Slashdot Mirror

WordPress now powers over 1/3rd of the top 10 million sites on the web, according to W3Techs. From a blog post: Our market share has been growing steadily over the last few years, going from 29.9% just one year ago to 33.4% now. We are, of course, quite proud of these numbers! The path here has been very exciting. In 2005, we were celebrating 50,000 downloads. Six years later, in January 2011, WordPress was powering 13.1% of websites. And now, early in 2019, we are powering 33.4% of sites. Our latest release has already been downloaded close to 14 million times, and it was only released on the 21st of February.

The WordPress open-source content management system (CMS) will show warnings in its backend admin panel if the site runs on top of an outdated PHP version. From a report: The current plan is to have the warnings appear for sites using a PHP version prior to the 5.6.x branch (5.6 or lower). The warnings will contain a link to a WordPress support page with information on how site owners can update their server's underlying PHP version. In instances where site owners are running their WordPress portals on top of tightly-controlled web hosting environments, the web host has the option to change this link with a custom URL pointing at its own support site. [...] Around 66.7 percent of all Internet sites run an unsupported PHP version, according to W3Techs. Almost a quarter of all internet sites run on top of a WordPress CMS.

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.

An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugin's developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.org's Plugin Directory on May 31. In the meantime, security firm Sucuri says it detected numerous attacks with this zero-day, which was caused by a lack of input filtering in an image upload field that allowed attackers to upload PHP backdoors on the victim's servers with incredible ease and without any tricky workarounds. The backdoor's password is "dinamit," the Russian word for dynamite.

An anonymous reader writes that a WordPress plugin for managing custom post types has apparently been forcibly taken over by an Indian developer who has added a backdoor to the code which lets him install files on infected sites. "This backdoor also allows him to download files which add his own admin account to the site, and even alter core WordPress files so every time a user logs in, edits his profile, or a new user account is created, the user's password is collected (in cleartext) and sent to his server. WordPress hasn't moved in to ban the plugin just yet, despite user complaints.

An anonymous reader with news of the newest release of open source WordPress, which adds a slew of new features to the blog management tool that will "make your site more connected and responsive." You can download the new release now from WordPress.org/Download (7.3MB). WordPress is a content management system (CMS) that powers 25 percent of the Web. The latest version is dubbed "Clifford" in honor of jazz trumpeter Clifford Brown.

An anonymous reader with news of the newest release of open source WordPress, which adds a slew of new features to the blog management tool that will "make your site more connected and responsive." You can download the new release now from WordPress.org/Download (7.3MB). WordPress is a content management system (CMS) that powers 25 percent of the Web. The latest version is dubbed "Clifford" in honor of jazz trumpeter Clifford Brown.

eggboard writes "The Internet Archive has copies of Web pages corresponding to 378 billion URLs. It's working on several efforts, some of them quite recent, to help deter or assist with link rot, when links go bad. Through an API for developers, WordPress integration, a Chrome plug-in, and a JavaScript lookup, the Archive hopes to help people find at least the most recent copy of a missing or deleted page. More ambitiously, they instantly cache any link added to Wikipedia, and want to become integrated into browsers as a fallback rather than showing a 404 page."

New submitter sobolwolf writes "It has been apparent for some time that many developers (mainly theme designers) are split-licensing PHP-based GPL distributions, releasing proprietary files alongside GPL files with the excuse that CSS, JavaScript and Images are 'immunized' from the GPL because they run in the browser and not on the server. This is almost always done to limit the distribution of the entire release, not just the proprietary items (most extensions will not function in any meaningful way without the accompanying CSS, Images and JavaScript). Some of the more popular PHP-based GPL projects, like WordPress, have gone as far as to apply sanctions to developers distributing split-licensed themes/plugins. Others, such as Joomla, have openly embraced the split-licensed model, even changing their extension directory submission rules to cater specifically to split-licensed distributions. In light of all this, I would like to ask the following question: While it seems to be legal to offer split-licensed GPL distributions, is it in the spirit of the GPL for a project such as Joomla (whose governing body has the motto 'Open Source Matters') to openly embrace such a practice when they can easily require that all CSS, Images and JavaScript be GPL (or GPL-compatible) for extensions that are listed on the Joomla Extensions Directory?"

