Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Attachmate To Retain Novell Unix Copyrights
angry tapir writes "Novell's copyrights for the Unix operating system will remain under Attachmate's control as part of the companies' pending merger, a Novell spokesman has revealed. The confirmation, which came in a terse message posted to Novell's website, seems to rule out questions of whether Unix assets are part of some 882 patents being sold to a Microsoft-led consortium, CPTN Holdings, as part of the deal." -
Botnet Spammer Gets Just 18 Months For Being Odd
itwbennett writes "Thirty-three-year old Scottsman Matthew Anderson was sentenced this week to 18 months in prison for orchestrating a malicious Trojan campaign in 2006. The reason for his relatively light sentence? He apparently wasn't seeking to maximize profit like any normal, red-blooded hacker. Also, his timing was good. His arrest in June 2006 predated by a matter of months the Police and Justice Act, which would likely have resulted in a harsher sentence. By comparison, David Kernell, who snooped in Sarah Palin's email, got a year in prison." -
Spring Dynamic Modules In Action
RickJWagner writes "Every once in a while a technical book comes out that so exhaustively covers a topic that it becomes the definitive word on the topic. These books are the end-all reference, the final authority, the singular go-to reference that every practitioner falls back to in their hour of need. This book review covers one such book, the newly released Spring Dynamic Modules in Action from Manning." Read below for the rest of Rick's review. Spring Dynamic Modules In Action author Arnaud Cogoluegnes, Thierry Templier, Andy Piper pages 548 publisher Manning Publications rating 9/10 reviewer Rick J Wagner ISBN 1935182307 summary Presents the fundamental concepts of OSGi-based apps and maps them to the familiar ideas of the Spring framework. First, a quick word about OSGi. OSGi is a specification meant to make Java more "modular." In practice, this means it is an attempt to solve the age-old problem of "jar hell", including all the class loading issues that go with it. (Users of JEE application servers know what I'm talking about here.) OSGi lets you specify every external library your component needs, to the version. So if you need FooLib v1.2.3, and the application beside yours needs FooLib v10.9.8, that's not a problem at all-- both applications can happily run in the same OSGi container, at the same time.
Should you care about OSGi? The answer is maybe. It's without question a big deal to the makers of Java application containers-- everybody from JBoss to Mule has an opinion on OSGi, and many vendors are busy baking it into their infrastructure. What will differ to you, the user of the container, is how the container developers decided to make OSGi available to their users. This book is about how Spring went about it, and what you need to do to use Spring and OSGi together.
Spring DM (short for "Dynamic Modules") is a framework that enables you to use the popular Spring framework with OSGi. Spring, of course, comes with a multitude of components for solving all kinds of enterprise application needs. So this book is all about using Spring with OSGi.
It's a big book, over 500 pages, written by 3 authors. In those 500 pages you get lots of valuable content:
- An introduction to OSGi and an explanation of its purpose
- Explanation of how Spring can be used within an OSGi container, review of the currently available containers
- Details about how Spring DM works, and the parts you need to understand
- Details about OSGi services, and how they relate to Spring DM
- In depth best practices for data access, enterprise Java projects, and web applications (includes specific advice for popular web application frameworks)
- Testing practices
- Extended uses of OSGi, including likely future direction
A big part of what makes this book valuable are the many pieces of advice from the authors as they explain best practices for using various tools. So you want to use Eclipse, Ant or Maven? No problem, these are all covered. About to use MyFaces, Wicket, or DWR? All covered. Are you a Tomcat user or Jetty? Check and check. I'm sure you get the picture-- if you use these tools, the path ahead of you is already blazed and you can avoid some headaches by leveraging the author's experience.
Make no mistake about it, there will be some headaches ahead of you. Seldom is an application written today that doesn't use an external framework or library of some sort. Using these pre-packaged bits of functionality (and we need to be thankful for them!) might mean 're-packaging', if the library isn't offered as an OSGi bundle. This re-packaging means pealing apart some .jar files and editing the manifest files inside-- yuck! Luckily, this book offers you two things to help you with this task: tooling and advice. Tooling comes in handy because it can automate a lot of the manual, error-prone drudgery that goes along with such a task. Advice is even more valuable-- these authors have already worked done the hard work and have written down what you need to do to make your efforts successful.
So who is this book appropriate for? I'd say anyone who is going to use Spring DM. If you're convinced this is the right framework for your needs, you need a copy of this book. If you're not sure, or if you're just a casual reader wanting to know more about OSGi-- then I'd say you should look through the book first before you buy it. You might like it, or you might not because a lot of the book is all about hands-on use of Spring DM and the little tricks you need to make it work right the first time. But if you're just interested in an overview of the technology, this book might be too detail-oriented and not enough high-level for your tastes.
If you use Spring DM, you need to buy a copy of this book. It's going to be the definitive resource on the topic for a long time.
You can purchase Spring Dynamic Modules In Action from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Spring Dynamic Modules In Action
RickJWagner writes "Every once in a while a technical book comes out that so exhaustively covers a topic that it becomes the definitive word on the topic. These books are the end-all reference, the final authority, the singular go-to reference that every practitioner falls back to in their hour of need. This book review covers one such book, the newly released Spring Dynamic Modules in Action from Manning." Read below for the rest of Rick's review. Spring Dynamic Modules In Action author Arnaud Cogoluegnes, Thierry Templier, Andy Piper pages 548 publisher Manning Publications rating 9/10 reviewer Rick J Wagner ISBN 1935182307 summary Presents the fundamental concepts of OSGi-based apps and maps them to the familiar ideas of the Spring framework. First, a quick word about OSGi. OSGi is a specification meant to make Java more "modular." In practice, this means it is an attempt to solve the age-old problem of "jar hell", including all the class loading issues that go with it. (Users of JEE application servers know what I'm talking about here.) OSGi lets you specify every external library your component needs, to the version. So if you need FooLib v1.2.3, and the application beside yours needs FooLib v10.9.8, that's not a problem at all-- both applications can happily run in the same OSGi container, at the same time.
Should you care about OSGi? The answer is maybe. It's without question a big deal to the makers of Java application containers-- everybody from JBoss to Mule has an opinion on OSGi, and many vendors are busy baking it into their infrastructure. What will differ to you, the user of the container, is how the container developers decided to make OSGi available to their users. This book is about how Spring went about it, and what you need to do to use Spring and OSGi together.
Spring DM (short for "Dynamic Modules") is a framework that enables you to use the popular Spring framework with OSGi. Spring, of course, comes with a multitude of components for solving all kinds of enterprise application needs. So this book is all about using Spring with OSGi.
It's a big book, over 500 pages, written by 3 authors. In those 500 pages you get lots of valuable content:
- An introduction to OSGi and an explanation of its purpose
- Explanation of how Spring can be used within an OSGi container, review of the currently available containers
- Details about how Spring DM works, and the parts you need to understand
- Details about OSGi services, and how they relate to Spring DM
- In depth best practices for data access, enterprise Java projects, and web applications (includes specific advice for popular web application frameworks)
- Testing practices
- Extended uses of OSGi, including likely future direction
A big part of what makes this book valuable are the many pieces of advice from the authors as they explain best practices for using various tools. So you want to use Eclipse, Ant or Maven? No problem, these are all covered. About to use MyFaces, Wicket, or DWR? All covered. Are you a Tomcat user or Jetty? Check and check. I'm sure you get the picture-- if you use these tools, the path ahead of you is already blazed and you can avoid some headaches by leveraging the author's experience.
