Slashdot Mirror

benrothke writes "Narrating a compelling and interesting story about cryptography is not an easy endeavor. Many authors have tried and failed miserably; attempting to create better anecdotes about the adventure of Alice and Bob. David Kahn probably did the best job of it when wrote The Codebreakers: The story of secret writing in 1967 and set the gold standard on the information security narrative. Kahn's book was so provocative and groundbreaking that the US Government originally censored many parts of it. While Secret History: The Story of Cryptology is not as groundbreaking, it also has no government censorship. With that, the book is fascinating read that provides a combination of cryptographic history and the underlying mathematics behind it." Keep reading for the rest of Ben's review. Secret History: The Story of Cryptology author Craig P. Bauer pages 620 publisher CRC Pres rating 9/10 reviewer Ben Rothke ISBN 978-1466561861 summary Excellent comprehensive and decipherable text on the history of cryptography As a preface; the book has cryptology in its title, which is for the most part synonymous with cryptography. Since cryptography is more commonly used, I'll use it in this review.

Kahn himself wrote that he felt this book is by far the clearest and most comprehensive of the books dealing with the modern era of cryptography including classic ciphers and some of the important historical ones such as Enigma and Purple; but also newer systems such as AES and public-key cryptography.

The book claims that the mathematics detailed in it are accessible requiring minimal mathematical prerequisites. But the reality is that is does require at least a college level understanding, including algebra, calculus and more.

As an aside, nearly every book on encryption and cryptography that claims no advanced mathematical knowledge is needed doesn't meet that claim. With that, Bauer does a good job of separating the two narratives in the book (cryptography and history), so one who is not comfortable with the high-level math can easily parse through those sections.

Bauer brings an extensive pedigree to the book, as he is a former scholar-in-residence at the NSA Center for Cryptologic History. While Bauer has a Ph.D. in mathematics, that does not take away from his ability as an excellent story teller. And let's face it; telling the story of cryptography in a compelling and readable manner is not an easy task.

The 20 chapters in the book follow a chronological development of encryption and cryptography; from Roman times to current times. Each chapter has a set of exercises that can be accessed here. Besides being extremely well-researched, each chapter has numerous items for further reading and research.

Chapters 1-9 are focused on classical cryptology, with topics ranging from the Caesar cipher, Biblical cryptology, to a history of the Vigenère cipher, the ciphers of WW1 and WW2 and more.

In chapter 8 World War II: The Enigma of Germany, Bauer does a great job of detailing how the Enigma machine worked, including details regarding the cryptanalysis of the device, both in its rotor wirings and how recovering its daily keys ultimately lead to is being broken. The chapter also asked the question: what if Enigma had never been broken,and provides a provocative answer to that.

Chapter 8 opens with the famous quote from Ben Franklin that "three may keep a secret if two of them are dead". He notes that the best counterexample to that is of the 10,000 people that were involved in the project to break the Enigma. They all were able to maintain their silence about the project for decades; which clearly shows that large groups can indeed keep a secret. Bauer notes that it is often a reaction to conspiracy theories that large groups of people could never keep a secret for so long.

Chapter 9 provides a fascinating account of the Navajo code talkers. These were a group of Navajo Indians who were specially recruited during World War II by the Marines to serve in their communications units. Since the Navajo language was unknown to the Axis powers; it ensured that all communications were kept completely secret.

While part 1 is quite interesting; part 2, chapters 10-20 focuses on modern cryptology and is even more fascinating. Bauer does a fantastic job of encapsulating the last 60 years of cryptography, and covers everything from the origins of the NSA, the development of DES and AES, public key cryptography and much more.

The book was printed in March 2013 just before the NSA PRISM surveillance program became public knowledge. If there is any significant mistake in the book, it is in chapter 11 where Bauer writes that "everything I've seen and heard at the NSA has convinced me that the respect for the Constitution is a key component of the culture there".

Aside from the incorrect observation about how the NSA treats the Constitution, the book does an excellent job of integrating both the history of cryptography and the mathematical element. For those that aren't interested in to the mathematics, there is plenty of narrative in the book to keep them reading.

For those looking for a comprehensive and decipherable text on the history of cryptography, this is one of the best on the topic in many years.

Kahn's book laid the groundwork that made a book like this possible and Secret History: The Story of Cryptology is a worthy follow-up to that legendary text.

Reviewed by Ben Rothke

cartechboy writes "Ahh Twitter. Sometimes when you combine lightning fast information distribution and humans, minor (or not-so-minor) chaos can ensue. Yesterday, the Israeli military tweeted a commemoration of the 40th anniversary of the Yom Kippur war, which took place in 1973. But the tweet referenced the bombing of Syrian airports by Soviets, and oil traders, already an antsy group, assumed the tweet referred to an attack occurring that very moment. As you can imagine, this had some impact. Within an hour, the global price of oil jumped more than $1, from $110.40 to $111.50 as trading volumes soared. In the end, the traders missed a few things that would identify the tweet as historical vs imminent: Yom Kippur was weeks ago, the Soviet Union is no more, and most important, #checkthehashtag."

msm1267 writes "Metasploit's HD Moore says hackers sent a spoofed DNS change request via fax to Register.com that the registrar accepted, leading to a DNS hijacking attack against the Metasploit and Rapid7 websites. The two respective homepages were defaced with a message left by the same hacker collective that claimed responsibility for a similar DNS attack against Network Solutions. Rapid7 said the two sites' DNS records have been locked down and they are investigating."

jest3r writes "Lavabit won a victory in court and were able to get the secret court order [which led to the site's closure] unsealed. The ACLU's Chris Soghoian called it the nuclear option: The court order revealed the FBI demanded Lavabit turn over their root SSL certificate, something that would allow them to monitor the traffic of every user of the service. Lavabit offered an alternative method to tap into the single user in question but the FBI wasn't interested. Lavabit could either comply or shut down. As such, no U.S. company that relies on SSL encryption can be trusted with sensitive data. Everything from Google to Facebook to Skype to your bank account is only encrypted by SSL keys, and if the FBI can force Lavabit to hand over their SSL key or face shutdown, they can do it to anyone."

Hugh Pickens DOT Com writes "CNET reports that Grand Theft Auto Online, the biggest entertainment release of the year with more than $1 billion in annual sales, is having some trouble getting the gamers online. The title, which launched on game consoles Tuesday morning, is experiencing server issues that have locked out some gamers and made it difficult for those who have gotten in to play the game. Fifteen million people purchased the game when it was released last week — and any number of them could play online when that 'perk' becomes available on October 1. 'At a conservative estimate I would expect about two million players to log on to GTA Online within the first 24 hours,' says Keza MacDonald, UK games editor for IGN.com, the video game and entertainment site. 'Rockstar has never done an online game of this scale before, so they are totally unproven in terms of their network infrastructure.' Rockstar, the game's creator, said that it was doing all it could to buy and access servers to accommodate what was expected to be massive demand for its online title. Meanwhile Twitter is abuzz with complaints from gamers who say they can't get into the service."

guttentag writes "The author of The Hunt for Red October and many military and espionage novels which inspired a number of movies video games died last night in a Baltimore Hospital. The news was first reported by Publishers Weekly's Twitter account this morning and confirmed by New York Times Book Reporter Julie Bosman's Twitter account."

guttentag writes "The author of The Hunt for Red October and many military and espionage novels which inspired a number of movies video games died last night in a Baltimore Hospital. The news was first reported by Publishers Weekly's Twitter account this morning and confirmed by New York Times Book Reporter Julie Bosman's Twitter account."

benrothke writes "Of the books that author Pete Loshin has written in the past, a number of them are completely comprised of public domain information that he gathered. Titles such as Big book of Border Gateway Protocol (BGP) RFCs, Big Book of IPsec RFCs, Big Book of Lightweight Directory Access Protocol (LDAP) RFCs, and others, are simply bound copies of publicly available information. In two of his latest books, Practical Anonymity: Hiding in Plain Sight Online and Simple Steps to Data Encryption: A Practical Guide to Secure Computing, Loshin doesn't do the wholesale cut and paste like he did from the RFC books, but on the other side, doesn't offer much added information than the reader can get online." Read below for the rest of Ben's review. Simple Steps to Data Encryption: A Practical Guide to Secure Computing/ Practical Anonymity: Hiding in Plain Sight Online author Pete Loshin pages 86/ 128 publisher Syngress rating 1/10 reviewer Ben Rothke ISBN 978-0124114838/ 978-0124104044 summary Avoid these books. Use the free and better online documentation references The software tools detailed in the books are open source tools; and the open source community has done a fantastic job of not only making the software free, but creating documentation that is also free and rivals commercial technical guides.

Practical Anonymity is basically an overview of the basics of Tor. The truth is that all that it takes to use Tor is to download it and then click on Start Tor Browser. For those that want to read the manuals, the Tor documentation repository has detailed information that includes everything a user needs to know about using the product. The Tor site has numerous manuals, FAQ's and more. There is likely enough information there for about 98% of Tor and potential Tor users.

At 130 pages, the book is useful for those that want a hard copy to read on a bus or plane and for whatever reason, don't want to print out the references from the Tor site. Loshin does a decent job of presenting the topic, including why Tor is important, and who it could most benefit.

Tor was first released in 2002. But since it became known that the NSA was viewing data, Tor usage has doubled, as detailed in a recent Washington Post article.

One of the main drawbacks of Tor, as the book notes in chapter 2 (and also detailed in the Tor FAQ) is that Tor is slow; really slow. The FAQ notes that here are many reasons why the Tor network is currently slow. It is first off important to know that Tor is never going to be extremely fast. All Tor traffic is bouncing through volunteers computers in various parts of the world, and bottlenecks and network latency will always be present. The current Tor network is small compared to the number of people trying to use it, and Tor cant always handle file-sharing traffic load.

