Slashdot Mirror

An anonymous reader writes "As discussed on Slashdot recently, Internet footage of Olympics events are being censored for US citizens. Wired.com is covering the issue in a recent story, discussing ways of defeating these measures. Duane Wessels, developer of the Squid caching proxy, and Len Sassaman, Mixmaster anonymity software author, are interviewed. Are they correct? Is geolocation content censorship impossible?"

sixstring355 writes "Intel has released the first functional version of its Centrino/IPW2200 chipset driver. for Linux (kernel 2.6.4+). Posts to the ipw2100/2200 developer mailing list report connection speeds of 450KB/s. See the feature list for more details."

sixstring355 writes "Intel has released the first functional version of its Centrino/IPW2200 chipset driver. for Linux (kernel 2.6.4+). Posts to the ipw2100/2200 developer mailing list report connection speeds of 450KB/s. See the feature list for more details."

sixstring355 writes "Intel has released the first functional version of its Centrino/IPW2200 chipset driver. for Linux (kernel 2.6.4+). Posts to the ipw2100/2200 developer mailing list report connection speeds of 450KB/s. See the feature list for more details."

Gentu writes "OSNews posted some exclusive screenshots of a new project in the Mono community: Cocoa#. Apparently there are a couple of Apple engineers helping out the project that allows developers to create graphical Cocoa applications under Mac OS X using the C#, Python or Basic language. Mono seems to be doing well in the Windows land too, allowing developers to use GTK# instead of Windows.Forms to create multi-platform apps."

thedude13 writes " Infoworld is running a story about a major security hole in AOL ® Instant Messenger(TM) and how it handles away messages. AIM is vulnerable to a buffer overflow via the auto-response away message mechanism. Yet another reason to switch to, IMHO, a better client such as gaim."

TioHoltzman writes "There's a new 0-6-5 release available of the VCF, aka the Visual Component Framework. This release has a slew of new features, and it looks like it could become a real contender against Trolltech's Qt toolkit. It currently runs on Win32 platforms with an active Mac OS X port underway. There's still lots to do, but it can run some of the samples now on OS X. There are some screenshots here (1), here (2), and here (3)."

TioHoltzman writes "There's a new 0-6-5 release available of the VCF, aka the Visual Component Framework. This release has a slew of new features, and it looks like it could become a real contender against Trolltech's Qt toolkit. It currently runs on Win32 platforms with an active Mac OS X port underway. There's still lots to do, but it can run some of the samples now on OS X. There are some screenshots here (1), here (2), and here (3)."

TioHoltzman writes "There's a new 0-6-5 release available of the VCF, aka the Visual Component Framework. This release has a slew of new features, and it looks like it could become a real contender against Trolltech's Qt toolkit. It currently runs on Win32 platforms with an active Mac OS X port underway. There's still lots to do, but it can run some of the samples now on OS X. There are some screenshots here (1), here (2), and here (3)."

TioHoltzman writes "There's a new 0-6-5 release available of the VCF, aka the Visual Component Framework. This release has a slew of new features, and it looks like it could become a real contender against Trolltech's Qt toolkit. It currently runs on Win32 platforms with an active Mac OS X port underway. There's still lots to do, but it can run some of the samples now on OS X. There are some screenshots here (1), here (2), and here (3)."

TioHoltzman writes "There's a new 0-6-5 release available of the VCF, aka the Visual Component Framework. This release has a slew of new features, and it looks like it could become a real contender against Trolltech's Qt toolkit. It currently runs on Win32 platforms with an active Mac OS X port underway. There's still lots to do, but it can run some of the samples now on OS X. There are some screenshots here (1), here (2), and here (3)."

sympleko (Matthew Leingang) writes "In Volume I of The PHP Anthology, Harry Fuecks showed some of the basic PHP functionality to solve a few simple problems, including how to object-orient your code, how to use PHP's hundreds of built-in functions, and how to use well-developed existing classes, be they from PEAR or other sites. In Volume II, he intends to 'blow your socks off by tackling some traditionally complex problems with the same principles--to great effect.' It's summertime and I'm sandals-only for the time being, so my socks remain safely in the top drawer. But the volume is nonetheless exciting." (Read on for the rest of Leingang's review, and check out last week's review of Volume I.)

There are seven chapters in this volume, each dealing with real-world problems. Many problems are those you've seen solved on sites you admire and wondered "How did they do that?" Others are frameworks that allow your site to run smoothly, with nobody getting accidentally logged out or having to wait too long while your script gluttonously pulls the same data out of the database for the Nth time. At the end, Fuecks goes back to the beginning, to show how proper design and development can save you time when you start your next project.

Chapter 1: Access Control
Authentication is the process by which users identify themselves. This is difficult in HTTP, a stateless protocol in which the server handles one request at a time and instantly forgets you. Luckily HTTP allows cookies, which are bits of data the server sends to the client for to reveal upon revisiting. At first cookies were used only to annoy ("Hello, Steve! You have visited this page 3 times"), but a cookie can hold the ID of a session record in a database, which contains any state-information that you like.

You can authenticate without sessions via HTTP server configuration, as long as you like the dull dialog box the browser pops up when users enter a restricted area. Oh, and you don't mind the fact that users won't be able to "log out" without quitting their browser, nor can you force a logout after a certain timeout value. Nor can you allow users to register themselves... these are all existing, solved problems and the author shows some of the best solutions. Common tasks like allowing users to change their passwords, recover their passwords if (I mean when) they forget them, and arranging users in groups to which you assign common permissions are also covered.