Make no mistake about it, there will be some headaches ahead of you. Seldom is an application written today that doesn't use an external framework or library of some sort. Using these pre-packaged bits of functionality (and we need to be thankful for them!) might mean 're-packaging', if the library isn't offered as an OSGi bundle. This re-packaging means pealing apart some .jar files and editing the manifest files inside-- yuck! Luckily, this book offers you two things to help you with this task: tooling and advice. Tooling comes in handy because it can automate a lot of the manual, error-prone drudgery that goes along with such a task. Advice is even more valuable-- these authors have already worked done the hard work and have written down what you need to do to make your efforts successful.
So who is this book appropriate for? I'd say anyone who is going to use Spring DM. If you're convinced this is the right framework for your needs, you need a copy of this book. If you're not sure, or if you're just a casual reader wanting to know more about OSGi-- then I'd say you should look through the book first before you buy it. You might like it, or you might not because a lot of the book is all about hands-on use of Spring DM and the little tricks you need to make it work right the first time. But if you're just interested in an overview of the technology, this book might be too detail-oriented and not enough high-level for your tastes.
If you use Spring DM, you need to buy a copy of this book. It's going to be the definitive resource on the topic for a long time.
You can purchase Spring Dynamic Modules In Action from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
RAGE On iOS Shows Promise
Vigile writes "RAGE from id Software for iOS devices is finally available and has been tested over at PC Perspective. The game obviously looks impressive with a nearly 750MB download (and about double that when uncompressed) and not much else can rival it on the platform. The game itself is a rail-based shooter, making the touchscreen interface more intuitive and less cumbersome but it does take away some of the feeling of control in the game. Video of the game running is also included in the short review." -
MP3Tunes 'Safe Harbor' Court Challenge Approaching
markjhood2003 sends along an update on a story we first discussed two years back: EMI's lawsuit against MP3Tunes on the claim that cloud storage of music is illegal. The case has gathered importance as cloud computing has grown in capability and acceptance. Opposition briefs in the case are due on Wednesday and oral arguments will start in January. EMI is making the unusual move (the opposition calls it "desperate") of insisting that the EFF's friend-of-the-court brief not be accepted. "EMI says the brief filed last week by the Electronic Frontier Foundation and other groups supporting MP3tunes’s argument that it’s not responsible for what music its users store on its servers should be barred because it is 'a pure advocacy piece, not a "friend of the court."' Amicus curiae briefs are often filed by interest groups and the government in cases that could set major precedents, in order to illustrate the broader ramifications of the case. ... After three years of litigation, EMI argues that EFF’s brief is too long, thereby 'circumventing' the court’s 'page restrictions' causing 'additional burden' to the court and “prejudice” to the EMI. ... In addition, EMI says, EFF’s brief 'contains unsupported speculation that is not helpful to the Court.' Anyone can submit such a brief as long as they’re not a party to the case, and judges have full discretion whether to accept them. They almost always do." -
Combat Vets On CoD: Black Ops, Medal of Honor Taliban
An anonymous reader writes "Thom 'SSGTRAN' Tran, seen in the Call of Duty: Black Ops live action trailer and in the game as the NVA multiplayer character, gets interviewed and talks about Medal of Honor's Taliban drama. '... to me, it's a non-issue. This is Hollywood. This is entertainment. There has to be a bad guy if there's going to be a good guy. It's that simple. Regardless of whether you call them — "Taliban" or "Op For" — you're looking at the same thing. They're the bad guys.'" Gamasutra published a related story about military simulation games from the perspective of black ops veteran and awesome-name-contest winner Wolfgang Hammersmith. "In his view, all gunfights are a series of ordered and logical decisions; when he explains it to me, I can sense him performing mental math, brain exercise, the kind that appeals to gamers and game designers. Precise skill, calculated reaction. Combat operations and pistolcraft are the man's life's work." -
Beta Version of Nevercookie Released
wiredmikey writes "Anonymizer has released a beta version of Nevercookie, the recently announced Firefox plugin designed to protect against the Evercookie, a JavaScript API built and made available to prove that the more you store and the more places you store it, the harder it is for users to control a Web site's ability to uniquely identify their computer. Evercookie is a more persistent form of cookie that enables the storage of cookie data in a number of different locations, such as Flash cookies and various locations of HTML5 storage. This allows websites to track user behavior even when users have enabled private browsing. Because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps to completely clear and reset their local storage." -
Wikileaks Vows Release '7x the Size' of Iraq Leak
CWmike writes "WikiLeaks has promised to release a load of information seven times bigger than the Iraq War Logs, which raised the Internet group's profile around the world and caused some nations to take notice of the issue of leaks of top-secret documents online. In a note on Twitter, WikiLeaks said, 'Next release is 7x the size of the Iraq War Logs. Intense pressure over it for months,' and asked supporters to continue donating to the cause. WikiLeaks did not say what the new release of information would be about." -
Microsoft (Probably) Didn't Just Buy Unix
jfruhlinger writes "Word came down this morning that when Attachmate bought Novell, certain intellectual property rights were sold to a Microsoft-led consortium as part of the deal. Since Unix is the most valuable piece of IP Novell owns, there was a certain amount of panic that suddenly Redmond is in charge of this foundational technology for Linux and a number of other open source projects. But, while MS is being cagey, Brian Proffitt doubts that Unix was part of the IP package that was sold — and believes that Linux would be safe even if it were." -
Code-Stealing Drone Vendor Settles With Devs
An anonymous reader writes with an update to a story we discussed in September about allegations that copied, inaccurate software was being used in unmanned CIA drones. The lawsuit that publicized these allegations has now ended in a settlement. Quoting: "The breach-of-contract lawsuit, initiated in Suffolk County Superior Court in Massachusetts in November 2009, revolved around a series of claims and counterclaims related to a sophisticated, analytical software program, known as Geospatial, that was developed by Boston-based IISI. The software is capable of integrating at high speeds spatial data, such as maps and visual images, with non-visual data, such as names and phone numbers. Netezza, in its pleadings, claimed that IISI, per contract, was required to upgrade the Geospatial software code to make it work on Netezza’s new data-warehouse computer platform, called the TwinFin. IISI argued, and the court ultimately agreed, that it was under no such obligation. IISI officials also indicated that such an upgrade effort would be quite challenging and costly. In the wake of IISI refusing to adapt the Geospatial software to the TwinFin on Netezza’s timeline, IISI asserted in court pleadings that Netezza proceeded to develop a re-engineered, flawed version of the software that was loaded on the TwinFin platform that Netezza allegedly sold to the CIA. -
Moodle 1.9 For Second Language Teaching
witthaus writes "Jeff Stanford's Moodle 1.9 for Second Language Teaching is described in the preface as 'a recipe book' for creating communicative language teaching activities in Moodle. True to its description, the book contains over 500 pages of detailed, descriptive information on how to squeeze every last drop out of Moodle for language teaching purposes." Keep reading for the rest of Gabi's review. Moodle 1.9 for Second Language Teaching author Jeff Stanford pages 420 publisher Packt Publishing rating 9/10 reviewer Gabi Witthaus ISBN 1847196241 summary A descriptive how-to approach with enthusiastic insights into the rich potential of Moodle for creating engaging, useful language learning activities In the first two chapters, the book gives an introduction to Moodle and advice on how to get started with the platform. It then goes on to consider vocabulary, speaking, grammar, reading, writing and listening activities in chapters three to eight. Chapter nine looks at assessment, giving many practical tips on the best and most efficient ways to exploit Moodle's powerful capacity to generate statistics. Chapter 10 gives suggestions on some extended activities you could use Moodle for (requiring more set-up time as well as more of students' time, but with correspondingly greater pay-off in terms of learning). The final chapter deals with formatting and enhancing the visual aspects of Moodle, and enabling stress-free navigation through the platform for your students.
