this interest. In an age where pop-ups, 15-second promos and CNN updates are everywhere, it is no wonder that "gaining attention share" is the central concern. Children have learned the art of selectively being able to tune out media. How then to keep their attention? Interestingly, this concern parallels that of game developers looking for better ways to sustain gameplay.

A child once described playing educational games as "hard fun." When people are "playing," they forget inhibitions and self-consciousness to concentrate on the game's mission (i.e, "learning objectives"). When I taught English to college students overseas, I was surprised to find that one of my weakest and least confident student interacted adeptly to an immersive role-playing game with a strong English language component. From my viewpoint, she was quickly comprehending spoken dialogue and responding appropriately. From her viewpoint, she had just crossed the bridge and now could start digging for gold. Cognitive breakthroughs often require distracting activity to allow the mind to refocus (visionary Alan Kay wrote, "people have more brainstorms on the jogging path than at their desks."). Educators typically view educational gaming as useful mainly for drill and practice, but as gaming environments become more complex, edugames may be more useful in providing roundabout paths towards concepts hard to reach by traditional methods. To use just one example, computer aids allow students to manipulate data and geometric figures as a way to experiment with mathematical principles. Indeed, one of Prensky's most successful game projects, the Monkey Wrench Conspiracy, taught young learners/players how to do 3D computer design by setting them in a spaceship with a mission to make repairs before the spaceship blows up.

The most fascinating section for me was Prensky's juxtaposition of game design principles alongside instructional design principles. Even if one doesn't accept Prensky's historical analysis (and thoughtful detractors like Kurt Squier have pointed out shortcomings) or his argument that games should be more widely used for training, Prensky's theoretical overview of game design should interest people in both the education and game camps. Both game designers and instructional designers are obsessed with epistemology: how to reveal information to the player/learner in a way that sustains interest; how to use conflict to change the player/learner's behavior or attitudes; how to provide enough feedback for the player/learner to change behavior; how to present a simplified view of the world without distorting it; and how to permit freedom of exploration within the constraints of an object-oriented world or of a lesson plan. These are concerns, by the way, that also interest writers of plays and fiction, except that the "player" is split into two roles: that of character (who is controlled by the playwright/writer controls) and audience (who can emphasize and anticipate, but can't change outcomes).

Prensky's grid that maps learning content to game styles (p156) indicates that sufficient varieties of games exist to tackle any training challenge. Electronic Jeopardy style games can drill employees about company policies (and these templates are commercially available and widely used). Realistic simulation games, although probably more costly to produce, may actually reduce training costs whenever the actual equipment or training environment is expensive to begin with. Better that the potential pilot crash-land a few Flight Simulator planes, or that the combat soldier accidentally kill a few civilians within a simulation environment than for real. Prensky offers good questions for evaluating the educational value of computer games: do people using it think of themselves as players rather than students? Is the experience addictive? Does it encourage reflection? Would the game be considered "fun" by someone outside the target audience? Despite the similarities, there are important differences, Prensky would argue, between games that entertain and those that educate. For one thing, successful games require visual external action to sustain attention. But this is not needed for certain domains of learning. Games may be good for learning the process of putting together a Burger King hamburger (p264), but would a game be practical for learning Java programming? Or Freud's theory of the unconscious? It's probably not impossible to design such a game; both Java and psychoanalysis involve understanding low-level mechanisms of causation, recognizing aberrant patterns and being able to select the correct algorithm from the available repertory of solutions. Role-playing and collaborative simulations would help. But what the learner needs most is FEEDBACK, game or no game. The assumption behind Prensky's advocacy of game-based learning is that content needs "livening up" or that external motivators (like video games) are needed to drive the students toward learning. I am not questioning the value of these "external motivators." But I have to wonder whether Prensky's pedagogical approach implies that certain kinds of learning activities cannot be self-motivating. Sure, a game about Java programming might amuse the CS student, but the more crucial question (I would argue) is whether this student finds the very activity of programming in java to be "hard fun."

To Prensky's credit, he does not insist that game-based learning is the best strategy for every learning situation. Perhaps the most compelling part of the book is a discussion of more than 40 case studies where computer games have been cost-effective at training. They range from an animated courtroom game (Objection) to a customer service game (where in the world is Carmen Sandiego's Luggage?) to a Sexual Harassment gameshow and many fine examples from Prensky's own company (which can be sampled online for free). He offers helpful advice (undoubtedly gained from experience) about how trainers can launch and even manage such a project. Among his suggestions: befriend IT as soon as possible; choose urgent learning needs that are "boring, complex or difficult," and offer game-based learning in conjunction with more traditional methods and give learners the option NOT to learn via the game method. Prensky offers practical suggestions to companies with training budgets ranging from the hundreds of thousands of dollars to nothing. Although the book is two years old, it still gives a good sense of what your money can get you these days.

