Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Microsoft Patches "Google Hack" Flaw In IE
An anonymous reader writes "As expected, Microsoft has issued an out-of-band security patch to address a remote code execution hole in Internet Explorer that was used in the recent Chinese attacks disclosed by Google. Ars Technica has all the download links you need." -
NASA Will Crowdsource Its Photos of Mars
tedlistens writes "NASA is asking the public to suggest subjects for the High Resolution Imaging Science Experiment, or HiRISE, its super powerful camera currently orbiting Mars. Since it arrived there in 2006, the HiRISE camera on NASA's Mars Reconnaissance Orbiter has seen more success than that lost lander, recording nearly 13,000 observations of Martian terrain, with each image covering dozens of square miles and revealing details as small as a desk. By letting the public in on the Martian photo shoot, scientists aren't just getting more people excited about space exploration. They're hoping that crowdsourcing imaging targets will increase the camera's already bountiful science return. Despite the thousands of pictures already taken, less than 1 percent of the Martian surface has been imaged." -
Benchmarks of Debian GNU/kFreeBSD vs. GNU/Linux
An anonymous reader writes "The Debian Squeeze release is going to be accompanied by a first-rate kFreeBSD port and now early benchmarks of this port have started coming out using daily install images. The Debian GNU/kFreeBSD project is marrying the FreeBSD kernel with a GNU userland and glibc while making most of the Debian repository packages available for kfreebsd-i386 and kfreebsd-amd64. The first Debian GNU/kFreeBSD benchmarks compare the performance of it to Debian GNU/Linux with the 2.6.30 kernel while the rest of the packages are the same. Results are shown for both i386 and x86_64 flavors. Debian GNU/kFreeBSD may be running well, but it has a lot of catching up to do in terms of speed against Linux." -
Python Essential Reference 4th Ed.
stoolpigeon writes "It has been ten years since David Beazley wrote the first edition of Python Essential Reference. The book has proven itself as a valuable resource to Python developers and has been kept current over those ten years, with the fourth edition coming at an interesting time for Python. Python 3 was a major release that broke backwards compatibility. Python 3 has been around for a year now. That said, the current download page at the official Python site states, 'If you don't know which version to use, start with Python 2.6.4; more existing third party software is compatible with Python 2 than Python 3 right now.' Beazley, in keeping with the pragmatic roots of a reference that sticks to what is 'essential,' has removed the coverage on features from 2 that were removed from 3. At the same time, the primary focus for new features that came with 3 is limited to those that have been back-ported to 2. This approach, born out of a desire to keep the reference relevant, provides a blended approach that is above all else practical." Read on for the rest of JR's review. Python Essential Reference 4th Ed. author David M. Beazley pages 738 publisher Addison-Wesley rating 9/10 reviewer JR Peck ISBN 978-0-672-32978-4 summary A definitive guide to the core Python language and the essential parts of the Python library. The end result of that choice is a reference document consisting of those parts of Python that are shared between versions 2 and 3. This is a significant portion of the language and I think this approach is really what will give this reference more traction than many of the other guides that focus purely on 3. I think that those are valuable and over time the balance will shift but as of right now, for a little while to come, this book takes the most realistic approach. That feels very fuzzy, but I have no idea how long it will be until Python 3 truly is the dominant version and Python 2 is truly put to bed.
If I had to guess how Beazley's Python Essential Reference has held in there over the years, the key would be that there is a lot of what a developer needs and very little of what she doesn't need. There is a twenty-four page tutorial introduction, but this is not a guide on how to program or how to use Python for beginners. An experienced programmer could probably use this reference to shift to Python as a new language, but someone completely new to writing code would probably not want to start here. A quick look at the table of contents shows that an explanation of the language itself is covered in under 200 pages. Extending and embedding Python also get their own section, but close to 400 pages is given to the Python library.
An inevitable question is what one will gain with this reference over the online documentation. A good example to see how things vary is to look at chapter nineteen, Operating System Services and the online documentation for Generic Operating System Services. The online documentation is very thorough, and covers each piece of the library starting with os and io, building from there. While every facet is documented much of it is rather brief. For example section 16.2.3. Raw File I/O is a very straightforward listing of the very low level functionality available via io.FileIO. In contrast, looking at the 3.1.1 Docs for Raw IO shows that parameters for FileIO changed with that version. Looking to the documentation for 2.7a1 Raw File I/O shows that these changes are being back-ported to Python 2.
In Python Essential Reference none of this hunting down changes and checking to see if they are coming to 2 are necessary. Beazley shows them in his documentation. This is the strength of his choice on how to handle these types of situations. On top of that, Beazley provides more than the online documents by including four paragraphs of additional information on Raw I/O and when its use is appropriate. This added content is probably available googling around for it, but then I have to take the time to check dates on posts to see if things are still current and in general just hope that things are accurate. I have never read a technical book that was completely error free, and there are probably at the very least some typos in Python Essential Reference, though I haven't caught any of them on my read through or use of the book yet. But the important thing is that I don't expect the book to be perfect, rather I value it for being a known quantity. I am aware of just when the material was compiled, who put it together and I have it all in one place.errno symbols is not exhaustive and oddly enough is not ordered alphabetically. Beazley provides two lists for errno symbols. They are provided in alphabetical order, have a description and are grouped as POSIX error codes and Windows error codes. A quick glance at these tables in a skimming of the book might lead one to believe that this is just a simple quick grab from already available sources, but that isn't the case. There is real value added even here.
The index is solid. It would seem that one should be able to take this for granted with a technical reference but I've seen some sad exceptions. Between the thorough index and the detailed table of contents I've never had to spend more than a few seconds looking for what I need. This is the result of those tools as well as the fact that this is not an exhaustive reference. After initially reading through the book for this review, I've taken some time just to use it day to day, as I doubt many will be reading it from front to back. I don't use Python professionally. I'm purely a hobbyist when it comes to programming, but I've found that if I want to get the most out of the time I do have to play with personal projects, I want this book close. I'm not cranking out code that fast to begin with and so I need all the help I can get. I've found that Beazley seems to have hit that sweet spot where he gives enough information to get me where I need to be without bogging down in too many details or the things that I just don't need to know. I imagine this proper balance of information is due to Beazley's extensive experience with Python and that of Noah Gift the technical editor for the book.
I've mentioned repeatedly that I approve of how the shift between Python 2 and 3 has been handled. Beazley hasn't completely integrated everything and left some of the unique new features of 3 out in the cold. There is an appendix that deals specifically with Python 3. It is short but does have some value. New features, common pitfalls for those making the move from 2 to 3 and how to run both at the same time in a single environment are covered. This is helpful and keeps my desk a little neater, though I think if I were going to be spending extensive time working with Python 3 then I would probably want to have another reference on hand.
If you are a week-end hacker like me, or someone that is writing Python on the clock, I think that this compact reference is very useful. I don't have any trouble running across huge technical books that do come in handy for any project that requires something heavy. I also see a lot of little books that seem to be quickly produced summaries of what is already out there, spending most of their short content on fluff. Every so often though, someone hits that sweet spot of concise usefulness. Beazley did this with Python Essential Reference and this new edition continues that history in strong fashion.