Activity descriptions are framed in terms of language teaching goals rather than technical functionality, making it an easy read for language teachers who are new to online platforms. Detailed, step-by-step instructions are given, along with helpful screenshots, and a star system to differentiate the easier from the more technically advanced activities. A clear distinction is made between what the language teacher could reasonably be expected to do with Moodle and the issues that should be referred to a more experienced Moodle administrator. The book goes beyond basic Moodle features and functions, introducing the reader to many useful add-ons (such as the wonderfully named Nanogong, for incorporating audio files), and other Web tools such as Audacity for creating and editing podcasts, and Hot Potatoes for making quizzes.
The recipes are indeed delicious, ranging from simple rustic dishes – requiring little or no patience for the technical side of things; just a deep love of the classical ingredients needed for communicative language teaching, such as personalization and a focus on meaningful communication – to sophisticated gourmet platters that probably are best avoided by IT novices. There is even a section (in chapter 10 – my favorite) on creating a whole dinner menu by stringing together a sequence of activities in various ways.
My only lament about the book is that I would like to have seen some discussion on the difference between using Moodle to supplement your face-to-face teaching, as opposed to using it for wholly online courses. The most obvious difference is that students probably already know one another in a face-to-face environment, whereas in a purely online environment they come in 'cold', and this can have a significant impact on their confidence and their engagement levels. Some tips and guidelines on how to draw remote learners in, and then keep them engaged, would be really helpful, as would tips on how to find the balance between face-to-face interaction and online work for classroom-based students. But perhaps here I am talking about how to host the dinner party, which goes beyond the scope of a recipe book.
All things considered, Moodle 1.9 for Language Teaching will undoubtedly increase the language teacher's ability to cook up interesting and enjoyable activities for language students. Bon appétit!
Disclosure: The reviewer is a colleague of Jeff Stanford's at the University of Leicester, where they both tutor on the online MA in Applied Linguistics and TESOL.
Gabi Witthaus has over 20 years' experience in EFL teaching and curriculum development. She is currently based at the University of Leicester, where she is involved in e-learning research and tutoring on the MA in TESOL and Applied Linguistics. (). This review was written in her personal capacity.
You can purchase Moodle 1.9 for Second Language Teaching from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Moodle 1.9 For Second Language Teaching
witthaus writes "Jeff Stanford's Moodle 1.9 for Second Language Teaching is described in the preface as 'a recipe book' for creating communicative language teaching activities in Moodle. True to its description, the book contains over 500 pages of detailed, descriptive information on how to squeeze every last drop out of Moodle for language teaching purposes." Keep reading for the rest of Gabi's review. Moodle 1.9 for Second Language Teaching author Jeff Stanford pages 420 publisher Packt Publishing rating 9/10 reviewer Gabi Witthaus ISBN 1847196241 summary A descriptive how-to approach with enthusiastic insights into the rich potential of Moodle for creating engaging, useful language learning activities In the first two chapters, the book gives an introduction to Moodle and advice on how to get started with the platform. It then goes on to consider vocabulary, speaking, grammar, reading, writing and listening activities in chapters three to eight. Chapter nine looks at assessment, giving many practical tips on the best and most efficient ways to exploit Moodle's powerful capacity to generate statistics. Chapter 10 gives suggestions on some extended activities you could use Moodle for (requiring more set-up time as well as more of students' time, but with correspondingly greater pay-off in terms of learning). The final chapter deals with formatting and enhancing the visual aspects of Moodle, and enabling stress-free navigation through the platform for your students.
Activity descriptions are framed in terms of language teaching goals rather than technical functionality, making it an easy read for language teachers who are new to online platforms. Detailed, step-by-step instructions are given, along with helpful screenshots, and a star system to differentiate the easier from the more technically advanced activities. A clear distinction is made between what the language teacher could reasonably be expected to do with Moodle and the issues that should be referred to a more experienced Moodle administrator. The book goes beyond basic Moodle features and functions, introducing the reader to many useful add-ons (such as the wonderfully named Nanogong, for incorporating audio files), and other Web tools such as Audacity for creating and editing podcasts, and Hot Potatoes for making quizzes.
The recipes are indeed delicious, ranging from simple rustic dishes – requiring little or no patience for the technical side of things; just a deep love of the classical ingredients needed for communicative language teaching, such as personalization and a focus on meaningful communication – to sophisticated gourmet platters that probably are best avoided by IT novices. There is even a section (in chapter 10 – my favorite) on creating a whole dinner menu by stringing together a sequence of activities in various ways.
My only lament about the book is that I would like to have seen some discussion on the difference between using Moodle to supplement your face-to-face teaching, as opposed to using it for wholly online courses. The most obvious difference is that students probably already know one another in a face-to-face environment, whereas in a purely online environment they come in 'cold', and this can have a significant impact on their confidence and their engagement levels. Some tips and guidelines on how to draw remote learners in, and then keep them engaged, would be really helpful, as would tips on how to find the balance between face-to-face interaction and online work for classroom-based students. But perhaps here I am talking about how to host the dinner party, which goes beyond the scope of a recipe book.
All things considered, Moodle 1.9 for Language Teaching will undoubtedly increase the language teacher's ability to cook up interesting and enjoyable activities for language students. Bon appétit!
Disclosure: The reviewer is a colleague of Jeff Stanford's at the University of Leicester, where they both tutor on the online MA in Applied Linguistics and TESOL.
Gabi Witthaus has over 20 years' experience in EFL teaching and curriculum development. She is currently based at the University of Leicester, where she is involved in e-learning research and tutoring on the MA in TESOL and Applied Linguistics. (). This review was written in her personal capacity.