The book also spends a large amount of space detailing Tails, which is a Linux distro that can booted as a CD or on a USB. The benefit of Tails is that no trace of it will be left on the host it was run off of.

Like Tor, the Tails documentation repository has a large set of documents and FAQs covering all areas of the product. For those on a budget, this site has everything that they need to know about using Tails.

Practical Anonymity: Hiding in Plain Sight Online is a decent start for those who want to be more anonymous. It is far from a comprehensive guide, as using Tor is just the beginning to start being anonymous, but far from the only resource or method.

In Simple Steps to Data Encryption: A Practical Guide to Secure Computing, Loshin attempts to provide an overview of why you need encryption, and how to use it. The book barely succeeds at doing that, but there are certainly other titles that do it either more articulately or at least without charging for it. In addition, the book seems like it was rushed to print, and could have used a better technical editor.

In fact, the book starts with an overview of how to use GnuPG (Gnu Privacy Guard). And like Tor, there are numerous free references at the GnuPG documentation site that provide many useful references.

At $60 for the pair, the books provide little added value to the free online documentation. For those that want a bound hard copy of a book, these two titles may suit them. For other who want to save trees and their money, and get the same and improved information direct from the source, the respective documentation sites are but a click away.

Reviewed by Ben Rothke

You can purchase Simple Steps to Data Encryption: A Practical Guide to Secure Computing and Practical Anonymity: Hiding in Plain Sight Online from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "In the process of standardizing the SHA-3 competition winning algorithm Keccak, the National Institute of Standards and Technology (NIST) may have lowered the bar for attacks, which might be useful for or even initiated by NSA. 'NIST is proposing a huge reduction in the internal strength of Keccak below what went into final SHA-3 comp,' writes cryptographer Marsh Ray on Twitter. In August, John Kelsey, working at NIST, described (slides 44-48) the changes to the algorithm, including reduction of the bit length from 224, 256, 384 and 512-bit modes down to 128 and 256-bit modes."

wiredmikey writes "Twitter on Wednesday launched a system for emergency alerts which can help spread critical information when other lines of communication are down. Twitter Alerts are designed to help communicate in natural disasters or other emergencies when traditional channels may be overloaded or unavailable. 'We know from our users how important it is to be able to receive reliable information during these times,' Twitter product manager Gaby Pena said in a blog post. Users who sign up to receive an account's Twitter Alerts will receive a notification directly to their phone for tweets marked as alerts from certain senders. Some of those able to send alerts include the American Red Cross, Federal Emergency Management Agency, World Health Organization, and government and non-government agencies in Japan and South Korea."

Seemingly to inflict more suffering upon himself, Matthew Garrett (lord of getting things to boot using EFI) decided that booting directly into Zork would be cool. Quoting his weblog entry: "So, Frotz seemed like the natural choice when this happened. But despite having a set of functionality that makes it look much more like an OS than a boot environment, UEFI doesn't actually expose a standard C library. The EFI Application Development Kit solves this particular design decision. Porting Frotz ended up involving far more fixing up of Frotz bugs that tripped up -Werror than anything else. One note, though - make sure you include DevShell in the list of required packages at build time, otherwise file i/o will mysteriously fail." Grab the code, assuming you have a copy of Zork (or any other Z-machine game, as long as you name it ZORK1.DAT, I think).

judgecorp writes "There's more than $13,000 pledged for a crowdfunded bounty for bypassing an iPhone 5S's fingerprint reader. The bounty, set up by a security expert and an exploit reseller, requires entrants to lift prints 'like from a beer mug.' It has a website — IsTouchIDHackedYet — and payments are pledged by tweets using #IsTouchIDHackedYet. One drawback: the scheme appears to rely on trust that sponsors will actually pay up." Other prizes include whiskey, books, and a bottle of wine.

Barence writes "The wild man of antivirus software, John McAfee, has been forced to deny reports of his own death. Internet reports circulating last night claimed the hard-living security software entrepreneur had died after one too many drink and drugs sessions. However, McAfee has taken to his Twitter account in the past few hours to assure everyone that he's still alive, and hasn't mislaid his sense of humour.'"I felt great when I went to bed last night. I had such great plans,' tweeted McAfee, alongside a link to a report — now hastily withdrawn — that claimed he had died from an overdose."

benrothke writes "It has been about 8 years since my friend Richard Bejtlich's (note, that was a full disclosure 'my friend') last book Extrusion Detection: Security Monitoring for Internal Intrusions came out. That and his other 2 books were heavy on technical analysis and real-word solutions. Some titles only start to cover ground after about 80 pages of introduction. With this highly informative and actionable book, you are already reviewing tcpdump output at page 16. In The Practice of Network Security Monitoring: Understanding Incident Detection and Response, Bejtlich takes the approach that your network will be attacked and breached. He observes that a critical part of your security posture must be that of network security monitoring (NSM), which is the collection and analysis of data to help you detect and respond to intrusions." Read below for the rest of Ben's review. The Practice of Network Security Monitoring: Understanding Incident Detection and Response author Richard Bejtlich pages 376 publisher No Starch Press rating 9/10 reviewer Ben Rothke ISBN 978-1593275099 summary Definitive guide to the new world of Network Security Monitoring (NSM) In this book, Bejtlich details how to design a NSM program from the initiation state. Being a big open source proponent, the book lists no proprietary tools and myriad open source solutions. The book is designed for system and security administrators, CIRT managers and analysts with a strong background in understanding threats, vulnerabilities and security log interpretation.

The book is about the inevitable, that attackers will get inside your network. While it's foreseeable they will get in, it's not inevitable that you have to be caught off-guard. For those who are serious about securing their network, this is an invaluable book that provides a unique and very workable model to create a fully-functioning NSM infrastructure.

The book is a hands-on guide to installing and configuring NSM tools. The reader who is comfortable using tools such as Wireshark, Nmap and the like will be quite at home here.

This is a book about how not to be surprised and its 13 chapters detail how to create and manage a NSM program, what to look for, and details myriad tools to use in the process.

The focus of the book is not on the planning and defense phases of the security cycle, hopefully, that is already in place in your organization, rather on the actions to take when handling systems that are already compromised or that are on the verge of being compromised, as detailed in the preface.

In chapter 1, the book details the difference between continuous monitoring(CM) and NSM; since their terms are similar and many people confuse the two. CM is big in the federal computing space and NIST provides an overview and definition of it here. The book notes that CM has almost nothing to do with NSM or even with trying to detect and respond to intrusions. NSM is threat-centric, meaning adversaries are the discussion of the NSM operation; while CM is vulnerability-centric; focusing on configuration and software weaknesses.

Also in chapter 1, Bejtlich asks the important question: is NSM legal? He writes that there is no easy answer to that questions and anyone using or deploying an NSM solution should first consult with their legal counsel; in order not to potentially violate the US Wiretap Act and other laws and regulations. This is especially true for those who are in European Union (EU) countries, as the EU places a high threshold on information security teams who want to monitor network traffic. Something as simple as running Wireshark on a corporate network in the US, would require court approval if done on an EU-based network.

One of the main NSM tools the book references and details is Security Onion (SO). SO is a Linux distro for IDS and NSM. Its based on Ubuntu and the distro contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner and many other useful security tools.

The book details and explains how use these tools in an NSM environment. An important point Bejtlich makes in chapter 9 regarding the tools, is that analysts need tools to find intruders. But methodology is more important than just software tools. Tools collect and interpret data, but methodology provides the conceptual model. He explains that CIRT analysts must understand how to use tools to achieve a particular goal, but it is imperative and important to start with a good operational model first, and then select tools to provide data supporting that model.

The book has a short discussion of how cloud computing effects NSM. In a nutshell, the cloud throws a monkey wrench into an NSM effort. For example, it is generally not an option for SaaS offerings since customers are limited to the back-end logs.

The book closes with the observation that NSM is not just about all the tools that the author spent over 300 pages discussing, rather it is more about the workflows, metrics and collaboration. Unfortunately, this title does not detail the necessary workflows for a NSM and it is hoped that the follow-up to this book will.

The only negative in the book is that as CSO of Mandiant, Bejtlich references his firm's products, mainly their MIR appliance for a CIRT. In the spirit of objectivity and not trying to have the book come across as marketing PR, if an author is going to mention a product their firm sells, they should also mention alternative solutions.

For those looking for a comprehensive guide on the topic of NSM, written by one of the experts in the field, The Practice of Network Security Monitoring: Understanding Incident Detection and Responseis an excellent reference that is certain to make the reader a better information security practitioner, and their network more secure.

Reviewed by Ben Rothke.

You can purchase The Practice of Network Security Monitoring: Understanding Incident Detection & Response from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

rjmarvin writes "The Internet mogul and founder of the infamous file sharing and storage service confirmed he has stepped down as director to fight his U.S. extradition case, develop Megabox — his revolutionary music platform — oh, and to start his own political party and run for office in New Zealand's elections next year. What about the cutting-edge encrypted email service he promised? Well that's Chief Executive Vikram Kumar and new Director Bonnie Lam's problem now. Dotcom will have his hands full trying to 'get New Zealanders a new submarine cable, fair Internet pricing & no more data caps...'"

Kelly Beatty has a unique perspective on the world of astronomy: Beatty's been on the staff of Sky & Telescope magazine for nearly 40 years as a writer and editor, including a stint heading "Night Sky" magazine. He's also written what's been called "the definitive guide for the armchair astronomer," and teaches astronomy to people of all ages. (He even has an asteroid named after him.) Besides being fascinated with the objects we can see in Earth's skies, Beatty takes the skies themselves seriously: his Twitter handle is NightSkyGuy for a reason. We talked a few weeks ago, in dark-skied rural Maine, about his involvement with the International Dark-Sky Association, and why you should care about ubiquitous light pollution, even if you don't have a deep interest in star-gazing. (And it's not just to be courteous to your neighbors.)

