Slashdot Mirror

Michael J. Ross writes "In the evolution of the Web, one of the most significant improvements was the general transition from static websites based only upon HTML, to dynamic websites based upon scripting languages. But even then, each website was much like a silo, with no publication of content beyond the pages provided on the site itself. That all began to change with content syndication through RSS, and the development of web application APIs. Nowadays, a growing number of organizations are publishing online content through web services, as well as consuming content published by others. These sites can be built using Drupal, an open-source content management system (CMS). Drupal Web Services, a book authored by Trevor James, aims to help web programmers do that sort of development." Read below for the rest of Michael's review. Drupal Web Services author Trevor James pages 320 pages publisher Packt Publishing rating 8/10 reviewer Michael J. Ross ISBN 978-1849510981 summary A guide to connecting a Drupal website to external services. Released by Packt Publishing on 24 December 2010, under the ISBN 978-1849510981, this book is the only one currently on the market that focuses on how to "integrate social and multimedia web services and applications with your Drupal Web site" (to quote from the book's marketing copy). Its 320 pages are organized into a dozen chapters and one appendix. The publisher makes available a web page with a description of the book, its table of contents, and a sample chapter (Chapter 9, "Twitter and Drupal"). The page notes that readers do not have to have any programming expertise, but should be familiar with the use and administration of a Drupal site. The book covers Drupal 6, as version 7 had not been finalized and released until a couple weeks after the book's publication. Visitors can also read the reported errata (of which there are none, as of this writing), and download the example code used in nine of the chapters. (This review is based on a print copy the publisher kindly provided. An e-book version is also available.)

The first chapter serves as an introduction to web services at a high level, including remote procedure calls (RPC), as well as some of the most commonly used protocols, with some focus on Representational State Transfer (REST). The author then gives several examples of web services that can be consumed by a Drupal website, and others where the site provides the service. This material is a fine overview, although nonprogrammers may be scared away unnecessarily by the inclusion of coding details, such as the Mollom service requests. Also, the writing style is rather repetitious in some places, e.g., "it will cost you to sign up for it. It's not a free service" (page 16). More amusingly, on page 9, the author states, "The computer that contains the application [] can be anywhere in the world," and then adds, "It could be sitting on a server in the US, Europe, Asia, South America, or somewhere else" — as if any reader might be unfamiliar with the major regions of the world. On the other hand, some readers may appreciate a slower narrative pace. Yet most troubling of all is the claim (on page 12) that many of the popular web applications are based on PHP (as is Drupal), and thus we have the advantage of "a common programming language." That contradicts the whole point of web services, namely, sharing data and other resources among websites regardless of those sites' underlying technologies. A typical web service does not transmit source code, hence its language is irrelevant, as is the language of any other website with which it interacts. (This so-called advantage is never substantiated, or even explained, anywhere in the book.)

The next four chapters take a detailed look at how a Drupal website can consume third-party web services, beginning with the use of Simple Object Access Protocol (SOAP) in general, and two contributed modules in particular (the SOAP Client module, and the FedEx Shipping Quotes module — which depends upon the Ubercart shopping cart module). The discussion of the topics is complete and straightforward, with screenshots as needed to show what administrative forms need to be filled out by anyone following the instructions. This approach is followed in the subsequent three chapters, which show how to use the web services of Flickr, Amazon, CDN2, and Kaltura. Chapter 5 discusses video, and thus its coverage of the Media:Flickr module for turning photos into slideshows should have been placed in the third chapter, which was devoted to Flickr.

Chapter 6, which focuses on the use of the Services module, essentially begins the second part of the book, because the reader starts learning how to make a site provide web services, i.e., no longer acting solely as a client — although there are some cases where web services are consumed at the same time as they are offered to outside clients. The Services module works in conjunction with other Drupal modules that implement web service methods (SOAP, REST, JSON, etc.). All of the examples are helpful, but the photo_service_all() function on page 136 is odd, because the author states that it returns an array of nodes, but the code suggests instead that it returns the nodes' content, concatenated together as a string. Similar to the first part of the book, the remaining chapters in the second part focus on specific web services: CAPTCHA, reCAPTCHA, TypePad, Mollom, Google Docs, Twitter, LinkedIn, and Facebook. Chapter 12 explores the authentication services OpenID and OAuth, but strangely ends by stating that it is time to test the OAuth connection, with no explanation as to how to do so. Incidentally, to Drupal administrators unfamiliar with the use of the Views module, the first sentence on page 205 will likely be quite confusing, because it conflates fields with filters. (The phrase "filters in" should be replaced by "includes" or "uses.") Also perplexing is that on pages 209-210, the author advises the use of "http://" instead of "www." in short URLs, but two pages later the results show the opposite. The phrase "FBML is now considered by Facebook" is baffling; considered what by Facebook? Lastly, the author states that OAuth will be tested with Digg (page 259), but that is not covered.

The book's sole appendix briefly presents each of the major contributed modules used, organized by chapter. For each module, there is a brief summary of its purpose, the current maintainers and version, and links to its project page and usage statistics. Two passages in Chapters 7 and 8 suggest that the book's appendix was not finished as intended: The author states (page 150), "I've attached the code for the recaptchalib.php file as an appendix in this book," but that does not appear to be the case — which is fortunate, because the book should not be made longer by including source code that is easily available to the reader. On page 177, we are told that the appendix explains how to install Acquia Drupal, but it does not.

The figures used in the book are, for the most part, quite handy, to see the results — especially for the reader following along who does not want to implement all of the instructions. However, the first screenshot on page 103 and the second screenshot on page 114, were incorrectly swapped for one another, and thus do not match the respective descriptions in the text.

Even though the writing quality of this title is a bit better than the typical programming book nowadays, there are some problems. Countless verbs are prefixed by the (useless) phrase "go ahead and" — to the extent that the reader will be sick of it by the time he reaches the end of the book. Occasionally the phrasing is rather puzzling. For instance, on page 131, the screenshot shows that a list of field names should be separated by commas, with no spaces. The author's explanation is "Make sure to not avoid spaces"

There are a couple instances in the book where critical configuration settings are not introduced or explained until after the reader is told that he will see results from following all of the earlier steps (which include most of the configuration settings). For example, in Chapter 4, the author instructs the reader to install the Amazon, CCK, and Features modules, and test everything using the Amazon Examples module. Pages later — possibly after the reader has been frustrated in trying to get the example scenario to work — he is told how to configure the Features module to enable the Amazon Examples features.

As with most Packt titles, the copyediting is quite poor, with inconsistent punctuation and plenty of errata that should have been caught in the production process: "and and" (on the "About the author" page), "at [the] time" (page 3), "try and access" (page 11; should read "try to access"), "a RPC" (page 15), "[a] server API" (18), "APress" (22), "is a not a" (25), "delivery Information" (43), "on how" (70), "to to" (89), "you [c]an" (94), "extention" (97), "the the" (106), "user Drupal user" (184), "se e" (198), "CMS(" (232), "both the methods" (252), "Try it both methods" (258), and "sign [in] to" (259). There are countless places where the term "the" is missing, e.g., twice on page 16. The menu path delimiter used is sometimes ">" (e.g., page 226), but usually "|," which makes each menu path look too much like page links in a footer.

However, the main problem with the narrative is that the author repeats information — in most cases not just once, but numerous times. For example, in the second chapter, we are told three times that the author will present the SOAP and FedEx shipping quotes modules. By the time the reader reaches page 33, he likely will already be tired of being told the same information. But on that page alone, the author goes over the same ground two more times. In fact, the beginning of the second paragraph sounds like a copy of the first. Compounding the problem, the author will frequently take some of the material from the main section where it is discussed, and add it to the tail end of the previous section — somewhat like a preview, but wholly unnecessary. Packt Publishing's content editors should have caught and weeded out this redundancy. Each chapter ends with a summary, which add no value and exacerbate the repetitiveness of the chapters' main content. One glaring example of redundancy, in the last chapter, is the second go-round of how to define a Twitter application, which had already been covered in Chapter 9.

Yet one advantage to repeating explanations, is that no reader will miss key instructions. This would be most advantageous to readers skimming the material at a fast pace, or anyone new to administering a Drupal website and consequently lacking in confidence. Anyone reading this book will likely be impressed by the way that the author patiently steps the reader through every process. Due to the detailed explanations, each chapter stands on its own, thereby making it possible for the reader to learn a particular topic without having to read any of the earlier chapters. This also makes the book valuable not just as the tutorial, but for reference purposes.

With clear and thorough explanations, Drupal Web Services would be an solid resource for anyone who wants to connect a Drupal-based site to any web service, including the major social media applications.

Michael J. Ross is a freelance website developer and writer.

You can purchase Drupal Web Services from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

CoryFoy writes "As someone who has been closely involved in both the 'agile software' movement as well as the 'Software Craftsmanship' movement, I have been following the work of Robert Martin for some time. So I was quite interested when I got my copy of his latest book Clean Coder where he 'introduces the disciplines, techniques, tools and practices of true software craftsmanship.' Would his book live up to being a guide for the next generation of developers, or would it go on my shelf as another interesting book that I had read, once?" Read below for the rest of Cory's review. The Clean Coder: A Code of Conduct for Professional Programmers author Robert C. Martin pages 256 publisher Prentice Hall rating 5 Nebulous Rating Units reviewer Cory Foy ISBN 978-0137081073 summary A good overview of the current agile practices for software developers Before even getting into the book, it is good to know the style of Robert Martin, affectionately known as "Uncle Bob" to many people. Bob is a former preacher who comes at life — and topics he teaches — with a no-holds-bar approach. So when he approaches topics such as "Professionalism" and the software industry, I come expecting passionate discussion and serious assertions. The Clean Coder is no exception.

The book starts off with an overview of the Challenger space shuttle disaster. As a native Floridian who could see shuttle launches from my house (and, in fact, saw the Challenger explode just as it crested the trees from where we lived) this really resonated with me. The accident was a result of engineers saying no, but management overriding the decision. With this introduction, Bob makes it quite clear that when we choose not to stand up for that which we believe, it can have dire consequences.

We then dive right in, starting with the topic of Professionalism. The assertion is made that the key to professionalism is responsibility — "You can't take pride and honor is something you can't be held accountable for". But how do we take and achieve responsibility? Chapter one lays out two ways. To start, it looks at the Hippocratic Oath, specifically the rule of "First, Do No Harm". The book maps this to software by saying to do no harm to function or structure, ensure that QA doesn't find anything, know that your software works, and have automated QA. In fact, when I work with teams, I teach them that if your testing "phase" finds bugs, it's a problem with your process that needs to be addressed immediately, so the concept of ensuing that QA doesn't find anything is a great concept to bring out.

Then we move on to Work Ethic — specifically around knowing your field. This means continuous learning, practice (through things like Katas and Dojos), collaboration, mentoring, identifying with your employer/customer, and practicing humility. To help with that, Chapters 2 and 3 talk specifically about saying "No" and "Yes". When we say no, and when we want to say no, we should mean it. Saying, "We'll try" means that you, or your team, isn't already giving it their best, and that through some extraordinary effort you'll pull it off. Say no and stick to it. But, when you say Yes, mean it. People are counting on you to be truthful with them.

Chapters 4, 5, and 6 begin to talk about the specific practices of coding. Chapter 4 talks about the coding process itself. One of the hardest statements the book makes here is to stay out of "the zone" when coding. Bob asserts that you lose parts of the big picture when you go down to that level. While I may struggle with that assertion, I do agree with his next statement that debugging time is expensive, so you should avoid having to do debugger-driven development whenever possible. He finishes the chapter with examples of pacing yourself (walking away, taking a shower) and how to deal with being late on your projects (remembering that hope is not a plan, and being clear about the impact of overtime) along with a reminder that it is good to both give and receive help, whether it be small questions or mentoring others.

Chapters 5 and 6 cover Test-Driven Development and Practicing. The long and short is that TDD is becoming a wide-spread adopted practice, in that you don't get as many funny looks from people when you mention TDD as you once did. And that coding at work doesn't equal practicing your tools and techniques — instead you should set aside specific time to become better through coding exercises, reading and researching other areas (languages, tools, approaches), and attending events and conferences.

Chapters 7 and 8 cover testing practices. In Chapter 7 the book looks at Acceptance Tests and the cycle of writing them — specifically at what point the customer is involved (hint: continuously) and how to ensure they stay involved. Chapter 8 goes to more of the unit testing level, and defines some strategies and models for looking at unit testing, including an interesting "Test Automation Pyramid"

Now that we've covered the developer herself, coding and testing, the book moves on to discussing time. Chapter 9 covers Time Management strategies — staying out of "bogs" and "blind alleys", using techniques like the "Pomodoro" technique to create focus, and the law of two-feet — if you are in a meeting and aren't getting value out of it, you should feel free to (respectively) leave, or otherwise modify the meeting to get value from it.

Chapter 10 covers several different methods of estimation. In the teams I work with, estimation is perhaps one of the hardest things — not because estimating can be hard (which it can be) but because either they are held so tightly to the estimates that they are afraid to make them, or, worse, they are told what the estimates are going to be. The book really only skims the surface here, covering several techniques from Planning Poker, to PERT, to "Flying Fingers", but gives a decent overview of how to do those techniques.

Rounding out the discussions of time comes Chapter 11 and talking about Pressure. The key of this chapter is that because you have committed to your principles, practices and disciplines, you should be able to stay calm under pressure. I can certainly say from experience that the worst experiences in my career are when people weren't able to stay calm, and the way the book is laid out, if you are following the practices outlines so far, you should be able to be the voice of reason and calmness.

The last three chapters cover teams and collaboration. Chapter 12 talks about important practices such as shared code ownership, pairing, and respect for other team members. Chapter 13 covers teams and the importance of having teams that gel together. The book finishes with Chapter 14 and discussions of the importance of apprenticeship, mentorship and craftsmanship.

As I mentioned earlier, I've been involved in the "agile" movement for quite some time, and have spoken with Bob on many occasions, so many of the practices in the book weren't new. I did quite appreciate the stories he had to tell about his experiences. However, I think that some people may be turned off by the hard line around "professionalism". Sometimes you do need to say no, and I think it is good to have encouragement from a book to do that. But sometimes things are more complex, and I think that you would have a harder time looking to this particular book for help with the edge cases.

In conclusion, I think this is a book which provides worthwhile information and an interesting look at how people are looking at software development as a profession. If you read between some of the hard lines made, there are some great nuggets to be gleaned from the book for software developers of any level.

You can purchase The Clean Coder: A Code of Conduct for Professional Programmers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Released during the early days of the Web, in 1995, JavaScript has come a long way: Initially a client-side scripting language typically (mis)used for decorative effects, it is now an essential part of countless major websites. Its increasing capabilities and popularity are due to several factors, including the development of libraries that resolve earlier stumbling blocks that held the language back (such as inconsistencies among the implementations in different vendors' browsers). JavaScript: The Definitive Guide, authored by David Flanagan, was first published just one year later, in 1996, with several significant updates made since then." Read below for the rest of Michael's review JavaScript: The Definitive Guide, 6th Edition author David Flanagan pages 1100 pages publisher O'Reilly Media rating 9/10 reviewer Michael J. Ross ISBN 978-0596805524 summary The most comprehensive treatment of JavaScript yet published. The book is now in its sixth edition, under the ISBN 978-0596805524, and was published on 10 May 2011 by O'Reilly Media (who kindly provided me with a review copy). At 1100 pages, it certainly feels heavier than its advertised 2.6 pounds — but that may only be a side effect of the thought of wading through over a thousand pages of technical explanations and example code. Yet one could argue that the size is justified, considering the amount of information the book conveys, and its obvious aim to be a comprehensive treatment of the language. The material is organized into four parts, including 22 chapters. On the publisher's Web page, visitors will find a brief description, the complete table of contents, a few consumer reviews, reported errata (seven as of this writing, and none confirmed), the example code used in the book, some free content (the first chapter), and links to purchase the print and e-book versions.

The book commences with a multipart introduction, which begins with the sentence "JavaScript is the programming language of the Web." Even though that statement is not true — since there are many other Web programming languages — it does hint at the importance of the language in the mind of the author, and his willingness to put so much effort into creating such a detailed monograph. The introduction is also the first point in the book where one sees the clear demarcation made by the author between core JavaScript (i.e., the language definition, regardless of its runtime environment) and client-side JavaScript (i.e., usage of the language within Web browsers, including the use of libraries). Both areas are covered in great detail in the first two parts of the book, in quasi-tutorial format, while the last two parts cover the same areas, but in a purely reference format.

Specifically, the first part of the book, "Core JavaScript," offers almost a dozen chapters that explicate the basics of the language: its lexical structure; types, values, and variables; expressions and operators; statements; objects; arrays; functions; classes and modules; regular expressions; JavaScript subsets and extensions; and server-side JavaScript. At almost 300 pages, this part alone could form its own volume. The manner in which the author dives into the technical details, and the amount of example code, immediately make it evident that the book is intended for readers who have experience programming, although not necessarily in JavaScript. In fact, some readers — especially newbie programmers — may become frustrated with those places in the narrative where the explanation is not entirely clear. For instance, on page 7, the "points array from above" refers not to any code on that page, but instead refers to an array defined two pages earlier. Fortunately, such stumbling blocks are infrequent. For experienced JavaScript programmers, these chapters could provide a comprehensive review. For readers new to JavaScript, the material may seem overly dry, but the illustrative code should be quite helpful.

