Slashdot Mirror

david_a_eaves writes "The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army." Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."

James Cho writes "Through a decade of painstaking reverse engineering, trucker John Coster-Mullen built the first accurate replica of the Hiroshima bomb. His work yielded a new history of the first nukes, 'Atom Bombs: The Top Secret Inside Story of Little Boy and Fat Man,' with historian Robert Norris saying, 'Nothing else in the Manhattan Project literature comes close.' Philip Morrison, one of the physicists who helped invent the bomb, deemed it 'a remarkable job.'"

Hugh Pickens writes "The city has always been an engine of intellectual life and the 'concentration of social interactions' is largely responsible for urban creativity and innovation. But now scientists are finding that being in an urban environment impairs our basic mental processes. After spending a few minutes on a crowded city street, the brain is less able to hold things in memory and suffers from reduced self-control. 'The mind is a limited machine,' says psychologist Marc Berman. 'And we're beginning to understand the different ways that a city can exceed those limitations.' Consider everything your brain has to keep track of as you walk down a busy city street. A city is so overstuffed with stimuli that we need to redirect our attention constantly so that we aren't distracted by irrelevant things. This sort of controlled perception — we are telling the mind what to pay attention to — takes energy and effort. Natural settings don't require the same amount of cognitive effort. A study at the University of Michigan found memory performance and attention spans improved by 20 percent after people spent an hour interacting with nature. 'It's not an accident that Central Park is in the middle of Manhattan,' says Berman. 'They needed to put a park there.'"

Julie188 writes "Slow-moving ocean and river currents could be a new, reliable and affordable alternative energy source. A University of Michigan engineer, Michael Bernitsas, has made a machine that works like a fish to turn potentially destructive vibrations in fluid flows into clean, renewable power. This is is the first known device that could harness energy from most of the water currents around the globe because it works in flows moving slower than 2 knots (about 2.3 miles per hour). Most of the Earth's currents are slower than 3 knots. Turbines and water mills need an average of 5 or 6 knots to operate efficiently. Further details and a few brief movies of the technology are available, as well as a video explanation by Professor Bernitsas himself."

Julie188 writes "Slow-moving ocean and river currents could be a new, reliable and affordable alternative energy source. A University of Michigan engineer, Michael Bernitsas, has made a machine that works like a fish to turn potentially destructive vibrations in fluid flows into clean, renewable power. This is is the first known device that could harness energy from most of the water currents around the globe because it works in flows moving slower than 2 knots (about 2.3 miles per hour). Most of the Earth's currents are slower than 3 knots. Turbines and water mills need an average of 5 or 6 knots to operate efficiently. Further details and a few brief movies of the technology are available, as well as a video explanation by Professor Bernitsas himself."

An anonymous reader writes "The University of Michigan Solar Car Team won the 2008 North American Solar Challenge, crossing the finish line in Alberta, Canada on Tuesday after more than 50 hours of racing over nine days. The team successfully defended their title from 2005, the last year the race was held. Final results have been posted on the North American Solar Challenge website and will be officially announced at an award ceremony later today."

Roland Piquepaille writes "University of Michigan (U-M) researchers have developed an ultra low power microchip which 'uses 30,000 times less power in sleep mode and 10 times less in active mode than comparable chips now on the market.' It only consumes 30 picowatts in sleep mode, which means that a simple watch battery could power the chip for more than 200 years. Of course, this is not a processor for your next computer. It is designed for sensor-based devices such as medical implants, environment monitors or surveillance equipment. However, the design is very clever." Roland's blog has some more information, including a die picture of the chip, known as the Phoenix.

ktulus cry brings news of a device that can power portable gadgets, prosthetic joints, and other mobile appliances by harvesting energy generated by walking. Researchers are working on making the device — still a moderately cumbersome 3.5 pounds — smaller while maintaining its energy harvesting capacity. CNet has a write-up with more pictures and a diagram of the device. "In the mode in which the brace is only activated while the knee is braking, the subjects required less than one watt of extra metabolic power for each watt of electricity they generated. A typical hand-crank generator, for comparison, takes an average of 6.4 watts of metabolic power to generate one watt of electricity because of inefficiencies of muscles and generators. A lighter version would be helpful to hikers or soldiers who don't have easy access to electricity. And the scientists say similar mechanisms could be built into prosthetic knees other implantable devices such as pacemakers or neurotransmitters that today require a battery, and periodic surgery to replace that battery."

Roland Piquepaille points out a news release from the University of Michigan where researchers are looking to birds and bats for insights into aerospace engineering. Wei Shyy and his colleagues are learning from solutions developed by nature and applying them to the technology of flight. A presentation on this topic was also given at the 2005 TED conference. From the news release: "The roll rate of the aerobatic A-4 Skyhawk plane is about 720 degrees per second. The roll rate of a barn swallow exceeds 5,000 degrees per second. Select military aircraft can withstand gravitational forces of 8-10 G. Many birds routinely experience positive G-forces greater than 10 G and up to 14 G. Flapping flight is inherently unsteady, but that's why it works so well. Birds, bats and insects fly in a messy environment full of gusts traveling at speeds similar to their own. Yet they can react almost instantaneously and adapt with their flexible wings."

