Slashdot Mirror

Sim9 writes "Recently, Anachronox: The Movie released its final episode. The movie is based on the PC game, and is actually rendered using the Quake II engine! (Note that the official mirror is usually full, so also try: Fileplanet, The Archive, AusGamers, and Fileshack. Enjoy!" Update: 04/12 04:58 GMT by T : You can also find BitTorrent files at f.scarywater.net.

Alan Eibner submitted this review of Addison-Wesley's Open Source Web Development With LAMP. He writes "The number of books about Web development technologies is astounding. Some claim you can learn everything you need to know in 24 hours. Others require several complementary volumes in order to learn the subject. Why another web development book? And what sets this one apart from the rest?" Read on for the rest of Alan's chapter-by-chapter review. Update: 04/11 18:22 GMT by T : I'd called this an O'Reilly book rather than Addison-Wesley; sorry, now fixed. Open Source Web Development with LAMP author James Lee, Brent Ware pages 496 publisher Addison-Wesley rating 10 reviewer Alan Eibner ISBN 020177061X summary All the Open Source web technologies in one easy to read place.

Open Source Web Development with LAMP (henceforth OSWB) has a difficult goal: to teach you enough about all the LAMP (Linux, Apache, MySQL, Perl/Mod_Perl/PHP) technologies that you can start developing static and dynamic websites right away. How on earth can they cover so much in one ~500 page book, you ask?

The Theory The authors do not intend to teach every little bit about the web technologies they cover. No book binding is that strong, but the reason is more subtle than that. When you try to cover everything, you lose perspective about the pros and cons of the technologies.

Instead, the authors try to teach you enough about the technologies to hit the road running, and provide you pointers to websites, man pages, and other books where you can learn the pieces they don't cover. I think the authors' words themselves describe it best -- quoting from the Introduction:

"Based on experience, we believe that 80 percent of the utility of any complicated tool is the result of knowing 20 percent of the uses of that tool, whether that tool be software, hardware, mechanical, or electronic. Swiss Army knives are excellent and versatile tools, but most of the time, you just use the blade or the screwdriver.

The purpose of this book is to introduce you to that 20 percent -- the blade and the screwdriver -- that opens up the most functionality, and to make you aware of the remaining 80 percent so you can use the other tools when most appropriate."

This is the goal of the book -- a goal that I believe they fulfilled superbly.

The Authors James Lee is the lead author of OSWB. He's a Perl and Open Source trainer, programmer, hacker and who-knows-what-else at Onsight, Inc.. He's also co-author of Hacking Linux Exposed first and second editions. (./ review of HLE 2nd edition)

Brent Ware, co-author of OSWB, has a PhD in Physics, has done the Dot Com thing, failed to get independently wealthy, and now gets paid to play with lasers, but would rather be climbing mountains. He was also a contributing author to Hacking Linux Exposed.

(Descriptions are based on their Bios, intuition, and unsubstantiated rumors.)

The Book

• Part I: Structural
  • Chapter 1: The Web Explained
  • Chapter 2: Linux - the Choice of a GNU generation

    These two chapters are mainly here for folks new to Web development in a Linux/Non-Microsoft environment. They do a superb job of explaining why LAMP is a good solution for both technology and monetary reasons. A great read, especially for your manager who keeps asking why you shouldn't use some proprietary development tools. It also shows you what HTTP actually looks like, and the difference between static HTML, dynamic websites, and embedded web programming languages.

  • Chapter 3: Apache Webserver

    Next they provide information about configuring Apache, creating password-restricted access, and other security considerations. At about 20 pages, this is fast and concise, but contains all you really need to know when setting up your Apache server.

  • Chapter 4: Perl

    Following the 20/80 rule, the authors manage to teach you the Perl you'll need to know in order to generate web content. They don't go into things like creating network sockets, shared memory, or the Foo::Bar::Never::Necessary module. What you do get is all the I/O, flow control, datatypes, regexps, system access, scoping, best practices (use strict, etc), and enough OO to use modules that require it. (Database access via DBI is covered later, don't worry.)

  • Chapter 5: MySQL

    Here they teach you to install MySQL databases, tables, and enough SQL to do what you need to do. The examples are excellent and frequently amusing. This is also where the book starts to really begin its integration of multiple technologies. We'll be referring back here later when we start programming web front-ends to MySQL databases.

• Part II: Static
  • Chapter 6: WML

    For those that don't know, WML is the Website Meta Language. WML allows you to create static HTML files using a very powerful suite of pre-processing, macros, eperl, and HTML shortcuts. By creating site templates, WML can manage all your links and layout, leaving you to concentrate on the content of each page. OSWB is the only book I know of that discusses WML.

• Part III: Dynamic
  • Chapter 7: CGI

    First, the authors discuss how dynamic HTTP actually works -- GET/POST requests, variable passing, types of fields, and security implications. This will be important for all the remaining chapters of the book. The chapter then continues with a focus on perl and CGI.pm for CGI development, including a fully functional CGI/MySQL/DBI project.

  • Chapter 8: mod_perl

    For those who want to get more performance out of dynamic perl-created content, mod_perl is the answer. The authors explain the ways you can create mod_perl code, the differences between this and the CGI.pm environment, and then continue with a mod_perl MySQL/DBI project. This chapter is worth the cost of the book alone.

• Part IV: Embedded Languages
  • Chapter 9: Server Side Includes

    I think most people agree that SSI is pretty much dead, when compared to the more functional languages we have nowadays. The authors give a very complete synopsis in about 10 pages.

  • Chapter 10: Embperl
  • Chapter 11: Mason
  • Chapter 11: PHP

    If you want to use an embedded language (where the code is inside the HTML files themselves) then you're much more likely to use one of these three languages. I'd never heard of Embperl or Mason before, but they seem to be an excellent middle ground between CGI and mod_perl. They both are explained extremely well. Since they are based on Perl, much of the background was already covered in Chapter 4, so the authors concentrate on the important features, rather than the language constructs.

    PHP is, of course, completely different than Perl, and thus Chapter 11 needs to teach everything from the constructs and datatypes up to database integration. Yet somehow it manages to do so with ease. It also concludes with a database-driven project ripe for you to modify for your own needs.

Short notes

Some short comments that didn't seem to fit anywhere else in this review:

• Distro: OSWB does assume a Red Hat installation for its example configurations, but does a good job of remaining distro-agnostic aside from pathnames, and letting you know the differences you're likely to face.

• Humor: Lee and Ware are funny - reading this book is really enjoyable because they are constantly weaving humor into it.

• Security: Security is discussed whenever appropriate in the book, which is not a surprise, given the authors' association with Hacking Linux Exposed.

• Omissions: The "What We Didn't Talk About" section is excellent. Most books deny what they haven't covered. OSWB tells you exactly what they haven't taught you, and point you to the places you can get more information if you need it.

• Projects: The book has many projects that let you learn and experiment with the languages directly. Each one could serve as a branching-off point for your own website's needs.

• Integration: Since OSWB covers all the technologies, you don't have constant overlap or redundancies; that lets it stay lean and tight. For example WML allows you to include perl code, but since you already learned perl in Chapter 4 the authors don't need to start from the ground up. However, they do keep introducing us to new and neat features in all their subsequent code examples.

The Website

The OSWB website at OpenSourceWebBook.com is written in the languages they discuss, and all the original source code used to build the website and the rest of the code in the book is available for download. Snippets of the code for the website is shown as examples with commentary in the book, letting you really see how everything fits together. These guys fall squarely into the practice-what-you-preach category.

The Verdict By not trying to teach every nuance and advanced feature of each of these languages and technologies fully, you actually have a much better book. At the end you have an excellent understanding of what tools are out there, and can best choose the ones you should use for a given purpose. I came away from this book and immediately used a combination of WML templates + mod_perl + MySQL to create a very robust dynamic web application using only the info in the book and a few choice man pages.

I'd recommend this book both to nitty-gritty web developers, and also to non-techies who want to be able to understand the technologies that are out there, to help create informed decisions when starting any web development project.

You can purchase Open Source Web Development With LAMP from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

adelayde writes "You're a wireless network engineer and you work on the run. You need a kit that gives you flexibily yet is light and portable. Style is also important to you. This article (mirrored here) describes just the kit you need, based on modifying the Apple AirPort base station with suggestions for a range of handy antenna attachments and includes component part numbers and prices as well as a complete set of range test results. Just the Jobs for the wireless engineer on the go." Update: 04/08 00:06 GMT by T : Here's another mirror, thanks to the story submitter ;)

Gentu writes "Red Hat Linux 9 has been released to the official mirrors, brace for impact! Additionally, OSNews features an interview with Red Hat Linux's manager, Matt Wilson and they discuss everything from mp3/dvd playback, to Randr, dependancy policies and more." Also on the Red Hat front, DdJ writes "So, I noticed that Red Hat's stock price jumped up a bit this morning, and checked the news to find out why. It turns out they've released a new portal product and a new CMS product. Both appear to be based on Java/Tomcat, which would mean it's not Zope-based or Zend-based. But, they're supposedly open source. Anyone have any further info on this stuff yet?" Update: 04/08 05:24 GMT by T : Don't forget that the new Red Hat release is available through BitTorrent, too.