You can purchase Python Essential Reference 4th Ed. from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Python Essential Reference 4th Ed.
stoolpigeon writes "It has been ten years since David Beazley wrote the first edition of Python Essential Reference. The book has proven itself as a valuable resource to Python developers and has been kept current over those ten years, with the fourth edition coming at an interesting time for Python. Python 3 was a major release that broke backwards compatibility. Python 3 has been around for a year now. That said, the current download page at the official Python site states, 'If you don't know which version to use, start with Python 2.6.4; more existing third party software is compatible with Python 2 than Python 3 right now.' Beazley, in keeping with the pragmatic roots of a reference that sticks to what is 'essential,' has removed the coverage on features from 2 that were removed from 3. At the same time, the primary focus for new features that came with 3 is limited to those that have been back-ported to 2. This approach, born out of a desire to keep the reference relevant, provides a blended approach that is above all else practical." Read on for the rest of JR's review. Python Essential Reference 4th Ed. author David M. Beazley pages 738 publisher Addison-Wesley rating 9/10 reviewer JR Peck ISBN 978-0-672-32978-4 summary A definitive guide to the core Python language and the essential parts of the Python library. The end result of that choice is a reference document consisting of those parts of Python that are shared between versions 2 and 3. This is a significant portion of the language and I think this approach is really what will give this reference more traction than many of the other guides that focus purely on 3. I think that those are valuable and over time the balance will shift but as of right now, for a little while to come, this book takes the most realistic approach. That feels very fuzzy, but I have no idea how long it will be until Python 3 truly is the dominant version and Python 2 is truly put to bed.
If I had to guess how Beazley's Python Essential Reference has held in there over the years, the key would be that there is a lot of what a developer needs and very little of what she doesn't need. There is a twenty-four page tutorial introduction, but this is not a guide on how to program or how to use Python for beginners. An experienced programmer could probably use this reference to shift to Python as a new language, but someone completely new to writing code would probably not want to start here. A quick look at the table of contents shows that an explanation of the language itself is covered in under 200 pages. Extending and embedding Python also get their own section, but close to 400 pages is given to the Python library.
An inevitable question is what one will gain with this reference over the online documentation. A good example to see how things vary is to look at chapter nineteen, Operating System Services and the online documentation for Generic Operating System Services. The online documentation is very thorough, and covers each piece of the library starting with os and io, building from there. While every facet is documented much of it is rather brief. For example section 16.2.3. Raw File I/O is a very straightforward listing of the very low level functionality available via io.FileIO. In contrast, looking at the 3.1.1 Docs for Raw IO shows that parameters for FileIO changed with that version. Looking to the documentation for 2.7a1 Raw File I/O shows that these changes are being back-ported to Python 2.
In Python Essential Reference none of this hunting down changes and checking to see if they are coming to 2 are necessary. Beazley shows them in his documentation. This is the strength of his choice on how to handle these types of situations. On top of that, Beazley provides more than the online documents by including four paragraphs of additional information on Raw I/O and when its use is appropriate. This added content is probably available googling around for it, but then I have to take the time to check dates on posts to see if things are still current and in general just hope that things are accurate. I have never read a technical book that was completely error free, and there are probably at the very least some typos in Python Essential Reference, though I haven't caught any of them on my read through or use of the book yet. But the important thing is that I don't expect the book to be perfect, rather I value it for being a known quantity. I am aware of just when the material was compiled, who put it together and I have it all in one place.errno symbols is not exhaustive and oddly enough is not ordered alphabetically. Beazley provides two lists for errno symbols. They are provided in alphabetical order, have a description and are grouped as POSIX error codes and Windows error codes. A quick glance at these tables in a skimming of the book might lead one to believe that this is just a simple quick grab from already available sources, but that isn't the case. There is real value added even here.
The index is solid. It would seem that one should be able to take this for granted with a technical reference but I've seen some sad exceptions. Between the thorough index and the detailed table of contents I've never had to spend more than a few seconds looking for what I need. This is the result of those tools as well as the fact that this is not an exhaustive reference. After initially reading through the book for this review, I've taken some time just to use it day to day, as I doubt many will be reading it from front to back. I don't use Python professionally. I'm purely a hobbyist when it comes to programming, but I've found that if I want to get the most out of the time I do have to play with personal projects, I want this book close. I'm not cranking out code that fast to begin with and so I need all the help I can get. I've found that Beazley seems to have hit that sweet spot where he gives enough information to get me where I need to be without bogging down in too many details or the things that I just don't need to know. I imagine this proper balance of information is due to Beazley's extensive experience with Python and that of Noah Gift the technical editor for the book.
I've mentioned repeatedly that I approve of how the shift between Python 2 and 3 has been handled. Beazley hasn't completely integrated everything and left some of the unique new features of 3 out in the cold. There is an appendix that deals specifically with Python 3. It is short but does have some value. New features, common pitfalls for those making the move from 2 to 3 and how to run both at the same time in a single environment are covered. This is helpful and keeps my desk a little neater, though I think if I were going to be spending extensive time working with Python 3 then I would probably want to have another reference on hand.
If you are a week-end hacker like me, or someone that is writing Python on the clock, I think that this compact reference is very useful. I don't have any trouble running across huge technical books that do come in handy for any project that requires something heavy. I also see a lot of little books that seem to be quickly produced summaries of what is already out there, spending most of their short content on fluff. Every so often though, someone hits that sweet spot of concise usefulness. Beazley did this with Python Essential Reference and this new edition continues that history in strong fashion.
You can purchase Python Essential Reference 4th Ed. from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Failed Games That Damaged Or Killed Their Companies
An anonymous reader writes "Develop has an excellent piece up profiling a bunch of average to awful titles that flopped so hard they harmed or sunk their studio or publisher. The list includes Haze, Enter The Matrix, Hellgate: London, Daikatana, Tabula Rasa, and — of course — Duke Nukem Forever. 'Daikatana was finally released in June 2000, over two and a half years late. Gamers weren't convinced the wait was worth it. A buggy game with sidekicks (touted as an innovation) who more often caused you hindrance than helped ... achieved an average rating of 53. By this time, Eidos is believed to have invested over $25 million in the studio. And they called it a day. Eidos closed the Dallas Ion Storm office in 2001.'" -
NYTimes Confirms It Will Start Charging For Online News In 2011
jmtpi writes "The article is frustratingly vague, but the New York Times is confirming earlier speculation that it will start charging online readers who visit the site regularly. Occasional users will still get free access to a certain number of articles per month. Most of the key details are not yet determined, but the system is scheduled to be deployed at the beginning of next year." The Times is planning on rolling its own pay system, and it will doubtless use the rest of 2010 to look at how sites like the Wall Street Journal and the Financial Times fare before deciding on specifics. How often do you readers typically hit articles at nytimes.com in a given month? We try to avoid linking to stories behind paywalls when possible, and if the Times chooses a low monthly limit, you'll probably see a lot fewer links to their site — which would be a shame. -
Samsung Settles With Rambus In Patent Dispute
Tackhead writes "After almost a decade of legal wrangling, Samsung has settled with Rambus over the antitrust case, regarding allegations of price-fixing for DDR and SDRAM memory, that was scheduled to proceed this month. (Here is a half-decade-old summary of the twists and turns of the case.) As part of the settlement, Samsung agrees to purchase $200M in Rambus stock, pays $200M in cash to Rambus, plus $25M per quarter for the next 5 years in licensing fees. No immediate word on the implications for Micron or Hynix." -
Microsoft To Ship Emergency IE Patch
Grotendo writes "Microsoft plans to release an emergency patch for Internet Explorer very soon to counter targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser. The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend." Microsoft has downplayed the seriousness of the IE zero-day, and insisted that it affects only IE6 even as security researchers close in on exploits for IE7 and IE8. Microsoft has had no comment about the firestorm that Google unleashed by directly accusing the Chinese of cyber espionage. ShadowServer has up a sobering post on the massive extent of the problem of "groups that can be referred to as the Advanced Persistent Threat." -
USPTO Grants Google a Patent On MapReduce
theodp writes "Two years ago, David DeWitt and Michael Stonebraker deemed MapReduce a major step backwards (here are the original paper and a defense of it) that 'represents a specific implementation of well known techniques developed nearly 25 years ago.' A year later, the pair teamed up with other academics and eBay to slam MapReduce again. But the very public complaints didn't stop Google from demanding a patent for MapReduce; nor did it stop the USPTO from granting Google's request (after four rejections). On Tuesday, the USPTO issued U.S. Patent No. 7,650,331 to Google for inventing Efficient Large-Scale Data Processing." -
Modern Warfare 2 Surpasses $1 Billion Mark; Dedicated Servers What?