Critics usually argue that "e-learning" doesn't compare favorably to live teachers. That is missing the point; the real question is whether e-learning (and game-based learning) provides comparable learning at a lower cost. As e-learning and game-based learning becomes more cost-effective, Prensky predicts a fairly radical transformation of the teacher/trainer's role. To some extent, this has already occurred with the advent of collaborative and student-based learning. But trainers may spend more time choosing the best learning tool for students (or creating new ones!) than actually teaching in a classroom. Is this bad? Prensky mentions that "any teacher who can be replaced by a computer, should be." In this world of game-based learning, Prensky argues, teachers can play a vital role in ensuring that students adequately reflect on the problems or conflicts that arose during the game/learning activity. Games are good at interactivity but bad at reflection. They offer ample opportunities for learning by doing, Prensky says, but minimal opportunities for reflection. One student, asked what he learned from playing SimCity, said, "I learned that if I don't feed the people, they will starve and die." That is clearly insufficient. A good instructor can help the student explore issues more deeply: how do politicians decide about allocating resources? Does the feedback offered to politicians give an accurate reflection of society's needs and problems? What strategies worked or did not work within the context of the game? Would these strategies also work in real life? Reflection is not necessary for every learning context, but today's trainers can make sure students have enough reflection to reap the benefits of game-based learning.

Prensky's book is an excellent introduction to this exciting field. He writes superbly and has a good grasp on learning theory and software design. Although clearly an enthusiast, he never implies that DGBL is the only or best teaching method. Many of Prensky's successes involve computer games as a primary component, but computer games don't need to play a central part in a lesson to be useful for learners. For example, a student can attend a traditional foreign language class and practice at home using a computer game. Ultimately computer games may have more value as supplemental material than as primary material.

Prensky's critique of the traditional trainer is sometimes unfair, especially the "generation gap" thing. Technology is not essential for reaching younger learners (and some experts have decried its overuse). Resourcefulness, a well-designed curriculum and motivational ability trumps game-based learning every time (even Prensky would agree with that, I think).

If we accept Prensky's premise that instructional methods are somehow determined by the prevailing state of technology, one starts down the path of saying that instructional methods are subject to obsolescence. New teaching methods may be more cost-effective or more motivating, but they don't necessary repudiate the value of "old-fashioned" methods (indeed, there will come a time when DGBL will be regarded as old-fashioned, so Prensky better watch out what he says). Using teaching methods so dependent on a technology, I would argue, has the unfortunate effect of rendering teachers helpless in the wake of massive technological breakdown. If a trainer/facilitator skilled in DGBL suddenly found his classroom without Internet access, could he still train employees effectively? One of my most edifying experiences as a teacher came at a Albanian university in Vlore lacking not only computers, but also copy machines and yes, sometimes even electricity. Every day I walked to class, mentally having to plan for contingencies (no electricity, inability to obtain photocopies from a nearby shop) for the day's lessons. While I still managed to pull off some funky lessons (with battery-powered cassette players, magic markers, magazine pictures and large posterboards), I couldn't help wondering if my "innovative teaching methods" merely burdened me with more things that could go wrong. The flip side of Prensky's magnificent vision is the nightmare scenario of teachers so overwhelmed with newfangled technological aids that they opt for the tried-and-true (but technologically primitive) methods rather than risk losing a class to downtime.

Although the spectacular successes mentioned in the book were informative, it also might have been helpful to examine cases where DGBL have failed or turned out to be not particularly remarkable. Every so often, a new theory or learning method hits the world, and suddenly educators use this method whether it is appropriate or not. When is DGBL not appropriate?

When making the business case for DGBL, Prensky overlooked two important things. First, the obsolescence of technology and technological standards (and the perception of obsolescence) diminishes the value of custom-built games for corporations. This seems to be an argument for using cheaper mass-market games rather than convincing the CEO to fund an ambitious game project. Also, I'm surprised that the book didn't spend more time on one obvious advantage to DGBL: digital assessments. Computer games make it easier to verify that learners performed required tasks and to keep the performance data in digital form to demonstrate compliance. That would be a big selling point for human resources.

I've written elsewhere that as immersive games become more sophisticated and develop their own society and values, real life will start to resemble a video game and videogame prowess may become an end worth pursuing for its own sake. Now that weapons and radar systems look more like computer games, for example, military recruiters might be happy with legions of game addicts manning their battalions. As it becomes easier to gain knowledge and experience completely from computer games, the notion of having to learn things from real life will start to seem very strange.

Other Resources

Marc Prensky has put generous excerpts from the book online for free. His company website contain a lot of fun free/demo games, including (my favorite) "The Challenge." Expect it to be slashdotted for a while. You can also buy the book here.

Kurt Squire of MIT's Games-to-Teach project , has written a preceptive article, Reframing the Cultural Space of Computer and Video Games and many other things on game-based learning , including an excellent critique of Prensky's book.

Dr. Sivasailam "Thiagi" Thiagarajan writes frequently on using games for training. His Thiagi website contains lots of freebies as well as a free monthly newsletter with lots of game/training ideas.

Gamasutra has a separate section on writings about educational games. Free registration is required.

Although not explicitly about game-based learning, Steven Poole's book, Trigger Happy offers a sophisticated aesthetic analysis of videogame narratives and engagement.

Robert Nagle (aka Idiotprogrammer) is a linux nut, technical writer and trainer with a background in instructional design and game design. He works for Texas Instruments in Houston. You can purchase Digital Game Based Learning from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

rjnagle writes "When Marc Prensky asked a colleague who had just returned from a training course how it was, she replied, 'AFTRB.' (Another #$#$^&# Three Ring Binder) . In his book, Digital Game-Based Learning , Prensky, an instructional game designer and founder of games2train, argues that computer games are more effective learning tools because they sustain interest and attention in settings where people are normally bored." To follow that train of thought (or if you just liked Ender's Game), read on below for Nagle's lengthy review of the book. Digital Game Based Learning author Marc Prensky pages 442 publisher McGraw-Hill Trade rating 5/5 reviewer Robert Nagle (aka Idiotprogrammer) ISBN 0071363440 summary Visionary book on instructional design and game design.