Roland Piquepaille writes "A new composite plastic built layer by layer has been created by engineers at the University of Michigan. This plastic is as strong as steel. It has been built the same way as mother-of-pearl, and shows similar strength. Interestingly, this 300-layer plastic has been built with 'strong' nanosheets of clay and a 'fragile' polymer called polyvinyl alcohol (PVA), commonly used in paints and glue, which acts as 'Velcro' to envelop the nanoparticles. This new plastic could soon be used to design light but strong armors for soldiers or police officers. The researchers also think this material could be used in biomedical sensors and unmanned aircraft."

An anonymous reader writes "University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release."

ppadala writes "AT&T is upgrading their phone lines to offer video programmes over phone line. The service, called U-verse TV will be available in parts of Southern California communities initially. Channel lineups will be similar to traditional cable and dish offerings. AT&T is insisting that, 'This offering is on par with those of its cable rivals. But AT&T claims that it offers customers more for their money, including fast channel changing, video-on-demand, three set-top boxes, a digital video recorder, a picture-in-picture feature that allows viewers to surf channels without switching channels and an interactive program guide.'"

ppadala writes "While research from PEW Internet (PDF) shows that few users really are bothered by spam, IETF is supporting a public key cryptographic based e-mail authentication mechanism called DomainKeys Identified Mail (DKIM) Signatures . The new spec is supposed to help in fighting both spam and fraud. From Ars Technica: 'DKIM's precursor, DomainKeys, was originally developed by Yahoo. The specifications for DKIM were then extended by an informal group of IT organizations that included companies like Yahoo, Cisco, EarthLink, Microsoft, and VeriSign, among others. It was first submitted by the group to the IETF in mid-2005, but only recently published by the IETF. The spec is still to be incorporated into a more formal draft and submitted for approval, however.'"

ppadala writes "Google today unveiled its uber search which allows you to search for text, images, news etc. together. This is the result of unifying various search engines that Google developed for web, images, news etc. Google's main page and the results page are also sporting a polished look with a top menu bar sporting various search items."

obtuse writes "With a finding that may explain Internet trolls — or at least building contractors — U. of Michigan researchers have discovered that individuals with high levels of testosterone find an angry face rewarding. In their experiments, this was true even if the angry image was perceived subliminally so that the subjects didn't register it consciously."

handle writes "You can help choose 'The Best of Technology Writing 2007' for an upcoming anthology to be published by The University of Michigan Press and University of Michigan Library. Visit us to nominate your favorite articles, essays and blog posts. The 2006 edition has been published, and you can read it online free (as in beer)."

handle writes "You can help choose 'The Best of Technology Writing 2007' for an upcoming anthology to be published by The University of Michigan Press and University of Michigan Library. Visit us to nominate your favorite articles, essays and blog posts. The 2006 edition has been published, and you can read it online free (as in beer)."

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories including the Supreme Court declines Falwell's appeal, GP2X now shipping in the US, a new version of Systrace released, Lessig and Stallman look back at Sun's OpenDRM, NASA jumps on the anti-matter propulsion bandwagon, GoDaddy donates $10,000 to OpenSSH, Ellison explains why he would NOT acquire Novell or Red Hat, and pictures of the Ball State wireless 'sculpture' -- Read on for details.

The Supreme Court declines Falwell's Appeal. yEvb0 writes "The US Supreme Court has refused to hear the appeal of Jerry Falwell, who claims that "gripe site" http://www.fallwell.com/ infringes on his trademark by luring surfers away from his own site. Despite winning a case in federal court, the 4th U.S. Circuit Court of Appeals disagreed with Falwell last year and said that operator Christopher Lamparello was free to operate his site about Falwell's views on gays because he 'clearly created his Web site intending only to provide a forum to criticize ideas, not to steal customers.'"

GP2X now shipping in the US. An anonymous reader writes "The Gamepark GP2X, a Linux-based handheld gaming platform that runs native and emulated games, is now shipping in the US, according to LinuxDevices. The device can reportedly run more than a thousand classic arcade games, through open-source console game emulators such as MAME, SNES, Genesis, and PC Engine. It has a 3.5-inch QVGA (320x240) color TFT LCD screen, and includes a media player supporting MPEG, JPEG, and MP3 formats."

New version of Systrace released. Niels writes "I just recently released a new version of Systrace that runs on Linux without requiring any kernel patches. I termed it the Phoenix release because it has been almost three years since I did any work on Systrace. However, I finally had the need to do some sandboxing on Linux without being able to change the kernel. So, voila, after a few late nights, here we go: Systrace for Linux using a ptrace back end."

Lessig and Stallman look back at Sun's OpenDRM. H4x0r Jim Duggan writes "The Register has an excellent article featuring Lessig and Stallman on 'Open Source' DRM. The spark for the article came from comments made about Sun's 'OpenDRM' by Lessig which were not wholly negative and were interpreted by some as an endorsement. Lessig clarifies: 'There's no disagreement about where we should end up - No DRM.'"

NASA jumps on the anti-matter propulsion bandwagon. steveo777 writes "NASA has an interesting read about creating yet another form of rocket propulsion. They plan on using Anti-electrons (positrons) combine with normal electrons to release enough energy to fuel the way to Mars and back. Its byproduct will be lower energy gamma radiation. From the article, '"Our advanced designs, like the gas core and the ablative engine concepts, could take astronauts to Mars in half that time, and perhaps even in as little as 45 days," said Kirby Meyer, an engineer with Positronics Research on the study.'"