The Opposable Thumbs blog is running an interesting article contrasting everything Activision did "wrong" in creating and marketing Modern Warfare 2 with the game's unqualified success. Despite price hikes, somewhat shady review practices, exploit frustrations, and the dedicated server fiasco, the game has raked in over a billion dollars in sales. "There was only one way to review Modern Warfare 2: on the Xbox 360, in Santa Barbara, under the watchful eye of Activision. Accepting the paid trip, along with room and board, was the only way you were going to get a review before launch. Joystiq noted that this broke their ethics policy, but they went anyway. Who can say no to a review destined to bring in traffic? Shacknews refused to call their coverage a 'review' because of the ethical issues inherent in the situation, but that stance was unique. The vast majority of news outlets didn't disclose how the review was conducted, or added a disclaimer after the nature of the review was made public. This proved to Activision that if you're big enough, you can dictate the exact terms of any review, and no ethics policy will make news outlets turn you down." -
Iceland's Data Center Push Finally Gets Traction
miller60 writes "Iceland is poised for the completion of its first major international data center project, after years of marketing itself as a potential data center mecca. Iceland offers an ample supply of geothermal energy and an ideal environment for fresh air cooling, but its ambitions were slowed by the global financial collapse. But now the huge UK charity Wellcome Trust has provided funding to complete a new data center in a former NATO facility in Keflavik." -
Lacking Buyers, NASA Cuts Prices On Shuttles and Old Engines
Hugh Pickens writes "Russia's Space Shuttle, Buran, ended its days at a theme park in Moscow and was once offered for sale on the Internet for 3 million dollars. Now the NY Times reports that when the National Aeronautics and Space Administration put out the call in December 2008 seeking buyers for US shuttles from museums, schools and elsewhere, the agency didn't get as much interest as expected, so now NASA has slashed the price of the 1970s-era spaceships, available for sale this fall once their flying days are over, from $42 million to just $28.8 million apiece. 'We're confident that we'll get other takers,' says agency spokesman Mike Curie. The Discovery is already promised to the Smithsonian National Air and Space Museum but the Atlantis and the Endeavour are still up for grabs and it is possible that the Enterprise, a shuttle prototype that never made it to space, will also be available. The lower price is based on NASA's estimate of the cost for transporting a shuttle from Kennedy Space Center to a major airport, and for displaying it indoors in a climate-controlled building. As for the space shuttle main engines, those are now free. NASA advertised them in December 2008 for $400,000 to $800,000 each, but no one expressed interest. So now the engines are available, along with other shuttle artifacts, for the cost of transportation and handling." -
Another Attack, On Law Firm Suing China
An anonymous reader writes "In the wake of the attack on Google, another company claims to be the victim of a similar attack. Gipson Hoffman & Pancione is a Los Angeles law firm whose client, CYBERsitter, is suing the government of China and several Chinese companies for using their intellectual property in the infamous Green Dam censorship filter. According to the firm, they have been targeted by a spear phishing attack from China." Relatedly, smartaleckkill writes with news that the US state department is to formally protest to China over the alleged cyber-attacks on Google, "likely early next week." -
Another Attack, On Law Firm Suing China
An anonymous reader writes "In the wake of the attack on Google, another company claims to be the victim of a similar attack. Gipson Hoffman & Pancione is a Los Angeles law firm whose client, CYBERsitter, is suing the government of China and several Chinese companies for using their intellectual property in the infamous Green Dam censorship filter. According to the firm, they have been targeted by a spear phishing attack from China." Relatedly, smartaleckkill writes with news that the US state department is to formally protest to China over the alleged cyber-attacks on Google, "likely early next week." -
Apple Seeks To Ban Nokia Imports To US
Hugh Pickens writes "Cnet reports that the ongoing patent battle between Apple and Nokia has escalated, with Apple moving to block imports of Nokia cell phones to the US by filing a complaint with the International Trade Commission, an independent federal agency that examines issues including unfair trade practices involving patent, trademark, and copyright infringement. In December, Nokia filed its own complaint with the USITC alleging that Apple infringes seven Nokia patents 'in virtually all of its mobile phones, portable music players, and computers' and sought to ban imports of Apple's iPhone, iPod, and MacBook products. Responding to Apple's latest move, Nokia spokesman Mark Durrant told Bloomberg that 'Nokia will study the complaint when it is received and continue to defend itself vigorously. However this does not alter the fact that Apple has failed to agree appropriate terms for using Nokia technology and has been seeking a free ride on Nokia's innovation since it shipped the first iPhone in 2007.' An ITC investigation is a lengthy process, but it's possible that Apple and Nokia might reach some sort of settlement as suits continue to escalate between the two companies." -
AMD Delivers DX11 Graphics Solution For Under $100
Vigile points out yesterday's launch of "the new AMD Radeon HD 5670, the first graphics card to bring DirectX 11 support to the sub-$100 market and offer next-generation features to almost any budget. The Redwood part (as it was codenamed) is nearly 3.5x smaller in die size than the first DX11 GPUs from AMD while still offering support for DirectCompute 5.0, Eyefinity multi-monitor gaming and of course DX11 features (like tessellation) in upcoming Windows gaming titles. Unfortunately, performance on the card is not revolutionary even for the $99 graphics market, though power consumption has been noticeably lowered while keeping the card well cooled in a single-slot design." -
German Government Advises Public To Stop Using IE
An anonymous reader writes "After McAfee's disclosure of an IE 0-day vulnerability this week that had been used in Operation Aurora, the hack and stealing of data from Google, Adobe and about 3 dozen other major companies, the German government has advised the public to switch to alternative browsers (untranslated statement). Given that the exploit has now been made public and the patch from Microsoft is still nowhere to be seen, how long will it be before other governments follow suit?" -
German Government Advises Public To Stop Using IE
An anonymous reader writes "After McAfee's disclosure of an IE 0-day vulnerability this week that had been used in Operation Aurora, the hack and stealing of data from Google, Adobe and about 3 dozen other major companies, the German government has advised the public to switch to alternative browsers (untranslated statement). Given that the exploit has now been made public and the patch from Microsoft is still nowhere to be seen, how long will it be before other governments follow suit?" -
YouTube Hints At Support For Free/Open Formats With HTML5
shadowmage13 writes "After the recent post about YouTube, so many votes were put in for HTML5 using Free and Open formats that Google has already cleared them all out (to make space for others) and issued an official response (requires Google login): 'We've heard a lot of feedback around supporting HTML5 and are working hard to meet your request, so stay tuned. We'll be following up when we have more information. We're answering this idea now because there are so many similar HTML5 ideas and we want to give other ideas a chance to be seen.' Now all the top ideas are concerning copyright and DMCA abuse." -
$4,400/Yr. Coders May Work On Dept. of Labor Project
theodp writes "To power the Tools for America's Job Seekers Challenge, the US Department of Labor tapped IdeaScale, a subsidiary of Survey Analytics, which is headquartered in Seattle with satellite offices in Nasik, India and Auckland, NZ (PDF). According to the Federal Register (PDF), an Emergency OMB Review was requested to launch the joint initiative of the DOL, White House, and IdeaScale to help out unemployed US workers. A cached Monster.com ad seeks candidates to work on the development and maintenance of ideascale.com, but in India at an annual salary of Rs. 200,000 to 300,000 ($4,4000 to $6,600 US). BTW, an earlier White House-sponsored, IdeaScale-powered Open Government Brainstorm identified legalizing marijuana as one of the best ways to 'strengthen our democracy and promote efficiency and effectiveness.'" There's no guarantee that Indian workers recruited by that Monster.com ad would work on US Department of Labor projects. -
Amazon EC2 May Be Experiencing Growing Pains
1sockchuck writes "Some developers using Amazon EC2 are wondering aloud whether the popularity of the cloud computing service is beginning to affect its performance. Amazon this week denied speculation that it was experiencing capacity problems after a veteran developer reported performance issues and suggested that EC2 might be oversubscribed. Meanwhile, a cloud monitoring service published charts showing increased latency on EC2 in recent weeks. The reports follow an incident over the holidays in which a DDoS on a DNS provider slowed Amazon's retail and cloud operations." -