An anonymous reader writes "Canada's National Post is reporting today that DARPA is (indirectly) funding $2-million (US) to Theo de Raadt of OpenBSD. The article is available here." Update: 04/07 21:01 GMT by T : As several readers have pointed out, this blurb should credit instead The Globe and Mail rather than the National Post.

JeffM2001 writes "InformationWeek is running a story by Fred Langa which gives an overview of the ways to create a true-Legacy-free computer. Finally we can have a PC not based on twenty year old technology." Update: 04/07 17:34 GMT by T : Pages past the first one of this article seem just to loop; here's the printable version, which has the whole article in one go.

www.sorehands.com writes "This morning, the California Supreme Court heard oral arguments in the case of Intel v. Hamidi. This is a case where Ken Hamidi, an ex-employee of Intel build a website that complained of Intel's employment practices and sent emails to all of Intel's employees. Intel tried to block Hamidi's emails, then Intel filed a lawsuit for several claims including tresspass to chattel." ess' to the server and the first ammendment." Read on below for a few more notes from Mr. Hands about the Hamidi case (mentioned on Slashdot a few times before). Update: 04/03 00:56 GMT by T : That should be "Hamidi" throughout, not "Hamibi."

"Intel argued that Hamidi's sending the email disturbed the employees and interfered with their business. causing lost productivity.

Hamidi argued that Intel only complained because the the content. That Intel dropped the nuisance claim because Intel would have had to argue the content and that Intel could not file a libel claim, where did not dispute the truth of the statements in the email or the website.

This case will set the lines of control for one's own servers. From the spammer's claims that if you are on the internet, they have full rights to hijack servers and fill your mailbox with viagra offers, to the ability of an ex-friend filing a lawsuit when you asked for the $20 that they borrowed.

I spoke with Hamidi, and he takes the position that if you have email, then you are agreeing to accept non-commercial email because of the 'public access' to the server and the first ammendment."

alvinc writes "Mark Rais' new book Linux for the Rest of Us is an excellent choice for beginning Linux users. It also has enough solid, fundamental information to be a refresher for experienced Linux users. The book's philosophy is that Linux is a viable alternative OS that is also fun, and this viewpoint is reflected in the narrative's friendly tone." Read on for the rest of Alvin's review. Update: 03/26 20:51 GMT by T : Since bn.com isn't stocking this book, author Marc Rais wrote to suggest that you can order this book straight from the publisher. Linux for the Rest of Us author Mark Rais pages 108 publisher Eagle Nest Press rating 8 reviewer alvinc ISBN 0972679006 summary A gentle introduction to Linux.; may have some relevant tips for experienced users but should be invaluable to novices.

The author uses many anecdotes and personal experiences which give the instruction a real-world feel and which also gives it a human element. I enjoyed the occasional tongue-in-cheek humor as well.

The book is very concise, written in a quick guide format, which I found more user-friendly than some of the larger, intimidating tomes available on the subject. The 108 pages are densely packed with information with step-by-step instructions on installing, formatting hard drives for dual boot use, using the bundled graphics and text editors, and configuring a Linux machine for use as a server. It includes essential elements in a quick reference format in the manner I would draw up my own cheat sheets.

I think the book would also make a great gift for new users. Its small size encourages browsing by people who may be hesitant about taking the plunge into Linux. It is a practical way for Linux fans to encourage others to try Linux.

There are a few shortcomings, but these are the exception rather than the rule. Initially I was a little dismayed that the author did not spend more time on the desktop environment and describing some more features of KDE/Gnome etc. I would have also liked for the author to help guide beginners with tips for other useful programs such as Evolution.

One of the strongest aspects of this book, aside from overtly doing new Linux users a huge favor by helping them along the tricky steps, is that the author includes a healthy dose of real-world experiences.

And real-world experiences are indeed included, as I slowly realized that although the author, Rais, was both very gentle and down to earth in tone and writing, his experiences with Linux and technology are significant. His subtle remarks throughout the book about how he helped set up Linux servers with colleagues almost hides the point that some of these servers were involved in serving content to staging servers for some high profile sites, including Netscape.com and aol.com.

I would have enjoyed some further anecdotes about the author's own experiences. He includes a number of useful tips from his experience, but as I read the section "Stories from the Field" I felt like the author probably had a lot more to share and only for sake of brevity did not include more.

Rais maintains a very helpful and encouraging tone, which is rare among users as experienced as he is. The author obviously knows Linux well and still walks the reader through the subject matter much as a mentor would.

The book is also a substantive reference of sorts, enabling easy lookup of critical line commands or troubleshooting errors. It's limited in scope in some areas, and few Linux experts would pick this up as a reference, but as a tool to encourage hesitant new users, it is beneficial.

Linux for the Rest of Us is convenient, easy to read, and inexpensive. Also, note that all proceeds (after tax and print costs) are to be donated to charity.

You can purchase Linux For the Rest of Us from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Not to load you up with Mandrake, but joestar writes "Mandrake Linux 9.1 (Bamboo) is now officially available at a number of FTP mirrors. This version appears to be a key release for MandrakeSoft and includes many new features such as a new simplified installation procedure, ZeroConf network support, Wi-Fi support, NTFS partition resizing and a brand-new... MandrakeGalaxy theme. It's very beautiful and the whole thing has apparently very few bugs, which is a good news. A full presentation is available at Mandrake's website, download is available from their FTP page as usual. As I see it, it's certainly the most important Mandrake release since version 7.0..." Update: 03/25 21:44 GMT by T : And if you like the distro, you can do both yourself and Mandrake a favor by ordering box sets straight from them, or joining Mandrake's Club.

icantblvitsnotbutter writes "With Mandrake Linux 9.1 right around the corner, it's OSNews first out of the gates with a review of this desktop-oriented distro's latest release. The review is actually pretty bland, skimming the surface to linger on some of Eugenia's pet peeves. Having used 9.1 in a production environment since beta 3, I can say that the improvements to the installation and the signature Mandrake tools are much-appreciated. Don't forget that Mandrake Club members get their own set of mirrors, as well as being eligible for extras like the voting process that selected the packages for the 9.1 release." Update: 03/25 18:29 GMT by T : anyweb also points out a review of Red Hat Linux 9 on the same site, writing "an informative article -- well I had to say that, I wrote it ;-)"

emmastory writes "I finally (finally) picked up Mac OS X: The Missing Manual. I've been meaning to grab it since I first heard that David Pogue wrote a book on OS X; I've been a fan of his for a while. I remember reading his stuff in Macworld -- on System 7, even -- when someone gave me a subscription (many) years ago, and his New York Times columns have generally been pretty good as well." Update: 03/25 16:43 GMT by T : Ha! The original headline was missing OS X's "X" -- now in place. Read on ... Mac OS X: The Missing Manual (Second Edition) author David Pogue pages 712 publisher O'Reilly and Associates/Pogue Press rating An excellent book that merits its title. reviewer Emma Story ISBN 0596004508 summary An intensely thorough look at using OS X, updated to include Jaguar.

Mac OS X: The Missing Manual is exactly what you'd expect if you've read any of Pogue's other books or columns: it's clear and straightforward without seeming dumbed down. His writing tends to be fairly light and often funny, making for particularly readable technical books. That's not to say it's without substance, though -- within the first chunk of this book (which is pushing six hundred pages) I'd already had a dozen of my existing questions answered as well as plenty I hadn't even thought to wonder about.

It seems pretty definitely directed at people who've been using Mac OS for a long time and are switching to OS X. Given what OS X is, it's not surprising that it takes some getting used to, despite vaguely looking like Mac OS. If you've never used OS 8 or 9 and don't have any existing Mac habits to unlearn, you might not even need a book like this -- but I suspect it would still be pretty useful. Pogue also takes time to address issues people might have switching to OS X from Unix or Windows, but the focus is on comparisons to older versions of Mac OS. As the title implies, Apple documentation tends to be slim to non-existent, and this is by far the most thorough OS X book I've seen yet. It functions exactly as promised -- I keep my copy on the shelf over my desk, and when I have a question about something I remember from OS 9 or why something I know from BSD doesn't work under 10.2, I can just look it up.

The second edition is more of the same -- the book is bigger, fatter, and covers Jaguar. It was published in October 2002, so it's not quite up to the minute, but it's certainly not outdated yet. I shelled out another twenty bucks when I first saw it, and I don't regret it -- the only major complaint I'd had about the first edition was that its usefulness was somewhat impaired when 10.2 came out. It's possible I'll feel the same way about the second edition when faced with 10.3 -- but maybe Pogue will write another book.

I would recommend this book for just about every OS X user, regardless of how recently you switched -- people who installed it back during the public beta will probably get just as much out of the second edition as those who just bought their first-ever Mac. However, you'll probably find it more useful if you're coming from older versions of Mac OS than if you've just switched from another Unix or Windows, but that's not to say it isn't worth reading in those cases. It's relatively cheap for an O'Reilly book (712 pages, list price is $29.95) so you can't really go wrong.

You can purchase OS X: The Missing Manual from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Cackmobile writes "The Sydney Morning Herald is reporting that some Australian scientists have been watching a gamma-ray burst. The article makes some good points about the origins of these." Update: 03/21 03:27 GMT by T : MickDownUnder writes with a link to NASA's press-releasy version, with story, pictures and animations.

