Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Gamer Banned From Dragon Age II Over Forum Post
RogueyWon writes "Kotaku is reporting that a Dragon Age II gamer banned from BioWare's forums for an allegedly inflammatory post has been locked out of the (singleplayer only) game for the duration of the ban. This is a consequence of EA's backend systems, which link forum accounts to the accounts that players use to access their games. This would appear to be a worrying new development; while trolling forums has led to bans from massively multiplayer games in the past (arguably with some justification), the extension of the principle to singleplayer games, where an abusive player cannot affect the enjoyment of others, must surely be a step too far." -
Ask Slashdot: Data-Only Phone, Voice Over WiFi?
enFi writes "I want to pay one ISP (only!) for data (only!), and use it for my smartphone and my computer; and until they catch up, I want not to inconvenience the rest of the world — still let them call a phone number. (We all want this, right?) I'm most of the way there: my plan is to get a Clear Spot (their 4G WiMAX coverage is good for me) to use with my unlocked Nexus S (which will only ever use WiFi). I could just use Skype and an Online Number, but talk of Sipdroid+pbxes.org+GV and the recent Google Voice / SIP article make me think I'm only starting to untangle the mess of services and options. Is there a good (not to mention best) way to do this?" -
Flash-to-HTML5 Translator: Smart But Not Pretty
snydeq writes "Fatal Exception's Neil McAllister takes a first look at Wallaby, Adobe's experimental tool for transforming Flash content into HTML5, and finds the tool an interesting idea with little yet to offer. 'Wallaby engineers have made sound decisions in designing the tool, but what you actually get when you convert a Flash project to HTML5 is extremely limited,' McAllister writes, in large part because many Flash features are not supported, leaving developers to add their own interactivity with jQuery." -
Has GNOME Rejected Canonical Help? Shuttleworth Responds
akgraner writes "When Canonical made the decision to make Unity the default desktop, some questioned the GNOME/Canonical relationship. Adding fuel to this fire was the recent distribution split of revenue generated by Banshee. These decisions caused the Ubuntu, GNOME and even Fedora community members to ask why these things were done. In Dave Neary's 'Has GNOME rejected Canonical help?' post, he states, 'I have repeatedly read Canonical & Ubuntu people say, "We offered our help to GNOME, and they didn't want it."' Neary gives examples in his post of what others have said to back up the 'they didn't want it' claim by Canonical and Ubuntu people. Today, though, Shuttleworth responds on his blog. 'Competition is tough on the contestants, but it gets great results for everyone else.'" -
Town Expands To Boost Cooling For NSA Data Center
1sockchuck writes "A substantial water supply is critical for most large data centers. A case in point: Officials in Bluffdale, Utah have agreed to annex land housing a new $1.2 billion data center for the National Security Agency. The move makes the NSA a higher priority customer for Bluffdale's water utility, which prevents its water supply from a potential cutoff in the event of a water shortage — which would be a problem, since water will be used extensively in the data center's cooling system. Many large data centers have been working to reduce their water use to make them more sustainable and reliable." -
Book Review: Social Engineering: The Art of Human Hacking
brothke writes "One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes 'tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.' Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security." Keep reading for the rest of Ben's review. Social Engineering: The Art of Human Hacking author Christopher Hadnagy pages 408 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 0470639539 summary Definitive text on social engineering With that, Social Engineering: The Art of Human Hacking is a fascinating and engrossing book on an important topic. The author takes the reader on a vast journey of the many aspects of social engineering. Since social engineering is such a people oriented topic, a large part of the book is dedicated to sociological and psychological topics. This is an important area, as far too many technology books focus on the hardware and software elements, completely ignoring the people element. The social engineer can then use that gap to their advantage.
By the time that you start chapter 2 on page 23, it is abundantly clear that the author knows what he is talking about. This is in stark contrast with How To Become The Worlds No. 1 Hacker, where that author uses plagiarism to try to weave a tale of being the world’s greatest security expert. Here, Hadnagy uses his real knowledge and experience to take the reader on a long and engaging ride on the subject. Coming in at 9 chapters and 360 pages, the author brings an encyclopedic knowledge and dishes it out in every chapter.
Two of the most popular books to date on social engineering to date have been Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack.
The book digs deep and details how the social engineer needs to use a formal context for the attack, and breaks down the specific details and line-items on how to execute on that. That approach is much more suited to performing social engineering, than simply reading about social engineering.
Chapter 1 goes though the necessary introduction to the topic, with chapter 2 detailing the various aspects of information gathering. Once I started reading, it was hard to put the book down.
Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet(Pdf) that is uses to assist agents with elicitation.
After elicitation, chapter 4 details the art of pretexting, which is when an attacker creates an invented scenario to use to extract information from the victim.
Chapter 5 on mind tricks starts getting into the psychological element of social engineering. The author details topics such as micro expressions, modes of thinking, interrogation, neuro-linguistic programming and more.
Chapter 6 is on influence and the power of persuasion. The author notes that people are trained from a young age in nearly every culture to listen to and respect authority. When the social engineer takes on that role, it becomes a most powerful tool; far more powerful than any script or piece of software.
The author wisely waits until chapter 7 to discuss software tools used during a social engineering engagement. One of the author’s favorite and most powerful tools is Maltego, which is an open source intelligence and forensics application. While the author concludes that it is the human element that is the most powerful, and that a great tool in the hand of a novice is worthless; the other side is that good tools (of which the author lists many), in the hands of an experienced social engineer, is an extremely powerful and often overwhelming combination.
Every chapter in the book is superb, but chapter 9 – Prevention and Mitigation stands out. After spending 338 pages about how to use social engineering; chapter 9 details the steps a firm must put in place to ensure they do not become a victim of a social engineering attack. The chapter lists the following six steps that must be executed upon:
Learning to identify social engineering attacks
Creating a personal security awareness program
Creating awareness of the value of the information that is being sought by social engineers
Keeping software updated
Developing scripts
Learning from social engineering audits
The author astutely notes that security awareness is not about 45- or 90-minute programs that only occur annually; rather it is about creating a culture and set of information security standards that each person in the organization is committed to using their entire life. This is definitely not a small undertaking. Firms must create awareness and security engineering programs to deal with the above six items. If they do not, they are them placing themselves at significant risk of being unable to effectively deal with social network attacks.
As to awareness, if nothing else, Social Engineering: The Art of Human Hacking demonstrates the importance of ensuring that social engineering is an integral part of an information security awareness program. This can’t be underemphasized as even the definitive book on security awareness Managing an Information Security and Privacy Awareness and Training Program only has about 10 pages on social engineering attacks.
There are plenty of security books on hardware, software, certification and more. Those were perhaps the easy ones to write. Until now, very few have dealt with the human element, and the costs associated with ignoring that have been devastating. Social Engineering: The Art of Human Hacking is a book that is a long time in coming, but worth every page.
While seemingly geared to the information security staff, this is a book should be read by everyone, whether they are in technology or not. Social engineering is not something that just occurs behind a keyboard. Social attackers know that. It is about time everyone else did also.
Reviewer Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know
You can purchase Social Engineering: The Art of Human Hacking from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Social Engineering: The Art of Human Hacking
brothke writes "One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes 'tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.' Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security." Keep reading for the rest of Ben's review. Social Engineering: The Art of Human Hacking author Christopher Hadnagy pages 408 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 0470639539 summary Definitive text on social engineering With that, Social Engineering: The Art of Human Hacking is a fascinating and engrossing book on an important topic. The author takes the reader on a vast journey of the many aspects of social engineering. Since social engineering is such a people oriented topic, a large part of the book is dedicated to sociological and psychological topics. This is an important area, as far too many technology books focus on the hardware and software elements, completely ignoring the people element. The social engineer can then use that gap to their advantage.