App Store Piracy Losses Estimated At $459 Million
An anonymous reader passes along this quote from a report at 24/7 Wall St.: "There have been over 3 billion downloads since the inception of the App Store. Assuming the proportion of those that are paid apps falls in the middle of the Bernstein estimate, 17% or 510 million of these were paid applications. Based on our review of current information, paid applications have a piracy rate of around 75%. That supports the figure that for every paid download, there have been 3 pirated downloads. That puts the number of pirate downloads at 1.53 billion. If the average price of a paid application is $3, that is $4.59 billion dollars in losses split between Apple and the application developers. That is, of course, assuming that all of those pirates would have made purchases had the application not been available to them for free. This is almost certainly not the case. A fair estimate of the proportion of people who would have used the App Store if they did not use pirated applications is about 10%. This estimate yields about $459 million in lost revenue for Apple and application developers." A response posted at Mashable takes issue with some of the figures, particularly the 75% piracy rate. While such rates have been seen with game apps, it's unclear whether non-game apps suffer the same fate. -
IE 0-Day Flaw Used In Chinese Attack
bheer writes "A zero-day attack on IE was used to carry out the cyber attack on Google and others that's been getting so much ink recently, reports The Register, quoting McAfee's CTO. While the web (and security) community has pointed out the problems with IE's many security flaws (and its sluggish update cycle) in the past, IE shows no sign of vanishing from the corporate landscape." -
IE 0-Day Flaw Used In Chinese Attack
bheer writes "A zero-day attack on IE was used to carry out the cyber attack on Google and others that's been getting so much ink recently, reports The Register, quoting McAfee's CTO. While the web (and security) community has pointed out the problems with IE's many security flaws (and its sluggish update cycle) in the past, IE shows no sign of vanishing from the corporate landscape." -
IE 0-Day Flaw Used In Chinese Attack
bheer writes "A zero-day attack on IE was used to carry out the cyber attack on Google and others that's been getting so much ink recently, reports The Register, quoting McAfee's CTO. While the web (and security) community has pointed out the problems with IE's many security flaws (and its sluggish update cycle) in the past, IE shows no sign of vanishing from the corporate landscape." -
IE 0-Day Flaw Used In Chinese Attack
bheer writes "A zero-day attack on IE was used to carry out the cyber attack on Google and others that's been getting so much ink recently, reports The Register, quoting McAfee's CTO. While the web (and security) community has pointed out the problems with IE's many security flaws (and its sluggish update cycle) in the past, IE shows no sign of vanishing from the corporate landscape." -
The Norwegian Time Hole
fredrik70 writes "It seems that last month's light show over Norway is still on a lot of minds. Those minds have had over a month to come up with theories, some of which seem a little out there. From a crazy article: 'Russian scientists are reporting to Prime Minister Putin that the high-energy beam fired into the upper heavens from the United States High Frequency Active Auroral Research Program (HAARP) radar facility in Ramfjordmoen, Norway this past month has resulted in a “catastrophic puncturing” of our Plant’s thermosphere thus allowing into the troposphere an “unimpeded thermal inversion” of the exosphere, which is the outermost layer of Earth’s atmosphere.'" On the other hand it might just be a failed missile test. I'm going to warm up the infinite improbability drive just in case. -
ModSecurity 2.5
Martijn de Boer writes "For a long time now Apache's webserver software has been serving up the Web. Because Internet usage is still growing every day, securing your growing number of servers has become very important. ModSecurity 2.5 has been written to illustrate and educate you the ease of use and inner workings of the ModSecurity module for the most widespread webserver." Read below for the rest of Martijn's review. ModSecurity 2.5 author Magnus Mischel pages 280 publisher Packt rating 9/10 reviewer Martijn de Boer ISBN 1847194745 summary shows you how to secure your web application and server The cover reads “Prevent web application hacking with this easy-to-use guide” and sticks with this claim to provide you with a good pathway to secure your webserver. The book is aimed at system administrators ranging from enthusiasts running a webserver at home to your friendly administrators at a large company. Most of the book requires only familiarity with using the linux shell and basic Apache configurations, but earlier encounters with some technicalities like regular expressions may be of help during your reading.
Throughout the chapters the author takes you from the different methods of installing ModSecurity and the basics of creating your first rules to the discovery and reporting of your possible intrusions. Generally providing solutions for example geolocating the origin of the hack, and automatically scanning uploaded files for viruses, the authors background in Internet Security makes this book a valuable asset to your bookshelf.
In the chapters found later in the book, the author shows how to use tools to fingerprint your server and provides you with recipes on how to prevent these methods of gathering information about your server. There is also a lot of information about the impact of rules on the performance of your server. Because the impact is different in every situation, you will be guided around some tools to measure the performance and you will learn how to interpret this data.
Chapter 5 talks about Virtual Patching, a method of preventing misuse by intercepting bad traffic and creating a set of rules for this. This chapter is by far the best piece of information I have found on how this actually works, and how you implement such rules and configuration, and why you should use the method of virtual patching in your situation. Basically the author takes out all the question marks you will have about this method of quickly applying rules and provides a case which is fully illustrated with a lot of background information about the process of finding a insecure piece of code to solving this with a set of rules.
When Packt Publishing contacted me if I would like to review another book for them, I picked this one out of the new releases because using ModSecurity has never been a priority for me. After seeing the title and table of contents I realized that you can never start too early to dive into this subject, and start preventing misuse before it causes more trouble then you can handle, trouble always finds you at the worst times. The author has divided the book in logical chapters, and the depth of information builds up equally from beginning to end. For instance, the second chapter takes you through the basics of regular expressions, but because you will encounter them during rule creation Appendix B will educate you with all specifics of creating those expressions.
As a developer running local test servers, I have found this book very interesting and a great resource on a for me grey area of server security. I am pleasantly surprised by the clarity of the book, the writing style makes you really want to dive into your webserver to apply your newly gained insight to ModSecurity.
You can purchase ModSecurity 2.5 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
ModSecurity 2.5
Martijn de Boer writes "For a long time now Apache's webserver software has been serving up the Web. Because Internet usage is still growing every day, securing your growing number of servers has become very important. ModSecurity 2.5 has been written to illustrate and educate you the ease of use and inner workings of the ModSecurity module for the most widespread webserver." Read below for the rest of Martijn's review. ModSecurity 2.5 author Magnus Mischel pages 280 publisher Packt rating 9/10 reviewer Martijn de Boer ISBN 1847194745 summary shows you how to secure your web application and server The cover reads “Prevent web application hacking with this easy-to-use guide” and sticks with this claim to provide you with a good pathway to secure your webserver. The book is aimed at system administrators ranging from enthusiasts running a webserver at home to your friendly administrators at a large company. Most of the book requires only familiarity with using the linux shell and basic Apache configurations, but earlier encounters with some technicalities like regular expressions may be of help during your reading.
Throughout the chapters the author takes you from the different methods of installing ModSecurity and the basics of creating your first rules to the discovery and reporting of your possible intrusions. Generally providing solutions for example geolocating the origin of the hack, and automatically scanning uploaded files for viruses, the authors background in Internet Security makes this book a valuable asset to your bookshelf.
In the chapters found later in the book, the author shows how to use tools to fingerprint your server and provides you with recipes on how to prevent these methods of gathering information about your server. There is also a lot of information about the impact of rules on the performance of your server. Because the impact is different in every situation, you will be guided around some tools to measure the performance and you will learn how to interpret this data.