An anonymous reader writes "The X.Org Foundation, which drives the X.Org Server projects, Mesa, and Wayland open-source programs, had its tax-exempt status revoked by the IRS. It turns out the X.Org Foundation had put in quite a lot of work to become a non-profit organization, with guidance from the Software Freedom Law Center. They got in trouble after failing to routinely file their taxes on time. There's also been a host of other X.Org accounting errors in recent years. There was also the recent news of the IRS going after open-source projects, too."

benrothke writes "Little did anyone know that when the first Hacking Exposed book came out over 15 years ago, that it would launch a set of sequels on topics from Windows, Linux, web development, to virtualization and cloud computing, and much more. In 2013, the newest edition is Hacking Exposed Mobile Security Secrets & Solutions. In this edition, authors Neil Bergman, Mike Stanfield, Jason Rouse & Joel Scambray provide an extremely detailed overview of the security and privacy issues around mobile devices. The authors have heaps of experience in the topics and bring that to every chapter." Read below for the rest of Ben's review. Hacking Exposed Mobile Security Secrets & Solutions author Neil Bergman, Mike Stanfield, Jason Rouse & Joel Scambray pages 320 publisher McGraw-Hill Osborne Media rating 9/10 reviewer Ben Rothke ISBN 978-0071817011 summary Excellent resource to understand current mobile security threats The power of mobile devices can be understood by the fact that this book came out in July 2013, and just last week, Steve Ballmer announced that he will step down as Microsoft CEO. While mobile has spelled the doom to Ballmer's career and Microsoft's bottom line, mobile has the Apple brand relevant again, and extremely dominant. More of a concern is that mobile is the new avenue of security attacks for a new generation of attackers.

The book provides a great overview of the new threats created by mobile devices. Like the other books in the series, it provides an overview of the issues, shows how attackers will use vulnerabilities to compromise and exploit mobile devices, in addition to showing you how to secure your mobile devices and enterprise mobile platforms against these threats.

One of difference between this book and other Hacking Exposed titles, especially the Windows editions, is that this has a dearth of script kiddie tools. This is due to the fact that such tools don't exist so much for the mobile platforms.

The 9 chapters in the book provide a comprehensive and meticulous synopsis of all of the core areas around security and privacy concerns about mobile computing.

The first two chapters provide a thorough analysis of the mobile risk ecosystem and how the cellular networks operate.

One of the major risks detailed in chapter 1 is that of physical risks. When data resides in physical data centers, a company can have some semblance of assurance of security given the data has multiple layers of physical controls in an enterprise data center or colocation. The authors note that physical access to mobile devices is difficult to defend against for very long, and the entire phenomenon of rooting and jailbreaking certainly proves this.

They also write that they have yet to find a mobile application that they could not defeat when given physical access, including defeating the mobile device management software.

The book astutely notes that if your mobile risk model assumes that information can be securely stored indefinitely on a physical mobile device, then you are starting with a false assumption. The entire book is based on the assumption of an attacker gaining control of the mobile device. To compensate for that, the book provides the requisite countermeasures.

Another bit of sagacious advice in the book is ensuring your developers, and those you outsource your development to, understand the specific risks and vulnerabilities around mobile apps. It is crucial that all programmers developing mobile apps be sufficiently trained in how to write secure mobile apps.

Chapter 3 details iOS, the Apple mobile operating system. An interesting part of the chapter is on how to jailbreak Apple devices. But the authors also note that there are pros and cons to jailbreaking. The main negative is that you expose yourself to a variety of attack vectors that could lead to a complete compromise of the device. A non-jailbroken device obviates that in most cases given the security controls in place.

The book also sheds light on the fact that even those iOS is a closed system with less threat vectors, it is still far from perfect. The Apple App Store, even with its security controls, is far from impervious to attack. The chapter tells the story of a few malicious apps that slipped past security reviews and found themselves on the Apple App Store. While these malicious apps were later removed, they will there long enough to cause damage.

While the book provides ample evidence of the risk and vulnerabilities around mobile devices, it is rich in appropriate countermeasures and methods to compensate for these. The chapters on iOS and Android provide myriad ways in which to secure the devices. Chapter 8 on mobile development security details a framework in which to secure mobile devices. This framework includes requirements from secure communications, effective authentication, preventing information leakage, to platform controls and more.

Appendix A contains a checklist of options that end-users can use to ensure the security of their private data and sensitive information stored on their mobile devices.

Appendix B is a mobile application penetration testing toolkit for performing security assessment of mobile technologies.

The press is full of stories of how the demise of Microsoft is directly related to their misreading the mobile market. The public has responded to buying mobile devices in the billions, and attackers who not so long ago wrote exploits for Windows, are now putting their efforts into iOS and Android. The message is clear, mobile apps need to be written with security in mind and the mobile devices need to be secured.

For those looking for an understanding of current mobile security threats and how to counter them, Hacking Exposed Mobile Security Secrets & Solutions is a uniquely good book.

Reviewed by Ben Rothke

You can purchase Hacking Exposed Mobile Security Secrets & Solutions from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Hugh Pickens DOT Com writes "Ryan Vogt writes in the Mercury News that Shakespeare described death as 'the undiscovere'd country, from whose bourn no traveller returns.' Did you know there is a the miraculous way to resuscitate tabs sent to the 'undiscovere'd country,' a sort of Ctrl-Z for the entire Internet, that means 'no more called-out cusswords, no more wishing the back button had you covered when, aiming to click on a tab, you accidentally hit the little X on the tab's starboard.' For Macs: Command [plus] shift [plus] t reopens the last tab. For PCs: Ctrl [plus] Shift [plus] T. 'Try it right now. Close this tab and bring it back. I dare ya.' Melia Robinson's trick [described for Chrome] works in Firefox and Internet Explorer, too, so clumsy mousing won't send the the E*Trade tab you mistakenly closed all cued up to sell those 10,000 shares of stock or your long political post on your uncle's Facebook page on a one-way trip to the undiscovere'd country in those browsers, either." No guarantees on the stock trading.

New submitter Lemeowski writes "Critics have been pounding GitHub recently, claiming it is hosting tons of code with no explicit software license. The debate was thrust into the limelight last year when James Governor of RedMonk issued an acclaimed tweet about young developers being 'about POSS — post open source software,' meaning they disliked or avoided licensing and governance. Red Hat's IP attorney Richard Fontana explores the complaint saying there is a positive aspect of the POSS and GitHub phenomenon: Developers are, for the first time in the history of free software, helping inform each other about licensing and aiding in the selection process. The result is that it's becoming easier to suggest legal improvements to GitHub-hosted repositories."

benrothke writes "Diet books are literally a dime a dozen. They generally benefit only the author, publisher and Amazon, leaving the reader frustrated and bloated. With a failure rate of over 99%, diet books are the epitome of a sucker born every minute. One of the few diet books that can offer change you can believe in is The Healthy Programmer: Get Fit, Feel Better, and Keep Coding. Author Joe Kutner observes that nearly every popular diet fails and the reason is that they are based on the premise of a quick fix without focusing on the long-term core issues. It is inevitable that these diets will fail and the dieters at heart know that. It is simply that they are taking the wrong approach. This book is about the right approach; namely a slow one. With all of the failed diet books, Kutner is one of the few that has gotten it right." Keep reading for the rest of Ben's review. The Healthy Programmer: Get Fit, Feel Better, and Keep Coding author Joe Kutner pages 220 publisher Pragmatic Bookshelf rating 9/10 reviewer Ben Rothke ISBN 978-1937785314 summary A diet and lifestyle guide that works for all, not just for programmers. While the title of the book says it's for programmers, it is germane to anyone whose job requires them to be at a desk for extended amounts of time.

Kutner is himself a programmer who builds Ruby and Rails applications, and a former college athlete and Army Reserve physical fitness trainer.

The book focuses on two areas that require change: regular exercise and proper nutrition; and it details the steps necessary to create a balanced lifestyle.

While popular diet books require rapid and major lifestyle changes and promise quick weight-loss, the book notes that small changes to your habits can provide the long-term effects that can improve your health. The book focuses on incremental changes and sustainability, not about losing x pounds in x weeks.

The book is different (read: effective) as opposed to other diet and lifestyle books, in that its goal is to make your healthy lifestyle pragmatic, attainable, and fun. It is only with those aspects that long-term change be possible.

As to programmers, Kutner writes that programming requires intense concentration that often causes them to neglect other aspects of their lives; the most common of which is their health. People's bodies have not evolved to accommodate a lifestyle of sitting and there are many negative health effects from it.

The book takes a start small approach, rather than one of drastic changes. In chapter 2, it notes the myriad benefits of walking. It states that walking is a powerful activity that can stimulate creative thinking (a required trait for a good programmer) and is a great way to bootstrap your health. The chapter details the ways in which a few short walks during the day can have a dramatic positive effect on your life.

Chapter 3 is about the dangers of chairs and sitting for long periods of time. It details a number of ways to counter the dangers of sitting. It also notes that while sometimes you simply can't get away from your chair, and when that happens, you can make sitting less dangerous by forcing your muscles to contract without even getting up. It then details a number of different calisthenics to use to do this.

Chapter 4 – Agile Dieting — is perhaps the best part of the book. It details how to fight the real causes of weight gain and details proven solutions that work. That chapter repeatedly uses terms like iterative, sustainable, slow to show what it really takes to lose weight and achieve a healthy lifestyle.