By the time that you start chapter 2 on page 23, it is abundantly clear that the author knows what he is talking about. This is in stark contrast with How To Become The Worlds No. 1 Hacker, where that author uses plagiarism to try to weave a tale of being the world’s greatest security expert. Here, Hadnagy uses his real knowledge and experience to take the reader on a long and engaging ride on the subject. Coming in at 9 chapters and 360 pages, the author brings an encyclopedic knowledge and dishes it out in every chapter.
Two of the most popular books to date on social engineering to date have been Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack.
The book digs deep and details how the social engineer needs to use a formal context for the attack, and breaks down the specific details and line-items on how to execute on that. That approach is much more suited to performing social engineering, than simply reading about social engineering.
Chapter 1 goes though the necessary introduction to the topic, with chapter 2 detailing the various aspects of information gathering. Once I started reading, it was hard to put the book down.
Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet(Pdf) that is uses to assist agents with elicitation.
After elicitation, chapter 4 details the art of pretexting, which is when an attacker creates an invented scenario to use to extract information from the victim.
Chapter 5 on mind tricks starts getting into the psychological element of social engineering. The author details topics such as micro expressions, modes of thinking, interrogation, neuro-linguistic programming and more.
Chapter 6 is on influence and the power of persuasion. The author notes that people are trained from a young age in nearly every culture to listen to and respect authority. When the social engineer takes on that role, it becomes a most powerful tool; far more powerful than any script or piece of software.
The author wisely waits until chapter 7 to discuss software tools used during a social engineering engagement. One of the author’s favorite and most powerful tools is Maltego, which is an open source intelligence and forensics application. While the author concludes that it is the human element that is the most powerful, and that a great tool in the hand of a novice is worthless; the other side is that good tools (of which the author lists many), in the hands of an experienced social engineer, is an extremely powerful and often overwhelming combination.
Every chapter in the book is superb, but chapter 9 – Prevention and Mitigation stands out. After spending 338 pages about how to use social engineering; chapter 9 details the steps a firm must put in place to ensure they do not become a victim of a social engineering attack. The chapter lists the following six steps that must be executed upon:
Learning to identify social engineering attacks
Creating a personal security awareness program
Creating awareness of the value of the information that is being sought by social engineers
Keeping software updated
Developing scripts
Learning from social engineering audits
The author astutely notes that security awareness is not about 45- or 90-minute programs that only occur annually; rather it is about creating a culture and set of information security standards that each person in the organization is committed to using their entire life. This is definitely not a small undertaking. Firms must create awareness and security engineering programs to deal with the above six items. If they do not, they are them placing themselves at significant risk of being unable to effectively deal with social network attacks.
As to awareness, if nothing else, Social Engineering: The Art of Human Hacking demonstrates the importance of ensuring that social engineering is an integral part of an information security awareness program. This can’t be underemphasized as even the definitive book on security awareness Managing an Information Security and Privacy Awareness and Training Program only has about 10 pages on social engineering attacks.
There are plenty of security books on hardware, software, certification and more. Those were perhaps the easy ones to write. Until now, very few have dealt with the human element, and the costs associated with ignoring that have been devastating. Social Engineering: The Art of Human Hacking is a book that is a long time in coming, but worth every page.
While seemingly geared to the information security staff, this is a book should be read by everyone, whether they are in technology or not. Social engineering is not something that just occurs behind a keyboard. Social attackers know that. It is about time everyone else did also.
Reviewer Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know
You can purchase Social Engineering: The Art of Human Hacking from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
A Bittersweet Finale For Discovery Space Shuttle
Julie188 writes "The shuttle Discovery re-entered the Earth's atmosphere for the last time Wednesday to close out the space plane's 39th and final voyage. And so marks the beginning of the end for America's shuttle program. Everything about the last flight felt epic, from how it overcame a down-to-the-last-second problem to launch on its final mission in February, to its sunny final landing this week. As it coasted to a stop, Discovery's odometer stood at some 5,750 orbits covering nearly 150 million miles, during 39 flights spanning a full year in space — a record unrivaled in the history of manned rockets." -
Ex-Microsoft CTO Writes $625 Cookbook
carusoj writes "Nathan Myhrvold, Microsoft's first CTO, made his mark in the tech world. Now he's cemented his place in the world of cooking and food science with the publication of a groundbreaking six-volume, 2,438-page cookbook. Some of the techniques in Myhrvold's Modernist Cuisine are intimidating, to put it mildly, calling for such daunting ingredients as liquid nitrogen and equipment such as centrifuges and rotor-stator homogenizers. But Myhrvold and his co-authors insist that the majority of recipes can be made in a conventional home kitchen — with a few recommended, inexpensive extras such as a digital gram scale and water bath for sous vide cooking." Dear Bosses: When you see the centrifuge on my March expense report, please note that this is a legitmate business expense. If you're still curious, we ran a story a couple years ago on Nathan's Kitchen Lab. -
AMD's New Flagship HD 6990 Tested
I.M.O.G. writes "Today AMD officially introduces their newest flagship GPU, the Radeon HD 6990. Targeted to counter Nvidia's current generation flagship GTX580, for AMD this is a followup to their previous generation 2xGPU on a single PCB design, the Radeon HD 5970. It represents the strongest entry AMD will release within their 6000 series graphics lineup. Initial testing and overclocking results are publishing at first tier review sites now. As eloquently stated by Tweaktown's Anthony Garreffa, the 6990 'punches all other GPUs in the nuts.'" -
Intel's New Core I7-990X Extreme Edition Tested
MojoKid writes "Intel recently launched a speed bump of their flagship Extreme Edition Core i7 processor, known as the Core i7-990X. Its multiplier is unlocked and it's clocked at 3.45GHz stock speed with a Turbo Boost top-end speed of 3.73GHz. Intel claims its the fastest desktop chip on the planet; like geek tiger blood for your PC. The new Core i7-990X is also based on the 32nm Gulftown core and the performance metrics show it's easily the fastest 6-core chip for the desktop currently but of course it'll cost you as well." -
Facebook Said To Resume Talks With Skype
An anonymous reader writes "You may soon be able to start a Skype video call with your friends on Facebook. The latest rumor suggests that Facebook and Skype have resumed talks about integrating the video conferencing technology on the social network. The two companies first talked about a potential partnership in September 2010, but they could not reach an agreement. When Skype 5.0 was released in October 2010, the new version offered voice calling between Facebook friends, but it did not include a video chatting feature." -
HBGary Hack In Depth
Udo Schmitz writes "Heise's UK site has the English translation of an article from the latest issue of their magazine c't about Anonymous's HBGary hack. It shows that there was much more involved than just social engineering to get passwords, and how anonymous evolved following OpTunisia and OpEgypt." -
Internet Traffic In Libya Goes Dark Amid Upheaval
We've been keeping an eye on the Libyan internet censorship surrounding the revolution going on there, the latest word is that now their Internet is completely shut down as of a few hours ago. They also point out that this isn't quite as significant as in Egypt, where many people have net access. In Libya just 6% of the population have any internet access at all. -
Intel SSD 510 Series 6Gbps SATA Drives Tested
MojoKid writes "Intel recently announced its 510 series Solid State Drive products. The new 510 series SSDs build upon Intel's successful X-25M series of drives by offering native support for SATA 6Gbs interface speeds, with maximum reads in the 500MB/s range and write speeds of approximately 315MB/s — huge improvements over the previous generation. The numbers are in and the new Marvell-infused Intel SSD offers impressive performance rivaling other 6Gbps SATA SSDs on the market but not as fast as the recently announced SandForce 2500-based SSDs like the OCZ Vertex 3." -
Aussie Brewery Creates Space Beer