Chapter 5 talks about Virtual Patching, a method of preventing misuse by intercepting bad traffic and creating a set of rules for this. This chapter is by far the best piece of information I have found on how this actually works, and how you implement such rules and configuration, and why you should use the method of virtual patching in your situation. Basically the author takes out all the question marks you will have about this method of quickly applying rules and provides a case which is fully illustrated with a lot of background information about the process of finding a insecure piece of code to solving this with a set of rules.
When Packt Publishing contacted me if I would like to review another book for them, I picked this one out of the new releases because using ModSecurity has never been a priority for me. After seeing the title and table of contents I realized that you can never start too early to dive into this subject, and start preventing misuse before it causes more trouble then you can handle, trouble always finds you at the worst times. The author has divided the book in logical chapters, and the depth of information builds up equally from beginning to end. For instance, the second chapter takes you through the basics of regular expressions, but because you will encounter them during rule creation Appendix B will educate you with all specifics of creating those expressions.
As a developer running local test servers, I have found this book very interesting and a great resource on a for me grey area of server security. I am pleasantly surprised by the clarity of the book, the writing style makes you really want to dive into your webserver to apply your newly gained insight to ModSecurity.
You can purchase ModSecurity 2.5 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Google.cn Has Already Lifted Censorship
An anonymous reader writes "In an update to Google's withdrawal from China, there are reports that censorship has already been lifted. It's probably taken a while to report because of Google's ranking system." Just a warning that the language on that blog post is NSFW but it does provide evidence. -
NASA Satellite Looks For Response From Dead Mars Craft
coondoggie writes "NASA's Mars Odyssey orbiter will next week make a number of passes over the presumed dead Phoenix Mars Lander on the surface of the planet and listen for what the space agency called possible, though improbable, radio transmissions. Odyssey will pass over the Phoenix landing site about 10 times this month and two longer listening tries in February and March trying to determine if the craft survived Martian winter and try to lock onto a signal and gain information about the lander’s status." -
Spider-Man 4 Scrapped, Franchise Reboot Planned
derGoldstein writes "Yesterday we discussed which sci-fi should get the reboot treatment next. If you consider Spider-Man as 'proper sci-fi,' then it would appear that's the answer. 'Sony Pictures decided today to reboot the Spider-Man franchise after Sam Raimi pulled out of Spider-Man 4 because he felt he couldn't make its summer release date and keep the film's creative integrity. This means that Raimi and the cast including star Tobey Maguire are out. There will be no Spider-Man 4. Instead, the studio will focus on a reboot script by Jamie Vanderbilt with a new director and a new cast.'" Perhaps Raimi is too busy working on other projects. -
Spider-Man 4 Scrapped, Franchise Reboot Planned
derGoldstein writes "Yesterday we discussed which sci-fi should get the reboot treatment next. If you consider Spider-Man as 'proper sci-fi,' then it would appear that's the answer. 'Sony Pictures decided today to reboot the Spider-Man franchise after Sam Raimi pulled out of Spider-Man 4 because he felt he couldn't make its summer release date and keep the film's creative integrity. This means that Raimi and the cast including star Tobey Maguire are out. There will be no Spider-Man 4. Instead, the studio will focus on a reboot script by Jamie Vanderbilt with a new director and a new cast.'" Perhaps Raimi is too busy working on other projects. -
Apache May Stop 1.3, 2.0 Series Releases
Dan Jones writes "The Apache Software Foundation may stop releasing new versions of the older 1.3 and 2.0 series of its flagship Web server product with most development now focused on the 2.2 series. Nothing is final yet, but messages to the Apache httpd developer mailing list recommend the formal deprecation of the 1.3.x branch, with most citing a lack of development activity. The Apache HTTP server project is one of the most successful and popular open source projects and has become an integral part of the technology stack for thousands of Web and SaaS applications. The first generation of Apache was released in 1995, and the 2.0 series began in 2002. Apache httpd 2.2 began in 2005, with the latest release (October 2009) being 2.2.14. However, the most recent releases of the 1.3 and 2.0 series servers were back in January 2008. With the combined total of active 1.3 and 2.0 series Apache Web servers well into the millions, any decision to end-of-life either product will be watched closely." -
Apache May Stop 1.3, 2.0 Series Releases
Dan Jones writes "The Apache Software Foundation may stop releasing new versions of the older 1.3 and 2.0 series of its flagship Web server product with most development now focused on the 2.2 series. Nothing is final yet, but messages to the Apache httpd developer mailing list recommend the formal deprecation of the 1.3.x branch, with most citing a lack of development activity. The Apache HTTP server project is one of the most successful and popular open source projects and has become an integral part of the technology stack for thousands of Web and SaaS applications. The first generation of Apache was released in 1995, and the 2.0 series began in 2002. Apache httpd 2.2 began in 2005, with the latest release (October 2009) being 2.2.14. However, the most recent releases of the 1.3 and 2.0 series servers were back in January 2008. With the combined total of active 1.3 and 2.0 series Apache Web servers well into the millions, any decision to end-of-life either product will be watched closely." -
Microsoft Pulls Office From Its Own Online Store
CWmike writes "Microsoft has pulled almost every version of Office from its own online store to comply with a court order requiring it to remove custom XML technology from its popular Word software that starts on Monday. As of mid-day, the only edition available from the Microsoft Store was Office Ultimate 2007, a $670 'full-version' suite. All other Windows editions, as well as Office 2008 for Mac, were accompanied by the message: 'This product is currently unavailable while we update versions on our site. We expect it to be available soon.' Microsoft confirmed that the disappearance of Office was related to the injunction that came out of a patent infringement case the company lost in 2009. 'We've taken steps to comply with the court's ruling and we're introducing the revised software into the US market," said Michael Croan, a senior marketing manager, in an e-mail. He also downplayed the move. 'This process will be imperceptible to the vast majority of customers, who will find both trial and purchase options readily available.'" -
Rudolph the Cadmium-Nosed Reindeer
theodp writes "Barred from using lead in children's jewelry because of its toxicity, some Chinese manufacturers have been substituting the more dangerous heavy metal cadmium in sparkling charm bracelets and shiny pendants being sold throughout the US, an AP investigation shows. Charms from 'Rudolph the Red-Nosed Reindeer' bracelets were measured at between 82 and 91 percent cadmium, and leached so much cadmium that they would have to be specially handled and disposed of under US environmental law if they were waste from manufacturing. Cadmium, a known carcinogen, can hinder brain development in the very young. 'There's nothing positive that you can say about this metal. It's a poison,' said the CDC's Bruce Fowler. On the CDC's priority list of 275 most hazardous substances in the environment, cadmium ranks No. 7. Jewelry industry veterans in China say cadmium has been used in domestic products there for years. Hey, at least it doesn't metabolize into GHB when the little tykes ingest it." -
Another Crumbling Reactor Springs a Tritium Leak
mdsolar writes "The decrepit nuclear reactor Vermont Yankee has sprung a radioactive leak similar to those at other poorly run reactors in Illinois (Braidwood, Byron and Dresden), Arizona (Palo Verde), and New York (Indian Point). Greenpeace noted 3 years ago that radioactive tritium leaks even threaten Champagne from France. Tritium and its decay product helium 3 are incredibly valuable and there is currently a shortage of helium 3. What, besides shutting down leaky old nuclear plants, could be done to better control release of tritium into the environment?" -
Facebook's Zuckerberg Says Forget Privacy
judgecorp writes "Privacy is no longer a social norm, according to the founder of Facebook, Mark Zuckerberg. Speaking at the Crunchie awards in San Francisco, the entrepreneur said that expectations had changed, and people now default to sharing online, not privacy. It's all right for him, but does he mean it's ok for bodies like the UK government to monitor all citizens' Internet use?" -
Learning JQuery 1.3
Michael J. Ross writes "Of all Web technologies, JavaScript may have the most checkered past — first heralded as a powerful object-oriented language for jazzing up Web pages, but later condemned as a source of spammy pop-up windows and horrid animations polluting websites everywhere. Yet during the past several years, Web designers and developers are increasingly using JavaScript unobtrusively, for client-site interactivity — as a supplement to server-side functionality, not a replacement, and built upon standards-compliant (X)HTML and CSS. As a result, the once-derided language is now enjoying a true resurgence in interest and use. This has been bolstered by the proliferation of JavaScript libraries, of which jQuery is clearly the front runner. Web programmers seeking to get up to speed on this exciting resource can turn to Learning jQuery 1.3: Better Interaction Design and Web Development with Simple JavaScript Techniques." Keep reading for the rest of Michael's review. Learning jQuery 1.3 author Jonathan Chaffer, Karl Swedberg pages 444 pages publisher Packt Publishing rating 9/10 reviewer Michael J. Ross ISBN 978-1847196705 summary A detailed introduction to this popular JavaScript library. Written by Jonathan Chaffer and Karl Swedberg — two veteran Web developers based in Grand Rapids, Michigan — Learning jQuery 1.3 was published on 13 February 2009, under the ISBN 978-1847196705, by Packt Publishing, which kindly provided to me a copy of the book for review. There is a publisher's Web page for the book, where readers can order print or PDF versions of the book (or both, at a sizable discount); contact Packt Publishing with questions or feedback; read more information about the book, the authors, and the table of contents; and download a free sample chapter (the fourth one, titled "Effects") in PDF format. Readers who want to follow along with the authors' discussion, should note that all of the sample code used in the book can be downloaded from its support page. There is also a link for reading the reported errata, of which there are eleven, as of this writing. (The erratum for page 40 is incorrectly listed twice.)
