Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Review: Halo Wars
The success of the Halo franchise is unquestionable. Bungie's trilogy of first-person shooters established a standard against which most similar games have been judged for the past eight years. Thus, when Ensemble Studios picked up the task of bringing the Halo universe to real-time strategy, they faced two separate mountains to climb: maintaining the high quality demanded by fans of the series and developing for a genre that traditionally translates poorly to console play. Fortunately, they had a head start on the latter, bringing in a wealth of experience from the Age of Empires series. Creating an intuitive and dependable control scheme was a top priority, and their success in doing so makes Halo Wars a worthy addition to the series. Read on for the rest of my thoughts.- Title: Halo Wars
- Developer: Ensemble Studios
- Publisher: Microsoft Game Studios
- System: Xbox 360
- Reviewer: Soulskill
- Score: 7/10
A solid camera system is the foundation of a good control scheme, and here Ensemble gets off to a running start. The left stick pans around the map at a variable speed determined by how far you push the stick. You can scroll slowly or quickly, and you can also change the maximum speed in the options menu. It's very responsive and easy to get from one place to another. You can hold the left trigger for even more speed, going all the way across the map in about a second. The right stick controls the zoom function, which is largely irrelevant — you'll probably want to keep it zoomed out as far as it will go most of the time — and pushing the stick to the sides rotates your view. You won't need to use this very often, but it's convenient and useful if you want to see things from a different angle.
The other way you can move around the map is with the directional pad. Hitting left will cycle through your base positions, and pressing down will cycle through your unit positions. Occasionally you'll get an alert — for example, a few of your units will be under attack somewhere on the map — and pressing right will take you immediately to the position of your latest alert. Getting around the map is definitely not a problem in this game. It's about as close as you can get to the ease of use that comes with a mouse and keyboard.
The next big hurdle was unit selection, and again, Ensemble did a fine job, giving you all the options and speed you're used to in these types of games. The A-Button selects units individually, but if you hold it down, you get a good-sized circular area which you can then sweep over multiple units to select them at the same time. This takes the place of the typical click-and-drag rectangles on the PC. It's slightly slower, but not by much, and you get the added benefit of being able to grab everyone in a circle around a unit you want to stay put. On top of that, double tapping the A-button on a unit will select all of that type of unit nearby. The right shoulder will select everything on screen, and the left shoulder will grab all units period. The only notable missing function is the inability to save certain groups and switch back to them, and even then, if your groups are spread out, it's not an issue.
If you have multiple unit types selected, the trigger buttons will cycle through the different types, making it very easy to send all your marines in one direction and all your vehicles in another. Once you've had a few missions to get used to the myriad selection options, you won't even need to actively think about what buttons to press. It's a good system because it doesn't get in the way of the actual gameplay. Finally, the means of controlling your units and buildings are simple and intuitive as well. The X-button is your standard "go here," "attack this," "grab this" button, and the Y-button activates any special attacks your selected units have. One nice feature is that you can hold down the X-button for a few seconds and a unit will finish walking to where they were already headed before they go to the new location. This lets you set up paths to take the long way around if the short way isn't safe. Buildings have a radial context menu through which you activate upgrades or pump out new units. You can queue up multiples at a time, and you can cancel an order before it finishes. Essentially, all is as it should be, and you're left to focus on what's important.
Halo Wars starts you off about 20 years before the events of the first Halo game. They send you to Harvest, the first planet to be taken by the Covenant, to establish peaceful and cooperative relations with their leaders and diplomats after five long years of combat. Just kidding — they want you to kill stuff. You get to see cinematics after every mission, which are largely responsible for driving the plot of the game. Visually, they're quite impressive, though the first few are a bit slow. As the game goes on, the cinematics become progressively cooler and more exciting. The writing and the dialogue is less than stellar, but it's serviceable, and it provides some good context to the Halo universe. There are also minor plot points shown during the mission, rendered by the game engine. Those are usually what determine your specific objectives.
There are not many missions in the campaign — just 15 — but they're very diverse. No two are alike, and Ensemble does a decent job of creating interesting objectives and differing levels of resistance. In one, you have to defend civilians as they head for their evacuation shuttles, and you need to take care of the shuttles themselves. The mission is timed, waiting on a countdown to launch. Another mission has you faced with a large energy shield that needs to be taken down. Certain positions on the map are good attack points for a type of long-range tank, so you have to take each position one at a time and hold them all long enough to knock down the barrier. Later you fight a Covenant super-weapon (a Scarab), dodging its main attack while taking out its power supply. And, of course, you get a mission to just build a massive army and annihilate everything else on the map.
They give you a good mixture of offense and defense, though in some cases the amount of resistance you're likely to encounter is unclear. Decisions made early in the game in terms of build order and unit production can effectively eliminate your chances of winning if you guess wrong. This is important because of the way Halo Wars deals with building bases. The bases themselves can only be placed in particular spots. Once a base is built, a number of empty construction bays spring up around it, and you're only allowed to build additional structures where there are construction bays. This means that you're only allowed a maximum of seven structures per base. On top of that, resources aren't something you go out and farm; you build supply pads, which slowly get deliveries from your ship in orbit. So, you're given a tough decision early on whether you want to develop your army or your economy. If you throw down five supply pads, you'll get resources like crazy, but you won't have enough space left to build all of the other things you need to win.
On the easier difficulty levels, this works out decently well; a ton of early resources means that you can pump out enough basic marines to handle most threats until you get fully established and perhaps take a second base. On the harder modes, you're attacked earlier and with stronger forces. Another decision they give you is what type of enemies you want to defend against. Several units are particularly strong against one type of enemy — infantry, vehicle, or aircraft — and not as useful against others. When in doubt, diversify, but if you're playing at an appropriate difficulty level, you can expect to fail a few because you just don't know what to prepare for. The timed missions, in particular, force you into early decisions that simply may not work. Since there's only the UNSC campaign, it's worth going through and doing the side missions, and also trying for some of the difficulty-related achievements.
The AI in Halo Wars is solid; pretty standard for this type of game. Your forces are reasonably smart about picking a target to focus, but not too smart; they won't switch off a full-health tank to drop one that's already almost dead. The pathing is pretty good; you won't have to spend much time micromanaging where you want them to go, but the option is there if you need it. One complaint is that when defending, your troops like to chase attackers too far, spreading out your forces and making it easy for a smart enemy to score some easy kills. There are four difficulty levels — easy, normal, heroic, and legendary. If you're just looking for a quick play-through of the game, go with normal. If you'd like to work for it, go with heroic. If you're pretty good at other real-time strategy games and/or enjoy being punched in the face, legendary will fit the bill.
The selection of units is interesting. You often get a leader and a group of three Spartan soldiers. In addition to being quite powerful, these units are essentially unkillable in the single-player campaign. When they take lethal damage, they drop to the ground and slowly regenerate health. Once they've healed enough, you can revive them by bringing another unit close by. It can lead to some surprising shifts in power. Most of the units are upgradeable to a high degree, becoming significantly more powerful late in the game. For example, the standard UNSC marines begin as a squad of four men with machine guns and grenades. Successive upgrades will: add one man, trade the grenades for long-range rocket launchers, add a medic that will heal the squad after a battle, and finally upgrade all of the marines to Shock Troopers. Each side even has "uber units;" Scarabs shoot giant lasers that fry UNSC forces in seconds, and Vultures are airborne behemoths that can eradicate Covenant buildings almost as quickly.
It would have been great to get a campaign of Covenant missions, but you can still use them in multiplayer. Their buildings are similar to the UNSC selection, but with minor variations. They get shield generators of questionable utility, and their infantry are the ones specialized to fight against particular units, rather than the vehicles. The two factions are similar enough that they'll be well balanced. You can play multiplayer maps against the AI or online with other humans, and you can also play cooperatively with your friends. You select the faction you want to play and then the leader you want, each of whom brings a different unit, ability, or potential upgrade to the table. You can expect to see players using strategies that work in other RTS games. Rushes work well, but they can be dealt with. Selecting your opening strategy tends to be more important than out-managing your opponent in battles. You don't have to have a ridiculous number of actions per minute to do well.
Ensemble succeeded quite well at establishing a control system that is powerful yet doesn't fight for intellectual real estate with the actual playing of the game. It's not a ground-breaking new entry into the real-time strategy genre, but, in a manner similar to the first Halo shooter, it demonstrates how well this genre can work on consoles. And it does well by the Halo franchise in the process. It's too bad Ensemble themselves got split up after completing this game — DLC involving some Covenant missions or making the Flood a third playable race would make this game even better. Fortunately, a team of Ensemble members now going by the name Robot Entertainment will be providing "support." If they're proactive about tuning and balancing the game, Halo Wars multiplayer could become quite popular indeed, in part because there isn't much competition. While it's not likely to be suitable for the hardcore, competitive RTS players, Halo Wars is definitely the fun and easy-to-operate console RTS many players have been waiting for.
-
Review: Halo Wars
The success of the Halo franchise is unquestionable. Bungie's trilogy of first-person shooters established a standard against which most similar games have been judged for the past eight years. Thus, when Ensemble Studios picked up the task of bringing the Halo universe to real-time strategy, they faced two separate mountains to climb: maintaining the high quality demanded by fans of the series and developing for a genre that traditionally translates poorly to console play. Fortunately, they had a head start on the latter, bringing in a wealth of experience from the Age of Empires series. Creating an intuitive and dependable control scheme was a top priority, and their success in doing so makes Halo Wars a worthy addition to the series. Read on for the rest of my thoughts.- Title: Halo Wars
- Developer: Ensemble Studios
- Publisher: Microsoft Game Studios
- System: Xbox 360
- Reviewer: Soulskill
- Score: 7/10
A solid camera system is the foundation of a good control scheme, and here Ensemble gets off to a running start. The left stick pans around the map at a variable speed determined by how far you push the stick. You can scroll slowly or quickly, and you can also change the maximum speed in the options menu. It's very responsive and easy to get from one place to another. You can hold the left trigger for even more speed, going all the way across the map in about a second. The right stick controls the zoom function, which is largely irrelevant — you'll probably want to keep it zoomed out as far as it will go most of the time — and pushing the stick to the sides rotates your view. You won't need to use this very often, but it's convenient and useful if you want to see things from a different angle.
The other way you can move around the map is with the directional pad. Hitting left will cycle through your base positions, and pressing down will cycle through your unit positions. Occasionally you'll get an alert — for example, a few of your units will be under attack somewhere on the map — and pressing right will take you immediately to the position of your latest alert. Getting around the map is definitely not a problem in this game. It's about as close as you can get to the ease of use that comes with a mouse and keyboard.
The next big hurdle was unit selection, and again, Ensemble did a fine job, giving you all the options and speed you're used to in these types of games. The A-Button selects units individually, but if you hold it down, you get a good-sized circular area which you can then sweep over multiple units to select them at the same time. This takes the place of the typical click-and-drag rectangles on the PC. It's slightly slower, but not by much, and you get the added benefit of being able to grab everyone in a circle around a unit you want to stay put. On top of that, double tapping the A-button on a unit will select all of that type of unit nearby. The right shoulder will select everything on screen, and the left shoulder will grab all units period. The only notable missing function is the inability to save certain groups and switch back to them, and even then, if your groups are spread out, it's not an issue.
If you have multiple unit types selected, the trigger buttons will cycle through the different types, making it very easy to send all your marines in one direction and all your vehicles in another. Once you've had a few missions to get used to the myriad selection options, you won't even need to actively think about what buttons to press. It's a good system because it doesn't get in the way of the actual gameplay. Finally, the means of controlling your units and buildings are simple and intuitive as well. The X-button is your standard "go here," "attack this," "grab this" button, and the Y-button activates any special attacks your selected units have. One nice feature is that you can hold down the X-button for a few seconds and a unit will finish walking to where they were already headed before they go to the new location. This lets you set up paths to take the long way around if the short way isn't safe. Buildings have a radial context menu through which you activate upgrades or pump out new units. You can queue up multiples at a time, and you can cancel an order before it finishes. Essentially, all is as it should be, and you're left to focus on what's important.
Halo Wars starts you off about 20 years before the events of the first Halo game. They send you to Harvest, the first planet to be taken by the Covenant, to establish peaceful and cooperative relations with their leaders and diplomats after five long years of combat. Just kidding — they want you to kill stuff. You get to see cinematics after every mission, which are largely responsible for driving the plot of the game. Visually, they're quite impressive, though the first few are a bit slow. As the game goes on, the cinematics become progressively cooler and more exciting. The writing and the dialogue is less than stellar, but it's serviceable, and it provides some good context to the Halo universe. There are also minor plot points shown during the mission, rendered by the game engine. Those are usually what determine your specific objectives.
There are not many missions in the campaign — just 15 — but they're very diverse. No two are alike, and Ensemble does a decent job of creating interesting objectives and differing levels of resistance. In one, you have to defend civilians as they head for their evacuation shuttles, and you need to take care of the shuttles themselves. The mission is timed, waiting on a countdown to launch. Another mission has you faced with a large energy shield that needs to be taken down. Certain positions on the map are good attack points for a type of long-range tank, so you have to take each position one at a time and hold them all long enough to knock down the barrier. Later you fight a Covenant super-weapon (a Scarab), dodging its main attack while taking out its power supply. And, of course, you get a mission to just build a massive army and annihilate everything else on the map.
They give you a good mixture of offense and defense, though in some cases the amount of resistance you're likely to encounter is unclear. Decisions made early in the game in terms of build order and unit production can effectively eliminate your chances of winning if you guess wrong. This is important because of the way Halo Wars deals with building bases. The bases themselves can only be placed in particular spots. Once a base is built, a number of empty construction bays spring up around it, and you're only allowed to build additional structures where there are construction bays. This means that you're only allowed a maximum of seven structures per base. On top of that, resources aren't something you go out and farm; you build supply pads, which slowly get deliveries from your ship in orbit. So, you're given a tough decision early on whether you want to develop your army or your economy. If you throw down five supply pads, you'll get resources like crazy, but you won't have enough space left to build all of the other things you need to win.