astroengine writes "An Australian brewing company has created the world's first beer that can be consumed in space. 4-Pines Brewing Company teamed up with Saber Astronautics Australia, tirelessly testing different brews on zero-G flights last year. They have now finalized the winning formula, calling the beer 'Vostok' — after the spacecraft flown by Yuri Gagarin in 1961. The beverage is a strong-tasting stout with reduced carbonation to avoid the dreaded microgravity 'wet burp.'" -
Student Sues FBI For Planting GPS Tracker
GabriellaKat submits this snippet from Yahoo! news, writing "'Yasir Afifi, 20, says a mechanic doing an oil change on his car in October discovered the device stuck with magnets between his right rear wheel and exhaust. They weren't sure what it was, but Afifi had the mechanic remove it and a friend posted photos of it online to see whether anyone could identify it. Two days later, Afifi says, agents wearing bullet-proof vests pulled him over as he drove away from his apartment in San Jose, Calif., and demanded their property back.' Now he has decided to sue the FBI. This story was also covered last year when he found the tracking device." -
Hands On With Apple IPad 2
adeelarshad82 writes "Yesterday's announcement of the second-generation iPad showed exactly why there was so much excitment around the device. As the video hands on shows, iPad 2 makes up for all the things lacking in the original iPad. The 1GHz dual-core A5 chip does justice to apps like Photo Booth and over all user experience. Moreover, while the screen carries the same resolution, Apple was able to pack it in a noticably thinner iPad 2. Infact its dimensions, 13.4 mm to 8.8mm thick, make it 33% thinner than iPhone 4. Also while the cameras aren't HD, the inclusion itself provides an opportuntiy for Facetime, which is actually more interactive than what we've seen so far on other Apple devices." -
Book Review: Arduino: a Quick-Start Guide
Muad writes "Maik Schmidt is our guide in the Pragmatic Bookshelf's venture into the world of electronics. This is a compact work, like all others in the series, it goes straight to applicable examples and makes you get your hands dirty with real work. The Arduino platform has been described in many ways, but the best I have heard so far insightfully labels it 'The 555 of the future,' referring to the ubiquitous timer chip so many simple electronic projects make use of. If you haven't been hiding under a rock for the past few years, you have doubtlessly seen the plethora of material on the subject that's out there: even O'Reilly, which usually does not ship multiple titles on a single subject, has a variety of them. Most of these works are rather similar, the ones I prefer are Massimo Banzi's Getting Started with Arduino (O'Reilly, 2008), by one of the original developers of the platform, and the strongly related Getting started with Processing by Casey Reas and Ben Fry. These are brief books in the 100-page range, not exhaustive works, but covering the core philosophy and basic operation of the tools is sometimes the best way to jump into a new subject. Read below the rest of Federico's review Arduino: A Quick-Start Guide author Maik Schmidt pages Pragmatic Bookshelf publisher 263 rating Federico Lucifredi reviewer 9781934356661 ISBN With this Quick-Start Guide you'll be creating your first gadgets within a few minutes summary 8/10 There is a lot of material on the subject, even the current issue of Make magazine has a very good roundup (and not for the first time, if I may add). So, how does Maik's work stand out in the fray? Right after a brief introduction to ease you into the Arduino environment, the book turns to interesting projects, more sophisticated than the usual fare (read: not the usual LED-blinking using pulse-width modulation that every tutorial out there walks you through). Examples of this include connecting with a Wii Nunchuk, motion sensing, networking, infrared remote control interfaces, and more. These projects are the high-note of the book, and span almost two-thirds of its length — and are significantly better than most other project material currently in print.
This is a hands-on book, theory is kept to a minimum, as you don't really need previous experience to tackle an Arduino: the platform was specifically designed to cater to artists and designers, it is meant to be approachable by users who are not EE wizards. That said, if what you are after is learning the underpinnings of low-level electronics or hardcore embedded systems programming, this book is not for you: pick up a copy of Horowitz and Hill's The Art of Electronics (possibly including the student manual), and check back with us in a year or so for the digital followup recommendation. But if you have less time on your hands, and you just want to network-enable a coffeepot or build some interactive art display, the introduction to Arduino Maik delivers is quite sufficient for your aims, and it spans material other authors have been remiss to include, like developing libraries and (Appendix C) use of serial line protocols.
Zooming in on the details, perhaps the comment can be made that it would be good if there was a single kit available including all components used in the text: perhaps Makershed or Adafruit Industries will supplement their existing kits with one comprising the full range of the author's selection. On the plus side, I must highlight the extensive illustrations, which visually represent the breadboard linkage between the Arduino and the sensor or actuator being used with extreme clarity, and are much more effective in teaching neophytes than more traditional circuit designs. Where these are not actual pictures, they were generated using the alpha release of Fritzing, a very interesting piece of software (see fritzing.org) aiming at facilitating circuit design for those of us without a background in electronics.
The landscape of Arduino publications is shifting faster than many other subjects in print, and doubtlessly Maik's status as "king of the Hill" is but temporary — however, among those books on the subject I have personally surveyed, I am pleased to say that he currently holds the championship cup.
Federico Lucifredi is the maintainer of man (1) and a Product Manager for the SUSE Linux Enterprise and openSUSE distributions.
You can purchase Arduino: A Quick-Start Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Arduino: a Quick-Start Guide
Muad writes "Maik Schmidt is our guide in the Pragmatic Bookshelf's venture into the world of electronics. This is a compact work, like all others in the series, it goes straight to applicable examples and makes you get your hands dirty with real work. The Arduino platform has been described in many ways, but the best I have heard so far insightfully labels it 'The 555 of the future,' referring to the ubiquitous timer chip so many simple electronic projects make use of. If you haven't been hiding under a rock for the past few years, you have doubtlessly seen the plethora of material on the subject that's out there: even O'Reilly, which usually does not ship multiple titles on a single subject, has a variety of them. Most of these works are rather similar, the ones I prefer are Massimo Banzi's Getting Started with Arduino (O'Reilly, 2008), by one of the original developers of the platform, and the strongly related Getting started with Processing by Casey Reas and Ben Fry. These are brief books in the 100-page range, not exhaustive works, but covering the core philosophy and basic operation of the tools is sometimes the best way to jump into a new subject. Read below the rest of Federico's review Arduino: A Quick-Start Guide author Maik Schmidt pages Pragmatic Bookshelf publisher 263 rating Federico Lucifredi reviewer 9781934356661 ISBN With this Quick-Start Guide you'll be creating your first gadgets within a few minutes summary 8/10 There is a lot of material on the subject, even the current issue of Make magazine has a very good roundup (and not for the first time, if I may add). So, how does Maik's work stand out in the fray? Right after a brief introduction to ease you into the Arduino environment, the book turns to interesting projects, more sophisticated than the usual fare (read: not the usual LED-blinking using pulse-width modulation that every tutorial out there walks you through). Examples of this include connecting with a Wii Nunchuk, motion sensing, networking, infrared remote control interfaces, and more. These projects are the high-note of the book, and span almost two-thirds of its length — and are significantly better than most other project material currently in print.
This is a hands-on book, theory is kept to a minimum, as you don't really need previous experience to tackle an Arduino: the platform was specifically designed to cater to artists and designers, it is meant to be approachable by users who are not EE wizards. That said, if what you are after is learning the underpinnings of low-level electronics or hardcore embedded systems programming, this book is not for you: pick up a copy of Horowitz and Hill's The Art of Electronics (possibly including the student manual), and check back with us in a year or so for the digital followup recommendation. But if you have less time on your hands, and you just want to network-enable a coffeepot or build some interactive art display, the introduction to Arduino Maik delivers is quite sufficient for your aims, and it spans material other authors have been remiss to include, like developing libraries and (Appendix C) use of serial line protocols.