The ten chapters that compose the second part of the book, "Client-Side JavaScript," show how to work with the language within a Web browser. This includes learning how to embed JavaScript code in HTML files; differences among browsers and the versions thereof; the security of JavaScript code; the Window object; how to access and manage the elements within the Document Object Model (DOM); scripting CSS styles; events, and methods of handling them; scripting HTTP, and its use in Ajax (reflected in this edition's subtitle, "Activate Your Web Pages"); the jQuery library; techniques for storing data on the user's computer; how to use JavaScript to dynamically create and manipulate graphics, audio, and video content, as well as charts and drawings; and, lastly, the use of several HTML5 APIs. Speaking of that last topic, probably the most significant changes in this edition, versus the previous one, is the coverage of ECMAScript 5, as well as the new objects and methods introduced with HTML5. Naturally, some of these enhancements do not work in any version of Internet Explorer but the most recent, so the author discusses workarounds, if available.

As noted earlier, the third and fourth parts of the book constitute the purely reference material, with the first part focusing on core JavaScript, and the latter on the client-side aspects of the language. Every chapter is organized into a series of entries, each devoted to a particular class or object, ordered alphabetically. For each entry, the reader is given a brief synopsis, description, and in some cases example code and references to other entries. Each class entry also includes information on its properties and methods, where applicable. Each single method entry includes information on its arguments and any return value. The book concludes with what is arguably the longest and possibly most valuable index I have ever seen in a computer book.

There are only a few immediately-evident weaknesses of this book: Firstly, there are some phrases that may be clear to the author, but likely will prove baffling to the typical reader — e.g., "nonlinear cross-reference problem" (page 8) and "the jQuery gives a synopsis of each method" (page 523). Secondly, some of the example HTML code could have been written better, such as the use of an HTML table for defining the layout of a simple form, with labels and fields (page 13). Finally, despite the claims of the marketing copy that this title is suitable as both "an example-driven programmer's guide or a complete desk reference," it would serve better as the latter, and not as a tutorial for learning the language. Clearly, the more comfortable one feels with computer programming — especially JavaScript itself — the more that one could get out of this book.

On the other hand, there are far more pluses than minuses. One of the real strengths of the book is how the author does not hesitate to use (sometimes lengthy) blocks of code, with explanatory comments for almost every line, to clarify the language — as opposed to paragraphs of text, which could have easily doubled the length of the first two parts (which comprise roughly the first two thirds of the book). Also, in conjunction with the narrative and code fragments, the author makes effective use of figures whenever needed — particularly in Chapter 21, in demonstrating how to work with graphics and multimedia content.

Evolving with the language itself, and again brought up to date, JavaScript: The Definitive Guide still retains its crown as the ultimate reference resource for JavaScript programmers.

Michael J. Ross is a freelance website developer and writer.

You can purchase JavaScript: The Definitive Guide, 6th Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "If Gartner were to have created the CERT-RMM framework like what is detailed in the book CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience; it likely would be offered to their clients for at least $15,000. With a list price of $79.99, the book is clearly a bargain. Besides being inexpensive, it details an invaluable model that should be seriously considered by nearly every organization." Keep reading for the rest of Ben's review. CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience author Richard Caralli, Julia Allen, David White pages 1056 publisher Addison-Wesley Professional rating 10/10 reviewer Ben Rothke ISBN 0321712439 summary Book details a superb method to tame the out of control world of IT operations The CERT-RMM is a capability model for operational resilience management. Put more simply; it is a method to tame the out of control world of IT operations.

CERT notes that the model has two primary objectives: to establish the convergence of operational risk and resilience management activities such as security, business continuity, and aspects of IT operations management into a single model. And to apply a process improvement approach to operational resilience management through the definition and application of a capability level scale that expresses increasing levels of process improvement.

In plain English, the model creates a formal method in which to execute IT tasks. Given the reality that most IT tasks are executed in an ad-hoc manner, the CERT-RMM should be a welcome relief to most organizations.

The CERT-RMM is a relatively new framework, with version 1.0 being issued in May 2010. Version 1.1 was made available via this book in December 2010. CERT also has a really good CERT-RMM Overview presentation available.

CERT-RMM v1.1 comprises 26 process areas that cover four areas of operations resilience management: enterprise management, engineering, operations and process management.

In chapter 1, the authors astutely note that technology can be very effective in managing risk, but technology cannot always substitute for skilled peoples and resources, procedures and methods that define and connect tasks and activities, and processes to provide structure and stability towards the achievement of common objectives and goals.

The problem is that most companies will spend huge amounts of money on these myriad technologies and seemingly expect the install routine to magically integrate the numerous processes. CERT-RMM is a comprehensive solution to a broad set of problems.

But for those that are looking to CERT-RMM for a quick fix to a decades old problem, the authors also note in chapter 1 that CERT-RMM must be embedded within the culture and practices of an organization. The CERT-RMM practices will only make an organization more resilient to the degree to which they have been institutionalized via its processes.

At just over 1,000 pages, the book is a treasure-trove of invaluable information. While the amount of information may be overwhelming, it is manageable if used in a serious fashion. But just to reiterate, CERT-RMM should not be seen as a quick-fix solution.

The main textual part of the book covers 2 parts and 7 chapters which make up the first 120 pages. These 2 parts provide a comprehensive overview of the CERT-RMM and provides an overview of the various concepts used within the model. The authors do a superb job of showing how structure and processes need to be an integral part of enterprise operations, and note the challenges of not having such an approach.

Focusing on information security, the authors intelligently observe in chapter 2 that historically information was viewed as a technology problem and relegated to the IT department. The problem though with such an approach is that when an incident or disruption occurs, the response is generally localized and discrete; not orchestrated across all affected lines of business and organizational units. That problem is precisely what CERT-RMM comes to fix. If implemented effectively, the processes enable organizations to respond in a more formal manner, with integrated processes; resulting in operations that are quicker, cheaper, and ultimately, more resilient.

In chapter 4, the authors tell you what seems to be obvious: that the CERT-RMM in its entirety looks ominous. They note the reason is that operational resilience management encompasses many disciplines and practices. The challenge though is for the organization to be able to understand the relationships in the CERT-RMM model and connect them to their own organization. CERT-RMM is certainly not for the fainthearted. But for those that are serious about operational efficiency and resilience, CERT-RMM is certainly a godsend.

The reality is that not only does the CERT-RMM look ominous, it is. The reason is that CERT-RMM will most likely be used to retrofit an organization that has used decades of ad-hoc approaches to its IT processes. Trying to fix so much is indeed ominous. But even with that ominous cloud, it is something that must be done.

In chapter 5, the authors make an important point in that CERT-RMM is not a prescriptive model. This means that there is no guidance provided to adopt the model in any specific sequence or prescriptive path. Rather, process improvements are unique to each organization, to which the CERT-RMM provides the basic structure to enable enterprises to chart their own specific improvements paths uses the model as a guide.

Chapter 6 on Using CERT-RMM notes that the model has a strong enterprise undercurrent, due to the fact that effective operational resilience management requires capabilities that often have enterprise-wide significant. But the enterprise–wide nature of the model does not mean that it can't be adopted at more discrete levels.

Part 3 of the book is a complete listing of the 26 CERT-RMM process areas. Part 3 is where the heart of the CERT-RMM is. Each of the 26 sections has a complete set of descriptions of goals and practices and real-world examples.

Think of part 3 as The Checklist Manifesto: How to Get Things Right, but on steroids. In that book, author Atul Gawande uses the notion of a checklist as a quality-control device. He noticed that the high-pressure complexities in place today can overwhelm even the best-trained professional and that only a disciplined adherence to essential procedures can fix things. Gawande would likely be enamored by the CERT-RMM.

When the reader goes through the over 800 pages of part 3, they will see them as a set of standard operating procedures (SOP). Industries such as aviation, manufacturing and pharmaceuticals have SOP deeply embedded in their processes. The SOP in part 3 are far from rocket science. They are simply a comprehensive approach and attention to detail. Given that resilience is all about the details, part 3 can be used to take an organization to a mature state of resilience.

If nothing else, part 3 should give the reader an appreciation for the need for effective process around IT initiatives. The exacting level of detail described in part 3 displays a rigorous set of processes that if deployed, can ensure an all-embracing approach to systems management and control.

Often books with numerous authors lack a sense of style and symmetry. With 3 authors, the book suffers none of that and is completely integrated into a single unit with no disconnects. Each of the authors are CERT veterans that bring considerable experience which is pervasive throughout the book.

But as good as the CERT-RMM, we all know that it is likely to have minimal adoption. Most organizations are far too short-sighted to use a model that requires such discipline and long-term approach asCERT-RMM.

But for those organizations that are truly serious about resiliency, serious about security, serious about saving money and being more efficient, this book and the CERT-RMM is a model they will embrace warmly. This book is an important first step that can be the gateway to resiliency.

For all the others, they should at least use the CERT-RMM incident management and controlprocess area to deal with the many security incidents and breaches they will inevitably have to contend with.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "If Gartner were to have created the CERT-RMM framework like what is detailed in the book CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience; it likely would be offered to their clients for at least $15,000. With a list price of $79.99, the book is clearly a bargain. Besides being inexpensive, it details an invaluable model that should be seriously considered by nearly every organization." Keep reading for the rest of Ben's review. CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience author Richard Caralli, Julia Allen, David White pages 1056 publisher Addison-Wesley Professional rating 10/10 reviewer Ben Rothke ISBN 0321712439 summary Book details a superb method to tame the out of control world of IT operations The CERT-RMM is a capability model for operational resilience management. Put more simply; it is a method to tame the out of control world of IT operations.

CERT notes that the model has two primary objectives: to establish the convergence of operational risk and resilience management activities such as security, business continuity, and aspects of IT operations management into a single model. And to apply a process improvement approach to operational resilience management through the definition and application of a capability level scale that expresses increasing levels of process improvement.

In plain English, the model creates a formal method in which to execute IT tasks. Given the reality that most IT tasks are executed in an ad-hoc manner, the CERT-RMM should be a welcome relief to most organizations.

The CERT-RMM is a relatively new framework, with version 1.0 being issued in May 2010. Version 1.1 was made available via this book in December 2010. CERT also has a really good CERT-RMM Overview presentation available.

CERT-RMM v1.1 comprises 26 process areas that cover four areas of operations resilience management: enterprise management, engineering, operations and process management.

In chapter 1, the authors astutely note that technology can be very effective in managing risk, but technology cannot always substitute for skilled peoples and resources, procedures and methods that define and connect tasks and activities, and processes to provide structure and stability towards the achievement of common objectives and goals.

The problem is that most companies will spend huge amounts of money on these myriad technologies and seemingly expect the install routine to magically integrate the numerous processes. CERT-RMM is a comprehensive solution to a broad set of problems.

But for those that are looking to CERT-RMM for a quick fix to a decades old problem, the authors also note in chapter 1 that CERT-RMM must be embedded within the culture and practices of an organization. The CERT-RMM practices will only make an organization more resilient to the degree to which they have been institutionalized via its processes.

At just over 1,000 pages, the book is a treasure-trove of invaluable information. While the amount of information may be overwhelming, it is manageable if used in a serious fashion. But just to reiterate, CERT-RMM should not be seen as a quick-fix solution.

The main textual part of the book covers 2 parts and 7 chapters which make up the first 120 pages. These 2 parts provide a comprehensive overview of the CERT-RMM and provides an overview of the various concepts used within the model. The authors do a superb job of showing how structure and processes need to be an integral part of enterprise operations, and note the challenges of not having such an approach.

Focusing on information security, the authors intelligently observe in chapter 2 that historically information was viewed as a technology problem and relegated to the IT department. The problem though with such an approach is that when an incident or disruption occurs, the response is generally localized and discrete; not orchestrated across all affected lines of business and organizational units. That problem is precisely what CERT-RMM comes to fix. If implemented effectively, the processes enable organizations to respond in a more formal manner, with integrated processes; resulting in operations that are quicker, cheaper, and ultimately, more resilient.

In chapter 4, the authors tell you what seems to be obvious: that the CERT-RMM in its entirety looks ominous. They note the reason is that operational resilience management encompasses many disciplines and practices. The challenge though is for the organization to be able to understand the relationships in the CERT-RMM model and connect them to their own organization. CERT-RMM is certainly not for the fainthearted. But for those that are serious about operational efficiency and resilience, CERT-RMM is certainly a godsend.

The reality is that not only does the CERT-RMM look ominous, it is. The reason is that CERT-RMM will most likely be used to retrofit an organization that has used decades of ad-hoc approaches to its IT processes. Trying to fix so much is indeed ominous. But even with that ominous cloud, it is something that must be done.

In chapter 5, the authors make an important point in that CERT-RMM is not a prescriptive model. This means that there is no guidance provided to adopt the model in any specific sequence or prescriptive path. Rather, process improvements are unique to each organization, to which the CERT-RMM provides the basic structure to enable enterprises to chart their own specific improvements paths uses the model as a guide.

Chapter 6 on Using CERT-RMM notes that the model has a strong enterprise undercurrent, due to the fact that effective operational resilience management requires capabilities that often have enterprise-wide significant. But the enterprise–wide nature of the model does not mean that it can't be adopted at more discrete levels.

Part 3 of the book is a complete listing of the 26 CERT-RMM process areas. Part 3 is where the heart of the CERT-RMM is. Each of the 26 sections has a complete set of descriptions of goals and practices and real-world examples.

Think of part 3 as The Checklist Manifesto: How to Get Things Right, but on steroids. In that book, author Atul Gawande uses the notion of a checklist as a quality-control device. He noticed that the high-pressure complexities in place today can overwhelm even the best-trained professional and that only a disciplined adherence to essential procedures can fix things. Gawande would likely be enamored by the CERT-RMM.

When the reader goes through the over 800 pages of part 3, they will see them as a set of standard operating procedures (SOP). Industries such as aviation, manufacturing and pharmaceuticals have SOP deeply embedded in their processes. The SOP in part 3 are far from rocket science. They are simply a comprehensive approach and attention to detail. Given that resilience is all about the details, part 3 can be used to take an organization to a mature state of resilience.

If nothing else, part 3 should give the reader an appreciation for the need for effective process around IT initiatives. The exacting level of detail described in part 3 displays a rigorous set of processes that if deployed, can ensure an all-embracing approach to systems management and control.

Often books with numerous authors lack a sense of style and symmetry. With 3 authors, the book suffers none of that and is completely integrated into a single unit with no disconnects. Each of the authors are CERT veterans that bring considerable experience which is pervasive throughout the book.

But as good as the CERT-RMM, we all know that it is likely to have minimal adoption. Most organizations are far too short-sighted to use a model that requires such discipline and long-term approach asCERT-RMM.

But for those organizations that are truly serious about resiliency, serious about security, serious about saving money and being more efficient, this book and the CERT-RMM is a model they will embrace warmly. This book is an important first step that can be the gateway to resiliency.

For all the others, they should at least use the CERT-RMM incident management and controlprocess area to deal with the many security incidents and breaches they will inevitably have to contend with.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

JR0cket writes "Scribus is an open source desktop publishing tool that helps you create professionally laid out documents, from simple documents to full blown magazines, corporate brochures or even books. Desktop publishing tools are not a replacement for word processors, instead they give you the freedom to create uniquely designed documents and help you manage large sets of text and graphic content. Scribus is similar to Adobe InDesign or Quark Xpress and gives you a wide range of tools to layout content in either print or digital media form. Scribus is pretty easy to get to grips with and has good documentation on the project website. The Scribus 1.3.5 beginners guide is a really handy guide through the workflow of desktop publishing and helps you clearly understand how to create professional looking results." Read below for the rest of JR0ket's review. Scribus 1.3.5 beginners guide author Cedric Gemy pages 348 publisher Packt Publishing rating 9/10 reviewer John Stevenson ISBN 978-1-84951-300-5 summary Create optimum page layouts for your documents using productive tools of Scribus. The book includes a simple comparison between Scribus and other desktop publsihing tools such as InDesign, Quark Express and Microsoft publisher, setting expectations clearly as to what you can get from Scribus and the kind of interoperability between desktop publishing tools (its a little limited, but the Scribus project is trying and is the most open).

The book begins by covering some theory behind desktop publishing, using the metaphor — What you see is what you mean — to get you thinking about the overal design that would appeal to your audience, whilst also considering the resource and media constraints you have. As with developing software, knowing the needs of your audience is an important factor in the layout of your documents. Knowing the limitations of what you can print out effectively or deliver as other media is an important set of constraints to consider.

An important concept to understand is the "graphic workflow" for desktop publishing. The first chapter therefore covers the use of Inkscape, Gimp and LibreOffice (open office) to create and manage your content (text and images) and then using Scribus to pull that content together in an appealing and productive layout. Also covered is the idea of using Inkscape as a tool for mock-up designs. I see Scribus as kind of the the big brother to Inkscape (review) in that Inkscape works with a single page document, whereas Scribus can manage content across a multiple page document. You can assemble some very intricate documents using Scribus that would take a lot of time and effort to do using Inkscape and word processors such as Libre office and Microsoft office.

Next is the overview of the Scribus workspace, including details of the menus and tool bars for which there are many. This overview is very easy to understand, especially for someone who has little or no experience. The coverage of the text, graphics and page layout options are very detailed and nicey sprinkled with mini-tutorials to help you get to grips with Scribus quickly. The first tutorial guides you through the creation of a simple business card, so you get a nice gentle start whilst still being practical.

Due to the good layout and extensive use of screenshots its easy for an advanced user to skip through to the parts of the workspace you want to learn about.

Once the Scribus workstation is covered, the book goes on to detail how to create your own layouts for desktop publishing using all the features of Scribus. Again you are guided step-by-step through the various options for choosing a document layout and managing the structure of your documents, using frames for importing and managing text and graphics, changing colours and styles, stacking and layers to manage the presentation, distorting shapes using resizing, rotating / scaling frames, alignment and distribution of objects. There are a lot of layout options in Scribus and the book does a good job of introducing each aspect. Again this is done using a step by step tutorial style and the odd pop-quiz that helps you quickly gain confidence with the tool.