My favorite example from this chapter is the humans-only registration application. Remember when online voting for the Major League Baseball All-Star Game first started? Anyone who knew how to write a web client could have automated a task to vote as many times as the server could handle, and have his favorite players be the all-star team.* To bring it closer to home, what if somebody decides to bog down your site by automatically registering a huge number of times and filling up your database? You can keep these things from happening by making users look at images which contain text but are hard for computers to "read." PHP is in use at all stages of this game, from writing the registration form's HTML to generating the obscured image on-the-fly.

Chapter 2: XML
XML is a fact of life and, hype aside, is a great way to store and transmit machine-readable data. One of the most visible applications is the thousands of bloggers and news sites providing XML feeds of their headlines. You can write portal sites that grab these headlines, parse them all and present them on your site with links to the full text at the source.

There are two ways to parse XML: with events, or by using the Document Object Model (DOM). The methodologies are similar to reading a plain-text file line-by-line or all at once. Using events you can implement a finite-state machine based on which tags and text come down the pike. Or you can slurp the whole document into memory and find any part of it with ease. The built-in library for the former is based on the popular Simple API for XML (or SAX; don't you like those nested acronyms?), while the latter often uses Xpath to find the particular document nodes you want.

The author shows how to parse RSS feeds with both SAX and the DOM, and how to render a feed with DOM. Further, you can use Extensible Stylesheet Language Transformations (known as XSLT) to transform XML -- whether it's to XHTML for regular browser reading, WML (Wireless Markup Language) for viewing on mobile phones, or even SQL to communicate with a database.

Another exciting XML application is in the area of web services, in which agents (often but not necessarily web servers) communicate with each other over an XML-based protocol built on top of PHP. The two most popular protocols are XML-RPC (the RPC stands for "Remote Procedure Calls") and SOAP (which used to stand for "Simple Object Access Protocol" but now is just a name). Often-changing information such as stock prices and weather are often offered through web services, but they can also be used as an object API between agents over the network. What's cool about using SOAP is you can publish to clients exactly what services you offer and how they can call them using the Web Services Description Language (WSDL).

Chapter 3: Alternative Content Types
If you've ever printed out a web page that was designed for browser viewing, you know the less-than-desired effect. The navigational elements, search boxes, and banners, while necessary for the web page, are useless once a static copy is printed. Furthermore, you need to extend your site to include users with less-featured browsers, such as mobile phones.

Fortunately, PHP has been taught many languages. PDF is the standard for print-quality documents, and there are several libraries (free and non-free) which allow you to generate them. WML is the HTML of cell phone browsers, in which screen space is at a premium and bandwidth scarce. SVG is an XML application which allows vector-based images like PostScript does. The coolest example, however, uses XUL (the XML User interface Language, not to be confused with Zool) to make full GUI applications that you run through Mozilla. This isn't useful for the outside world where you can't force your users to use Mozilla (sigh), but works well for intranet applications that run on a variety of platforms.

The author also brings up in this chapter an HTML SAX parser he has written. You can process HTML pages chunk-by-chunk and extract the pieces you want. I hadn't known about such a class until I read the book and I'm very excited I know about it now. For sometimes it's necessary to parse a web page meant for humans to read (perhaps to pretend to be a user and automate your all-star voting), and most HTML pages won't validate as HTML, let alone XML.

A good point here is that a well-designed, tiered application will allow you to swap out different presentation classes with little code rewrite. Separating the tasks of extracting the data from the database and presenting to the user in variety of formats is a common task that when done right becomes subsequently easier.

Chapter 4: Stats and Tracking
Once your site is up and running, you'll be interested to know which parts are the most active, and how much traffic you're getting. Into a dynamic page you can obviously insert any logging mechanism, but a great place to put it is inside your site's logo. PHP can send binary data as easily as text. Why would you want to do this?

• The logo is usually on every page (or it should be). You don't have to cut-and-paste code.
• You can serve the image, then use the flush command to send the output on and do extra processing. This way logging doesn't get in the way of page rendering.

There are lots of packages available to collect and analyze data. The author goes through phpOpenTracker which is quite rich in features. There are also ways to collect data on what links users follow to leave your site, and to keep requests from search engines from cluttering your log files.

Chapter 5: Caching
Another possible knock against PHP is that, while it's good to have dynamic pages, some pages are unnecessarily so. This is a waste of server resources to keep rendering the same page anew. There are different ways to conserve.

On the client side, you can use HTTP 1.1 headers like Cache-control and Expires to tell browsers when it's okay to store cached copies locally

On the server side, as can be expected, you have a greater level of control. You can use output buffering to delay sending of output to the browser, then save a copy of the output locally. On subsequent requests, you can serve the file rather than generate the HTML all over again. This can be implemented on a chunk (or block) level, so that you can keep some parts ultra-time sensitive and others not so much. The package PEAR::Cache_Lite can help with this.

Chapter 6: Development Technique
The last two chapters were my favorites of the two-volume set. They are on a higher level of abstraction than the features of PHP's library of functions, or previous five chapters on real-world solutions. After you've reached a certain level of expertise in PHP coding, you being to wonder about the "right" way to do things. The author shows how to use Xdebug to find bottlenecks in your code, as well as a few quick optimization tips (for instance, design your flow control so that the first choice is the one most often taken).