Zooming in on the details, perhaps the comment can be made that it would be good if there was a single kit available including all components used in the text: perhaps Makershed or Adafruit Industries will supplement their existing kits with one comprising the full range of the author's selection. On the plus side, I must highlight the extensive illustrations, which visually represent the breadboard linkage between the Arduino and the sensor or actuator being used with extreme clarity, and are much more effective in teaching neophytes than more traditional circuit designs. Where these are not actual pictures, they were generated using the alpha release of Fritzing, a very interesting piece of software (see fritzing.org) aiming at facilitating circuit design for those of us without a background in electronics.
The landscape of Arduino publications is shifting faster than many other subjects in print, and doubtlessly Maik's status as "king of the Hill" is but temporary — however, among those books on the subject I have personally surveyed, I am pleased to say that he currently holds the championship cup.
Federico Lucifredi is the maintainer of man (1) and a Product Manager for the SUSE Linux Enterprise and openSUSE distributions.
You can purchase Arduino: A Quick-Start Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
The Decline and Fall of System Administration
snydeq writes "Deep End's Paul Venezia questions whether server virtualization technologies are contributing to the decline of real server administration skills, as more and more sysadmins argue in favor of re-imaging as a solution to Unix server woes. 'This has always been the (many times undeserved) joke about clueless Windows admins: They have a small arsenal of possible fixes, and once they've exhausted the supply, they punt and rebuild the server from scratch rather than dig deeper. On the Unix side of the house, that concept has been met with derision since the dawn of time, but as Linux has moved into the mainstream — and the number of marginal Linux admins has grown — those ideas are suddenly somehow rational.'" -
If App Store's Trademark Is Generic, So Is Windows'
Toe, The writes "In response to Microsoft's attempt to dismiss Apple's 'App Store' trademark application, Apple references Microsoft's claim to the Windows trademark. 'Having itself faced a decades-long genericness challenge to its claimed WINDOWS mark, Microsoft should be well aware that the focus in evaluating genericness is on the mark as a whole and requires a fact-intensive assessment of the primary significance of the term to a substantial majority of the relevant public.'" -
WB To Appeal Australia's Effective Ban on Mortal Kombat
dotarray writes "Warner Bros. Interactive Entertainment have confirmed that they are appealing the Australian Classification Board's decision to effectively ban the reboot of Mortal Kombat in that country. The publisher has also confirmed that there is no intention to censor or modify the game – because then it 'wouldn't be Mortal Kombat.'" -
Sony PlayStation 3 Imports Temporarily Banned In Europe
tekgoblin writes "Looks like Sony is in some trouble in Europe. LG recently complained about Sony and filed a US patent dispute over their Blu-ray technology. Now they have been granted a preliminary injunction in the matter in Europe. This injunction prevents the PlayStation 3 from currently being imported to Europe. For at least the next 10 days, every PlayStation that is imported will be seized by government officials." -
Scientists, Not Just Tourists, Are Getting Tickets to Ride Into Suborbital Space
"Science, perhaps even more than tourism (free reg. may be required to read), could turn out to be big business for Virgin Galactic and other companies that are aiming to provide short rides above the 62-mile altitude that marks the official entry into outer space, eventually on a daily basis." Virgin is looking at ticket prices in the $200,000 range, which is peanuts compared to the millions some scientific space expeditions can cost, even for brief experiments. And if you don't even have *that* much in your research budget, John Carmack has been touting $105,000 space flights for nearly a year now, and Xcor Aerospace has been taking $95,000 space ride reservations since 2008. It looks like the biggest customer for short space flights for scientific experiments so far is the Southwest Research Institute, but many others are lining up, especially since, the article quotes one scientist as saying, “It’s almost impossible to get research on the space station at the moment." Of course, none of these commercial space ventures has actually carried any paying passengers into space yet, but it's only a matter of time before some of them do. -
Book Review: Inkscape 0.48 Essentials for Web Designers
JR0cket writes"Inkscape is an open source 2D drawing tool that helps you create graphic designs, from simple buttons and logos to full blown posters and web page designs. Inkscape is similar to Adobe Illustrator or CorelDraw and gives you a vector based graphics tool that uses the W3C Scalable Vector Graphics (SVG) format. Inkscape is easy to use, although learning the tricks that make designing a web site look great are more involved. The Inkscape 0.48 Essentials for Web designers is specifically focused on helping you to create your first web site designs and does a great job of getting you started. Most if not all the techniques covered are relevant to creating other graphic works too, so its useful as a general Inkscape tutorial." Read on for the rest of John's review. Inkscape 0.48 Essentials For Web Designers author Bethany Hiitola pages 316 publisher Packt Publishing rating 9 reviewer John Stevenson ISBN 978-1-84951-268-8 summary A tutorial to start web site design using Inkscape I should say up front that If you are a web designer by trade you will know all the design aspects covered in the book, although the book will help you apply that knowledge in the latest version of Inkscape (version .048).
For those wanting to get into graphic design or start creating their own works, the book is quite a useful starting point to learn about a few important design concerns. Also, if you are a developer who works with graphic designers, you will find interest in understanding how graphic designs are created. No technical skills are really required except the basics of using desktop software with a modern graphical user interface. With no prior design knowledge, I was able to use Inkscape to do some basic posters, using the book has helped me do more involved designs and uses the more advanced features of Inkscape.
Inkscape is open source software and is licensed under GNU General Public License (GPL) and there are many examples of works create with Inkscape under the creative commons licenses — eg SpreadUbuntu.org
While the focus on the book is Inkscape for web design, all the techniques are useful if you want to create advertising posters, desktop wallpapers, company logos, single page comics, etc. The only limitation to using Inkscape, apart from your creativity and imagination, is that it only does a single page graphic in each inkscape window, but each graphic can be saved as individual images and made into a document using Scribus or OpenOffice / LibreOffice as Inkscape can save your designs using standard image formats (png, jpeg, svg, etc.)
The book content is nice and clean, with content on pages nicely spaced out making the book really easy to read and follow, so no need to be daunted by the 316 page count.
As the book progresses it assumes you have read earlier chapters so does not repeat exact details, for example the exact steps to create drop shadows is shown only once, keeping the book nice and to the point. You will therefore get the most out of the book by following along with the exercises in Inkscape.
So the book covers simple design techniques useful for any graphic design, along with lots of good ideas on how to design and enhancing your website, from site layouts, templates to animations.
An important starting point in the book is the overview of vector graphics and how they differ from raster graphics (eg. vector graphics scale uniformly and you don't get blur when scaling images). This concisely sets the scene as to why vector graphics are better for web design — flexibility, quality and small file sizes.
The Inkscape install guidance is nothing more than download and install but this is probably all you need. There are a few hints for Mac Users to help them out. There are packages available for Ubuntu and Debian based distributions in their respective distribution repositories. A Microsoft Windows installer is also available from the downloads section of the Inkscape website
The tour of the Inkscape user interface is very detailed with a good indication of what you can do with all the controls that make up Inkscape. There are just about enough drawings provided as examples, although I would have liked a few more images to make the tour a little clearer. I recommend you read the Inkscape tour in dual page view if you are reading the ebook (pdf) version.