Jamie Zawinski writes "Mozilla.org has a new article on Bugzilla Etiquette. Relevant to more than just Bugzilla, this should be required reading for anyone who wants to file a bug about any product, no matter what bug tracking system is in use. I especially like the mention that "'Open Source' is not the same as 'the developers must do my bidding.'"" Update: 03/19 21:26 GMT by T : If that link doesn't work for you without cutting and pasting, reader Stephen Ostermiller suggests "you might want to use this link which appears to be the same document mirrored elsewhere."

Slashback this evening brings updates on social networks, Audioscrobbler, the Social Security-number security breach at the University of Texas at Austin, and more. Read on for the details.

Why meet people in real life? Roland Piquepaille writes "I wrote [Saturday] a column about social-network mapping tools mentioned by Slashdot. Slashdot readers sent me many comments and e-mails about other visualization tools. Here are these new tools, in no particular order: email constellations, Apache Agora, NetVis Module, EtherApe, inGridX, NameBase's Proximity Search, Surf3D Pro and the dazzling KartOO. Finally, a reader talked about another kind of tools, the Visual Thesaurus. This web tool is not about social mapping, but it shows graphical connections between words. In this previous column, "The Visual Thesaurus: What Does it Show About Thanksgiving?," I already explored this very funny tool. Check this new story for more the details about all these tools."

Update: 03/19 00:34 GMT by T : Directly related: Josh Tyler writes "Related to a recent Slashdot posting on social networks is this paper on automatically discovering communities based on email data, just published by our group at HP Labs. We find that simple communication data is enough to identify communities, both formal and informal, and possibly even to identify the leaders of these groups."

Speaking of online community ... TGK writes "Audioscrobbler (which many of us visited the first time it was posted here) has a new site up, and most importantly, new plugins for XMMS and Winamp 3."

From the site, a capsule description of what Audioscrobbler does: "It grows to know what music you like by monitoring what songs you play on your computer. From this information you can discover other users that share some or all of your taste in music."

Feedback is always cool. An anonymous reader writes: "Sudhakar Govindavajhala, co-author of the paper referenced by the Saturday Slashdot article 'Using Memory Errors to Attack a Virtual Machine,' has responded to many of your [Slashdot readers'] questions and comments. His commentary is located at his Princeton CS website."

Another reason that Social Security isn't. GregAllen writes "Remember the recent case of SSN data theft at The University of Texas? A student has turned himself in. In his confession he says that he acted alone, and had no intention to disseminate the information. Maybe this will convince them to stop using SSNs for student IDs." Bonker also points out that "Salon is carrying an AP article that's a followup to the story a few days ago about the mass of Social Security Numbers stolen from University of Texas. Christopher Andrew Phillips is described as a 'fine young man who has never before been in trouble with the law'. Apparently he wrote a program 'to access a university Web site that tracks employees who attend training classes'. Whether or not this was done for illegitimate purposes remains to be seen. As a former UTA student, I'm glad my SSN is no longer in danger!"

What's the state of the device? An anonymous reader writes "N-Philes.com did another State of the GBA Industry Article and Roundtable. Here is the Industry Article, and here is the Roundtable"

Update: 03/19 00:34 GMT by T : And one more presroi writes "Just one week after even slashdot has noticed the new 2.2.24 linux kernel, Alan Cox has announced a new version due to a security issue found in 2.2 as well as in the 2.4 branch. I hope that we all were to lazy to upgrade from 2.2.X to .24 until now :)"

Slashback this evening brings updates on social networks, Audioscrobbler, the Social Security-number security breach at the University of Texas at Austin, and more. Read on for the details.

Why meet people in real life? Roland Piquepaille writes "I wrote [Saturday] a column about social-network mapping tools mentioned by Slashdot. Slashdot readers sent me many comments and e-mails about other visualization tools. Here are these new tools, in no particular order: email constellations, Apache Agora, NetVis Module, EtherApe, inGridX, NameBase's Proximity Search, Surf3D Pro and the dazzling KartOO. Finally, a reader talked about another kind of tools, the Visual Thesaurus. This web tool is not about social mapping, but it shows graphical connections between words. In this previous column, "The Visual Thesaurus: What Does it Show About Thanksgiving?," I already explored this very funny tool. Check this new story for more the details about all these tools."

Update: 03/19 00:34 GMT by T : Directly related: Josh Tyler writes "Related to a recent Slashdot posting on social networks is this paper on automatically discovering communities based on email data, just published by our group at HP Labs. We find that simple communication data is enough to identify communities, both formal and informal, and possibly even to identify the leaders of these groups."

Speaking of online community ... TGK writes "Audioscrobbler (which many of us visited the first time it was posted here) has a new site up, and most importantly, new plugins for XMMS and Winamp 3."

From the site, a capsule description of what Audioscrobbler does: "It grows to know what music you like by monitoring what songs you play on your computer. From this information you can discover other users that share some or all of your taste in music."

Feedback is always cool. An anonymous reader writes: "Sudhakar Govindavajhala, co-author of the paper referenced by the Saturday Slashdot article 'Using Memory Errors to Attack a Virtual Machine,' has responded to many of your [Slashdot readers'] questions and comments. His commentary is located at his Princeton CS website."

Another reason that Social Security isn't. GregAllen writes "Remember the recent case of SSN data theft at The University of Texas? A student has turned himself in. In his confession he says that he acted alone, and had no intention to disseminate the information. Maybe this will convince them to stop using SSNs for student IDs." Bonker also points out that "Salon is carrying an AP article that's a followup to the story a few days ago about the mass of Social Security Numbers stolen from University of Texas. Christopher Andrew Phillips is described as a 'fine young man who has never before been in trouble with the law'. Apparently he wrote a program 'to access a university Web site that tracks employees who attend training classes'. Whether or not this was done for illegitimate purposes remains to be seen. As a former UTA student, I'm glad my SSN is no longer in danger!"

What's the state of the device? An anonymous reader writes "N-Philes.com did another State of the GBA Industry Article and Roundtable. Here is the Industry Article, and here is the Roundtable"

Update: 03/19 00:34 GMT by T : And one more presroi writes "Just one week after even slashdot has noticed the new 2.2.24 linux kernel, Alan Cox has announced a new version due to a security issue found in 2.2 as well as in the 2.4 branch. I hope that we all were to lazy to upgrade from 2.2.X to .24 until now :)"

Bill Kendrick writes "LinuxDevices is reporting the good news: Sharp is now shipping the Zaurus SL-5600 Linux-based PDA. Compared to the SL-5500 that's been out for the past year, this new model sports a 400MHz X-Scale CPU, twice the Flash (32MB), twice the RAM (64MB) a much better battery (1700 mAh), and a real speaker and mic. Learn more at Sharp's website." And IceFox writes "Well I wasn't expecting this to happen till next week, but I guess it was put up early. For a limited time on hsn.com you can get a Sharp Zaurus SL-5500 PDA for $198.92, combined with a hsn.com coupon you can bring the price down to $169.08. For anyone who has wanted to play with this Linux PDA here is your chance to get it for very cheap." Update: 03/18 02:03 GMT by T : Reader Brendan Hoar corrects the listed specs: "The specs for the SL-5600 are incorrect. It should be 64MB of flash, 32MB of SDRAM. It's technically *half* the RAM of the SL-5500, not twice the RAM." Thanks.

Frank Krasicki writes "The Adventures of Kavalier & Clay has already won numerous prizes for literature including the Nobel prize for fiction in 2001. As imposing as that may sound, this is an entirely accessible and enjoyable read." It's also set in the world of comics; read on for the rest of Krasicki's review to find out why he considers it an "entirely pleasant and entertaining book." Update: 03/07 16:39 GMT by T : That's Pulitzer prize, not Nobel. The Amazing Adventures of Kavalier and Clay author Michael Chabon pages 636 pages publisher Picador USA (paperback edition) rating Excellent reviewer Frank Krasicki ISBN 0312282990 summary A convincing historical fiction of the Golden Age of Comics

As someone who grew up reading comics during the Silver Age of Comics (approximately 1958 - 1970 or so), I was fortunate to own, read, and come to love the comics from the Golden Age (approximately 1939 - 1949 or so). Michael Chabon's novel spans the years from 1939 through the mid-fifties and comic books are the thematic motif he uses as a vehicle to explore that time and that jaw-dropping social innocence. Anyone who has even a passing interest in comic books and their origin will enjoy this book. In it, Chabon creates a convincing parallel universe that includes a historical facsimile of what the Golden Age of Comic books may have been like.

This is a book that explores the very big ideas of human transformation, Jewish mysticism, and the subtle variations on the concept of escape, all sugar-coated in rich layers of wishful but impossible remembrance.

The setting of the book is a mythical New York City. Chabon revisits The Empire State Building - home of Empire comics, the General Motors pavilion of the World's Fair (1939), and a Naval base in Antarctica.

Our first hero, Samuel Louis Klayman (Clay) may as well be the skinny boy we all remember from the body building ads that illustrated a bully kicking sand into the boy's face as the ad exclaimed, "Tired of being picked on?". Clay is described as, "seventeen when the adventures began: big-mouthed, perhaps not quite as quick on his feet as he liked to imagine, and tending to be, like many optimists, a little excitable. He was not in any conventional way, handsome.", "He slouched, and wore clothes badly; he always looked as though he had just been jumped for his lunch money.", and "...an omnivorous reader...". Clay is an inventory clerk at Empire Novelties Incorporated Company who occasionally gets, "to do an illustration" for an ad.