chicksdaddy writes "Social Media Widget, a free plug-in for the WordPress blogging platform with more than a million downloads, was restored to WordPress's official plugin directory on Thursday, days after it was found injecting WordPress websites with spam links to web sites offering Pay Day Loans. In a post on a support forum for Social Media Widget (SMW), Samuel Wood, a WordPress administrator, said that WordPress was willing to give SMW and its owner a second chance after he claimed to have been the victim of a contract developer gone rogue. 'Naturally we do take a very hard line on spam, and obviously an author putting malicious code into a plugin is enough grounds for us to bring down the ban hammer,' Wood wrote on Friday. 'But there are natural circumstances where an author may not be at fault.' SMW appears to be such a case. It is one of the 20 most popular WordPress add-ons and allows WordPress web site operators to include links to their other social media accounts. Brendan Sheehan, the owner of SMW, said, 'We trusted the wrong people with our plugin code and take full responsibility. We are a marketing company at heart and are not actually developers, so in order to provide major updates and improvements, we had to seek outside help. Some of these people deceived us and abused our trust and naivety...We will not make this mistake again.' Wood said the folks at Wordpress decided to accept that story — but that they're watching SMW closely. 'Basically, the current maintainer is not a professional programmer, and put his trust in the wrong freelancers to do the coding work for him...We'll be watching the plugin for changes,' he said. 'The plugin is back up for now, and as long as it stays clean, it's fine.'"

chicksdaddy writes "Social Media Widget, a free plug-in for the WordPress blogging platform with more than a million downloads, was restored to WordPress's official plugin directory on Thursday, days after it was found injecting WordPress websites with spam links to web sites offering Pay Day Loans. In a post on a support forum for Social Media Widget (SMW), Samuel Wood, a WordPress administrator, said that WordPress was willing to give SMW and its owner a second chance after he claimed to have been the victim of a contract developer gone rogue. 'Naturally we do take a very hard line on spam, and obviously an author putting malicious code into a plugin is enough grounds for us to bring down the ban hammer,' Wood wrote on Friday. 'But there are natural circumstances where an author may not be at fault.' SMW appears to be such a case. It is one of the 20 most popular WordPress add-ons and allows WordPress web site operators to include links to their other social media accounts. Brendan Sheehan, the owner of SMW, said, 'We trusted the wrong people with our plugin code and take full responsibility. We are a marketing company at heart and are not actually developers, so in order to provide major updates and improvements, we had to seek outside help. Some of these people deceived us and abused our trust and naivety...We will not make this mistake again.' Wood said the folks at Wordpress decided to accept that story — but that they're watching SMW closely. 'Basically, the current maintainer is not a professional programmer, and put his trust in the wrong freelancers to do the coding work for him...We'll be watching the plugin for changes,' he said. 'The plugin is back up for now, and as long as it stays clean, it's fine.'"

An anonymous reader writes "Back in April hackers gained access to the WordPress.com servers and exposed passwords/API keys for Twitter and Facebook accounts. Now, hackers gained access to Wordpress.org and the plugin repository. Malicious code was found in several commits including popular plugins such as AddThis, WPtouch, or W3 Total Cache. Matt Mullenweg decided to force-reset all passwords on WordPress.org. This is a great reminder for all users not use the same password for two different services."

An anonymous reader writes "WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download and comes with 1,217 bug fixes and feature enhancements. Major new features in this release include a new default theme called Twenty Ten. Theme developers have new APIs that allow them easily to implement custom backgrounds, headers, shortlinks, menus (no more file editing), post types, and taxonomies."

An anonymous reader writes "WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download and comes with 1,217 bug fixes and feature enhancements. Major new features in this release include a new default theme called Twenty Ten. Theme developers have new APIs that allow them easily to implement custom backgrounds, headers, shortlinks, menus (no more file editing), post types, and taxonomies."