The book begins with a foreword by John Resig, the creator of jQuery. What follows is over 400 pages of information, organized into eleven chapters and four appendices, covering all of the major topics related to jQuery, after a quick-start chapter: selectors, events, effects, DOM manipulation, AJAX, tables, forms, shufflers and rotators, plug-ins, online resources, development tools, and closures. The book has all the ingredients to serve as a full introduction to jQuery for experienced Web programmers, because it assumes no prior knowledge of jQuery (or any other JavaScript libraries); but it does assume that the reader comprehends the basics of HTML, CSS, and JavaScript — thus not wasting time by teaching these prerequisites skills, as is attempted in some other Web programming books.
The first chapter may be brief, but it is sufficient to present the major features of jQuery, its advantages versus raw JavaScript, and a quick history of its various releases after it was first mentioned by John Resig in August 2005. In addition, the reader is shown where to obtain the library, how to add it to a Web page, and a few of its basic capabilities. In the given example, multiple HTML paragraph elements are styled using just three lines of code; yet the power of jQuery would have been demonstrated even better had the authors also shown the equivalent raw JavaScript needed to perform the same functionality.
The next four chapters present the basics of jQuery upon which everything that follows is built. Readers are introduced, in Chapter 2, to the jQuery syntax for accessing individual elements and groups of elements on a Web page, using the $() factory function, CSS selectors, and jQuery's own custom selectors. As with all of the chapters that follow, several examples are used to illustrate the core ideas. The ability to intercept and react to events on a Web page — such as a user clicking on a particular link — is an essential part of client-side interactivity, and is the topic of the third chapter. But first the groundwork is set by learning how to control when code is executed, how to utilize multiple scripts on a page, and how to use jQuery with other JavaScript libraries. Then a style switcher example is used to demonstrate the "this" keyword, shorthand event methods, and compound events, as well as event capturing, bubbling, objects, targets, propagation, delegation, namespacing, and other topics. Unfortunately, the screenshots are of little help, largely because the black-and-white images fail to show user feedback, such as green backgrounds on hover, and even bolded link text. Chapter 4, which covers jQuery effects, begins by explaining how to programmatically discover and save attribute values, for later use; then it explains how to hide and show HTML elements, fade them in and out, toggle their settings, create simple custom animations, invoke effects sequentially using queuing, and queue effects on different elements using callback functions. The fifth chapter shows how to easily add and remove elements and their attributes from the DOM, and even create a new DOM structure from scratch. Most of the sample code is well explained, except for the fourth line in the insertAfter() snippet on page 96, which is not clear at all. Also, the sample text that consumes the bulk of pages 98 and 99, should be replaced with something much shorter, partly because it would be easier to locate the "span" tags within the text. This chapter, like the previous one, concludes with a "nutshell" summary that is quite helpful — and would be even more so if it listed, next to each jQuery method, the corresponding page number.
Asynchronous JavaScript and XML (AJAX) is a combination of technologies that is seeing more widespread use every year, as developers discover the advantages of dynamic Web page interactivity without the reloading of the page each time, which of course slows down the process for the user. The sixth chapter shows how to utilize AJAX, from a jQuery perspective, with explanations and examples of the four major approaches that involve static data files, including a handy summary of when each approach would be most appropriate. Also explored are the dynamic AJAX strategies, including GET and POST requests. The authors should have mentioned that, in order to make functional the "E" and "F" dictionary entries in the example, the reader will need to load the index.html file using a Web server, and not as a static HTML file, so the calls to "e.php" and "f.php" will work. By the way, anyone confused by the reference to jQuery Reference Guide, on page 146, should be aware that it is the title of a book written by the same authors as this one.
With the seventh chapter, the authors transition from what they consider to be the tutorial portion of the book, and begin to demonstrate how the reader can utilize the earlier basics for improving Web page functionality — in this case, working with tables. The authors make good use of code snippets and screenshots to show how one can do table sorting, row striping, row highlighting, and other capabilities independent of — and in conjunction with — server-side equivalents. The subsequent chapter consists of a similar survey of jQuery goodness, but applied to forms — specifically: styling, client-side validation, auto-completion of search entry fields, and input masking (with an emphasis upon numbers). The sample HTML is a model of quality markup, except for the wrapping of checkbox input elements inside of label elements, which is noncanonical and can make it problematic to properly align all the checkboxes in a form vertically, for all browsers. Chapter 9, titled "Shufflers and Rotators," demonstrates how to create a rotator for RSS newsfeed headlines, and an image carousel featuring image enlargement with transition. Readers interested in testing out the sample code — and possibly even modifying it — should be aware that, for chapters 7 through 9, the sample code within the downloadable archive is not stored in chapter-named directories, but instead combined into an application, in the "bookstore" directory.
The last two chapters of the book are devoted to jQuery plug-ins — using those created by others, and developing one's own. In Chapter 10, to illustrate the high-level ideas, the authors focus on and recommend a number of specific plug-ins built for handling forms, advanced effects, widgets, tables, images, and charts, as well as some theming resources. In the subsequent chapter, the authors show how to develop plug-ins of varying complexity, including those that implement new global functions, implement new jQuery object methods, and extend the jQuery selector engine; the chapter wraps up with advice on how best to distribute newly-created plug-ins.
All of the chapters end with summaries, which, given the detailed and technical nature of the material within each chapter, do not add any value to the book, and could be excised without loss. The four appendices offer some valuable information: numerous online resources for readers seeking reference material; development tools for the most popular Web browsers; details on JavaScript closures; and a quick reference for the jQuery selector expressions and all of the methods. The weakest part of the book, the index, is inadequate — missing important terms, such as "animation," "callback," "iteration" (or "iterator"), and "toggling."
The following errata have yet to be listed on the book's support page: "Let[']s" (page 23), "page [is] loaded" (page 40), "if Normal was" (should read "if Normal were"; page 61), ", though" (should read "though,"; page 80), "user the $() factory function" (page 113), "slices with be" (page 283), and "though[,] there" (page 340). In the errata listed on the support page, the entry for parseFloat refers to page 74, but the error actually occurs once on page 69 and twice on pages 70, 71, and 79. In the six screenshots on pages 253 through 257, the shipping totals are incorrect. Nevertheless, the number of errata per page is far less than what is found in most computer books, especially those from Packt Publishing.