GoDaddy donates $10,000 to OpenSSH. wcbrown writes "Go Daddy has donated $10,000 to the OpenSSH project, which is apparently used extensively within the company." This is another great donation in what hopefully will continue to be a trend within the community. No word on when the blinking will stop.

Ellison explains why he would NOT acquire Novell or Red Hat. Robert writes to tell us CBROnline is reporting that a recent statement by Larry Ellison covered so extensively in the news regarding speculation about why Oracle might be "planning to buy Novell or Red Hat" may have been a little off base. The full transcript of his interview with the FT is illuminating precisely because it reveals why the company would NOT acquire either Novell or Red Hat, and - apparently - why the company did not buy JBoss.

Pictures of the Ball State Wireless 'sculpture'. popeguilty writes "Slashdot readers may recall the story about the Wireless 'Sculpture' at Ball State University. The artwork is up and running, and I've got a few pictures posted for general consumption."

James Cho writes "There are more science and engineering students than ever, says one Newsweek journalist. Inflated counts of Chinese and Indian students have created the myth of the U.S. science gap. While no gap exists yet, an exodus of retiring U.S. scientists could create one." From the article: "...a country's capacity for scientific and commercial innovation does not correlate directly with its number of scientists and engineers. Hard work, imagination and business practices also matter."

LithiumX writes "This morning I saw a video demonstration of the most interesting input technology I've seen for a long time. This is a touch-screen that accepts inputs from multiple (I saw at least 8) points at once. It seems very responsive, the display is large and of decent resolution, and they actually wrote software to take advantage of it. It appears to be entirely research at the moment. I'd offer up organs for one of these things."

Roland Piquepaille writes "One of the ways to reduce greenhouse gas emissions is to capture carbon dioxide at its source, when it is emitted from power plants for example, and to store it in other places, such as depleted oil and gas reservoirs or even the ocean after liquefaction. But, according to Youxue Zhang, a professor at the University of Michigan, there are pitfalls in this last plan. If the carbon dioxide is not injected deep enough, it can come back to the surface and return to the atmosphere, which is obviously not the desired goal. But, even worse, the liquid-to-gas conversion could happen too suddenly, which could cause a potentially dangerous eruption. So Zhang has developed a model which shows that liquid CO2 would have to be injected to a depth of between 800 and 3,000 meters to keep it from escaping from the ocean."

PhysicsDavid writes to tell us about an article in Symmetry magazine. Jan-Henrik Anderson, a designer with a background in architecture, has collaborated with several particle physicists to develop visual representations of particles based on their physical characteristics. It is the closest most will ever get to 'seeing' a top quark.

Some guy writes "Having acquired IBM's PC division, Lenovo will become the first major reseller of blade desktops. Blade desktops feature only input devices and a 'networking unit,' connecting to a blade server for computational power. Such thin client designs reduce support needs and cluttered desk space, but require complex deployments to work well."

Some Guy writes "A high school in Vail will become the state's first all-wireless, all-laptop public school this fall. The 350 students at the school will not have traditional textbooks. Instead, they will use electronic and online articles as part of more traditional teacher lesson plans."

John Pratt writes "FredCK, developer of the popular FCKEditor, recently raised $600 from supporters through Fundable to port his open source HTML editor to Safari. Fundable is a new site that lets groups of people pool money for specific purposes, like software features. Unlike generic donation dropboxes (such as PayPal buttons), if a group's targeted collection isn't reached after 2 or 4 weeks, everyone gets a complete refund." Newsforge has a piece discussing the site as well.

james tech writes "The Virgo Consortium recently completed its massive "Millennium Simulation", tracing the universe's evolution from its early origins to present day. To simplify the computations, they considered only dark matter which composes most of the universe. Using a 512-node cluster with IBM processors, the group produced over 20 terabytes of data with some of the most breathtaking images of the universe never seen. A visible matter simulation is underway, at a lower resolution."

jamestech writes "Over the weekend, Wired magazine held its 'NextFest' in Chicago, a demonstration of what the future supposedly holds. Arstechnica's Hannibal visited NextFest, and was not impressed. Regarding a dolphin-shaped water vehicle and exoskeletons for the old, he notes, 'if you're being pursued by a senior citizen then you can use the dolphin to escape.' Wired's been more about style rather than tech since the late 90s, but have they finally dropped science in favor of science fiction?"

An anonymous reader writes "University of Michigan scientists have created the nanotechnology equivalent of a Trojan horse to smuggle a powerful chemotherapeutic drug inside tumor cells - increasing the drug's cancer-killing activity and reducing its toxic side effects." From the article: "The drug delivery vehicle used by U-M scientists is a manmade polymer molecule called a dendrimer. Less than five nanometers in diameter, these dendrimers are small enough to slip through tiny openings in cell membranes. One nanometer equals one-billionth of a meter, which means it would take 100,000 nanometers lined up side-by-side to equal the diameter of a human hair."

norburym writes " Essential Mac OS X Server Administration, written by Michael Bartosh and Ryan Faas, has been eagerly anticipated by the OS X Panther Server community. The wait is finally over and the authors have satisfied their audience with a meticulously written and detailed volume on OS X Server administration. This is not a book for the beginner: if you're an IT professional with an OS X Server deployment and want to gain a thorough understanding and appreciation of integrating Panther Server into your particular environment then this book will fully meet your expectations. Bartosh and Fass present a complete exploration of OS X Server software and services and client considerations between the covers of a volume essential to any systems administrator responsible for a cross-platform network." Read on for Norbury-Glaser's detailed review. Essential Mac OS X Server Administration author Michael Bartosh and Ryan Faas pages 848 publisher O'Reilly rating 9 reviewer Mary Norbury-Glaser ISBN 0596006357 summary Essential Mac OS X Panther Server Administration

Michael Bartosh, President of 4am Media, Inc. (formally an Apple Systems Engineer), is a Mac OS X consultant and trainer specializing in cross-platform directory services integration. He is the main author of Mac OS X Server Administration, having written Parts I through VI. Ryan Faas is the Mac columnist for Computerworld and has extensive experience with integrating Macs in cross-platform networks and contributed Part VII, "Client Management," to this volume.