Erik writes "Wordpress, the popular open-source Content Management System (CMS) for many thousands of bloggers worldwide, is under attack from a 'clever' worm that automatically compromises unpatched versions of the Wordpress system. The particularly nasty bug crawls the web for vulnerable Wordpress installations, installing malware, deleting content, and generally wreaking havoc wherever it can. Today, Wordpress founder Matt Mullenweg eloquently implored Wordpress bloggers to update more frequently. Originally, updating the Wordpress system was a rather laborious process; however, newer versions offer fast and simple one-click upgrades. The two most recent versions of Wordpress (2.8.3 and 2.8.4) cannot be attacked by the worm discovered this week, and blogs hosted at Wordpress.com are also apparently immune."

Erik writes "Wordpress, the popular open-source Content Management System (CMS) for many thousands of bloggers worldwide, is under attack from a 'clever' worm that automatically compromises unpatched versions of the Wordpress system. The particularly nasty bug crawls the web for vulnerable Wordpress installations, installing malware, deleting content, and generally wreaking havoc wherever it can. Today, Wordpress founder Matt Mullenweg eloquently implored Wordpress bloggers to update more frequently. Originally, updating the Wordpress system was a rather laborious process; however, newer versions offer fast and simple one-click upgrades. The two most recent versions of Wordpress (2.8.3 and 2.8.4) cannot be attacked by the worm discovered this week, and blogs hosted at Wordpress.com are also apparently immune."

Multiple readers have sent word of a vulnerability in WordPress 2.8.3 which allows anyone to lock an admin out of his or her account by resetting the password. "The bug ... is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required." An alert on the Full Disclosure mailing list detailed the vulnerability, and WordPress quickly rolled out version 2.8.4 to address the issue.

Marilyn Miller writes "Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior." Update: 09/25 17:52 GMT by KD : This article is misleading enough to be called "just wrong." Matt Mullenweg writes: "As mentioned in our release announcement, the update notification sends your blog URL, plugins, and version info when it checks api.wordpress.org for new and compatible updates. It does not include $_SERVER dumps, or any settings beyond version numbers (for checking compatibility), or your blog name, or your credit card number. We do provide a way of disabling this feature; in fact I link to one of the plugins in the release announcement and in my original response to Morty's thread."

GrumpySimon writes "The recent 2.1.1 release of the popular blog software Wordpress was compromised by a cracker who made it easier for to execute code remotely. This is interesting because the official release was quietly and subtly compromised, and has been in the wild for a few days now. There's no word on if any affected sites have been compromised, but anyone running Wordpress is urged to upgrade to 2.1.2 immediately, and admins can check their logs for access to 'theme.php' or 'feed.php', and query strings with 'ix=' or 'iz=' in them."

rdelon writes "Finally there is some movement in the hosting provider control panel department. cPanel and Ensim have been around for years but some people have grown increasingly frustrated with them. WebFaction has developed a new type of control panel. It offers an Ajax web interface that decouples the application from the domain: the root of a website might be served by Ruby on Rails while the /blog URL might be served by WordPress; reciprocally, multiple websites might be served from a single Django application, which reduces the resource usage on the server. A screencast demo of the control panel is available on their blog."

What initially struck me about Freecycle was that it was the first useful thing on the Internet I learned about by reading a newspaper instead of through the leading-edge online news sources I follow. The next thing I noticed about Freecycle was that, unlike Craigslist, Flickr, and other "Social Internet" phenomena, it wasn't centered on major cities but had local groups all over the place, even in towns like Apache Junction, Arizona, and Bradenton, Florida. And then, when I actually used my local Freecycle group, I discovered something else: A high percentage of users were over 50, female, or both. Note that Freecycle was not started in or near San Francisco or New York, and that it's a non-profit. It's decentralized, so anyone who wants to start a local Freecycle community, anywhere in the world, can go ahead and do it. Since it's essentially a collection of Yahoo! Groups, no technical knowledge is required, just time and patience.

Freecycle scales easily. If one group gets too crowded -- and many get hundreds of OFFERED and WANTED posts every day -- it's no big deal to split that group into two or more smaller sub-regional ones. And if more moderators are needed, training them is no problem, at least on the technical side. This is an ideal volunteer job for a retiree with a computer and Internet connection. There are plenty of retirees on my local Freecycle, and I'm sure there are many on other local Freecycles, too.