The generous amount of sample code should be quite helpful to the reader, because for most programmers, we learn best by example. However, there are many instances where a line of code is unnecessarily wrapped to a second line, even though there is plenty of room at the end of the first line to accommodate the portion of code forced down; pages 82 and 217 have glaring examples of this. The same premature wrapping is seen in some of the text, such as on pages 210 and 311.
The authors as a whole do an admirable job of explaining the central ideas. The explanations are generally clear, which is absolutely critical for a topic like jQuery that can be overwhelming to anyone unfamiliar with it — and not just as a result of the somewhat cryptic syntax (which admittedly is unavoidable), made worse by chaining and especially by the nesting of anonymous functions. Even a cursory glance through the book should make evident that the authors put a lot of effort into writing it, reflected not just in its substantial length, but also the number of examples they created for the book, and the functionality contained therein.
With its thorough coverage of key jQuery topics — from the basics to plug-in development — Learning jQuery 1.3 is an information-packed resource that can help Web developers learn how to take their JavaScript programming to the next level.
Michael J. Ross is a freelance website developer and writer.
You can purchase Learning jQuery 1.3 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Learning JQuery 1.3
Michael J. Ross writes "Of all Web technologies, JavaScript may have the most checkered past — first heralded as a powerful object-oriented language for jazzing up Web pages, but later condemned as a source of spammy pop-up windows and horrid animations polluting websites everywhere. Yet during the past several years, Web designers and developers are increasingly using JavaScript unobtrusively, for client-site interactivity — as a supplement to server-side functionality, not a replacement, and built upon standards-compliant (X)HTML and CSS. As a result, the once-derided language is now enjoying a true resurgence in interest and use. This has been bolstered by the proliferation of JavaScript libraries, of which jQuery is clearly the front runner. Web programmers seeking to get up to speed on this exciting resource can turn to Learning jQuery 1.3: Better Interaction Design and Web Development with Simple JavaScript Techniques." Keep reading for the rest of Michael's review. Learning jQuery 1.3 author Jonathan Chaffer, Karl Swedberg pages 444 pages publisher Packt Publishing rating 9/10 reviewer Michael J. Ross ISBN 978-1847196705 summary A detailed introduction to this popular JavaScript library. Written by Jonathan Chaffer and Karl Swedberg — two veteran Web developers based in Grand Rapids, Michigan — Learning jQuery 1.3 was published on 13 February 2009, under the ISBN 978-1847196705, by Packt Publishing, which kindly provided to me a copy of the book for review. There is a publisher's Web page for the book, where readers can order print or PDF versions of the book (or both, at a sizable discount); contact Packt Publishing with questions or feedback; read more information about the book, the authors, and the table of contents; and download a free sample chapter (the fourth one, titled "Effects") in PDF format. Readers who want to follow along with the authors' discussion, should note that all of the sample code used in the book can be downloaded from its support page. There is also a link for reading the reported errata, of which there are eleven, as of this writing. (The erratum for page 40 is incorrectly listed twice.)
The book begins with a foreword by John Resig, the creator of jQuery. What follows is over 400 pages of information, organized into eleven chapters and four appendices, covering all of the major topics related to jQuery, after a quick-start chapter: selectors, events, effects, DOM manipulation, AJAX, tables, forms, shufflers and rotators, plug-ins, online resources, development tools, and closures. The book has all the ingredients to serve as a full introduction to jQuery for experienced Web programmers, because it assumes no prior knowledge of jQuery (or any other JavaScript libraries); but it does assume that the reader comprehends the basics of HTML, CSS, and JavaScript — thus not wasting time by teaching these prerequisites skills, as is attempted in some other Web programming books.
The first chapter may be brief, but it is sufficient to present the major features of jQuery, its advantages versus raw JavaScript, and a quick history of its various releases after it was first mentioned by John Resig in August 2005. In addition, the reader is shown where to obtain the library, how to add it to a Web page, and a few of its basic capabilities. In the given example, multiple HTML paragraph elements are styled using just three lines of code; yet the power of jQuery would have been demonstrated even better had the authors also shown the equivalent raw JavaScript needed to perform the same functionality.
The next four chapters present the basics of jQuery upon which everything that follows is built. Readers are introduced, in Chapter 2, to the jQuery syntax for accessing individual elements and groups of elements on a Web page, using the $() factory function, CSS selectors, and jQuery's own custom selectors. As with all of the chapters that follow, several examples are used to illustrate the core ideas. The ability to intercept and react to events on a Web page — such as a user clicking on a particular link — is an essential part of client-side interactivity, and is the topic of the third chapter. But first the groundwork is set by learning how to control when code is executed, how to utilize multiple scripts on a page, and how to use jQuery with other JavaScript libraries. Then a style switcher example is used to demonstrate the "this" keyword, shorthand event methods, and compound events, as well as event capturing, bubbling, objects, targets, propagation, delegation, namespacing, and other topics. Unfortunately, the screenshots are of little help, largely because the black-and-white images fail to show user feedback, such as green backgrounds on hover, and even bolded link text. Chapter 4, which covers jQuery effects, begins by explaining how to programmatically discover and save attribute values, for later use; then it explains how to hide and show HTML elements, fade them in and out, toggle their settings, create simple custom animations, invoke effects sequentially using queuing, and queue effects on different elements using callback functions. The fifth chapter shows how to easily add and remove elements and their attributes from the DOM, and even create a new DOM structure from scratch. Most of the sample code is well explained, except for the fourth line in the insertAfter() snippet on page 96, which is not clear at all. Also, the sample text that consumes the bulk of pages 98 and 99, should be replaced with something much shorter, partly because it would be easier to locate the "span" tags within the text. This chapter, like the previous one, concludes with a "nutshell" summary that is quite helpful — and would be even more so if it listed, next to each jQuery method, the corresponding page number.
Asynchronous JavaScript and XML (AJAX) is a combination of technologies that is seeing more widespread use every year, as developers discover the advantages of dynamic Web page interactivity without the reloading of the page each time, which of course slows down the process for the user. The sixth chapter shows how to utilize AJAX, from a jQuery perspective, with explanations and examples of the four major approaches that involve static data files, including a handy summary of when each approach would be most appropriate. Also explored are the dynamic AJAX strategies, including GET and POST requests. The authors should have mentioned that, in order to make functional the "E" and "F" dictionary entries in the example, the reader will need to load the index.html file using a Web server, and not as a static HTML file, so the calls to "e.php" and "f.php" will work. By the way, anyone confused by the reference to jQuery Reference Guide, on page 146, should be aware that it is the title of a book written by the same authors as this one.
With the seventh chapter, the authors transition from what they consider to be the tutorial portion of the book, and begin to demonstrate how the reader can utilize the earlier basics for improving Web page functionality — in this case, working with tables. The authors make good use of code snippets and screenshots to show how one can do table sorting, row striping, row highlighting, and other capabilities independent of — and in conjunction with — server-side equivalents. The subsequent chapter consists of a similar survey of jQuery goodness, but applied to forms — specifically: styling, client-side validation, auto-completion of search entry fields, and input masking (with an emphasis upon numbers). The sample HTML is a model of quality markup, except for the wrapping of checkbox input elements inside of label elements, which is noncanonical and can make it problematic to properly align all the checkboxes in a form vertically, for all browsers. Chapter 9, titled "Shufflers and Rotators," demonstrates how to create a rotator for RSS newsfeed headlines, and an image carousel featuring image enlargement with transition. Readers interested in testing out the sample code — and possibly even modifying it — should be aware that, for chapters 7 through 9, the sample code within the downloadable archive is not stored in chapter-named directories, but instead combined into an application, in the "bookstore" directory.
The last two chapters of the book are devoted to jQuery plug-ins — using those created by others, and developing one's own. In Chapter 10, to illustrate the high-level ideas, the authors focus on and recommend a number of specific plug-ins built for handling forms, advanced effects, widgets, tables, images, and charts, as well as some theming resources. In the subsequent chapter, the authors show how to develop plug-ins of varying complexity, including those that implement new global functions, implement new jQuery object methods, and extend the jQuery selector engine; the chapter wraps up with advice on how best to distribute newly-created plug-ins.