You can purchase Moodle 1.9 for Second Language Teaching from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Running ZFS Natively On Linux Slower Than Btrfs
An anonymous reader writes "It's been known that ZFS is coming to Linux in the form of a native kernel module done by the Lawrence Livermore National Laboratory and KQ Infotech. The ZFS module is still in closed testing on KQ infotech's side (but LLNL's ZFS code is publicly available), and now Phoronix has tried out the ZFS file-system on Linux and carried out some tests. ZFS on Linux via this native module is much faster than using ZFS-FUSE, but the Solaris file-system in most areas is not nearly as fast as EXT4, Btrfs, or XFS." -
How the 'Tech Worker Visa' Is Remaking IT In America
theodp writes "Back in 2008, the Department of Homeland Security enacted a controversial 'emergency' rule to allow foreign students earning tech-related degrees in the US to work for American employers for 29 months after graduation without a work visa. The program would allow US companies to recruit and retain the 'best' science and tech students educated at the top US universities, explained Microsoft. But two-and-a-half years later, it turns out the top US universities are getting schooled by less-renowned institutions. Computerworld reports the DHS program is dominated by little-known, for-profit Stratford University, whose 727 approved requests for post-graduate Optional Practical Training (OPT) STEM extensions tops all schools and is more than twice the combined total of the entire Ivy League — Brown (26), Columbia (105), Cornell (90), Dartmouth (18), Harvard (27), Princeton (16), Penn (50), and Yale (9). In second place, with 533 approved requests, is the University of Bridgeport. In another twist, the program's employers include IT outsourcing and offshoring 'body shops' like Kelly Services, whose entities snagged about 50 approvals, more than twice the combined total of tech stalwarts Google (15), Amazon.com (2), Yahoo (2), and Facebook (3)." -
Trash-To-Gas Power Plant Gets Greenlight
An anonymous reader writes "Beginning in a little more than a week, Green Power, Inc. of Pasco, Washington will be commencing the building of municipal-solid-waste-to-fuel plants for clients around the world, with $2 billion in contracts; now that an EPA ruling has exonerated GPI from an unnecessary shut-down order by the Washington Ecology Department last year. This fuel would be of higher quality and cheaper than fuel derived from crude oil — and it comes from local feedstock, while turning waste into energy. Now your laptop can turn into a quart of diesel fuel to power your trip to the dump. And the ocean gyres of trash the size of Texas can power Texas. This is an update on a Slashdot story from nine months ago. -
Did an Apple Engineer Invent FB Messages In 2003?
theodp writes "Q. How many Facebook engineers does it take in 2010 to duplicate a lone Apple engineer's 2003 effort? A. 15! On Nov. 15th, Facebook CEO Mark Zuckerberg introduced Facebook Messages, which uses whatever method of communication is appropriate at the time — e.g., email, IM, SMS. A day later, ex-Apple software engineer Jens Alfke was granted a patent for his 2003 invention of a Method and apparatus for processing electronic messages, which — you guessed it — employs the most appropriate messaging method — e.g., email, IM, SMS — for the job. Citing Apple's lack of passion for social software, Alfke left Apple in 2008. After a layover at Google, Alfke landed at startup Rockmelt, whose still-in-beta 'social web browser' also sports a pretty nifty communications platform." -
The Future of Android — Does It Belong To Bing and Baidu?
hype7 writes "Given the recent publicity about Android and Google, the Harvard Business Review are offering another interesting perspective. They argue that Google runs a serious risk of losing control of Android, as competitors such as Bing and Baidu move in. It certainly presents an interesting possibility — that Android could win but Google wouldn't see any benefit out of it." -
The Future of Android — Does It Belong To Bing and Baidu?
hype7 writes "Given the recent publicity about Android and Google, the Harvard Business Review are offering another interesting perspective. They argue that Google runs a serious risk of losing control of Android, as competitors such as Bing and Baidu move in. It certainly presents an interesting possibility — that Android could win but Google wouldn't see any benefit out of it." -
Bruce Schneier vs. the TSA
An anonymous reader writes "Bruce Schneier has posted a huge recap of the controversy over TSA body scanners, including more information about the lawsuit he joined to ban them. There's too much news to summarize, but it covers everything from Penn Jillette's and Dave Barry's grope stories, to Israeli experts who say this isn't needed and hasn't ever stopped a bomb, to the three-year-old girl who was traumatized by being groped and much, much more." Another reader passed along a related article, which says, "Congressman Ron Paul lashed out at the TSA yesterday and introduced a bill aimed at stopping federal abuse of passengers. Paul’s proposed legislation would pave the way for TSA employees to be sued for feeling up Americans and putting them through unsafe naked body scanners." -
Bruce Schneier vs. the TSA
An anonymous reader writes "Bruce Schneier has posted a huge recap of the controversy over TSA body scanners, including more information about the lawsuit he joined to ban them. There's too much news to summarize, but it covers everything from Penn Jillette's and Dave Barry's grope stories, to Israeli experts who say this isn't needed and hasn't ever stopped a bomb, to the three-year-old girl who was traumatized by being groped and much, much more." Another reader passed along a related article, which says, "Congressman Ron Paul lashed out at the TSA yesterday and introduced a bill aimed at stopping federal abuse of passengers. Paul’s proposed legislation would pave the way for TSA employees to be sued for feeling up Americans and putting them through unsafe naked body scanners." -
Oregon Senator Seeks To Block COICA
jfruhlinger writes "The COICA copyright bill may have sailed through committee, but that doesn't mean it's a done deal. Senator Ron Wyden of Oregon, calling it the 'wrong medicine' to block copyright violations, is threatening to put a hold on the bill, which would block its adoption through at least the end of the year." -
The Problem With the Top500 Supercomputer List
angry tapir writes "The Top500 list of supercomputers is dutifully watched by high-performance computing participants and observers, even as they vocally doubt its fidelity to excellence. Many question the use of a single metric — Linpack — to rank the performance of something as mind-bogglingly complex as a supercomputer. During a panel at the SC2010 conference this week in New Orleans, one high-performance-computing vendor executive joked about stringing together 100,000 Android smartphones to get the largest Linpack number, thereby revealing the 'stupidity' of Linpack. While grumbling about Linpack is nothing new, the discontent was pronounced this year as more systems, such as the Tianhe-1A, used GPUs to boost Linpack ratings, in effect gaming the Top500 list." Fortunately, Sandia National Laboratories is heading an effort to develop a new set of benchmarks. In other supercomputer news, it turns out the Windows-based cluster that lost out to Linux stumbled because of a bug in Microsoft's software package. Several readers have also pointed out that IBM's Blue Gene/Q has taken the top spot in the Green500 for energy efficient supercomputing, while a team of students built the third-place system. -
Claims About China's April Internet Hijack Are Overblown
sturgeon writes "Yesterday, we discussed what most of the world's major media outlets were reporting on China's April 2010 hijack of '15% of Internet traffic,' including sensitive US government and defense sites. The alarm came following a US Government report (see page 244) on China / US economic and security relations released on Tuesday. Unfortunately, few bothered with fact checking or actually reading the report. The actual study never makes any estimate of Internet traffic diverted during the hijack — it only cites a blog post to suggest large volumes of traffic were involved. And curiously, the cited blog at the heart of the report never mentions traffic at all — only routes. You have to go to an interview with a third-party security researcher in a minor trade magazine to first come up with the 15% number (and this article never explains where the number came from). In a review of real data and actual facts, Arbor Nework's Craig Labovitz has a blog post looking at the traffic volumes involved in the incident (only a couple of Gigabits per second, or a 'statistically insignificant' percentage of Internet traffic)." -
Claims About China's April Internet Hijack Are Overblown