There is good coverage of the how Scribus handles advanced colour features. Using shading, gradient fills, pattern fills and transparency of images and the use of layers, its shown how to create eye-catching effects to enhance your documents. Support for CMYK and colour profiles is covered when talking about profiling with the Argyll plugin for Scribus.

As printing documents is full of pitfalls, in part due to the wide range of printing hardware out there, there is a whole chapter on this topic. Scribus has a pre-flight verifier to check the quality of your document output and can give you a lot of information and highlight any errors in PDF generation. Using the print preview you can see examples of colour separation and ink coverage, all very important for print media. There is also some very useful information for book production, marks and bleeds, security for pdf's and all the various standards for pdf documents.

Overall the book gives a complete coverage of all the typical layout techniques you will need for your desktop publishing efforts the book. By the time you reach the end of the book you will know how to produce an Adobe portable document file (pdf) that is suitable for your print or online distribution.

Please note: Scribus has recently moved to a new file format its documents and the book referes to the Scribus version which uses this new file format. Documents created with older versions of Scribus are supported in all newer versions, but document created in 1.3.5 onwards are not backwards compatible. On Debian based system, both the older version of Scribus and newer version Scribus-NG can be run side by side.

The Scribus beginers guide book has a well presented layout with content nicely spaced through the books 348 pages, making it comfortable to read both in book and ebook form. Althought there is plenty of information online, the book is a great way to get started and give you confidence in your approach and use of Scribus, so you can make use of the reference materials online.

There are several books available for Scribus, however the Scribus 1.3.5 beginners guide is the most up to date, covering all the latest features of this evolving tool. This book makes a nice addition to the online reference documentation and the community resources available for Scribus.

John coaches Lean Agile practices, organises London technical communities and is an OSS advocate. @JR0cket

You can purchase Scribus 1.3.5: Beginner's Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

CWmike writes "Amazon launched a Mac-specific application download store on Thursday that will compete with Apple's nearly five-month-old Mac App Store. The new subsection of Amazon's massive online store, dubbed 'Mac Software Downloads,' kicked off quietly Thursday. Amazon has long offered software downloads for both Windows and Mac customers, but this was the first time that the company called out its Mac-centric 'store.' The retailer, however, apparently did not want to goad Apple into another legal battle by mimicking its rival's 'App Store' moniker: The two companies are already in court over Amazon's 'Appstore for Android,' which Apple claims violates its trademark. Unlike the Mac App Store, which Apple opened in early January, Amazon's includes the popular Office for Mac line from Microsoft."

RickJWagner writes "I'm pretty certain this is the definitive guide to Apache Camel, destined to be referred to as 'The Camel Book' by Camel users for a long time. It covers Camel inside and out, upside and down, 550 pages worth of gritty detail that takes the reader from level zero to monitoring of your production applications. If you use Camel, or think you might want to, you need to pick up a copy of this book." Read below for the rest of Rick's review. Camel In Action author Claus Ibsen, Jonathan Anstey pages 552 publisher Manning Publications rating 9/10 reviewer RickJWagner ISBN 1935182366 summary A Camel tutorial full of small examples showing how to work with the integration patterns. If you haven't used Camel, it's known as an "Integration Framework", a phrase that I like to equate to "ESB Lite". By that I mean if you want to route messages or transform them, this is a tool you might consider. Still not quite sure what I'm describing? Here's a couple of examples. If you want to read messages from a JMS queue, use the contents to invoke a web service and put the results of the web service call in a database, Camel's a good tool. If you want to read in a flat file, split it into individual lines, take a part from each line to call a web service, Camel's a good tool. Camel does all this and more, acting as a sort of universal router and message transformer. Camel aims to implement the famed "Enterprise Integration Patterns", which are easily understandable descriptions of processing snippets that provide functionality in likely scenarios when you're using messaging. If you're brand new to this type of programming, I'd encourage you to use Google to check out "Enterprise Integration Patterns"-- you'll quickly get a feel for the workspace Camel lives in.

The book is exhaustive in it's coverage of Camel. It shows the reader how to configure Camel using both Java code and Spring configuration snippets. It's meant to be progressive in nature, showing the reader simple uses to start with, then progressing to more advanced scenarios as the book gets into the latter chapters. (More about this later, it involves my only complaint about the book.) Along the way, the authors address real-world topics like transactions, production monitoring, and deployment to different hosting containers. All told, the book reflects the concerns of someone who has actually used Camel for real-world work, and as such will prove to be an invaluable resource for anyone moving Camel to production.

The source code that goes with the book is clean, easy to read, and above all it works right out of the box. It's all Maven-centric, so if you're not a Maven user yet you will be at least partially practiced in it by the time you're done with this book. The examples are straight out of the chapters, so you can look to the book for a detailed explanation of what you're running. (You can also run what's being described, and monkey with it to learn new things. Very handy.) I offer no improvement for the sample code, it works as advertised.

I was especially impressed by the care the authors took to explain the really nitty-gritty stuff that a real-world user is going to need. Concurrency and transactions fall into this category. All the sample examples in the world won't help you if the book doesn't help you scale you app and make it safe for production use, considerations you sometimes don't find in tech books. They're here, though, and covered in sufficient detail to meet your go-to-production needs.

This is a big book, and the text it contains is as simple as it should be but no simpler. The illustrations are simple and relevant. If you're brand new to Camel and want to read it front to back, be prepared to allocate a good number of hours for this task. This is because there's just a lot of material covered here, none of it fluff. If you're already an established Camel user, this book will serve well as a desktop reference for when you want to venture off into more of Camel's abundant functionality.

So what's not to like? The only criticism I have for this book is that the ordering of the chapters is not quite to my liking. It starts out with the simple canned examples, and they get progressively harder, 'till the reader is finally given the knowledge to write their own applications way out in chapter 11. If you're like me, you like to see an example or two, then you like to start hacking out your own "Hello World" apps to get a feel for how to build the artifacts you need to get things running. I thought chapter 11 was too late in the game for that knowledge. In fairness, if you're a reader who doesn't mind skipping around as you read, then just skip to chapter 11 right away and you needn't worry about this tiny nit.

So who's this book good for? Camel users of all types, from beginners to those who already own running Camel apps will benefit from this book. You won't be sorry-- you'll never wish you'd held out for a better book, because there just flat isn't going to be one, at least not for a long, long time.

You can purchase Camel In Action from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Years ago, technologists and consumers alike could only dream of surfing the Web using the (increasingly ubiquitous) mobile devices available, such as smartphones. But that is now commonplace, resulting from a convergence of several trends: the standardization of wireless access protocols, greater carrier coverage and bandwidth, the popularity of mobile apps, and more powerful mobile products — featuring embedded keyboards and pointing devices, greater memory, hardware miniaturization, and larger screens with better resolution. For the typical website nowadays, the primary impediment to the site working well on leading mobile devices is that the site was never intended for them in the first place. Web developers and other site builders using content management systems, can now learn how to build for mobile accessibility, with help from resources such as Professional Mobile Web Development with WordPress, Joomla! and Drupal — authored by James Pearce, who is quite active in the mobile development space." Read on for the rest of Michael's review. Professional Mobile Web Development With WordPress, Joomla! and Drupal author James Pearce pages 552 pages publisher Wrox rating 8/10 reviewer Michael J. Ross ISBN 978-0470889510 summary A guide to building mobile-ready websites using the leading CMSs This book was published by Wrox, on 12 April 2011, under the ISBN 978-0470889510. It is a substantial volume, at 552 pages, which are organized into five parts. The bulk of the information is presented in the second and third parts. The former covers mobile development considerations independent of any particular content management system (CMS). It is in the third part that the author shows how to apply these techniques to websites and web apps created using the three leading CMSs — WordPress, Drupal, and Joomla. Most of the example code shown in the book, from a dozen chapters, can be downloaded from the book's web page. Unfortunately, the Zip file contains even more Zip files, which is rather annoying. The book's web page offers the table of contents (both the high-level and detailed ones), a brief author bio, the book's index, and a sample chapter (the first one). The book's introduction states that the web page has a link to errata, but there does not appear to be any such link. (Even if there are no errata reported, the link should have still been added, or at least an explanation as to its absence.)

The first part of this book, "The World of the Mobile Web," begins with an introduction to the mobile Web (which originated just a couple years after the birth of the Web itself), and discusses at a high level the similarities and differences between website development for the desktop versus mobile devices. The author then provides an overview of mobile technologies and networks, their technical limitations, recent developments therein, online information resources, and mobile browsers. Chapter 5, "The Mobile Toolbox," will probably be of more interest to web developers than the earlier chapters, because it surveys the mobile development techniques, server-side technologies, and development tools that are most often used for creating mobile-ready websites. For nondevelopers, the section that describes the key components of a CMS, can be valuable as an introduction to CMSs.

In the second part, "General Mobile Techniques," the author briefly discusses some of the critical options which a web developer must decide upon to structure a website so that it will be suitable for mobile viewers. These include navigation menu depth, breadth, grouping, and placement; typography, pagination, multimedia, and forms; and CSS and JavaScript. He also addresses a decision that likely will have even greater consequences for the long term maintenance costs of a new website, namely, the entry point(s) and structure(s) of the mobile and desktop versions of the site relative to one another. Chapter 7, which explores browser detection and methods of allowing the user to switch between mobile and desktop versions of a website, marks a shift in the book, where the reader is first exposed to any significant amount of code. Most of it is straightforward, but would be better without the use of the clunky heredoc method for outputting HTML from within a PHP script. Earlier, the author makes clear that device detection techniques (specifically, for screen dimensions) are not foolproof. Thus it is perplexing why his CSS code specifies pixel-based widths for images with a class "full" — presumably to fill the entire width of the mobile device's screen — because any pixel-based fixed width could turn out to be improper for the device upon which it is rendered. Wouldn't something like "100%" be a much safer choice?

In Chapters 8 through 10, the author presents user interface patterns seen in the major content management systems — forms, content lists, image galleries, and comments — and discusses how they can be applied to websites intended to support mobile devices. The only information that seems to be missing is the reason, if any, the author recommends using divs for grouping input fields, and not (more semantically correct) fieldsets. He also discusses some key design considerations, as they relate to mobile websites (including CSS media queries), and some HTML/CSS templates and libraries that can be used as starting points (especially valuable if you want to roll your own solution, and not use any CMS plug-in).

The third part of the book, "Major CMS Platforms," demonstrates how to develop mobile websites using the three most commonly-used CMSs — WordPress, Drupal, and Joomla — and how to add more capabilities beyond what is provided by the chosen plug-ins. For WordPress, the solutions examined are dotMobi WordPress Mobile Pack (for which the author appears to be the lead developer), WPtouch, Mobile Edition, MobilePress, and Automattic WordPress. For Drupal, the main weakness in the material is that the author posits the Mobile Plugin module as a solution for Drupal 6 and 7 (even discussing Drupal 7 permissions), but there is no version of it for Drupal 7 — not even an alpha release, and there is no indication there ever will be one. Also, in Chapter 14, the API calls do not work for Drupal 7. Yet the coverage of the topics is generally clear and engaging.

In light of the growing popularity and capabilities of JavaScript frameworks, it is no surprise that in the fourth part of the book, "Enhancing and Launching Your Site," the author explores alternatives to the methods he presented in earlier chapters, by using two such frameworks for mobilizing websites: jQuery Mobile and Sencha Touch. The example code is based upon a WordPress website, and leverages a switcher plug-in and other code discussed earlier in the book. The penultimate chapter covers various techniques for testing and debugging mobile websites: browser plugins, mobile emulators, and online testing services. The last chapter discusses issues with (the network carriers') transcoders, traffic analysis, and mobile search and monetization. The fifth and final part of the book, "References," contains a handy glossary, as well as two appendices that provide recommendations for further reading and developer resources specific to the three CMSs utilized in the book, and various mobile Web organizations and industry players.

Overall, the writing quality is a bit better than average for computer books, with detailed and helpful explanations. However, in several cases, the author uses words he doesn't seem to understand: "RIM's legacy browser remains very populous" (page 68; should read "popular"); "inadmissible flaw" (page 185; one can only guess at the intended use of this judicial word); the delightfully redundant "pre-prepared" (page 208); and "rallied against" (page 209; should read "railed against"). There are numerous simpler errata: "as [a] whole" (page xxvi), "appraised" (page xxvii; should read "apprised"), "been build" (page 3), "switchboard[s]" (4), "connected [to] the Internet" (11), "marking" (11; should read "marketing"), "it's [a] phone" (14), "these are dealt with these" (19), "phone's" (40; should read "phones'"), "try and catch" (45; should read "try to catch"); ". at" (46), "is [a] good start" (75), "most CMS[s]" (116), "some CMS[s]" (125), "a[n] XML" (140), "an pertinent" (166), "you are introduced you" (182), "to [an] extreme" (185), "on [a] par" (187), "part [of] the" (188), "wheedle out" (199; should read "weed out"), "scaling is down" (200; should read "it"), "comprised of" (220), "there comments" (227), "go [to] the" (230), "allow you [to] tweak" (247), "Index.php" (262), "in [a] box" (269), "[non]greedy" (280), "http:// yoursite" (305), "suit[e]s" (340), and at this point I stopped recording errata.

There seems to be no consistency in the formatting of URLs: the inclusion or exclusion of "http://" and root directory slashes was seemingly decided upon randomly (e.g., page 53). One may find the occasional comma where a period was called for (same page, third paragraph). Also, there is an excessive use of exclamation marks, particularly in the earlier chapters. Lastly, the author has an odd habit of phrasing statements of what material will be covered next, in a commanding form, e.g., "you turn your attention to examining" (page 97) instead of, say, "we turn our attention to examining." It's not important, but it's unsettling, and in a couple cases, rather baffling, e.g., "You should briefly discuss how to access HTTP headers in your code" (page 133). With whom should the reader discuss it? Yet the book's style is, for the most part, conversational and easy to digest.

Readers will find plenty of illustrative figures. Although all of them are black and white only, they are without exception top quality and quite attractive, including the many screenshots and product images. The only place a figure is sorely needed, is on page 261, to clarify the discussion about em-based padding. The chapters end with brief summaries, which are of no value and simply make the book a bit longer than it needs to be. Also adding unnecessarily to its heft is the repeated reminder that the example code can be downloaded from the Wrox website.

Aside from the aforementioned blemishes, this book does a fine job of introducing the reader to all aspects of developing CMS-based websites suitable for mobile devices.

Michael J. Ross is a freelance website developer and writer.

You can purchase Professional Mobile Web Development With WordPress, Joomla! and Drupal from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Hershel Robinson writes "A new book released by Packt Publishing called Using CiviCRM defines CiviCRM as 'a web-based, open source Constituent Relationship Management (CRM) system, designed specifically to meet the needs of advocacy, non-profit and non-governmental organizations.' What is not mentioned in this definition is that CiviCRM is a large and complex package with a wealth of features--the rest of this book deals with discovering and explaining how to use them." Read below for the rest of Hershel's review. Using CiviCRM author Joseph Murray and Brian Shaughnessy pages 464 publisher Packt Publishing rating 9/10 reviewer Hershel Robinson ISBN 1849512264 summary All about CiviCRM and how to use it Initiated by a small team around the year 2005, CiviCRM runs as a module for either Drupal or Joomla!. Knowledge of one of these CMS's is not strictly necessary to use CiviCRM, although if one wants to integrate "client-facing" aspects of CiviCRM into his public websites, that would involve the CMS.

As noted, CiviCRM itself, however, is a complicated and feature-rich package. In my opinion, the basic features are not difficult to use and in my experience, a somewhat tech-savvy laymen can make use of them without trouble. For users with less experience and knowledge with computers, however, even basic tasks may require training, and for most any lay-user, understanding the more advanced features will involve training and/or self-study.

While there is an online book, and an excellent wiki called CiviCRM Documentation available already, >Using CiviCRM makes learning CiviCRM easier. The two advantages I can see are that first, it is more in-depth in many areas than the other two resources, and secondly, many people will undoubtedly appreciate the ease of use of a traditional, printed book that they can open on their desk as they work online.

The authors, Joseph Murray and Brian Shaughnessy, bring to their book talent, years of experience working with CiviCRM and a dedication to explain and clarify virtually every aspect of CiviCRM. Both are well-regarded as knowledgeable professionals by the CiviCRM team and the community and are active supporters of the project.

Overall, the book is in-depth and covers all relevant subject areas for a person interested in learning about CiviCRM and using it. The layout and formatting are clean and the prose flows smoothly. As noted in the introduction and preface, both the official CiviCRM team had some involvement in this book, as well as other prominent members of the community.

Beginning with broad issues such as what a CRM is and why an NPO needs one, the book even gives fair space to other CRM tools, pointing out differences of each and outlining in what situations CiviCRM might be the best choice. This broad introduction includes such issues as third-party feedback regarding CiviCRM, total cost of ownership, documentation, community, and the unique hosting requirements of CiviCRM. The introductory section end with a review of the various stages in the life of any software package usage scenario. First is the planning stage, including hardware, software and personnel etc, and then the initial installation and basic configuration.

Next the book goes through each major functional section of CiviCRM, such as working with Contacts, importing data, mass email, fundraising, memberships, event management, case management, grant management and reporting.