On the easier difficulty levels, this works out decently well; a ton of early resources means that you can pump out enough basic marines to handle most threats until you get fully established and perhaps take a second base. On the harder modes, you're attacked earlier and with stronger forces. Another decision they give you is what type of enemies you want to defend against. Several units are particularly strong against one type of enemy — infantry, vehicle, or aircraft — and not as useful against others. When in doubt, diversify, but if you're playing at an appropriate difficulty level, you can expect to fail a few because you just don't know what to prepare for. The timed missions, in particular, force you into early decisions that simply may not work. Since there's only the UNSC campaign, it's worth going through and doing the side missions, and also trying for some of the difficulty-related achievements.
The AI in Halo Wars is solid; pretty standard for this type of game. Your forces are reasonably smart about picking a target to focus, but not too smart; they won't switch off a full-health tank to drop one that's already almost dead. The pathing is pretty good; you won't have to spend much time micromanaging where you want them to go, but the option is there if you need it. One complaint is that when defending, your troops like to chase attackers too far, spreading out your forces and making it easy for a smart enemy to score some easy kills. There are four difficulty levels — easy, normal, heroic, and legendary. If you're just looking for a quick play-through of the game, go with normal. If you'd like to work for it, go with heroic. If you're pretty good at other real-time strategy games and/or enjoy being punched in the face, legendary will fit the bill.
The selection of units is interesting. You often get a leader and a group of three Spartan soldiers. In addition to being quite powerful, these units are essentially unkillable in the single-player campaign. When they take lethal damage, they drop to the ground and slowly regenerate health. Once they've healed enough, you can revive them by bringing another unit close by. It can lead to some surprising shifts in power. Most of the units are upgradeable to a high degree, becoming significantly more powerful late in the game. For example, the standard UNSC marines begin as a squad of four men with machine guns and grenades. Successive upgrades will: add one man, trade the grenades for long-range rocket launchers, add a medic that will heal the squad after a battle, and finally upgrade all of the marines to Shock Troopers. Each side even has "uber units;" Scarabs shoot giant lasers that fry UNSC forces in seconds, and Vultures are airborne behemoths that can eradicate Covenant buildings almost as quickly.
It would have been great to get a campaign of Covenant missions, but you can still use them in multiplayer. Their buildings are similar to the UNSC selection, but with minor variations. They get shield generators of questionable utility, and their infantry are the ones specialized to fight against particular units, rather than the vehicles. The two factions are similar enough that they'll be well balanced. You can play multiplayer maps against the AI or online with other humans, and you can also play cooperatively with your friends. You select the faction you want to play and then the leader you want, each of whom brings a different unit, ability, or potential upgrade to the table. You can expect to see players using strategies that work in other RTS games. Rushes work well, but they can be dealt with. Selecting your opening strategy tends to be more important than out-managing your opponent in battles. You don't have to have a ridiculous number of actions per minute to do well.
Ensemble succeeded quite well at establishing a control system that is powerful yet doesn't fight for intellectual real estate with the actual playing of the game. It's not a ground-breaking new entry into the real-time strategy genre, but, in a manner similar to the first Halo shooter, it demonstrates how well this genre can work on consoles. And it does well by the Halo franchise in the process. It's too bad Ensemble themselves got split up after completing this game — DLC involving some Covenant missions or making the Flood a third playable race would make this game even better. Fortunately, a team of Ensemble members now going by the name Robot Entertainment will be providing "support." If they're proactive about tuning and balancing the game, Halo Wars multiplayer could become quite popular indeed, in part because there isn't much competition. While it's not likely to be suitable for the hardcore, competitive RTS players, Halo Wars is definitely the fun and easy-to-operate console RTS many players have been waiting for.
-
Review: Halo Wars
The success of the Halo franchise is unquestionable. Bungie's trilogy of first-person shooters established a standard against which most similar games have been judged for the past eight years. Thus, when Ensemble Studios picked up the task of bringing the Halo universe to real-time strategy, they faced two separate mountains to climb: maintaining the high quality demanded by fans of the series and developing for a genre that traditionally translates poorly to console play. Fortunately, they had a head start on the latter, bringing in a wealth of experience from the Age of Empires series. Creating an intuitive and dependable control scheme was a top priority, and their success in doing so makes Halo Wars a worthy addition to the series. Read on for the rest of my thoughts.- Title: Halo Wars
- Developer: Ensemble Studios
- Publisher: Microsoft Game Studios
- System: Xbox 360
- Reviewer: Soulskill
- Score: 7/10
A solid camera system is the foundation of a good control scheme, and here Ensemble gets off to a running start. The left stick pans around the map at a variable speed determined by how far you push the stick. You can scroll slowly or quickly, and you can also change the maximum speed in the options menu. It's very responsive and easy to get from one place to another. You can hold the left trigger for even more speed, going all the way across the map in about a second. The right stick controls the zoom function, which is largely irrelevant — you'll probably want to keep it zoomed out as far as it will go most of the time — and pushing the stick to the sides rotates your view. You won't need to use this very often, but it's convenient and useful if you want to see things from a different angle.
The other way you can move around the map is with the directional pad. Hitting left will cycle through your base positions, and pressing down will cycle through your unit positions. Occasionally you'll get an alert — for example, a few of your units will be under attack somewhere on the map — and pressing right will take you immediately to the position of your latest alert. Getting around the map is definitely not a problem in this game. It's about as close as you can get to the ease of use that comes with a mouse and keyboard.
The next big hurdle was unit selection, and again, Ensemble did a fine job, giving you all the options and speed you're used to in these types of games. The A-Button selects units individually, but if you hold it down, you get a good-sized circular area which you can then sweep over multiple units to select them at the same time. This takes the place of the typical click-and-drag rectangles on the PC. It's slightly slower, but not by much, and you get the added benefit of being able to grab everyone in a circle around a unit you want to stay put. On top of that, double tapping the A-button on a unit will select all of that type of unit nearby. The right shoulder will select everything on screen, and the left shoulder will grab all units period. The only notable missing function is the inability to save certain groups and switch back to them, and even then, if your groups are spread out, it's not an issue.
If you have multiple unit types selected, the trigger buttons will cycle through the different types, making it very easy to send all your marines in one direction and all your vehicles in another. Once you've had a few missions to get used to the myriad selection options, you won't even need to actively think about what buttons to press. It's a good system because it doesn't get in the way of the actual gameplay. Finally, the means of controlling your units and buildings are simple and intuitive as well. The X-button is your standard "go here," "attack this," "grab this" button, and the Y-button activates any special attacks your selected units have. One nice feature is that you can hold down the X-button for a few seconds and a unit will finish walking to where they were already headed before they go to the new location. This lets you set up paths to take the long way around if the short way isn't safe. Buildings have a radial context menu through which you activate upgrades or pump out new units. You can queue up multiples at a time, and you can cancel an order before it finishes. Essentially, all is as it should be, and you're left to focus on what's important.
Halo Wars starts you off about 20 years before the events of the first Halo game. They send you to Harvest, the first planet to be taken by the Covenant, to establish peaceful and cooperative relations with their leaders and diplomats after five long years of combat. Just kidding — they want you to kill stuff. You get to see cinematics after every mission, which are largely responsible for driving the plot of the game. Visually, they're quite impressive, though the first few are a bit slow. As the game goes on, the cinematics become progressively cooler and more exciting. The writing and the dialogue is less than stellar, but it's serviceable, and it provides some good context to the Halo universe. There are also minor plot points shown during the mission, rendered by the game engine. Those are usually what determine your specific objectives.
There are not many missions in the campaign — just 15 — but they're very diverse. No two are alike, and Ensemble does a decent job of creating interesting objectives and differing levels of resistance. In one, you have to defend civilians as they head for their evacuation shuttles, and you need to take care of the shuttles themselves. The mission is timed, waiting on a countdown to launch. Another mission has you faced with a large energy shield that needs to be taken down. Certain positions on the map are good attack points for a type of long-range tank, so you have to take each position one at a time and hold them all long enough to knock down the barrier. Later you fight a Covenant super-weapon (a Scarab), dodging its main attack while taking out its power supply. And, of course, you get a mission to just build a massive army and annihilate everything else on the map.
They give you a good mixture of offense and defense, though in some cases the amount of resistance you're likely to encounter is unclear. Decisions made early in the game in terms of build order and unit production can effectively eliminate your chances of winning if you guess wrong. This is important because of the way Halo Wars deals with building bases. The bases themselves can only be placed in particular spots. Once a base is built, a number of empty construction bays spring up around it, and you're only allowed to build additional structures where there are construction bays. This means that you're only allowed a maximum of seven structures per base. On top of that, resources aren't something you go out and farm; you build supply pads, which slowly get deliveries from your ship in orbit. So, you're given a tough decision early on whether you want to develop your army or your economy. If you throw down five supply pads, you'll get resources like crazy, but you won't have enough space left to build all of the other things you need to win.
On the easier difficulty levels, this works out decently well; a ton of early resources means that you can pump out enough basic marines to handle most threats until you get fully established and perhaps take a second base. On the harder modes, you're attacked earlier and with stronger forces. Another decision they give you is what type of enemies you want to defend against. Several units are particularly strong against one type of enemy — infantry, vehicle, or aircraft — and not as useful against others. When in doubt, diversify, but if you're playing at an appropriate difficulty level, you can expect to fail a few because you just don't know what to prepare for. The timed missions, in particular, force you into early decisions that simply may not work. Since there's only the UNSC campaign, it's worth going through and doing the side missions, and also trying for some of the difficulty-related achievements.
The AI in Halo Wars is solid; pretty standard for this type of game. Your forces are reasonably smart about picking a target to focus, but not too smart; they won't switch off a full-health tank to drop one that's already almost dead. The pathing is pretty good; you won't have to spend much time micromanaging where you want them to go, but the option is there if you need it. One complaint is that when defending, your troops like to chase attackers too far, spreading out your forces and making it easy for a smart enemy to score some easy kills. There are four difficulty levels — easy, normal, heroic, and legendary. If you're just looking for a quick play-through of the game, go with normal. If you'd like to work for it, go with heroic. If you're pretty good at other real-time strategy games and/or enjoy being punched in the face, legendary will fit the bill.
The selection of units is interesting. You often get a leader and a group of three Spartan soldiers. In addition to being quite powerful, these units are essentially unkillable in the single-player campaign. When they take lethal damage, they drop to the ground and slowly regenerate health. Once they've healed enough, you can revive them by bringing another unit close by. It can lead to some surprising shifts in power. Most of the units are upgradeable to a high degree, becoming significantly more powerful late in the game. For example, the standard UNSC marines begin as a squad of four men with machine guns and grenades. Successive upgrades will: add one man, trade the grenades for long-range rocket launchers, add a medic that will heal the squad after a battle, and finally upgrade all of the marines to Shock Troopers. Each side even has "uber units;" Scarabs shoot giant lasers that fry UNSC forces in seconds, and Vultures are airborne behemoths that can eradicate Covenant buildings almost as quickly.
It would have been great to get a campaign of Covenant missions, but you can still use them in multiplayer. Their buildings are similar to the UNSC selection, but with minor variations. They get shield generators of questionable utility, and their infantry are the ones specialized to fight against particular units, rather than the vehicles. The two factions are similar enough that they'll be well balanced. You can play multiplayer maps against the AI or online with other humans, and you can also play cooperatively with your friends. You select the faction you want to play and then the leader you want, each of whom brings a different unit, ability, or potential upgrade to the table. You can expect to see players using strategies that work in other RTS games. Rushes work well, but they can be dealt with. Selecting your opening strategy tends to be more important than out-managing your opponent in battles. You don't have to have a ridiculous number of actions per minute to do well.
Ensemble succeeded quite well at establishing a control system that is powerful yet doesn't fight for intellectual real estate with the actual playing of the game. It's not a ground-breaking new entry into the real-time strategy genre, but, in a manner similar to the first Halo shooter, it demonstrates how well this genre can work on consoles. And it does well by the Halo franchise in the process. It's too bad Ensemble themselves got split up after completing this game — DLC involving some Covenant missions or making the Flood a third playable race would make this game even better. Fortunately, a team of Ensemble members now going by the name Robot Entertainment will be providing "support." If they're proactive about tuning and balancing the game, Halo Wars multiplayer could become quite popular indeed, in part because there isn't much competition. While it's not likely to be suitable for the hardcore, competitive RTS players, Halo Wars is definitely the fun and easy-to-operate console RTS many players have been waiting for.
-
Review: Halo Wars
The success of the Halo franchise is unquestionable. Bungie's trilogy of first-person shooters established a standard against which most similar games have been judged for the past eight years. Thus, when Ensemble Studios picked up the task of bringing the Halo universe to real-time strategy, they faced two separate mountains to climb: maintaining the high quality demanded by fans of the series and developing for a genre that traditionally translates poorly to console play. Fortunately, they had a head start on the latter, bringing in a wealth of experience from the Age of Empires series. Creating an intuitive and dependable control scheme was a top priority, and their success in doing so makes Halo Wars a worthy addition to the series. Read on for the rest of my thoughts.- Title: Halo Wars
- Developer: Ensemble Studios
- Publisher: Microsoft Game Studios
- System: Xbox 360
- Reviewer: Soulskill
- Score: 7/10
A solid camera system is the foundation of a good control scheme, and here Ensemble gets off to a running start. The left stick pans around the map at a variable speed determined by how far you push the stick. You can scroll slowly or quickly, and you can also change the maximum speed in the options menu. It's very responsive and easy to get from one place to another. You can hold the left trigger for even more speed, going all the way across the map in about a second. The right stick controls the zoom function, which is largely irrelevant — you'll probably want to keep it zoomed out as far as it will go most of the time — and pushing the stick to the sides rotates your view. You won't need to use this very often, but it's convenient and useful if you want to see things from a different angle.
The other way you can move around the map is with the directional pad. Hitting left will cycle through your base positions, and pressing down will cycle through your unit positions. Occasionally you'll get an alert — for example, a few of your units will be under attack somewhere on the map — and pressing right will take you immediately to the position of your latest alert. Getting around the map is definitely not a problem in this game. It's about as close as you can get to the ease of use that comes with a mouse and keyboard.