The design concepts in the book start with web site layouts in chapter 2, steadily building each of the design aspects onto the site layout (images, text, patterns, icons, buttons and logos, site maps). The book covers four basic design principles of Proximity, Alignment, Repetition, Contrast and suggests reading The Non-Designer's Design Book: Design and Typographic Principles for the Visual Novice by Robin Williams for more detailed study.
You are walked through step by step construction of a basic web page design — including header, footer, sidebar, content, navigation. Using guides, grids and aligning techniques to manage your web page layout. Pulling all the design work together to create a store-front for a website. Its pretty hard to go wrong following these steps. The book use the same web design jargon you get in industry and any jargon used is explained well enough.
When you have created your web page design, you are shown how to slice up that design and export it as a series of image files (png) for use in the HTML code of the actual web page. This is the same basic process as used in industry.
Throughout the book there are specific chapters on working with images, styling text, creating logos and buttons, using patterns for background images and more details on creating flow diagrams such as for creating web site maps.
Each chapter again builds on the previous information to give you an easy to follow guide and provides examples of why the design techniques covered here are important along with approaches to create the most suitable designs for your clients.
There is nice coverage of how to use Inkscape and GIMP in collaboration to create your own animations for your website. The animations are relatively simple but effective, scrolling text and a sailing boat on the sea, showing you the technique in more than enough detail for any website design using animated GIF images.
Getting a little more technical at the end of the book, though still easy to follow, it covers the XML structures that Inkscape uses to hold your graphic designs. These XML structures let you tweak your designs using Inkscapes XML editor. There is also a reference section on the various plugins available for Inkscape, mentioning specifically Agave for color palette management and Export to PDF CMYK for color separation for the CMYK standard. There is also a section on how to create your own custom page templates.
I would have liked to see more information about filters that you can apply to your designs. There are a nice range of filters you can use in Inkscape and some are simple enough to use, but there are some that give great effects but have quite a few options you can tweek. There is plenty of scope for doing a whole chapter on using filters that would make the book more complete.
Inkscape 0.48 essentials for Web Designers is a great book to get started with Inkscape, especially if you are designing your own site. For example, If you have installed wordpress and want to create some custom themes, then this book would be very helpful to make your site stand out from the crowd.
There is an Inkscape Illustrators Cookbook by Packt Publishing out in April 2011 that seems more general compared to web developers book but as mentioned before, all the concepts presented in the web developers book are relevant for creating other graphic designs.
The book never attempts to teach you all about design, that would require a much larger book. There is enough design information in here to get you started on a good path and give you a good steer in the right direction. The coverage of Inkscape is very detailed and will help you get the most out of the tool, whether you are using it for web development or other graphical design activities.
This book makes a nice addition to the online resources available for Inkscape and with its tutorial style is a good contrast to other Inkscape books available which may contain more reference material but are more general in nature.
John coaches Lean Agile practices, organizes London technical communities and is an OSS advocate (since running Debian in 1995). @JR0cket
You can purchase Inkscape 0.48 Essentials for Web Designers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Inkscape 0.48 Essentials for Web Designers
JR0cket writes"Inkscape is an open source 2D drawing tool that helps you create graphic designs, from simple buttons and logos to full blown posters and web page designs. Inkscape is similar to Adobe Illustrator or CorelDraw and gives you a vector based graphics tool that uses the W3C Scalable Vector Graphics (SVG) format. Inkscape is easy to use, although learning the tricks that make designing a web site look great are more involved. The Inkscape 0.48 Essentials for Web designers is specifically focused on helping you to create your first web site designs and does a great job of getting you started. Most if not all the techniques covered are relevant to creating other graphic works too, so its useful as a general Inkscape tutorial." Read on for the rest of John's review. Inkscape 0.48 Essentials For Web Designers author Bethany Hiitola pages 316 publisher Packt Publishing rating 9 reviewer John Stevenson ISBN 978-1-84951-268-8 summary A tutorial to start web site design using Inkscape I should say up front that If you are a web designer by trade you will know all the design aspects covered in the book, although the book will help you apply that knowledge in the latest version of Inkscape (version .048).
For those wanting to get into graphic design or start creating their own works, the book is quite a useful starting point to learn about a few important design concerns. Also, if you are a developer who works with graphic designers, you will find interest in understanding how graphic designs are created. No technical skills are really required except the basics of using desktop software with a modern graphical user interface. With no prior design knowledge, I was able to use Inkscape to do some basic posters, using the book has helped me do more involved designs and uses the more advanced features of Inkscape.
Inkscape is open source software and is licensed under GNU General Public License (GPL) and there are many examples of works create with Inkscape under the creative commons licenses — eg SpreadUbuntu.org
While the focus on the book is Inkscape for web design, all the techniques are useful if you want to create advertising posters, desktop wallpapers, company logos, single page comics, etc. The only limitation to using Inkscape, apart from your creativity and imagination, is that it only does a single page graphic in each inkscape window, but each graphic can be saved as individual images and made into a document using Scribus or OpenOffice / LibreOffice as Inkscape can save your designs using standard image formats (png, jpeg, svg, etc.)
The book content is nice and clean, with content on pages nicely spaced out making the book really easy to read and follow, so no need to be daunted by the 316 page count.
As the book progresses it assumes you have read earlier chapters so does not repeat exact details, for example the exact steps to create drop shadows is shown only once, keeping the book nice and to the point. You will therefore get the most out of the book by following along with the exercises in Inkscape.
So the book covers simple design techniques useful for any graphic design, along with lots of good ideas on how to design and enhancing your website, from site layouts, templates to animations.
An important starting point in the book is the overview of vector graphics and how they differ from raster graphics (eg. vector graphics scale uniformly and you don't get blur when scaling images). This concisely sets the scene as to why vector graphics are better for web design — flexibility, quality and small file sizes.
The Inkscape install guidance is nothing more than download and install but this is probably all you need. There are a few hints for Mac Users to help them out. There are packages available for Ubuntu and Debian based distributions in their respective distribution repositories. A Microsoft Windows installer is also available from the downloads section of the Inkscape website
The tour of the Inkscape user interface is very detailed with a good indication of what you can do with all the controls that make up Inkscape. There are just about enough drawings provided as examples, although I would have liked a few more images to make the tour a little clearer. I recommend you read the Inkscape tour in dual page view if you are reading the ebook (pdf) version.
The design concepts in the book start with web site layouts in chapter 2, steadily building each of the design aspects onto the site layout (images, text, patterns, icons, buttons and logos, site maps). The book covers four basic design principles of Proximity, Alignment, Repetition, Contrast and suggests reading The Non-Designer's Design Book: Design and Typographic Principles for the Visual Novice by Robin Williams for more detailed study.
You are walked through step by step construction of a basic web page design — including header, footer, sidebar, content, navigation. Using guides, grids and aligning techniques to manage your web page layout. Pulling all the design work together to create a store-front for a website. Its pretty hard to go wrong following these steps. The book use the same web design jargon you get in industry and any jargon used is explained well enough.
When you have created your web page design, you are shown how to slice up that design and export it as a series of image files (png) for use in the HTML code of the actual web page. This is the same basic process as used in industry.
Throughout the book there are specific chapters on working with images, styling text, creating logos and buttons, using patterns for background images and more details on creating flow diagrams such as for creating web site maps.
Each chapter again builds on the previous information to give you an easy to follow guide and provides examples of why the design techniques covered here are important along with approaches to create the most suitable designs for your clients.
There is nice coverage of how to use Inkscape and GIMP in collaboration to create your own animations for your website. The animations are relatively simple but effective, scrolling text and a sailing boat on the sea, showing you the technique in more than enough detail for any website design using animated GIF images.