These chapters are of course the main part of the book, and will most probably be the most used. The authors go to lengths to present each various feature of CiviCRM in depth, discussing only best practices (i.e. without shortcuts that can later cause problems), and with real-life examples. The book uses an approach of maintaining two unique case studies throughout the entire work, showing how these two organizations felt a need for various features and then how they actually implemented them.

The last chapter closes the book with a discussion of customization, the CiviCRM community, and looking towards the future, in particular with regard to future versions of CiviCRM.

The book appears to somewhat be geared towards a dual audience. The bulk of the book is perfect for a typical (if there is one) NPO staff member who is not an IT professional, yet needs to use a CRM. Such a person is taken step by step through all the various tasks he needs to perform, complete with examples and screenshots of the various pages involved. Many sections, however, are quite technical and seem only relevant to someone already somewhat knowledgeable in IT, including Linux, PHP, MySQL etc. These sections, such as installation and configuration, including setting up cron jobs, appear geared towards an IT support department or individual.

Even in the non-technical sections, technical points (such as how to use Drupal hooks or how to find certain data directly in the database) are occasionally thrown in. This may be a drawback of this book, as some readers may be confused or even scared by technical jargon and concepts with which they are not familiar.

Hopefully, most readers will not be bothered by such--there is no doubt that a beginner or even mid-level user of CiviCRM will gain a wealth of knowledge from this book. With 464 pages, it can well be used as a textbook, to read cover to cover and learn all about CiviCRM, and then be kept as a reference tool when dealing with the details of any particular area.

I would recommend this book to anyone interested in learning about CiviCRM, or anyone wanting to learn how to better utilize the tools it provides.

Hershel Robinson is a long-term member of the CiviCRM community, runs a specialty hosting business for CiviCRM hosting called CiviHosting, and is also a freelance web developer specializing in Drupal and CiviCRM development.

You can purchase Using CiviCRM from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

RickJWagner writes "Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open. Packt Publishing has just released BackTrack 4: Assuring Security by Penetration Testing, a how-to book based on the freely available BackTrack 4 Linux distribution. The intent of the book is to educate security consultants on the use of this devastatingly complete Hacker's toolkit, and to provide sage words of advice on how to conduct yourself as a penetration testing consultant. On both counts, the authors do well." Keep reading for the rest of Rick's review. BackTrack 4: Assuring Security by Penetration Testing author Shakeel Ali, Tedi Heriyanto pages 392 publisher Packt rating 9/10 reviewer Rick J Wagner ISBN 1849513945 summary Covers the core of BackTrack with real-world examples and step-by-step instructions I have to admit, at first blush I wasn't impressed by the book. I usually start looking a tech book over by thumbing through it, quickly glancing over snippets every chapter or so to get a feel for how the book is written. My initial impression was that the book contained many 2-page introductions to what appeared to be system tools, showing how to invoke them and the type of text output they would produce. Who needs that, I thought? I settled down to read the text front to back, then realized the full horror of what I was reading. More on that later.

The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.

Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.

The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)

The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.

Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.

Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.

Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.

The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.

Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.

So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.

If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.

You can purchase BackTrack 4: Assuring Security by Penetration Testing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ecmguru writes "My first impression of the book was that the author did an excellent job in presenting records management (RM) concepts, describing how Alfresco implemented the RM features in Share, and how you could customize this features if necessary. I was somewhat excited about reading this book because I am currently working on an RM project." Read on for the rest of ecmguru's review. Alfresco 3 Records Management author Dick Weisinger pages 488 publisher Packt rating 8/10 reviewer ecmguru ISBN 1849514364 summary Provides a good mix of records management concepts and technical details for developers The author begins by introducing RM in layman's terms, then details how to install an RM module and describes the RM features built for 5015.2 DoD certification for Alfresco. One big thing to note – Alfresco RM module is FREE. This may not be a surprise to typical Alfresco users or developers, but having access to RM functionality without having to pay a fortune is very appealing. He then talks about the Alfresco Content Model. RM content model is generic; there is DoD content model that follows 5015.2 DoD spec. There is a good diagram on model-view-controller application process flow and affected RM files.

If you are not familiar with what a File Plan is, the author defines what a 5015.2 File Plan is: three-level folder structure that contains Series, Categories, and Folders. Each object type in the File Plan has to follow specific RM rules. Series can only contain Categories; it cannot contain Folders and Records. Categories can only contain Folders and has support for disposition schedule. Retention rules are inherited by all Folders underneath a Category. Folder may contain records and non-declared records.

The author mentions benefits of developing a formal file plan. It helps with consistency when filing & retrieving records, enables compliance, provides an audit trail, and supports predictable disposition of records. There are several means of creating a file plan: 1) follow company organizational chart, 2) develop a file plan that maps to functionality or activity of the organization, or 3) a hybrid of both. #1 is simpler to identify, but generally not recommended since records for a group or department may have different retention & disposition values. #2 allows modeling based on process, activities and transactions, and enables clustering of similar types of records. #3 is typically the best approach. Use organization structure to define series, use processes to define categories, and finally use entity or time periods to define folders.

He next talks about Disposition Schedules and how they work in an RM module. The author does a good job in describing the details without making it too dry. Disposition normally includes retention, transfer, and destruction phases. The lifecycle of a record before it gets disposed can be described in the following fashion:

- When a document is moved into a File Plan, it's still an undeclared record.
- When all mandatory fields are completed, only then can it be declared as a record.
- Declared records located in a File Plan are automatically associated with a disposition schedule, which is inherited indirectly from Category
- Once a record is declared, the content cannot be changed; only metadata can be changed.
- All changes in metadata values are audited.

There are some complexities about disposition that the author tries to explain, but if you are not a records person, the topics seem esoteric. For example, there are 5 types of disposition steps and three main disposition rules:

- 1st step must be Cutoff or Retain
- No two steps can be of the same type
- No steps can come after Destroy

Here is another rule about disposition — if disposition occurs at folder and folder contains no records or undeclared records, folder will not be Cutoff. There can only be Cutoff if and only if there is at least one record. Most of these statements seem logical, but they do not really help me understand more about disposition.

The best chapter in the book has to be Chapter 9. If you only have time to read one chapter, this is one that you need to read. The author reviews various RM concepts and then describes various scenarios and what-if situations that a record can be in. Other topics include: freeze/hold, unique record ID that Alfresco creates for each record, and the two cron jobs that the RM module uses to support RM functionality.

The author concludes with how Alfresco RM supports searching, auditing, security, and configuration settings. The author provided a list of all RM features as it maps to RM groups/roles that are pre-configured in RM module. You can disable/enable features per role using the role editing UI. This feature is not in Alfresco Share.

In summary, I really liked this book. It provides a good mix of records management concepts and technical details for developers. My only suggestion for the author is that it would have been nice if he provided a fictitious use case that could be referenced throughout the book. Other Alfresco books that I have reviewed include such samples and I feel that it can be very helpful to readers who are trying to pick up a new concept.

You can purchase Alfresco 3 Records Management from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

MassDosage writes "Apache JMeter written by Emily H. Halili is very much an introductory guide to using Apache's open source JMeter testing tool. Unfortunately a book that should have been good fodder to whet the appetites of testers is spoiled by shoddy editing, poor writing and very little content that isn't already included in JMeter's own user manual." Read below for the rest of MassDosage's review. Apache JMeter author Emily H.Halili pages 129 publisher Packt Publishing rating 3/10 reviewer Mass Dosage ISBN 978-1-847192-95-0 summary A practical beginner's guide to automated testing and performance measurement for your websites. I am one of those (fairly) rare software developers with a genuine interest in testing and first tried using JMeter many years ago after its initial release as a tool primarily focused on testing the Apache Tomcat web/application server. It was a bit rough around the edges and poorly documented in those days so I was looking forward to a book that would re-familiarize me with JMeter in its current form. This book clearly targets itself at the testing community and doesn't require any programming (or even much testing) knowledge.

Apache JMeter starts off with a not particularly convincing overview of why one would want to automate testing and goes off on a tangent trying to prove the monetary savings this leads too. Any testing will depend very much on the type of software being tested, the skills of the tester, technology stack in use etc. so trying to come up with a general formula proving that testing will save money is probably impossible and pointless. It would have been far more useful to include some practical examples where testing saved time, effort, caught bugs early etc. A very brief history of JMeter is provided as well as an overview of its GUI and the the various elements available. For those who haven't used it before — JMeter acts as a client which sends requests to the application being tested and can then act on the responses returned. Overall this isn't the smoothest of introductions with lots of grammatical errors, fragmented text and repeated concepts, which doesn't bode well for the rest of the book.

Installing and setting up JMeter is covered next and this is straightforward and simple. A good overview of what a JMeter test plan consists of is provided and this covers controlling how many simultaneous users a test will use, what logic and timing will be used to issue requests, the type of requests (e.g. HTTP for web sites, FTP for file retrieval etc.), various configuration options, how to assert the contents of responses and so on. The book is a bit dated and the version of JMeter I was using didn't always match up with the text and diagrams but most of the differences were self explanatory so this wasn't really an issue.

The chapter on load and performance testing is the best on offer and provides sensible guidelines on this type of testing. These include tips such as ensuring network bandwidth between the machines under test, running the tests on physically separate machines from the software being tested, running tests for long periods of time and what to monitor. This is mainly common sense but it's good to see them summarized and the book would have benefited from more sections that appear to be informed by the author's practical experiences as a tester. The example given in the book is the load testing of a web site over HTTP and it's left up to the reader to translate the various types of request being made to an example website of their own. The screen shots of setting the various GUI values are clear and useful. Remote testing (i.e. not using a single JMeter GUI but multiple command-line instances of JMeter) is mentioned but sadly not covered which is a shame as any serious load or stress testing usually requires this. Using JMeter as a proxy to quickly generate a test plan by recording HTTP requests from a browser is both neat and useful and explained well.

JMeter is not just limited to load testing but can also be used to do simple functional tests as it can inspect the values returned by requests and perform assertions on these responses (e.g. checking that the returned HTML contains some text). Unfortunately functional testing is covered very poorly with far too little detail and no explanation of how to run the examples yourself. The author should have stuck to one simple use case (ideally that the reader could follow along with) which would show how to add one's own custom values to requests and to assert the results returned. In the end I could figure it out for myself, but I'd expect a book to guide me through this.

Advanced features are up next and the reader is pointed towards the sample code included with the book (a .rar file inside a .zip file, why?) but absolutely no explanation is given as to what one should actually do with the bunch of PHP and SQL files included in it. Using regular expressions and configuring JMeter to run tests using loops is covered but this doesn't make much sense as there is no context for the example used in setting this all up. Fortunately the sections on using JMeter to test a database and an FTP server are introduced with clear setup steps that are easy to follow. I wouldn't classify most of this material as advanced, it just gives the reader the knowledge that JMeter can be used to test more than just HTTP sites and provides a few very simple examples which they can build on.

Finally the book wraps up by stressing once again that it's just an introduction to JMeter and a concluding table clearly showing that more is not covered than actually covered. The appendices consist of definitions of nearly every JMeter element that can be accessed in the GUI (a good quick reference), some pointers to material for readers interested in learning more, and a glossary of testing terms, the vast majority of which are never used in the book itself. Unfortunately the latter is yet more evidence of the biggest weakness of this book — the appalling editing that doesn't even remove sentences which are completely incorrect. 'You can too contribute.' (the closing sentence of Chapter 1) is just one of many examples of poor writing that somehow survived into print.

On the whole the book does give one an overview of how to get started with JMeter and the section on load testing a website is a useful introduction to various JMeter concepts. This is the only printed book on the topic out there so if you learn best reading from print then you don't have many options. This is a shame as a niche topic like this could do with an interesting, well-informed and authoritative guide. For everyone else I would suggest reading the User Manual on the JMeter website as it covers all the material here (and much more) and is far more readable.

You can purchase Apache JMeter from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

CPE1704TKS tips news that Amazon has provided a post-mortem on why EC2 failed. Quoting: "At 12:47 AM PDT on April 21st, a network change was performed as part of our normal AWS scaling activities in a single Availability Zone in the US East Region. The configuration change was to upgrade the capacity of the primary network. During the change, one of the standard steps is to shift traffic off of one of the redundant routers in the primary EBS network to allow the upgrade to happen. The traffic shift was executed incorrectly and rather than routing the traffic to the other router on the primary network, the traffic was routed onto the lower capacity redundant EBS network. For a portion of the EBS cluster in the affected Availability Zone, this meant that they did not have a functioning primary or secondary network because traffic was purposely shifted away from the primary network and the secondary network couldn't handle the traffic level it was receiving."

KuanH writes "Amazon SimpleDB Developer Guide is billed as a complete guide to using Amazon's SimpleDB database API. It's most detailed for PHP. It's helpful for Python. But the Java code and explanations aren't up to the standard of the others. It includes a primer on using Amazon S3 with SimpleDB: files stored on S3, file metadata stored in SimpleDB — again, less good for Java. It also covers tuning to reduce usage costs, caching using memcached, and ways to batch-update and make serial or parallel requests to SimpleDB. However, it's missing some information that beginners might need, and it's perhaps not quite advanced enough for the more experienced. Downloadable example code is available only for PHP." Keep reading for the rest of Kuan's review. Amazon SimpleDB Developer Guide author Prabhakar Chaganti, Rich Helms pages 252 publisher Packt Publishing rating 6 reviewer Kuan Hon ISBN 1847197345 summary "Getting started" guide to using Amazon's SimpleDB cloud database Say "cloud" to get the attention of CIOs seeking to cut costs in these recessionary times. One well known "database in the cloud" option is Amazon Web Services' SimpleDB, which Amazon describes as "a highly available, flexible, and scalable non-relational data store that offloads the work of database administration."

Those who prefer traditional relational databases could try eg Amazon RDS. This book only covers SimpleDB, a NoSQL or non-relational database. As is well known, NoSQL databases grew in popularity with the growth of large distributed systems and cloud computing, and their proponents tout their scalability and speed.

For anyone wanting a quick primer on NoSQL databases, this book includes a chapter on NoSQL which isn't limited to SimpleDB. It outlines some key conceptual differences between NoSQL and relational database management systems, with pros and cons, using the analogy of "a spreadsheet with some XML characteristics", and illustrating with some concrete examples. That chapter's been made available as a free sample chapter (SimpleDB versus RDBMS), so you can get a flavour of the book.

The contents list for this book is online, I won't recite it here. As well as an overview of SimpleDB, its terminology and advantages, the book goes through signing up with AWS and SimpleDB, and the account access keys. That chapter is also online, as a tutorial.

You may ask, how does this book differ from Amazon's free SimpleDB documentation, which includes a developer guide and a "getting started" guide? Amazon's own "getting started" is certainly helpful, and it's worth downloading and trying their web app scratchpad. But Amazon's detailed developer guide concentrates on REST and SOAP requests, which most people wouldn't want to deal with direct at that low level.

This book's focus is on using the SimpleDB web services API through certain specific languages and libraries — namely Java (JDK6 — using the typical 1.6 library plus several dependencies), Python (2.5 — you need boto), and PHP (with curl). It recommends the SDBtool Firefox extension (SDBizo), which is excellent for checking the results of running the code.

I've tried the book's Java and Python examples, on Windows. Not PHP, as I've not got round to learning PHP yet, though I skimmed the PHP explanations. Similarly, I've not had time to try it all over again on Linux. Generally, the book's coverage seems fuller and better for PHP than for Java or Python. Perhaps it was originally written for PHP, and the rest was bolted on — the stuff for Java more hurriedly than for Python?

The downloadable code samples, as mentioned, are PHP only. They really should have provided downloadable code for all 3 languages, plus some fake MP3 files (see later). If you get the e-book (available in PDF and epub), you can copy and paste the Java or Python code. But that's a tad tedious, especially when the code runs onto a new page, and there are stray end of lines etc that you have to delete manually. Furthermore, the Python code provided is for the interpreter in interactive mode (not for .py files, except a couple towards the end). So, for the Python, you also have to copy/paste each line one at a time. But that still beats having to re-type pages of code in full.

In other words, if you want this book and you're only interested in PHP, you can get away with just buying the hard copy and downloading the code from the Packt site. But if you prefer Python or Java, to save your fingers and blood pressure you should buy just the e-version, or get both paper and e books together. I really hope Packt will in future provide downloadable code samples for all the languages covered.

I have more issues with the sample code given in this book. The typical imports should have been spelled out in the example Java code. Eclipse offers more than one possible import in some cases. It was "try everything till it works", at least until I found this tutorial. I've included the initial required typical imports (though not the standard java.util etc ones) in my own list of points, which I'll say more about at the end of this review. Surely it wouldn't have been difficult to include just those few lines of imports, which could have saved readers a lot of time trying to work out the correct imports. There are also errors in the Python code, and on one page the code that should have been included is missing altogether.

Now, more on the book proper. After the overview described above, this book walks you through the basic SimpleDB operations: how to create a SimpleDB "domain" (equivalent to a worksheet in a spreadsheet), list domains, create/retrieve items (like spreadsheet rows), and delete domains.

Items have attributes (spreadsheet column headings), as key:value pairs — the key is the attribute name, the value is its value, eg address:1 Acacia Avenue. An attribute can have more than one value, eg the same item can have both address:1 Acacia Avenue and address:2 Broadway. The book also lists the SimpleDB constraints on domains, items and attributes — maximum number or size, etc — but it's best to check the AWS site for the latest info.

Code examples are given for each of the 3 languages mentioned. The examples are similar, but don't always cover the same ground. If they'd done that, where possible, it would have been more helpful to those of us trying examples in more than one language. One advantage of a book with associated website is that electronic updates can be published, and it would have been great if that had been done for this book. For instance, the book gave conditional put/delete code examples only for PHP. At the date of this review, boto now supports those features, but sample supplemental Python code for that still hadn't been made available.