Josef Kavalier, on the other hand, is Clay's cousin who, in 1939, escapes from German occupied Prague via Asia, Japan, and finally San Francisco to Brooklyn, NY. Josef arrives believing that Sam is a commercial artist who can get him a job doing the same thing.

Joe is older than Sam. He is nearly nineteen and his hobby is stage magic and it is learned from Bernard Kornblum, "an 'eastern Jew, bone-thin, with a bushy red-beard". It is Kornblum who smuggles Josef Kavalier out of Prague along with the clay body of a giant-sized, androgynous Golem disguised as a cadaver. The Golem's casket is Joe's first significant escape. The character of Josef Kavalier will remind older readers of Jerzy Kozinski, author of The Painted Bird whose late night television appearances in the 1960's recounted his own talent for hiding from the authorities.

Once Sammy discovers Joe's ability to draw, he announces, "... I'll tell you what. I'm going to do better than just get you a job drawing the Gravmonica Friction-Powered Mouth Organ, all right? I'm going to get us into the big money." From here on forward, the young men team up to become Kavalier and Clay. The analogy to Golden Age comic's masters such as Simon and Kirby, Siegel and Shuster, and others is unmistakable and, in the hands of Chabon becomes a transcendent metafiction that is replete with real and manufactured historical acknowledgments that will have many readers rubbing their chins in admiration of the precision of Chabon's clever inventions.

Kavalier and Clay create a comic book character called The Escapist. Their comic quickly rivals the economic success of Superman and Captain Marvel. In the hands of Kavalier and Clay The Escapist becomes a vehicle through which Joe Kavalier expresses his hatred of Hitler and all things Nazi. Chabon uses The Escapist comic book as a vehicle to meticulously describe the historical development most comic book heroes explored from the early forties until the Congressional hearings that challenged the influence of comics on children and eventually, temporarily, censored the industry.

Concurrent to describing the evolution of The Escapist from comic book sensation to radio show and product merchandising windfall, Chabon traces Kavalier and Clay as their lives are woven by their venture.

The third, main character is Rosa Saks who is first a model for Joe Kavalier, then lover, and eventually a romance comic book creator. In a perfectly plausible subplot, she first engages Joe Kavalier to underwrite the cost of helping Jewish children escape from occupied territories on a ship called the Ark of Miriam in an effort to save his own brother Thomas.

Rosa also becomes the inspiration for The Luna Moth, a female superhero comic book that expanded the number of titles Kavalier and Clay created. "Luna Moth was a creature of the night, of the Other Worlds, of mystic regions where evil worked by means of spells and curses instead of bullets, torpedoes, or shells. Luna fought in the wonderworld against specters and demons, and defended all us unsuspecting dreamers against attack from the dark realms of sleep." Rosa falls in love with Joe as his art blossoms in The Luna Moth. A footnote informs us that, "Thirty years later" The Weird Worlds of the Luna Moth "quickly became a head-shop bestseller".

Sam Clay, on the other hand, discovers his homosexual preference. Through Sam Clay, Chabon explores the social mores of that time and masterfully examines the topic as a third rail subject pertaining to the comics industry.

Further adventures and life complications evolve these characters - too many to describe without spoiling the fun of reading. This is an entirely pleasant and entertaining book that is nothing more or less than a light, leisurely read assuming you have an interest in the general topic or historical period.

I will add that, like the comics of that time, there is nothing heavy about the reading despite the introduction and resolution of a remarkable pastiche of sublime themes and subplots. These are all handled with a genuine love and thorough understanding of the subject matter.

In an Author's Note, Chabon closes with this remark, "Finally, I want to acknowledge the deep debt I owe in this and everything else I've ever written to the work of the late Jack Kirby, the King of Comics." The book is a wonderful tribute.

Michael Chabon's website is: http://www.michaelchabon.com/ and well worth a visit.

You can purchase The Amazing Adventures of Kavalier and Clay from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

randal writes "A security vulnerability in the Sendmail Mail Transfer Agent (MTA) has been identified by ISS. This bug can give an attacker the ability to gain remote root access to the targeted system. There is no known exploit code of this vulnerability in the wild at this time, but everyone should upgrade immediately. This issue affects all versions since 5.79. Open Source sendmail users can get source for the newest version (8.12.8) as well as patches for 8.9, 8.11, and 8.12 from sendmail.org. Commercial Sendmail customers can find patches at sendmail.com/security. Most major OS vendors will be releasing patches immediately." Update: 03/03 19:23 GMT by T : Reader Patchlevel points out that RedHat and OpenBSD have already issued patches.Update: 03/03 20:45 GMT by T : Reader Claude Meyer links to an update from SuSE, too. Update: 03/03 22:52 GMT by T : djcatnip points out that Apple has released a software update to patch OpenSSL and Sendmail for Mac OS X 10.2.4, and the Slackware site says they have updated to 8.12.8 as well.

randal writes "A security vulnerability in the Sendmail Mail Transfer Agent (MTA) has been identified by ISS. This bug can give an attacker the ability to gain remote root access to the targeted system. There is no known exploit code of this vulnerability in the wild at this time, but everyone should upgrade immediately. This issue affects all versions since 5.79. Open Source sendmail users can get source for the newest version (8.12.8) as well as patches for 8.9, 8.11, and 8.12 from sendmail.org. Commercial Sendmail customers can find patches at sendmail.com/security. Most major OS vendors will be releasing patches immediately." Update: 03/03 19:23 GMT by T : Reader Patchlevel points out that RedHat and OpenBSD have already issued patches.Update: 03/03 20:45 GMT by T : Reader Claude Meyer links to an update from SuSE, too. Update: 03/03 22:52 GMT by T : djcatnip points out that Apple has released a software update to patch OpenSSL and Sendmail for Mac OS X 10.2.4, and the Slackware site says they have updated to 8.12.8 as well.

randal writes "A security vulnerability in the Sendmail Mail Transfer Agent (MTA) has been identified by ISS. This bug can give an attacker the ability to gain remote root access to the targeted system. There is no known exploit code of this vulnerability in the wild at this time, but everyone should upgrade immediately. This issue affects all versions since 5.79. Open Source sendmail users can get source for the newest version (8.12.8) as well as patches for 8.9, 8.11, and 8.12 from sendmail.org. Commercial Sendmail customers can find patches at sendmail.com/security. Most major OS vendors will be releasing patches immediately." Update: 03/03 19:23 GMT by T : Reader Patchlevel points out that RedHat and OpenBSD have already issued patches.Update: 03/03 20:45 GMT by T : Reader Claude Meyer links to an update from SuSE, too. Update: 03/03 22:52 GMT by T : djcatnip points out that Apple has released a software update to patch OpenSSL and Sendmail for Mac OS X 10.2.4, and the Slackware site says they have updated to 8.12.8 as well.

zdzichu writes "A friend of mine is building a personal server. He bought 17 of the cheapest IDE drives available and used Linux' LVM to get them together. The result? Almost two terabytes of disk space in regular x86 PC. The most juicy part - photos are here. For an operating system, he first tried the enterprise-ready PLD Linux Distribution, later he reinstalled Slackware Linux." Update: 03/01 20:24 GMT by T : I'm sure that should be "drives" and not "drivers" :)

eggsovereasy writes "The Inquirer is reporting that a group in Germany has deciphered the information sent to Microsoft during an update using Windows Update and says that information on all software installed on your computer is sent, even that which is not Microsoft's own software." The original article is, unfortunately, pay-per-view. Update: 02/26 18:19 GMT by T : ionyka points to this "related article from ITWorld that deals with Microsoft's transferring of information through Windows Media Player. When you open up Media Player it sends information back to Microsoft like what movies you play, what songs you listen to and where they come from."

MoNickels writes "Back in January, the American Dialect Society voted the neologism "to google" as the most useful word of 2002. Now bring on the lawyers! Google's have sent a cease-and-desist letter to Paul McFedries, creator of the famous Word Spy site, demanding he remove google as a verb from his lexicon, or else. Frank Abate, an American editor for the Oxford English Dictionary, points out, however, that you can't claim proprietary rights to a verb." Update: 02/26 03:19 GMT by T : MoNickels writes with an update: "Frank Abate is not an editor of the OED, but he is a former editor of the New Oxford American Dictionary, both published by Oxford University Press." Thanks for the amendment!

TastyWords writes "According to this link, it's possible to apply the 'junk fax law' to successfully sue a spammer in small claims court. For those who are stuck in states which either have worthless (or near-worthless) anti-spam legislation, this creative approach of the law presents a creative method of turning the table on those who choose to spam first and ask questions later. All of the details are available for enterprising anti-spammers!" Update: 02/25 00:30 GMT by T : OK, so it's Michigander, not Michiganian. Too long as a Texon, Marylandite and Tennesseenaut.

shiroi_kami writes "What does Information Security mean to you? To many, it means firewalls and encryption. To some, it means intrusion detection systems. Chances are the words "file servers" weren't high on your list, but they probably should be. After all, information security is about information, and when it's not flying across the network it's got to be stored somewhere, right? In fact, the security of the storage mechanism is often overlooked, which makes it an attractive target for attackers. In their new book, Storage Security, the authors take a comprehensive look at this often-ignored subject. Update: 03/26 05:44 GMT by T : Please note, this review was written by David Bianco under the handle shiroi_kami as an Amazon.com review, and also appears at InfosecBooks.com. Apologies to David for the misplaced and delayed attribution. Storage Security: Protecting, SANs, NAS and DAS author John Chirillo, Scott Blaul pages 408 publisher John Wiley & Sons rating 9.8 reviewer David Bianco ISBN 0764516884 summary A storage security handbook that examines strengths and weaknesses, describes architectural security concerns and considerations, and identifies ways to implement and design more secure storage systems.