The authors divide the book into seven main parts covering server installation and management, a variety of services (directory, IP, file, security, and Internet) and client management. An appendix offers an extremely concise and clearly written introduction to directory services. Part I discusses planning and designing the server environment, installing and configuring the OS X Server, an overview of the server management tools, system administration and troubleshooting. Hardware (to XServe or not, supported architecture and performance bottleneck consideration), storage technologies (XServe RAID (Redundant Array of Inexpensive Disks), ATA (AT Attachment, IDE (Integrated Drive Electronics), SATA (Serial ATA), fibre channel, SCSI (Small Computer System Interface), FireWire/FireWire 800, various flavors of RAID), volume partitioning (best practices for maintaining different parts of the file system on different volumes) and particularly network infrastructure (performance, infrastructure and services). The latter is a critical consideration for cross-platform efficiency; basically, "playing nice" with existing and predominant OSes and platform-specific settings on network links.

The next chapter on installing and configuring Mac OS X Server walks the reader through the actual installation process for both the GUI and the command-line options. There are plenty of screen shots for the GUI install but the more attractive aspect of this section is for those administrators who are comfortable with the command-line. This is a terrific example of how the command-line provides far more granular control over installation and configuration options in comparison to the GUI process (if you want an excellent step-by-step introductory narration of the GUI installation then you can't do better than Schoun Regan and Kevin White's Mac OS X Server 10.3 Panther: Visual Quick-Pro Guide published by Peachpit). Bartosh and Faas also include descriptions of network install using Apple's NetBoot technology, ASR (Apple Software Restore) and radmind (remote administration daemon).

Chapter 3 continues with another well-documented section on server management tools: Workgroup Manager (creating users, groups and computer lists, managing the same, managing share points and the oft-ignored...because it's hidden in the application's preferences pane...Inspector), Server Admin (service managing, monitoring and configuration app) and Server Monitor (XServe specific hardware-monitoring app). Again, the best part of this chapter is the inclusion of both graphical and command-line equivalent tools: serveradmin; nicl (used to read data in NetInfo where the share record is stored); sshd, servermgrdhwmon (server management daemons); and a very brief nod to the directoryservice daemon (manages Open Directory) which is covered is more depth in the excellent Appendix.

Chapter 4 is titled, "System Administration" and is a very interesting aside that acts as a forum for author Bartosh's particular philosophies on the approaches and practices that make good bedfellows in a non-homogeneous network environment. Do not read "peculiar" here; Michael Bartosh takes an extremely sensible and ostensibly efficient approach to a difficult and sensitive topic. As Bartosh notes, "The Macintosh is...still a minority platform, and it makes little sense when working to gain acceptance somewhere to ask that organization to make fundamental infrastructure changes in order to support the Mac." His main points include: minimize intrusion into existing infrastructures; focus on the needs and business of your organization; default policy of denial (minimize access points); and minimize change, maximize stability. He also holds forth on software update methods, backup strategies, account management, failover, the diskspacemonitor daemon and watchdog for service monitoring. At the end of the day, this chapter provides an enlightening approach to combining a realistic set of principles with an appreciation of the compromises that must be made to ensure cooperation and success.

The final chapter of Part I involves strategies in troubleshooting Panther Server on a higher plane than merely going through the simple first step of repairing permissions. Again, Bartosh uses this chapter to introduce a more rigorous approach to analyzing and solving problems that often occur during the course of system administration. Bartosh details a structured approach to name resolution: lookupd with query and debug modes, fundamentals of LDAP and OS X directory services, forensic tools (strings, fs_usage, otool, ps, lsof, ktrace, kdump), network tools (netstat, tcpdump) and joiners/filters (grep, | (pipe symbol), awk).

Part II, "Directory Services," requires a thorough read of the Appendix ("Introduction to Directory Services"). Part II is composed of several chapters covering Open Directory Server: identification and authorization, and authentication and replication. This is a complicated topic but Bartosh explains the concepts with skill. He begins with management of Open Directory Server using Server Admin and quickly follows with an overview of roles (standalone, connected to a directory system, open directory replica or open directory master), best practices for creating administrator accounts and a detailed account of how to access an open directory domain.

Chapter 7 consists of an examination of LDAP (lightweight directory access protocol) basics and terminology; Apple's OpenLDAP including the use of Server Admin to manage OpenLDAP settings; a summary of the OpenLDAP server daemon, slapd, and the configuration file, slapd.conf; slapd troubleshooting, OpenLDAP utilities and tools (ldapadd/ldapmodify, ldapsearch and slapcat among others); a breakdown of LDAP data (identification data, authorization data and configuration data) in an Open Directory Master; an explanation of Apple's LDAP Schema and how to query LDAP services using ldapsearch at the command-line or LDaper from the GUI. Bartosh has a knack for taking a conversational tone in his approach to complex subjects: he is able to import the salient points of his extensive knowledge in a casual yet nontrivial manner.