Digital Game-Based Learning (DGBL) consists of two parts. In the first part, Prensky argues that the prevalence of video games has actually rewired our brains and made traditional learning methods less effective. In the second part, Prensky makes the case that DGBL can be used successfully by corporations to train people and offers practical advice (based on vast experience) about how to deploy game-based training methods. Throughout the book, Prensky examines aesthetic, cognitive and pedagogical questions surrounding such games and provides dozens of case studies to illustrate his points.

Prensky argues that current learning methods for young learners fail to engage learners used to interactive media. Learners now expect interactivity. Prensky writes:

Games Generation workers rarely even think of reading a manual. They'll just play with the software, hitting every key if necessary, until they figure it out. If they can't, they assume the problem is with the software, not with them--software is supposed to teach you how to use it. This attitude is almost certainly a direct result of growing up with Sega, Sony, Nintendo, and other video games where each level and monster had to be figured out by trial and error, and each trial click could lead to a hidden surprise. Games are almost all designed to teach as you go.

Prensky believes that the instructor-led classroom and the teach-test method are actually historical artifacts no more than 200 or 300 years old. The teach-test instructor-led class and its instructional methods arose partially from the rise of the printing press and the widespread availability of reading material.

Why then does the teach-test method still prevail? One reason may be the generation gap and technology gap between learners and teachers. Even technologically savvy educators have biases towards methods that worked while they were learners themselves. The way we learn is to some extent a byproduct of the cultural and technological milieu we mature in. Twenty years ago educators were extolling the virtues of reading books while youngsters (including me) were "wasting" their time before the boob tube. Nowadays, undoubtedly, there is a tension between educators pushing "media literacy" (media, in this case, often equaling conventional TV broadcasting) and students too busy making additions to their online Sims house or watching webcams of friends to care. No matter how much you may try to keep up, I once told a group of middle-aged Ukrainian teachers, your students will always be more hip to the technology than you.

This is not merely a matter of age but of comfort level. Growing up with a technology (especially at an early ago) makes using it second nature. According to the neurology and psychology research that Prensky cites, the brain reorganizes and rewires itself in response to cultural stimuli, so a child who plays videogames at night is bored at class not because of "short attention span" or bad study habits but because the child's brain has programmed itself to respond better to "twitchspeed" interactivity. Prensky cites John Bruer's statement that achieving this kind of brain reorganization requires students to spend "100 minutes a day, 5 days a week, for 5 to 10 weeks to create desired changes because "it takes sharply focused attention to rewire a brain." Then Prensky adds, "Several hours a day, five days a week, sharply focused attention--does that remind you of anything? Oh yes -video games!" (p 43) . Interestingly, Prensky cites research about how children with attention deficit disorder are using video games to retrain their brain and help them to concentrate. For the game-playing child, going to school means having to "power down" and endure teaching methods ill-suited to him. (p44).

After Sesame Street showed that you could educate children by entertaining them (and sustaining their interest), games (and sometimes even instructional technology) have focused on how to sustain this interest. In an age where pop-ups, 15-second promos and CNN updates are everywhere, it is no wonder that "gaining attention share" is the central concern. Children have learned the art of selectively being able to tune out media. How then to keep their attention? Interestingly, this concern parallels that of game developers looking for better ways to sustain gameplay.

A child once described playing educational games as "hard fun." When people are "playing," they forget inhibitions and self-consciousness to concentrate on the game's mission (i.e, "learning objectives"). When I taught English to college students overseas, I was surprised to find that one of my weakest and least confident student interacted adeptly to an immersive role-playing game with a strong English language component. From my viewpoint, she was quickly comprehending spoken dialogue and responding appropriately. From her viewpoint, she had just crossed the bridge and now could start digging for gold. Cognitive breakthroughs often require distracting activity to allow the mind to refocus (visionary Alan Kay wrote, "people have more brainstorms on the jogging path than at their desks."). Educators typically view educational gaming as useful mainly for drill and practice, but as gaming environments become more complex, edugames may be more useful in providing roundabout paths towards concepts hard to reach by traditional methods. To use just one example, computer aids allow students to manipulate data and geometric figures as a way to experiment with mathematical principles. Indeed, one of Prensky's most successful game projects, the Monkey Wrench Conspiracy, taught young learners/players how to do 3D computer design by setting them in a spaceship with a mission to make repairs before the spaceship blows up.

The most fascinating section for me was Prensky's juxtaposition of game design principles alongside instructional design principles. Even if one doesn't accept Prensky's historical analysis (and thoughtful detractors like Kurt Squier have pointed out shortcomings) or his argument that games should be more widely used for training, Prensky's theoretical overview of game design should interest people in both the education and game camps. Both game designers and instructional designers are obsessed with epistemology: how to reveal information to the player/learner in a way that sustains interest; how to use conflict to change the player/learner's behavior or attitudes; how to provide enough feedback for the player/learner to change behavior; how to present a simplified view of the world without distorting it; and how to permit freedom of exploration within the constraints of an object-oriented world or of a lesson plan. These are concerns, by the way, that also interest writers of plays and fiction, except that the "player" is split into two roles: that of character (who is controlled by the playwright/writer controls) and audience (who can emphasize and anticipate, but can't change outcomes).

