gregrolan writes "The Trousers of Reality — Volume 1, Working Life is indeed a book about finding balance and satisfaction in life work and play. The author's thesis can be applied to almost any discipline, but it is from his background as an IT consultant that most of his professional examples are drawn. He considers success in this field pretty broadly and addresses the technical, management, political, personal, and social aspects of the IT profession." Read on for the rest of Greg's review.
Catch up on stories from the past week (and beyond) at the Slashdot story archive
John B. Hare writes "Many publishers of public domain content on the Kindle are being turned away for reasons that Amazon declines to clarify. In the past two weeks any publisher posting a public domain book (or a book that appears to be a such) has received the message 'Your book is currently under review by the Kindle Operations team as we are trying to improve the Kindle customer experience. Please check back in 5 business days to see if your book was published to the store.' Amazon claims that this is a quality control issue, apparently believing that readers can't figure out on their own that a five-page Kindle book for $9.99 is a rip-off, or that yet another Kindle edition of 'Pride and Prejudice' is pointless. This was supposed to be the point of user feedback and the Kindle return policy: users can quickly decide what the best choice is, and if they don't like it, back out without any harm done." Read on for details of this reader's interaction with Amazon on the subject of public domain Kindle submissions.
Last week we asked for interview questions to help supplement our face-to-face interviews at Blizzcon. Over the course of the two-day con we were able to sit down with StarCraft II's Dustin Browder, Diablo III's Leonard Boyarsky, WoW's J. Allen Brack, and Battle.net expert Rob Pardo to answer a few questions on each of the four major camps in Blizzard at the moment. Since this wasn't a usual Slashdot-style interview, we tried to use as many of your suggestions as possible, but the conversation often took us in a unique direction once it got rolling.
inject_hotmail.com writes "Bell Canada started hijacking non-existent domains (in the same manner as Rogers), redirecting NX-response queries to themselves, of course. Before opting-out, you get their wonderfully self-promoting and self-serving search page. When you 'opt-out,' your browser receives a cookie (isn't that nice) that tells them that you don't want the search page. It will still use their broken DNS server's non-NX response, but it will show a 'Domain Not Found' mock-up page that they (I surmise) tailor to your browser-agent string. During the opt-out process, they claim to be interested in feedback, but provide no method on that page (or any other page within the 'domainnotfound.ca' site) to contact them with complaints. They note that opting-in is 'recommended' (!), and that 'In order for opt-out to work properly, you need to accept a "cookie" indicating that you have opted out of this service. If you use a program that removes cookies, you will have to repeat this opt-out process when the cookie is deleted. The cookie placed on your computer will contain the site name: "www.domainnotfound.ca."' Unfortunately most Bell Internet users won't understand the difference between their true NX domain response, and Bell's injected NX response."
dasButcher writes "Network Solutions, the domain registration and hosting service company, suffered a massive security breach that lasted three months and exposed tens of thousands of credit card numbers of its customers and of the businesses that use its hosting and online payment processing service. The company is just beginning the victim notification process. 'There is no information on how the code was planted on the sites. While examination of the code shows that it had the ability to ship data off to a third party, and Network Solutions believes that it did just that, the exact code is not available for public review. There is also no public information as to where the data believed to be stolen was sent.'"
Frequent Slashdot contributor Bennett Haselton writes "The Virginia Supreme Court has ruled that the state's anti-spam law, which prohibits the sending of bulk e-mail using falsified or forged headers, violates the First Amendment because it also applies to non-commercial political or religious speech. I agree that an anti-spam law should not outlaw anonymous non-commercial speech. But the decision contains statements about IP addresses, domain names, and anonymity that are rather basically wrong, and which may enable the state to win on appeal. The two basic errors are: concluding that anonymous speech on the Internet requires forged headers or other falsified information (and therefore that a ban on forged headers is an unconstitutional ban on anonymous speech), and assuming that use of forged headers actually does conceal the IP address that the message was sent from, which it does not." Click that magical little link below to read the rest of his story.
You asked Cliff Schmidt, founder and executive director of Literacy Bridge, about charity, education, and the "talking book", and he has answered your questions with a fair amount of detail. Cliff asks that if you are interested in getting involved please don't hesitate to donate either your time or your hard earned cash.
Michael J. Ross writes "Many Web developers wish to create e-commerce sites that also support collaborative editing of content, community forums, and other features that can increase traffic to the sites. But most shopping cart products do not include those capabilities, or, if such third-party add-ons exist, they may be quite limited in functionality. Similarly, most if not all content management systems (CMSs) lack native e-commerce capabilities. Yet that barrier is being overcome, because a handful of e-commerce modules have been created for the most popular CMSs. Perhaps the most promising pairing, at this time, is Drupal and the e-Commerce module — a combination covered in the book Selling Online with Drupal e-Commerce by Michael Peacock." Keep reading for the rest of Michael's review.
Last week hundreds of you posted questions for Slashdot's CmdrTaco, AKA Rob Malda. Today we present his answers to 10 of the highest-moderated questions. CT: You can continue to sign up for 10 year anniversary parties but we're already working on shipping shirts so you won't be able to get a care package... but you can still try to run for the big grand prize by just taking videos of pictures or just doing something cool at your parties to prove that we should have been there.