Getting a little more technical at the end of the book, though still easy to follow, it covers the XML structures that Inkscape uses to hold your graphic designs. These XML structures let you tweak your designs using Inkscapes XML editor. There is also a reference section on the various plugins available for Inkscape, mentioning specifically Agave for color palette management and Export to PDF CMYK for color separation for the CMYK standard. There is also a section on how to create your own custom page templates.
I would have liked to see more information about filters that you can apply to your designs. There are a nice range of filters you can use in Inkscape and some are simple enough to use, but there are some that give great effects but have quite a few options you can tweek. There is plenty of scope for doing a whole chapter on using filters that would make the book more complete.
Inkscape 0.48 essentials for Web Designers is a great book to get started with Inkscape, especially if you are designing your own site. For example, If you have installed wordpress and want to create some custom themes, then this book would be very helpful to make your site stand out from the crowd.
There is an Inkscape Illustrators Cookbook by Packt Publishing out in April 2011 that seems more general compared to web developers book but as mentioned before, all the concepts presented in the web developers book are relevant for creating other graphic designs.
The book never attempts to teach you all about design, that would require a much larger book. There is enough design information in here to get you started on a good path and give you a good steer in the right direction. The coverage of Inkscape is very detailed and will help you get the most out of the tool, whether you are using it for web development or other graphical design activities.
This book makes a nice addition to the online resources available for Inkscape and with its tutorial style is a good contrast to other Inkscape books available which may contain more reference material but are more general in nature.
John coaches Lean Agile practices, organizes London technical communities and is an OSS advocate (since running Debian in 1995). @JR0cket
You can purchase Inkscape 0.48 Essentials for Web Designers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Firefox 4 the Last Big Release From Mozilla
nk497 writes "Firefox 4 will be the last major browser release from Mozilla, as it looks to mimic Chrome's speedy release schedule — echoing previous statements that Firefox 7 would arrive this year. "What we want to do is get the power into users' hands more quickly," said vice president of products Jay Sullivan. "For example, the video tag was shippable in June — we should have shipped it." That new schedule is also why Firefox 4 has had 12 betas, he said. Mozilla also said future versions of Firefox would feature a stronger "do not follow tool", as the current one is a "non-technical solution"," Sullivan said. "All you're doing is raising your hand and saying 'I don't want to be tracked.' There's no technical teeth."" -
Tolkien Estate Censors the Word "Tolkien"
An anonymous reader writes "Following their recent attempt to censor a work of historical fiction containing Tolkien as a character, the estate have now issued a takedown notice to someone making buttons with the words 'While you were reading Tolkien, I was watching Evangelion' on them, claiming 'intellectual property right infringement.' Predictably, a new store has appeared offering a range of censored Tolkien items, and the 'offending' product has had vastly increased exposure as a direct result of the removal." -
Apple Asks Security Experts To Examine OS X Lion
An anonymous reader writes "For as much as Mac OS X has a reputation for being safer than Windows, security researchers won't hesitate to point out that the opposite is, in fact, true. But Apple's looking to change that. This past Thursday, Apple doled out a beta of OS X Lion to developers. In conjunction with that, Apple is also reaching out to noted security experts and offering them free previews of OS X 10.7 so that they can take a look at Apple's new security measures and reach back to Apple with any thoughts and concerns they might have. Indeed, Apple is becoming a lot more security conscious these days, not only in terms of reaching out to security researchers but also in its personnel hires." -
Boxee Box Matures; Another Look At the Platform
MojoKid writes "Though D-Link actually started shipping the Boxee Box media player back in Q4 of last year, it was obvious that it needed a bit more polish to offer a reasonably satisfying experience. Since that time, Boxee has released a number of firmware and platform updates that enhance the device and bring new services, like full 1080p movie content from Vudu and what could be considered critical mass in mainstream movie rentals, Netflix. The Boxee Box has had time to mature and this full walk-through of the system shows it's actually an interesting alternative to competitive products in this class of device, like Apple TV, Google TV and Roku. There's still lots of work to be done in fleshing out services and content but the Boxee platform has a bit more polish behind it now." -
Activists Seek Repeal of Ban On Incandescent Bulbs
Hugh Pickens writes writes "Daniel Sayani reports in New American that Senator Mike Enzi plans to introduce legislation to reverse the ban on incandescent light bulbs which is scheduled to go into effect January 1, 2014. 'CFLs are more expensive, many contain mercury which can be harmful even in the smallest amounts, and most are manufactured overseas in places like China,' says Enzi. 'If left alone, the best bulb will win its rightful standing in the marketplace. Government doesn't need to be in the business of telling people what light bulb they have to use.' Faced with a phaseout, some consumers are stockpiling incandescent bulbs, although a poll by USA Today indicates most Americans support the US law that begins phasing out traditional light bulbs next year. Despite some consumer grumbling, they're satisfied with more efficient alternatives. 71% of US adults say they have replaced standard light bulbs in their home over the past few years with compact fluorescent lamps or LEDs and 84% say they are 'very satisfied' or 'satisfied' with CFLs and LEDs." -
PayPal Reinstates Fund For WikiLeaker Manning
itwbennett writes "PayPal has lifted a temporary restriction placed on the account of Courage to Resist, a group raising funds to support the legal defense of US Army Pfc. Bradley Manning, who was arrested for allegedly downloading classified information and providing it to WikiLeaks. As you may recall, PayPal was embroiled in controversy late last year when it shuttered an account for WikiLeaks amid the controversy over the expose of US State Department documents. PayPal communications director Anuj Nayar said in a blog posting that the decision 'had nothing to do with WikiLeaks.'" -
PayPal Reinstates Fund For WikiLeaker Manning
itwbennett writes "PayPal has lifted a temporary restriction placed on the account of Courage to Resist, a group raising funds to support the legal defense of US Army Pfc. Bradley Manning, who was arrested for allegedly downloading classified information and providing it to WikiLeaks. As you may recall, PayPal was embroiled in controversy late last year when it shuttered an account for WikiLeaks amid the controversy over the expose of US State Department documents. PayPal communications director Anuj Nayar said in a blog posting that the decision 'had nothing to do with WikiLeaks.'" -
Google's Fight Against 'Low-Quality' Sites Continues
nj_peeps writes "A couple weeks ago, JC Penney made the news for plummeting in Google rankings for everything from 'area rugs' to 'grommet top curtains.' Turns out the retail site had a number of suspicious links pointing at it that could be traced back to a link network intended to manipulate Google's ranking algorithms. Now, Overstock.com has lost rankings for another type of link that Google finds to be manipulation of their algorithms. This situation has led Google to implement a significant change to their search algorithms, affecting almost 12% of queries in an effort to cull content farms and other webspam. And in the midst of all of this, a company with substantial publicity lately for running a paid link network announces they are getting out of the link business entirely." -
King's Quest III Remake Released
Beetle B. writes "Not being content with remaking Sierra's King's Quest I, King's Quest II and Quest for Glory II, the Anonymous Game Developers Interactive have released a remake of King's Quest III. Sure, the graphics may not appeal to the young'uns out there, but it's the gameplay that matters, right? Last year, after several legal battles, another game in the King's Quest series made by fans was released (with more episodes to come). And did I mention that they're all free? What other remakes of old adventure games are floating around out there?" -
King's Quest III Remake Released
Beetle B. writes "Not being content with remaking Sierra's King's Quest I, King's Quest II and Quest for Glory II, the Anonymous Game Developers Interactive have released a remake of King's Quest III. Sure, the graphics may not appeal to the young'uns out there, but it's the gameplay that matters, right? Last year, after several legal battles, another game in the King's Quest series made by fans was released (with more episodes to come). And did I mention that they're all free? What other remakes of old adventure games are floating around out there?" -
Feds Help You Find Your Fastest Internet Service
jfruhlinger writes "Slashdot previously covered the National Broadband Map, designed by the US Federal government to illustrate where the 'digital divide' between those with access to high-speed Internet and those who go without. But, as blogger Ryan Faas points out, you can use it for a much more individualistic purpose: to find your fastest local wired or wireless ISP. Just plug in your name and address and you'll soon see what your options are." -
Book Review: Security Information and Event Management Implementation
brothke writes "With many different types of log and audit data, Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details; and there are plenty of details in deploying a SIEM on corporate networks. Security Information and Event Management Implementation provides a solid introduction, overview and analysis of what a SIEM (also known as SIM, SEM, SEIM and others) is, and what needs to go into it for an effective deployment and operation." Read below for the rest of Ben's review. Security Information and Event Management Implementation author David Miller pages 464 publisher McGraw-Hill Osborne Media rating 8/10 reviewer Ben Rothke ISBN 0071701095 summary Provides an excellent overview of the topic and will be of value to those reading looking for answer around SIEM As a technology, SIEM provides real-time monitoring and historical reporting of information security events from networks, servers, systems, applications and more. Many firms have deployed SIEM as a method to address regulatory compliance reporting requirements, in addition to using it as a mechanism in which to build a robust information security operation, integrating the SIEM into their security management and incident response areas.