He then discusses the principles of N-tiered design. N is usually 5, but the data layer (usually a database or file system) and presentation layer (usually the browser) are most often handled outside of PHP, so you normally have three levels to worry about:

• Data Access: Getting data from the outside world into your application
• Application Logic: Doing whatever unique thing your application is supposed to do
• Presentation Logic: Forming a response in a format acceptable to your client

Keeping these layers separate and restricting them to communicating through well-defined interfaces allows you maximum flexibility. If you need to change databases (say you just got venture capital money and can afford Oracle now), you can do so only changing one layer. If you want to serve different flavors of HTML, or different markup languages altogether, or binary data, you can do so by only changing one layer. You can even strive for maximum distributability by enabling your layers to "live" on physically independent machines and communicate with XML-RPC or SOAP.

Documenting your code is essential. Anybody who's been programming for over a year has gone back to code he or she's written and thought, "Now what the heck was this supposed to do?" It's even more essential when you write something and wish to distribute it for the benefit of others. You can expect them to grok your code at an even lower rate since they didn't write it the first time.

Luckily, scripted languages like PHP are excellent at parsing text files, including PHP scripts themselves. Using well-defined documentation formats akin to JavaDoc, you can embed documentation in your code inside comments, and use tools like phpDocumentor to extract these documentation blocks and format them as nice, cross-reference HTML. In fact, writing doc blocks before your code is a good way to think ahead about how you want your classes and methods to work.

Unit Testing, one of the most digestible dogmas of Extreme Programming, is an awesome way to test your code for logic errors. You build up tiny test cases (using mock objects to isolate the class you're testing) and build as many as you like. Once you do this (PHPUnit and SimpleTest are two rich frameworks), you keep your tests and each time you add features, you run your test to make sure you haven't added bugs as well.

Chapter 7: Design Patterns
Design Patterns is one of the modern classics in information technology. After having done OOP for a while, you will inevitably get the feeling of deja vu that you've solved a problem before. Not so concretely as "I need a database abstraction layer," or "I need a templating system," but as in "I need a way to create objects without specifying exactly what class they belong to," or "I'm tired of writing so many if statements." Design patterns are common object architectures which can be used to solve common (though unique) problems.

Many design patterns are more suited to state-equipped applications with GUIs, but there are plenty to assist the PHP coder. The Factory Method is a pattern through which an object can create other objects of varying classes. So instead of writing mysql_connect everywhere, then having to change every occurrence of that function, you can abstract all database interaction to a class, then instantiate a database connection through a class method of another class: $db = MyApp::getDatabaseConnection(). This is useful when the connection (not just the RDBMS, but the actual database) you want varies depending on whether you are developing, testing, or going live with your application. Factory methods are also a good way to avoid global configuration variables.

The Iterator Pattern and the Observer Pattern are two others mentioned in this chapter. Iterators are used often in paging through database results. Observers are used to let objects notify other objects of changes in their state. This chapter will make you want to go read the whole Gang-of-Four book if you haven't already.

My biggest beef with the book is that this wasn't presented earlier on, perhaps at the beginning of Volume II. As a climax, it leaves me flat, wondering how the rest of the volume could have been derived from this very cool concept. But most PHP books conclude with chapters on how to extended PHP on the C level, or giant case studies involving massive code dumps, and I'm often not satisfied with them. This is a nice philosophical note to go out on. And there's something to be said for the argument that books like these aren't written to be read cover-to-cover.

Appendices
The book closes with the same indices as in Volume I. Since I don't know the URL of my review of that volume, I'll just copy: You can read about which configuration directives you're probably most interested in (the complete list you can get on PHP's web site), some common security breaches, and how to install PEAR, PHP's version of CPAN. My favorite appendix is the "Hosting Provider Checklist," a great reference for evaluating whether kewlhosting.com is going to give you the freedom and support you need to make a great hosted web site.

This volume was informative, well-written, and inspirational in that it made me want to go out and add cool and useful features to my web sites. Check it out if you can.

*Not really (not that I tried or anything), but they've always been a little bit smarter about it. You get my point, though. This did happen on an ESPN.com Page 2 mascot popularity contest, but they noticed through request headers that millions of votes were coming from the same place, and invalidated all those votes.

In real life, Matthew Leingang is Preceptor in Mathematics at Harvard University. He promises to review any book sent to him for free, and sometimes actually does it. Both volumes of The PHP Anthology are available from SitePoint. Slashdot welcomes readers' book reviews; to see your own review here, carefully read the book review guidelines, then visit the submission page.

Acidus writes "While researching for an embedded systems project (a magstripe enabled Coke machine), I was shocked by the lack of magstripe information: Programs/code that would run on a modern OS were all but nonexistant, articles that were 6-10 years old, etc. Further research proved hard, because I had become google's authoritative source. So Stripe Snoop was born, and is now at 1.5 . Stripe Snoop is a suite of research tools that captures, modifies, validates, generates, analyzes, and shares magstripe data, with an ever-growing database of card formats. Decoding everything from driver's licenses to banking cards, its features can analyze non-standard cards, such as NYC's Metrocard."