SimpleDB stores attribute values as UTF-8 strings. This means that comparisons for sorting or searching are done lexicographically (character by character, left to right, numbers take precedence over uppercase over lowercase), and to handle numbers or dates you have to encode and decode them yourself. So, the book has a chapter explaining lexicographical comparison, data types, and how to encode and decode data to enable proper sorting and comparison of numbers, dates, Boolean values and XML-restricted characters. In the case of numbers this means zero padding and offsets, and there's example code for decoding and encoding numbers. Unlike with PHP and Python, oddly the Java code given was for the body of the typical method that carries out the encoding etc. This could have been omitted, and they should have given example code illustrating the method's usage instead. Similarly for the date formats code.

The SimpleDB query syntax is generally covered well, in a chapter which takes readers through first creating a sample database of song metadata to run queries against. It's not too painful copy/pasting the Java code (3+ pages), but with Python in interactive mode I drew the line at creating every song item and attributes using individual statements, even with pasting, so I just tried adding a couple of random ones to test that the code worked. I say again, full downloadable code please...!

That chapter then gives helpful examples of queries against the sample database and their results, including for more complex combined queries ("and", "or" type queries, "not" etc), and querying for multiple-value attributes. It also provides code examples for sorting and counting query results. But the Java code for retrieving an item's attributes wouldn't run, and I couldn't find the method used (getItemsAttributes()) detailed in the typical documentation; perhaps the book is out of date here?

The book starts going beyond the basics from Chapter 7 onwards, with a chapter on Amazon's S3 storage service — another well known component of Amazon Web Services, where "objects" (files) may be stored in "buckets" (directories), with "keys" used to retrieve objects.

For S3, the book uses JetS3t for Java. However, the Java code given for uploading files to S3 didn't demonstrate any integration with SimpleDB at all — the files were just uploaded with their filenames as the S3 keys, and the code didn't seem to deal with the creation of your own custom S3 keys for uploaded objects. In contrast, the Python code generated the S3 keys for the files from hashes previously produced and stored in the SimpleDB database, as well as dealing with their uploading. In addition, for me the Java code for downloading files from S3 just wouldn't run, and also it wasn't clear where the files were supposed to be downloaded to locally, unlike with the Python example. Inexplicably, there was no info on how to delete objects from S3 buckets, or indeed how to delete buckets. So, while the S3 chapter is of help, it could definitely do with being expanded, especially the Java sections.

Next, money money money. AWS charges are based on usage, so the chapter on tuning and usage costs has some practical value in explaining how SimpleDB is charged for, the "BoxUsage" value returned by requests to SimpleDB, using BoxUsage to optimize queries and compute costs, and how to get BoxUsage values back with your queries using Java, Python etc. There are code examples that, when run, illustrate the different BoxUsage values you get when you use different operators or expressions in queries (eg, using LIKE costs more).

However, partitioning your data into multiple domains is covered in only a few paragraphs, with no code given. I'd have liked to see more info on that, and some sample code for the partitioning process.

To further save money, you can use a cache to store data locally, trying your local cache first; and, only if the data is not there, would your app go out to SimpleDB and incur costs for querying it. This book accordingly has a chapter on how to install and use the popular open source caching system memcached to cache your query results locally. (CacheLite for PHP is also covered.) Again, the Java sections caused me some frustration. The Java test code showed that the memcached server was running properly on my machine, but the Java code for using the cache just didn't work; it ran, but continued to query SimpleDB direct. The Python code, however, worked perfectly — except that, if you're using memcached in Windows, you'll need to use port 11211 instead of what's shown in the book. (I didn't try it in Linux.)

Finally, the book deals with running parallel operations against SimpleDB, using its BatchPutAttributes. The section on updating SimpleDB in Python by making serial consecutive calls to SimpleDB is completely missing the code for the script, but the book does then cover inserting multiple items concurrently into SimpleDB using a threadpool in Java. It also gives sample Python code for alternative ways of parallelising requests: using Python's built-in threading module, threading and queues combined, then threading using the open source workerpool module.

To conclude, in substance the book has a fair amount of useful information on the basics of getting started with SimpleDB, particularly for Python (and probably PHP). But not providing downloadable code samples in Java and Python, or "fake" MP3 files to try S3 uploading/downloading, is a minus.

Some errors, inconsistencies and missing information from the department of "I-wish-they'd-included-this-even-if-they-thought-it-was-basic-as-it's-too-easily-missed-if-it's-not-spelled-out", mean that the book is not really "complete", and not as suitable as it should be for relative beginners — especially for Java and (in whatever language) Windows. It wouldn't take much extra work to get it up to scratch on that front. Perhaps the next edition, or better still an online update/supplement?

For the more experienced, the book doesn't take readers to as advanced a stage as it could have, in my view. In particular, it would have been good to have more info and example code on partitioning data between different domains, and also how to migrate data from an existing database to SimpleDB — their code for "importing" the sample database literally just adds each item and attribute individually.

Fix the errors, add the missing info for beginners, provide downloads of code in all relevant languages and "fake files", and I'd have given it a 7. Provide working sample Java code with more explanation, plus proper integration with S3, an 8. Add fuller info on partitioning, migration, and perhaps even integration with yet more AWS services, a 9.

All opinions are personal to me: half geek, half lawyer, mostly harmless. I'm researching legal issues in cloud computing.

You can purchase Amazon SimpleDB Developer Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

KuanH writes "Amazon SimpleDB Developer Guide is billed as a complete guide to using Amazon's SimpleDB database API. It's most detailed for PHP. It's helpful for Python. But the Java code and explanations aren't up to the standard of the others. It includes a primer on using Amazon S3 with SimpleDB: files stored on S3, file metadata stored in SimpleDB — again, less good for Java. It also covers tuning to reduce usage costs, caching using memcached, and ways to batch-update and make serial or parallel requests to SimpleDB. However, it's missing some information that beginners might need, and it's perhaps not quite advanced enough for the more experienced. Downloadable example code is available only for PHP." Keep reading for the rest of Kuan's review. Amazon SimpleDB Developer Guide author Prabhakar Chaganti, Rich Helms pages 252 publisher Packt Publishing rating 6 reviewer Kuan Hon ISBN 1847197345 summary "Getting started" guide to using Amazon's SimpleDB cloud database Say "cloud" to get the attention of CIOs seeking to cut costs in these recessionary times. One well known "database in the cloud" option is Amazon Web Services' SimpleDB, which Amazon describes as "a highly available, flexible, and scalable non-relational data store that offloads the work of database administration."

Those who prefer traditional relational databases could try eg Amazon RDS. This book only covers SimpleDB, a NoSQL or non-relational database. As is well known, NoSQL databases grew in popularity with the growth of large distributed systems and cloud computing, and their proponents tout their scalability and speed.

For anyone wanting a quick primer on NoSQL databases, this book includes a chapter on NoSQL which isn't limited to SimpleDB. It outlines some key conceptual differences between NoSQL and relational database management systems, with pros and cons, using the analogy of "a spreadsheet with some XML characteristics", and illustrating with some concrete examples. That chapter's been made available as a free sample chapter (SimpleDB versus RDBMS), so you can get a flavour of the book.

The contents list for this book is online, I won't recite it here. As well as an overview of SimpleDB, its terminology and advantages, the book goes through signing up with AWS and SimpleDB, and the account access keys. That chapter is also online, as a tutorial.

You may ask, how does this book differ from Amazon's free SimpleDB documentation, which includes a developer guide and a "getting started" guide? Amazon's own "getting started" is certainly helpful, and it's worth downloading and trying their web app scratchpad. But Amazon's detailed developer guide concentrates on REST and SOAP requests, which most people wouldn't want to deal with direct at that low level.

This book's focus is on using the SimpleDB web services API through certain specific languages and libraries — namely Java (JDK6 — using the typical 1.6 library plus several dependencies), Python (2.5 — you need boto), and PHP (with curl). It recommends the SDBtool Firefox extension (SDBizo), which is excellent for checking the results of running the code.

I've tried the book's Java and Python examples, on Windows. Not PHP, as I've not got round to learning PHP yet, though I skimmed the PHP explanations. Similarly, I've not had time to try it all over again on Linux. Generally, the book's coverage seems fuller and better for PHP than for Java or Python. Perhaps it was originally written for PHP, and the rest was bolted on — the stuff for Java more hurriedly than for Python?

The downloadable code samples, as mentioned, are PHP only. They really should have provided downloadable code for all 3 languages, plus some fake MP3 files (see later). If you get the e-book (available in PDF and epub), you can copy and paste the Java or Python code. But that's a tad tedious, especially when the code runs onto a new page, and there are stray end of lines etc that you have to delete manually. Furthermore, the Python code provided is for the interpreter in interactive mode (not for .py files, except a couple towards the end). So, for the Python, you also have to copy/paste each line one at a time. But that still beats having to re-type pages of code in full.

In other words, if you want this book and you're only interested in PHP, you can get away with just buying the hard copy and downloading the code from the Packt site. But if you prefer Python or Java, to save your fingers and blood pressure you should buy just the e-version, or get both paper and e books together. I really hope Packt will in future provide downloadable code samples for all the languages covered.

I have more issues with the sample code given in this book. The typical imports should have been spelled out in the example Java code. Eclipse offers more than one possible import in some cases. It was "try everything till it works", at least until I found this tutorial. I've included the initial required typical imports (though not the standard java.util etc ones) in my own list of points, which I'll say more about at the end of this review. Surely it wouldn't have been difficult to include just those few lines of imports, which could have saved readers a lot of time trying to work out the correct imports. There are also errors in the Python code, and on one page the code that should have been included is missing altogether.

Now, more on the book proper. After the overview described above, this book walks you through the basic SimpleDB operations: how to create a SimpleDB "domain" (equivalent to a worksheet in a spreadsheet), list domains, create/retrieve items (like spreadsheet rows), and delete domains.

Items have attributes (spreadsheet column headings), as key:value pairs — the key is the attribute name, the value is its value, eg address:1 Acacia Avenue. An attribute can have more than one value, eg the same item can have both address:1 Acacia Avenue and address:2 Broadway. The book also lists the SimpleDB constraints on domains, items and attributes — maximum number or size, etc — but it's best to check the AWS site for the latest info.

Code examples are given for each of the 3 languages mentioned. The examples are similar, but don't always cover the same ground. If they'd done that, where possible, it would have been more helpful to those of us trying examples in more than one language. One advantage of a book with associated website is that electronic updates can be published, and it would have been great if that had been done for this book. For instance, the book gave conditional put/delete code examples only for PHP. At the date of this review, boto now supports those features, but sample supplemental Python code for that still hadn't been made available.

SimpleDB stores attribute values as UTF-8 strings. This means that comparisons for sorting or searching are done lexicographically (character by character, left to right, numbers take precedence over uppercase over lowercase), and to handle numbers or dates you have to encode and decode them yourself. So, the book has a chapter explaining lexicographical comparison, data types, and how to encode and decode data to enable proper sorting and comparison of numbers, dates, Boolean values and XML-restricted characters. In the case of numbers this means zero padding and offsets, and there's example code for decoding and encoding numbers. Unlike with PHP and Python, oddly the Java code given was for the body of the typical method that carries out the encoding etc. This could have been omitted, and they should have given example code illustrating the method's usage instead. Similarly for the date formats code.

The SimpleDB query syntax is generally covered well, in a chapter which takes readers through first creating a sample database of song metadata to run queries against. It's not too painful copy/pasting the Java code (3+ pages), but with Python in interactive mode I drew the line at creating every song item and attributes using individual statements, even with pasting, so I just tried adding a couple of random ones to test that the code worked. I say again, full downloadable code please...!

That chapter then gives helpful examples of queries against the sample database and their results, including for more complex combined queries ("and", "or" type queries, "not" etc), and querying for multiple-value attributes. It also provides code examples for sorting and counting query results. But the Java code for retrieving an item's attributes wouldn't run, and I couldn't find the method used (getItemsAttributes()) detailed in the typical documentation; perhaps the book is out of date here?

The book starts going beyond the basics from Chapter 7 onwards, with a chapter on Amazon's S3 storage service — another well known component of Amazon Web Services, where "objects" (files) may be stored in "buckets" (directories), with "keys" used to retrieve objects.

For S3, the book uses JetS3t for Java. However, the Java code given for uploading files to S3 didn't demonstrate any integration with SimpleDB at all — the files were just uploaded with their filenames as the S3 keys, and the code didn't seem to deal with the creation of your own custom S3 keys for uploaded objects. In contrast, the Python code generated the S3 keys for the files from hashes previously produced and stored in the SimpleDB database, as well as dealing with their uploading. In addition, for me the Java code for downloading files from S3 just wouldn't run, and also it wasn't clear where the files were supposed to be downloaded to locally, unlike with the Python example. Inexplicably, there was no info on how to delete objects from S3 buckets, or indeed how to delete buckets. So, while the S3 chapter is of help, it could definitely do with being expanded, especially the Java sections.

Next, money money money. AWS charges are based on usage, so the chapter on tuning and usage costs has some practical value in explaining how SimpleDB is charged for, the "BoxUsage" value returned by requests to SimpleDB, using BoxUsage to optimize queries and compute costs, and how to get BoxUsage values back with your queries using Java, Python etc. There are code examples that, when run, illustrate the different BoxUsage values you get when you use different operators or expressions in queries (eg, using LIKE costs more).

However, partitioning your data into multiple domains is covered in only a few paragraphs, with no code given. I'd have liked to see more info on that, and some sample code for the partitioning process.

To further save money, you can use a cache to store data locally, trying your local cache first; and, only if the data is not there, would your app go out to SimpleDB and incur costs for querying it. This book accordingly has a chapter on how to install and use the popular open source caching system memcached to cache your query results locally. (CacheLite for PHP is also covered.) Again, the Java sections caused me some frustration. The Java test code showed that the memcached server was running properly on my machine, but the Java code for using the cache just didn't work; it ran, but continued to query SimpleDB direct. The Python code, however, worked perfectly — except that, if you're using memcached in Windows, you'll need to use port 11211 instead of what's shown in the book. (I didn't try it in Linux.)

Finally, the book deals with running parallel operations against SimpleDB, using its BatchPutAttributes. The section on updating SimpleDB in Python by making serial consecutive calls to SimpleDB is completely missing the code for the script, but the book does then cover inserting multiple items concurrently into SimpleDB using a threadpool in Java. It also gives sample Python code for alternative ways of parallelising requests: using Python's built-in threading module, threading and queues combined, then threading using the open source workerpool module.

To conclude, in substance the book has a fair amount of useful information on the basics of getting started with SimpleDB, particularly for Python (and probably PHP). But not providing downloadable code samples in Java and Python, or "fake" MP3 files to try S3 uploading/downloading, is a minus.

Some errors, inconsistencies and missing information from the department of "I-wish-they'd-included-this-even-if-they-thought-it-was-basic-as-it's-too-easily-missed-if-it's-not-spelled-out", mean that the book is not really "complete", and not as suitable as it should be for relative beginners — especially for Java and (in whatever language) Windows. It wouldn't take much extra work to get it up to scratch on that front. Perhaps the next edition, or better still an online update/supplement?

For the more experienced, the book doesn't take readers to as advanced a stage as it could have, in my view. In particular, it would have been good to have more info and example code on partitioning data between different domains, and also how to migrate data from an existing database to SimpleDB — their code for "importing" the sample database literally just adds each item and attribute individually.

Fix the errors, add the missing info for beginners, provide downloads of code in all relevant languages and "fake files", and I'd have given it a 7. Provide working sample Java code with more explanation, plus proper integration with S3, an 8. Add fuller info on partitioning, migration, and perhaps even integration with yet more AWS services, a 9.

All opinions are personal to me: half geek, half lawyer, mostly harmless. I'm researching legal issues in cloud computing.

You can purchase Amazon SimpleDB Developer Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

KuanH writes "Amazon SimpleDB Developer Guide is billed as a complete guide to using Amazon's SimpleDB database API. It's most detailed for PHP. It's helpful for Python. But the Java code and explanations aren't up to the standard of the others. It includes a primer on using Amazon S3 with SimpleDB: files stored on S3, file metadata stored in SimpleDB — again, less good for Java. It also covers tuning to reduce usage costs, caching using memcached, and ways to batch-update and make serial or parallel requests to SimpleDB. However, it's missing some information that beginners might need, and it's perhaps not quite advanced enough for the more experienced. Downloadable example code is available only for PHP." Keep reading for the rest of Kuan's review. Amazon SimpleDB Developer Guide author Prabhakar Chaganti, Rich Helms pages 252 publisher Packt Publishing rating 6 reviewer Kuan Hon ISBN 1847197345 summary "Getting started" guide to using Amazon's SimpleDB cloud database Say "cloud" to get the attention of CIOs seeking to cut costs in these recessionary times. One well known "database in the cloud" option is Amazon Web Services' SimpleDB, which Amazon describes as "a highly available, flexible, and scalable non-relational data store that offloads the work of database administration."

Those who prefer traditional relational databases could try eg Amazon RDS. This book only covers SimpleDB, a NoSQL or non-relational database. As is well known, NoSQL databases grew in popularity with the growth of large distributed systems and cloud computing, and their proponents tout their scalability and speed.

For anyone wanting a quick primer on NoSQL databases, this book includes a chapter on NoSQL which isn't limited to SimpleDB. It outlines some key conceptual differences between NoSQL and relational database management systems, with pros and cons, using the analogy of "a spreadsheet with some XML characteristics", and illustrating with some concrete examples. That chapter's been made available as a free sample chapter (SimpleDB versus RDBMS), so you can get a flavour of the book.