sturgeon writes "Yesterday, we discussed what most of the world's major media outlets were reporting on China's April 2010 hijack of '15% of Internet traffic,' including sensitive US government and defense sites. The alarm came following a US Government report (see page 244) on China / US economic and security relations released on Tuesday. Unfortunately, few bothered with fact checking or actually reading the report. The actual study never makes any estimate of Internet traffic diverted during the hijack — it only cites a blog post to suggest large volumes of traffic were involved. And curiously, the cited blog at the heart of the report never mentions traffic at all — only routes. You have to go to an interview with a third-party security researcher in a minor trade magazine to first come up with the 15% number (and this article never explains where the number came from). In a review of real data and actual facts, Arbor Nework's Craig Labovitz has a blog post looking at the traffic volumes involved in the incident (only a couple of Gigabits per second, or a 'statistically insignificant' percentage of Internet traffic)." -
Wii 2 Unlikely For 2011, Maybe In 2012
An anonymous reader writes "As discussed on Slashdot earlier this year, the lack of a next-generation Wii may be hurting Nintendo. That doesn't seem to concern the company's US chief, Reggie Fils-Aime, who said this week that a Wii 2 might not appear until 2012. He wants to sell a few million more consoles before a successor is launched. So, no Wii 2 for 2010 or 2011 — meanwhile, the PS3 and Xbox consoles get motion control support and other content enhancements. What does that mean for the success of Nintendo's gaming console business? Has the innovator been out-innovated due to a sluggish product roadmap?" -
RuneScape Developer Victorious Over Patent Troll
An anonymous reader writes "Gamasutra reports that a US District Court judge has dismissed the patent infringement lawsuit brought against RuneScape developer Jagex discussed previously on Slashdot. Judge David Folsom last week dismissed online chat company Paltalk's claims that Jagex infringed on Paltalk patents relating to online network communications. The judge's ruling only resolved Jagex's case. Microsoft settled with Paltalk for an undisclosed sum in 2009 after the online communication technology company sued over the patents in a $90 million claim. That settlement opened the door to Paltalk's claims against other game companies, including Blizzard, Turbine, SOE and NCSoft. Paltalk alleged in the Jagex-related suit that it had suffered 'tens of millions of dollars' in damages. Jagex CEO Mark Gerhard said in a statement, 'It is exceedingly unfortunate that the US legal system can force a company with a sole presence in Cambridge, UK to incur a seven-digit expense and waste over a year of management time on a case with absolutely no merit,' and that Jagex 'will not hesitate to vigorously defend our position against any patent trolls who bring lawsuits against us in the future.'" -
Woz Misquoted About Android Dominating iOS
bonch writes "Apple co-founder Steve Wozniak's quote that Android would dominate over iOS was widely covered by the tech press, but after seeking clarification, Engadget reports that Wozniak was misquoted by Dutch paper De Telegraaf. 'Almost every app that I have is better on the iPhone,' says Woz, claiming that he would never say that Android was better than iOS. 'I'm not trying to put Android down, but I'm not suggesting it's better than iOS by any stretch of the imagination. But it can get greater marketshare and still be crappy.' Woz has an Engadget account and has posted further comments to the linked article." -
Alternative To the 200-Line Linux Kernel Patch
climenole writes "Phoronix recently published an article regarding a ~200 line Linux Kernel patch that improves responsiveness under system strain. Well, Lennart Poettering, a Red Hat developer, replied to Linus Torvalds on a mailing list with an alternative to this patch that does the same thing yet all you have to do is run 2 commands and paste 4 lines in your ~/.bashrc file." -
Is Linux At the End of Its Life Cycle?
Glyn Moody writes "That's what Nikolai Pryanishnikov, president of Microsoft Russia, seems to think. Quoted in the context of continuing questions about Russia's plans to create its own national operating system based on GNU/Linux, Pryanishnikov said [via Google Translate]: 'We must bear in mind that Linux is not a Russian OS and, moreover, is at the end of its life cycle.' An off-the-cuff comment, or something more?" -
Woz Says Android Will Dominate
cloudcreator writes "Woz [said] that Android smartphones, not the iPhone, would become dominant, noting that the Google OS is likely to win the race similarly to the way that Windows ultimately dominated the PC world." Update: 11/19 04:54 GMT by T : Apparently, Woz's words were taken slightly out of context. -
MPAA Dismisses COICA Free Speech Concerns
An anonymous reader writes "The EFF has gone into detail about why it opposes 'The Combating Online Infringement and Counterfeits Act,' or COICA. It has the potential to give the Department of Justice the power to shut down any domestic website, or block any foreign website it so chooses, setting the stage for Internet censorship in the United States. Addressing the free speech concerns, MPAA chief Bob Pisano dismissed the First Amendment issues, saying '...the First Amendment was not intended as a shield for those who steal, irrespective of the means.'" -
NHibernate 3.0 Cookbook
RickJWagner writes "Are you a .Net developer? Do you have to persist your application objects to a database? If so, I know of a book you might be interested in, Packt Publishing's NHibernate 3.0 Cookbook. NHibernate is a port of the popular Hibernate object-relational mapper (ORM, for those who like TLAs.) An object-relational mapper is a framework that lets the developer get and retrieve application state from a database, and it does so in an efficient, non-intrusive, and flexible manner. Hibernate is the top of the line ORM implementation, yet it's easy enough to learn that even a newbie will find it easy to get started." Read on for the rest of Rick's review. NHibernate 3.0 Cookbook author Dentler Jason pages 328 publisher Packt Publishing rating 7/10 reviewer RickJWagner ISBN 184951304X summary The ultimate "how-to" reference for NHibernate 3.0 This book is written in Packt's 'Cookbook' style, which means it's really a series of how-to templates that guide the reader through some goal-centric activity. A 'recipe' is a formula for accomplishing something, like setting up a session for a web application, or using a profiler with NHibernate, or creating a validator class. You may not know what some of these things do-- but you will when you read the recipe! Each recipe follows a repeated pattern, with sub-sections "Getting Ready", "How to do it", "How it works", "There's More". At first glance, this can be a little deceptive for readers of technical books-- there's really no lengthy text sections that explain the basics of the tool in the early chapters of the book. You might be lulled into thinking this means there's no explanation for how things work, but that would be wrong! The truth is, there is plenty of good NHibernate theory and explanation, it's just that it's contained within the "How it Works" and "There's More" section of each instructional section, not in a chapter devoted to overview just by itself. For this reason, I'd urge bookshelf browsers to be sure to read one topic through front-to-back thoroughly, to get a feel for how the book presents theory as well as practical hands-on-the-keyboard instruction.
As far as content goes, there is a lot of useful content in this book. The author presents 70 different recipes for activites that range from the basic (i.e. your first class-to-database mappings) to the unusual (i.e. using NHibernate Spatial for solving distance-related problems.) The author offers plenty of good text in most of these, but again-- don't be upset by the placement of the high-level material. It's all there, it's just placed a little differently than what you'd find in most technical books.
The book is easy to read. The text is plain and straight to the point, and the author's writing style is quite readable. The code examples are likewise clean and well-formatted. (By the way, I'd urge you to go to Packt's site to get the source bundle if you buy the book. There's a lot of code referenced, you certainly wouldn't want to type it all by hand if you can get it handed to you.) The book runs a little over 300 pages, and most of the type is generously spaced. This is not a strong theoretical reference, but it is more than adequate as a primer for the vast majority of the tasks you'd want to accomplish with NHibernate.
So who is this book good for? I'd give it high marks for .Net developers who want to use NHibernate, regardless of experience level with the tool. I say that because there are enough use cases presented that there is almost certainly a subset of new material for almost anyone. How about Java Hibernate users? I think it's a decent book for them-- NHibernate is a very close port of the base product, so a Java user can get something out of this book, too. (For that crowd, this would obviously not be a good primary choice, but is worthwhile reading if you already have a Java go-to reference for Hibernate.) For anyone else wanting a good high-level overview of ORM use-- I'd say this book is only of marginal value. This is because the bulk of the explanatory material is presented in the context of 'how to' accomplish some particular task and isn't easily accessible without skipping from recipe to recipe.