Support Your Local Blogfinder

TampaBLAB is meaningless to you unless you live in or near Tampa, Florida. It aggregates local blogs, and only local blogs. Founder/maintainer Brett Glisson put it online in September, 2005, and says it now gets "about 1000 to 1500 pageviews per day," and that it has "been picking up a lot of steam" in the past few weeks.

Brett got the idea from ORblogs, which calls itself "Oregon's Independent Weblog Community." He decided to do it as a regional thing rather than statewide because he liked the idea of it being intensely local.

Brett says, "This kind of site is something anyone with a bit of web-savvy could do."

TampaBLAB isn't as fancy as Dan Gillmor's Bayosphere or many of the other professionally-run regional blogs and "citizen journalism" sites out there, but it's not supposed to be a professional operation. It's something put together by one guy who has a day job in IT with a local financial service company, using "tweaked versions" of WordPress, FeedWordPress, the OZH Click Counter and "some custom graphics."

Brett has his own blog, My Addled Brain, but it is just one of 60+ blogs that now belong to TampaBLAB. A cabbie writes about the cab business. RANTING RIGHT WING HOWLER is exactly what you'd expect. Bitch | Lab ("because lefties and feminists have dirty mids too") is in a category of its own. Several "professional" bloggers from the St. Petersburg Times are listed. There's no set political agenda. There are neighborhood activism blogs, sports blogs, news blogs, opinion blogs, and silly random musings. It's a mix of pretty much everything and anything that anyone in the Tampa area might want to write about on the Internet.

At some point Brett hopes to interview some of the bloggers and perhaps try to have a get-together now and then in order to make it more of a community. And he may look for some local business sponsors, but has no expectation of ever earning a living either from his blog or by aggregating others' blogs.

The main thing here is that Brett has put together an easy way for locals to find what other locals are writing. It is an idea that can be duplicated anywhere the Internet reaches for next to no money, without a national company or big name behind it.

What Else is Out There?

Freecycle and TampaBLOG use existing software. They aren't hot Web 2.0 properties that have venture capitalists sniffing after them and get lots of buzz. But they are at least as important to the people who use them -- who are, remember, not necessarily computer sophisticates -- as Gmail or LinkedIn.

I'm sure there are plenty of other unheralded Web communities out there, quietly growing and attracting non-technical users. Most will never amount to much. But a few will become popular and influential, or at least will inspire imitators that might end up changing the way millions of people use the Internet.

---------

Have something to say to the Slashdot community? Email your article or proposal to roblimo at slashdot dot org.

cyberchucktx writes "Version 2.0 of the Wordpress open source blogging software has now been released." From the post: "In the past if you were linking to a number of posts or pinging a lot of update services, your posting time could appear to slow to a crawl even though everything was instantly done on the backend. We've modified how this works now so posting should be near-instantaneous, like everything else in WordPress."

SFEley (Stephen Eley) writes "Todd Cochrane's Podcasting: The Do-It-Yourself Guide has been heavily pushed in the podcasting community as the first of a wave of podcasting books to be released in the next several months. All of these books will surely cover the same themes, more or less: what podcasts are, how to listen to them, and how to produce your own. The popularity of podcasting is exploding right now, with coverage in every press outlet and Apple hyping it as The Next Big Thing. It's easy to see that there will be a huge demand for these books, even if they don't do much more than state the obvious. So what about this one? Other than being the first, does it offer any compelling virtues for the would-be podcaster or listener?" Read on for Eley's answer to that question. Podcasting: Do-It-Yourself Pirate Radio for the Masses author Todd Cochrane pages 281 publisher Wiley rating 4 reviewer Stephen Eley ISBN 0764597787 summary How to find, record, and publish podcasts

Before we can even begin to talk about the book, we ought to cover the preliminaries. If you've been living under a rock for most of 2005, you may not know that podcasting is the latest Internet publishing wave, getting most of the same hype that blogging has gotten but much faster. In its simplest form, it's just people producing audio files (talk, music, whatever) and syndicating them over an RSS feed. Listeners can then use one of several apps to automatically download them and load them onto an MP3 player. The mainstream media, feeling some embarrassment for missing the last few Web boats, has jumped on podcasting and given it, frankly, a lot more press than it probably deserves right now.