The next big hurdle was unit selection, and again, Ensemble did a fine job, giving you all the options and speed you're used to in these types of games. The A-Button selects units individually, but if you hold it down, you get a good-sized circular area which you can then sweep over multiple units to select them at the same time. This takes the place of the typical click-and-drag rectangles on the PC. It's slightly slower, but not by much, and you get the added benefit of being able to grab everyone in a circle around a unit you want to stay put. On top of that, double tapping the A-button on a unit will select all of that type of unit nearby. The right shoulder will select everything on screen, and the left shoulder will grab all units period. The only notable missing function is the inability to save certain groups and switch back to them, and even then, if your groups are spread out, it's not an issue.
If you have multiple unit types selected, the trigger buttons will cycle through the different types, making it very easy to send all your marines in one direction and all your vehicles in another. Once you've had a few missions to get used to the myriad selection options, you won't even need to actively think about what buttons to press. It's a good system because it doesn't get in the way of the actual gameplay. Finally, the means of controlling your units and buildings are simple and intuitive as well. The X-button is your standard "go here," "attack this," "grab this" button, and the Y-button activates any special attacks your selected units have. One nice feature is that you can hold down the X-button for a few seconds and a unit will finish walking to where they were already headed before they go to the new location. This lets you set up paths to take the long way around if the short way isn't safe. Buildings have a radial context menu through which you activate upgrades or pump out new units. You can queue up multiples at a time, and you can cancel an order before it finishes. Essentially, all is as it should be, and you're left to focus on what's important.
Halo Wars starts you off about 20 years before the events of the first Halo game. They send you to Harvest, the first planet to be taken by the Covenant, to establish peaceful and cooperative relations with their leaders and diplomats after five long years of combat. Just kidding — they want you to kill stuff. You get to see cinematics after every mission, which are largely responsible for driving the plot of the game. Visually, they're quite impressive, though the first few are a bit slow. As the game goes on, the cinematics become progressively cooler and more exciting. The writing and the dialogue is less than stellar, but it's serviceable, and it provides some good context to the Halo universe. There are also minor plot points shown during the mission, rendered by the game engine. Those are usually what determine your specific objectives.
There are not many missions in the campaign — just 15 — but they're very diverse. No two are alike, and Ensemble does a decent job of creating interesting objectives and differing levels of resistance. In one, you have to defend civilians as they head for their evacuation shuttles, and you need to take care of the shuttles themselves. The mission is timed, waiting on a countdown to launch. Another mission has you faced with a large energy shield that needs to be taken down. Certain positions on the map are good attack points for a type of long-range tank, so you have to take each position one at a time and hold them all long enough to knock down the barrier. Later you fight a Covenant super-weapon (a Scarab), dodging its main attack while taking out its power supply. And, of course, you get a mission to just build a massive army and annihilate everything else on the map.
They give you a good mixture of offense and defense, though in some cases the amount of resistance you're likely to encounter is unclear. Decisions made early in the game in terms of build order and unit production can effectively eliminate your chances of winning if you guess wrong. This is important because of the way Halo Wars deals with building bases. The bases themselves can only be placed in particular spots. Once a base is built, a number of empty construction bays spring up around it, and you're only allowed to build additional structures where there are construction bays. This means that you're only allowed a maximum of seven structures per base. On top of that, resources aren't something you go out and farm; you build supply pads, which slowly get deliveries from your ship in orbit. So, you're given a tough decision early on whether you want to develop your army or your economy. If you throw down five supply pads, you'll get resources like crazy, but you won't have enough space left to build all of the other things you need to win.
On the easier difficulty levels, this works out decently well; a ton of early resources means that you can pump out enough basic marines to handle most threats until you get fully established and perhaps take a second base. On the harder modes, you're attacked earlier and with stronger forces. Another decision they give you is what type of enemies you want to defend against. Several units are particularly strong against one type of enemy — infantry, vehicle, or aircraft — and not as useful against others. When in doubt, diversify, but if you're playing at an appropriate difficulty level, you can expect to fail a few because you just don't know what to prepare for. The timed missions, in particular, force you into early decisions that simply may not work. Since there's only the UNSC campaign, it's worth going through and doing the side missions, and also trying for some of the difficulty-related achievements.
The AI in Halo Wars is solid; pretty standard for this type of game. Your forces are reasonably smart about picking a target to focus, but not too smart; they won't switch off a full-health tank to drop one that's already almost dead. The pathing is pretty good; you won't have to spend much time micromanaging where you want them to go, but the option is there if you need it. One complaint is that when defending, your troops like to chase attackers too far, spreading out your forces and making it easy for a smart enemy to score some easy kills. There are four difficulty levels — easy, normal, heroic, and legendary. If you're just looking for a quick play-through of the game, go with normal. If you'd like to work for it, go with heroic. If you're pretty good at other real-time strategy games and/or enjoy being punched in the face, legendary will fit the bill.
The selection of units is interesting. You often get a leader and a group of three Spartan soldiers. In addition to being quite powerful, these units are essentially unkillable in the single-player campaign. When they take lethal damage, they drop to the ground and slowly regenerate health. Once they've healed enough, you can revive them by bringing another unit close by. It can lead to some surprising shifts in power. Most of the units are upgradeable to a high degree, becoming significantly more powerful late in the game. For example, the standard UNSC marines begin as a squad of four men with machine guns and grenades. Successive upgrades will: add one man, trade the grenades for long-range rocket launchers, add a medic that will heal the squad after a battle, and finally upgrade all of the marines to Shock Troopers. Each side even has "uber units;" Scarabs shoot giant lasers that fry UNSC forces in seconds, and Vultures are airborne behemoths that can eradicate Covenant buildings almost as quickly.
It would have been great to get a campaign of Covenant missions, but you can still use them in multiplayer. Their buildings are similar to the UNSC selection, but with minor variations. They get shield generators of questionable utility, and their infantry are the ones specialized to fight against particular units, rather than the vehicles. The two factions are similar enough that they'll be well balanced. You can play multiplayer maps against the AI or online with other humans, and you can also play cooperatively with your friends. You select the faction you want to play and then the leader you want, each of whom brings a different unit, ability, or potential upgrade to the table. You can expect to see players using strategies that work in other RTS games. Rushes work well, but they can be dealt with. Selecting your opening strategy tends to be more important than out-managing your opponent in battles. You don't have to have a ridiculous number of actions per minute to do well.
Ensemble succeeded quite well at establishing a control system that is powerful yet doesn't fight for intellectual real estate with the actual playing of the game. It's not a ground-breaking new entry into the real-time strategy genre, but, in a manner similar to the first Halo shooter, it demonstrates how well this genre can work on consoles. And it does well by the Halo franchise in the process. It's too bad Ensemble themselves got split up after completing this game — DLC involving some Covenant missions or making the Flood a third playable race would make this game even better. Fortunately, a team of Ensemble members now going by the name Robot Entertainment will be providing "support." If they're proactive about tuning and balancing the game, Halo Wars multiplayer could become quite popular indeed, in part because there isn't much competition. While it's not likely to be suitable for the hardcore, competitive RTS players, Halo Wars is definitely the fun and easy-to-operate console RTS many players have been waiting for.
-
Review: Halo Wars
The success of the Halo franchise is unquestionable. Bungie's trilogy of first-person shooters established a standard against which most similar games have been judged for the past eight years. Thus, when Ensemble Studios picked up the task of bringing the Halo universe to real-time strategy, they faced two separate mountains to climb: maintaining the high quality demanded by fans of the series and developing for a genre that traditionally translates poorly to console play. Fortunately, they had a head start on the latter, bringing in a wealth of experience from the Age of Empires series. Creating an intuitive and dependable control scheme was a top priority, and their success in doing so makes Halo Wars a worthy addition to the series. Read on for the rest of my thoughts.- Title: Halo Wars
- Developer: Ensemble Studios
- Publisher: Microsoft Game Studios
- System: Xbox 360
- Reviewer: Soulskill
- Score: 7/10
A solid camera system is the foundation of a good control scheme, and here Ensemble gets off to a running start. The left stick pans around the map at a variable speed determined by how far you push the stick. You can scroll slowly or quickly, and you can also change the maximum speed in the options menu. It's very responsive and easy to get from one place to another. You can hold the left trigger for even more speed, going all the way across the map in about a second. The right stick controls the zoom function, which is largely irrelevant — you'll probably want to keep it zoomed out as far as it will go most of the time — and pushing the stick to the sides rotates your view. You won't need to use this very often, but it's convenient and useful if you want to see things from a different angle.
The other way you can move around the map is with the directional pad. Hitting left will cycle through your base positions, and pressing down will cycle through your unit positions. Occasionally you'll get an alert — for example, a few of your units will be under attack somewhere on the map — and pressing right will take you immediately to the position of your latest alert. Getting around the map is definitely not a problem in this game. It's about as close as you can get to the ease of use that comes with a mouse and keyboard.
The next big hurdle was unit selection, and again, Ensemble did a fine job, giving you all the options and speed you're used to in these types of games. The A-Button selects units individually, but if you hold it down, you get a good-sized circular area which you can then sweep over multiple units to select them at the same time. This takes the place of the typical click-and-drag rectangles on the PC. It's slightly slower, but not by much, and you get the added benefit of being able to grab everyone in a circle around a unit you want to stay put. On top of that, double tapping the A-button on a unit will select all of that type of unit nearby. The right shoulder will select everything on screen, and the left shoulder will grab all units period. The only notable missing function is the inability to save certain groups and switch back to them, and even then, if your groups are spread out, it's not an issue.
If you have multiple unit types selected, the trigger buttons will cycle through the different types, making it very easy to send all your marines in one direction and all your vehicles in another. Once you've had a few missions to get used to the myriad selection options, you won't even need to actively think about what buttons to press. It's a good system because it doesn't get in the way of the actual gameplay. Finally, the means of controlling your units and buildings are simple and intuitive as well. The X-button is your standard "go here," "attack this," "grab this" button, and the Y-button activates any special attacks your selected units have. One nice feature is that you can hold down the X-button for a few seconds and a unit will finish walking to where they were already headed before they go to the new location. This lets you set up paths to take the long way around if the short way isn't safe. Buildings have a radial context menu through which you activate upgrades or pump out new units. You can queue up multiples at a time, and you can cancel an order before it finishes. Essentially, all is as it should be, and you're left to focus on what's important.
Halo Wars starts you off about 20 years before the events of the first Halo game. They send you to Harvest, the first planet to be taken by the Covenant, to establish peaceful and cooperative relations with their leaders and diplomats after five long years of combat. Just kidding — they want you to kill stuff. You get to see cinematics after every mission, which are largely responsible for driving the plot of the game. Visually, they're quite impressive, though the first few are a bit slow. As the game goes on, the cinematics become progressively cooler and more exciting. The writing and the dialogue is less than stellar, but it's serviceable, and it provides some good context to the Halo universe. There are also minor plot points shown during the mission, rendered by the game engine. Those are usually what determine your specific objectives.
There are not many missions in the campaign — just 15 — but they're very diverse. No two are alike, and Ensemble does a decent job of creating interesting objectives and differing levels of resistance. In one, you have to defend civilians as they head for their evacuation shuttles, and you need to take care of the shuttles themselves. The mission is timed, waiting on a countdown to launch. Another mission has you faced with a large energy shield that needs to be taken down. Certain positions on the map are good attack points for a type of long-range tank, so you have to take each position one at a time and hold them all long enough to knock down the barrier. Later you fight a Covenant super-weapon (a Scarab), dodging its main attack while taking out its power supply. And, of course, you get a mission to just build a massive army and annihilate everything else on the map.
They give you a good mixture of offense and defense, though in some cases the amount of resistance you're likely to encounter is unclear. Decisions made early in the game in terms of build order and unit production can effectively eliminate your chances of winning if you guess wrong. This is important because of the way Halo Wars deals with building bases. The bases themselves can only be placed in particular spots. Once a base is built, a number of empty construction bays spring up around it, and you're only allowed to build additional structures where there are construction bays. This means that you're only allowed a maximum of seven structures per base. On top of that, resources aren't something you go out and farm; you build supply pads, which slowly get deliveries from your ship in orbit. So, you're given a tough decision early on whether you want to develop your army or your economy. If you throw down five supply pads, you'll get resources like crazy, but you won't have enough space left to build all of the other things you need to win.
On the easier difficulty levels, this works out decently well; a ton of early resources means that you can pump out enough basic marines to handle most threats until you get fully established and perhaps take a second base. On the harder modes, you're attacked earlier and with stronger forces. Another decision they give you is what type of enemies you want to defend against. Several units are particularly strong against one type of enemy — infantry, vehicle, or aircraft — and not as useful against others. When in doubt, diversify, but if you're playing at an appropriate difficulty level, you can expect to fail a few because you just don't know what to prepare for. The timed missions, in particular, force you into early decisions that simply may not work. Since there's only the UNSC campaign, it's worth going through and doing the side missions, and also trying for some of the difficulty-related achievements.
The AI in Halo Wars is solid; pretty standard for this type of game. Your forces are reasonably smart about picking a target to focus, but not too smart; they won't switch off a full-health tank to drop one that's already almost dead. The pathing is pretty good; you won't have to spend much time micromanaging where you want them to go, but the option is there if you need it. One complaint is that when defending, your troops like to chase attackers too far, spreading out your forces and making it easy for a smart enemy to score some easy kills. There are four difficulty levels — easy, normal, heroic, and legendary. If you're just looking for a quick play-through of the game, go with normal. If you'd like to work for it, go with heroic. If you're pretty good at other real-time strategy games and/or enjoy being punched in the face, legendary will fit the bill.
The selection of units is interesting. You often get a leader and a group of three Spartan soldiers. In addition to being quite powerful, these units are essentially unkillable in the single-player campaign. When they take lethal damage, they drop to the ground and slowly regenerate health. Once they've healed enough, you can revive them by bringing another unit close by. It can lead to some surprising shifts in power. Most of the units are upgradeable to a high degree, becoming significantly more powerful late in the game. For example, the standard UNSC marines begin as a squad of four men with machine guns and grenades. Successive upgrades will: add one man, trade the grenades for long-range rocket launchers, add a medic that will heal the squad after a battle, and finally upgrade all of the marines to Shock Troopers. Each side even has "uber units;" Scarabs shoot giant lasers that fry UNSC forces in seconds, and Vultures are airborne behemoths that can eradicate Covenant buildings almost as quickly.