The contents list for this book is online, I won't recite it here. As well as an overview of SimpleDB, its terminology and advantages, the book goes through signing up with AWS and SimpleDB, and the account access keys. That chapter is also online, as a tutorial.

You may ask, how does this book differ from Amazon's free SimpleDB documentation, which includes a developer guide and a "getting started" guide? Amazon's own "getting started" is certainly helpful, and it's worth downloading and trying their web app scratchpad. But Amazon's detailed developer guide concentrates on REST and SOAP requests, which most people wouldn't want to deal with direct at that low level.

This book's focus is on using the SimpleDB web services API through certain specific languages and libraries — namely Java (JDK6 — using the typical 1.6 library plus several dependencies), Python (2.5 — you need boto), and PHP (with curl). It recommends the SDBtool Firefox extension (SDBizo), which is excellent for checking the results of running the code.

I've tried the book's Java and Python examples, on Windows. Not PHP, as I've not got round to learning PHP yet, though I skimmed the PHP explanations. Similarly, I've not had time to try it all over again on Linux. Generally, the book's coverage seems fuller and better for PHP than for Java or Python. Perhaps it was originally written for PHP, and the rest was bolted on — the stuff for Java more hurriedly than for Python?

The downloadable code samples, as mentioned, are PHP only. They really should have provided downloadable code for all 3 languages, plus some fake MP3 files (see later). If you get the e-book (available in PDF and epub), you can copy and paste the Java or Python code. But that's a tad tedious, especially when the code runs onto a new page, and there are stray end of lines etc that you have to delete manually. Furthermore, the Python code provided is for the interpreter in interactive mode (not for .py files, except a couple towards the end). So, for the Python, you also have to copy/paste each line one at a time. But that still beats having to re-type pages of code in full.

In other words, if you want this book and you're only interested in PHP, you can get away with just buying the hard copy and downloading the code from the Packt site. But if you prefer Python or Java, to save your fingers and blood pressure you should buy just the e-version, or get both paper and e books together. I really hope Packt will in future provide downloadable code samples for all the languages covered.

I have more issues with the sample code given in this book. The typical imports should have been spelled out in the example Java code. Eclipse offers more than one possible import in some cases. It was "try everything till it works", at least until I found this tutorial. I've included the initial required typical imports (though not the standard java.util etc ones) in my own list of points, which I'll say more about at the end of this review. Surely it wouldn't have been difficult to include just those few lines of imports, which could have saved readers a lot of time trying to work out the correct imports. There are also errors in the Python code, and on one page the code that should have been included is missing altogether.

Now, more on the book proper. After the overview described above, this book walks you through the basic SimpleDB operations: how to create a SimpleDB "domain" (equivalent to a worksheet in a spreadsheet), list domains, create/retrieve items (like spreadsheet rows), and delete domains.

Items have attributes (spreadsheet column headings), as key:value pairs — the key is the attribute name, the value is its value, eg address:1 Acacia Avenue. An attribute can have more than one value, eg the same item can have both address:1 Acacia Avenue and address:2 Broadway. The book also lists the SimpleDB constraints on domains, items and attributes — maximum number or size, etc — but it's best to check the AWS site for the latest info.

Code examples are given for each of the 3 languages mentioned. The examples are similar, but don't always cover the same ground. If they'd done that, where possible, it would have been more helpful to those of us trying examples in more than one language. One advantage of a book with associated website is that electronic updates can be published, and it would have been great if that had been done for this book. For instance, the book gave conditional put/delete code examples only for PHP. At the date of this review, boto now supports those features, but sample supplemental Python code for that still hadn't been made available.

SimpleDB stores attribute values as UTF-8 strings. This means that comparisons for sorting or searching are done lexicographically (character by character, left to right, numbers take precedence over uppercase over lowercase), and to handle numbers or dates you have to encode and decode them yourself. So, the book has a chapter explaining lexicographical comparison, data types, and how to encode and decode data to enable proper sorting and comparison of numbers, dates, Boolean values and XML-restricted characters. In the case of numbers this means zero padding and offsets, and there's example code for decoding and encoding numbers. Unlike with PHP and Python, oddly the Java code given was for the body of the typical method that carries out the encoding etc. This could have been omitted, and they should have given example code illustrating the method's usage instead. Similarly for the date formats code.

The SimpleDB query syntax is generally covered well, in a chapter which takes readers through first creating a sample database of song metadata to run queries against. It's not too painful copy/pasting the Java code (3+ pages), but with Python in interactive mode I drew the line at creating every song item and attributes using individual statements, even with pasting, so I just tried adding a couple of random ones to test that the code worked. I say again, full downloadable code please...!

That chapter then gives helpful examples of queries against the sample database and their results, including for more complex combined queries ("and", "or" type queries, "not" etc), and querying for multiple-value attributes. It also provides code examples for sorting and counting query results. But the Java code for retrieving an item's attributes wouldn't run, and I couldn't find the method used (getItemsAttributes()) detailed in the typical documentation; perhaps the book is out of date here?

The book starts going beyond the basics from Chapter 7 onwards, with a chapter on Amazon's S3 storage service — another well known component of Amazon Web Services, where "objects" (files) may be stored in "buckets" (directories), with "keys" used to retrieve objects.

For S3, the book uses JetS3t for Java. However, the Java code given for uploading files to S3 didn't demonstrate any integration with SimpleDB at all — the files were just uploaded with their filenames as the S3 keys, and the code didn't seem to deal with the creation of your own custom S3 keys for uploaded objects. In contrast, the Python code generated the S3 keys for the files from hashes previously produced and stored in the SimpleDB database, as well as dealing with their uploading. In addition, for me the Java code for downloading files from S3 just wouldn't run, and also it wasn't clear where the files were supposed to be downloaded to locally, unlike with the Python example. Inexplicably, there was no info on how to delete objects from S3 buckets, or indeed how to delete buckets. So, while the S3 chapter is of help, it could definitely do with being expanded, especially the Java sections.

Next, money money money. AWS charges are based on usage, so the chapter on tuning and usage costs has some practical value in explaining how SimpleDB is charged for, the "BoxUsage" value returned by requests to SimpleDB, using BoxUsage to optimize queries and compute costs, and how to get BoxUsage values back with your queries using Java, Python etc. There are code examples that, when run, illustrate the different BoxUsage values you get when you use different operators or expressions in queries (eg, using LIKE costs more).

However, partitioning your data into multiple domains is covered in only a few paragraphs, with no code given. I'd have liked to see more info on that, and some sample code for the partitioning process.

To further save money, you can use a cache to store data locally, trying your local cache first; and, only if the data is not there, would your app go out to SimpleDB and incur costs for querying it. This book accordingly has a chapter on how to install and use the popular open source caching system memcached to cache your query results locally. (CacheLite for PHP is also covered.) Again, the Java sections caused me some frustration. The Java test code showed that the memcached server was running properly on my machine, but the Java code for using the cache just didn't work; it ran, but continued to query SimpleDB direct. The Python code, however, worked perfectly — except that, if you're using memcached in Windows, you'll need to use port 11211 instead of what's shown in the book. (I didn't try it in Linux.)

Finally, the book deals with running parallel operations against SimpleDB, using its BatchPutAttributes. The section on updating SimpleDB in Python by making serial consecutive calls to SimpleDB is completely missing the code for the script, but the book does then cover inserting multiple items concurrently into SimpleDB using a threadpool in Java. It also gives sample Python code for alternative ways of parallelising requests: using Python's built-in threading module, threading and queues combined, then threading using the open source workerpool module.

To conclude, in substance the book has a fair amount of useful information on the basics of getting started with SimpleDB, particularly for Python (and probably PHP). But not providing downloadable code samples in Java and Python, or "fake" MP3 files to try S3 uploading/downloading, is a minus.

Some errors, inconsistencies and missing information from the department of "I-wish-they'd-included-this-even-if-they-thought-it-was-basic-as-it's-too-easily-missed-if-it's-not-spelled-out", mean that the book is not really "complete", and not as suitable as it should be for relative beginners — especially for Java and (in whatever language) Windows. It wouldn't take much extra work to get it up to scratch on that front. Perhaps the next edition, or better still an online update/supplement?

For the more experienced, the book doesn't take readers to as advanced a stage as it could have, in my view. In particular, it would have been good to have more info and example code on partitioning data between different domains, and also how to migrate data from an existing database to SimpleDB — their code for "importing" the sample database literally just adds each item and attribute individually.

Fix the errors, add the missing info for beginners, provide downloads of code in all relevant languages and "fake files", and I'd have given it a 7. Provide working sample Java code with more explanation, plus proper integration with S3, an 8. Add fuller info on partitioning, migration, and perhaps even integration with yet more AWS services, a 9.

All opinions are personal to me: half geek, half lawyer, mostly harmless. I'm researching legal issues in cloud computing.

You can purchase Amazon SimpleDB Developer Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

leek writes "An Amazon.com pricing algorithm which lets sellers set prices based on other sellers' prices led to a positive feedback loop, causing the biology text The Making of A Fly to reach $23M. Biologist Micheal Eisen writes: 'What's fascinating about all this is both the seemingly endless possibilities for both chaos and mischief. It seems impossible that we stumbled onto the only example of this kind of upward pricing spiral. And as soon as it was clear what was going on here, I and the people I talked to about this couldn't help but start thinking about ways to exploit our ability to predict how others would price their books down to the 5th significant digit -- especially when they were clearly not paying careful attention to what their algorithms were doing.' The price of the book was reset but is currently back up to $976.98."

brothke writes "Network Security Auditing is touted as the complete guide to auditing security, measuring risk, and promoting compliance. The book lives up to its promise and is a comprehensive reference to all things network security audit related." Read below for the rest of Ben's review. Network Security Auditing author Chris Jackson pages 528 publisher Cisco Press rating 9/10 reviewer Ben Rothke ISBN 1587053527 summary Excellent highly technical and detailed reference At almost 450 pages, the book covers all of the key areas around network security that is of relevance to those working in information security. As a Cisco Press title, written by a Cisco technical solutions architect, the book naturally has a heavy Cisco slant to it. Nonetheless, it is still an excellence reference even for those not working in a Cisco environment. While the first 3 chapters of the book provide an overview that is great even for a security newbie, the overall style of the book is highly technical and comprehensive.

Chapters 1-3 provide an introduction to the principles of auditing, information security and the law, and governance, frameworks and standards. Each chapter is backed with a significant amount of information and the reader is presented with a thorough overview of the concepts.

Chapter 3 does a good job of providing the reader with the details of current frameworks and standards, including PCI DSS, ITIL, ISO 17799/27001 and others. Author Chris Jackson does a good job of explaining the differences between them and where they are best used. Given this is a Cisco-centric book, he also shows how the various Cisco security products can be integrated for such regulatory and standards support.

Throughout the book, the author makes excellent use of many auditing checklists for each area that can be used to quickly ascertain the level of security audit compliance.

Chapter 6 is perhaps the best chapter in the book on the topic of Policy, Compliance and Management, and the author provides an exceptionally good overview of the need for auditing security policies. This is a critical area as far too many organizations create an initial set of information security policies, but subsequently never take the time to go back and see if they are indeed effective and providing the necessary levels of data protection.

Jackson notes that accessing the effectiveness of a policy requires the auditor to look at the policy from the viewpoint of those who will interpreting its meaning. A well intentioned policy might recommend a particular course of action, but unless specific actions are required, there is little an organization can expect the policy to actually accomplish to help the organization protect its data assets if it is misinterpreted.

The chapter suggests that the auditor ask questions such as: is the policy implementable, enforceable, easy to understand, based on risk, in line with business objectives, cost effective, effectively communicated and more. If these criteria are not well-defined and delineated, then the policies will exist in text only, offering little information security protection to the organization.

Jackson also writes of the need to measure how well policies are implemented as part of a security assessment. He suggested using a maturity model as a way to gauge if the organization is in its evolution towards fully integrating security into its business process or if it already has a formal integration process in place.

In chapter 8 on Perimeter Intrusion Prevention, Jackson writes that protecting a network perimeter used to be a relatively easy task. All an organization would have to do is stick a firewall on its Internet connection, lock down the unused ports and monitor activity. But in most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and more; and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network.

Chapter 8 provides detailed framework on how to perform a perimeter design review and assessment. As part of the overall review, the chapter details other aspects of the assessment including the need for reviews of the logical and physical architectures, in addition to a review of the firewall. Jackson also lists a large number of security tools that can be used to during an audit.

Chapter 11 covers endpoint protection with a focus on the end-user. Jackson notes that users never cease to amaze with their abilities to disappoint by opening suspicious file attachments, running untrusted Facebook applications, and much more. The book notes that organizations today face significantly higher levels of risk from endpoint security breaches than ever before due to our highly mobile and connected workforce.

The chapter details an endpoint protection operational control review that can be used to assess the organizations processes for identifying threats and performing proactive management of endpoint devices. While the chapter is quite Cisco-centric, with references to the Cisco SIO (Security Intelligence Operations) and a number of other Cisco products, the chapter does provide a good overview of the fundamentals of endpoint protection and how to do it the right way.

Overall, Network Security Auditing is highly technical and detailed reference that makes for an excellent primary reference on the fundamental of information security. With ample amounts of checklist, coding references, detailed diagrams and just the right amount of screen shots, it makes an excellent guide that any member of an IT or security group should find quite informative.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Network Security Auditing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "Network Security Auditing is touted as the complete guide to auditing security, measuring risk, and promoting compliance. The book lives up to its promise and is a comprehensive reference to all things network security audit related." Read below for the rest of Ben's review. Network Security Auditing author Chris Jackson pages 528 publisher Cisco Press rating 9/10 reviewer Ben Rothke ISBN 1587053527 summary Excellent highly technical and detailed reference At almost 450 pages, the book covers all of the key areas around network security that is of relevance to those working in information security. As a Cisco Press title, written by a Cisco technical solutions architect, the book naturally has a heavy Cisco slant to it. Nonetheless, it is still an excellence reference even for those not working in a Cisco environment. While the first 3 chapters of the book provide an overview that is great even for a security newbie, the overall style of the book is highly technical and comprehensive.

Chapters 1-3 provide an introduction to the principles of auditing, information security and the law, and governance, frameworks and standards. Each chapter is backed with a significant amount of information and the reader is presented with a thorough overview of the concepts.

Chapter 3 does a good job of providing the reader with the details of current frameworks and standards, including PCI DSS, ITIL, ISO 17799/27001 and others. Author Chris Jackson does a good job of explaining the differences between them and where they are best used. Given this is a Cisco-centric book, he also shows how the various Cisco security products can be integrated for such regulatory and standards support.

Throughout the book, the author makes excellent use of many auditing checklists for each area that can be used to quickly ascertain the level of security audit compliance.

Chapter 6 is perhaps the best chapter in the book on the topic of Policy, Compliance and Management, and the author provides an exceptionally good overview of the need for auditing security policies. This is a critical area as far too many organizations create an initial set of information security policies, but subsequently never take the time to go back and see if they are indeed effective and providing the necessary levels of data protection.

Jackson notes that accessing the effectiveness of a policy requires the auditor to look at the policy from the viewpoint of those who will interpreting its meaning. A well intentioned policy might recommend a particular course of action, but unless specific actions are required, there is little an organization can expect the policy to actually accomplish to help the organization protect its data assets if it is misinterpreted.

The chapter suggests that the auditor ask questions such as: is the policy implementable, enforceable, easy to understand, based on risk, in line with business objectives, cost effective, effectively communicated and more. If these criteria are not well-defined and delineated, then the policies will exist in text only, offering little information security protection to the organization.

Jackson also writes of the need to measure how well policies are implemented as part of a security assessment. He suggested using a maturity model as a way to gauge if the organization is in its evolution towards fully integrating security into its business process or if it already has a formal integration process in place.

In chapter 8 on Perimeter Intrusion Prevention, Jackson writes that protecting a network perimeter used to be a relatively easy task. All an organization would have to do is stick a firewall on its Internet connection, lock down the unused ports and monitor activity. But in most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and more; and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network.

Chapter 8 provides detailed framework on how to perform a perimeter design review and assessment. As part of the overall review, the chapter details other aspects of the assessment including the need for reviews of the logical and physical architectures, in addition to a review of the firewall. Jackson also lists a large number of security tools that can be used to during an audit.

Chapter 11 covers endpoint protection with a focus on the end-user. Jackson notes that users never cease to amaze with their abilities to disappoint by opening suspicious file attachments, running untrusted Facebook applications, and much more. The book notes that organizations today face significantly higher levels of risk from endpoint security breaches than ever before due to our highly mobile and connected workforce.

The chapter details an endpoint protection operational control review that can be used to assess the organizations processes for identifying threats and performing proactive management of endpoint devices. While the chapter is quite Cisco-centric, with references to the Cisco SIO (Security Intelligence Operations) and a number of other Cisco products, the chapter does provide a good overview of the fundamentals of endpoint protection and how to do it the right way.