All of the chapters end with summaries, which, given the detailed and technical nature of the material within each chapter, do not add any value to the book, and could be excised without loss. The four appendices offer some valuable information: numerous online resources for readers seeking reference material; development tools for the most popular Web browsers; details on JavaScript closures; and a quick reference for the jQuery selector expressions and all of the methods. The weakest part of the book, the index, is inadequate — missing important terms, such as "animation," "callback," "iteration" (or "iterator"), and "toggling."
The following errata have yet to be listed on the book's support page: "Let[']s" (page 23), "page [is] loaded" (page 40), "if Normal was" (should read "if Normal were"; page 61), ", though" (should read "though,"; page 80), "user the $() factory function" (page 113), "slices with be" (page 283), and "though[,] there" (page 340). In the errata listed on the support page, the entry for parseFloat refers to page 74, but the error actually occurs once on page 69 and twice on pages 70, 71, and 79. In the six screenshots on pages 253 through 257, the shipping totals are incorrect. Nevertheless, the number of errata per page is far less than what is found in most computer books, especially those from Packt Publishing.
The generous amount of sample code should be quite helpful to the reader, because for most programmers, we learn best by example. However, there are many instances where a line of code is unnecessarily wrapped to a second line, even though there is plenty of room at the end of the first line to accommodate the portion of code forced down; pages 82 and 217 have glaring examples of this. The same premature wrapping is seen in some of the text, such as on pages 210 and 311.
The authors as a whole do an admirable job of explaining the central ideas. The explanations are generally clear, which is absolutely critical for a topic like jQuery that can be overwhelming to anyone unfamiliar with it — and not just as a result of the somewhat cryptic syntax (which admittedly is unavoidable), made worse by chaining and especially by the nesting of anonymous functions. Even a cursory glance through the book should make evident that the authors put a lot of effort into writing it, reflected not just in its substantial length, but also the number of examples they created for the book, and the functionality contained therein.
With its thorough coverage of key jQuery topics — from the basics to plug-in development — Learning jQuery 1.3 is an information-packed resource that can help Web developers learn how to take their JavaScript programming to the next level.
Michael J. Ross is a freelance website developer and writer.
You can purchase Learning jQuery 1.3 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
The End Of Gravity As a Fundamental Force
An anonymous reader writes "At a symposium at the Dutch Spinoza-instituut on 8 December, 2009, string theorist Erik Verlinde introduced a theory that derives Newton's classical mechanics. In his theory, gravity exists because of a difference in concentration of information in the empty space between two masses and its surroundings. He does not consider gravity as fundamental, but as an emergent phenomenon that arises from a deeper microscopic reality. A relativistic extension of his argument leads directly to Einstein's equations." Here are two blog entries discussing Verlinde's proposal in somewhat more accessible terms.
Update: 01/12 04:48 GMT by KD : Dr. Verlinde has put up a blog post explaining in simpler terms the logic of the gravity from entropy paper. He introduces it with: "Because the logic of the paper is being misrepresented in some reports, I add here some clarifications." -
Mozilla To Ditch Firefox Extensions?
An anonymous reader writes "Although some have raised concerns about how sane switching to Jetpack is, it seems that Mozilla's new gadget is bound to replace the powerful extension mechanism we know. Maybe Mozilla wants to replace all the great add-ons we use daily with gadgets that add an entry to the Tools menu, or maybe they just want to draw thousands of inexperienced developers into putting together a bunch of HTML and CSS that won't integrate in the UI. It seems to me that in light of recent decisions we've discussed before, Mozilla isn't going in the right direction. What do you think ?" -
Best Buy Abandoning "Optimization" Service?
ddillman writes "According to The Consumerist, Best Buy is apparently dropping some of its 'optimization' services, and will instead provide the 'Best Buy Software Installer,' a new tool that the company says will 'radically simplify how you set up and customize your new PC or upgrade an existing one.' Translation: instead of you paying Best Buy to delete trialware from your new PC, Best Buy will get paid by software makers to try to get you to install it. A page on the Best Buy web site states that the new installation tool will be available January 17th, and 'gives you choices and options to configure your computer, and saves you time by making it easy to discover new software, then download and install with a single click.' According to an alleged internal Best Buy document obtained by a technology blog, Best Buy stands to make an extra $5 per PC just by including BBSI." -
Live Intel WiDi Demonstration At CES 2010
MojoKid writes "As we saw earlier this week, Intel's new WiDi (Wireless Display Interface) technology will start to be bundled with various Core i5 and Core i3 notebooks later this month, promising to address the Home Theater and Multimedia PC markets with a solution that enables wireless connectivity of your notebook over HDMI to an HDTV using standard 802.11n wireless technologies for transmission of the data. Intel was also demonstrating this technology live at CES 2010 and HotHardware captured video of the technology in action, with Intel Product Manager Joshua Newman. This new technology is obviously fairly mature at this point with retail products waiting in the wings, just a few weeks away." -
Scientists and Lawyers Argue For Open US DNA Database
chrb writes "New Scientist has an article questioning the uniqueness of DNA profiles. 41 scientists and lawyers recently published a high-profile Nature article (sub. required) arguing that the FBI should release its complete CODIS database. The request follows research on the already released Arizona state DNA database (a subset of CODIS) which showed a surprisingly large number of matches between the profiles of different individuals, including one between a white man and a black man. The group states that the assumption that a DNA profile represents a unique individual, with only a minuscule probability of a secondary match, has never been independently verified on a large sample of DNA profiles. The new requests follow the FBI's rejection of similar previous requests." -
NIST Investigating Mass Flash Drive Vulnerability
Lucas123 writes with a followup to news we discussed earlier this week that the encryption on NIST-certified flash drives was cracked. "A number of leading manufacturers of encrypted flash drives have warned their customers of a security flaw uncovered by a German company. The devices in question use the AES 256-bit encryption algorithm and have been certified using the FIPS 140-2, but the flaw appears to circumvent the certification process by uncovering the password authentication code on host systems. The National Institute of Standards and Technology said it's investigating whether it needs to modify its standards to include password authentication software on host systems. Security specialist Bruce Schneier was blunt in his characterization of the flaw: 'It's a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it.'" -
Palm Opens Dev Program, Offers $1M For Top App
CWmike writes "Palm opened up its webOS developer program to the public this week in a bid to close the gap with the number of iPhone and Android apps. Palm will also open up its application distribution channel to developers and Web sites, giving them access to detailed information about applications and statistics, such as the number of downloads. This will allow them to build their own application directories and application ranking mechanisms, Palm's Katie Mitic said. 'As an incentive to developers interested in building their own directories, Palm is offering $1 million to the developer with the most downloads of free and paid applications between February and May, Mitic said. Palm also announced a plug-in development kit for WebOS that allows developers to extend the OS's capabilities using code written in C and C++. Over time, these plug-ins will be incorporated into the software development kit, she said. The plug-in development kit will be released at the Game Developers Conference in March, but a handful of game developers have already put the kit to use. EA Mobile, Laminar Research, Gameloft and Glu all released games that were developed using plug-ins. Those games include 3D titles, such as EA Mobile Need for Speed Undercover, and are now available.'" -
AMD Launches World's First Mobile DirectX 11 GPUs
J. Dzhugashvili writes "Less than 4 months after releasing the first DX11 desktop graphics card, AMD has followed up with a whole lineup of mobile graphics processors based on the same architecture. The new Mobility Radeon HD 5000 lineup includes four different series of GPUs designed to serve everything from high-end gaming notebooks to mainstream thin-and-light systems. AMD has based these processors on the same silicon chips as its desktop Radeon HD 5000-series graphics cards, so performance shouldn't disappoint. The company also intends to follow Nvidia's lead by offering notebook graphics drivers directly from its website, as opposed to relying on laptop vendors to provide updates."