It would have been great to get a campaign of Covenant missions, but you can still use them in multiplayer. Their buildings are similar to the UNSC selection, but with minor variations. They get shield generators of questionable utility, and their infantry are the ones specialized to fight against particular units, rather than the vehicles. The two factions are similar enough that they'll be well balanced. You can play multiplayer maps against the AI or online with other humans, and you can also play cooperatively with your friends. You select the faction you want to play and then the leader you want, each of whom brings a different unit, ability, or potential upgrade to the table. You can expect to see players using strategies that work in other RTS games. Rushes work well, but they can be dealt with. Selecting your opening strategy tends to be more important than out-managing your opponent in battles. You don't have to have a ridiculous number of actions per minute to do well.
Ensemble succeeded quite well at establishing a control system that is powerful yet doesn't fight for intellectual real estate with the actual playing of the game. It's not a ground-breaking new entry into the real-time strategy genre, but, in a manner similar to the first Halo shooter, it demonstrates how well this genre can work on consoles. And it does well by the Halo franchise in the process. It's too bad Ensemble themselves got split up after completing this game — DLC involving some Covenant missions or making the Flood a third playable race would make this game even better. Fortunately, a team of Ensemble members now going by the name Robot Entertainment will be providing "support." If they're proactive about tuning and balancing the game, Halo Wars multiplayer could become quite popular indeed, in part because there isn't much competition. While it's not likely to be suitable for the hardcore, competitive RTS players, Halo Wars is definitely the fun and easy-to-operate console RTS many players have been waiting for.
-
AMD RV790 Architecture To Change GPGPU Landscape?
Vigile writes "To many observers, the success of the GPGPU landscape has really been pushed by NVIDIA and its line of Tesla and Quadro GPUs. While ATI was the first to offer support for consumer applications like Folding@Home, NVIDIA has since taken command of the market with its CUDA architecture and programs like Badaboom and others for the HPC world. PC Perspective has speculation that points to ATI addressing the shortcomings of its lineup with a revised GPU known as RV790 that would both dramatically increase gaming performance as well as more than triple the compute power on double precision floating point operations — one of the keys to HPC acceptance." -
AMD RV790 Architecture To Change GPGPU Landscape?
Vigile writes "To many observers, the success of the GPGPU landscape has really been pushed by NVIDIA and its line of Tesla and Quadro GPUs. While ATI was the first to offer support for consumer applications like Folding@Home, NVIDIA has since taken command of the market with its CUDA architecture and programs like Badaboom and others for the HPC world. PC Perspective has speculation that points to ATI addressing the shortcomings of its lineup with a revised GPU known as RV790 that would both dramatically increase gaming performance as well as more than triple the compute power on double precision floating point operations — one of the keys to HPC acceptance." -
The Shadow Factory
brothke writes "The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America is the third of James Bamford's trilogy. Bamford started this with The Puzzle Palace in 1982 and Body of Secrets: Anatomy of the Ultra-Secret National Security Agency in 2001. The Shadow Factory is likely the last book Bamford will find the NSA cooperative to, given his often harsh treatment of the agency and its directors. It is also doubtful that former NSA Director Lt. Gen. Michael Hayden will grant Bamford additional dinner invitations, given his portrayal of Hayden as a weakling who could not stand up to Dick Cheney and other in the Bush administration." Read below for the rest of Ben's review. The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America author James Bamford pages 416 publisher Doubleday rating When sticking to facts: 9. When digressing: 2 reviewer Ben Rothke ISBN 0385521324 summary Good overview of the NSA post-9/11, but some of the author's biases get in the way The book can be summed up with two basic themes: The top management of the NSA and CIA has not made the fundamental changes needed post 9/11, as the politicking and inter-agency squabbles are seemingly alive and well. Bamford's other premise continues to be his contempt towards Israel.
Often bands produce abysmal releases in order to fulfill contractual requirements. In some ways, The Shadow Factory is reminiscent of that; at almost half the size of Body of Secrets, and 2/3 the size of The Puzzle Palace. When the book sticks to the facts and avoids conspiracy theories, it is a fascinating read.
If nothing else, Bamford knows how to turn often mundane aspects of wiretapping and supercomputers into a gripping read. Divided into five interwoven sections, the book starts out with a fascinating account of how two of the 9/11 hijackers lived the American dream, all the while planning their devious acts. Had there been some semblance of interagency cooperation and shared databases, Khalid Al-Midhar and Nawaf al-Hazmi would have been identified in seconds.
Not only that, in the book, Bamford writes that many of the 9/11 terrorists set-up shop within miles of the NSA headquarters in Maryland, communicated with their counterparts in the Middle East, at the same time the NSA was searching the world over for them. Bamford makes the NSA seem like the keystone cops searching for these terrorists, while they were literally a par 5 away.
A number of the chapters details the Bush administration forays into its illegal wiretapping adventures and how Counsel Alberto Gonzales and Chief of Staff Andrew Card manipulated a sick and barely lucid Attorney General John Ashcroft into signing on to the program.
It has long been known that Bamford has no love lost for Israel. His previous books have incorrectly written of the details around Israel's attack of the Liberty, a US Navy technical research ship, which was sailing in the Mediterranean Sea during the Six-Day War.
The book details how Israeli high-tech data mining and surveillance companies such as Comverse, Verint, NICE and more have become indispensable to the US intelligence community. Bamford asserts that the vast majority of surveillance of telephone transmissions are done via technology from Israeli companies. He then makes the jump that the American intelligence community is placing itself as risk and that the Israeli companies will access this same information.
Such conspiracy theories are tired and old. For the longest time, there were claims that every Check Point FireWall-1 had a backdoor which the Mosad could tap into. Some years ago, the NSA even sent out a memo denying that fact, as it was getting in the way of firewall deployments at the agency.
As to Bamford's assertion of Israeli control of American intelligence, it makes great fodder for the conspiracy theory community, but lacks any sort of real evidence. What Bamford does is show that many of the founders of these companies are graduates of programs from the Israeli military, served in the same intelligence corps unit and therefore, guilty by some sort of association.
Irrespective of Bamford's deep hostility towards Israel, there is not the slightest indication that the American intelligence community was forced to purchase these Israeli products. They purchased these due to their superior capabilities produced by one of its closest allies. What Bamford fails to mention, is that Israeli and US intelligence groups have a long history of mutual cooperation. Much of the US success in its war against terror and monitoring of Iran are only due to help from Israel.
If the Shadow Factory is meant to be a critique of the NSA, then Bamford's unsubstantiated allegations about Israel and the Mosad show the agency to be a bastion of utter incompetency. Irrespective of problems with management at the NSA, it is utterly incredulous that the Mosad could single-handedly undermine the entire US intelligence effort, filling it with back doors and secret agents.
Bamford seems to be confused on his approach to the NSA. On one side, the NSA are the smartest guys in the room, successfully, surreptitiously and often illegally monitoring nearly every telephone call on the planet. They push supercomputers to the envelope and optimize ever CPU cycle. Yet simultaneously, these smart guys are simply pawns of a small group of Israeli intelligence agents who have managed to develop and get their software on various NSA projects.
In his review of the book in the New York Times, Christopher Dickey sums it up best when he writes of Bamford's habit of such conspiracy theories that "it's a fair bet that Bamford will find a way to work the bloodbath at the Taj Mahal hotel into the long NSA narrative that he began with "The Puzzle Palace" in 1982, followed up with "Body of Secrets" in 2001, and may well continue with paperback updates and further sequels after the present book. These are the kinds of details, or coincidences, that Bamford loves. In "The Shadow Factory" he piles one on top of another — events, addresses, room numbers — in a slapped-together text that often blends facts with speculation to evoke a pervasive atmosphere of conspiracy".
When Bamford is able to stick to the facts, which is about 2/3 of the book, he paints a frightening picture of the threats that the US is facing. Equally frightening was the response of the Bush administrations to the threats and attacks, which in some cases turned mince meat out of the Constitution. Bamford writes of Dick Cheney's attempt to give the President significant more control, while ignoring the need for separation of powers. There are many other such instances in the book. Yet when Bamford takes off his hat of reason and attempts to connect invisible dots, Christopher Dickey's observation should be kept in mind.
Seemingly on the brink of failure, the events of 9/11 recycled the NSA. For the astute reader who is able to discern between fact and fiction, The Shadow Factory is a fascinating read into an agency that still exists in the shadows. With a budget larger than the GDP of some countries, and a workforce that spans the globe, the NSA has long existed and thrived in the shadows that Bamford often describes so well.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
The Shadow Factory
brothke writes "The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America is the third of James Bamford's trilogy. Bamford started this with The Puzzle Palace in 1982 and Body of Secrets: Anatomy of the Ultra-Secret National Security Agency in 2001. The Shadow Factory is likely the last book Bamford will find the NSA cooperative to, given his often harsh treatment of the agency and its directors. It is also doubtful that former NSA Director Lt. Gen. Michael Hayden will grant Bamford additional dinner invitations, given his portrayal of Hayden as a weakling who could not stand up to Dick Cheney and other in the Bush administration." Read below for the rest of Ben's review. The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America author James Bamford pages 416 publisher Doubleday rating When sticking to facts: 9. When digressing: 2 reviewer Ben Rothke ISBN 0385521324 summary Good overview of the NSA post-9/11, but some of the author's biases get in the way The book can be summed up with two basic themes: The top management of the NSA and CIA has not made the fundamental changes needed post 9/11, as the politicking and inter-agency squabbles are seemingly alive and well. Bamford's other premise continues to be his contempt towards Israel.
Often bands produce abysmal releases in order to fulfill contractual requirements. In some ways, The Shadow Factory is reminiscent of that; at almost half the size of Body of Secrets, and 2/3 the size of The Puzzle Palace. When the book sticks to the facts and avoids conspiracy theories, it is a fascinating read.
If nothing else, Bamford knows how to turn often mundane aspects of wiretapping and supercomputers into a gripping read. Divided into five interwoven sections, the book starts out with a fascinating account of how two of the 9/11 hijackers lived the American dream, all the while planning their devious acts. Had there been some semblance of interagency cooperation and shared databases, Khalid Al-Midhar and Nawaf al-Hazmi would have been identified in seconds.
Not only that, in the book, Bamford writes that many of the 9/11 terrorists set-up shop within miles of the NSA headquarters in Maryland, communicated with their counterparts in the Middle East, at the same time the NSA was searching the world over for them. Bamford makes the NSA seem like the keystone cops searching for these terrorists, while they were literally a par 5 away.
A number of the chapters details the Bush administration forays into its illegal wiretapping adventures and how Counsel Alberto Gonzales and Chief of Staff Andrew Card manipulated a sick and barely lucid Attorney General John Ashcroft into signing on to the program.
It has long been known that Bamford has no love lost for Israel. His previous books have incorrectly written of the details around Israel's attack of the Liberty, a US Navy technical research ship, which was sailing in the Mediterranean Sea during the Six-Day War.
The book details how Israeli high-tech data mining and surveillance companies such as Comverse, Verint, NICE and more have become indispensable to the US intelligence community. Bamford asserts that the vast majority of surveillance of telephone transmissions are done via technology from Israeli companies. He then makes the jump that the American intelligence community is placing itself as risk and that the Israeli companies will access this same information.
Such conspiracy theories are tired and old. For the longest time, there were claims that every Check Point FireWall-1 had a backdoor which the Mosad could tap into. Some years ago, the NSA even sent out a memo denying that fact, as it was getting in the way of firewall deployments at the agency.
As to Bamford's assertion of Israeli control of American intelligence, it makes great fodder for the conspiracy theory community, but lacks any sort of real evidence. What Bamford does is show that many of the founders of these companies are graduates of programs from the Israeli military, served in the same intelligence corps unit and therefore, guilty by some sort of association.
Irrespective of Bamford's deep hostility towards Israel, there is not the slightest indication that the American intelligence community was forced to purchase these Israeli products. They purchased these due to their superior capabilities produced by one of its closest allies. What Bamford fails to mention, is that Israeli and US intelligence groups have a long history of mutual cooperation. Much of the US success in its war against terror and monitoring of Iran are only due to help from Israel.
If the Shadow Factory is meant to be a critique of the NSA, then Bamford's unsubstantiated allegations about Israel and the Mosad show the agency to be a bastion of utter incompetency. Irrespective of problems with management at the NSA, it is utterly incredulous that the Mosad could single-handedly undermine the entire US intelligence effort, filling it with back doors and secret agents.
Bamford seems to be confused on his approach to the NSA. On one side, the NSA are the smartest guys in the room, successfully, surreptitiously and often illegally monitoring nearly every telephone call on the planet. They push supercomputers to the envelope and optimize ever CPU cycle. Yet simultaneously, these smart guys are simply pawns of a small group of Israeli intelligence agents who have managed to develop and get their software on various NSA projects.
In his review of the book in the New York Times, Christopher Dickey sums it up best when he writes of Bamford's habit of such conspiracy theories that "it's a fair bet that Bamford will find a way to work the bloodbath at the Taj Mahal hotel into the long NSA narrative that he began with "The Puzzle Palace" in 1982, followed up with "Body of Secrets" in 2001, and may well continue with paperback updates and further sequels after the present book. These are the kinds of details, or coincidences, that Bamford loves. In "The Shadow Factory" he piles one on top of another — events, addresses, room numbers — in a slapped-together text that often blends facts with speculation to evoke a pervasive atmosphere of conspiracy".
When Bamford is able to stick to the facts, which is about 2/3 of the book, he paints a frightening picture of the threats that the US is facing. Equally frightening was the response of the Bush administrations to the threats and attacks, which in some cases turned mince meat out of the Constitution. Bamford writes of Dick Cheney's attempt to give the President significant more control, while ignoring the need for separation of powers. There are many other such instances in the book. Yet when Bamford takes off his hat of reason and attempts to connect invisible dots, Christopher Dickey's observation should be kept in mind.