Overall, Network Security Auditing is highly technical and detailed reference that makes for an excellent primary reference on the fundamental of information security. With ample amounts of checklist, coding references, detailed diagrams and just the right amount of screen shots, it makes an excellent guide that any member of an IT or security group should find quite informative.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Network Security Auditing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "Agile Development & Business Goals: The Six Week Solution has scrum-like elements, fairly rapid iterations, automated testing, and some other things that you have come to rely on to make your Agile methodology work. But the Six Week Solution agile process has some other things, too, that make it a very interesting take on the classic Agile approach." Read below for the rest of the AC's review. Agile Development & Business Goals: The Six Week Solution author Bill Holtsnider, Tom Wheeler, George Stragand, Joseph Gee pages 256 publisher Morgan Kaufmann rating 8/10 reviewer anonymous ISBN 978-0-12-381520-0 summary This book serves as a distilled learning guide for managing technical resources in a manner that directly boosts your bottom line. For a company considering going Agile, this book might be a good place to start.The book talks in detail about topics such as Test Driven Development, build server software and SAAS. It also discusses specific release schedule planning to meet sales goals, revenue formulas and cost of change graphs. In other words, both technical topics are covered in depth and detailed business topics are covered in depth. The two worlds are integrated throughout the book (and the process).The basic premise is that software should be "released" on a targeted six-week schedule. There are eight six-week cycles in a calendar year, and releasing your software three times a quarter allows the Business to plan their own cycles accordingly. And the Business does not get software with random features someone thought should be added; they get targeted software built to their specifications.

Of the many features discussed in the book, two set this process apart: You should directly align your software development with the needs of the Business. You should compensate your development team based on delivering on their commitments. (If they deliver, they get rewarded; if they don't deliver, there are consequences.) Combined with the rigors of an automated testing program the authors demand and you have a distinct approach to an old problem: "How can I build the exact software I need as quickly and efficiently as possible?"

Among other audiences, this book is perfect for management types who might not be able to spell "Agile". They don't want the details, they want their software development teams to be held accountable and produce useful results. In the intro the authors ask 10 questions: Does your software development process:

1. Align software development with business needs?
2. Compensate your development team based on delivering on their commitments?
3. Lend itself to a description so simple that everyone in the company can understand it?
4. Have both core Business and core Technical components?
5. Produce revenue-generating results that address real-world needs?
6. Tie your investment in your software development to the delivery of the software you need?
7. Account directly for Quality?
8. Hit your short term goals while -
9. Addressing your long-term goals at the same time?
10. Reward success and make tangible the effects of failure?

Some of the points are standard Agile fare with small or insignificant twists. (How many times have you read: "A successful software project needs to build the right software, build the software right."?) And there are other places where the "Please Rename My Old Waterfall SDLC to Agile" button has been pressed.

But then there are the variances. The authors are pretty consistent throughout the book of detailing the similarities and differences between their approach and other Agile approaches. In a summary paragraph (again in the intro), they write: Compensation Piece: Performance is rewarded and, on the flip side, failure is penalized. Bonuses are paid (or not) every six weeks, not in some vague future annual date. No Reward for Success: Other processes do not reward success. Given that, what is the difference in classic development for the next sprint if everything was or was not delivered? No Risk in Failure: Other processes do not have to share the business' cost with the team when it fails; they just do another sprint and hope for the best again. If Cycle Fails Developers, Lose Money: Developers have a vested interest in delivering, not some vague promise of some future payoff. Other Agile Processes Iterate a Lot but Let the Boxes Fall Where They May: If a sprint fails to meet the objective, what happens? A boss stomps and shouts, everybody feels bad, and then they do the same thing all again. Other Agile Processes Do Not Align with Business: Sure there may be an on-site customer, but there is nothing to enforce exposure of what is being developed outside of the development group. With the Six Week Solution, the work done is what you really need done.

Some form of Agile software development may become (if it has not already) the standard method of software development in the future. But there is little question that the aggressive merging of the goals of the company and goals of the software teams has to happen. Too often software divisions do their own thing, pursuing targets that meet their requirements but are not aligned with those of the company as a whole.

This book details one method of bringing the aims of the Business and software development together. It is a different approach to Agile: disciplined release schedules, fully integrated automatic testing processes, specific monetary incentives, particular physical layouts. Many of these ideas are interesting to read about. And the authors have clearly lived these ideas.

This book is not for everyone – Agile purists will hate it, IMHO – but the audience for this book is people (tech and non-tech) who think about and explore the various ways to get software written. Thirty-five years after Brooks, we still don't have the answer. This book is a different take on the problem. But the rigor, unique approaches, detailed implementation techniques, practical (not theoretical) suggestions, real-world stories from the front lines of software development and internal cohesiveness – all of these suggest that the Six Week Solution book deserves a look for any organization considering implementing agile practices.

You can purchase Agile Development & Business Goals: The Six Week Solution from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ralphart writes "The Northern Virginia datacenter for Amazon Web Services appears to be having a major outage that affects EC2 services. The Amazon Forums are full of reports of problems. Latest update from the status page: 2:49 AM PDT We are continuing to see connectivity errors impacting EC2 instances, increased latencies impacting EBS volumes in multiple availability zones in the US-EAST-1 region, and increased error rates affecting EBS CreateVolume API calls. We are also experiencing delayed launches for EBS backed EC2 instances in affected availability zones in the US-EAST-1 region. We continue to work towards resolution."

jm2dev writes "The title is self descriptive, you will learn what a REST architecture is, the concepts behind it, advantages and constraints, and how to implement web services in a RESTful way serving and consuming content using the Java programming language, as command line applications, desktop graphical client, run by an application server or even as standalone applications. Almost everything you need to know to start working with web services in Java the REST way is covered by this book." Read on for the rest of Jose's review. RESTful Java Web Services author Jose Sandoval pages 258 publisher Packt Publishing rating 9/10 reviewer Jose Miguel Martinez Carrasco ISBN 978-1-847196-46-0 summary Learn the concepts and ideas behind REST web services and implement working solutions using different popular frameworks. No previous knowledge about REST is required, as the author presents a good introduction to Representational State Transfer; although the reader is supposed to understand the Java language syntax as you can expect because of the title. Any further familiarities are not needed, because to use the code samples only the Java Development Kit is required, so you can try it and play with it on any computer with a java SDK, like OpenJDK 6, installed and configured, with your favorite plain text editor or with a fully featured modern IDE. .

The book starts with an introduction to the REST software architectural style. The concepts behind REST, their main components, constraints and ideas that made a software system RESTful. The details of the HTTP requests and responses interchanged by clients and servers are explained. And the role that REST services play in Service Oriented Architectures is discussed.

Next, several clients to consume web services using the Twitter messaging API are explained and the simplicity to consume REST web services will encourage readers to experiment with other REST web services available in Internet.

The ability to retrieve information from more than one web service is a nice feature practically implemented as a simple mashup in the third chapter. A web page displays the results obtained by requests to Google, Yahoo, Twitter and TextWise's SemanticHacker REST web services.

Now that the way to consume information provided by REST web services has been explained, it's time to start thinking about the other part of the equation: considerations to design a REST web service are introduced, discussed, and a simple microblogging solution is developed and used during the next chapters. From my point of view this part is very useful, as the author has done a good job providing a reusable solution, and remarking how important is in modern software development to provide a smart design that can fit different scenarios with minimum modifications.

Readers will be able to implement a single desktop client, to perform those actions, and although this approach looks like has lost popularity among developers, this section will be useful for those developers that are in the need to create a desktop client instead of a web based one.

Clients need servers to consume information from, and the next chapters describe popular frameworks like Restlet (both versions 1.1 and 2.0), Sun's Jersey (now Oracle's) and JBoss' Resteasy, with a clear emphasis on their usage of JAX-RS implementation, and finally Struts 2 with the REST plugin. How the same REST web service can be implemented using any of them is a worthy reminder of the fact that properly modularized software provides a valuable way to reuse existing code. The author tries to be neutral but he highlighted important aspects to consider before choosing any of them like, as the features they provide can fit better different scenarios.

Although a client consuming web services have been implementing as a desktop client and as a web based client using servlets and JSP pages, the introduced frameworks provide a simpler way to implement clients, which is very handful because they are needed to test our web services work as we expect. Regarding this aspect, developed in chapter nine, I miss a chapter talking about REST web services testing that can be used in continuous integration environment to automate our tests.

Finally, additional topics are treated like authentication and security, which aren't essential to get the basic functionality, but are needed frequently in real world applications and here you will find a nice introduction to those topics.

I found this book very well structured, starting with an introduction to REST concepts and architecture, its advantages and constraints, and a comparison against other alternatives. Complexity is managed terrifically, as readers see their questions answered with working solutions, that can be easily tested in a computer with a working java development environment. Starting with how to query popular web services with a browser, and later on implementing our first and simple clients and servers with widely used open source frameworks.

From my point of view, Java developers with no experience in REST architectures will find this book specially useful, despite your experience the book provides a good explanation of well designed architectures and how important they are to achieve a working, elegant and easy to maintain solution, and this aspect is exposed with working and useful implementations.

Packt Publishing books are characterized by a well formatted text with easy to understand language and at the same time being precise. It is these facts that make even this technical book a pleasurable reading experience.

The code provided through out all the book are easy to understand and implement. Here the author made a good work explaining the key concepts and how they are translated into code. Furthermore, in order to be practical, the needed Java libraries are provided, almost eliminating the chance to incur in compilation errors. Of course, a working implementation can be downloaded for those of the reader who prefer not to type more than the essential.

Jose Miguel is a java software developer and open source enthusiast based in London. @jm2dev

You can purchase RESTful Java Web Services from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

RickJWagner writes "Once upon a time, I thought communication was one of my strong suits. Alas, a few years into my programming career I realized I'm more of the head-down codeslinging type, not one of the schmoozing managerial types. So when I have a point to make, I really like to have my data ready to do the talking for me. In that capacity, this book is a very good weapon to have in my arsenal." Read on for the rest of Rick's review. R Graphs Cookbook author Hrishi Mittal pages 272 publisher Packt Publishing rating 8/10 reviewer RickJWagner ISBN 1849513066 summary An invaluable reference book for expert R users Right away, you should realize this is not a book that teaches R. R (an excellent open source statistical language) is a great tool for any technician. I've used it to analyze logs, find performance bottlenecks, and make sense of mountains of nearly unrecognizable data. But this book doesn't teach R, it teaches R graphing.

It turns out R has excellent graphing capabilities. You can draw scatter plots, line plots, pie graphs, bar charts, histograms, box and whisker plots, heat maps, contour maps and 'regular' maps. These are all good for demonstrating data in different ways, and the book lightly explains which graph will help you illustrate which point.

If you're getting a little interested, you'll also want to know that all this graphing can be scripted and scheduled. So you can get data-driven reports on a schedule, easily accomplished once you know how to write the graphing scripts (which are then scheduled using cron or a similar facility). One small caveat: To prepare your data for presentation, I think it's usually necessary to partner R with another language that's better for text extracting and manipulation. I prefer Python for this task, you might like another language.

The book is exceptionally easy to read and work with. This doesn't mean it's simplistic, though. Anyone who's tangled with R's graphing without a good example will testify that figuring out the various functions and arguments necessary to wrangle a descriptive graph can be really difficult. This book gives you the kind of graphs you need, with the bells and whistles you're going to want, in a series of snippets you can run immediately.

The book is written in Packt's "Recipe" format. In a nutshell, this means that it's a series of how-to sections worded in a templated form. There are headings for sections that inform you what you're going to accomplish, how it's done, and why it worked. You quickly realize it's a repetitive format, but it serves to make the book an excellent resource for quick reference.

Another really nice feature of the book is the downloadable source code and matching data. Knowing the data is half the battle, really. The specific formulas given are certainly useful, but without knowing how the underlying data is formatted you really wouldn't get nearly the practical value. For that reason, I urge anyone using this book to be sure they examine the underlying data for at least the first few formulas. After that, it'll be automatic, you'll know you want to look at that data when you're trying to master some graph type. Then when you go to make your own data ready for graphing, you reach for that secondary language like Python, extract the fields you want in a way similar to your example data set, and presto-- you've got the graph you want.

The book starts out with a first chapter that introduces the kinds of graphs you'll be able to produce and situations where each type is most useful. The next chapters, up until the final one, are in-depth sections on each of the graph types. Maps are treated to a different chapter than pie graphs, for instance. The final chapter covers putting final touches on your graphs, including saving them in different formats (PDF, PNG, JPEG, etc.) and niceties like adding scientific notations, mathematical symbols, etc.

The book states that the target audience is experienced R programmers. I really don't think that's necessary, though. There is an obligatory R installation section, and I think that a reasonably competent programmer with Google at his disposal could get off the ground (for graphing purposes) with this book and a little bumbling. If you already know R, then you needn't worry at all, there is nothing here that will look foreign to you.

If I could change one thing about the book, I'd want a comprehensive index of all the functions and arguments that augment the basic core functions that produce the example graphs. These functions and arguments tweak the basic function in ways that make them much more appealing than what the basic function alone can provide. But the book isn't able to show each and every combination with each graphing function, so it's up to the reader to figure out how to pick some of the options from one recipe and apply it to another. It's not difficult to do, but having an index to help you find the options you want would make this process easier.

You can purchase R Graphs Cookbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

vellorean writes "I have been reading Linux Shell Scripting Cookbook by Sarath Lakshman, published by Packt, for a while. While most people I know learn shell scripts themselves, I was looking to refresh my concepts a little as well as have a reference lying around on the table for fast access." Read below for the rest of vellorean's review. Linux Shell Scripting Cookbook author Sarath Lakshman pages 360 publisher Packt Publishing rating 9 reviewer Kumar Appaiah ISBN 1849513767 summary A book for beginners and intermediates, which introduces shell scripting and proceeds to provide several practical real-world recipes of useful shell scripts First of all, let me remark by saying that shell scripting is something learned more on a need basis than as a tool to solve the main problem. People would seldom write shell scripts as standalone programs (exceptions exist). However, what makes shell scripting invaluable to know is the fact that knowing some tricks can save several minutes, or hours, of work by automating and simplifying certain tasks, generally (but not restricted to) file management and data processing. Linux Shell Scripting Cookbook does go quite far in pursuing this goal, and is appropriate for both beginners who are looking to gain dexterity in shell scripting, as well as intermediate users who wish to polish their skills. The book also can double up as a quick reference, though I would argue that the "Advanced Bash Scripting Guide" would suit that more.

At the outset, the author clarifies that the focus will be on Bash. This, people may or may not like, but the fact that bash has become ubiquitous in terms of the available shells on Unix-like systems today, starting out with bash is not a bad thing to do. Besides, learning other shell scripting languages while knowing bash isn't too hard, since the paradigm remains the same.

The book is organized into chapters based more on utility than scripting concepts themselves, although the language aspects are brought onto the reader gradually. For instance, the examples in the first chapter focus more on the basic data elements (variables, arrays, functions etc.) as well as operators (for numbers, files etc.), and all the examples demonstrate simple usage of these concepts, and he further chapters build upon these in a gradual manner.

At the same time, if he reader has some familiarity with shell scripting and needs to only refresh or learn a certain concept, he/she needs to just read the relevant chapter. It is not too difficult to grasp the examples of the later chapters, provided some basic shell knowledge is assumed.

A positive trait in the presentation of this book is that it is all based on practical everyday examples which, with minor adaptation, can be used by many for their own daily tasks. For instance, there are several examples which describe searching for and processing files, which, I'd imagine, many users would want to do on a regular basis. Thus, providing realistic examples allows the book to double its utility. The language and approach used is simple and conversational, and the presentation is very clear, with each idea being described as a problem statement followed by a "How to do it" section with the actual code, and ending with a discussion of the nitty-gritties of the code. It is easy to go for a quick scan for those in a hurry, while those who with to read in more detail will not be disappointed either.

The book also covers a wide array of applications. For instance, there are examples on automating fetching web pages and processing them, demonstrations of parsing and simplifying and even some queries around databases wrapped around in shell. It also spans to utilities and tasks connected to statistics, backups, compression, version control and many more.

The book goes into a fair amount of detail in terms of describing the shell scripting concept under consideration. The examples used go into a fair amount of detail in order to describe to the user all the aspects involved in the method or command being used. The concepts described are fairly complete, and would be sufficient for the reader to use immediately or with just a little bit of fine tuning. In terms of breadth, the book covers most of the features of shell scripting while also describing the various facilities the shell provides access to in a Unix-like environment. Thus, the book does not disappoint in this front either.

In summary, probably the only thing I'd have liked to see more of is some emphasis on how to write more efficient shell scripts. Granted, most of the shell scripts described in the book are very simple and succinct, but a some words on how loops can be made better, or how to spot situations where pipes are not needed to solve a problem etc. might have been a nice addition. Some explanation of differences with dash, tcsh, zsh etc. might also have been nice, since a lot of users have different default shells. But all this isn't going to prevent me from giving this book a high rating, since it delivers quite well on the promises it makes at the beginning.

This is definitely a good book to have near your desk, and kudos to the author for having taken the effort to put it together. I would highly recommend it to the beginner and occasional shell user for a thorough read, and to an intermediate to have on his/her desk for borrowing the cool scripting ideas and applications the author has written in this book.

You can purchase Linux Shell Scripting Cookbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Frequent contributor Bennett Haselton is back with an article about how sites with huge amounts of user-generated content struggle to deal with abuse complaints, and could benefit from a crowd-sourced policing system similar to Slashdot's meta-moderation. He writes "In The Net Delusion, Evgeny Morozov cites examples of online mobs that filed phony abuse complaints in order to shut down pro-democracy Facebook groups and YouTube videos criticizing the Saudi royal family. I've got an idea for an algorithm that would help solve the problem, and I'm offering $100 (or a donation to a charity of your choice) for the best suggested improvement, or alternative, or criticism of the idea proposed in this article." Hit the link below to read the rest of his thoughts.

Before you get bored and click away: I'm proposing an algorithm for Facebook (and similar sites) to use to review "abuse reports" in a scalable and efficient manner, and I'm offering a total of $100 (or more) to the reader (or to some charity designated by them) who proposes the best improvement(s) or alternative(s) to the algorithm. We now proceed with your standard boilerplate introductory paragraph.