Kutner notes that most of the popular fad diets are idiosyncratic and unbalanced. They will provide short-term benefits, but ultimately fail miserably. The chapter quotes research data on what needs to be in a balanced diet. It then notes that almost every fad diet violates those needs. Nutrition needs to be rounded and well-balanced and the fad diets for that reason will only work in the short term.

This book is everything the fad diet books are not and this is most manifest in chapter 4 where Kutner writes one should cut calories slowly. This is based on research which shows that quick drastic weight loss is counterproductive. While the fad diets talk about drastic caloric changes, Kutner suggests dropping your intake slower, about 100 calories every two weeks until you get you your targeted caloric intake level.

While much of the book is on fitness and nutrition, it takes a complete body approach. Chapter 5 details the importance of eye health. This is an important topic since the average programmer spends much of their week behind a monitor.

Kutner writes about computer vision syndrome (CVS); an eye condition resulting from focusing the eyes on a monitor for extended amounts of time. Symptoms of CVS include headaches, blurred vision, neck pain, redness in the eyes, fatigue, eye strain, dry eyes, irritated eyes, double vision, vertigo/dizziness, polyopia, and difficulty refocusing the eyes. The book also details methods in which to minimize the effects of CVS, and how not to become a victim of it. Kutner writes that CVS is what most programmers refer to as life. But it does not have to be that way.

The rest of the book covers other physical ailments that plague programmers. This runs the gamut from headaches, backaches, wrist problem, carpel tunnel, head strain and much more. Most of these problems can be obviated if one follows proper ergonomics practices and employs some of the physical conditioning detailed in the book.

Another theme of the book is using goals as an impetus for change. The book lists 16 goals which can be used as a progressive framework to improve your health. These goals include buying a pedometer, finding your resting heart rate, getting a negative result on Reverse Phalens test and other lifestyle changes.

Given the preponderance of obesity, diabetes and other maladies associated with a sedentary lifestyle, this may be one of the most important non-programming books that every developer should read and take to heart.

The book has hundreds of bits of excellent advice and subtle lifestyle suggestions that over time can make a significant difference to your health.

The author has a web site and an iPhone app that can be referenced for additional help. The book is full of sage and pragmatic advice. It has no celebrity endorsement, no gimmicks or false claims; meaning it has a high chance of working.

The book concludes with the observation that programmers often say the hardest part of software development begins when a product is released. The real work, maintenance, continues on, much like your health. You must sustain a stat of wellness for the rest of your life, and you need to continue setting goals, iterating and making small improvements.

For many programmers, they love their job but not the lifestyle problems that come with it. For the programmer that wants the challenges of the professional and the benefits of a healthy lifestyle, The Healthy Programmer: Get Fit, Feel Better, and Keep Coding, may be a life changing book, and should find its rightful place on every programmer's desk.

Reviewed by Ben Rothke.

You can purchase The Healthy Programmer: Get Fit, Feel Better, and Keep Coding from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Nerval's Lobster writes "Microsoft plans to raise the price of the Datacenter edition of the upcoming R2 release of Windows Server 2012 by 28 percent, adding to what analysts call a record number of price increases for enterprise software products from Redmond. According to licensing data sheets available for download from the Windows Server 2012 R2 Website (PDF), the price of a single license of Windows Server 2012 R2 Datacenter will be $6,155, compared to $4,809 today—plus the cost of a Client Access Licenses for every user or device connecting to the server. News of the increase was posted yesterday by datacenter virtualization and security specialist Aidan Finn, a six-time Microsoft MVP who works for Dublin-based value added reseller MicroWarehouse Ltd. and has done work for clients including Amdahl, Fujitsu and Barclays. The increase caps off a year filled with a record number of price increases for Microsoft enterprise software, according to a Tweet yesterday from Microsoft software licensing analyst Paul DeGroot of Pica Communications."

Guspaz writes "In a surprising move that in retrospect makes a lot of sense, Oculus VR has announced that John Carmack will be joining the company full-time as CTO. Carmack also tweeted that his time division would be 'Oculus over Id over Armadillo. Busy busy busy!'" From the press release, quoting John Carmack: "I have fond memories of the development work that led to a lot of great things in modern gaming — the intensity of the first person experience, LAN and internet play, game mods, and so on. Duct taping a strap and hot gluing sensors onto Palmer's early prototype Rift and writing the code to drive it ranks right up there. Now is a special time. I believe that VR will have a huge impact in the coming years, but everyone working today is a pioneer. The paradigms that everyone will take for granted in the future are being figured out today; probably by people reading this message. It's certainly not there yet. There is a lot more work to do, and there are problems we don't even know about that will need to be solved, but I am eager to work on them. It's going to be awesome!"

Dawn Kawamoto writes "You should never do anything just for the money, but Twitter has 88 engineering jobs up for grabs and the company is apparently showing signs it may be moving closer to launching an IPO. If you find a Twitter job that works for you, better to get hired now when the cost to exercise your stock options will likely be far less than what you'll pay if hired after the company is public."

New submitter kc9jud writes "The BBC is reporting that NSA whistleblower Edward Snowden has been granted temporary asylum in Russia. According to his lawyer, Snowden has received the necessary papers to leave the transit zone at Sheremetyevo Airport in Moscow, and the airport press office is reporting that Snowden left the airport at 14:00 local time (10:00 GMT). A tweet from Wikileaks indicates that Snowden has been granted temporary asylum and may stay in the Russian Federation for up to one year." Reader Cenan adds links to coverage at CNN, and other readers have pointed out versions of the story at Reuters and CBS.

achowe writes "The 22nd International Obfuscated C Code Contest opens 2013-Aug-01 03:14:15 UTC through to 2013-Oct-03 09:26:53 UTC. The rules have been updated, in particular Rule 2 (size rule) has changed. The draft rules and guidelines are available online. In addition there is now an IOCCC Size Rule Tool to aid with counting the secondary size rule. Questions and comments for the Judges can be emailed to q.2013@ioccc.org and must include 'IOCCC 2013' in the subject. Or contact them via Twitter @IOCCC." Anyone planning on entering?

benrothke writes "SlideShareis a free web 2.0 based slide hosting service where users can upload presentation-based files. Launched in October 2006, it's considered to be similar to YouTube, but for slideshows. It was originally meant to be used for businesses to share slides among employees more easily, but it has since expanded to also become a host of a large number of slides which are uploaded merely to entertain. SlideShare gets an estimated 58 million unique visitors a month and has about 16 million registered users. With such a strong user base, authors Kit Seeborg and Andrea Meyer write in Present Yourself: Using SlideShare to Grow Your Business how SlideShare users can use the site (including other similar collaborative sites such as Prezi and Scribd) to present their story to a worldwide audience. Given that visual presentations are the new language of business, understanding how to maximize their potential can be a valuable asset for the entrepreneur, job seeker and everyone in between." Read below for the rest of Ben's review. Present Yourself - Using SlideShare to Grow Your Business author Kit Seeborg and Andrea Meye pages 224 publisher OReilly Media rating 9/10 reviewer Ben Rothke ISBN 978-1-4493-4236-4 summary Great resource for maximizing the use of SlideShare and your online presentation presence The truth is a book on SlideShare alone would need no more than 15 pages (20 pages if you include the Pro edition). How difficult is it to upload a PowerPoint? As an aside, there is a huge market for publishing freely available content. Check out Emereo Publisherson Amazon. They have mastered the art of taking free Wikipedia content and charging for it. Enough digression – in this valuable book – the authors show not only how to use the product, but how to maximize its use.

Throughout the book, the authors quote liberally from science and research on the power of visualization. With that lies the inherent power of SlideShare, as humans like images and think more efficiently when they use them. The authors quote a study which shows that when carrying out routine office tasks, if the data is displayed more visually (such as through visual maps), individuals are 17% more productive and need to use 20% fewer mental resources. As to the saying that a picture is worth a thousand words; the authors show that it has a basis in biological fact.

The book is worth it just for the sage advice in the quote at the beginning of chapter 3 where Nancy Duarte, author of slide:ology: The Art and Science of Creating Great Presentations states about presentations, that "they didn't come to your presentation to see you. They came to find out what you can do for them. Success means giving them a reason for taking their time, providing content that resonates, and ensures it's clear what they are to do". Using Duarte's call to arms with the guidance in the book can hopefully start a meaningful change in how data is presented.

As to the presentation itself, the book notes that the presenter of today has a huge challenge in keeping the audience engaged. Anyone who has presently recently knows that many, often a majority of the audience will be distracted by their smartphones, Twitter, Facebook, Angry Birds and more. With that, presenters must put in extra effort to compete for the mindshare of a distracted audience. The book shows you how to overcome such obstacles and suggests that one way to win more audience attention is to include engaging visual slides with your presentation and show them intermittently instead of in parallel with your talk.

Throughout the book, it is clear that the authors are passionate about the topic and it lists many resources and uses to make presentation much more effective. The book has numerous real-world examples of such users. One is Adam Tratt of Haiku Deck; a free presentation app for the iPad that makes presentations simple, beautiful, and fun.

Another example is that of Jeremiah Owyang of the Altimeter Group, a research and advisory firm whose reports consistently rank in the top 100 most viewed documents on SlideShare. The amazing thing about their research, which competing firms charge thousands of dollars for, is that it is all free on SlideShare. The example also shows how they use SlideShare Pro for the secure creation of the reports. They view this model of open research as a core asset that has served the firm well, establishing its credibility and reputation as a trusted resource

While the book has business in its title, it still has significant relevance for end-users, specifically in chapter 7. There it details how you can use SlideShare to further your career and find a job. This is crucial regardless of your profession and industry, in that while the traditional resume is still alive and well, the ability to place your experience on-line opens up new horizons. A full professional presence requires both a paper resume and an online presence.