Seemingly on the brink of failure, the events of 9/11 recycled the NSA. For the astute reader who is able to discern between fact and fiction, The Shadow Factory is a fascinating read into an agency that still exists in the shadows. With a budget larger than the GDP of some countries, and a workforce that spans the globe, the NSA has long existed and thrived in the shadows that Bamford often describes so well.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
UK Government To Back Off Plans To Share Private Data
Richard Rothwell writes with news that Jack Straw, Britain's Justice Secretary, has made public plans to drop provisions from the Coroners and Justice Bill which would have allowed the government to take information gathered for one purpose and use it for any other purpose. "A spokesman for Mr Straw said the 'strength of feeling' against the plans had persuaded him to rethink. The proposals will be dropped entirely from the Coroners and Justice Bill, and a new attempt will be made to reach a consensus on introducing a scaled-back version at an unspecified stage in the future." After defending the government's intentions, Straw bowed to pressure from a variety of groups and individuals who presented objections to the bill. -
Film Piracy, Organized Crime and Terrorism
flip-flop writes "The RAND Corporation has just released a lengthy report titled "Film Piracy, Organized Crime, and Terrorism" which attempts to link all three. The authors suggest that organized crime might be financing itself in part through movie piracy (PDF) — and in three out of 14 of their international case studies, they claim that profits from piracy end up with suspected terrorist organizations. But now for the interesting part! Quote from the preface: 'The study was made possible by a grant from the Motion Picture Association (MPA).' Ah, what a surprise..." The RAND Corporation has made a video summary of the report as well. TorrentFreak has an article disputing some of the report's claims, focusing criticism on RAND's interchangeable use of the terms "piracy" and "counterfeiting" — the report deals with the physical distribution of DVDs, making only brief mention of digital downloads. The MPAA and others have barked up this tree before. -
Film Piracy, Organized Crime and Terrorism
flip-flop writes "The RAND Corporation has just released a lengthy report titled "Film Piracy, Organized Crime, and Terrorism" which attempts to link all three. The authors suggest that organized crime might be financing itself in part through movie piracy (PDF) — and in three out of 14 of their international case studies, they claim that profits from piracy end up with suspected terrorist organizations. But now for the interesting part! Quote from the preface: 'The study was made possible by a grant from the Motion Picture Association (MPA).' Ah, what a surprise..." The RAND Corporation has made a video summary of the report as well. TorrentFreak has an article disputing some of the report's claims, focusing criticism on RAND's interchangeable use of the terms "piracy" and "counterfeiting" — the report deals with the physical distribution of DVDs, making only brief mention of digital downloads. The MPAA and others have barked up this tree before. -
Google Solves Sharing Bug In Google Docs
RichardDeVries writes "Three weeks ago, I contacted Google about a bug in Google Docs that shared documents without permission. The issue has been resolved and affected documents have had their collaborators removed. The documents' owners have been notified: 'To help remedy this issue, we have used an automated process to remove collaborators and viewers from the documents that we identified as being affected. Since the impacted documents are now accessible only to you, you will need to re-share the documents manually.' See my journal entry for details on my contact with Google. Although I think Google handled the issue admirably, this raises questions (again) about cloud computing, as well as Google's eternal beta-status for a lot of their services." -
UAC Whitelist Hole In Windows 7
David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'" -
UAC Whitelist Hole In Windows 7
David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'" -
Digital TV Coupon Program Under Way Again
An anonymous reader writes with this excerpt from CNet: "Federal regulators said Thursday they are going into 'search and rescue' mode to help the millions of consumers unprepared for the phased transition to digital television, which culminates with the June 12 transition deadline. The millions of consumers waiting for coupons for digital converter box coupons will finally receive them within the next two and a half weeks, thanks to emergency funding for the coupon program provided in the stimulus package, said Bernadette McGuire-Rivera, an administrator for the National Telecommunications and Information Administration. The NTIA is also ratcheting up its outreach to consumers most likely to be unprepared for the transition... FCC commissioners said their agency is also intensifying its outreach, but they acknowledged that while one third of television stations have already dropped their analog signals, the hardest part is yet to come." We previously discussed the DTV coupon program when it ran out of money in January. The $650 million from the stimulus packages adds to the $1.3 billion that's already been spent. -
Windows 7 Kill Switch For IE Confirmed — For More Apps, Too
CWmike writes "Microsoft has confirmed that users will be able to remove its IE8 browser, as well as several other integrated applications, from Windows 7. Jack Mayo, a group program manager on the Windows team, listed in a blog post the applications that can be switched off. They include Internet Explorer 8, Fax and Scan, handwriting recognition, Windows DVD Maker, Windows Gadget Platform, Windows Media Player, Windows Media Center, Windows Search, and XPS Viewer and Services. He explained that the files associated with those applications and features are not actually deleted from the hard drive. The public beta of Windows 7 does not include the ability to 'kill' said apps. But a pirated copy of Windows 7 Build 7048 includes the new removal options, and has been leaked on the Internet." (We mentioned the reported ability to turn off IE8 yesterday as well.) -
ISS's Node 3 Might Be Named "Colbert"
Panzor writes "NASA is running a contest to name the new addition to the space station, Node 3. The polls are open until March 20. The selection that is getting the most votes is 'Suggest your own,' and the leading name besides the official four (Earthrise, Legacy, Serenity, and Venture) is 'Colbert.' Comedian Stephen Colbert suggested on the air that fans write in his name. On March 5th, his vote count passed that of Xenu and Colbert pronounced himself Scientology's 'Galactic Overlord.'" -
America's New CIO Loves Google
theodp writes "On Thursday, Barack Obama tapped Vivek Kundra for the post of Federal CIO, giving him responsibility for establishing and overseeing enterprise architecture across the federal government. So what might that look like? Well, little more than a month ago Kundra was slated to sing the praises of Google Apps to government officials in a webcast. A Kundra quote from the presentation slides: 'Why should I spend millions on enterprise apps when I can do it [with Google] at one-tenth cost and ten times the speed? It's a win-win for me.' You can follow Kundra's love affair with Google on YouTube, from his announcement of the Google-Washington DC partnership he brokered through a co-starring role with a Google attorney on a video pitching Google-enabled technology for the Obama Administration. Not surprisingly, some say Obama's choice of a Google-party-goer who worships Google could cause big headaches for Microsoft." -
ScummVM 0.13.0 Delivers New Adventure Games
KingofGnG writes "The classics, by definition, never go out of fashion, let alone if they are the graphic adventures of past decades. The preferred tool of true adventurers is ScummVM, software that works as an interpreter between data files of such adventures and modern operating systems. 6 months after the release of version 0.12.0, developers have now delivered a new main release of the virtual machine, which includes novelties both for the interface and supported games." -
A Look At the AI of Empire: Total War and F.E.A.R. 2
mr_sifter writes "The newly released Empire: Total War and F.E.A.R. 2 have both been praised for their excellent AI. In this feature, Bit-Tech talks to the developers behind these games about how they handled the challenges of creating Empire's armies of thousands of AI soldiers and F.E.A.R. 2's aggressive teams of military operatives. The discussion also talks about how game AI is 'smoke and mirrors' compared to research AI, and looks at the difficulty of improving the quality of game AI." We talked about F.E.A.R. 2's engine and AI back in December as well. -
Utah Trying To Restrict Keyword Advertising ... Again
Eric Goldman writes "The Utah legislature has tried to restrict keyword advertising twice before, with disastrous results. In 2004, Utah tried to ban keyword advertising in adware; that law was declared unconstitutional. In 2007, Utah tried to regulate competitive keyword advertising; after a firestorm of protests, Utah repealed the law in 2008. Despite this track record, Utah is trying to regulate keyword advertising a third time. HB 450 would allow trademark owners to block competitors from displaying certain types of keyword ads. In practice, this law is just another attempt by the Utah legislature to enact a law that doesn't help consumers at all but does help trademark owners suppress their online competition." -
PDF Vulnerability Now Exploitable With No Clicking
SkiifGeek writes "With Adobe's patch for the current PDF vulnerability still some time away, news has emerged of more techniques that are available to exploit the vulnerability, this time without needing the victim to actually open a malicious file. Instead, the methods make use of a Windows Explorer Shell Extension that is installed alongside Adobe Reader, and which will trigger the exploitable code when the file is interacted with in Windows Explorer. Methods have been demonstrated of successful exploitation with a single click, with thumbnail view, and with merely hovering the mouse cursor over the affected file. There are many ways that exploits targeting the JBIG2 vulnerability could be hidden inside a PDF file, and it seems that the reliability of detection for these varying methods is spotty, at best." -
LimeWire Brings Darknets To All
An anonymous reader writes "LimeWire's new version lets people create private darknets with contacts on any Jabber server (like GMail or LiveJournal). It's different than the recent p2p darknet announcement because it doesn't use onion routing. Sharing with a friend connects directly to that friend. If you're worried about exposing personal information, LW5 doesn't share documents with the p2p network by default." -
LimeWire Brings Darknets To All
An anonymous reader writes "LimeWire's new version lets people create private darknets with contacts on any Jabber server (like GMail or LiveJournal). It's different than the recent p2p darknet announcement because it doesn't use onion routing. Sharing with a friend connects directly to that friend. If you're worried about exposing personal information, LW5 doesn't share documents with the p2p network by default." -
Warner Music Playing Hardball With Rock Band
We recently discussed the fight brewing between the music industry and the popular music games, such as Rock Band and Guitar Hero, over the licensing fees paid for songs used within the games. Well, Warner has stepped things up and denied access to future songs without a payment increase. "Once the already-agreed-upon music runs out in the Summer however, the two companies will have to hammer out a new deal that's amenable to both. If MTV Games ends up giving Warner a larger slice of the pie, you have to think that the rest of the labels will begin asking for the same cut." The Rock Band games have seen a steady stream of DLC additions to their song libraries, the most recent being Stevie Ray Vaughan's Texas Flood album. Activision has been busily working on new Guitar Hero content as well, revealing details for Guitar Hero Greatest Hits, which is due out in June. Ben Heck (of Xbox 360 laptop fame) has just put together a breath controller for Guitar Hero World Tour's bass drum, for those unable or unwilling to use the standard pedal. -
Warner Music Playing Hardball With Rock Band
We recently discussed the fight brewing between the music industry and the popular music games, such as Rock Band and Guitar Hero, over the licensing fees paid for songs used within the games. Well, Warner has stepped things up and denied access to future songs without a payment increase. "Once the already-agreed-upon music runs out in the Summer however, the two companies will have to hammer out a new deal that's amenable to both. If MTV Games ends up giving Warner a larger slice of the pie, you have to think that the rest of the labels will begin asking for the same cut." The Rock Band games have seen a steady stream of DLC additions to their song libraries, the most recent being Stevie Ray Vaughan's Texas Flood album. Activision has been busily working on new Guitar Hero content as well, revealing details for Guitar Hero Greatest Hits, which is due out in June. Ben Heck (of Xbox 360 laptop fame) has just put together a breath controller for Guitar Hero World Tour's bass drum, for those unable or unwilling to use the standard pedal. -
Australian Police Given Covert Search and Hacking Powers
An anonymous reader writes "The NSW government of Australia has quietly introduced new police powers for covert home searches and covert hacking of computers. The suspect may not be notified of the covert activity for up to three years. These new powers are similar to those given to the UK police earlier this year. The new warrants can only be issued in the Supreme Court for suspected serious offences punishable by at least seven years jail — which includes computer crime offences." -
DNA-Radio, Tune In To Your Chromosomes
An anonymous reader writes "The folks behind the DNA-Rainbow project (discussed on Slashdot before) apparently have some time to play around with genome data. After creating amazing pictures from the human DNA code they are now transforming all chromosomes to audio and streaming them to the Internet. Every base is read and broadcasted instead converting it to a color. Seemingly this artistic project will last a while. After some math they found out that it will take them more than 23.5 years to air the whole human genome sequence." -
Google's Struggle To Reach Authors — of Every Book Ever Written
eldavojohn writes "There's no lack of news surrounding the settlement of Google's controversial move to digitize books — but how do you even start this endeavor? A New York Times story reveals the obstacles they face just to get the word out that they want to settle with publishers and authors everywhere. They turned to a world-wide ad campaign to start the $125 million settlement process and they're spending $7 million to $8 million in paper print ads and telephone hot-lines (handling 80+ languages) to reach as many people as possible. From the article: 'We looked at how many books were published in various areas and we knew from the plaintiffs and Google that 30 percent were published in the US, 30 percent in industrialized countries. The rest of the world is the rest.' That's quite the herculean task! Hopefully Google's efforts in digitizing books will breathe new life and revenue into authors and publishers the world over." -
Outliers, The Story Of Success
TechForensics writes "Outliers, by Malcolm Gladwell, is subtitled "the story of success." It is a book that purports to explain why some people succeed far more than others. It suggests that a success like Bill Gates is more attributable to external factors than anything within the man. Even his birth date turns out to play a role of profound importance in the success of Bill Gates and Microsoft Corporation." Look below for the rest of Leon's review. Outliers author Malcolm Gladwell pages 301 publisher Little, Brown and Co. rating Excellent. reviewer Leon Malinofsky ISBN 978-0-316-03669-6 summary Success comes from external factors or unsuspected internal ones.
Outliers also tries to answer such diverse questions as what Gates has in common with the Beatles; why Asians have superior success at math; and the reason the world's smartest man is one of the least accomplished. All of these things are viewed in terms of generation, family, culture, and class. Outliers — those persons of exceptional accomplishment — typically have lives that proceed from particular patterns.
Chapter 1 is an examination of similar towns in Italy with vastly disparate life expectancies and no apparent reason. Though the towns were only miles apart, the life expectancy in Roseto was surprisingly longer-- longer, in fact, than any neighboring town in the region, making Roseto an outlier. The eventual explanation, namely, the prevalence of multigenerational families under a single roof with the attendant reduced stress of lifestyle, while not one of the book's more shocking revelations, nevertheless serves as an example of an outlier and the sometimes hidden causes of their status.