With that, the good news is that the SIEM market is now at a mature state, with numerous vendors competing off each other. Combined with the level of SIEM adoption, it's ready for prime time. But ensuring it works in prime time is heavily dependent upon the requirements definitions and planning.
The books 15 chapters are organized in three parts: Introduction to SIEM: Threat Intelligence for IT Systems, IT Threat Intelligence Using SIEM Systems and SIEM Tools. Part 3 (chapters 8-15) provides the bulk of the reading.
Part 1 provides a high-level overview of the topic and covers information security fundamentals. Chapter 2 details the various threats that the SIEM will be used to defend against. While chapter 3 gets into regulatory compliance, which is a key driver for many SIEM rollouts.
Part 2 details four SIEM vendors. The products the authors selected to showcase are: OSSIM, ArcSight ESM, Cisco Mars and Ounce Labs QRadar. While it is debatable if OSSIM is a SIEM, I am not sure why the authors did not include the netForensics product. This is especially true since the nFX SIM One software is one of the better tools which works on large deployments in which customization is needed.
A mistake many firms makes when considering a SIEM is spending too much time selecting a specific SIEM vendor and not enough time defining their specific security requirements for the SIEM product. The book does a good job of communicating the important of effective requirements definition. An important notion around requirements definition is that it must not involve just IT and security groups alone. Other groups including audit, regulatory, legal, administration, applications and more must be involved.
The book provides examples of real-world advice. A good point made in chapter 11 is the need to realize that a SIEM takes time to develop and is an out of the box solution. The authors note that one should not expect full inventory activity and actionable information immediately. It often may take a few weeks for that information to be normalized into data that is actionable.
Part 3 goes into the various products. In chapter 12, while about QRadar, lists 10 highly detailed questions that must be answered irregardless of what SIEM vendor will be used. These 10 questions (for a formal SIEM definition, there are a good 30 or more that can be asked) require a firm to truly understand their infrastructure and environment, before they deploy a SIEM. The authors note that these questions are meant to facilitate a firm doing their homework around the SIEM. Detailed answers to these questions should not be underestimated, as failure to do them in advance can lead to a SIEM deployment that will ultimately fail.
For many readers, the screen print of a QRadar system settings console on page 278 may be enough to scare them away from a SIEM. This screen, of which there are many in QRadar, list over 50 settings that must be configured in order to effectively use the software. While many of the default settings can be used; firms should know exactly what their settings should be if they want to get the most out of SIEM solution.
In many books, the appendix is often public information which is simply added as filler to increase the page count. The appendix The Ways and Means of the Security Analyst is superb. It details the human element of the SIEM, the security analyst, which is often what will make or break the SIEM. The analyst is the one who will use the SIEM and attempt to make sense of it. A SIEM deployment without good analysts is ultimately useless.
It should be noted that even though the book has the term implementation in the title, it is not really a full implementation reference. It should be viewed as a comprehensive introduction to SIEM. The reason is that when one digs into the deeper layers of a SIEM deployment, there are significant complexities that must be dealt with. Anyone who attempts to deploy SIEM based on this guide alone will likely be disappointed. This is not a fault of the book; rather a reality of the complexity of a SIEM, and the amount of pages it requires to be written.
While the book does have implementation guidelines around the insulation and configuration of 4 SIEM products, the real challenge in a SIEM is the post-installation configuration issues, and not simply the installation. Perhaps the authors will take this as a challenge to create a second volume of this book detailing those issues.
With that, the book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy. Don't think about a SIEM without it.
You can purchase Security Information and Event Management Implementation from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Security Information and Event Management Implementation
brothke writes "With many different types of log and audit data, Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details; and there are plenty of details in deploying a SIEM on corporate networks. Security Information and Event Management Implementation provides a solid introduction, overview and analysis of what a SIEM (also known as SIM, SEM, SEIM and others) is, and what needs to go into it for an effective deployment and operation." Read below for the rest of Ben's review. Security Information and Event Management Implementation author David Miller pages 464 publisher McGraw-Hill Osborne Media rating 8/10 reviewer Ben Rothke ISBN 0071701095 summary Provides an excellent overview of the topic and will be of value to those reading looking for answer around SIEM As a technology, SIEM provides real-time monitoring and historical reporting of information security events from networks, servers, systems, applications and more. Many firms have deployed SIEM as a method to address regulatory compliance reporting requirements, in addition to using it as a mechanism in which to build a robust information security operation, integrating the SIEM into their security management and incident response areas.
With that, the good news is that the SIEM market is now at a mature state, with numerous vendors competing off each other. Combined with the level of SIEM adoption, it's ready for prime time. But ensuring it works in prime time is heavily dependent upon the requirements definitions and planning.
The books 15 chapters are organized in three parts: Introduction to SIEM: Threat Intelligence for IT Systems, IT Threat Intelligence Using SIEM Systems and SIEM Tools. Part 3 (chapters 8-15) provides the bulk of the reading.
Part 1 provides a high-level overview of the topic and covers information security fundamentals. Chapter 2 details the various threats that the SIEM will be used to defend against. While chapter 3 gets into regulatory compliance, which is a key driver for many SIEM rollouts.
Part 2 details four SIEM vendors. The products the authors selected to showcase are: OSSIM, ArcSight ESM, Cisco Mars and Ounce Labs QRadar. While it is debatable if OSSIM is a SIEM, I am not sure why the authors did not include the netForensics product. This is especially true since the nFX SIM One software is one of the better tools which works on large deployments in which customization is needed.
A mistake many firms makes when considering a SIEM is spending too much time selecting a specific SIEM vendor and not enough time defining their specific security requirements for the SIEM product. The book does a good job of communicating the important of effective requirements definition. An important notion around requirements definition is that it must not involve just IT and security groups alone. Other groups including audit, regulatory, legal, administration, applications and more must be involved.
The book provides examples of real-world advice. A good point made in chapter 11 is the need to realize that a SIEM takes time to develop and is an out of the box solution. The authors note that one should not expect full inventory activity and actionable information immediately. It often may take a few weeks for that information to be normalized into data that is actionable.