Storage Security is not about turning on the right configuration options on your XYZ brand server appliance. It's about applying solid, methodical security practices to your storage systems, regardless of whether they are disks directly attached to a single computer, Network Attached Storage or part of a Storage Area Network. The authors address the full security cycle, too, starting with evaluating the security of proposed new storage solutions. Comparative data in hand, the book shows you how to narrow the field to a single solution that offers the best balance between functionality and security.

And once the system is selected, you can't stop there. You've got to decide on appropriate security policies for the new storage system, draft and implement a backup and restore plan, deal with disaster recovery and take care of a host of other issues. In short, this is a good guide to an entire range of considerations necessary to select, deploy and manage a secure storage solution.

The book's evaluation methodology is particularly valuable. Each type of storage (directly attached, NAS and SAN) is covered in a chapter of its own. Within each chapter, the authors address specific technologies used to implement that type of storage. For example, the direct-attach chapter discusses such common storage technologies as SCSI and IDE, moderately exotic systems like USB and Firewire drives, and some more advanced solutions like HiPPI and SSA. Each technology is then placed in a matrix and scored in 11 different categories, including popularity and industry acceptance, built-in data protection features, typical fault tolerance and physical security characteristics.

The authors assign each rating on a scale of 1 (poor) to 5 (the best). This gives a good general indication of how each technology measures up, but they tend to rely on a straight average of the ratings when determining the best technology. Although it's true that the average allows you to make a quick ballpark comparison, there are many other factors to consider as well, such as the suitability for your particular environment and the way in which your users need to access their data. The matrixes are quite useful, but just remember that you can't always boil things down to a simple numerical score.

Probably the biggest problem with this book is that it's pretty dry. As a reference book, the writing style is fine, since it's easy to find what you're looking for, and the chapters are concise. It's difficult to read from cover-to-cover, though, which is a shame because that's what you should probably do the first time through. Take it in small doses, a chapter or so at a time, and you should be fine.

Storage Security is about just what you'd think: the security of your data as it's being stored on your server(s). It's not a detailed look at the configuration of any one product, but rather a comprehensive, theory-based approach to managing the security of your storage subsystem from evaluation to purchase to daily operations. If you manage a small or mid-size network, you may or may not need this book. If you have a larger network, though, or have significant data-storage needs, this deserves a space on your shelf.

You can purchase Storage Security: Protecting, SANs, NAS and DAS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

in4mation writes "The folks at LASEC have found a flaw in the SSL protocol. Quoting Professor Serge Vaudenay from a BBC article the security problem is in 'the SSL protocol itself and not in how we use it or how we implement it.' Apparently the flow only affects webmail and not banking or credit card payments and took less than an hour (160 attempts) to crack." Update: 02/20 20:52 GMT by T : Kurt Seifried writes to say that this is almost exactly wrong: "The flaw is in IMPLEMENTATION, NOT THE PROTOCOL. Due to the way error checks are handled an attacker can find out which error condition occurred by measuring the response. The solution is trivial, a path that forces OpenSSL to do the second check even if the first one fails, thus denying the remote attacker any information as to which exact error condition occurred." He includes a link to the security advisory at openssl.org. Update: 02/20 21:49 GMT by T : Read on below for some more information from SSL 3.0 designer Paul Kocher.

Kocher, President & Chief Scientist of Cryptography Research, Inc., writes:

The referenced paper (http://lasecwww.epfl.ch/memo_ssl.shtml) describes how timing variations in SSL/TLS implementations can be used in certain situations to slowly gather information about encrypted data. If the certain conditions are met, the attacker can decrypt some information from the message (e.g., a password). Strictly speaking, the fact that implementations reveal sensitive information in timing channels is an implementation issue, not a flaw in the underlying cryptographic protocol. This doesn't make the issue unimportant, however, and timing attacks are big deal for implementers because they are easy to introduce, notoriously tricky to detect, and often difficult to eliminate.

Answers to general questions:

1. Is it still okay to send my credit card number over SSL? Yes. This attack is not applicable to web shopping and there are much easier ways that fraudsters steal credit card information (e.g., breaking into merchants' web sites -- a problem that SSL can't solve). In any case, the bank is generally responsible if someone steals your card info.

2. Is the paper "real" or another bogus "I broke SSL" claim? The paper is legit. The Slashdot announcement suggests that SSL itself is broken, however, which is a bit misleading.

2. Is this a practical attack to exploit? Cryptographers need to be paranoid about unexpected situations. As a result, attacks can be important even if they are not practical to exploit under real- world conditions. The attack described in this paper is similar; while there are quite a few preconditions for mounting the attack, this does not make the research unimportant or mean that people should ignore the work. Specific requirements to mount the attack include:

• The session has to use CBC mode. The vast majority of SSL connections use RC4, for which the attack is not applicable. Because of the algorithm negotiation used in SSL/TLS is secured in the initial handshake, man-in-the- middle attackers should not be able affect the outcome of the algorithm selection process.

• The attacker has to act as an active man-in-the-middle attacker. Passive eavesdropping is not sufficient.
• The server's SSL implementation has to be vulnerable (see #3 below). The protocol also has to be oblivious to repeated failures.

• The target protocol also has to have some very specific characteristics that allow the adversary to form the right kinds of messages. For most uses of SSL (e.g., normal web browsing), this type of attack does not generally apply.

3. Can affected implementations be fixed? Yes. OpenSSL has been updated (http://www.openssl.org/news/secadv_20030219.txt). For more information, also see http://www.openssl.org/~bodo/tls-cbc.txt. I don't know what other vendors/projects are doing.

4. Is this an issue for the client or the server? Normally, this would only be an issue for the "server" (i.e., the party that receives the connection request), since normal SSL clients don't automatically large numbers of connections.

A couple of final comments:

I'm constantly amazed by the number of ways that it's possible to screw up security. Overall, SSL 3.0 seems to have aged well, but I wish I'd done a better job of handling errors in the design. In particular, error handling was involved in both of the attacks against SSL that I consider non-obvious, notably Bleichenbacher's attack and CBC-padding attacks such as this one. While these types of attacks weren't known when I was designing SSL 3.0, I generally wish I'd provided less information in error messages.

Finally, I also want to give thanks everyone who has helped to study SSL's security, contributed to implementations, and helped shepherd it through the standards processes."

in4mation writes "The folks at LASEC have found a flaw in the SSL protocol. Quoting Professor Serge Vaudenay from a BBC article the security problem is in 'the SSL protocol itself and not in how we use it or how we implement it.' Apparently the flow only affects webmail and not banking or credit card payments and took less than an hour (160 attempts) to crack." Update: 02/20 20:52 GMT by T : Kurt Seifried writes to say that this is almost exactly wrong: "The flaw is in IMPLEMENTATION, NOT THE PROTOCOL. Due to the way error checks are handled an attacker can find out which error condition occurred by measuring the response. The solution is trivial, a path that forces OpenSSL to do the second check even if the first one fails, thus denying the remote attacker any information as to which exact error condition occurred." He includes a link to the security advisory at openssl.org. Update: 02/20 21:49 GMT by T : Read on below for some more information from SSL 3.0 designer Paul Kocher.

Kocher, President & Chief Scientist of Cryptography Research, Inc., writes:

The referenced paper (http://lasecwww.epfl.ch/memo_ssl.shtml) describes how timing variations in SSL/TLS implementations can be used in certain situations to slowly gather information about encrypted data. If the certain conditions are met, the attacker can decrypt some information from the message (e.g., a password). Strictly speaking, the fact that implementations reveal sensitive information in timing channels is an implementation issue, not a flaw in the underlying cryptographic protocol. This doesn't make the issue unimportant, however, and timing attacks are big deal for implementers because they are easy to introduce, notoriously tricky to detect, and often difficult to eliminate.

Answers to general questions:

1. Is it still okay to send my credit card number over SSL? Yes. This attack is not applicable to web shopping and there are much easier ways that fraudsters steal credit card information (e.g., breaking into merchants' web sites -- a problem that SSL can't solve). In any case, the bank is generally responsible if someone steals your card info.

2. Is the paper "real" or another bogus "I broke SSL" claim? The paper is legit. The Slashdot announcement suggests that SSL itself is broken, however, which is a bit misleading.

2. Is this a practical attack to exploit? Cryptographers need to be paranoid about unexpected situations. As a result, attacks can be important even if they are not practical to exploit under real- world conditions. The attack described in this paper is similar; while there are quite a few preconditions for mounting the attack, this does not make the research unimportant or mean that people should ignore the work. Specific requirements to mount the attack include:

• The session has to use CBC mode. The vast majority of SSL connections use RC4, for which the attack is not applicable. Because of the algorithm negotiation used in SSL/TLS is secured in the initial handshake, man-in-the- middle attackers should not be able affect the outcome of the algorithm selection process.

• The attacker has to act as an active man-in-the-middle attacker. Passive eavesdropping is not sufficient.
• The server's SSL implementation has to be vulnerable (see #3 below). The protocol also has to be oblivious to repeated failures.