Chapter 2 seeks to answer the curious question why athletes on elite Canadian teams were all born in the same few months of their birth year. In a system in which achievement is based on individual merit, one would assume the hardest work would translate to the best achievement. The fact this criterion on was wholly overmastered by timing of birth was studied and showed that hidden advantage, namely being older and stronger than persons born later in the year of eligibility brought continuous, cascading, even snowballing advantage, which ultimately produced Canada's most elite players. If everyone born, in, say, 1981 was eligible to begin play only in a single year, then naturally the older boys, being larger and better coordinated, would dominate. Hockey player selection in Canada is shown to be a self-fulfilling prophecy, namely a situation where a false definition in the beginning invokes a new behavior which makes the original false conception come true.
Chapter 3 is far and away the most interesting in the book. It sets forth the so-called 10,000 hour rule, and in its course, shows why Bill Gates and the Beatles succeeded for essentially the same reason. Gladwell begins by noting that musical geniuses such as Mozart, and chess grandmasters, both achieved their status after about 10 years. 10 years is roughly how long it takes to put in 10,000 hours of hard practice. 10,000 hours is the magic number of greatness. Both Bill Joy at the University of Michigan and Bill Gates at Seattle's famous Lakeside school, two schools with some of the first computer terminals, had access to unlimited time-sharing computer time at essentially the beginning of the modern industry and before anyone else. Because both were absorbed and drawn into programming, spending countless hours in fascinated self-study, both achieved 10,000 hours of programming experience before hitting their level. Because hitting that level took place at exactly the time need for that level of computer expertise manifested in society, ability came together with need and unique uber programmers were born. The Beatles played seven days a week on extended stints in Hamburg Germany and estimated by the time they started their phenomenal climb to greatness in England that they had played for 10,000 hours. Subsequent studies of musicians in general in music school showed that elite, mid-level, and low-level musicians hewed very closely to the "genius is a function of hours put in and not personal gifts" school of thought: members of each group had similar amounts of total lifetime practice. This book makes a fascinating case that genius is a function of time and not giftedness, validating both Edison's famous saw about 98% perspiration and Feynman's claim that there is no such thing as intelligence, only interest.
The next chapter tells the tale of Bill Langen, whose IQ is one of the highest in recorded history. However, he was a spectacular failure in his personal life. Prof. Oppenheimer, on the other hand ascended to work on the Manhattan Project though in graduate school he had tried to poison his adviser. The difference is shown to result from an astonishing lack of charisma and a sense of what others are thinking in Langen, and an extreme personability in Oppenheimer, which is said to show that success is not a function of hard work or even genius but more of likability and the ability to empathize.
Chapter 5 tells the tale of attorney Joseph Flom, of Skadden Arps Slate Meagher and Flom. According to Gladwell, Flom did not succeed through hustle and ability but rather by virtue of his origins. Intelligence, personality and ambition were not enough, but had to be coupled with origins in a Jewish culture in which hard work and ingenuity were encouraged, and in fact a necessary part of life. This, along with having to scrabble in a firm cobbled together out of necessity because Jews were not hired by white-shoe law firms, gave the partners and unusual and timely expertise: Flom's firm decided it had to take hostile takeover cases when no one else would, and that turned Flom and his partners into experts in a kind of legal practice just beginning to boom when they hit their stride.
Chapter 6 traces the influence on a person's culture of origin and how it marks him more in the present day then may be generally appreciated. Psychological experiments proved that a so-called culture of honor, such as that found in the South, where people of necessity had nothing but their reputations, caused the products of such a culture to be much more aggressive in defending themselves, their reputations and honor.
Chapter 7 traces the influence of Korean culture and deference to superiors as significant facts in a high number of plane crashes in the national airlines. It was only when cultural phenomena such as the inability to contradict a superior were corrected by cultural retraining that Korean Air Lines began to achieve the same safety levels of the airlines of other countries. This chapter is interesting for its treatment of flight KAL 007 alone.
Chapter 8 will have strong interest for most Slashdot readers. There is an Asian saying that no one who can rise before dawn 360 days a year can fail to make his family rich. The hard, intricate work of operating a successful rice paddy, equal in complexity to an organic chemical synthesis almost, is shown to have produced an ability for precision and complexity which outstrips growers of other crops. The fact that Asian languages in many cases use shorter and more logical words for numbers confers a strong early advantage which, like the age advantage in the hockey player example, snowball significantly over time. Gladwell argues Asians are not innately more able at math, but culturally more amenable to it based on the felicity of a language which is to our language as the metric system of weights and measures is to the English.
The final chapters of the book show that inner-city kids placed in intensive study schools achieve as much as kids from rich suburbs. The reason is found to be cultural: the long hours in those schools take up evening hours which would be spent at home and also take up summer hours, which in the special schools are full of math instead of the less than well-directed extracurricular pursuits typically found in the lower-income family home.
On the whole this book is going to provoke some ire and certainly some head scratching. It is bound to bear out in the minds of many Prof. Richard Feynman's assertion, which we may modify to say that giftedness and IQ are not inherent but conferred by accidents or benefits of culture, or at least via mechanisms that are not obvious. Even if such a conclusion sounds laughable to you, this book may change your thinking.
You can purchase Outliers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Outliers, The Story Of Success
TechForensics writes "Outliers, by Malcolm Gladwell, is subtitled "the story of success." It is a book that purports to explain why some people succeed far more than others. It suggests that a success like Bill Gates is more attributable to external factors than anything within the man. Even his birth date turns out to play a role of profound importance in the success of Bill Gates and Microsoft Corporation." Look below for the rest of Leon's review. Outliers author Malcolm Gladwell pages 301 publisher Little, Brown and Co. rating Excellent. reviewer Leon Malinofsky ISBN 978-0-316-03669-6 summary Success comes from external factors or unsuspected internal ones.
Outliers also tries to answer such diverse questions as what Gates has in common with the Beatles; why Asians have superior success at math; and the reason the world's smartest man is one of the least accomplished. All of these things are viewed in terms of generation, family, culture, and class. Outliers — those persons of exceptional accomplishment — typically have lives that proceed from particular patterns.
Chapter 1 is an examination of similar towns in Italy with vastly disparate life expectancies and no apparent reason. Though the towns were only miles apart, the life expectancy in Roseto was surprisingly longer-- longer, in fact, than any neighboring town in the region, making Roseto an outlier. The eventual explanation, namely, the prevalence of multigenerational families under a single roof with the attendant reduced stress of lifestyle, while not one of the book's more shocking revelations, nevertheless serves as an example of an outlier and the sometimes hidden causes of their status.
Chapter 2 seeks to answer the curious question why athletes on elite Canadian teams were all born in the same few months of their birth year. In a system in which achievement is based on individual merit, one would assume the hardest work would translate to the best achievement. The fact this criterion on was wholly overmastered by timing of birth was studied and showed that hidden advantage, namely being older and stronger than persons born later in the year of eligibility brought continuous, cascading, even snowballing advantage, which ultimately produced Canada's most elite players. If everyone born, in, say, 1981 was eligible to begin play only in a single year, then naturally the older boys, being larger and better coordinated, would dominate. Hockey player selection in Canada is shown to be a self-fulfilling prophecy, namely a situation where a false definition in the beginning invokes a new behavior which makes the original false conception come true.
Chapter 3 is far and away the most interesting in the book. It sets forth the so-called 10,000 hour rule, and in its course, shows why Bill Gates and the Beatles succeeded for essentially the same reason. Gladwell begins by noting that musical geniuses such as Mozart, and chess grandmasters, both achieved their status after about 10 years. 10 years is roughly how long it takes to put in 10,000 hours of hard practice. 10,000 hours is the magic number of greatness. Both Bill Joy at the University of Michigan and Bill Gates at Seattle's famous Lakeside school, two schools with some of the first computer terminals, had access to unlimited time-sharing computer time at essentially the beginning of the modern industry and before anyone else. Because both were absorbed and drawn into programming, spending countless hours in fascinated self-study, both achieved 10,000 hours of programming experience before hitting their level. Because hitting that level took place at exactly the time need for that level of computer expertise manifested in society, ability came together with need and unique uber programmers were born. The Beatles played seven days a week on extended stints in Hamburg Germany and estimated by the time they started their phenomenal climb to greatness in England that they had played for 10,000 hours. Subsequent studies of musicians in general in music school showed that elite, mid-level, and low-level musicians hewed very closely to the "genius is a function of hours put in and not personal gifts" school of thought: members of each group had similar amounts of total lifetime practice. This book makes a fascinating case that genius is a function of time and not giftedness, validating both Edison's famous saw about 98% perspiration and Feynman's claim that there is no such thing as intelligence, only interest.
The next chapter tells the tale of Bill Langen, whose IQ is one of the highest in recorded history. However, he was a spectacular failure in his personal life. Prof. Oppenheimer, on the other hand ascended to work on the Manhattan Project though in graduate school he had tried to poison his adviser. The difference is shown to result from an astonishing lack of charisma and a sense of what others are thinking in Langen, and an extreme personability in Oppenheimer, which is said to show that success is not a function of hard work or even genius but more of likability and the ability to empathize.
Chapter 5 tells the tale of attorney Joseph Flom, of Skadden Arps Slate Meagher and Flom. According to Gladwell, Flom did not succeed through hustle and ability but rather by virtue of his origins. Intelligence, personality and ambition were not enough, but had to be coupled with origins in a Jewish culture in which hard work and ingenuity were encouraged, and in fact a necessary part of life. This, along with having to scrabble in a firm cobbled together out of necessity because Jews were not hired by white-shoe law firms, gave the partners and unusual and timely expertise: Flom's firm decided it had to take hostile takeover cases when no one else would, and that turned Flom and his partners into experts in a kind of legal practice just beginning to boom when they hit their stride.
Chapter 6 traces the influence on a person's culture of origin and how it marks him more in the present day then may be generally appreciated. Psychological experiments proved that a so-called culture of honor, such as that found in the South, where people of necessity had nothing but their reputations, caused the products of such a culture to be much more aggressive in defending themselves, their reputations and honor.
Chapter 7 traces the influence of Korean culture and deference to superiors as significant facts in a high number of plane crashes in the national airlines. It was only when cultural phenomena such as the inability to contradict a superior were corrected by cultural retraining that Korean Air Lines began to achieve the same safety levels of the airlines of other countries. This chapter is interesting for its treatment of flight KAL 007 alone.
Chapter 8 will have strong interest for most Slashdot readers. There is an Asian saying that no one who can rise before dawn 360 days a year can fail to make his family rich. The hard, intricate work of operating a successful rice paddy, equal in complexity to an organic chemical synthesis almost, is shown to have produced an ability for precision and complexity which outstrips growers of other crops. The fact that Asian languages in many cases use shorter and more logical words for numbers confers a strong early advantage which, like the age advantage in the hockey player example, snowball significantly over time. Gladwell argues Asians are not innately more able at math, but culturally more amenable to it based on the felicity of a language which is to our language as the metric system of weights and measures is to the English.
The final chapters of the book show that inner-city kids placed in intensive study schools achieve as much as kids from rich suburbs. The reason is found to be cultural: the long hours in those schools take up evening hours which would be spent at home and also take up summer hours, which in the special schools are full of math instead of the less than well-directed extracurricular pursuits typically found in the lower-income family home.
On the whole this book is going to provoke some ire and certainly some head scratching. It is bound to bear out in the minds of many Prof. Richard Feynman's assertion, which we may modify to say that giftedness and IQ are not inherent but conferred by accidents or benefits of culture, or at least via mechanisms that are not obvious. Even if such a conclusion sounds laughable to you, this book may change your thinking.
You can purchase Outliers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Meteorite Hunters Find the West Texas Fireball
An anonymous reader writes "A fireball streaked over Austin, Texas on February 15 producing sonic booms and startling people for hundreds of miles. The video of the event was shown on national television and viewed by thousands of people on the Net. The first news reports speculated that the fireball might have been debris from a February 13th collision between two satellites over Siberia but space experts said that the object was probably a meteor. Now this has been confirmed: experienced meteorite hunters located a strewnfield about 120 miles north of the filming site of the Austin cameraman and have recovered over 100 freshly fallen meteorites." -
Roundup of Microsoft Research At TechFest 2009
An anonymous reader writes "Ars Technica has a very thorough post of some of the technologies that Microsoft researchers showed off at TechFest last week. 'The exact number of projects that were demonstrated at TechFest 2009 is not clear, but here's a quick rundown of about 35 research projects that haven't received much coverage, accompanied by links that will let you further explore if your interest is piqued. Remember that these are concepts and prototypes, not finished products, and they may never end up becoming anything significant.'" While Microsoft has been criticized for squandering a fortune on R&D, there can be no doubt that they are showing off some cool tech here. -
Tigger.A Trojan Quietly Steals Stock Traders' Data
**$tarDu$t** recommends a Washington Post Security Fix blog post dissecting the Tigger.A trojan, which has been keeping a low profile while exploiting the MS08-66 vulnerability to steal data quietly from online stock brokerages and their customers. An estimated quarter million victims have been infected. The trojan uses a key code to extract its rootkit on host systems that is almost identical to the key used by the Srizbi botnet. The rootkit loads even in Safe Mode. "Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade, and Scottrade. ... Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles ... this is most likely done because the in-your-face 'hey, your-computer-is-infected-go-buy-our-software!' type alerts generated by such programs just might ... lead to all invaders getting booted from the host PC." -
Diebold Election Audit Logs Defective
mtrachtenberg writes "Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'" -
Intel Introduces Atom Chips For New Devices
angry tapir writes "Not only has Intel recruited another company to produce Atom CPUs, as covered earlier on Slashdot, the chipmaker also unveiled four Atom chips that will go into devices such as entertainment systems for cars, videoconferencing devices, robots and interactive kiosks. The Z500-series Atom processors are integrated chips the size of a penny that draw little power and do not require fans to operate. The chips draw 2.5 watts of power or less and run at speeds of between 1.10GHz and 1.6GHz. The chips offer integrated 2D and 3D graphics and will be manufactured using Intel's existing 45-nanometer process." -
QT 4.5 Released, Plus New IDE and Analysis Tool
stoolpigeon writes "QT 4.5 has arrived and is now available for download. This new release is quite significant due to licensing changes that now make it simpler to use QT in a wider range of products without cost as well as a number of new features. The latest version of Webkit is now integrated into the product. Qt 4.5 sees the introduction of QtBenchLib, a new component to make measuring the performance of the toolkit and checking for regressions easier. Mac developers who use Qt will note a major reworking of 4.5 on the Mac, now providing 64-bit support. QT Creator is a new IDE that looks to have combined a number of previously separate tools. And there is much more." -
The Formula That Killed Wall Street
We recently discussed the perspective that the harrowing of Wall Street was caused by over-reliance on computer models that produced a single number to characterize risk. Wired has a piece profiling David X. Li, the quant behind the formula that enabled the creation of such simple risk models. "For five years, Li's formula, known as a Gaussian copula function, looked like an unambiguously positive breakthrough, a piece of financial technology that allowed hugely complex risks to be modeled with more ease and accuracy than ever before. With his brilliant spark of mathematical legerdemain, Li made it possible for traders to sell vast quantities of new securities, expanding financial markets to unimaginable levels. His method was adopted by everybody from bond investors and Wall Street banks to ratings agencies and regulators. ... [T]he real danger was created not because any given trader adopted it but because every trader did. In financial markets, everybody doing the same thing is the classic recipe for a bubble and inevitable bust." -
Does a Game Have To Fail To Get a Real Ending?