Part 3 goes into the various products. In chapter 12, while about QRadar, lists 10 highly detailed questions that must be answered irregardless of what SIEM vendor will be used. These 10 questions (for a formal SIEM definition, there are a good 30 or more that can be asked) require a firm to truly understand their infrastructure and environment, before they deploy a SIEM. The authors note that these questions are meant to facilitate a firm doing their homework around the SIEM. Detailed answers to these questions should not be underestimated, as failure to do them in advance can lead to a SIEM deployment that will ultimately fail.
For many readers, the screen print of a QRadar system settings console on page 278 may be enough to scare them away from a SIEM. This screen, of which there are many in QRadar, list over 50 settings that must be configured in order to effectively use the software. While many of the default settings can be used; firms should know exactly what their settings should be if they want to get the most out of SIEM solution.
In many books, the appendix is often public information which is simply added as filler to increase the page count. The appendix The Ways and Means of the Security Analyst is superb. It details the human element of the SIEM, the security analyst, which is often what will make or break the SIEM. The analyst is the one who will use the SIEM and attempt to make sense of it. A SIEM deployment without good analysts is ultimately useless.
It should be noted that even though the book has the term implementation in the title, it is not really a full implementation reference. It should be viewed as a comprehensive introduction to SIEM. The reason is that when one digs into the deeper layers of a SIEM deployment, there are significant complexities that must be dealt with. Anyone who attempts to deploy SIEM based on this guide alone will likely be disappointed. This is not a fault of the book; rather a reality of the complexity of a SIEM, and the amount of pages it requires to be written.
While the book does have implementation guidelines around the insulation and configuration of 4 SIEM products, the real challenge in a SIEM is the post-installation configuration issues, and not simply the installation. Perhaps the authors will take this as a challenge to create a second volume of this book detailing those issues.
With that, the book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy. Don't think about a SIEM without it.
You can purchase Security Information and Event Management Implementation from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Employer Facebook Password Requests Suspended
Hugh Pickens writes "The Washington Post reports that Maryland's Department of Public Safety and Correctional Services has suspended a roughly year-old practice of asking prospective employees to voluntarily divulge their user names and passwords to social media Web sites such as Facebook. In a statement, the department said requests for user names and passwords had been voluntary, and had not been taken into account when evaluating job applicants. Nonetheless, 'in light of these concerns raised by the ACLU and because this is a newly emerging area in the law, the department has suspended the process of asking for social media information for 45 days to review the procedure and to make sure it is being used consistently and appropriately.'" We covered this story back when the ACLU took the case. -
Former Senator Chris Dodd Set To Head MPAA
Hugh Pickens writes writes "The Hill reports that former Democratic Senator Chris Dodd of Connecticut is set to become the new chairman of the Motion Picture Association of America, taking over the $1.2 million position and the job of coordinating the policy goals of the various member studios. Interim CEO and president Bob Pisano says the organization's unwavering focus on its top priority will remain: increasing the federal government's efforts to stop online film piracy. The MPAA is optimistic about its legislative prospects this Congress, thanks to the Combating Online Infringement and Counterfeits Act, which passed the Senate Judiciary Committee (headed by Dodd's close friend Senator Patrick Leahy) last year before stalling in the full Senate. The bipartisan bill would make it easier for the Justice Department to shut down websites that traffic pirated music, movies and counterfeit goods. While a member of the Senate, Dodd was an adamant opponent of the FISA bill that granted retroactive immunity to telecoms who engaged in warrantless wiretapping." -
Tolkien Estate Says No Historical Fiction For JRR
An anonymous reader writes "Apparently the estate of JRR Tolkien isn't just overprotective of his works, but of himself as well. The estate is in a bit of a legal spat with the author of a fictional work that includes JRR Tolkien as a character, and in part discusses his works. The estate is claiming that this infringes on Tolkien's publicity rights, but if that's the case, would it make almost all 'historical fiction' illegal?" -
Anonymous Denies Targeting Westboro Baptist Church
lenwood writes "Last week we discussed news that the hacking group Anonymous was staging an attack against Fred Phelps' Westboro Baptist Church. It turns out that this was a publicity stunt staged by WBC themselves. Anonymous issued a press release disassociating themselves from this." -
Can Android Without Dalvik Avoid Oracle's Wrath?
jfruhlinger writes "Despite the fact that Oracle is suing Google over claims that Android violates Java IP, Android is roaring ahead in the marketplace. Still, some groups are wondering if they can implement Android without incurring Oracle's current or future wrath by avoiding the Dalvik VM. A project called IcedRobot aims to create a GNU-compatible version of Android, and rumors abound that RIM is planning on putting an OpenJDK-version of Android on its upcoming PlayBook tablets." -
Judge Rules Against China In 'Green Dam' Suit
An anonymous reader writes "About a year after Cybersitter sued the Chinese government and several Asian OEMs for allegedly copying its code to create the 'Green Dam' software, a US federal judge has allowed the $2.3 billion suit to proceed. Judge Josephine Staton Tucker, a California district judge, entered a judgement of default against the People's Republic of China on Wednesday, after PRC officials failed to respond to the ruling. Although the PRC's embassy sent a letter to the US State Department protesting Cybersitter's suit, such a letter did not qualify as a formal response." -
Last.Fm Founder Criticizes Apple Over Music Subscription Fees
An anonymous reader writes "Apparently not one to mince words, Last.fm founder Richard Jones lambasted Apple for their recently announced App Store subscription rules. 'Apple just ****ed over online music subs for the iPhone,' Jones wrote in IRC earlier this week. Taking things further, Jones angrily theorized that by effectively preventing subscription services like Rhapsody and Spotify from thriving on iTunes, Apple is paving the way for its own music subscription service where it will, surprise surprise, face little to no competition." Jones argues that music service subscriptions don't operate at margins "anywhere near 30%," and that the dramatic loss in revenue will be tough to survive. Another article suggests that Apple's fee structure will highlight the publishing industry's broken business model. Some analysts expect it to raise antitrust concerns, though the wave of Android tablets hitting the market may stifle that sentiment. -
Intel CEO: Nokia Should Have Gone With Android
nk497 writes "Intel CEO Paul Otellini has said Nokia made a mistake choosing Windows Phone 7, and should have gone with Android — but admitted the money on offer may have been too much to ignore. 'I wouldn't have made the decision he made, I would probably have gone to Android if I were him,' he said. 'MeeGo would have been the best strategy but he concluded he couldn't afford it.' Otellini said some closed mobile platforms will 'certainly survive,' but said open systems will 'win' in the end." Reader c0lo notes a followup to yesterday's news that open source software was banned from Windows Marketplace. It seems even Microsoft's own MS-RL open source license runs afoul of the Application Provider Agreement (PDF). The article suggests that these rules should give Nokia pause about their new partnership. -
Ants Build Cheapest Networks
schliz writes "When building a network from scratch, Argentine ants tend to connect their nests in the way that, while more inconvenient for individual ants, requires the minimum amount of trail. Researchers studying 'supercolonies' of the ants found them building networks that closely resembled the mathematical shortest path — a Steiner tree. They hope to apply their work to self-healing, organic computing networks of self-organising sensors, robots, computers, and autonomous cars." This story adds to the earlier report of ants' networking prowess. -
Google Asks USPTO To Reexamine Four Oracle Patents
An anonymous reader writes "Google leaves no stone unturned in its defense against Oracle's patent and copyright infringement allegations. eWEEK reports on the latest development: Google has asked the USPTO to reexamine four of the seven patents asserted by Oracle. Patent watcher and skeptic Florian Mueller believes 'the world would be a better place without those virtual machine patents,' which he considers excessively broad and not really technical inventions. He also reports on a Google letter to the court, asking for permission to file a motion to throw out Oracle's copyright infringement allegations as soon as possible, without further discovery."