Password Server and Kerberos are both handled in the next chapter. Bartosh provides a detailed treatment of PasswordService (SASL or Simple Authentication and Security Layer), a breakdown of the Password Server architecture (Password Server daemon, config file, main database, etc.), Password Server policies and new policies in Panther Server, use of public key cryptography and Password Server tools including pwpolicy, mkpassdb and NeST (NetInfo Setup Tool). Kerberos basics are fully explained with principal terms defined (realm, KDC, service ticket, TGT, encryption type, etc.) and a stepwise description of the Kerberos exchange mechanism. Also included is a general review of securing Kerberos using preauthentication. Following this is a specific treatment of MIT's Kerberos distribution within Mac OS X Server. Bartosh walks the reader through Kerberos configuration and Kerberizing Mac OS X Server services. He rounds out this chapter by bringing together the Kerberos and Password Server concepts (synchronization of Kerberos and Password Server authentication databases).

The final chapter in Part II involves replication architecture in Open Directory Server, design choices and best practices for deployment. The author uses both a GUI method (Server Admin's Open Directory Settings interface) and the command-line technique (slapconfig) in creating an Open Directory Replica and includes a detailed sequence of events that occur during the replication process. LDAP replication, Password Server replication and Kerberos replication are all discussed in-depth. Not surprisingly, client-side replica discovery is also dissected, including LDAP replica discovery, Password Server replica discovery and Kerberos replica discovery.

Part III is devoted to IP services and examines xinetd and Apple's DNS, DHCP and NAT services. Chapter 10, on xinetd, is very well written with a short history of the evolution of xinetd; configuration using the shell-script service; a description of xinetd architecture; and lists of general options for use with xinetd (id, passenv, port, redirect, groups, etc.), OS X specific options (mdns, session_create) and security-related options (log_on_failure, no_access, access_times, etc.).

DNS (Domain Name System) and the BIND (Berkeley Internet Name Domain) package are the topics of Chapter 11. Obviously an important but difficult concept to grasp but Bartosh does an exceptional job here. New to Panther is the ability to access DNS via a GUI tool and again it's done through the Server Admin interface. The author guides the reader through the process including looking at the DNS logs, the Activity pane and some minimal option settings (zones and logging). A thorough approach is also taken in analyzing the BIND package, the named daemon, the named.conf file, the tools available for troubleshooting (nslookup, dig and particularly host), and advanced configuration options (running named as an underprivileged user, establishing a domain-specific forwarder, change rooting, limiting zone transfers, and providing different host data using views).

The next chapter covers DHCP (Dynamic Host Configuration Protocol) and Apple's bootpd service. The author again provides GUI access instructions to the DHCP service, including screenshots of the various tabs (Overview, Log, Clients, Settings) and an explanation of available options. Troubleshooting, using the bootpd daemon and advanced command-line tools at one's disposal are also included: creating bootpd static bindings and using bootpd to supply other DHCP options (IP address of the NetInfo parent, the default URL to present in a Web browser, local POP3 server, local newsgroup servers, etc.).

Chapter 13, NAT (Network Address Translation), is the final chapter in Part III and follows the established format of providing screenshots of the Server Admin access point for this service, along with architecture (including the natd daemon and the OS X packet filter, ipfw) and advanced configuration options (editing the natd.plist).

Files Services comprise Part IV and includes an overview of creating and managing share points, automounts and home directories; AFP (Apple file protocol) management; Windows file services via SMB (Server Message Block); FTP (File Transfer Protocol), network file system and print services. The services are familiarly managed through Server Admin and Bartosh provides details on each service: accessing each of the GUI tabs (Overview, Logs, Connections, Graphs and Settings) and options within as well as using the command-line equivalents. He consistently provides comprehensive information about each choice, their consequences and alternatives. He also offers interesting asides on the historical evolution of various options (default permissions behavior pre-10.2, for instance) that make the reader appreciate the complexity involved in the development of an innovative system such as OS X Server.

The permissions mapping section in Chapter 15 ("Apple Filing Protocol") has some very well-done representational examples of permissions mapping. Integration of AFP Services in Mac OS X into different shared directory domains is referenced to http://www.4am-media.com/sso/ (which was not available at the time of this writing). The recommended troubleshooting technique is AFP client logging and the author gives stepwise instructions on how to enable AFP client logging through the command-line.

Chapter 16, "Windows File Services" will, no doubt, be a focal point for many administrators. Over the long haul, successful integration of Mac OS X Server into a Windows environment will make or break the OS X Server platform. Apple included Samba in Mac OS X to smooth the way toward assimilating platforms in such a way that it's a fairly seamless experience for diverse clients. Configuration, logging, connections, etc., are viewed and configured through Server Admin with per-share options are managed using Workgroup Manager (share this item using SMB, allow SMB access, custom SMB name, default permissions, etc.). Password Server integration, useful command-line utilities (testparm and smbutil) are also described.

FTP (File Transfer Protocol) is covered in the next chapter in the same format as the other services: both GUI and command-line options; managing FTP using Workgroup Manager; architecture (xftpd, ftpaccess.default); securing FTP (using Kerberos, FTP tunneled over SSH and sftp). An added bonus is an extended section on advanced options when manually editing ftpaccess, ftpconversions, and ftphosts/ftpgroups/ftpusers.