After the closure of Tabula Rasa over the weekend, the Opposable Thumbs blog asks if that's what it takes for a game to have an actual ending these days. Quoting: "It's no surprise that most games hope for a sequel, as it's the easiest way to get some of that money back while taking advantage of the staff, engine, assets, and other advantages you've banked while creating the first title. The problem? This has lead to a generation of cliff-hangers at worst, and endings that hedge their bets at best. ... As all the game's characters die, as the servers are shut down, as the data is erased or backed up and then boxed or whatever happens to MMO data once the game is done, it's hard not to be a little sad. The sights and sounds of the world of Tabula Rasa are gone, forever. All the memories written into those ones and zeroes will quickly be forgotten, and no one will walk those grounds again." Massively put together a few screenshots and videos to commemorate the ending of the game. -
New EVE Expansion Nears, Possible Mobile Plans
As the EVE Online creators ramp things up for the free Apocrypha expansion due out next week, lead designer Noah Ward sat down with MTV's Multiplayer blog to discuss the future of the game and what characteristics continue to keep players interested. Ward says they've considered branching out to consoles, but ended up deciding that the game doesn't really lend itself to console play. He left the door open to using smartphones for "augmenting" gameplay. Ward also mentioned that upcoming space MMOs Jumpgate: Evolution and Star Trek Online are so different from EVE that they're not really worried about direct competition; EVE thrives in part because of the player-generated drama and scandals, which few games pull off as well. Massively has gathered a variety of details about the Apocrypha expansion, which includes the game's first epic mission arc, and they've also posted some screenshots. CCP Games launched a website for the expansion containing concept art and interviews with some of the developers. -
Interview With Alan Feng of Starcraft College Class Fame
An anonymous reader writes "GosuGamers has posted a very interesting interview with Alan Feng, talking about the course he is teaching on game theory when applied to Starcraft at the University of California at Berkeley. We discussed early news of the class back in January. 'I studied what I knew: history and mathematics. With my fairly good mathematics background, I came up with all sorts of equations, tables and charts to give me the best result in every case. For instance, I once worked out using the binomial theorem that it is slightly more beneficial to send new workers to the *edge* of a mining line rather than the center. Over the course of maybe 3 minutes, this kind of movement will let you mine about 300-500 more minerals than you normally would. Ultimately, I failed at my pro-gaming bid, but, my year of study of StarCraft gave me something that I think no other SC player can offer the academic world: rigorous proof and analysis. And because of my calculations, my proofs, and most importantly, the way I can connect these calculations to real-life examples I was able to present it in a way that Haas Business School would accept as a topic for teaching.'" -
Advance In Making Stem Cells From Skin
KillerBob writes with an advance on the news from a year back that stem cells can be produced from human skin — discussed here. Now Canadian researchers have found a safe way to generate stem cells without using viruses to modify the genome, a process that can have its own dangers. "The ethical debate over embryonic stem cell use may soon be moot, thanks to a Canadian team of researchers who, together with a team out of Scotland, has found a safe way to grow stem cells from a patient's own skin. The revolutionary finding, described in a paper published yesterday by the international science journal Nature, means doctors may be one step closer to treating a multitude of diseases, including Alzheimer's, diabetes and Parkinson's." -
Advance In Making Stem Cells From Skin
KillerBob writes with an advance on the news from a year back that stem cells can be produced from human skin — discussed here. Now Canadian researchers have found a safe way to generate stem cells without using viruses to modify the genome, a process that can have its own dangers. "The ethical debate over embryonic stem cell use may soon be moot, thanks to a Canadian team of researchers who, together with a team out of Scotland, has found a safe way to grow stem cells from a patient's own skin. The revolutionary finding, described in a paper published yesterday by the international science journal Nature, means doctors may be one step closer to treating a multitude of diseases, including Alzheimer's, diabetes and Parkinson's." -
Google NativeClient Security Contest
An anonymous reader writes "You may remember Google's NativeClient project, discussed here last December. Don't be fooled into calling this ActiveX 2.0 — rather than a model of trust and authentication, NaCl is designed to make dangerous code impossible by enforcing a set of a rules at load time that guarantee hostile code simply cannot execute (PDF). NaCl is still in heavy development, but the developers want to encourage low-level security experts to take a look at their design and code. To this end Google has opened the NativeClient Security Contest, and will award prizes topping out at $2^13 to top bug submitters. If you're familiar with low level security, memory segmentation, accurate disassembly of hostile code, code alignment, and related topics, do take a look. Mac, Linux, and Windows are all supported." -
White House Ditches YouTube
An anonymous reader writes to tell us that in an apparent response to privacy complaints, the White House has quietly moved off of YouTube as a method for serving the President's weekly video address. Choosing instead to use a Flash-based solution and Akamai's content delivery network, this comes just days after YouTube began to roll out their own new policies regarding privacy of visitors. -
Securing PHP Web Applications
Michael J. Ross writes "The owners and the developers of typical Web sites face a quandary, one often unrecognized and unstated: They generally want their sites' contents and functionality to be accessible to everyone on the Internet, yet the more they open those sites, the more vulnerable they can become to attackers of all sorts. In their latest book, Securing PHP Web Applications, Tricia and William Ballad argue that PHP is an inherently insecure language, and they attempt to arm PHP programmers with the knowledge and techniques for making the sites they develop as secure as possible, short of disconnecting them from the Internet." Keep reading for the rest of Michael's review. Securing PHP Web Applications author Tricia Ballad, William Ballad pages 336 publisher Addison-Wesley Professional rating 7/10 reviewer Michael J. Ross ISBN 978-0321534347 summary A wide-ranging guide to PHP security. The book was published by Addison-Wesley on 26 December 2008, under the ISBN 978-0321534347. The publisher maintains a Web page for the book, where visitors will find a detailed description, the table of contents, and a sample chapter ("Cross-Site Scripting," Chapter 10) only three pages in length — undoubtedly a record. That is essentially all one will find on that Web page. Most technical publishers offer far more information on the Web pages for each one of their books — such as the preface and index online, updates to the book's content (including reported errata, confirmed and otherwise), descriptions of the chapters, information about and pictures of the author(s), feedback from readers and the media, and, perhaps most valuable of all, the sample code used in the given book. (However, that is less of a factor with this particular book, since it does not contain much sample code.) Many such publisher pages even have links to book- or technology-specific forums, where readers can post questions to the authors, and read other people's questions and the replies. Addison-Wesley, like all of the Pearson Education imprints, has through the years proven quite sparing with the supplementary online content, thereby no doubt reducing the number of prospective readers and other traffic to their sites.
Despite its fairly modest length (336 pages) in comparison to the average programming book being published these days, Securing PHP Web Applications tries to cover a sizable number of topics, in five parts, which encompass 17 chapters: general security issues; error handling; system calls; buffer overflows and sanitizing variables; input validation; file access; user authentication; encryption and passwords; sessions and attacks against them; cross-site scripting; securing Apache and MySQL; securing IIS and SQL Server; securing PHP; automated testing; exploit testing; designing a secure application; and hardening an existing application. The book concludes with an epilogue on professional habits to improve the security of one's applications, an appendix describing additional resources, a glossary, and an index. Throughout the book, the authors illustrate key ideas with the use of a sample application — in this case, a Web-based guest book.
The first chapter, which is the only one in the first part of the book, is rather brief, but does prime the reader for all the material that follows, because it explains the inherent security problems of Web applications, and explains the dangers of some of the inadequate measures that naive programmers can take, such as security through obscurity, and the common belief that hackers only go after major Web sites.
Chapter 2 focuses on error handling, but begins with an example of SQL injection, and how effective it can be against the first iteration of the guest book application code. The most potentially confusing part of the discussion is when the authors show an SQL injection attack that perverts an INSERT statement by injecting it with an SQL command to drop a table, and the two commands are separated by a semicolon. But then instead of discussing how multiple SQL statements can be separated by semicolons (well, depending upon one's server settings), they instead discuss separating PHP commands was semicolons, but not SQL commands. Nonetheless, readers will find some good advice on handling unexpected input and using a centralized error-handling mechanism, even if quite simple. Also, the question of whether or not to accept HTML in user input, is briefly addressed. However, the material would be more useful if the authors were to explain specifically when htmlspecialchars() should be used instead of htmlentities(). Also, the option of using standard bulletin board codes (such as [b]bold[/b]) should have been mentioned, if only briefly with references to outside resources. At the bottom of page 22, the bare regex following a !"~" is not valid PHP (or even Perl, which it much more resembles). Lastly, one should not follow the recommendation of providing absolutely no feedback to the user as to what characters were invalid in the text they entered. Hackers gain nothing from being told the obvious, that HTML tags are not allowed; but legitimate users will be incensed when told only that the system didn't understand their input, with no indication as to how to make it acceptable.
In the third chapter, the authors explain the obvious danger of using unsanitized user input within a call to the operating system, such as exec() or system(). The discussion here assumes that you are on a *nux server, not Windows. Two PHP commands are suggested for sanitizing user input, as well as the option and advantages of building a custom API that is limited to only the system calls that should ever be executed within your Web application. On page 33, their test code appears to assume that register_globals has been enabled (so the GET variables in the malicious URL are automatically instantiated and set to the values in the URL), which is disappointing for a book on PHP security, since the dangers inherent in register_globals are so severe that it is now disabled by default, is deprecated in PHP version 5.3.0, and will be completely removed in version 6.
In Chapter 4, readers get an overview of program and data storage on a computer, including buffers, stacks, and heaps, as groundwork for learning what buffer overflows are and how hackers can try to exploit them to execute database and operating system statements, including using your server as a staging point for remote exploits and denial-of-service attacks. The fifth chapter dovetails nicely with the previous one, because it discusses input validation, which is a key component of avoiding boundary condition attacks. The authors explain the importance of validating tainted data, using character length and regular expressions. One simple countermeasure to such attacks that the authors fail to mention, is simply setting a maximum input length ("maxlength") on HTML "input" tag fields. After all, most entry fields on forms are input tags — not textarea tags, for which the maxlength attribute only specifies wrapping. Using maxlength does not prevent manipulation of POST values, but does prevent the less knowledgeable attacker from overflowing input tag fields.
Chapter 6 explains the risks in working with local and remote files, and why it is critical to not allow mischievous users do such tricks as inserting a pathname in a filename, when your code is expecting only a simple filename. Unfortunately, some of the code and claims in this chapter are suspect: On page 70, the value of $path_to_uploaded_files is missing a needed trailing forward slash. The suggested method of processing malicious file paths could be made much more simple and secure with the use of basename(). The file_get_contents() attack shown on page 71 again seems to assume that register_globals is enabled; even if it were enabled, the exploit wouldn't work because $file is always set to a value in the script code. The authors seemingly believe that GET variables can override anything in a script. Nonetheless, their advice about handling user-uploaded files is spot on.
Part 4 of the book focuses on user security. The first of its chapters covers user authentication and authorization — combining the two for their sample application — and starting with usernames and passwords. Access denial due to invalid username or password is supposedly illustrated by Figure 7.2, but all that it illustrates is that a concept that needs no visual depiction is not made more clear by trying to represent it with a confusing image. The authors provide a thorough discussion of authentication purposes and methods, as well as password encryption and strength. Yet they provide no rationale for setting the default values for usernames, passwords, and e-mail addresses to " " simply because the columns are non-nullable. After all, a record would only be added to the table if those values were known. Also, in their validateUsernamePassword() function, they've mistakenly commented out the first "return FALSE;" and they create unused variables $username and $password.
Chapter 8 provides an overview of various types of encryption, particularly for passwords, and some recommendations for PHP-supported algorithms. One blemish in this discussion is the claim that the longer the key for decryption, the longer it will take for your application to load the data (presumably the encrypted text) — which doesn't make sense. Also, their password() and login() functions reference class member names of an object not yet defined or explained. Code out of context like this can be confusing to the reader.
Sessions are a key component of maintaining and securing the identity of an authenticated user as she goes from one page to another in your PHP application. In Chapter 9, the authors describe the three major categories of session attacks: fixation, hijacking, and injection. The next chapter addresses cross-site scripting (XSS), but runs only three pages, and provides no examples of an XSS attack, which would have been helpful for the reader to understand how such an attack could try to compromise his PHP code, and what sort of malicious code to look for in his site. However, references to four open source XSS filtering projects are provided, in case the reader would like to learn more about them.
The fifth part of the book is devoted to securing whichever server environment on which you choose to host your application — Apache and MySQL, or IIS and Microsoft SQL Server, as well as PHP. In the chapter on PHP, the authors present the Zend Core release of PHP, which can save developers time in installing components of the LAMP stack, and also save them from reinventing the wheel, by using the Zend Framework. Other techniques for hardening PHP are discussed. Chapters 14 and 15 explain how to use automated testing and exploit testing, to increase your application's security, using powerful exploit testing tools — free and proprietary.