The chapter notes that a comprehensive online presence, especially with a compete profile on LinkedIn, is forty times more likely to receive job opportunities. The authors note that even if a person is not a presenter, there are things they can do on SlideShare to highlight themselves; including a presentation that serves as a visual resume of their career, a portfolio presentation that displays their creative work and more. Even for those who are not speakers, the authors recommend that the serious job searcher consider public speaking as part of their career strategy,

For those that want to take a look, the first chapter of the book is available here. Not surprisingly, it is on SlideShare.

For those that want to learn everything about SlideShare, from the mundane of adding a SlideShare widget to your website, sharing your presentation across social platforms, sharing your content, collaboration, finding a more rewarding job and much more, Present Yourself: Using SlideShare to Grow Your Business is a great resource.

Reviewed by Ben Rothke

You can purchase Present Yourself - Using SlideShare to Grow Your Business from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "Long time /. member maynard has written one of the most obsessively detailed and extensive analyses of Stanley Kubrick's classic 2001: A Space Odyssey seen in some time. At more than 22,000 words, it contains still images, film clips, musical score selections and copious references, including by Piers Bizony, author of Filming the Future, Nietzsche, Foucault, Freud, and film theorists like Bazin, Kracauer and Zizek. It's already gained some notoriety, having been retweeted by Nicholas Jackson, former editor of the Atlantic Monthly and Slate. Anyone who loves the film or SF in general should find this an amazing read!" I don't know whether it can topple my all-time favorite analysis of 2001, Leonard F. Wheat's Kubrick's 2001: A Triple Allegory .

v3rgEz writes "After the ACLU's Christopher Soghoian highlighted NSA programs listed on LinkedIn, Jason Gulledge filed a request for details about the program — and turned up lucky. The NSA released 7 pages of database descriptions of its ANCHORY program, an open-source intelligence data gathering effort. The NSA's FOIA office said it would pony up more, but only if Gulledge could prove he was requesting the documents as part of a news gathering effort or if he would agree to pay associated fees."

theodp writes " The lack of education in computer science is an example of an area of particularly acute concern,' Microsoft General Counsel Brad Smith told Congress (PDF) as he sold lawmakers on the need to improve 'America's access to high skilled foreign talent'. Smith added that Microsoft also wants to 'help American students and workers gain the skills needed for the jobs that will fuel the innovation economy.' Towards that end, Microsoft will award $100,000 worth of donations to five technology education nonprofits 'who teach programming and provide technical resources to those who might not otherwise get the chance.' So, how will Microsoft determine who's most worthy? With a popularity contest, of course! At the end of October, the top five vote-getting nonprofits — only Windows AzureDev Community members are eligible to vote — will split the Microsoft Money. By the way, currently in second place but trying harder is Code.org, the seemingly dual-missioned organization advised by Microsoft's Smith which has reached out to its 140,000 Facebook fans, and 17,000 Twitter followers in its quest for the $50,000 first prize."

theodp writes " The lack of education in computer science is an example of an area of particularly acute concern,' Microsoft General Counsel Brad Smith told Congress (PDF) as he sold lawmakers on the need to improve 'America's access to high skilled foreign talent'. Smith added that Microsoft also wants to 'help American students and workers gain the skills needed for the jobs that will fuel the innovation economy.' Towards that end, Microsoft will award $100,000 worth of donations to five technology education nonprofits 'who teach programming and provide technical resources to those who might not otherwise get the chance.' So, how will Microsoft determine who's most worthy? With a popularity contest, of course! At the end of October, the top five vote-getting nonprofits — only Windows AzureDev Community members are eligible to vote — will split the Microsoft Money. By the way, currently in second place but trying harder is Code.org, the seemingly dual-missioned organization advised by Microsoft's Smith which has reached out to its 140,000 Facebook fans, and 17,000 Twitter followers in its quest for the $50,000 first prize."

benrothke writes "Every organization has external software, hardware and 3rd-party vendors they have to deal with. In many cases, these vendors will have direct access to the corporate networks, confidential and proprietary data and more. Often the software and hardware solutions are critical to the infrastructure and security of the organization. If the vendors don't have effective information security and privacy controls in place, your data is at risk. In addition, when selecting a product to secure your organization, how do you ensure that you are selecting the correct product? All of this is critical in the event of a breach. When the lawyers start circling, they will be serving subpoenas to your company, not your 3rd-party vendors." Keep reading for Ben's review. Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors author Josh More pages 94 publisher Syngress rating 8/10 reviewer Ben Rothke ISBN 978-0124096073 summary Good intro to use to start a vendor assessment program With that, Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendorsis a valuable resource for those looking for a basic introduction on of how to understand the risks involved when sharing data with 3rd-parties, in addition to selecting the appropriate products for your organization.

Many large organizations have formal programs and processes to evaluate the vendors they interact with, in addition to software and hardware procurement. For those that don't, this 80 page reference is a good place to start.

The book shows you how to find the right balance between performing a superficial assessment and one that is way too deep.

While the book has a healthy dose of checklists, it is not about simply filling out the checklists and adding up the totals. Author Josh More writes that robust information assurance processes and regulations aside; successful vendor management involves a wide range of skills; from technical assessment to business communications, to negotiation and much more.

An effective aspect of the book is that it has many questions that you should ask the vendor as part of the assessment process. Too many organizations simply take the vendors word, without performing effective due diligence. Rarely will one find a company where too many questions were asked to the vendor.

Given that the book is only 80 pages, More writes that it focuses mainly on the initial assessment process, with a goal to select a vendor to solve a specific problem that your organization is experiencing, improving an existing process or adding new capabilities. Given its short length, the book does not delve very deeply into the continued operation of a formal vendor management program.

The main thrust of the first chapter is around preliminary vendor research. It shows how to identify vendors for specific products and build criteria for effective vendor selection.

An important point in chapter 1 is that the primary rule in vendor assessment and selection is to always keep your needs first in mind. Far too many organizations let the vendors drive the process, and in turn, the vendor will ensure that their needs are made primary.

One of the topics in chapter 3 is testing confidentiality. When comparing vendors, they will often swear that their product is secure; but will often not provide any details attesting to how secure it really is. The chapter shows how you can perform internal hands-on testing to ensure all of the promised security features do in truth work.

The book provides a lot of common sense advice that may not be intuitive to many people. One bit of invaluable advice to taking the steps to confirm that the vendor you are considering is not selling you gray or black market products. This is especially true for products from Cisco, Check Point and Juniper, which are rampant on the gray and black markets. While buying gray market products may initially be cheaper, they can be much more expensive in the long run when you find out that the warranties you paid for are worthless.

In chapter 4, the book does a good job of showing how to score vendors. It details how you can create questionnaires and use the data to assist in your selection. The chapter stresses that after all of the data is scored, weighted and sorted; you should not expect to find a vendor with a normalized score of 100%. More writes that if you do a good job of creating the right questions on the questionnaire, you will seldom see a vendor higher than the 80-90% range.

A good point the book makes in chapter 5 on testing, is that when a vendor requires you to sign an NDA prior to testing; such a request is a fundamental mark of mistrust. If the vendor is unwilling to negotiate the NDA, it may be worth replacing them with a vendor who is more willing to work with you.

After you have done all of the dirty work of a vendor selection, the book closes with a few pages on how to avoid vendor manipulation. It is not unusual for vendor to fudge the information they provide you with, which will skew the results in their favor.

Another point to consider in the vendor selection process is that vendors benefit greatly from lock-in. The harder they can make it for you to move to another vendor, the more likely they are to get annual renewals.

Selecting a vendor is not a trivial process, and it not intuitive to many organizations. Given the breadth of the topic, the book is a great place to start your work on this important process.

The book doesn't claim to be an all-inclusive resource for the topic. And at 80 pages, one should not expect it to be.

But for those looking to a highly tactical guide to start them on the road to vendor assessments, Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors is a most helpful book to start with.

Reviewed by Ben Rothke.

You can purchase Assessing Vendors: A Hands-On Guide to Assessing Infosec and IT Vendors from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Asiana Flight 214 from Seoul crashed while landing at San Francisco Airport today. Early reports suggest the plane was unstable as it touched down, which led to the tail of the plane breaking off. There are no official casualty reports yet, but passengers were seen walking off the plane. Preliminary estimates say one or two dead and 75 being transported to area hospitals. (Others are reporting two dead and several dozen injured.) Eyewitness report: "You heard a pop and you immediately saw a large, brief fireball that came out from underneath the aircraft," Anthony Castorani said on CNN. "At that moment, you could see that that aircraft was again starting to lift and it began to cartwheel [Ed: he likely means spinning horizontally, like a top]. The wing broke off on the left hand side. You could see the tail immediately fly off of the aircraft. As the aircraft cartwheeled, it then landed down and the other wing had broken." The media has estimated about 290 people were on board the plane. The top of the cabin was aflame at one point, but it's not known yet whether that affected the passengers. "Federal sources told NBC News that there was no indication of terrorism." Some images from the news make it look like the plane may have tried to touch down too early, hitting the seawall just before the runway.

An anonymous reader writes "Swedish startup Flattr, which offers an 'online tipjar' service, has announced it has added partial support for Bitcoin: you can now fund your account with the virtual currency. Furthermore, the company is considering adding the option to withdraw in Bitcoins too, but it first wants to gauge its community's desire for the feature on Twitter."