• The target protocol also has to have some very specific characteristics that allow the adversary to form the right kinds of messages. For most uses of SSL (e.g., normal web browsing), this type of attack does not generally apply.

3. Can affected implementations be fixed? Yes. OpenSSL has been updated (http://www.openssl.org/news/secadv_20030219.txt). For more information, also see http://www.openssl.org/~bodo/tls-cbc.txt. I don't know what other vendors/projects are doing.

4. Is this an issue for the client or the server? Normally, this would only be an issue for the "server" (i.e., the party that receives the connection request), since normal SSL clients don't automatically large numbers of connections.

A couple of final comments:

I'm constantly amazed by the number of ways that it's possible to screw up security. Overall, SSL 3.0 seems to have aged well, but I wish I'd done a better job of handling errors in the design. In particular, error handling was involved in both of the attacks against SSL that I consider non-obvious, notably Bleichenbacher's attack and CBC-padding attacks such as this one. While these types of attacks weren't known when I was designing SSL 3.0, I generally wish I'd provided less information in error messages.

Finally, I also want to give thanks everyone who has helped to study SSL's security, contributed to implementations, and helped shepherd it through the standards processes."

axxackall contributes a link to Richard Black's report on BBC suggesting that "Computers of the future will be built not by factory machines, but by living cells such as bacteria. Scientists 'have described how wires can now be made by yeast organisms, and how solar panels could be built using substances produced by sea sponges. Researchers believe these kind of technologies will be essential if we are to continue to shrink the size of electronic devices.' But 'Computers made with these natural processes are not just around the corner -- it will be many years before the technologies can be developed that far.' While scientists think about small sizes and environmental benefits, I also think if it would be possible to implant such bacteria for additional computational power in human brains -- just in case we have to upgrade them." Update: 02/17 20:23 GMT by T : I chopped out that link accidentally, sorry.

Robin Rowe of the Film Gimp project has a piece running on NewsForge (also part of OSDN) that says "Film Gimp has recently been adopted by ComputerCafe, the fourth motion picture studio to use it in making feature films." Check out this recent post about Film Gimp to see some great screenshots of behind-the-scenes use. (And Rowe is also hoping you can get to the Linux Movies Track at Creative Cow West 2003, starting Tuesday in Los Angeles.) Update: 02/17 04:04 GMT by T : Brain rebooted, so I added the missing link.

infractor writes "Wired has an article about a wireless project delivering free broadband to a rural community. Using Linux based devices called meshboxes from Locustworld, they've created a local mesh network. More detail in this article. With Wi-Fi friendly ISPs talking about micro-ISP deals for wireless sharers this could be the accelerator UK broadband has been waiting for." Last year we mentioned the MeshAP-05, a bootable CD which "turns a single board computer or laptop into a mesh node and access point," since updated to MeshAP-06. Update: 02/13 19:52 GMT by T : I see from comments that -08 is actually the current version of MeshAP, with -09 soon. Thanks.

A few months ago, PGP creator Phil Zimmermann became a reseller for the current graphical version of the software he originally spawned, produced by PGP Corporation. Now, Zimmermann has just started selling through his own website a modern command-line encryption product called FileCrypt, which has its roots in an older version of PGP. Confusingly enough, this software is produced by a company called (Veridis), and doesn't say PGP on the box, because legally it can't. Network Associates, which acquired PGP Inc. in 1997, still holds the rights to that name; when NAI spun off PGP to PGP Corporation in 2002, they held onto the command-line version. PGP Corporation, for whom Zimmermann serves as a technical advisor (as well as a reseller), is contractually unable to sell a command-line version. (He is on the board of Veridis as well.) But why introduce a text-only version of utility software, anyway, when the GUI-fied desktop version has been maturing for years and costs less? Update: 02/07 23:07 GMT by T : Here are three instant clarifications: PGP Corporation was misrendered as "Open PGP" in this paragraph; Veridis' command line product was inspired by PGP but independently created; its codebase is separate from NAI's version of PGP; and the rights holder to the PGP name is PGP Corporation, not NAI.

They aren't paying for a pretty logo. The real reason is that the GUI version of PGP (along with other graphical encryption software, like the GNU Privacy Guard) aren't even in the same market.

Casual computer users have never laid out much money for encryption. The widespread use of PGP in its original incarnation (during the era of Zimmermann's prosecution for allowing it to be exported) can be attributed as much to its zero-dollars price as to a generalized interest in privacy. Home and hobby users are not cut out from buying Veridis's software -- for about a hundred dollars, you can buy a personal use version of the command-line version. The real money isn't in individuals keeping their tax records private, though -- Zimmermann and Veridis, like NAI (whose PGP-based product is called E-Business Server) are really aiming at commercial and governmental datacenters, and for customers willing to accept a much higher pricetag.

Insurance companies, banks, credit card processing centers, state records -- anywhere financial or otherwise confidential records are exchanged or stored en masse -- these all need encryption which works at the command-line. More precisely, they need crypto software which can work without direct human intervention at all. Instead, massive data centers need tools which can be called by scripts and other programs, so servers, or server farms, can spend their time crunching numbers rather than drawing pictures.

The name is familiar ... The commercial competition FileCrypt faces is familial -- it's the same product from NAI (sold from their McAffee division) that prevents Zimmermann and Veridis from calling their software PGP, even though NAI now labels their product E-Business Server. And though many companies have homegrown cryptographic solutions, Zimmermann says he knows of no other packaged software offering the high-volume encryption that the products from NAI or Veridis do.

And, he emphasizes, what they do is very similar. He says of the Veridis command-line product compared to NAI's, "It's drop-in compatible, identical in operation ... you could run the same perl scripts, the same command-line arguments."

If you want to buy Veridis' encryption software licensed for electronic commerce (not one-person use), hold onto your wallet: the price jumps about 50 times, to a shade under $5000, which Zimmermann describes as a bargain -- at least compared to the competition.

(Prices on the McAfee website show a one-year subscription-based license for E-Business Server starting at $6,875; $14,375 buys a perpetual license, with no included support.)

Both sides of that fence. And of competing in this case with a product that originated from his own crypto software (and his own company, PGP Inc.), Zimmermann says "I just don't really think of that as my product any more. It's in the hands of NAI, all the engineers have been fired. I just don't feel psychologically connected to that product." To look and not to sell. Especially when it comes to cryptographic software, code openness is considered not just a virtue but a near necessity. Peer-review and independent auditing, after all, are about the only ways you can tell that software isn't shuttling credit card numbers to the wrong person.

The business model of selling high-priced crypto software at thousands of dollars per processor doesn't mesh well with gratis software, though. To that end, Zimmermann says the FileCrypt code will be soon be available for download and inspection under terms which he says will be similar to those under which users can download the code for PGP Corporation's version of the PGP-based desktop software. (PGP Corporation's terms are available though their source code page).

ditogi writes "The Harvard Political Review did a quick interview with the lord of darkness himself, Jack Valenti. He gives his thoughts on government mandated copy prevention, fair use, and lobbying. In response to his famous 'VCR is [to the movie industry]...as the Boston strangler is to the woman home alone.' quote, he responds, 'I wasn't opposed to the VCR.' And what does he think of his current job? 'I think lobbying is really an honest profession.'" My favorite quote: "In the digital world, we don't need back-ups, because a digital copy never wears out. It is timeless." Update: 02/05 20:05 GMT by T : Derek Slater writes "I'm the author of the Valenti article you guys linked to. I've made some brief comments about it on my site, and figured I'd send them along."

An anonymous reader writes "GreyMagic has issued five new security advisories for the recently-released Opera 7.0. They affect the security model, the javascript console, images, the history and the error log (allowing access to the history). A new version will be released within 24 hours to fix the holes, according to an article at The Register." Update: 02/05 02:01 GMT by T : An anonymous reader writes "Opera Software have just released Opera 7.01 for Windows. This version fixes the recently discovered security holes less than 24 hours after they were discovered - a very impressive turnaround! The release is currently only available on Opera's FTP site. It can be downloaded with Java (12.9Mb) or without (3.3Mb)."

phatvibez writes "Cnet is running a story that says 'Several companies have joined to launch a consortium to promote Linux for desktop computers, a significant expansion for an operating system that today fits more comfortably on servers.' This is great news, I hope they actually do something and we see some great stuff come from this!" Another submission on this note: TweetZilla writes "According to ExtremeTech, Suse is taking a play from Xandros. Crossover Office and Plugin are now bundled into Suse's desktop to provide Windows and Office compatibility." Update: 02/04 18:18 GMT by T : Here's a link to the consortium's web site.

I've just recently returned from Linux Conference Australia 2003, held in Perth, Western Australia. I've had an incredible time, and this has easily been the best technical/Linux show I've been to since ALS was still operating. I've got a write-up below, and some notes on what happened, what's the plan for next year (It'll be in Adelaide, and I'm greatly looking forward to it!), and a photo round up. A number of other articles have appeared, and Kate MacKenzie's write up in The Australian was good as well, in addition to Telsa Gwynne's excellent write-up and Linux Magazine Au has some articles as well. Update: 02/04 02:42 GMT by T : ilovestuff points out ZDNet Australia's coverage as well.