An anonymous reader writes "While there's been a few postings on events happening at DefCon 12, one event seems to have been overlooked. A new wireless packet injection tool was quietly released (unleashed?) during DefCon: AirPwn. Here's a write-up of the tool as deployed by its author and crew at DefCon 12."

jefftp writes "CERT announced today that there are several vulnerabilities in libpng, one is a buffer overflow which could potentially cause a PNG image file to execute arbitrary code. Libpng release 1.2.6rc1 addresses the problems covered by this CERT announcement, and can be obtained from the libpng Sourceforge project. A fully tested version is to be released in the next few weeks."

jefftp writes "CERT announced today that there are several vulnerabilities in libpng, one is a buffer overflow which could potentially cause a PNG image file to execute arbitrary code. Libpng release 1.2.6rc1 addresses the problems covered by this CERT announcement, and can be obtained from the libpng Sourceforge project. A fully tested version is to be released in the next few weeks."

Noksagt writes "P2P isn't just for government documents anymore! Bibster assists researchers in managing, searching, and sharing bibliographic data in a peer-to-peer network. This project shows great promise to researchers who currently search for citations through centralized servers (Google, Scirus, CiteSeer, ISI. and many others). By making it decentralized, researchers can share bibliographic data with no subscription costs and avoid typing this data in by hand. It can import and export citations using bibtex. The project is GPLed and free clients for windows and Linux are available. There's also a Sourceforge page for Bibster, so you can checkout from the CVS if the Bibster site is slow."

HandyAndE writes "For everybody out there who has been waiting for Enlightenment 0.17 or been thinking what alternatives are there to Gnome/GTK and KDE/QT this is an important day for you. The Enlightenment Foundation Libraries (EFL) today have an (albeit pre) release named Asparagus. From the E site: 'We are pleased to announce the Enlightenment Foundation Libraries Preview Release, codenamed "Asparagus"! After years of work, we've come to a place where it is time to start opening these powerful tools to the wider world to use.' " Read more for more information.

Libraries included in todays release are:

• ecore-1.0.0_pre7 (loops, timers, X, evas and config abstraction)
• edb-1.0.5 (database library)
• edje-0.5.0 (powerful theming library)
• eet-0.9.9 (theme compression format)
• embryo-0.9.0 (embeded scriptiong for themes)
• emotion-0.0.1 (DVD / video wrapper for libxine)
• epeg-0.9.0 (super-fast JPEG thumbnailing etc)
• evas-1.0.0_pre13 (canvas library)
• imlib2-1.1.1 (image manipulation)
• imlib2_loaders-1.1.1 (image loaders)

Get your browsers pointed to sourceforge for a copy and see what EFL can do for you!

Adam K writes "It had to happen eventually. CPAN has finally gotten the sloccount treatment, and the results are interesting. At 15.4 million lines of code, CPAN is starting to approach the size of the entire Redhat 6.2 distribution mentioned in David Wheeler's original paper. Could this help explain perl's relatively low position in the SourceForge.net language numbers?"

orangesquid writes "OpenEEG is a system for getting data from your brain to your computer. Recently, work was resumed on scEEG, a soundcard-based system which may one day make home EEG systems very cheap (they currently cost a few hundred US$ to put together; there are, though, some potential cheaper alternatives). But, what research is being done into getting data from your computer to your brain? There have been some systems that inject optical signals into your eyes, but, what about direct neural interfacing? It seems EMF and light are one option; playing with neurotransmitters may be another. What do /.'ers foresee coming in this field? What research have you seen being done? Particularly, is any of this to the point where homemade, low-cost systems are feasible? Where can I find out how to inject signals into my head? Combining this with openEEG might lead to some exciting new levels of Internet addiction."

orangesquid writes "OpenEEG is a system for getting data from your brain to your computer. Recently, work was resumed on scEEG, a soundcard-based system which may one day make home EEG systems very cheap (they currently cost a few hundred US$ to put together; there are, though, some potential cheaper alternatives). But, what research is being done into getting data from your computer to your brain? There have been some systems that inject optical signals into your eyes, but, what about direct neural interfacing? It seems EMF and light are one option; playing with neurotransmitters may be another. What do /.'ers foresee coming in this field? What research have you seen being done? Particularly, is any of this to the point where homemade, low-cost systems are feasible? Where can I find out how to inject signals into my head? Combining this with openEEG might lead to some exciting new levels of Internet addiction."

Thanks to LinuxDevCenter.com for its profile of open-source strategy game engine Stratagus, interviewing the creators of the multi-platform engine formerly known as Freecraft, before the makers "received a cease and desist order" from Blizzard over name/design similarities. The author explains: "There are no essential technical differences between Stratagus and FreeCraft - Stratagus continues where FreeCraft left off. The goal of making a customizable RTS engine remains the same, although the designers now de-emphasize compatibility with WarCraft 2." The piece also discusses future plans: "The big new technology under development for future versions of Stratagus is a meta-server which will enable the engine to connect Internet players to play together. 'We intend to add a team play mode where you can share resources and technologies with your allies. [This] will allow for a much better community with features such as online chat and user statistics,' says [lead programmer] Russell."

Pieroxy asks: "As a web developer, both professionally and personally, I try to always make sure what I write works in every browser at my disposal. When the choice came for me to choose a platform for my PC, I went the Windows route, because I cannot afford not to test IE on all those websites/applications. But now I am facing a problem with all browsers that don't have a native Windows port, such as IE5/Mac, Safari/Konqueror. kde-cygwin helped very little because the version of Konqueror shipped doesn't display most JPEG, making any testing worthless. IE5 for Mac should die soon, but is still widely used as being the default browser for so long. How do you test your web pages? Have you noticed discrepancies on how a specific engine (Gecko, Opera, KHTML) renders content on different Platforms? Do I need a Mac and a Linux machine to make sure it is working on these platforms?"