MarkWhittington writes "The International Astronomical Union announced on July 2, 2013 its picks to name the two recently discovered moons of Pluto, hitherto known as P4 and P5. They will now be known as Kerberos and Styx respectively. In Greek and Roman mythology Kerberos is the name of the mythological three headed hound that guards the entrance to the underworld. Styx is the name of the river that separated the underworld from the real world. The names, picked in a popular contest, were actually the second and third choices. The first choice was Vulcan, which was officially touted because it was the name of a Roman god who was a relative of Pluto's and was associated with fire and smoke. The real reason that Vulcan shot up to the top of the list was that was a choice by Star Trek fans in a campaign instigated by actor William Shatner, who played Captain James Kirk in the original series." Shatner is sad and may lead a revolt. Phil Plait wins the award for best headline for this news.

Koreantoast writes "In another interesting example of the increasing use and sophistication of social media by non-governmental organizations, the Somali-based Islamic insurgency al-Shabab live tweeted their latest attack, a suicide assault against a United Nations Development Programme (UNDP) facility in Mogadishu which left 15 dead. During the event, they denounced UNDP, tweeting during the attack that the UN is 'a merchant of death & a satanic force of evil, has a long inglorious record of spreading nothing but poverty, dependency & disbelief' and proceeded to mock newly appointed UN Representative Nicholas Kay who is to arrive in Somalia later this month. Also of note is their initiation of communications with various press entities including the AP, BBC and IHS Janes through Twitter. Hat tip to Foreign Policy magazine for the story."

Koreantoast writes "In another interesting example of the increasing use and sophistication of social media by non-governmental organizations, the Somali-based Islamic insurgency al-Shabab live tweeted their latest attack, a suicide assault against a United Nations Development Programme (UNDP) facility in Mogadishu which left 15 dead. During the event, they denounced UNDP, tweeting during the attack that the UN is 'a merchant of death & a satanic force of evil, has a long inglorious record of spreading nothing but poverty, dependency & disbelief' and proceeded to mock newly appointed UN Representative Nicholas Kay who is to arrive in Somalia later this month. Also of note is their initiation of communications with various press entities including the AP, BBC and IHS Janes through Twitter. Hat tip to Foreign Policy magazine for the story."

Koreantoast writes "In another interesting example of the increasing use and sophistication of social media by non-governmental organizations, the Somali-based Islamic insurgency al-Shabab live tweeted their latest attack, a suicide assault against a United Nations Development Programme (UNDP) facility in Mogadishu which left 15 dead. During the event, they denounced UNDP, tweeting during the attack that the UN is 'a merchant of death & a satanic force of evil, has a long inglorious record of spreading nothing but poverty, dependency & disbelief' and proceeded to mock newly appointed UN Representative Nicholas Kay who is to arrive in Somalia later this month. Also of note is their initiation of communications with various press entities including the AP, BBC and IHS Janes through Twitter. Hat tip to Foreign Policy magazine for the story."

benrothke writes "It's said that truth is stranger than fiction, as fiction has to make sense. Had The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests been written as a spy thriller, it would have been a fascinating novel of international intrigue. But the book is far from a novel. It's a dense, well-researched overview of China's cold-war like cyberwar tactics against the US to regain its past historical glory and world dominance." Read below for the rest of Ben's review. The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests author Dennis Poindexter pages 192 publisher McFarland rating 9/10 reviewer Ben Rothke ISBN 978-0786472710 summary Fascinating overview on the cyberwar with China Author Dennis Poindexter shows that Chinese espionage isn't made up of lone wolves. Rather it's under the directive and long-term planning of the Chinese government and military.

Many people growing up in the 1940's expressed the sentiment "we were poor, but didn't know it". Poindexter argues that we are in a cyberwar with China; but most people are oblivious to it.

Rather than being a polemic against China, Poindexter backs it up with extensive factual research. By the end of the book, the sheer number of guilty pleas by Chinese nationals alone should be a staggering wake-up call.

In February, Mandiant released their groundbreaking report APT1: Exposing One of Chinas Cyber Espionage Units, which focused on APT1, the most prolific Chinese cyber-espionage group that Mandiant tracked. APT1 has conducted a cyber-espionage campaign against a broad range of victims since at least 2006. The report has evidence linking them to China's 2nd Bureau of the People's Liberation Army.

China is using this cyberwar to their supreme advantage and as Poindexter writes on page 1: until we see ourselves in a war, we can't fight it effectively. Part of the challenge is that cyberwar does not fit the definition of what a war generally is because the Chinese have changed the nature of war to carry it out.

Poindexter makes his case in fewer than 200 pages and provides ample references in his detailed research; including many details, court cases and guilty verdicts of how the Chinese government and military work hand in hand to achieve their goals.

The book should of interest to everyone given the implications of what China is doing. If you are planning to set up shop in China, be it R&D, manufacturing or the like, read this book. If you have intellectual property or confidential data in China, read this book as you need to know the risks before you lose control of your data there.

Huawei Technologies, a Chinese multinational telecommunications equipment and services firm; now the largest telecommunications equipment maker in the world is detailed in the book. Poindexter details a few cases involving Huawei and writes that if Huawei isn't linked to Chinese intelligence, then it's the most persecuted company in the history of international trade.

The book details in chapter 2 the intersection between cyberwar and economic war. He writes that any foreign business in China is required to share detailed design documents with the Chinese government in order to do business there. For many firms, the short-term economic incentives blind them to the long-term risks of losing control of their data. The book notes that in the Cold War with Russia, the US understood what Russia was trying to do. The US therefore cut back trade with Russia, particularly in areas where there might be some military benefit to them. But the US isn't doing that with China.

Chapter 2 closes with a damming indictment where Poindexter writes that the Chinese steal our technology, rack up sales back to us, counterfeit our goods, take our jobs and own a good deal of our debt. The problem he notes is that too many people focus solely on the economic relations between the US and China, and ignore the underpinnings of large-scale cyber-espionage.

Chapter 6 details that the Chinese have developed a long-term approach. They have deployed numerous sleepers who often wait decades and only then work slowly and stealthily. A point Poindexter makes many times is that the Chinese think big, but move slow.

Chapter 7 is appropriately titles The New Cold War. In order to win this war, Poindexter suggest some radical steps to stop it. He notes that the US needs to limit trade with China to items we can't get anywhere else. He says not to supply China with the rope that will be used to hang the US on.

He writes that the Federal Government has to deal with the issue seriously and quickly, to protect its telecommunications interests so that China isn't able to cut it all off one day. He also notes that national security must no longer take a backseat to price and cheap labor.

Poindexter writes that the US Government must take a long-view to the solution and he writes that it will take 10 years to build up the type of forces that that would be needed to counter the business and government spying that the Chinese are doing.

Rachel Carson's Silent Spring is the archetypal wake-up call book. Poindexter has written his version of Silent Spring,but it's unlikely that any action will be taken. As the book notes, the Chinese are so blatantly open about their goals via cyber-espionage, and their denials of it so arrogant, that business as usual simply carries on.

The Chinese portray themselves as benevolent benefactors, much like the Kanamits in To Serve Man. Just as the benevolence of the Kanamits was a façade, so too is what is going on with the cold cyberwar with China.

The book is an eye-opening expose that details the working of the Chinese government and notes that for most of history, China was the world's dominating force. The Chinese have made it their goal to regain that dominance.

The book states what the Chinese are trying to accomplish and lays out the cold facts. Will there be a response to this fascinating book? Will Washington take action? Will they limit Chinese access to strategic US data? Given Washington is operating in a mode of sequestration, the answer should be obvious.

The message detailed in The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests should be a wake-up call. But given that it is currently ranked #266,881 on Amazon, it seems as if most of America is sleeping through this threat.

Reviewed by Ben Rothke

You can purchase The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

dp619 writes "License-free software has become a thing. Only 14.9% of repositories on GitHub have a license, according to recent Software Freedom Law Center research. Red Monk has observed that this trend is occurring principally among younger software developers. Outercurve Foundation technical evangelist Eric Schultz has offered up his opinion, saying, 'As an active developer I want to add a slightly different perspective on the dangers of releasing unlicensed software. My perspective is based on a simple phrase: "Your License Is Your Interface."' He adds, 'A license similarly defines the interaction between the software, or more precisely the creators of the software, and users. Just like an interface, a license defines intended behavior of users of the software, such as the four essential freedoms or the ten pillars of the Open Source Definition. Just like an interface, a license prevents unintended behavior of users of the software, which depending on the open source license, may disclaim the original author of liability for use of the software, prohibit redistribution without recognizing the original author or prohibit distribution of derivatives under a more restrictive license. When it comes to legal use and distribution of your software, your license IS your interface.'"

anagama writes "NSA officials have repeatedly denied under oath to Congress that even producing an estimate of the number of Americans caught up in its surveillance is impossible. Leaked screenshots of an NSA application that does exactly that, prove that the NSA flat out lied (surprise). Glenn Greenwald continues his relentless attacks with another bombshell this time exposing Boundless Informant. Interestingly, the NSA spies more on America than China according to the heat map. Representative Wyden had sought amendments to FISA reauthorization bill that would have required the NSA to provide information like this (hence the NSA's lies), but Obama and Feinstein demanded a pure reauthorization of FISA, which they got at the end of 2012." And if you don't mind that you might have your name on yet another special list, you might enjoy this Twitter-based take on the ongoing news.

benrothke writes "Phil Lapsley calls his book 'the untold story of the teenagers and outlaws who hacked Ma Bell.' The story is an old one, going back to the early 1960's. Lapsley was able to track down many of the original phone phreaks and get their story. Many of them, even though the years have passed, asked Lapsley not to use their real names." Read below for the rest of Ben's review. Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell author Phil Lapsley. Foreword by Steve Wozniak pages 416 publisher Grove Press rating 9/10 reviewer Ben Rothke ISBN 978-0802120618 summary Fascinating story of the early phone phreaks While parts of the story have been told before, Lapsley's far-reaching research brings many of the central characters into a single read, resulting in an extremely interesting and engrossing read.