Chapter 18 deals with NFS (Network File System) with some caveats as to the relative insecurity of the service model and UniqueID mismatch issues. NFS File locking, /etc/exports and NFS daemons (mountd, nfsd, rpc.lockd and rpc.statd) are introduced in due course.

Print services is the final topic of Part IV and Bartosh is fairly blunt about the inadequacies found here. Nevertheless, he presses on and covers the subject in much detail. In all honesty, Tiger Server provides vast improvements in this realm and while this Panther section is worthwhile for those interested in how it's peripherally handled in Panther, if you are relying on OS X Server as your primary print server...well, it may be time to upgrade to Tiger.

Part V consists of two chapters revolving around Security Services: Mac OS X Server Firewall and Virtual Private Networks. The firewall chapter begins with a general discourse on how network communications function, a comparison between packet-switched vs. circuit-switched networks, redefining "firewall" in terms of packet filters (ipfw) and a look at ipfw packet filter rules. Bartosh follows this up with a point-by-point, server-specific initialization of Apple's Firewall service. The GUI through Server Admin is set out along with using the Advanced pane to "deny" rules and using the command-line to configure ipfw in order to bypass issues involved with extreme sluggishness experienced when reloading rules. The chapter concludes with specifying rule order, configuration examples in scenario/action format, reporting and monitoring (using ipfw list, serveradmin status, sysctl and /var/log/system.log), and managing the firewall service.

Chapter 21 is a methodical explanation of VPN (Virtual Private Network) vs. other varieties of encrypted connections: SSL (Secure Socket Layer) and SSH (Secure SHell); VPN protocols: PPTP (Point to Point Tunneling Protocol), and L2TP over IPSec (based on the Internet Protocol Security suite). Configuring L2TP/IPSec (via the IPSec daemon, raccoon, and vpnd) and PPTP are more than adequately covered. Logging, client information, Internet Connect, Rendezvous (now known as Bonjour), subnets, and authentication are also included. There is a dearth of OS X VPN instruction/discussion in the wild so it's nice to see it finally included in some detail within the context of OS X Server.

"Internet Services" (Part VI) is dedicated to Mail and Web services and Application servers (Tomcat and JBoss). The section begins with an overview of mail protocols: SMTP (Simple Mail Transfer Protocol); POP (Post Office Protocol); and IMAP (Internet Mail Access Protocol) followed by global graphical management options in Server Admin. Also included here are WebMail via SquirrelMail (open source IMAP client), Workgroup Manager to manage per-user Mail Service options, Postfix (default Mail Transport Agent) as a replacement to Sendmail, and Cyrus (default Mail Delivery Agent). Several valuable additions to this section include: a discussion of migration from legacy or existing mail systems (amsmailtool), backup strategies (BRU by the Tolis group) and content filtering (ClamAV, SpamAssassin).

Apache is bundled into Mac OS X and OS X Server and, with the latter, is integrated with the server tools. All the usual settings are accessed through Server Admin: Overview, Logs, Graphs and Settings. General and site configuration are handled through the Settings tab: setting MIME (Multipurpose Internet Mail Extension) types, configuring the proxy server, adding and removing modules are all available here.

In Chapter 24, Application Servers, Bartosh walks the reader through a comprehensive setup of the Application Server and the configuration of JBoss and Tomcat. He gives a simple introduction to creating a simple JSP page as well as illustrating more complex application scenarios.

The final part of this book, "Client Management," was contributed by co-author Ryan Faas and stands on its own as an excellent accompaniment to Michael Bartosh's coverage of OS X Server in the previous sections. The reader enjoys a complete scope of managing preferences on OS X clients (for users, groups and computer lists), managing both Classic Mac OS X workstations and Windows clients, workstation deployment and using ARD (Apple Remote Desktop). Of outstanding value are: understanding how varying preferences interact, using the Home directory for preference management, mobile accounts preferences, using Mac Manager to manage Classic Mac OS Workstations (Mac Manager share points and folders, creating workgroups, defining workgroup printers, disabling login for a computer list, security options for computer lists and global settings), hosting a Windows domain (configuring Mac OS X Server as a Windows Domain Controller), home directory access from Windows clients, setting up user profiles for Windows users, using login scripts, and configuring member and standalone servers.

Chapter 28 covers "Workstation Deployment and Maintenance" and discusses types of disk images, NetBoot (share points and image folders, shadow files) and network issues with NetBoot (load balancing, NetBoot across subnets), creating Mac OS X NetBoot images using the Network Image Utility, configuring the NetBoot service from both the GUI and the command-line, NetInstall and Apple Software Restore (creating Classic ASR images using Disk Utility, applying ASR images using Disk Utility, the command-line and other tools (Carbon Copy Cloner). A real-world scenario that is covered here is the time consuming and deadly annoying task of maintaining software updates across networked client machines. Faas proffers a variety of server-based options: Apple Software Update, creating and using NetInstall images that contain package files, using application share points, putting application installers on the network, and using third-party software management tools such as NetOctopus (http://www.netopia.com) and Filewave (http://www.filewave.com) or, my personal favorite, the Open Source tool, Radmind (http://rsug.itd.umich.edu/software/radmind/).

The final chapter of "Essential Mac OS X Server Administration" describes an application not included with Panther Server: ARD (Apple Remote Desktop). A desktop management system integrated with VNC (Virtual Network Computing), ARD provides a full set of administrative tools that include custom software package installation, data reporting options (hardware, OS, installed software, etc.), workstation broadcasting, etc.