Prensky's grid that maps learning content to game styles (p156) indicates that sufficient varieties of games exist to tackle any training challenge. Electronic Jeopardy style games can drill employees about company policies (and these templates are commercially available and widely used). Realistic simulation games, although probably more costly to produce, may actually reduce training costs whenever the actual equipment or training environment is expensive to begin with. Better that the potential pilot crash-land a few Flight Simulator planes, or that the combat soldier accidentally kill a few civilians within a simulation environment than for real. Prensky offers good questions for evaluating the educational value of computer games: do people using it think of themselves as players rather than students? Is the experience addictive? Does it encourage reflection? Would the game be considered "fun" by someone outside the target audience? Despite the similarities, there are important differences, Prensky would argue, between games that entertain and those that educate. For one thing, successful games require visual external action to sustain attention. But this is not needed for certain domains of learning. Games may be good for learning the process of putting together a Burger King hamburger (p264), but would a game be practical for learning Java programming? Or Freud's theory of the unconscious? It's probably not impossible to design such a game; both Java and psychoanalysis involve understanding low-level mechanisms of causation, recognizing aberrant patterns and being able to select the correct algorithm from the available repertory of solutions. Role-playing and collaborative simulations would help. But what the learner needs most is FEEDBACK, game or no game. The assumption behind Prensky's advocacy of game-based learning is that content needs "livening up" or that external motivators (like video games) are needed to drive the students toward learning. I am not questioning the value of these "external motivators." But I have to wonder whether Prensky's pedagogical approach implies that certain kinds of learning activities cannot be self-motivating. Sure, a game about Java programming might amuse the CS student, but the more crucial question (I would argue) is whether this student finds the very activity of programming in java to be "hard fun."

To Prensky's credit, he does not insist that game-based learning is the best strategy for every learning situation. Perhaps the most compelling part of the book is a discussion of more than 40 case studies where computer games have been cost-effective at training. They range from an animated courtroom game (Objection) to a customer service game (where in the world is Carmen Sandiego's Luggage?) to a Sexual Harassment gameshow and many fine examples from Prensky's own company (which can be sampled online for free). He offers helpful advice (undoubtedly gained from experience) about how trainers can launch and even manage such a project. Among his suggestions: befriend IT as soon as possible; choose urgent learning needs that are "boring, complex or difficult," and offer game-based learning in conjunction with more traditional methods and give learners the option NOT to learn via the game method. Prensky offers practical suggestions to companies with training budgets ranging from the hundreds of thousands of dollars to nothing. Although the book is two years old, it still gives a good sense of what your money can get you these days.

Critics usually argue that "e-learning" doesn't compare favorably to live teachers. That is missing the point; the real question is whether e-learning (and game-based learning) provides comparable learning at a lower cost. As e-learning and game-based learning becomes more cost-effective, Prensky predicts a fairly radical transformation of the teacher/trainer's role. To some extent, this has already occurred with the advent of collaborative and student-based learning. But trainers may spend more time choosing the best learning tool for students (or creating new ones!) than actually teaching in a classroom. Is this bad? Prensky mentions that "any teacher who can be replaced by a computer, should be." In this world of game-based learning, Prensky argues, teachers can play a vital role in ensuring that students adequately reflect on the problems or conflicts that arose during the game/learning activity. Games are good at interactivity but bad at reflection. They offer ample opportunities for learning by doing, Prensky says, but minimal opportunities for reflection. One student, asked what he learned from playing SimCity, said, "I learned that if I don't feed the people, they will starve and die." That is clearly insufficient. A good instructor can help the student explore issues more deeply: how do politicians decide about allocating resources? Does the feedback offered to politicians give an accurate reflection of society's needs and problems? What strategies worked or did not work within the context of the game? Would these strategies also work in real life? Reflection is not necessary for every learning context, but today's trainers can make sure students have enough reflection to reap the benefits of game-based learning.

Prensky's book is an excellent introduction to this exciting field. He writes superbly and has a good grasp on learning theory and software design. Although clearly an enthusiast, he never implies that DGBL is the only or best teaching method. Many of Prensky's successes involve computer games as a primary component, but computer games don't need to play a central part in a lesson to be useful for learners. For example, a student can attend a traditional foreign language class and practice at home using a computer game. Ultimately computer games may have more value as supplemental material than as primary material.

Prensky's critique of the traditional trainer is sometimes unfair, especially the "generation gap" thing. Technology is not essential for reaching younger learners (and some experts have decried its overuse). Resourcefulness, a well-designed curriculum and motivational ability trumps game-based learning every time (even Prensky would agree with that, I think).