When Alexander Graham Bell created his harmonic telegraph, which would later turn into the telephone, it was like the Internet, built for functionality, with no inherent security controls. Those security vulnerabilities were begging to be found, and when they were discovered by the phone phreaks, it was a wake-up call to AT&T.

Defining a phone phreak is like defining a hacker; it means different things to different people. Lapsley defines it as "someone who loves exploring the telephone system and experimenting with it to understand how it works.

What the phone phreaks did was to spend endless hours dialing different numbers to understand how the inner-workings of the telephone system operated. Meaningless sounds to most people were music to the phreaks as they could determine how calls were routed via these tones.

Many of the phreaks practiced what is today known as social engineering and would impersonate phone company employees and technicians.

The devices that enabled them to make phone calls were called black boxes, blue boxes, and red boxes. The book notes that Steve Wozniak (who wrote the forward to the book) and Steve Jobs sold blue boxes before they started Apple. In fact, Jobs is quoted as saying that if they hadn't built blue boxes, there wouldn't have been an Apple.

The book has many layers to it. One part is an interesting history of the telephone and long-distance communications. It then segues into phone phreaks, who much like early computer hackers, used the phone network as a portal for exploration and hacking. The vast majority of the phone phreaks did it for the thrill, rather than just to make free phone calls.

One of the things the phone phreaks did was to read as much corporate documentation and manuals (obtained both legally and serendipitously) as they could. Lapsley notes that many of the technical documents that the phone company shared were in truth highly confidential.

As AT&T was a monopoly with zero competition, the notion that someone would use their own technical documentation against them was unheard of. Lapsley writes that for reasons of corporate pride, national service and public relations, AT&T felt an obligation to share its latest and greatest technical feats with the public. For that reason, the Bell System Technical Journal was required reading for every phone phreak.

The web site for the book has available many of the technical documents detailed in the book that played a role in the development of phone phreaking.

The book details many similarities between the phone phreaks and the early Internet hackers. While law enforcement stated that Kevin Mitnick could launch missiles via whistling into the phone, law enforcement called the phone phreaks a public menace, mentally unstable, a national threat and much more.

Like early hackers, the phone phreaks showed how engineering insiders are often the last to know what is actually possible with the systems they design. Lapsley noted that part of the problem was pride, in that Bell Labs had created the public telephone switching network, and they didn't want to admit how vulnerable it was. Its engineers were spring-loaded to disbelieve reports to the contrary.

Another advantage the phone phreaks, like hackers, had is that the Bells Labs engineers only looked at the systems as how it was supposed to work. That blinded them to how the system actually did work and how it could be made to do things it was never designed to do,

The results were that they couldn't see the holes in their own network; holes that a blind teenager found. Even when that blind teenage told them of the problem, (the book tells the story of Joe Engressia), they didn't understand it when first described to them.

The book describes another major technical security oversight made by AT&T in 1970 with the introduction of the telephone credit card. Lapsley writes that fraud was epidemic as AT&T's credit card numbering system was a bad joke from a security perspective. The card numbers were easy to guess and highly predictable resulting in millions of dollars of related fraudulent calls.

One of the main recurring characters in the book is John Draper, better known as Captain Crunch. Draper made a lot of money as a legitimate software engineer, but lost it due to his business naiveté and personal demons. Draper had numerous arrests related to phone phreaking and served time in prison.

The book notes that Draper's arrest in 1976 is a textbook case of how not to deal with the FBI when arrested. One of the incredulous things Draper did when he was read his rights was to waive them. While the FBI didn't have a search warrant, he voluntarily allowed them to search his apartment and Volkswagen Van, where incriminating evidence was indeed discovered.

While Draper was later convicted, the book quotes a fascinating observation by a phone company employee in that 90% of the phone phreak and hacker cases, law enforcement in fact had no criminal case. Most of the evidence they had was things they couldn't be prosecuted for. Either there was no legitimate crime on the books or all they had was the phone phreaks confession, but no tangible evidence.

It wasn't just the phone phreaks who were raising havoc on the phone company networks. The book writes of others who used black boxes and blue boxes for free calls. From Mafia bookies, to the Hare Krishna movement making fraudulent long-distance phone calls.

The book closes in 1982 when the US Dept. of Justice and AT&T came to an agreement to break up Ma Bell in the Baby Bells.

Lapsley has a degree in electrical engineering from UC. Berkeley so he as a deep first-hand understanding of the technology he is writing about. He also has the unique ability to write about bland technical topics and make them both engaging and comprehensible. He understands directly the curiosity the phone phreaks had and the passion to understand the inner workings of the phone system.

For a book that ends over 30 years ago, Phil Lapsley does a superb job of writing the story of the glory days of phone phreaking. In 2013, the notion of a domestic long-distance call is for the most not in anyone's lexicon. But making free long-distance calls was the mantra of the phone phreaks.

Exploding the Phoneis the first comprehensive history of the era of phone phreaking and Lapsley has done a masterful job a making the story fascinating and readable.

Reviewed by Ben Rothke.

You can purchase Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "This is a new one, twitter as a form of historical reenactment: 'Israel's army is giving a "live" blow-by-blow account of the 1967 Six Day War, tweeting each air strike at the exact time it occurred 46 years ago ... @IDF1967 "is an official Israel Defence Forces account that is aimed at re-tweeting the events of the Six Day War in live time", ... The account was tweeting key events in the battle against the armies of Egypt, Jordan and Syria that took place from June 5 to 10, 1967 and includes pictures and videos, the army said. The tweets are mostly in Hebrew, with some translated into English. "In response to repeated provocations by Egypt, the State of Israel and the IDF are going to war. We will not sit idly as the enemy forces tighten the noose around our necks," the opening tweet said around 8.00am (1500 AEST) on Wednesday when Israel landed its first preemptive air strike 46 years ago.'"

Nyder writes "Kim Dotcom posted via Twitter, with a link to Torrentfreak, that he owns a security patent US6078908, titled 'Method for authorizing in data transmission systems.'" Techdirt points out that Dotcom isn't just asking for financial help: Instead, he's asking companies which use two-factor authentication "to help fund his defense, in exchange for not getting sued for the patent. He points out that his actual funds are still frozen by the DOJ and (more importantly) that his case actually matters a great deal to Google, Facebook and Twitter, because the eventual ruling will likely set a precedent that may impact them -- especially around the DMCA." Update: 05/23 14:23 GMT by T : Why is this relevant to Twitter? If you're not an active Twitter user, you might not realize that (after some well publicized twitter-account hijackings), the company is trying to regain some ground on security. Nerval's Lobster writes "Twitter is now offering two-factor authentication, a feature that could help prevent embarrassing security breaches. Twitter users interested in activating two-factor authentication will need to head over to their account settings page and click the checkbox beside 'Require a verification code when I sign in.'"

benrothke writes "Had Locked Down: Information Security for Lawyers not been published by the American Bar Association (ABA) and 2 of its 3 authors not been attorneys; one would have thought the book is a reproach against attorneys for their obliviousness towards information security and privacy. In numerous places, the book notes that lawyers are often clueless when it comes to digital security. With that, the book is a long-overdue and valuable information security reference for anyone, not just lawyers." Read below for the rest of Ben's review. Locked Down: Information Security for Lawyers author Sharon Nelson, David Ries, John Simek pages 319 publisher American Bar Association rating 9/10 reviewer Ben Rothke ISBN 978-1614383642 summary Required reading for all lawyers Such a title is needed as the legal field has embraced digital technology. Wireless (often insecure) networks are pervasive in corporate offices throughout legal America.

The underlying problem is that while attorneys often know the intricacies of tort law, court proceedings and the like; they are utterly unaware of the information security and privacy risks surrounding the very technologies they are using. In many firms, the lawyers think that someone is protecting their data, but don't understand their requirements around those areas of data protection.

Legal IT systems are a treasure trove of personal data. Many small law firms are extremely attractive to identity thieves gives their systems have significant amount of personal information via social security numbers, credit card information, birth dates, financial information and much more. Small law firms are notorious for weak information security controls and attackers will scan those systems and networks for vulnerabilities.

A pervasive aspect of the book is ABA rule 1.6 regarding the confidentiality of information regarding client-lawyer relationships. The rule requires that a lawyer not reveal information relating to the representation of a client unless the client gives informed consent. The lawyer though can reveal information relating to the representation of a client to the extent the lawyer reasonably believes necessary. The myriad details of 1.6 can be left to the bar association to enforce, suffice to say that a lawyer can find themselves on the wrong side of the law if they are not careful with information security controls.

The authors note that although lawyers are all well aware of rule 1.6, the challenge is how to keep client data secure in the digital age. In a world of paper, things were much easier and cheaper This is why the authors note that so many otherwise competent layers fails so miserably in reference to their duty to maintain the confidentiality of digital client data.

The book quotes an ABA 2011 technology survey in which 21% of large law firms reported that their firm had experiences some sort of security breach, and 15% of all firms reported that they suffered a security breach. It is figures like those which show that attorneys really need to read this book and take the information to heart.

The books 17 chapters are in a readable 150 pages, with an additional 120 pages of appendices. Written in an easily understandable style and non-technical for the technologically challenge lawyer.

When it comes to the security of client data, in chapter 4 the authors write that encryption is a topic that most attorneys don't want to touch with a ten-foot pole. But it has reached a point where attorneys must understand how and when encryption should be used. Just as important, they need to know about key managements, and what good encryption is. The chapter provides a high-level detail on what needs to be done regarding encryption.

Chapter 13 is on secure disposal, is an important topic to everyone, and not just lawyers. Digital media needs to be effectively disposed of; and for many lawyers, they often think that means reformatting a hard drive or simply erasing files. The chapter effectively details the issues and offers numerous valuable hardware and software-based solutions.