Pieroxy asks: "As a web developer, both professionally and personally, I try to always make sure what I write works in every browser at my disposal. When the choice came for me to choose a platform for my PC, I went the Windows route, because I cannot afford not to test IE on all those websites/applications. But now I am facing a problem with all browsers that don't have a native Windows port, such as IE5/Mac, Safari/Konqueror. kde-cygwin helped very little because the version of Konqueror shipped doesn't display most JPEG, making any testing worthless. IE5 for Mac should die soon, but is still widely used as being the default browser for so long. How do you test your web pages? Have you noticed discrepancies on how a specific engine (Gecko, Opera, KHTML) renders content on different Platforms? Do I need a Mac and a Linux machine to make sure it is working on these platforms?"

spamatica writes "In these times when multimedia on Linux seems to be on a roll, it's my pleasure to break the news that one of the most powerful midi/audio sequencers on Linux, MusE, has just had a new release. This release is a major milestone featuring things such as Jack-transport and win32/VST-Instrument support. Moreover it has been much improved concerning usability, stability and functionality. The Linux-based studio is looming ever closer -- in fact, it's here!"

spamatica writes "In these times when multimedia on Linux seems to be on a roll, it's my pleasure to break the news that one of the most powerful midi/audio sequencers on Linux, MusE, has just had a new release. This release is a major milestone featuring things such as Jack-transport and win32/VST-Instrument support. Moreover it has been much improved concerning usability, stability and functionality. The Linux-based studio is looming ever closer -- in fact, it's here!"

An anonymous reader writes "Eweek has an article on how PhoneGaim integrates IM and phone into one program making it possible for AOL/ICQ, MSN and Yahoo users to call each other, landlines and cellphones. It talks about how it could be a Skype-killer since it's based on open standard SIP and comes with free PSTN calling (5 minutes per day), free voicemail via email, and even supports incoming phone calls from PSTN. It's out first for desktop Linux (maybe the start of a new trend?) but it's open source so expect a MSWin version shortly from Gaim team."

Ed Waldmire writes "I am pleased to annouce to the /. community that the OpenDarwin community has released OpenDarwin 7.2.1. This release corresponds to Mac OS X 10.3.2 and includes many bugfixes and additions. Most notable are ncutil, YUM, and a tulip NIC driver."

WMCoolmon writes "Derek Smart (of Battlecruiser 3000 AD PC space-sim fame) has started a thread on the Adrenaline Vault forums stating that he is looking into buying the Freespace rights from Interplay and building his own Freespace 3. (For those of you who have not heard of Freespace, it is a space shooter developed by Volition Inc. and Interplay in 1998, which has received almost univeral acclaim.) Discussion has turned particularly ugly following Derek Smart's post on the main Freespace 2 fan site. In addition, he has threatened to shut down the Ferrium Project (an open-source project meant to replace the aging engine of Freespace 2) if he gets the license. To quote Derek: 'I have FULL intentions of getting this license. If I DO get it, you and your teenny leetle friends on your Ferrous Oxide project, are effectively, shutdown because I don't piss around when it comes to IP properties'."

Martin Ecker writes "A few months ago, the OpenGL Shading Language -- OpenGL's own high-level shading language for programming Graphics Processing Units (GPUs) -- was ratified by the Architectural Review Board (ARB) responsible for the development and extension of the OpenGL graphics API. The first real-world implementations are just becoming available in the latest graphics drivers of the big graphics hardware vendors. Now the first book that features this new shading language is available, with the intention of becoming the standard book on the subject. Randi J. Rost's OpenGL Shading Language (published by Addison-Wesley) is a good introduction to developing shaders with the new OpenGL Shading Language, and demonstrates a number of useful applications for real-time programmable shaders." Read on for the rest of Ecker's review. OpenGL Shading Language author Randi J. Rost pages 608 publisher Addison-Wesley Publishing rating 8/10 reviewer Martin Ecker ISBN 0321197895 summary A solid introduction to developing shaders in the OpenGL Shading Language.

Because of its orange cover, the book is also called the "Orange Book," and together with its siblings, the classic "Red Book" (aka OpenGL Programming Guide) and the "Blue Book" (aka OpenGL Reference Manual (see this earlier review), it is a member of the OpenGL family of books from Addison-Wesley. Although it has a short overview of the basic features of OpenGL, it is intended for an audience that is already somewhat familiar with OpenGL and with 3D graphics programming in general. The interested reader should probably have read the "Red Book" or at least have a good understanding of how to use the OpenGL graphics API before attempting to tackle this book.

Rost, as well as the co-authors on some of the chapters, John M. Kessenich and Barthold Lichtenbelt, all employees of the graphics hardware vendor 3Dlabs, were driving forces behind the inception of the OpenGL Shading Language. They are also core contributors to the final language specification as well as the OpenGL extensions that provide the framework for this new shading language. So the information in the book actually comes from the people that created the language, which is a definite plus.