If we accept Prensky's premise that instructional methods are somehow determined by the prevailing state of technology, one starts down the path of saying that instructional methods are subject to obsolescence. New teaching methods may be more cost-effective or more motivating, but they don't necessary repudiate the value of "old-fashioned" methods (indeed, there will come a time when DGBL will be regarded as old-fashioned, so Prensky better watch out what he says). Using teaching methods so dependent on a technology, I would argue, has the unfortunate effect of rendering teachers helpless in the wake of massive technological breakdown. If a trainer/facilitator skilled in DGBL suddenly found his classroom without Internet access, could he still train employees effectively? One of my most edifying experiences as a teacher came at a Albanian university in Vlore lacking not only computers, but also copy machines and yes, sometimes even electricity. Every day I walked to class, mentally having to plan for contingencies (no electricity, inability to obtain photocopies from a nearby shop) for the day's lessons. While I still managed to pull off some funky lessons (with battery-powered cassette players, magic markers, magazine pictures and large posterboards), I couldn't help wondering if my "innovative teaching methods" merely burdened me with more things that could go wrong. The flip side of Prensky's magnificent vision is the nightmare scenario of teachers so overwhelmed with newfangled technological aids that they opt for the tried-and-true (but technologically primitive) methods rather than risk losing a class to downtime.

Although the spectacular successes mentioned in the book were informative, it also might have been helpful to examine cases where DGBL have failed or turned out to be not particularly remarkable. Every so often, a new theory or learning method hits the world, and suddenly educators use this method whether it is appropriate or not. When is DGBL not appropriate?

When making the business case for DGBL, Prensky overlooked two important things. First, the obsolescence of technology and technological standards (and the perception of obsolescence) diminishes the value of custom-built games for corporations. This seems to be an argument for using cheaper mass-market games rather than convincing the CEO to fund an ambitious game project. Also, I'm surprised that the book didn't spend more time on one obvious advantage to DGBL: digital assessments. Computer games make it easier to verify that learners performed required tasks and to keep the performance data in digital form to demonstrate compliance. That would be a big selling point for human resources.

I've written elsewhere that as immersive games become more sophisticated and develop their own society and values, real life will start to resemble a video game and videogame prowess may become an end worth pursuing for its own sake. Now that weapons and radar systems look more like computer games, for example, military recruiters might be happy with legions of game addicts manning their battalions. As it becomes easier to gain knowledge and experience completely from computer games, the notion of having to learn things from real life will start to seem very strange.

Other Resources

Marc Prensky has put generous excerpts from the book online for free. His company website contain a lot of fun free/demo games, including (my favorite) "The Challenge." Expect it to be slashdotted for a while. You can also buy the book here.

Kurt Squire of MIT's Games-to-Teach project , has written a preceptive article, Reframing the Cultural Space of Computer and Video Games and many other things on game-based learning , including an excellent critique of Prensky's book.

Dr. Sivasailam "Thiagi" Thiagarajan writes frequently on using games for training. His Thiagi website contains lots of freebies as well as a free monthly newsletter with lots of game/training ideas.

Gamasutra has a separate section on writings about educational games. Free registration is required.

Although not explicitly about game-based learning, Steven Poole's book, Trigger Happy offers a sophisticated aesthetic analysis of videogame narratives and engagement.

Robert Nagle (aka Idiotprogrammer) is a linux nut, technical writer and trainer with a background in instructional design and game design. He works for Texas Instruments in Houston. You can purchase Digital Game Based Learning from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

rjnagle writes "When Marc Prensky asked a colleague who had just returned from a training course how it was, she replied, 'AFTRB.' (Another #$#$^&# Three Ring Binder) . In his book, Digital Game-Based Learning , Prensky, an instructional game designer and founder of games2train, argues that computer games are more effective learning tools because they sustain interest and attention in settings where people are normally bored." To follow that train of thought (or if you just liked Ender's Game), read on below for Nagle's lengthy review of the book. Digital Game Based Learning author Marc Prensky pages 442 publisher McGraw-Hill Trade rating 5/5 reviewer Robert Nagle (aka Idiotprogrammer) ISBN 0071363440 summary Visionary book on instructional design and game design.

Digital Game-Based Learning (DGBL) consists of two parts. In the first part, Prensky argues that the prevalence of video games has actually rewired our brains and made traditional learning methods less effective. In the second part, Prensky makes the case that DGBL can be used successfully by corporations to train people and offers practical advice (based on vast experience) about how to deploy game-based training methods. Throughout the book, Prensky examines aesthetic, cognitive and pedagogical questions surrounding such games and provides dozens of case studies to illustrate his points.

Prensky argues that current learning methods for young learners fail to engage learners used to interactive media. Learners now expect interactivity. Prensky writes:

Games Generation workers rarely even think of reading a manual. They'll just play with the software, hitting every key if necessary, until they figure it out. If they can't, they assume the problem is with the software, not with them--software is supposed to teach you how to use it. This attitude is almost certainly a direct result of growing up with Sega, Sony, Nintendo, and other video games where each level and monster had to be figured out by trial and error, and each trial click could lead to a hidden surprise. Games are almost all designed to teach as you go.

Prensky believes that the instructor-led classroom and the teach-test method are actually historical artifacts no more than 200 or 300 years old. The teach-test instructor-led class and its instructional methods arose partially from the rise of the printing press and the widespread availability of reading material.

Why then does the teach-test method still prevail? One reason may be the generation gap and technology gap between learners and teachers. Even technologically savvy educators have biases towards methods that worked while they were learners themselves. The way we learn is to some extent a byproduct of the cultural and technological milieu we mature in. Twenty years ago educators were extolling the virtues of reading books while youngsters (including me) were "wasting" their time before the boob tube. Nowadays, undoubtedly, there is a tension between educators pushing "media literacy" (media, in this case, often equaling conventional TV broadcasting) and students too busy making additions to their online Sims house or watching webcams of friends to care. No matter how much you may try to keep up, I once told a group of middle-aged Ukrainian teachers, your students will always be more hip to the technology than you.