By the way, lest you think NHibernate is only for .Net devs, I mostly ran the code samples under MonoDevelop on Ubuntu. This was my first adventure with MonoDevelop (the open source IDE for Mono, which itself is an open source, multi-platform port of .Net.) I was pleasantly surprised by the level of polish in the development environment, it really is a nice environment. Again, if you're a Java developer, I'd consider this book a decent learning supplement but would not recommend it as a primary for Hibernate proper.
You can purchase NHibernate 3.0 Cookbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
NHibernate 3.0 Cookbook
RickJWagner writes "Are you a .Net developer? Do you have to persist your application objects to a database? If so, I know of a book you might be interested in, Packt Publishing's NHibernate 3.0 Cookbook. NHibernate is a port of the popular Hibernate object-relational mapper (ORM, for those who like TLAs.) An object-relational mapper is a framework that lets the developer get and retrieve application state from a database, and it does so in an efficient, non-intrusive, and flexible manner. Hibernate is the top of the line ORM implementation, yet it's easy enough to learn that even a newbie will find it easy to get started." Read on for the rest of Rick's review. NHibernate 3.0 Cookbook author Dentler Jason pages 328 publisher Packt Publishing rating 7/10 reviewer RickJWagner ISBN 184951304X summary The ultimate "how-to" reference for NHibernate 3.0 This book is written in Packt's 'Cookbook' style, which means it's really a series of how-to templates that guide the reader through some goal-centric activity. A 'recipe' is a formula for accomplishing something, like setting up a session for a web application, or using a profiler with NHibernate, or creating a validator class. You may not know what some of these things do-- but you will when you read the recipe! Each recipe follows a repeated pattern, with sub-sections "Getting Ready", "How to do it", "How it works", "There's More". At first glance, this can be a little deceptive for readers of technical books-- there's really no lengthy text sections that explain the basics of the tool in the early chapters of the book. You might be lulled into thinking this means there's no explanation for how things work, but that would be wrong! The truth is, there is plenty of good NHibernate theory and explanation, it's just that it's contained within the "How it Works" and "There's More" section of each instructional section, not in a chapter devoted to overview just by itself. For this reason, I'd urge bookshelf browsers to be sure to read one topic through front-to-back thoroughly, to get a feel for how the book presents theory as well as practical hands-on-the-keyboard instruction.
As far as content goes, there is a lot of useful content in this book. The author presents 70 different recipes for activites that range from the basic (i.e. your first class-to-database mappings) to the unusual (i.e. using NHibernate Spatial for solving distance-related problems.) The author offers plenty of good text in most of these, but again-- don't be upset by the placement of the high-level material. It's all there, it's just placed a little differently than what you'd find in most technical books.
The book is easy to read. The text is plain and straight to the point, and the author's writing style is quite readable. The code examples are likewise clean and well-formatted. (By the way, I'd urge you to go to Packt's site to get the source bundle if you buy the book. There's a lot of code referenced, you certainly wouldn't want to type it all by hand if you can get it handed to you.) The book runs a little over 300 pages, and most of the type is generously spaced. This is not a strong theoretical reference, but it is more than adequate as a primer for the vast majority of the tasks you'd want to accomplish with NHibernate.
So who is this book good for? I'd give it high marks for .Net developers who want to use NHibernate, regardless of experience level with the tool. I say that because there are enough use cases presented that there is almost certainly a subset of new material for almost anyone. How about Java Hibernate users? I think it's a decent book for them-- NHibernate is a very close port of the base product, so a Java user can get something out of this book, too. (For that crowd, this would obviously not be a good primary choice, but is worthwhile reading if you already have a Java go-to reference for Hibernate.) For anyone else wanting a good high-level overview of ORM use-- I'd say this book is only of marginal value. This is because the bulk of the explanatory material is presented in the context of 'how to' accomplish some particular task and isn't easily accessible without skipping from recipe to recipe.
By the way, lest you think NHibernate is only for .Net devs, I mostly ran the code samples under MonoDevelop on Ubuntu. This was my first adventure with MonoDevelop (the open source IDE for Mono, which itself is an open source, multi-platform port of .Net.) I was pleasantly surprised by the level of polish in the development environment, it really is a nice environment. Again, if you're a Java developer, I'd consider this book a decent learning supplement but would not recommend it as a primary for Hibernate proper.
You can purchase NHibernate 3.0 Cookbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Cooks Source Magazine Apologizes — Sort Of
taco8982 writes "Cooks Source has published a statement in response to the uproar over claiming the web is public domain a couple of weeks ago. While it does contain an apology, I'll leave it to individual readers to determine how apologetic it actually is." It also seems that the publisher has decided to cease publication entirely. -
Most Detailed View of Dark Matter Mapped By Hubble
astroengine writes "Building on previous studies by the Hubble Space Telescope, new analysis of gravitational lensing data has revealed the most detailed map of the distribution of dark matter yet. The distribution appears as a beautiful ghost-like or ethereal haze and could have serious ramifications on our understanding as to how galaxy clusters form and evolve." -
Failed MMO APB To Be Resurrected As Free-To-Play Game
Two months ago, we discussed news that Realtime Worlds' action MMO APB closed its doors only a few months after launch, when it became clear that player interest and subscriber numbers couldn't begin to recoup the massive development cost. A few days ago, a company called Reloaded Productions, owned by free-to-play publisher GamersFirst, acquired all the rights and assets to APB. The company plans to relaunch the game as APB: Reloaded in the first half of 2011, abandoning its unusual business model in favor of free-to-play accounts supplemented by microtransactions and premium services. -
Failed MMO APB To Be Resurrected As Free-To-Play Game
Two months ago, we discussed news that Realtime Worlds' action MMO APB closed its doors only a few months after launch, when it became clear that player interest and subscriber numbers couldn't begin to recoup the massive development cost. A few days ago, a company called Reloaded Productions, owned by free-to-play publisher GamersFirst, acquired all the rights and assets to APB. The company plans to relaunch the game as APB: Reloaded in the first half of 2011, abandoning its unusual business model in favor of free-to-play accounts supplemented by microtransactions and premium services. -
Facebook Inbox Throws Blow At Google... No Flinch?