A note on the author: Todd Cochrane produces Geek News Central, a very popular tech podcast wherein he reads out news headlines and offers commentary. He also founded and manages the Tech Podcast Network, a consortium of other technology podcasts that band together for cross-promotion, content standards and advertising, and he's the main force behind the heavily advertised and sponsored Podcast Awards. It's fair to say that Cochrane has done a lot for podcasters in various ways, and although I've disagreed with him on some of the details of his projects, I respect him highly for his tremendous energy and the work he's done to make podcasting a respectable form of media.

Another note (and disclaimer) on myself: I also have my own podcast, a moderately popular one that narrates science fiction short stories. In a practical sense this makes me both a podcaster and a literary editor. Which means, in turn, that I have a sensitivity both to poor information on podcasting and poor writing.

And with all that said... I'm afraid Podcasting: The Do-It-Yourself Guide is a marginal book at best. It doesn't suck, and there's nothing horribly wrong with the information it gives, but it has two endemic problems. Cochrane's responsible for both, but I put the real blame on his editors at Wiley, who likely ignored them in their rush to get the book out before any others.

The first problem is the writing. It's possible that this bothers me more than it would others. Todd Cochrane may be an intelligent, selfless, wonderful guy -- I truly believe that he is -- but the man can't write. The entire book exhibits a rushed, forced-casual, eighth-grade English paper style that grates on me like nails on a chalkboard. Cochrane even admits this in his acknowledgments: "Early on, I made it clear to Chris [Webb], my acquisitions editor, that I was a geek/tech guy first and that he did not want to see my English grades. Even so, he assured me that I was their man, and I went to work."

Well, Chris Webb, you're a dumbass. You picked someone who admitted he couldn't write to write a book on a breakthrough technology. As a result, the book is vague, meandering, and frequently redundant, e.g.: "You will want to use this Recording Control window to control your default recording device." That phrase ("You will want to ...") crops up everywhere: the book's not only in second person, but it's a second person that tells the reader what he/she wants. The only sentence opener that appears more often is "Obviously" -- which frequently precedes a thought that is neither obvious nor related to the sentence before it.

You will also want to ignore the poor punctuation and comma splices, the frequent intersplicing of Notes and Tips paragraphs that seem indistinguishable (in both font and content) from the main text, and very often, the simple use of the wrong words. In many cases this is simply amusing: "[Dave Winer's] analogy was that it was taking longer to download the video than it was to play it." Uh, that's not an analogy, dude. In at least one case it leads to a technically incorrect statement: "The reading on the software-controlled meter in my audio-recording package showed nearly 40 dB of baseline noise," when what he really meant was a noise floor of -40 dB. Two very different things.

The other major problem is the narrow perspective. It's really Podcasting: The Do-It-Todd-Cochrane's-Way Guide. Everything in this book is about Cochrane. Every example is his own podcast, every screenshot of a Web page is his own, and he's got multiple photos of himself in various dorky situations. Any photos of other podcasters? Mur Lafferty, perhaps, or Soccergirl? You wish. I have no problem with Cochrane using himself as a starting point, but it's a very diverse field, and nobody podcasts with quite the same gear or the same techniques as anybody else. Cochrane says he spent significant time interviewing software developers for the chapters on applications, but there's no indication anywhere that he spoke to any other podcasters in writing this book. That's a huge mistake, rushed deadlines or no rushed deadlines. Not only does it reduce the book's utility, but it also makes the prose seem dreary, monotonic, and egocentric.

So there's my overview. For those who think the book may still have some use to you (and it might, if you can put up with the above) I'll break it down by section:

Part I: Listening to the Podcast Revolution This section has three chapters, and they're useless. The book begins, "Do you have specific interests? How about triathlons? I have to admit, most radio broadcasts don't deal with those kind of subjects. But that's about to change." Yeah, okay. The problem here (beyond the clumsy writing) should be obvious: if you have no idea what podcasting is, you're not interested enough to buy a book on podcasting. The first chapter, "What Is a Podcast?" has Cochrane spiraling around the subject of podcasting for twelve pages without ever giving a simple definition. Then we've got two chapters which together describe the leading software tools used to download podcasts, and tutorials for using them to subscribe to -- can you guess? -- Todd Cochrane's podcast. To be fair, it was a pretty decent overview of the major client applications at the time of the book's writing; which means it's already obsolete, as iTunes 4.9 has totally changed the landscape since then. Of course, that can't be helped. The real weakness of this section is its superfluity: if you're willing to pay $20 for a book on podcasting, it's because you want to make podcasts. Even Grandma's not going to buy this book to learn how to listen to them.