This is not merely a matter of age but of comfort level. Growing up with a technology (especially at an early ago) makes using it second nature. According to the neurology and psychology research that Prensky cites, the brain reorganizes and rewires itself in response to cultural stimuli, so a child who plays videogames at night is bored at class not because of "short attention span" or bad study habits but because the child's brain has programmed itself to respond better to "twitchspeed" interactivity. Prensky cites John Bruer's statement that achieving this kind of brain reorganization requires students to spend "100 minutes a day, 5 days a week, for 5 to 10 weeks to create desired changes because "it takes sharply focused attention to rewire a brain." Then Prensky adds, "Several hours a day, five days a week, sharply focused attention--does that remind you of anything? Oh yes -video games!" (p 43) . Interestingly, Prensky cites research about how children with attention deficit disorder are using video games to retrain their brain and help them to concentrate. For the game-playing child, going to school means having to "power down" and endure teaching methods ill-suited to him. (p44).

After Sesame Street showed that you could educate children by entertaining them (and sustaining their interest), games (and sometimes even instructional technology) have focused on how to sustain this interest. In an age where pop-ups, 15-second promos and CNN updates are everywhere, it is no wonder that "gaining attention share" is the central concern. Children have learned the art of selectively being able to tune out media. How then to keep their attention? Interestingly, this concern parallels that of game developers looking for better ways to sustain gameplay.

A child once described playing educational games as "hard fun." When people are "playing," they forget inhibitions and self-consciousness to concentrate on the game's mission (i.e, "learning objectives"). When I taught English to college students overseas, I was surprised to find that one of my weakest and least confident student interacted adeptly to an immersive role-playing game with a strong English language component. From my viewpoint, she was quickly comprehending spoken dialogue and responding appropriately. From her viewpoint, she had just crossed the bridge and now could start digging for gold. Cognitive breakthroughs often require distracting activity to allow the mind to refocus (visionary Alan Kay wrote, "people have more brainstorms on the jogging path than at their desks."). Educators typically view educational gaming as useful mainly for drill and practice, but as gaming environments become more complex, edugames may be more useful in providing roundabout paths towards concepts hard to reach by traditional methods. To use just one example, computer aids allow students to manipulate data and geometric figures as a way to experiment with mathematical principles. Indeed, one of Prensky's most successful game projects, the Monkey Wrench Conspiracy, taught young learners/players how to do 3D computer design by setting them in a spaceship with a mission to make repairs before the spaceship blows up.

The most fascinating section for me was Prensky's juxtaposition of game design principles alongside instructional design principles. Even if one doesn't accept Prensky's historical analysis (and thoughtful detractors like Kurt Squier have pointed out shortcomings) or his argument that games should be more widely used for training, Prensky's theoretical overview of game design should interest people in both the education and game camps. Both game designers and instructional designers are obsessed with epistemology: how to reveal information to the player/learner in a way that sustains interest; how to use conflict to change the player/learner's behavior or attitudes; how to provide enough feedback for the player/learner to change behavior; how to present a simplified view of the world without distorting it; and how to permit freedom of exploration within the constraints of an object-oriented world or of a lesson plan. These are concerns, by the way, that also interest writers of plays and fiction, except that the "player" is split into two roles: that of character (who is controlled by the playwright/writer controls) and audience (who can emphasize and anticipate, but can't change outcomes).

Prensky's grid that maps learning content to game styles (p156) indicates that sufficient varieties of games exist to tackle any training challenge. Electronic Jeopardy style games can drill employees about company policies (and these templates are commercially available and widely used). Realistic simulation games, although probably more costly to produce, may actually reduce training costs whenever the actual equipment or training environment is expensive to begin with. Better that the potential pilot crash-land a few Flight Simulator planes, or that the combat soldier accidentally kill a few civilians within a simulation environment than for real. Prensky offers good questions for evaluating the educational value of computer games: do people using it think of themselves as players rather than students? Is the experience addictive? Does it encourage reflection? Would the game be considered "fun" by someone outside the target audience? Despite the similarities, there are important differences, Prensky would argue, between games that entertain and those that educate. For one thing, successful games require visual external action to sustain attention. But this is not needed for certain domains of learning. Games may be good for learning the process of putting together a Burger King hamburger (p264), but would a game be practical for learning Java programming? Or Freud's theory of the unconscious? It's probably not impossible to design such a game; both Java and psychoanalysis involve understanding low-level mechanisms of causation, recognizing aberrant patterns and being able to select the correct algorithm from the available repertory of solutions. Role-playing and collaborative simulations would help. But what the learner needs most is FEEDBACK, game or no game. The assumption behind Prensky's advocacy of game-based learning is that content needs "livening up" or that external motivators (like video games) are needed to drive the students toward learning. I am not questioning the value of these "external motivators." But I have to wonder whether Prensky's pedagogical approach implies that certain kinds of learning activities cannot be self-motivating. Sure, a game about Java programming might amuse the CS student, but the more crucial question (I would argue) is whether this student finds the very activity of programming in java to be "hard fun."