The book consists of 17 chapters and two appendices which can be roughly categorized into four major parts: An introduction to the basics of OpenGL and GPU programmability; a description of the OpenGL Shading Language and the associated OpenGL extensions; a number of chapters that show the shading language in action; and finally a reference section on the language grammar and the entry points introduced by the new OpenGL extensions. Each chapter of the book has numerous interesting references to get further information on the presented topics. I can only recommend taking a closer look at some of them.

The first two chapters of the book describe the basics of the OpenGL graphics API, followed by an overview of the new programmable processors in the graphics pipeline and an overview of the shading language used to program them. The introductory chapter on OpenGL basics is very well written and worth the read even for more experienced OpenGL programmers. However, as mentioned above, the reader should have enough expertise in using OpenGL to be able to understand the more advanced parts of the book. The introductory chapter won't be enough in my opinion.

The third chapter, written by John Kessenich - one of the main authors of the OpenGL shading language specification - presents the language definition. This chapter is where the basic data types as well as the available control structures are described in detail. For people interested in writing a compiler for the OpenGL Shading Language, Appendix A also contains the entire language grammar in BNF.

Chapter four moves on to describe the programmable graphics pipeline, which was first introduced in the second chapter, in more detail. The programmable vertex and fragment processors and their interaction with OpenGL's fixed functionality are presented. In chapter five, the description of the shading language concludes with the available built-in functions. Chapter six offers the first simple example that shows the shading language in action - a shader to procedurally create a brick texture.

Until this point, the book doesn't talk much about how to integrate shaders into the host program running on the CPU. New OpenGL extensions were created for this purpose, in particular GL_ARB_shader_objects, GL_ARB_vertex_shader, and GL_ARB_fragment_shader. Chapter seven contains detailed descriptions of the entry points provided by these new extensions. Among other things, it describes how shader objects are created, compiled, and then linked to form shader programs that can then be used to render objects. Appendix B also has a reference section on the new entry points similar in style to the "Blue Book." Chapter seven concludes the dry, technical part of the book that introduced both the shading language and the necessary infrastructure to use it from a host program running on the CPU.

The remaining chapters delve into the really interesting topic: shader development. These chapters offer multiple ideas on what can be done with shaders and how to effectively use them in graphics programming. Standard techniques, such as bump mapping, procedurally creating textures, using noise, and others, are presented. Chapter nine deserves special mention because it presents shaders that mimic the behavior of the OpenGL fixed-function pipeline. Many developers new to shader programming are faced with re-implementing certain features offered by OpenGL's fixed functionality. This chapter addresses this.

Chapter fourteen also deserves mention. Shaders that procedurally create textures usually suffer from aliasing artifacts. This chapter shows a number of anti-aliasing techniques to diminish these artifacts. In my opinion, this important topic has not received the attention it deserves -- it's good to see such a chapter in this book.

Closing this section of the book, chapters fifteen and sixteen describe some interesting non-photorealistic shaders and shaders for doing image processing. (For more ideas on what can be done with shaders I also recommend the book "GPU Gems", which I have read and reviewed some time ago.

The final chapter of the book (chapter seventeen) is a language comparison with other high-level shading languages such as the RenderMan Shading Language, SGI's Interactive Shading Language from the OpenGL Shader package, Microsoft's HLSL, and NVIDIA's Cg. Although I am quite familiar with most of these languages, I found this chapter to be an interesting read because it attempts to look at the languages objectively, listing advantages and disadvantages of the various approaches.

The book contains many diagrams and images, all in black and white, except for 16 pages containing 30 color plates in the middle of the book. Most of the images are not overly "flashy" but do give a practical idea of the types of rendered images a particular shader can produce.

There is also a website for the book where you can find an errata list and download a sample chapter (chapter six). As mentioned above, this chapter develops a simple brick shader to show the basic features of the shading language. The website also has all the shaders presented in the book available for download. Because the book does not come with a CD-ROM this is the only means of getting shaders code without having to type them. At the time of this review, the site appeared to be in a transitional state.

Rost's OpenGL Shading Language succeeds at giving a good introduction to shader programming with the OpenGL Shading Language. Not only does it provide the necessary technical instruction to allow the reader to write his/her own shaders as well as integrate them with the host program, it also demonstrates a number of practical applications for shaders and tries to encourage exploring the new dimension of real-time graphics programming opened up by the OpenGL Shading Language. Since there is no other book currently available on this topic, it is hard to say whether the "Orange Book" will stand the test of time and actually become the reference book on the OpenGL Shading Language, but I believe it will.

Ecker has been involved in real-time graphics programming for more than 9 years and works as a arcade game developer. He also works on a graphics-related open source project called XEngine. You can purchase OpenGL Shading Language from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

bakreule writes "Microsoft, AOL and Yahoo! are teaming up to link their separate instant messaging services for use in the workplace, 'the first major step by the industry leaders to enable computer users to communicate with one another no matter which of the three systems they use.' Sound to good to be true? It is. 'What this does not do,' Root said (yes, that's his name), 'is the holy grail of instant messaging, which is to allow anybody on any network to send a message to anybody on any other network.' It seems that the system, which is aimed for corporations, involves some MS software which acts as an intermediary between the different systems. Sounds like a fancy version of all the open source IM clients out there."