CWmike writes "Facebook's new messaging system may not be a Gmail killer, but it's definitely another blow in the growing battle between two Internet bigwigs. Facebook took the wraps off what it's calling a modern messaging system on Monday. The new system is designed to handle the convergence of different kinds of messages — Facebook messages, IMs, SMS and e-mail — and bring them together under a single social umbrella. The system also allows users to have a facebook.com email address, though it will work with other e-mail systems like Gmail and Yahoo. Facebook CEO Mark Zuckerberg is adamant that it's not intended to replace e-mail, but industry analysts say the new system will almost certainly draw some users away from Yahoo mail and Google's Gmail. Meanwhile, Google CEO Eric Schmidt told Computerworld that he's not worried at all about Facebook's new 'Social Inbox.' 'More competition is always good because it makes the market larger,' Schmidt said, charging that journalists were hyping the rivalry: 'As a group, you all are focused on the competition rather than the market getting larger. It brings more people in. We are all served by having everybody in the world get online.'" -
New Castle Councilman Calls Cops On Boys' Cupcake Sale
timothy writes "Two middle school students thought they would get away with their insidious plans to sell baked goods in a local park, and if it wasn't for that meddling, portly small-time politician they would have!" Looks like the Portland lemonade girls finally have some company. Hopefully this will teach children not to travel down the dark path of the bake sale. -
Hayabusa Captured Asteroid Dust Confirmed
astroengine writes "It's been a seven-year roller-coaster ride for the asteroid sample return mission, but JAXA — the Japanese space agency — has confirmed that 1,500 particles of dust from the surface of asteroid Itokawa have been found inside the sample return capsule. The capsule parachuted to Earth shortly before the Hayabusa spacecraft reentered over the Australian Outback in June. Since then, scientists have been painstakingly analyzing the capsule's contents to make sure the dust they found wasn't terrestrial contamination. Now they are sure, making this the first time a sample has been collected from the surface of an asteroid (and only the second time a sample has been returned from a celestial object, the first being the Moon missions)." -
Muscle Mice
SilasMortimer writes "Researchers from the University of Colorado at Boulder have accomplished that for which humankind has been desperate since the dawn of civilization: turning sad, injured regular mice into angry, beefed-up super-mice. Well, okay, there's no official word in the article about the rodents' emotional states, but certainly when stem cells were injected into mice with leg injuries, the muscle grew back... almost twice as big as it was before the injury [abstract, supplemental material (PDF)]. This has many exciting implications, from better healing after injuries to slowing down the aging process to a spike in the number of cases of Generalized Anxiety Disorder among cats. I, for one, refuse to perpetuate outdated memes. (But feel free to make up for the lack.)" If these mice are bred with those given previously discovered treatments to make them smarter and fearless, we might be in trouble. -
Muscle Mice
SilasMortimer writes "Researchers from the University of Colorado at Boulder have accomplished that for which humankind has been desperate since the dawn of civilization: turning sad, injured regular mice into angry, beefed-up super-mice. Well, okay, there's no official word in the article about the rodents' emotional states, but certainly when stem cells were injected into mice with leg injuries, the muscle grew back... almost twice as big as it was before the injury [abstract, supplemental material (PDF)]. This has many exciting implications, from better healing after injuries to slowing down the aging process to a spike in the number of cases of Generalized Anxiety Disorder among cats. I, for one, refuse to perpetuate outdated memes. (But feel free to make up for the lack.)" If these mice are bred with those given previously discovered treatments to make them smarter and fearless, we might be in trouble. -
Blizzard Seeking Console Devs For 'Diablo-Related Concept'
Eurogamer reports that a number of Blizzard job listings went up today for top-level console developers. The listings were posted under the Diablo 3 heading, leading to speculation about a console port of the upcoming game. A Blizzard representative soon responded, saying, "... we’re currently exploring a Diablo-related concept for consoles. As we’ve said in the past, with proper care the gameplay could suit the console platform, and we’re interested in seeing what talent out there might be interested in contributing to such a project. To further reiterate what’s posted on the home page: this is not an announcement of a console title. We are first and foremost developing Diablo III for Windows and Mac PCs, and we have no intention of allowing a console interpretation to delay or otherwise affect the release of the game." Having played Diablo 3 at Blizzcon, I can say that the game would very easily make the transition to consoles. An Xbox 360 or PS3 controller would almost perfectly fit all necessary gameplay functions. That said, they could just as easily be porting one of the older games, building a new mini-game to get their feet wet, or getting started on Diablo 4. Time will tell. -
Security Strategy: From Requirements To Reality
brothke writes "Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is arguably the best information security book ever written. Anderson's premise is that security technology needs to take a structured engineering approach to systems design, with detailed requirements and specification from start-up to development and implementation; just as those designing buildings and bridges do. Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws. As good as Security Engineering is, it was not written to be a detailed information security design guide. That vacuum has been filled by an incredibly important and valuable new bookSecurity Strategy: From Requirements to Reality." Read on for the rest of Ben's review. Security Strategy: From Requirements to Reality author Bill Stackpole and Eric Oksendahl pages 346 publisher Auerbach Publications rating 10/10 reviewer Ben Rothke ISBN 1439827338 summary One of the best information security books of the last few years Security Strategy is one of the first books that shows how to perform a comprehensive information security assessment and design, from section, development and deployment of a security strategy best suited to a specific organization.
The books main focus is on the planning, requirements and execution need to ensure formal and comprehensive information security elements are built into systems, applications and processes.
Authors Bill Stackpole and Eric Oksendahl each have over 25 years in the industry and the book reflects their vast expertise. Oksendahl spent time at Boeing, one of the most security aware organizations, with Stackpole spending a decade at Microsoft. While Microsoft is chided for creating more insecurity than security, it is worth noting that no organization in the world has spent more on training its staff and developers on security than Microsoft.
The books 300 densely written pages are composed of 14 chapters divided into 2 sections. Section one (chapters 1-6) is about strategy, with section two (chapters 7-14) around tactics.
Complete with checklists of the physical security requirements that organizations should consider when evaluating or designing facilities, the book provides the insight needed to enable an organization to achieve the operational efficiencies, cost reductions, and brand enhancements that are possible when an effective security strategy is put into action.
Chapters 1-3 take a high-level overview on how to approach strategy, with its many details. The authors note that strategy is a long-term plan of action designed to achieve a goal that includes what work will be done and by whom. This is not a trivial task, as many organizations simply roll-out a new technology, without defining what its goals are, and who exactly will manage and support this new technology.
Chapter 4 is where the hard work begins, as this chapter details the issues around strategic planning. Noting that strategic security planning is hard work and takes time; many organizations attempt to take an assumed easier path, that of bypassing security details and specifications. That is precisely why information security is in such a sorry state in many firms. These firms would rather buy a security appliance and place it in their data center and hope it works; rather than defining the details and specifications of what the appropriate appliance is in the first place.
Part 2 commences on the topic of tactics, and defines them as procedures or sets of actions used to achieve a specific objective. What this chapter does well, as does the entire book, is that it compels the reader to focus on specifics and objectives.
Chapter 9 gets into the importance of observation, in knowing what is going on within the network. The book notes that observation is both a deterrent and a detector. The chapter goes into detail about how observation works both in the physical world and its corollary use in the network side. The chapter breaks down the various functions needed to ensure that observation is done correctly; as opposed to the common method of simply rolling out an IDS and hoping that it somehow works.
Chapter 11 details the SDL (security development lifecycle). As the chapter notes, an effective SDL can improve application security via the use of a set of development practices designed to reduce or eliminate exploitable vulnerabilities. The issue though is that far too few organizations realize the need for a SDL, let alone take the time to design and deploy it.
Chapter 14 ends on the topic of security awareness training. While the notion of security awareness for many firms is an annual 10-slide PowerPoint; the authors take a pragmatic approach and detail the various parts of what makes for an effective awareness program.
Security Strategy: From Requirements to Reality is an incredibly valuable book that advances the state of information security. For organizations that are looking to get serious about information security, and those that want to go from good to great, the book is an invaluable guide that lays the groundwork on how to develop a first-rate information security infrastructure.
Taking a look at its table of contents shows the many fine points in which the book goes into each particular point, showing how it can be properly designed and deployed for effective security controls.
My only peeve with the book is that it lacked a CD-ROM or web site in which to download the many tables and matrices the book is built on. It is hoped that future editions will have them available.