Chapter 14 on outsourcing and cloud computing is an area where too many attorneys are oblivious to of the security and privacy risks. For example, the authors advise attorneys against the use of the free Gmail service since the terms of service allow Google to do anything it wants with the data. That opens a Pandora's Box when it comes to securing client data. The authors advise to use premium Google business versions, so attorneys can stay in control of their data with added security and privacy features.

Two omissions in chapters 13 and 14 are that the authors don't reference NAID (National Association for Information Destruction) or the CSA (Cloud Security Alliance (CSA).

Firms that outsource their digital disposal to non-NAID certified firms run the risk of having a glorified recycler do their work. As to NAID, it is an international trade association for companies providing information destruction services. NAIDs mission is to promote the information destruction industry and the standards and ethics of its member companies; while the mission of the CSA is to promote the use of best practices for providing security assurance within cloud computing and to provide education on the uses of cloud computing to help secure all other forms of computing.

The authors include many real-world stories and case law to reinforce their point.

The book closes with a number of appendices on various rules from the FTC, state information protection regulations, the SANS Institute glossary of security terms and more.

For the lawyer looking for an easy to read introduction to nearly everything they need to know about information security and privacy, the book is a great resource.

The book closes with the note that since lawyers have an ethical duty to protect their client's data, they have no choice but to keep themselves as well educated as possible.

For the attorney that wants to ensure their requirements remain current and are looking for an easy to read introduction about information security and privacy Locked Down: Information Security for Lawyers should be considered required reading.

Reviewed by Ben Rothke.

You can purchase Locked Down: Information Security for Lawyers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "One of the challenges in reading The Plateau Effect: Getting from Stuck to Success is figuring how to classify it. Amazon has it ranked mainly in applied psychology, but also time management and inexplicable personal finance. In some ways it is all of the above and more. In fewer than 300 pages, the authors reference myriad different areas of science, mathematics, psychology and more; in the effort to show the reader how they can elevate themselves from the stuff in life that glues them to the status quo." Read below for the rest of Ben's review. The Plateau Effect: Getting from Stuck to Success author Bob Sullivan and Hugh Thompson pages 320 publisher Dutton rating 8/10 reviewer Ben Rothke ISBN 978-0525952800 summary Book shows how to learn to identify plateaus and break through any stagnancy in your life. Full disclosure: I am friends with Hugh Thompson, one of the authors of this book.

With that, the premise of the book is that the plateau effect is something that affects everyone. We all have our ups and down in life, relationships, work and more. The book attempts to help the reader identify plateaus in their life, in order to break through them.

While a plateau is often simply flat terrain, the authors are all over the terrain in the book. They quote and reference liberally from science, statistics, life sciences, psychology, ethics, information technology and much more. From that end, the book is a fascinating and insightful read.

At the start of the book, the authors use the term acclimation to refer to the plateaus that many of us reach. This is the inability to notice changes in the environment around us. To a degree, acclimation is a critical element of our lives. If everything was brand new, life would be overwhelming; both to our senses and psyche. The downside is that this acclimation often leads us to accepting things the way they are, staying at the plateau, getting stuck and the inability to move forward.

The authors note that a real plateau means that you have stopped growing and that your mind and senses are being dulled by sameness; by a routine that sucks the life and soul out of you. Plateaus force you to make bad decisions and feel desperate. By understanding the force and tapping into it, you can get more out of life with less effort, and feel more in tune to your existence. If this scares you that the book sounds like a new-age title, relax, it is far from it, thankfully.

Chapter 3 is one of the many fascinating sections in the book where the authors detail the greedy algorithm, where the locally optimal choice is what is generally preferred. They tie this into the Gekko mantra of greed being good. But note that research has shown that long-term greed is good, but short-term greed, the type that maximizes the here and now seems to work for a while but almost always leads to a plateau. And as you realize, plateaus are bad.

Chapter 5 details flow mechanisms, step functions and choke points. Author Hugh Thompson is a mathematician and it's obvious this chapter is his baby. A choke point is a part of a system that breaks first and slows everything else down. The book notes that a common cause of plateaus is not recognizing when and where choke points will occur.

Chapter 6 is another fascinating chapter that details people's inability to effectively deal with risk. The example given is around shark attacks. While the risk of shark attack is extraordinarily low, the media often makes it seem like an epidemic, and the gullible populace overreacts. The authors give many examples of where people don't comprehend risk and statistics. The authors note that people buy lottery tickets, often described as a tax on the mathematically disinclined, despite knowing the odds. They also write that due to various factors, people and society have become overly risk-averse, not realizing how risky that is.

While not new, chapter 7 details the problems with multitasking and its illusions of productivity. The authors quote Jordon Grafman, chief of the cognitive neuroscience section of the National Institute of Neurological Disorders and Stroke who states that multitasking is actually a misnomer. He terms it rapid toggling between tasks. The downside to this rapid toggling is that people become less effective and productive. The reality they show is that people can't multitask.

While the book is indeed a fascinating and valuable read, some readers may find it somewhat frustrating that the authors at times can seem like they are all over the place, quoting and integrating different facets of science and psychology. While the theme of the book is plateaus, there is not always a discernible sense of unity between all of the examples.

Another lacking is the shortage of prescriptive actions the reader can take. For the reader who may be indifferent to their need for change, the book may not be of full value to then. It would have been appreciated if the authors could have created action items and exercises for each chapter.

But perhaps the best advice is on the 3rd to the last page of the book. The authors note that if your company is stuck and has plateaued, and unable to get past some vexing problems. What should you do? Tell the type A's in the room to be quiet for a while and set out some frontline introvert an ask for their advice. Giving voice to the quietest person in the room might be the most unique exercise a firm undertakes.

With that, The Plateau Effect: Getting from Stuck to Success is an extremely stimulating read. For the reader who wants to grow and move off their plateau, this will certainly help them. The book promises to help the reader unstick themselves from the things in life that weigh them down. It certainly lives up to its promise and makes for a fascinating read.

About the reviewer: Ben Rothke.

You can purchase The Plateau Effect: Getting from Stuck to Success from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

First time accepted submitter He Who Has No Name writes "While the ATF appears to have no open objection to 3D printed firearms at this time, the Department of Defense apparently does. A short while ago, '#DEFCAD has gone dark at the request of the Department of Defense Trade Controls. Take it up with the Secretary of State' appeared on the group's site, and download links for files hosted there began to give users popups warning of the DoD takeover." Well, that didn't take long. Note: As of this writing, the site is returning an error, rather than the message above, but founder Cody Wilson has posted a similar message to twitter. At least the Commander in Chief is in town to deliver the message personally. Update: 05/09 21:17 GMT by T : Tweet aside, that should be Department of State, rather than Department of Defense, as many readers have pointed out. (Thanks!)

Tesla Motors CEO Elon Musk has been thinking about bringing autonomous driving technology to Tesla's electric cars. Quoting Bloomberg: "Musk, 41, said technologies that can take over for drivers are a logical step in the evolution of cars. He has talked with Google about the self-driving technology it’s been developing, though he prefers to think of applications that are more like an airplane’s autopilot system. 'I like the word autopilot more than I like the word self- driving,' Musk said in an interview. 'Self-driving sounds like it’s going to do something you don’t want it to do. Autopilot is a good thing to have in planes, and we should have it in cars.' ... Google’s approach builds on a push for the driverless-car technology long pursued by the U.S. military’s Defense Advanced Research Projects Agency, which held vehicle competitions for carmakers and research labs. Anthony Levandowski, product manager for Google’s self-driving car project, has said the company expects to release the technology within five years. 'The problem with Google’s current approach is that the sensor system is too expensive,' Musk said. 'It’s better to have an optical system, basically cameras with software that is able to figure out what’s going on just by looking at things.' ... 'I think Tesla will most likely develop its own autopilot system for the car, as I think it should be camera-based, not Lidar-based,' Musk said yesterday in an e-mail. 'However, it is also possible that we do something jointly with Google.'" Musk later warned not to take this as an actual announcement.

New submitter cute_orc writes "The International Space Station has been hit by a small object. Chris Hadfield, an astronaut currently on the ISS, described it in his Twitter feed as 'a small stone from the universe.' He also said he was glad it didn't hit the hull. Jim Scotti, a planetary scientist from the University of Arizona, thinks the object may have had a different origin: 'It's unlikely this was caused by a meteor; more likely a piece of man-made space debris in low Earth orbit.'"

theodp writes "During the night, The Tech broke news that gunshots were reported at MIT near 32 Vassar Street (the Ray and Maria Stata Center for Computer, Information, and Intelligence Sciences), and one officer was shot and taken to Mass General Hospital. MIT's Emergency Information page also reports that injuries have been reported. Sadly, CNN is now reporting that the university police officer has died. Look for updates on Twitter." The two suspects identified earlier as being behind the Boston Marathon bombings are believed to be responsible for this. They were found by police. One suspect, 26-year-old Tamerlan Tsarnaev, was killed in a shootout. The other suspect, 19-year-old Dzhokhar Tsarnaev, is still being pursued. The Associated Press reports that the two are believed to be from the Russian region near Chechnya. During the firefight, the suspects threw explosive devices at police. Public transit in Boston has been shut down, and hundreds of thousands of people have been asked to not leave their homes. Here are live feed for local TV news and emergency services audio. Police have been warned that the remaining suspect may have a suicide vest.

Reader Okian Warrior points out a related story worthy of notice: "The 4chan crowd, poring over images of the Boston marathon, identified two dark-skinned and bag-carrying suspects (among others). This was then picked up by The New York Post, who ran the image on Thursday's front page with the headline 'Feds seek these two pictured at Boston Marathon.' And now, a completely innocent teen now finds himself scared to leave his home."