Michael J. Ross writes "Computer programming books come in all varieties, but there are at least four general categories: introductory texts, which typically have the lowest content per page; language references, which have become increasingly supplanted by online sources; "advanced" treatments, which are often a mishmash of errata-riddled articles; and "how-to" books, usually at the intermediate level, and sometimes presented as "cookbooks." It is that last category that has been growing in popularity, and for good reason. When an experienced software developer needs assistance, it is rarely for language syntax, but instead a desire to see how someone else solved a specific problem. For solutions using the PHP language, one source of information is PHP 5 in Practice." Read the rest of Michael's review.
Anml4ixoye writes "I recently got sent a copy of Bruce Tate's newest book Beyond Java - A Glimpse at the Future of Programming Languages. Having read Bruce's Bitter Java and Better, Faster, Lighter Java, I was intrigued to see what he would have to say about moving beyond Java. In short: If you're a hard-core Java (or to a lesser extent, C#) developer who thinks Ruby is something that goes on a ring, Pythons will bite you, and Smalltalk is something you have to do at parties, you are in for a rude awakening." Read the rest of Cory's review.
You posted a lot of great questions for Mike Nash last week, and he put a lot of time into answering them. As promised, his answers were not laundered by PR people, which is all too common with "executive" interviews with people from any company. Still, he boosts Microsoft, as you'd expect, since he's a VP there. And obviously, going along with that, he says he likes Microsoft products better than he likes competing ones. But this is still a great look into the way Microsoft views security problems with their products, and what the company is trying to do about them.
Shalendra Chhabra writes "Jonathan Zdziarski has been fighting spam since before the first MIT spam conference in 2003, and has now released a full-on technical book, Ending Spam, on spam filtering. Ending Spam covers how the current and near-future crop of heuristic and statistical filters actually work under the hood, and how you can most effectively use such filters to protect your inbox." Read on for the rest of Chhabra's review.
cluge asks: "It seems that several large providers give their users DNS servers that simply ignore DNS time to live (TTL). Over the past decade I've seen this from time to time. Recently it seems to be a pandemic, affecting very large cable/broadband and dial up networks. Performing a few tests against our broadband cable provider has shown that only one of the three provided DNS servers picked up a change in seven days or less. After turning in a trouble ticket with that provider - two of the three provided DNS servers were responding correct - while the third was still providing bad information more than two weeks after that specific change. What DNS caches ignore TTL by default? Is there a valid technical reason to ignore TTL?"
Larry Sanger was one of the moving forces behind the pioneering Nupedia project. That makes him one of the people to thank for Wikipedia, which has been enjoying more and more visibility of late. Sanger has prepared a lengthy, informative account of the early history of Nupedia and Wikipedia, including some cogent observations on project management, online legitimacy, dealing with trolls, and other hazards of running a large, collaborative project over the Internet. As Sanger writes, "A virtually identical version of this memoir is due to appear this summer in Open Sources 2.0, published by O'Reilly and edited by Chris DiBona, Danese Cooper, and Mark Stone. The volume is to be a successor to Open Sources: Voices from the Open Source Revolution (1999)." Read on below for the story (continued tomorrow). Update: 04/20 19:19 GMT by T : Here's a link to the continuation of Sanger's memoir.
scubacuda points out this CNET story, writing "In addition to beefing up its storage (100MB -> 250MB), Yahoo! Mail has implemented Domain Keys to find spam. The idea is simple: give email providers a way to verify the domain and integrity of the messages sent. Sendmail, Inc. has released an open source implementation of the Yahoo! DomainKeys specification for testing on the Internet and is actively seeking participants and feedback for its Pilot Program. Yahoo! has submitted the DomainKeys framework as an Internet Draft, titled 'draft-delany-domainkeys-base-01.txt,' for publication with the IETF (Internet Engineering Task Force). The patent license agreement can be found here."
Steve Loughran writes "It's been pretty quiet in public on the SiteFinder front, but it does not mean that VeriSign are accepting defeat. On October 15, the ICANN Security and Stability committee met to discuss it, as can be seen from the long transcript. The new item from this is a VeriSign review of Site Finder, which is very interesting." Loughran further analyzes the Verisign presentation, below.
It's time to crank up the Slashdot Interviews for 2003, starting with answers to your questions for Nagios developer Ethan Galstad. He went far beyond and above the call of duty here to give you what amounts to a veritable "Free Software Project Leader's FAQ" that anyone who has ever thought about starting his or her own project ought to read. Thanks, Ethan!
Eric Blossom has responded to your questions about GNU Radio. He notes that he's gotten a lot of inquiries from people wanting to help out, and that they have their "hands full with the software and are hoping that some other folks will chip in on the hardware", so if you're interested in assisting, go to it.
Dare Obasanjo contributed this followup to an article entitled The Myth of Open Source Security Revisited that appeared on the website kuro5hin. He writes: "The original article tackled the common misconception amongst users of Open Source Software(OSS) that OSS is a panacea when it comes to creating secure software. The article presented anecdotal evidence taken from an article written by John Viega, the original author of GNU Mailman, to illustrate its point. This article follows up the anecdotal evidence presented in the original paper by providing an analysis of similar software applications, their development methodology and the frequency of the discovery of security vulnerabilities." Read on below for his detailed analysis, especially relevant with the currency of security initiatives in the worlds of both open- and closed-source software.