I was actually invited to come to present the hacker survey that OSDN had done in conjunction with the Boston Consulting Group. However, upon looking at the conference plans, it was quickly apparent that that would be one of the few non-technical presentations, which was a pleasant change from my normal conference regime, in which the technical stuff seems crammed into one half day. I've heard that OLS is quite similar, but have not had a chance to attend. Nonethless, obviously my work withstanding *grin* the presentations were excellent - read the program to see for yourself.

I was able to attend Tridge's keynote, having only arrived Wednesday morning, a ARQuake presentation done by Wayne Pierkarski (we've mentioned it before). The afternoon was spent at Conrad's presentation on sweep, which is a hella cool audio app. Finally, the Q&A was Rusty, BDale, Tridge and Linus. Some of the typcial questions were asked, but there were some other questions 'round about DRM, IPv6 and some of the more social questions that were interesting. I think the DRM issues is one of the areas that some people are greatly concerned about, while other people have adopted a more Pollyana approach to it.

Unfortunately, on Friday, while I was presenting, there were two other presentations that I wanted to attend, but alas, had to speak myself. Rasmus, as usual, did a number of talks, and I was able to catch part of PHP printing with PDF, which was informative. Alex Reeder, part of VA Linux Japan also did a presentation on his work with bioauthentication, and my final piece of the show was Horms' presentation on Perdition, a mail retrieval proxy he's been working on.

But presentations aside, which were as a rule exceptional, I think one of the best parts was the relaxed feel, and the amount of interchange between just about everybody here. Almost every one that you talked to was fluent in Linux, programming or what not, which made for easy conversation with everyone there. The Perthites who really managed to put this together also did an exceptional job. To be frank, this is the only show I'd ever consider travelling 13,500 miles for.

I'd encourage anyone who attended or was part of it to post below -- and here's to looking forward to next year. One of the most amusing pictures though has to be the Linus in the penguin suit. The hats are off to the organizing team for their hard work -- and the speakers who traveled afar to be part of this. And from the wonderful uses of pizza box - yet more zaniness.

You can also check out some of photo round ups from Leon, Noel, and, of course, Marc Merlin's done a great round-up, as well as group round-up and one final one.

Overall, I highly highly recommend this show -- probably one of the best on the planet -- and for those in know, 23 will fall.

Slashback tonight with more on SBC's claim to own patents covering basic Web navigation techniques, an eyebrow-raising look at Slammer's spread, bad news for Ogg streams from the BBC, and more. Read on for the details. Update: 02/04 00:13 GMT by T : And late-breaking good news from SDF regarding its Public Access UNIX System.

FedEx should take notes. nweaver writes "We have completed our preliminary analysis of the Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to spread worldwide, scanning at a peak rate of over 55 million IP addresses per second, making it by far the fastest worm to date and nearly two orders of magnitude faster than Code Red. It infected at least 75,000 victims and possibly considerably more. The remarkable speed was due to the use of a bandwidth-limited scanner. There were also two bugs in the random number generator. Copies of our analysis are available from CAIDA, Silicon Defense, and UC Berkeley."

"Sir, this patent application needs to filled out in ink. Not Crayon." We recently posted that the company SBC was calling in the chips on patents it holds which the company claim cover certain types of navigation links found on many web pages. Dan Gillmor writes "Noticed the link to Cringley's piece. Well, I did ask readers for prior art and got quite a bit, some of which I've posted..."

Speaking of SBC, theodp writes "The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."

I wonder how much they'd feel justified in writing off if they donated their web patent portfolio to the FSF.

Can we call this an on-again, off-again relationship? Albanach writes "It seems the BBC who had pioneered Ogg Vorbis broadcasting on a serious scale have abandoned Ogg indefinitely. They say other work commitments make Ogg support no longer a priority. Their statement can be read here"

What, and let all my pigeons escape? FedeTXF writes "We already love pop-up blocking in Mozilla and some other related browsers, now Blogzilla is reporting a great trick to get rid of embedded ads (banners and iframes) using plain CCS and the always amazing Mozilla flexibility and openness. Go check this page if you are anxious to see how to set it up."

Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ""For anyone who has recorded video or taken photos that they believe may be of aid in the investigation of the Space Shuttle Columbia accident, NASA has established a special location on the Web where Internet users may upload their media files to be reviewed by NASA." Although sad news all around, thanks to pleasant for the link."

Here's the late-breaker. fonixmunkee writes "looks like SDF will return soon. a message stating that they negotiated a new contract graced the single page in the "members area" of the temporary www.lonestar.org, but did not cite who specifically with. a few different ideas were tossed around for hosting, so only time will tell with who. i also just today got an e-mail from the Washington State Attorney General's Office that offered a small ray (read: none) of hope for assistance with SDF's run-in with NWLink. (NWLink breached SDF's contract.) hope all is well soon." This is good news, especially so soon after SDF got the rug yanked from under them.

Darwin X writes "So, Microsoft will finally put Sun's JRE into future versions of Windows. This article talks about how they're taking the steps to make this happen. The fun part of it is that Microsoft has released a statement that said Windows Customers are NOT required to update their machines with this. Ah, yes...gotta keep it all MS in the house..." Update: 02/03 23:07 GMT by T : However, according to this report on News.com, Microsoft has may be able to backtrack anyhow -- they've gotten a stay from the 4th Circuit Court of Appeals, meaning the earlier order to ship Java with Windows doesn't apply, for now.

An anonymous reader submits "Competing infrastructures may foster improvement in each desktop, but the Gnome and KDE hackers still know how to work together when needed. The Free *nix desktop has been improving quickly. Red Hat's unified desktop was controversial, but obviously the right decision for regular users. Now that KDE and Gnome have decided to combine their Human Interface Guides, it can be done right--by the developers themselves. Note: they also want to involve 'people working on other non-KDE non-GNOME HIGs.'" Update: 02/03 20:19 GMT by T : Apparently not everyone's browser can read http://freedesktop.org, so the initial link up there now sports a "www" as well. And it's .org -- sorry.

Thanks to all the readers who have sent links related to today's shuttle disaster. An Associated Press story carried on Salon says that an independent board (with members from the Air Force, Navy, Transportation Department and other federal agencies) has been appointed to investigate the disaster. CNN is carrying official statement from President Bush. Rediff.com has an article on the life of Indian astronaut Kalpana Chawla. borisonanovitch points to "more info on the science aboard Columbia and links to other NASA research." fabel reminds us "Most of the media is focusing on the slight damage that ocurred at takeoff (that NASA discounted at the time) but STS-107 was *delayed* for 6 months (original launch date 19 Jul 2003) Update: 02/01 23:51 GMT by T : [Note, should read "2002."] because of cracks in the propellant feed lines to the 3 main engines. A defect that could have caused catastrophic failure. Did the fix work or not?"

Vladimir Kornea writes "This article argues that 'when someone buys and uses a product, the technological aspects are a small and often uninteresting part of the decision' and that the when the 'whole product' (a term commonly used among marketing people) is considered, VHS was better than Betamax, and that the Wintel PC is better than the alternatives." Update: 01/29 04:26 GMT by T : Apologies for the dupe.

MondoMor writes "Microsoft's forgot to patch some of its own servers to protect it from the months-old vulnerability exploited by the Slammer Worm, reports C|Net. Oops. Apparently Redmond's network was hit pretty hard. Just goes to show that no matter who you are, you'd better keep your apps patched." Update: 01/29 01:59 GMT by T : And if you're running systems which might be affected, take note: whitehorse writes "The Microsoft KB article for the Slammer patch found here has an incorrect URL for 'Download the patch' referring to KB Q316333 which is only a handle leak fix. The real patch may be found later in the article."

So, if you're a good, patriotic American, you're certainly watching the Superbowl right about now. The dot-com ads should be pretty much absent this year, but perhaps there will be something more interesting than ads for recycled movies. Maybe even the game will be worth watching. :) Update: 01/27 17:02 GMT by T : Chardish writes "If you didn't catch the trailer for The Matrix: Reloaded on the Superbowl last night, it's now available for download."

Slashback tonight with followups on previous stories about tablet computers, the fire at Mt.Stromlo, and Mandrake Linux -- read below for the details. Update: 01/24 00:08 GMT by T : One more update added below, regarding the post earlier this week on nVidia's new video card.

The silver lining.dragonsister writes "Regarding the recent slashdot story on Mount Stromlo Observatory being hit by fire, it seems the damage is not nearly as extensive as it might have been. The Australian National University has posted details here. In particular, the office buildings were spared, meaning that the work of staff and students is safe, and the many years worth of data collected should still be usable. The main question remaining in my mind is whether or not there were backups of the data on the computers that were actually located in the telescope buildings themselves, as these contained information crucial to the interpretation of some of the data. The importance of off-site backups has just been demonstrated. Everybody backup now!"

And blakduk writes "We were able to enter the site and retrieve computing equipment that survived the fire. This enabled us to set up our servers and have all staff back on-line within 24 hours."

Other than that, how was the parade? Back in November, I posted an article about the DocuNote, an inexpensive tablet PC available with Linux. According to richardbondi , maybe "cheap" would be a better word. He writes:

"I bought one, it arrived today. It was clearly used, not new, and didn't work. If you tilted it, it hung. I gave up after a dozen reboots. Only purchasable from www.microsono.com, where all sales are final.

The handwriting recognition software turned out to be trialware.

And although the stepupcomputing.com site says it works with Windows 2000, it came with a note that said now it has to be OEM installed.