Part II: Joining the Revolution: Your Own Podcast Here's where the book starts to get genuinely interesting. The obligatory but stupid chapters on listening to podcasts are behind us; now it's all about making them. The first chapter here, "Choosing a Podcast Format," actually has little to criticize. His basic message is sound: Follow your passions; develop a show structure and follow it; and be aware of copyright issues if you're playing music. All of that is good advice, and his detailed description of his own show structure and notes is appropriate here. This is followed by a completely unnecessary chapter about computer choices, in which he shows his Windows colors and comes off a trifle condescending toward the Mac. ("In researching materials for this book, I found I could not do the reviews justice unless I had a Mac, so I purchased a Mac Mini ... I knew that if I could record a podcast on a Mac Mini, it would probably make the Mac fans happy.") Then, at last, he delivers the first truly crunchy chapter: "The Semiprofessional Podcast Studio." This chapter's honestly very good, running the gamut of sound cards, microphones, mixers, Firewire interfaces (he dismisses USB interfaces rather unfairly), digital recorders, even quiet case fans. Some of it's hand-waved, and some of it's so vague it's just silly: "A condenser microphone is generally never found in households. People might have them, but they usually are not aware that they do." On the other hand, his discussion of quality sound cards does have much of value (barring the "40dB of baseline noise" misstatement I mentioned above), and he gives one of the best descriptions of mixers and effects processors for novices that I've found. If you have no idea what sort of equipment you might need for quality sound in your podcast, you'll get a decent grounding here. Not an excellent grounding, but perhaps enough to parse a little bit more of the serious sound FAQs on the Web.

Part III: Recording Your Podcast and Performing Postproduction Tasks (Yes, the man can't even name things with brevity.) There's one weak chapter here and two great ones. In "Recording Locations," Cochrane reveals that you can podcast at home, in your car, at a restaurant, or walking around. Whee. Then we get to the actual process of recording and postproduction, and the book honestly shines. He describes step-by-step how to set up Audacity (the excellent freeware Win/Mac/Linux sound editor) to record, how to set up a typical mixer, and best of all, how to set levels properly. Levels are the bane of any audio amateur, and these half-dozen pages are gold; it's the one thing a novice podcaster is likely to turn back to and reference several times over in his first few recordings -- or ought to, anyway. His advice on noise reduction, amplifying, and normalizing is spot-on, the steps listed for MP3 encoding are simple but solid, and he even gives several good options for ID3 tagging. (A step too often overlooked by podcasters.) I could complain about a few weird digressions -- e.g., the postproduction chapter tells you how to upload to Openpodcast.org, which is an utterly bizarre thing to advise -- but they're easily ignored, and overall this section truly shines.

Part IV: Hosting and Preparing to Publish Your Podcast This section's ... okay. His chapter on hosting is mostly a treatise on how to evaluate service agreements, which is valuable enough in itself but can be overkill for someone just starting out. There are a few math exercises for estimating bandwidth -- useless when you don't know your potential audience size -- and a brief list of "podcast-friendly hosts" which is, of course, already obsolete. His coverage of publishing methods is about weblog software -- wait, scratch that, it's about MovableType. He's infatuated with MT, and devotes several pages on a step-by-step for hacking MT's code and templates to support enclosures with full-source RSS code listings, then mentions virtually offhand that Wordpress and Radio Userland support enclosures out of the box. This is another case where having multiple podcaster perspectives would have helped. Finally, we get a chapter named "The Life Breath of a Podcast: RSS 2.0 With Enclosures," just barely longer than its title, which covers how to use FeedForAll to hand-crank an RSS file if you don't have blogging software that will make one for you. It might have been a valuable chapter if he'd spent any real time explaining RSS 2.0 or enclosures.