The book includes one appendix, "Introduction to Directory Services" (did I mention it was quite excellent?!).

As always, O'Reilly has published a well-designed book: despite the 800 plus pages, the book is perfectly balanced with a comfortable weight-to-size ratio, clean typography, appropriate and pithy asides, and a supple binding that allows the book to stay open when you want to follow along while at your keyboard.

Yes, Tiger Server (Mac OS X 10.4) has been released and no doubt authors Bartosh and Faas have already been hard at work on the second edition of this book. This in no way minimizes the impact this book should have on its intended audience. The evolution of any particular server product should be of vast interest to the professional systems administrator. Panther Server (Mac OS X 10.3), which is the focus of this book, will continue to be a presence in the Apple server-specific market for quite some time. Frankly, not every deployment site (from small businesses to vast educational institutions) will be able to upgrade to Tiger immediately nor will they all be eager to expend the time and additional dollars needed to invest in software, training and potentially new hardware. With the exception of Schoun Regan's Mac OS X Server 10.3 Panther: Visual Quick-Pro Guide (Peachpit, 2005), there is no other comprehensive documentation on OS X Server (Apple's documentation is clumsy and self-promoting). Essential Mac OS X Server Administration is an indispensable contribution to the education of the IT professional.

Mary Norbury-Glaser is IT Director at a University of Colorado Denver affiliate center. She has over 15 years experience in cross-platform systems administration. You can purchase Essential Mac OS X Panther Server Administration from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

StudMuffin asks: "I teach graduate computer science courses at a Big 10 university to grad students, who have never programmed before and are studying Human-Computer Interaction or other Information Science specialties. These courses are usually their first dip into the programming pool, so we have tons to cover in three months. This fall, I have been asked to take over and redesign our 'Complex Website' course, which is getting a bit long in the tooth. This course has traditionally been about database backed websites with server-side scripting. My only requirements are that there be coverage of PHP and that we have basic instruction about persistence using a database (which must be MySQL). However, I believe that the nature of 'complex' websites has changed, with XHTML, CSS, Javascript, web services, and so on. Sites like Google Maps make the browser feel like a fat client and are making the web browser a true window onto enormous data sets, and take into consideration the MoRAS of small views on large worlds. What do Slashdot readers consider a reasonable curriculum would be for a redesigned course like this?"

Ted writes "Experiments at the worlds largest nuclear collider, RHIC, at Brookhaven National Laboratory reveal striking new features of the state of the early Universe. With RHICs enormous collision energy, the researchers can create matter that is composed of the fundamental building blocks of nature, quarks and gluons, in a state with temperatures of more than 1000 billion degrees. The Universe is believed to have been in this state in the first microsecond after the Big Bang. Later the quarks and gluons were trapped in the nuclear particles that the visible universe is composed of today. Until recently, researchers have thought that the quarks and gluons formed a gas. The latest results from RHIC, however, indicate that under the extreme conditions just around the phase transition from quarks and gluons to ordinary matter, the quarks and gluons behaved as a liquid - in fact an almost perfect liquid."

PaSTE writes "From the article, 'US scientists have managed to measure the mass of a cluster of xenon atoms at just a few billionths of a trillionth of a gram - or a few zeptograms. The record measurement is in the mass range of individual protein molecules, and the detection was made using sensitive scales developed at Caltech.' Another big leap forward for nanotechnology."

karvind writes "Physorg is running a story about OmniTread: a serpentine robot designed to traverse extremely difficult terrain, such as the rubble of a collapsed building. The 26-pound robot is developed at the University of Michigan U-M College of Engineering. It moves by rolling, log-style, or by lifting its head or tail, inchworm-like, and muscling itself forward. Link to videos. Check out there other robots as well."

karvind writes "Physorg is running a story about OmniTread: a serpentine robot designed to traverse extremely difficult terrain, such as the rubble of a collapsed building. The 26-pound robot is developed at the University of Michigan U-M College of Engineering. It moves by rolling, log-style, or by lifting its head or tail, inchworm-like, and muscling itself forward. Link to videos. Check out there other robots as well."

karvind writes "Physorg is running a story about OmniTread: a serpentine robot designed to traverse extremely difficult terrain, such as the rubble of a collapsed building. The 26-pound robot is developed at the University of Michigan U-M College of Engineering. It moves by rolling, log-style, or by lifting its head or tail, inchworm-like, and muscling itself forward. Link to videos. Check out there other robots as well."

sebFlyte writes "From the introduction of this document, the U.S. Army's field manual guide to Cryptanalysis: 'This manual presents the basic principles and techniques of cryptanalysts and their relation to cryptography. Cryptanalytics is the art and science of solving unknown codes and ciphers.'"

Rei writes "Following in the footsteps of Lynn Conway's pioneering work on VLSI that allowed ordinary students to create their own processors, a group of MIT professors have almost completed doing the same thing using DNA, known as synthetic biology. While not all of the components of a basic computer are working yet, there is hope that some day ordinary students may be able to design living computers, producing everything from novel drugs to seeds that sprout into treehouses."

DarkLaser writes "When's the last time you played Scotland Yard? A version called London Law, written by Paul Pelzl, is now in beta. Its updated status can be seen on the freshmeat information page. It is written in Python, and intended to be able to run on Linux, BSD, Mac, and Windows."