Toddd writes "Everybody knows that the Doom and Quake engines are opensourced. But the game data (such as graphics, sound, and maps) are not. Therefore, if you want to check out the quality of today's source ports like Doomsday for Doom or Tenebrae for Quake, you either need to download the shareware versions or buy the retail boxes. However, what is less well-known is the existence of projects like the recently updated Open Quartz, offering 'GPL-compatible content - including models, maps, sounds and textures - which are required for a fully GPL game using the GPL Quake source.' FreeDoom also does similarly for Doom." We recently covered a new release of Doomsday.

Toddd writes "Everybody knows that the Doom and Quake engines are opensourced. But the game data (such as graphics, sound, and maps) are not. Therefore, if you want to check out the quality of today's source ports like Doomsday for Doom or Tenebrae for Quake, you either need to download the shareware versions or buy the retail boxes. However, what is less well-known is the existence of projects like the recently updated Open Quartz, offering 'GPL-compatible content - including models, maps, sounds and textures - which are required for a fully GPL game using the GPL Quake source.' FreeDoom also does similarly for Doom." We recently covered a new release of Doomsday.

Toddd writes "Everybody knows that the Doom and Quake engines are opensourced. But the game data (such as graphics, sound, and maps) are not. Therefore, if you want to check out the quality of today's source ports like Doomsday for Doom or Tenebrae for Quake, you either need to download the shareware versions or buy the retail boxes. However, what is less well-known is the existence of projects like the recently updated Open Quartz, offering 'GPL-compatible content - including models, maps, sounds and textures - which are required for a fully GPL game using the GPL Quake source.' FreeDoom also does similarly for Doom." We recently covered a new release of Doomsday.

TheTomcat writes "After years of anticipation, PHP 5 was released today. This release represents a milestone in the evolution of PHP. It sports the new Zend Engine II, a completely re-worked object model, and many many new features. Check it and the changelog out." In other PHP news, remote_bob writes "There have been many attempts, like BinaryPHP and PASM, but finally there is a complete compiler for PHP. The Roadsend compiler produces standalone, native executables, and supports the entire PHP language (but not all extensions). It uses Bigloo Scheme to do its job, a variant of Lisp, the language that Paul Graham writes about. Benchmarks say that performance is pretty good. Is this another sign that dynamic languages are the future?"

An anonymous reader asks: "Say you want to do your online Internet banking on your home PC, with a bank that lets you send actual money to complete strangers online, and you want to be really, really sure that some hacker isn't stealing your password or your money or both. You don't fully trust Windows, despite your best efforts to keep it secure, and you know that no OS installed on a hard disk is guaranteed secure or immune to root-kits and the like. You know enough about computer security to know that you are always just one careless mouse click or one security hole away from being screwed. You've read the advice from your bank, which says 'turn up' your security settings (whatever that means), and don't click on 'unknown' links (ever). So what you really need is a bootable CD with software so simple and stripped down that it lets you browse the web and nothing else. The nearest I can think of is one of the Linux mini-LiveCD's with Mozilla or some other browser included, such as Damn Small Linux, or ByzantineOS. Such a system shouldn't even know how to speak to your hard drives. Do Slashdot readers know of anything like this?"

ryewell asks: "I have an IBM Thinkpad 390 Laptop, PII 266Mhz, 128 MB RAM, with USB 1.0 port and a 3.5 floppy drive being the most important stats I would assume for this question. So my hard drive died, and I've been using a DOS boot disk and a program called Mel to do my word processing.Would it be possible to boot the laptop in Linux using a 3.5 disk, then using drivers access the USB memory stick that had an adequate Linux system on it?" With USB thumb drives getting to be as large as 512 megs, memory sticks weighing in at 1 gig, and Compact Flash cards getting into the 2 gig range, this might not be such a bad idea. There's the Linux Mobile System that looks to implement something like this, but are there other distributions or similar projects that might be of interest? If you were going to put together a custom system for something like this, how would you do it? "If Linux can be configured this way, I would need no hard drive, and the created docs/info could be saved on the USB drive memory stick. This way, no hard drive means no moving parts, which means better battery life, and I won't have to buy a hard drive which at the best deal I can find is about $130 US after taxes, shipping, etc. And how cool would it be to run a laptop off of a memory stick! Unfortunately, I know nothing about Linux, but this might be a cool problem to solve for those smart and knowledgeable enough to figure it out. Thanks for any help you can provide!"

zratchet writes "The IGDA Independent Game Development Special Interest Group is just getting started - this group is for game developers interested in pursuing game development and distribution outside the standard channels as presented by the mainstream industry today. For purposes of this SIG, the definition of 'indie' is: 'Not having any formal relationship with a publisher.' The purpose of this SIG is to provide information and resources to help build the community of indie developers and support their efforts, and we're currently identifying 3 types of Indie Game Developers: Commercial (small self-publishing companies and those using small publishers - for example Sunspire Studios of Tux Racer fame) and GarageGames), Open Source, Shareware, Freeware, and Public Domain (including OSI and Creative Commons licensed games) such as those listed at Sourceforge, and 'mods', such as those hosted at PlanetQuake."

tcopeland writes "An article on NewsForge highlights some changes in the upcoming PostgreSQL release (v7.5) that are funded by Fujitsu. PostgreSQL core team member Josh Berkus says that "Tablespaces, Nested Transactions, and Java support" are being underwritten by Fujitsu; this has also been mentioned on the postgresql-hackers list. He also says that 7.5 will be "...the most significant new release of the software since version 7.0 almost four years ago". Good times for PostgreSQL users!" And ggoebel writes "Jeff Dike posted a notice to the UML [User-mode Linux] developers mailing list: 'The first bit of news is that as of last Monday, I am working for Intel. They generously offered a full-time position, off-site, with my time mostly spent on UML. This basically means that UML is no longer a part-time, after-hours thing for me, so we should start seeing more work happening on it, especially compared to the last month or two.'"

hypethetica writes "In memory of game developer Silas Warner, a fan-based port of the original PC boot-diskette version of the 1985 classic, Beyond Castle Wolfenstein, has been disassembled, CPU speed fixed, and Soundblaster support has been added. The new game executable, blessed by Silas' widow, runs in DOS, Windows, and DOSBox emulators. Both the executables and source code (x86 assembly) are available for download."