Part V: It's Show Time A closing section that's nearly pointless, but mercifully brief. There's an entire chapter about using graphical FTP clients -- lame because anyone who's that blinking-twelve was lost back at Chapter 6. The meaty chapter is called "Feedback, Promotion, and Paying the Bills," and it has some moderately useful information and some large gaps. Feedback apparently means "have a mailing list and a voicemail line, and hang out on Skype." Okay. Promotion's about directory listings and exchanging promos with other podcasters; then he offers a long commentary on advertising and why it's a fine thing to have. Unfortunately, other than creating a media kit he has nothing much to say on how to contact and market your show to advertisers. And the final chapter of the book, "Where Do We Go From Here?" offers a few vapid musings of the sort all podcasters talk about over beer: we're going to kill mainstream radio, podcasts will band together and commercialize, all the starving children of the world will have an MP3 player ... And Yes, in his final sentences he invokes the already-tired "Podcasting Revolution" chestnut. Not much to say here, but rest assured, he says it.

So there you have it. That's the entire book. Worth buying? That depends. If you're itching to get started with podcasting, if you're an absolute beginner when it comes to sound recording, if the online resources at Podcast411 and other sites don't float your boat, and if you can't wait a few more months for books like Podcast Solutions and Podcasting for Dummies to come out ... then sure. There are at least three or four good chapters in here with information you can use. It's not all the information, and you have to take Cochrane's style and limited viewpoint with a big grain of salt, but it'll get you started. For less than twenty bucks, at least it isn't a high-risk investment.

On the other hand, if you're the bootstrapping type, or you already know most of what you're doing, then there's not much in here you can't figure out online and through experience. And if you're patient, there will be other books, and I'm almost positive they'll be better written.

You can purchase Podcasting: the Do-It-Yourself Guide from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

The Real Nick W writes "Wordpress, an incredibly popular Open Source Blogging system was found to be spamming google by inserting hidden links to junk content on high paying Adsense keywords such as mesothelioma and debt consolidation. Following Threadwatch picking up the story an anonymous Google rep appeared in the original thread admonishing bloggers not to use sneaky tactics to rank highly for "duplicate content" such as the 100,000 hidden articles on the Wordpress site. The articles have now dissapeared from Google and it remains to be seen whether Google will ban Wordpress outright as they tend to do when SEO's and web dev's pull these kinds of stunts."

wyldeone asks: "I'm responsible for creating a site for my high schools newspaper, and I'm at a loss for what technology to use. It is small, and there will be about one issue a month. I have looked into some weblogging software like MovableType, and WordPress and they seems too simple, but larger CMS offerings (Campsite and PROPS, for example) seem too complex and powerful for this project. Are there any suggestions from Slashdot readers who run high school or college newspapers?"

Jeff Clark writes "In yet another attempt to take over all of the Internet, MSN has launched a blog service called MSN Spaces with the new version of MSN Messenger due out shortly. Features include comments, stats and trackbacks just like every other blog out there. Another built-in feature is also available where you can send pictures from your camera-phone directly to your Space. Now you can let Mom know just exactly what happened at that party last night!" Reader JDBaker adds, "Microsoft have released the first public beta of MSN Messenger 7. It can be downloaded direct from Microsoft, and carries the same build number as the recent private beta release. New features include: Winks, Set Status Before Login, Drag and Drop Backgrounds and Feedback."

CypherXero writes "I recently had to deal with a bunch of unwelcomed trolls to my blog, and it became my number one priority to stop it before it got out of hand. Luckily for me, I'm using WordPress, so I had a lot of great options for stopping trolls."

cioxx writes "An immensely popular weblog publishing tool, Movable Type, has announced a new pricing model based on "support level, number of authors permitted, and the number of weblogs permitted per license". MT3D (Developer Edition) for non-commercial users has drifted away from its full-featured, free predecessor and managed to upset many blog authors whose entry summaries can be seen via the trackback feature originating from the initial MT3D announcement. Is this a case of bait-n-switch, or simply a company trying to capitalize on its dominant market share? WordPress (GPL), which is an equally powerful CMS, seems like a perfect candidate for those who are considering a switch to a non-crippled, free alternative."