Jrod1080 writes "I decided to be an iPod for Halloween this year. I didn't just want to be walking around in a box, so I made it a fully functional costume. I finally found a good use for a tablet PC, and used that for the display. A rewired USB mouse served as the 'Forward,' 'Reverse,' 'Play/Pause' buttons, and a bit of Java code played and displayed the MP3s. Some battery powered speakers provided the sound. It all worked out well, and I even won the costume contest!"

An anonymous submitter writes "Osama bin Laden delivered a new videotaped message in which he told Americans their security does not depend on the president they elect, but on U.S. policy. 'Your security is not in the hands of Kerry or Bush or al Qaeda.'"

Thede writes "Hi all - the ABM, a proposed solution to spam first posted to /. back in February, is gaining some momentum and refinement. It has been presented it at the Federal Trade Commission, the ACM, the National Bureau of Economic Research (NBER), and at the ITU in Geneva earlier this month. The original post referenced an academic article that not so accessible. We now have a short FAQ and a very detailed Q and A that covers a lot of the issues raised over the last five months. Next step (barring gaping holes) is to get a standards effort going - and most of the needed standards already exist."

Thede writes "Hi all - the ABM, a proposed solution to spam first posted to /. back in February, is gaining some momentum and refinement. It has been presented it at the Federal Trade Commission, the ACM, the National Bureau of Economic Research (NBER), and at the ITU in Geneva earlier this month. The original post referenced an academic article that not so accessible. We now have a short FAQ and a very detailed Q and A that covers a lot of the issues raised over the last five months. Next step (barring gaping holes) is to get a standards effort going - and most of the needed standards already exist."

Thede writes "Hi all - the ABM, a proposed solution to spam first posted to /. back in February, is gaining some momentum and refinement. It has been presented it at the Federal Trade Commission, the ACM, the National Bureau of Economic Research (NBER), and at the ITU in Geneva earlier this month. The original post referenced an academic article that not so accessible. We now have a short FAQ and a very detailed Q and A that covers a lot of the issues raised over the last five months. Next step (barring gaping holes) is to get a standards effort going - and most of the needed standards already exist."

Thede writes "Hi all - the ABM, a proposed solution to spam first posted to /. back in February, is gaining some momentum and refinement. It has been presented it at the Federal Trade Commission, the ACM, the National Bureau of Economic Research (NBER), and at the ITU in Geneva earlier this month. The original post referenced an academic article that not so accessible. We now have a short FAQ and a very detailed Q and A that covers a lot of the issues raised over the last five months. Next step (barring gaping holes) is to get a standards effort going - and most of the needed standards already exist."

Ant writes "Here is a link where this guy always wanted Edmund Scientific's Giant Fresnel Lens. 'Melts asphalt in seconds!' the ad said. When he went to graduate school he met several other people with the same enthusiasm for aimless destruction through bizarre means, and just enough combined cash to make it happen. Thus the reign of terror began."

Brad Barnich was one of countless readers to note that Google has begun accepting job applications for its new Copernicus data center. I imagine this will eat a sizable portion of their IPO profits, however with this new center not opening until 2007, they at least can take their time!

Kurt writes "A team from the University of Michigan is proposing an economic solution to spam. Instead of relying on technical solutions or government regulations, they use a sender warranty system. In some cases, they argue, it can even be superior to a perfect filter with zero cost, and no errors. Their working paper is available at SSRN. With the caveat that some infrastructure is necessary (isn't it always?), they also claim their approach restores control to the recipient, halts spam, and creates a marketplace for valuable information exchange."

Dr. Spork writes "According to a Salon article [ad click-thru required], after launching a newspaper website chronicling tawdry dealings in the Sims Online city of Alphaville, Peter Ludlow, a professor of philosophy at the University Of Michigan, had his Sims Online account terminated by EA/Maxis, the company behind the service. 'Censorship', charges Ludlow, who has exposed dealings such as underage cyber-prostitution and extortion of simoleans (the Sims currency, exchangable on eBay for real-life money)."

StudMuffin asks: "I am teaching a Master's level Introductory Java Programming class, at the University of Michigan in January, and am on the hunt for a solid Java textbook. This class is aimed at grad students (who obviously have a bachelors degree, so they are assumed to be able to think on their own) with no programming experience. Specifically, I would like to ground them in good Object Oriented principles, solid program design techniques, and finally in the actual syntax of Java. I would rather think of this as a 'How to program well' class that happens to use Java as the language over a 'Java class' that happens to cover programming. I would like to stay away from the applet heavy books that I tend to find, focusing instead on the topics above. Any ideas?"

Reiner Schulz writes "Douglas Adams admittedly was a big fan of Earl Grey tea. Here's his enlightening entry in H2G2 on the subject (pretty much straight out of The Salmon of Doubt). And those familiar w/ the Hitchhiker's Guide will remember the drink dispenser from The Restaurant at the End of the Universe which, trying to figure out how to brew the perfect cuppa, grabs all available computing resources on board a certain starship. What a coincidence then that one of the finest blends of Earl Grey on the planet in general and in the UK in particular is Harrods' Earl Grey, Blend No. ... 42 . It's a plausible theory as to the origin of the answer to everything, isn't it? Earl Grey addicts like myself will certainly agree (even though Douglas liked his w/ milk; I prefer lemon). So, what would be the question? Perhaps, how about a nice cup of tea?"