An anonymous reader writes "The National Weather Service wants to update a 1991 policy that limits what data it can put on the Internet. The proposed new policy makes putting free data on the Internet official. The Private Weather Sector wants NWS to provide its new digital forecasts only in specialized data formats and would like NWS to shut down new XML data feeds. Barry Myers (MS Word doc), president of Accuweather wants you to have pay before using Kweather and other similar tools. Myers is asking friends to comment against the new NWS policy by June 30. Should we have to pay twice to get weather forecasts?"

Nuclear Elephant writes "In light of Gordon Cormack's Study of Spam Detection recently posted on Slashdot, I felt compelled to architect an appropriate response to Cormack's technical errors in testing which ultimately explain why one of the world's most accurate spam filters (CRM114) could possibly end up at the bottom of the list, underneath SpamAssassin. I spend some time explaining what is a correct test process and keep my grievances simplified about the shortcomings of Cormack's research."

Simon Lyall writes "A new study of antispam software shows that Spamassassin performed well in various configurations along with Spamprobe , Bogofilter and Spambayes also came out good while CRM-114 failed to live up to its previous claims . The study shows: 'The best-performing filters reduced the volume of incoming spam from about 150 messages per day to about 2 messages per day.'"

Simon Lyall writes "A new study of antispam software shows that Spamassassin performed well in various configurations along with Spamprobe , Bogofilter and Spambayes also came out good while CRM-114 failed to live up to its previous claims . The study shows: 'The best-performing filters reduced the volume of incoming spam from about 150 messages per day to about 2 messages per day.'"

Simon Lyall writes "A new study of antispam software shows that Spamassassin performed well in various configurations along with Spamprobe , Bogofilter and Spambayes also came out good while CRM-114 failed to live up to its previous claims . The study shows: 'The best-performing filters reduced the volume of incoming spam from about 150 messages per day to about 2 messages per day.'"

Simon Lyall writes "A new study of antispam software shows that Spamassassin performed well in various configurations along with Spamprobe , Bogofilter and Spambayes also came out good while CRM-114 failed to live up to its previous claims . The study shows: 'The best-performing filters reduced the volume of incoming spam from about 150 messages per day to about 2 messages per day.'"

teamhasnoi writes "Today at WalterCon the new name of OpenBeos has been released - Haiku! More info at the BeOS Journal. BeGroovy is reporting that Java is running on Haiku as well! All in all, a very good day for a BeOS (now Haiku) fan!"

roadies writes "Despite all the negativity and privacy concerns that surround Gmail, it has still gained cult-like status where net-d0rks feel self validated by having a gmail address and will do anything to get one. Services like the Gmail Machine, a randomized Gmail lotto that has people hitting refresh until they get carpel-tunnel in the index finger, reports over 7 million pageviews (though, definitely not uniques) in 3 days and 55 invites given away. They just added 222 more through donators who have given up invites in exchange for a text link on the high-traffic site. GmailSwap (covered recently on /.) has given away everything from cameras to good vibes. Good news for hardpressed geeks: The invites are becoming more and more available and mainstream. Ebay once had gmail invites going for a couple hundred dollars. Now, nobody is bidding on them anymore, so you can purchase one the old-fashioned eBay way for a dollar or two." Reader marklyon writes "Third party developers have stepped in with utilities that enhance and improve GMail. One utility, Mbox & Maildir to Gmail Loader allows users to upload their existing email to their GMail account. Another, POP Goes the GMail, offers the ability to access your GMail account with any POP mail reader, giving users the ability to permanently archive messages. GTray lives in your taskbar and alerts you to incoming messages. Other, more general programs, allow you to forward your Hotmail or Yahoo! Mail messages to your new GMail account. The question that remains, however, is whether Google will work with or against third party developers in GMail's future."

mrdeathgod writes "The Port Knocking project at SourceForge has just released portknocking_v1.0. Based on my undergrad thesis, this client/server package does not use pre-defined knock sequences, but rather utilizes Blowfish in order to encrypt the client data into a sequence of port numbers. This enables a client with the proper password to remotely manipulate firewall rules without fear of replay attacks. While currently designed for FreeBSD+ipfilter, expanded portability is in the works."

mrdeathgod writes "The Port Knocking project at SourceForge has just released portknocking_v1.0. Based on my undergrad thesis, this client/server package does not use pre-defined knock sequences, but rather utilizes Blowfish in order to encrypt the client data into a sequence of port numbers. This enables a client with the proper password to remotely manipulate firewall rules without fear of replay attacks. While currently designed for FreeBSD+ipfilter, expanded portability is in the works."