One user's bad experience -- bad hardware, deceptive advertising re software."

Looks nice over two monitors, too. Znonymous Coward writes "Mandrake is trying to prove it's not dead yet. Yesterday[Note: the 19th, that is], they released Beta 2 of Mandrake 9.1. You can get the 2 ISO images from the usual mirrors." There's a (critical but mostly positive) review of this 2nd beta running at DistroWatch, too.

Once this starts it always gets messy. Per Hansson writes

"Yesterday we at Techspot posted a Interview with Nvidia plus high-resolution pictures of the Geforce FX.

A few sites rightfully claimed that this material had been stolen from Nordichardware however this was not the case, we interviewed Nvidia at the same time and therefore our Interviews looks so similar."

Anton Nilsson, assistant editor in chief of Nordic Hardware writes, in contrast,

"... [I]t seems as if they have used my material as found here.

I've spoken to the TechSpot staff and the person who reported the news item to you and it seems as if they overheard me doing my interview with nVidia at Comdex. Since they didn't want to bug nVidia with the same questions again they later on read the interview at my page and then posted it on theirs. Still that doesn't make up a fair excuse in my opinion."

You'll have to make up your own mind on this.

Lours writes "OzXChip, an Australian company, has a new Xbox chip which comes preinstalled with the new (Cromwell Linux BIOS. Previous chips came without (or simplistic) BIOS for obvious legal and hardware-related (HD-key) reasons you had to go through a lot of manipulations in order to install a patched version of the original Microsoft BIOS or ask the vendor to do it which obviously he was not willing to do for free (when he was willing to). Since the new Cromwell BIOS is fully open source it can be shipped with the chip without any legal risks, gaining you a lot of time, sweat and money. Plus the chip has a very useful feature: by using software based on Andy Green's -- one of the maintainers of the XBox Linux project -- Raincoat, it lets you flash a new BIOS very easily: burn the BIOS file onto a blank CD, put it in the Xbox, boot and you are done. With such beasts there is not much left in the way of want-to-be Linux Xbox hackers who might have been affraid until now to have to deal with delicate hardware intricacies or reluctant to run the whole town for a vendor willing to mod their Xbox at the smallest fee. With important linux distributions also incoming (Debian and Mandrake are underway if not completed) it won't be long before everyone can write code for (and on!) the machine only a few minutes after receiving the chip in his mailbox. Hopefully we are going to see a zillion things running on the machine that Microsoft would only have dreamt of making (and selling)." Update: 01/23 16:07 GMT by T : The company's name is actually OzXChip, rather than OzChip (as originally rendered); thanks to reader Michael Muir for pointing this out.

HappySlacker writes "Looks like the forums from slackware.com that Patrick Volkerding (Slackware's daddy) had to take down because of massive trolling are fully active again after 2 years of hibernation as read-only at userlocal.com." Update: 01/21 19:23 GMT by T : Jeremy from LinuxQuestions.org points out the forums on that site, which is recommended on Slackware's links page.

jnazario writes "In Dealers of Lightning, Michael Hiltzik illustrates a remarkable setting where research was leading to commercial products. Not all of it, though -- he is telling the story of Xerox PARC and discusses both technologies that made it to commercial shelves and too many that didn't. This is the central story of the book, told with great joy and creativity as well as skill. I got this book originally because I wanted a good read on the origin of network-based worms. What I got was one of the better books on the subject of the history of the computer industry I have yet found." Read on for more on Dealers of Lightning. Dealers of Lightning: Xerox PARC and the Dawn of the Computer Age author Michael Hiltzik pages 448 publisher Harper Business rating 7.5 reviewer jnazario ISBN 0887309895 summary A worthwhile read for hackers and their managers, alike.

PARC, Xerox's Palo Alto Research Center, was created after Xerox bought the research heavy SDS, (Scientific Data Systems), in the late 1960s. Almost immediately the seeds are being planted for a research arm of Xerox. Great minds are obtained in the process and in the same year the ARPANET becomes functional. The timing couldn't have been better.

What quickly emerges is the story of a large group of people, led by great minds and personalities like Bob Taylor and Charles Thacker. Strong of mind and personality, these are bright, visionary people who know what they want to do and how they will have to go about it. No hesitation, the bigger problems are things like How do you bring the right people together? And once there, what do they need?

Taylor brought together the best and brightest he could find, which is to say he got some of the best minds on the planet.

At every stage of the story, Hiltzik captures the mood, the emotion and the environment. In the early stages, he describes how this wondrous world was hatched out of determination and willpower. Xerox looked on during this early stage, perhaps a bit apprehensively, but also expectantly.

With a lot of freedom to tinker, a strong group of physicists and computer scientists were assembled and began building some of the greatest stuff in the world. By the time the 70s are over, Hiltzik's story is thick with the tension of researchers who design without products in mind and with management which attempts to see the value proposition in everything coming out of PARC.

Hiltzik's tour includes stories of how Ethernet was built, how the first personal computers were created and networked, how WYSIWYG applications emerged, and how so much else was created. He spends a lot of time discussing the invention of the laser printer, originally a dream of an idea by outcast physicist Gary Starkweather. Fighting sneers and doubt all along the way, he persisted and created the laser printer. But management only saw a threat to their core business of toner transfer copiers and the outrageous price of the device. However, they did patent the technology and that one invention alone paid for the entire PARC venture.

Several inventions seem so basic that you have to wonder how a company as apparently adept and bright as Xerox failed to capitalize on. Desktop publishing, which seems like a natural outgrowth of a document-processing company like Xerox, was born at PARC but discarded. Color printing as well was dismantled by Xerox. Other ventures, such as the personal computer and the Smalltalk language, seem obvious as unnatural fits for Xerox.

This is the crux of the book, and why it is such a valuable read for both engineers and management alike. For engineers, it is important to get a feel for how management operates, how they best appreciate ideas as marketable products. The same goes for managers, who often don't appreciate the value of research ideas; in this history, Hiltzik shows how that even when things were on the brink of falling apart for Xerox, management was able to continue its course, hoping the rest of the world would be content to buy only a handful of large-scale copiers.

Ultimately the book's epilogue gets it right, more or less. Xerox didn't fumble their future, though they did fail to understand the value of several of PARC's achievements. This is a hotly debated topic for many who feel that Xerox could have easily demanded hefty sums from Apple, IBM, and Microsoft or simply gone to market first with a mass-market personal computer.

The geek in me loves this book for so many reasons. Hiltzik's book is in the same spirit as The Soul of a New Machine and Fire in the Valley -- it's presented in a really thrilling way. The historian in me loves the modern history of the computer science community, and loves to see how the spirit of PARC has migrated to Apple, SGI, Microsoft, and beyond.

All in all I am very glad I read this book. It's inspirational, interesting, and of course relevant to what I do. A highly recommended book.

You can purchase Dealers of Lightning from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ian Bell writes "We have just posted a very difficult guide to turning your ATI Radeon 9500 into a 9700. But you have to have the correct 9500. A 9500 with 4 rendering pipelines, modified to enable all 8 pipelines, will effectively double the memory bus, if you have the extra 64 Meg of memory to attach it to. We will explain below which card to acquire for this awesome graphics card transformation. Check out how to do this yourself and get the power of a 9700 at half the price." Update: 01/19 18:33 GMT by T : And for those running Windows, Sanity writes "Aside from the hardware mod, there is a program called Riva Tuner that has, among other things, a software mod for unlocking those gates, plus overclocking to a full 9700 pro! Gives me more $$$ to spend on cool stuff."

Vegard writes "Although not yet officially announced, the 5.0 version of FreeBSD is beginning to appear on the FreeBSD FTP site and mirrors world wide." Congrats to the developers. Update: 01/19 17:44 GMT by T : Some more detail -- Dan writes "Scott Long of FreeBSD Release Engineering team has officially announced the availability of FreeBSD 5.0 release. Improvements include second generation UFS filesystem, GEOM, the extensible and flexible storage framework, DEVFS, the device virtual filesystem, Bluetooth, ACPI, CardBus, IEEE 1394 and many more! FreeBSD is also available on 64-bit sparc64 and ia64 platforms."

Fiver-rah writes "The Supreme Court voted for Disney in Eldred vs. Ashcroft. Lessig's next proposal is a policy solution which needs our help. He proposes that 50 years after publication, a work falls into the public domain unless a small fee ($50 in the NYT piece, but he says $1 is sufficient here) is paid to a governing board. This has two important effects. First, it allows the vast majority of works to fall into the public domain. Second, it gives us a publicly searchable database of copyright holders, so we could easily determine what was free and what was not. Support this proposal by writing to your elected officials! We couldn't make much of a difference with the Supreme Court, but we can with Congress." Update: 01/18 20:50 GMT by T : Related news: An anonymous reader writes "With the support of Lessig infoAnarchy has set up a wiki page devoted to copyright issues."

clarionhaze writes "Many have tried, and failed, at getting a robot to sustain it's own balance. However; Steve Hassenplug accomplished it with with a small robot he made out of legos and a program in C that runs on BrickOS, an OS made for Legos! You can check out his site or read the article over at TechTV." Update: 01/18 15:52 GMT by T : Unanimous Cow writes "David Anderson of the Dallas Personal Robotics Group has an excellent web page with images and movies of his two-wheel balancing robot. This one uses a single-axis inertial measurement sensor and is very robust on uneven surfaces and off-road."