The sixth and final part of the book contains two chapters, which purportedly discuss the advantages of designing security into a new application right from the start, and how to improve security in an application that has already been built. In the former chapter, the authors stress the importance of balancing no design ("Skip reading Slashdot for one day...") and too much design (i.e., stalling). But the material mostly consists of the basics of designing a Web application, with no new information on security, and concludes with a brief reiteration of security principles detailed in earlier chapters. The latter chapter offers some good advice on having separate development and test environments, in addition to the production environment. The principles expounded in each of the two chapters, do not overlap at all, and yet together they apply equally to new applications under development just as much as they do to finished applications; splitting the principles up does not make sense.
Sadly, the book does not live up to its potential. In general, much of the sample code is sloppy, as exemplified by the instances noted above. The authors and the technical reviewers should have tested the attacks, and thereby found which ones don't work. Even the HTML should not be used by any new Web developer as an example of quality code that adheres to leading standards. In the HTML that they have their sample PHP code generate, the tag attribute values are in single quotes, and not double, which means all of that code would need to be changed to make it compliant with XHTML 1.0. Moreover, by choosing to use single quotes for both the attribute values and the PHP strings, the authors end up having to escape every single attribute value quote mark, which wastes space and looks ridiculous. They repeat this at the end of Chapter 6, but this time with all double quotes. Also, some of the technical decisions are rather odd, such as their setting those default values to spaces in the user table, noted earlier. A few terms are used strangely, as well, such as their statement that IIS's footprint is the number of entry points to it; actually, a Web server software's footprint generally refers to how much memory it consumes. Every chapter ends with a summary, titled "Wrapping It Up," none of which add any value to the book. There are at least three technical errata in the book that should have been caught: spaces in "u + rwx, go + rx" (page 76), and the invalid addresses "www.blog/modsecurity.org" (page 215) and "www.ballad-nonfiction/SecuringPHP/" (page 288; adding ."com" does not fix it).
On the other hand, the book's marketing copy claims that "Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals..." and that is certainly a fair claim. Most of the explanations are straightforward and informative. As a side note, kudos to Addison-Wesley for printing this book on recycled paper; one can only hope that all publishers adopt that policy.
The primary value of Securing PHP Web Applications is that it touches upon security topics that are often glossed over or completely neglected in other PHP security books and articles. This is important, because online miscreants will be searching out every possible chink in your Web site's armor. You should do the same, before they strike — and this book shows how.
Michael J. Ross is a freelance Web developer and writer.
You can purchase Securing PHP Web Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Securing PHP Web Applications
Michael J. Ross writes "The owners and the developers of typical Web sites face a quandary, one often unrecognized and unstated: They generally want their sites' contents and functionality to be accessible to everyone on the Internet, yet the more they open those sites, the more vulnerable they can become to attackers of all sorts. In their latest book, Securing PHP Web Applications, Tricia and William Ballad argue that PHP is an inherently insecure language, and they attempt to arm PHP programmers with the knowledge and techniques for making the sites they develop as secure as possible, short of disconnecting them from the Internet." Keep reading for the rest of Michael's review. Securing PHP Web Applications author Tricia Ballad, William Ballad pages 336 publisher Addison-Wesley Professional rating 7/10 reviewer Michael J. Ross ISBN 978-0321534347 summary A wide-ranging guide to PHP security. The book was published by Addison-Wesley on 26 December 2008, under the ISBN 978-0321534347. The publisher maintains a Web page for the book, where visitors will find a detailed description, the table of contents, and a sample chapter ("Cross-Site Scripting," Chapter 10) only three pages in length — undoubtedly a record. That is essentially all one will find on that Web page. Most technical publishers offer far more information on the Web pages for each one of their books — such as the preface and index online, updates to the book's content (including reported errata, confirmed and otherwise), descriptions of the chapters, information about and pictures of the author(s), feedback from readers and the media, and, perhaps most valuable of all, the sample code used in the given book. (However, that is less of a factor with this particular book, since it does not contain much sample code.) Many such publisher pages even have links to book- or technology-specific forums, where readers can post questions to the authors, and read other people's questions and the replies. Addison-Wesley, like all of the Pearson Education imprints, has through the years proven quite sparing with the supplementary online content, thereby no doubt reducing the number of prospective readers and other traffic to their sites.
Despite its fairly modest length (336 pages) in comparison to the average programming book being published these days, Securing PHP Web Applications tries to cover a sizable number of topics, in five parts, which encompass 17 chapters: general security issues; error handling; system calls; buffer overflows and sanitizing variables; input validation; file access; user authentication; encryption and passwords; sessions and attacks against them; cross-site scripting; securing Apache and MySQL; securing IIS and SQL Server; securing PHP; automated testing; exploit testing; designing a secure application; and hardening an existing application. The book concludes with an epilogue on professional habits to improve the security of one's applications, an appendix describing additional resources, a glossary, and an index. Throughout the book, the authors illustrate key ideas with the use of a sample application — in this case, a Web-based guest book.
The first chapter, which is the only one in the first part of the book, is rather brief, but does prime the reader for all the material that follows, because it explains the inherent security problems of Web applications, and explains the dangers of some of the inadequate measures that naive programmers can take, such as security through obscurity, and the common belief that hackers only go after major Web sites.
Chapter 2 focuses on error handling, but begins with an example of SQL injection, and how effective it can be against the first iteration of the guest book application code. The most potentially confusing part of the discussion is when the authors show an SQL injection attack that perverts an INSERT statement by injecting it with an SQL command to drop a table, and the two commands are separated by a semicolon. But then instead of discussing how multiple SQL statements can be separated by semicolons (well, depending upon one's server settings), they instead discuss separating PHP commands was semicolons, but not SQL commands. Nonetheless, readers will find some good advice on handling unexpected input and using a centralized error-handling mechanism, even if quite simple. Also, the question of whether or not to accept HTML in user input, is briefly addressed. However, the material would be more useful if the authors were to explain specifically when htmlspecialchars() should be used instead of htmlentities(). Also, the option of using standard bulletin board codes (such as [b]bold[/b]) should have been mentioned, if only briefly with references to outside resources. At the bottom of page 22, the bare regex following a !"~" is not valid PHP (or even Perl, which it much more resembles). Lastly, one should not follow the recommendation of providing absolutely no feedback to the user as to what characters were invalid in the text they entered. Hackers gain nothing from being told the obvious, that HTML tags are not allowed; but legitimate users will be incensed when told only that the system didn't understand their input, with no indication as to how to make it acceptable.
In the third chapter, the authors explain the obvious danger of using unsanitized user input within a call to the operating system, such as exec() or system(). The discussion here assumes that you are on a *nux server, not Windows. Two PHP commands are suggested for sanitizing user input, as well as the option and advantages of building a custom API that is limited to only the system calls that should ever be executed within your Web application. On page 33, their test code appears to assume that register_globals has been enabled (so the GET variables in the malicious URL are automatically instantiated and set to the values in the URL), which is disappointing for a book on PHP security, since the dangers inherent in register_globals are so severe that it is now disabled by default, is deprecated in PHP version 5.3.0, and will be completely removed in version 6.
In Chapter 4, readers get an overview of program and data storage on a computer, including buffers, stacks, and heaps, as groundwork for learning what buffer overflows are and how hackers can try to exploit them to execute database and operating system statements, including using your server as a staging point for remote exploits and denial-of-service attacks. The fifth chapter dovetails nicely with the previous one, because it discusses input validation, which is a key component of avoiding boundary condition attacks. The authors explain the importance of validating tainted data, using character length and regular expressions. One simple countermeasure to such attacks that the authors fail to mention, is simply setting a maximum input length ("maxlength") on HTML "input" tag fields. After all, most entry fields on forms are input tags — not textarea tags, for which the maxlength attribute only specifies wrapping. Using maxlength does not prevent manipulation of POST values, but does prevent the less knowledgeable attacker from overflowing input tag fields.
Chapter 6 explains the risks in working with local and remote files, and why it is critical to not allow mischievous users do such tricks as inserting a pathname in a filename, when your code is expecting only a simple filename. Unfortunately, some of the code and claims in this chapter are suspect: On page 70, the value of $path_to_uploaded_files is missing a needed trailing forward slash. The suggested method of processing malicious file paths could be made much more simple and secure with the use of basename(). The file_get_contents() attack shown on page 71 again seems to assume that register_globals is enabled; even if it were enabled, the exploit wouldn't work because $file is always set to a value in the script code. The authors seemingly believe that GET variables can override anything in a script. Nonetheless, their advice about handling user-uploaded files is spot on.
Part 4 of the book focuses on user security. The first of its chapters covers user authentication and authorization — combining the two for their sample application — and starting with usernames and passwords. Access denial due to invalid username or password is supposedly illustrated by Figure 7.2, but all that it illustrates is that a concept that needs no visual depiction is not made more clear by trying to represent it with a confusing image. The authors provide a thorough discussion of authentication purposes and methods, as well as password encryption and strength. Yet they provide no rationale for setting the default values for usernames, passwords, and e-mail addresses to " " simply because the columns are non-nullable. After all, a record would only be added to the table if those values were known. Also, in their validateUsernamePassword() function, they've mistakenly commented out the first "return FALSE;" and they create unused variables $username and $password.
Chapter 8 provides an overview of various types of encryption, particularly for passwords, and some recommendations for PHP-supported algorithms. One blemish in this discussion is the claim that the longer the key for decryption, the longer it will take for your application to load the data (presumably the encrypted text) — which doesn't make sense. Also, their password() and login() functions reference class member names of an object not yet defined or explained. Code out of context like this can be confusing to the reader.
Sessions are a key component of maintaining and securing the identity of an authenticated user as she goes from one page to another in your PHP application. In Chapter 9, the authors describe the three major categories of session attacks: fixation, hijacking, and injection. The next chapter addresses cross-site scripting (XSS), but runs only three pages, and provides no examples of an XSS attack, which would have been helpful for the reader to understand how such an attack could try to compromise his PHP code, and what sort of malicious code to look for in his site. However, references to four open source XSS filtering projects are provided, in case the reader would like to learn more about them.
The fifth part of the book is devoted to securing whichever server environment on which you choose to host your application — Apache and MySQL, or IIS and Microsoft SQL Server, as well as PHP. In the chapter on PHP, the authors present the Zend Core release of PHP, which can save developers time in installing components of the LAMP stack, and also save them from reinventing the wheel, by using the Zend Framework. Other techniques for hardening PHP are discussed. Chapters 14 and 15 explain how to use automated testing and exploit testing, to increase your application's security, using powerful exploit testing tools — free and proprietary.
The sixth and final part of the book contains two chapters, which purportedly discuss the advantages of designing security into a new application right from the start, and how to improve security in an application that has already been built. In the former chapter, the authors stress the importance of balancing no design ("Skip reading Slashdot for one day...") and too much design (i.e., stalling). But the material mostly consists of the basics of designing a Web application, with no new information on security, and concludes with a brief reiteration of security principles detailed in earlier chapters. The latter chapter offers some good advice on having separate development and test environments, in addition to the production environment. The principles expounded in each of the two chapters, do not overlap at all, and yet together they apply equally to new applications under development just as much as they do to finished applications; splitting the principles up does not make sense.
Sadly, the book does not live up to its potential. In general, much of the sample code is sloppy, as exemplified by the instances noted above. The authors and the technical reviewers should have tested the attacks, and thereby found which ones don't work. Even the HTML should not be used by any new Web developer as an example of quality code that adheres to leading standards. In the HTML that they have their sample PHP code generate, the tag attribute values are in single quotes, and not double, which means all of that code would need to be changed to make it compliant with XHTML 1.0. Moreover, by choosing to use single quotes for both the attribute values and the PHP strings, the authors end up having to escape every single attribute value quote mark, which wastes space and looks ridiculous. They repeat this at the end of Chapter 6, but this time with all double quotes. Also, some of the technical decisions are rather odd, such as their setting those default values to spaces in the user table, noted earlier. A few terms are used strangely, as well, such as their statement that IIS's footprint is the number of entry points to it; actually, a Web server software's footprint generally refers to how much memory it consumes. Every chapter ends with a summary, titled "Wrapping It Up," none of which add any value to the book. There are at least three technical errata in the book that should have been caught: spaces in "u + rwx, go + rx" (page 76), and the invalid addresses "www.blog/modsecurity.org" (page 215) and "www.ballad-nonfiction/SecuringPHP/" (page 288; adding ."com" does not fix it).
On the other hand, the book's marketing copy claims that "Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals..." and that is certainly a fair claim. Most of the explanations are straightforward and informative. As a side note, kudos to Addison-Wesley for printing this book on recycled paper; one can only hope that all publishers adopt that policy.
The primary value of Securing PHP Web Applications is that it touches upon security topics that are often glossed over or completely neglected in other PHP security books and articles. This is important, because online miscreants will be searching out every possible chink in your Web site's armor. You should do the same, before they strike — and this book shows how.
Michael J. Ross is a freelance Web developer and writer.
You can purchase Securing PHP Web Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Psion Accuses Intel of Cybersquatting
Save the Netbooks writes "We discussed Psion sending C&Ds late last year over international trademarks held on the term 'netbook' and Dell accusing Psion of fraud last week. Since then Intel has joined in by suing Psion in federal court. On Friday Psion counter-sued Intel (court filing, PDF). SaveTheNetbooks.com has an analysis here. Psion has demanded a jury trial, profits, treble damages, destruction of material bearing the mark 'netbook' and the netbook.com domain (among other things), claiming that they are still actively selling netbooks despite also revealing sales figures showing a minuscule market share. It seems that declaring victory may have been a little premature as it will be months before the dispute plays out in court." -
Psion Accuses Intel of Cybersquatting
Save the Netbooks writes "We discussed Psion sending C&Ds late last year over international trademarks held on the term 'netbook' and Dell accusing Psion of fraud last week. Since then Intel has joined in by suing Psion in federal court. On Friday Psion counter-sued Intel (court filing, PDF). SaveTheNetbooks.com has an analysis here. Psion has demanded a jury trial, profits, treble damages, destruction of material bearing the mark 'netbook' and the netbook.com domain (among other things), claiming that they are still actively selling netbooks despite also revealing sales figures showing a minuscule market share. It seems that declaring victory may have been a little premature as it will be months before the dispute plays out in court."