To Prensky's credit, he does not insist that game-based learning is the best strategy for every learning situation. Perhaps the most compelling part of the book is a discussion of more than 40 case studies where computer games have been cost-effective at training. They range from an animated courtroom game (Objection) to a customer service game (where in the world is Carmen Sandiego's Luggage?) to a Sexual Harassment gameshow and many fine examples from Prensky's own company (which can be sampled online for free). He offers helpful advice (undoubtedly gained from experience) about how trainers can launch and even manage such a project. Among his suggestions: befriend IT as soon as possible; choose urgent learning needs that are "boring, complex or difficult," and offer game-based learning in conjunction with more traditional methods and give learners the option NOT to learn via the game method. Prensky offers practical suggestions to companies with training budgets ranging from the hundreds of thousands of dollars to nothing. Although the book is two years old, it still gives a good sense of what your money can get you these days.

Critics usually argue that "e-learning" doesn't compare favorably to live teachers. That is missing the point; the real question is whether e-learning (and game-based learning) provides comparable learning at a lower cost. As e-learning and game-based learning becomes more cost-effective, Prensky predicts a fairly radical transformation of the teacher/trainer's role. To some extent, this has already occurred with the advent of collaborative and student-based learning. But trainers may spend more time choosing the best learning tool for students (or creating new ones!) than actually teaching in a classroom. Is this bad? Prensky mentions that "any teacher who can be replaced by a computer, should be." In this world of game-based learning, Prensky argues, teachers can play a vital role in ensuring that students adequately reflect on the problems or conflicts that arose during the game/learning activity. Games are good at interactivity but bad at reflection. They offer ample opportunities for learning by doing, Prensky says, but minimal opportunities for reflection. One student, asked what he learned from playing SimCity, said, "I learned that if I don't feed the people, they will starve and die." That is clearly insufficient. A good instructor can help the student explore issues more deeply: how do politicians decide about allocating resources? Does the feedback offered to politicians give an accurate reflection of society's needs and problems? What strategies worked or did not work within the context of the game? Would these strategies also work in real life? Reflection is not necessary for every learning context, but today's trainers can make sure students have enough reflection to reap the benefits of game-based learning.

Prensky's book is an excellent introduction to this exciting field. He writes superbly and has a good grasp on learning theory and software design. Although clearly an enthusiast, he never implies that DGBL is the only or best teaching method. Many of Prensky's successes involve computer games as a primary component, but computer games don't need to play a central part in a lesson to be useful for learners. For example, a student can attend a traditional foreign language class and practice at home using a computer game. Ultimately computer games may have more value as supplemental material than as primary material.

Prensky's critique of the traditional trainer is sometimes unfair, especially the "generation gap" thing. Technology is not essential for reaching younger learners (and some experts have decried its overuse). Resourcefulness, a well-designed curriculum and motivational ability trumps game-based learning every time (even Prensky would agree with that, I think).

If we accept Prensky's premise that instructional methods are somehow determined by the prevailing state of technology, one starts down the path of saying that instructional methods are subject to obsolescence. New teaching methods may be more cost-effective or more motivating, but they don't necessary repudiate the value of "old-fashioned" methods (indeed, there will come a time when DGBL will be regarded as old-fashioned, so Prensky better watch out what he says). Using teaching methods so dependent on a technology, I would argue, has the unfortunate effect of rendering teachers helpless in the wake of massive technological breakdown. If a trainer/facilitator skilled in DGBL suddenly found his classroom without Internet access, could he still train employees effectively? One of my most edifying experiences as a teacher came at a Albanian university in Vlore lacking not only computers, but also copy machines and yes, sometimes even electricity. Every day I walked to class, mentally having to plan for contingencies (no electricity, inability to obtain photocopies from a nearby shop) for the day's lessons. While I still managed to pull off some funky lessons (with battery-powered cassette players, magic markers, magazine pictures and large posterboards), I couldn't help wondering if my "innovative teaching methods" merely burdened me with more things that could go wrong. The flip side of Prensky's magnificent vision is the nightmare scenario of teachers so overwhelmed with newfangled technological aids that they opt for the tried-and-true (but technologically primitive) methods rather than risk losing a class to downtime.

Although the spectacular successes mentioned in the book were informative, it also might have been helpful to examine cases where DGBL have failed or turned out to be not particularly remarkable. Every so often, a new theory or learning method hits the world, and suddenly educators use this method whether it is appropriate or not. When is DGBL not appropriate?

When making the business case for DGBL, Prensky overlooked two important things. First, the obsolescence of technology and technological standards (and the perception of obsolescence) diminishes the value of custom-built games for corporations. This seems to be an argument for using cheaper mass-market games rather than convincing the CEO to fund an ambitious game project. Also, I'm surprised that the book didn't spend more time on one obvious advantage to DGBL: digital assessments. Computer games make it easier to verify that learners performed required tasks and to keep the performance data in digital form to demonstrate compliance. That would be a big selling point for human resources.

I've written elsewhere that as immersive games become more sophisticated and develop their own society and values, real life will start to resemble a video game and videogame prowess may become an end worth pursuing for its own sake. Now that weapons and radar systems look more like computer games, for example, military recruiters might be happy with legions of game addicts manning their battalions. As it becomes easier to gain knowledge and experience completely from computer games, the notion of having to learn things from real life will start to seem very strange.