Security Strategy: From Requirements to Reality is one of the best information security books of the last few years. Those who are serious about information security will ensure this is on their reading list, and that of everyone in their organization tasked with information security.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase Security Strategy: From Requirements to Reality from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Security Strategy: From Requirements To Reality
brothke writes "Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is arguably the best information security book ever written. Anderson's premise is that security technology needs to take a structured engineering approach to systems design, with detailed requirements and specification from start-up to development and implementation; just as those designing buildings and bridges do. Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws. As good as Security Engineering is, it was not written to be a detailed information security design guide. That vacuum has been filled by an incredibly important and valuable new bookSecurity Strategy: From Requirements to Reality." Read on for the rest of Ben's review. Security Strategy: From Requirements to Reality author Bill Stackpole and Eric Oksendahl pages 346 publisher Auerbach Publications rating 10/10 reviewer Ben Rothke ISBN 1439827338 summary One of the best information security books of the last few years Security Strategy is one of the first books that shows how to perform a comprehensive information security assessment and design, from section, development and deployment of a security strategy best suited to a specific organization.
The books main focus is on the planning, requirements and execution need to ensure formal and comprehensive information security elements are built into systems, applications and processes.
Authors Bill Stackpole and Eric Oksendahl each have over 25 years in the industry and the book reflects their vast expertise. Oksendahl spent time at Boeing, one of the most security aware organizations, with Stackpole spending a decade at Microsoft. While Microsoft is chided for creating more insecurity than security, it is worth noting that no organization in the world has spent more on training its staff and developers on security than Microsoft.
The books 300 densely written pages are composed of 14 chapters divided into 2 sections. Section one (chapters 1-6) is about strategy, with section two (chapters 7-14) around tactics.
Complete with checklists of the physical security requirements that organizations should consider when evaluating or designing facilities, the book provides the insight needed to enable an organization to achieve the operational efficiencies, cost reductions, and brand enhancements that are possible when an effective security strategy is put into action.
Chapters 1-3 take a high-level overview on how to approach strategy, with its many details. The authors note that strategy is a long-term plan of action designed to achieve a goal that includes what work will be done and by whom. This is not a trivial task, as many organizations simply roll-out a new technology, without defining what its goals are, and who exactly will manage and support this new technology.
Chapter 4 is where the hard work begins, as this chapter details the issues around strategic planning. Noting that strategic security planning is hard work and takes time; many organizations attempt to take an assumed easier path, that of bypassing security details and specifications. That is precisely why information security is in such a sorry state in many firms. These firms would rather buy a security appliance and place it in their data center and hope it works; rather than defining the details and specifications of what the appropriate appliance is in the first place.
Part 2 commences on the topic of tactics, and defines them as procedures or sets of actions used to achieve a specific objective. What this chapter does well, as does the entire book, is that it compels the reader to focus on specifics and objectives.
Chapter 9 gets into the importance of observation, in knowing what is going on within the network. The book notes that observation is both a deterrent and a detector. The chapter goes into detail about how observation works both in the physical world and its corollary use in the network side. The chapter breaks down the various functions needed to ensure that observation is done correctly; as opposed to the common method of simply rolling out an IDS and hoping that it somehow works.
Chapter 11 details the SDL (security development lifecycle). As the chapter notes, an effective SDL can improve application security via the use of a set of development practices designed to reduce or eliminate exploitable vulnerabilities. The issue though is that far too few organizations realize the need for a SDL, let alone take the time to design and deploy it.
Chapter 14 ends on the topic of security awareness training. While the notion of security awareness for many firms is an annual 10-slide PowerPoint; the authors take a pragmatic approach and detail the various parts of what makes for an effective awareness program.
Security Strategy: From Requirements to Reality is an incredibly valuable book that advances the state of information security. For organizations that are looking to get serious about information security, and those that want to go from good to great, the book is an invaluable guide that lays the groundwork on how to develop a first-rate information security infrastructure.
Taking a look at its table of contents shows the many fine points in which the book goes into each particular point, showing how it can be properly designed and deployed for effective security controls.
My only peeve with the book is that it lacked a CD-ROM or web site in which to download the many tables and matrices the book is built on. It is hoped that future editions will have them available.
Security Strategy: From Requirements to Reality is one of the best information security books of the last few years. Those who are serious about information security will ensure this is on their reading list, and that of everyone in their organization tasked with information security.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase Security Strategy: From Requirements to Reality from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Apple the No. 1 Danger To Net Freedom
CWmike writes "Columbia law professor Tim Wu, who coined the term 'net neutrality,' now says that Apple is the company that most endangers the freedom of the Internet. Wu recently published the book The Master Switch: The Rise and Fall of Information Empires, in which he details what he calls 'information empires' such as AT&T, NBC, Facebook, and Google. He told The New York Times, 'It's largely a story of the American affection for information monopolists and the consequences of that fondness.' When asked whether the Internet could similarly be controlled by large companies, he told the Times: 'I know the Internet was designed to resist integration, designed to resist centralized control, and that design defeated firms like AOL and Time Warner. But firms today, like Apple, make it unclear if the Internet is something lasting or just another cycle.' Asked which companies he feared most, Wu replied: 'Right now, I'd have to say Apple.'" Wu has been in the news a bit lately. -
Exciting Kinect Stuff Already Coming Out
Just last week we learned that the Kinect had been hacked wide open and already we're seeing a flood of innovative stuff coming out. Jamie found a page with a lot of pictures and screenshots, and Engadget has more. -
Where Do I Go Now That Oracle Owns OpenOffice.org?
eldavojohn writes "So I noted that there was better support for my processor in the latest BIOS for my mainboard. After downloading the update, there was a .doc file containing flashing instructions. No matter, I have OpenOffice.org installed on this machine and just opened it up. And, as should be no surprise, there was an Oracle logo splash screen while OpenOffice.org 3.2 started up. At my job, I've had a less than favorable history with Oracle that I'm not going to get into — rather let's just say I never want anything to do with them again. Including installing any of their software on my machine. So I'm facing a dilemma. I've looked into the forked LIbreOffice but that's still in beta and I'm a little wary of depending on that. Has anyone used LibreOffice (it's installing as I type this) extensively? Does it handle complex Powerpoint files okay? Is there some alternative out there that I'm completely overlooking for open source? Can anyone convince me that there's no reason to fear the Oracle OpenOffice.org? Will it remain the de facto standard? Will it eventually lock me into a commitment with Oracle? If you get by without one of these heavyweight monster editors, what do you use and how do you handle doc, ppt, (etc.) extensions?" -
National Opt-Out Day Against Virtual Strip Searches
An anonymous reader writes in about a protest called for the busiest airline travel day of the year. "An activist opposed to the new invasive body scanners in use at airports around the country just designated Wednesday, Nov. 24 as a National Opt-Out Day. He's encouraging airline passengers to decline the TSA's technological strip searches en masse on that day as a protest against the scanners, as well as the new 'enhanced pat-downs' inflicted on refuseniks. 'The goal of National Opt-Out Day is to send a message to our lawmakers that we demand change,' reads the call to action at OptOutDay.com, set up by Brian Sodegren. 'No naked body scanners, no government-approved groping. We have a right to privacy, and buying a plane ticket should not mean that we're guilty until proven innocent.' The US Airline Pilots Association and other pilot groups have urged their members to avoid the scanners and have also condemned the new pat-down policy as humiliating to pilots. They've advised pilots who don't feel comfortable undergoing pat-downs in front of passengers to request they be conducted in a private room. Any pilots who don't feel comfortable after undergoing a pat-down have been encouraged to 'call in sick and remove themselves from the trip.'"