Other Resources

Marc Prensky has put generous excerpts from the book online for free. His company website contain a lot of fun free/demo games, including (my favorite) "The Challenge." Expect it to be slashdotted for a while. You can also buy the book here.

Kurt Squire of MIT's Games-to-Teach project , has written a preceptive article, Reframing the Cultural Space of Computer and Video Games and many other things on game-based learning , including an excellent critique of Prensky's book.

Dr. Sivasailam "Thiagi" Thiagarajan writes frequently on using games for training. His Thiagi website contains lots of freebies as well as a free monthly newsletter with lots of game/training ideas.

Gamasutra has a separate section on writings about educational games. Free registration is required.

Although not explicitly about game-based learning, Steven Poole's book, Trigger Happy offers a sophisticated aesthetic analysis of videogame narratives and engagement.

Robert Nagle (aka Idiotprogrammer) is a linux nut, technical writer and trainer with a background in instructional design and game design. He works for Texas Instruments in Houston. You can purchase Digital Game Based Learning from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

J. Arthur Random writes "On Wednesday, April 23, hundreds of gnomes invaded the main public computer cluster at MIT. There were big gnomes, little gnomes, even naked gnomes. A gnome army carried the GNOME banner. Fortunately, the ACME Gnome Exterminators took care of the infestation within a few days."

J. Arthur Random writes "On Wednesday, April 23, hundreds of gnomes invaded the main public computer cluster at MIT. There were big gnomes, little gnomes, even naked gnomes. A gnome army carried the GNOME banner. Fortunately, the ACME Gnome Exterminators took care of the infestation within a few days."

J. Arthur Random writes "On Wednesday, April 23, hundreds of gnomes invaded the main public computer cluster at MIT. There were big gnomes, little gnomes, even naked gnomes. A gnome army carried the GNOME banner. Fortunately, the ACME Gnome Exterminators took care of the infestation within a few days."

J. Arthur Random writes "On Wednesday, April 23, hundreds of gnomes invaded the main public computer cluster at MIT. There were big gnomes, little gnomes, even naked gnomes. A gnome army carried the GNOME banner. Fortunately, the ACME Gnome Exterminators took care of the infestation within a few days."

J. Arthur Random writes "On Wednesday, April 23, hundreds of gnomes invaded the main public computer cluster at MIT. There were big gnomes, little gnomes, even naked gnomes. A gnome army carried the GNOME banner. Fortunately, the ACME Gnome Exterminators took care of the infestation within a few days."

J. Arthur Random writes "On Wednesday, April 23, hundreds of gnomes invaded the main public computer cluster at MIT. There were big gnomes, little gnomes, even naked gnomes. A gnome army carried the GNOME banner. Fortunately, the ACME Gnome Exterminators took care of the infestation within a few days."

Flamerule writes "The New York Times is now reporting that Dr. Grigori (Grisha) Perelman, of the Steklov Institute of Mathematics of the Russian Academy of Sciences in St. Petersburg, appears to have solved the famous Poincaré Conjecture, one of the Clay Institute's million-dollar Millennium Prize problems. I first noticed a short blurb about this at the MathWorld homepage last week, but Google searches have revealed almost nothing but the date and times of some of his lectures this month, including a packed session at MIT (photos), in which he reportedly presented material that proves the Conjecture. More specifically, the relevant material comes from a paper ("The entropy formula for the Ricci flow and its geometric applications") from last November, and a follow-up that was just released last month."

Flamerule writes "The New York Times is now reporting that Dr. Grigori (Grisha) Perelman, of the Steklov Institute of Mathematics of the Russian Academy of Sciences in St. Petersburg, appears to have solved the famous Poincaré Conjecture, one of the Clay Institute's million-dollar Millennium Prize problems. I first noticed a short blurb about this at the MathWorld homepage last week, but Google searches have revealed almost nothing but the date and times of some of his lectures this month, including a packed session at MIT (photos), in which he reportedly presented material that proves the Conjecture. More specifically, the relevant material comes from a paper ("The entropy formula for the Ricci flow and its geometric applications") from last November, and a follow-up that was just released last month."

NewbieV writes "The NY Times (reg., etc.) is reporting that data from the Wilkinson Microwave Anisotropy Probe may suggest that the universe might be shaped like a doughnut or a cylinder: it might be possible, like in the old video game Spacewar, to drift off one 'side' of the Universe and reappear on the other."

jonerik writes "The Christian Science Monitor has this article on acoustic and electronic music technology, including a visit to MIT's Hyperinstruments lab, which has developed a series of Music Shapers; ball-shaped musical toys which are covered with 'a patented thread containing sensors that react to the way the child handles them. The child manipulates a preprogrammed "little seed" of music and helps it "grow" by the way he or she shapes it.' Also worth a read is this article (free reg required) on the Line 6 series of bass and guitar amp emulators, which do a pretty decent job of mimicking various amp or amp/stack combos; from a '53 Fender Deluxe to a mid-'60s Vox AC-30 to the sludgy murk of a '70s Orange stack. 'Line 6 uses a technology called modeling to measure the characteristics of a particular vintage amp, from the distortion of its original tubes to the resonance of its speaker cabinet. The company has developed a way to reproduce those measurements in a powerful D.S.P., or digital signal processing, chip that contains models of dozens of classic amps.'"