In his new book The Net Delusion: The Dark Side of Internet Freedom, Evgeny Morozov cites examples of Facebook users organizing campaigns to shut down particular groups or user account by filing phony complaints against them. One Hong-Kong-based Facebook group with over 80,000 members, formed to oppose the pro-Beijing Democratic Alliance for the Betterment and Progress of Hong-Kong, was shut down by opponents flagging the group as "abusive" on Facebook. In another incident, the Moroccan activist Kacem El Ghazzali found his Facebook group Youth for the Separation between Religion and Education deleted without explanation, and when he e-mailed Facebook to ask why, his personal Facebook profile got canned as well. Only after an international outcry did Facebook restore the group (but, oddly, not El Ghazzali's personal Facebook account), but they refused to explain the original removal; the most likely cause was a torrent of phony "complaints" from opponents. In both cases it seemed clear that the groups did not actually violate Facebook's Terms of Service, but the number of complaints presumably convinced either a software algorithm or an overworked human reviewer that something must have been inappropriate, and the forums were shut down. The Net Delusion also describes a group of conservative Saudi citizens calling themselves "Saudi Flagger" that coordinates filing en masse complaints against YouTube videos which criticize Islam or the Saudi royal family.

A large number of abuse reports against a single Facebook group or YouTube video probably has a good chance of triggering a takedown; with 2,000 employees managing 500 million users, Facebook surely doesn't have time to review every abuse report properly. About once a month I still get an email from Facebook with the subject "Facebook Warning" saying:

You have been sending harassing messages to other users. This is a violation of Facebook's Terms of Use. Among other things, messages that are hateful, threatening, or obscene are not allowed. Continued misuse of Facebook's features could result in your account being disabled.

I still have no idea what is triggering the "warnings"; the meanest thing I usually say on Facebook is to people who write to me asking for tech support (usually with the proxy sites to get on Facebook at school), when they say "It gives me an error", and I write back, "TELL ME THE ACTUAL ERROR MESSAGE THAT IT GIVES YOU!!" (Typical reply: "It gave me an error that it can't do it." If you work in tech support, I feel your pain.) I suspect the "abuse reports" are probably coming from parents who hack into their teenagers' accounts, see their teens corresponding with me about how to get on Facebook or YouTube at school, and decide to file an "abuse report" against my account just for the hell of it. If Facebook makes it that easy for a lone gunman to cause trouble with fake complaints, imagine how much trouble you can make with a well-coordinated mob.

But I think an algorithm could be implemented that would enable users to police for genuinely abusive content, without allowing hordes of vigilantes to get content removed that they simply don't like. Taking Facebook as an example, a simple change in the crowdsourcing algorithm could solve the whole problem: use the votes of users who are randomly selected by Facebook, rather than users who self-select by filing the abuse reports. This is similar to an algorithm I'd suggested for stopping vigilante campaigns from "burying" legitimate content on Digg (and indeed, stopping illegitimate self-promotion on Digg at the same time), and as an general algorithm for preventing good ideas from being lost in the glut of competing online content. But if phone "abuse reports" are also being used to squelch free speech in countries like China and Saudi Arabia, then the moral case for solving the problem is all that more compelling.

Here's how the algorithm would work: Facebook can ask some random fraction of their users, "Would you like to be a volunteer reviewer of abuse reports?" (Would you sign up? Come on. Wouldn't you be a little bit curious what sort of interesting stuff would be brought to your attention?) Wait until they've built up a roster of reviewers (say, 20,000). Then suppose Facebook receives an abuse report (or several abuse reports, whatever their threshold is) about a particular Facebook group. Facebook can then randomly select some subset of its volunteer reviewers, say, 100 of them. This is tiny as a proportion of the total number of reviewers (with a "jury" size of 100 and a "jury pool" of 20,000, a given reviewer has only a 1 in 200 chance of being called for "jury duty" for any particular complaint), but still large enough that the results are statistically significant. Tell them, "This is the content that users have been complaining about, and here is the reason that they say it violates our terms of service. Are these legitimate complaints, or not?" If the number of "Yes" votes exceeds some threshold, then the group gets shuttered.

It's much harder to cheat in this system, than in an "abuse report" system in which users simply band together and file phony abuse reports against a group until it gets taken down. If the 200 members of "Saudi Flagger" signed up as volunteer reviewers, then they would comprise only 1% of a jury pool of 20,000 users, and on average would only get one vote on a jury of 100. You'd have to organize such a large mob that your numbers would comprise a significant portion of the 20,000 volunteer reviewers, so that you would have a significant voting bloc in a given jury pool. (And my guess is that Facebook would have a lot more than 20,000 curious volunteers signed up as reviewers.) On the other hand, if someone creates a group with actual hateful content or built around a campaign of illegal harrassment, and the abuse reports start coming in until a jury vote is triggered, then a randomly selected jury of reviewers would probably cast enough "Yes" votes to validate the abuse reports.

Jurors could in fact be given three voting choices:

• "This group really is abusive" (i.e. the abuse reports were legitimate), or;
• "This group does not technically violate the Terms of Service, but the users who filed abuse reports were probably making an honest mistake" (perhaps a common choice for groups that support controversial causes, or that publish information about semi-private individuals); or
• "This group does not violate the TOS, and the abuse reports were bogus to begin with" (i.e. almost no reasonable person could have believed that the group really did violate the TOS, and the abuse reports were probably part of an organized campaign to get the group removed).

This strongly discourages users from organizing mob efforts against legitimate groups; if most of the jury ends up voting for the third choice, "This is an obviously legitimate group and the complaints were just an organized vigilante campaign", then the users who filed the complaints could have their own accounts penalized.

What I like about this algorithm is that the sizes and thresholds can be tweaked according to what you discover about the habits of the Facebook content reviewers. Suppose most volunteer reviewers turn out to be deadbeats who don't respond to "jury duty" when they're actually called upon to vote in an abuse report case. Fine — just increase the size of the jury, until the average number of users in a randomly convened jury who do respond, is large enough to be statistically significant. Or, suppose it turns out that people who sign up to review content to be deleted, are a more prudish bunch than average, and their votes tend to skew towards "delete it now!" in a way that is not representative of the general Facebook community. Fine — just raise the threshold for the percentage of "Yes" votes required to get content deleted. All that's required for the algorithm to work, is that content which clearly does violate the Terms of Service, gets more "Yes" votes on average than content that doesn't. Then make the jury size large enough that the voting results are statistically significant, so you can tell which side of the threshold you're on.

Another beneficial feature of the algorithm is that it's scaleable — there's no bottleneck of overworked reviewers at Facebook headquarters who have to review every decision. (They should probably review a random subset of the decisions to make sure the "juries" are getting what seems to be the right answer, but they don't have to check every one.) If Facebook doubles in size — and the amount of "abusive content" and the number of abuse reports doubles along with it — then as long as the pool of volunteers reviewers also doubles, each reviewer has no greater workload than they had before. But the workload of the abuse department at Facebook doesn't double.

Now, this algorithm ducks the question of how to handle "borderline" content. If a student creates a Facebook group called "MR. LANGAN IS A BUTT BRAIN," is that "harassment" or not? I would say no, but I'm not confident that a randomly selected pool of reviewers would agree. However, the point of this algorithm is to make sure that if content is posted on Facebook that almost nobody would reasonably agree is a violation of their Terms of Service, then a group of vigilantes can't get it removed by filing a torrent of abuse reports.

Also, this proposal can't do much about Facebook's Terms of Service being prudish to begin with. A Frenchman recently had his account suspended because he used a 19th-century oil painting of an artistic nude as his profile picture. Well, Facebook's TOS prohibits nudity -- not just sexual nudity, but all nudity, period. Even under my proposed algorithm, jurors would presumably have to be honest and vote that the painting did in fact violate Facebook's TOS, unless or until Facebook changes the rules. (For that matter, maybe this wasn't a case of prudishness anyway. I mean, we know it's "artistic" because it's more than 100 years old and it was painted in oils, right? Yeah, well check out the painting that the guy used as his profile picture. It presumably didn't help that the painting is so good that the Facebook censors probably thought it was a photograph.)

But notwithstanding these problems, this algorithm was the best trade-off I could come up with in terms of scalability and fairness. So here's the contest: Send me your best alternative, or best suggested improvement, or best fatal flaw in this proposal (even if you don't come up with something better, the discovery of a fatal flaw is still valuable) for a chance to win (a portion of) the $100 -- or, you can designate a charity to be the recipient of your winnings. Send your ideas to bennett at peacefire dot org and put "reporting" in the subject line. I reserve the right to split the prize between multiple winners, or to pay out more than the original $100 (or give winners the right to designate charitable donations totalling more than $100) if enough good points come in (or to pay out less than $100 if there's a real dearth of valid points, but there are enough brainiacs reading this that I think that's unlikely). In order for the contest not to detract from the discussion taking place in the comment threads, if more than one reader submits essentially the same idea, I'll give the credit to the first submitter -- so as you're sending me your idea, you can feel free to share it in the comment threads as well without worrying about someone re-submitting it and stealing a portion of your winnings. (If your submission is, "Bennett, your articles would be much shorter if you just state your conclusion, instead of also including a supporting argument and addressing possible objections", feel free to submit that just in the comment threads.)

In The Net Delusion, Morozov concludes his section on phony abuse reports by saying, "Good judgment, as it turns out, cannot be crowdsourced, if only because special interests always steer the process to suit their own objectives." I think he's right about the problems, but I disagree that they're unsolvable. I think my algorithm does in fact prevent "special interests" from "steering the process", but I'll pay to be convinced that I'm wrong. Today I'm just choosing the "winners" of the contest myself; maybe someday I'll crowdsource the decision by letting a randomly selected subset of users vote on the merits of each proposal... but I'm sure some of you are dying to tell me why that's a bad idea.

Trevor James writes "Piling up on my tech bookshelf are a bunch of excellent titles on the Drupal content management system. Earl & Lynette Miles Drupal's Building Blocks is the book on how to use the CCK, Views and Panels modules. It's part of Addison Wesley's Developer's Library and is the definitive guide to the 'trifecta' of Drupal modules. There's a lot of theory and concepts explained in granular detail here as well as recipe style tutorials — soak it up. It's an excellent resource." Read on for the rest of Trevor's review. Drupal 6 Theming Cookbook author Karthik Kumar pages 384 publisher Packt Publishing rating 9/10 reviewer Trevor James ISBN 1847198686 summary For anyone who is beginning their exploration of Drupal front-end theming and theme design The second book and the subject of this review is Karthik Kumar's engaging Drupal 6 Theming Cookbook, recently published by Packt Publishing, the prolific open source publisher. It's a richly detailed hands-on guide to theming Drupal 6 Web sites. I recommend this book for anyone who is beginning their exploration of Drupal front-end theming and theme design. Though the book is focused on Drupal 6, the application and concepts of theming can be applied to Drupal 7. Where Miles' book is focused on each and every detail of the trifecta modules, Kumar's book takes a streamlined approach to teaching Drupal theming, using hands-on exercises. This will appeal to those who like to learn-by-doing.

First, a brief explanation of what Drupal is: simply put, Drupal is a popular open source CMS used by thousands of small & large scale businesses, non-profits, education & academic institutions, and federal government agencies. Drupal has seen a rise in popularity and interest lately due to its brand new version release (Drupal 7) and the successful and well attended DrupalCon 2011 Chicago. The Drupal community is already planning the next release, Drupal 8. There's lots of Drupal going on.

Kumar's book is geared towards Drupal 6 users who want to learn how Drupal themes are built; Drupal Web site managers and webmasters who want to customize their Drupal themes; and Drupal developers who are looking to bring their front-end development to the next level. Through easy-to-follow "recipe" style tutorials, the book teaches you how to implement basic, intermediate and advanced Drupal theming concepts, solutions and functionality. You learn how to tweak contributed Drupal starter themes as well as how to roll your own custom Drupal themes.

Drupal 6 Theming Cookbook expands the existing documentation on Drupal theming that's already provided both on drupal.org (Drupal 6 & 7 Theming Guides) and in other recent Drupal publications including Pro Drupal Development and Front End Drupal. Where those titles are exhaustive studies of front and back-end Drupal development, this book focuses purely on front-end theming and presents this in one comprehensive volume of examples and demos. Bear in mind that the book is focused on Drupal 6, however many of the concepts outlined in the book will be similar for Drupal 7 and can easily be applied to the latest Drupal version.

Each section presents sections of clear instructions divided by headers. These model headers flow through the entire book: Getting ready, How to do it, and How it works. Sections present bulleted list of instructions so you can easily follow along step-by-step. Screenshots are clear and the text flows smoothly. The click-able buttons and links in the Drupal administration screens that the author refers to are highlighted in bold to denote an action the reader needs to take.

The book starts out covering the basics of the Drupal theme system and shows us how to manipulate and configure Drupal themes via the internal Drupal site administration screens. Installing themes, uploading logos, favicons, adding slogans, user and administration enabled themes, and block content. New Drupal users will benefit from the overview of the Drupal admin screens and concepts like adding blocks to regions of a theme, and displaying blocks on specific pages of your site. For intermediate users, there are examples of adding PHP code into blocks to allow for specific functionality.

The author continues building up from theming basics. The author explains the anatomy of a Drupal theme explaining what page.tpl and theme.info files are and why they are important for themers. You get practice overriding a core Drupal theme by creating a sub-theme based on the core. This is a great method of introducing theming since you get writing some basic code but can easily leverage much of the theme code in a core Drupal theme such as Garland or Minnelli.

Recipes start showing more theme code and covers essential theming concepts like CSS optimization — this is timely considering that IE browser versions still only support a maximum number of style sheets, so when you theme and implement your CSS in Drupal 6 Web sites you'll need to take this into consideration.

As a bonus you learn how to write a custom Drupal module to hold theme overrides, so you're getting a good foundation and intro to Drupal module development in this book as well. The author shows us how to add a CSS file via the custom module using the drupal_add_css() function. This is a great way to introduce Drupal users to the Drupal API.

The author turns attention to building a custom theme using the Zen contributed theme as your starting point. The Zen theme bills itself as the "ultimate starter theme" for Drupal 6 sites. The author shows us how to configure a custom theme using the Zen starter theme code. Zen is actively maintained and in development for Drupal 6 (by members of Palantir and Lullabot) and there is a development version for Drupal 7. This theme is still a valid and recommended starting point for beginning, intermediate and advanced Drupal themers. Kumar covers using the Zen theme as a starter theme to build our own custom theme; adding background images via CSS; Adding conditional style sheets for IE; how to remove base theme configuration settings from the theme-settings.php file.

Chapter 4 starts getting into more intermediate and advanced level theming by showing us how to create custom template files. In this chapter you learn how to use and implement page.tpl.php; customize node types using template files, for example creating a node-story.tpl; overriding a specific node; using the Devel and Theme Developer modules; and overriding themes using Theme Developer module.

There are many details in here including using the theme developer module to view all template variables and candidate template names available to you. Specific recipes include:

• Overriding the Drupal user name with the user's real name either using custom code or via a the contributed module RealName.
• Changing the core site maintenance theme and override maintenance template so your site maintenance page uses your custom theme instead of the drupal default

The author covers best practices for development and debugging. The author shows us a large list of theming tips and tricks including:

• Using Firebug & Web Developer Extension
• Searching for Drupal functions via the Drupal API
• Executing PHP code with Devel module
• Adding debugging code in a custom module including dpm and dsm
• Editing CSS and HTML and validating CSS using Web Developer extension

The second half of the book (Chapters 6-12) covers advanced theming. Recipes include:

• Adding variables to node templates
• Adding preprocess function to remove search box and feed icons on the front page of the site
• Adding a preprocess function to template.php that hides all the theme regions; page title and the submission info on the front page of the site
• Using functions like format_interval to format the date and time on the site

The author shows how to use javascript with themes; and gives us recipes on manipulating the Drupal navigation system.

Since Drupal is largely built with forms and displays forms widely throughout it's administration screens, the recipes devoted to form design and theming are a wealth of info for themers. The author scopes out:

• The form API and how to use it
• Altering forms; locating form ID and using hook_form_alter()
• Modifying the default body element in node forms
• Disabling the javascript resizing of the body text box and using hook_form_alter to add specific # of rows and columns for the box
• Enabling and configuring the WYSIWYG module
• Reordering fields and form elements — for example moving the tag categories and the menu items below the body text area
• Overriding the node form Save and Preview buttons with an image icon vs. the default Drupal submit button.

The book covers CCK module related functionality. There's lots of information on image handling; the ImageCache module and integrating Lightbox modal windows here.

Detailed recipes on theming the trifecta modules are included, specifically dealing with Views theming and creating custom View template files and overriding the table style plugin using templates. The Views module is presented in detail — how to configure Views and display output using various Views plugin styles. Anyone using the Views module for the first time will get a lot out of these later sections.

The book concludes with a look at theming the trifecta modules, covering Panels module theming and overrides in depth.

With these concluding chapters on the CCK, Views and Panels modules, Kumar's book provides a perfect twin to the Miles' Building Blocks title. Both will help to teach Drupal theming and module configuration to a new generation of Drupal users, themers and developers.

Trevor James is a Drupal developer & themer based in Middletown, MD, USA. He has authored two books on Drupal."

You can purchase Drupal 6 Theming Cookbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

awyeah writes "Amazon will soon be offering a discounted, ad-supported Wi-Fi Kindle called 'Kindle with Special Offers.' The price will be $114, a $25 discount from the $139 wifi-only device. Note that the advertisements will not appear during reading, only on the screen saver and home page. Will that be enough of a discount to get readers to purchase an ad-supported device?"

brothke writes "When I initially read 15 Minutes Including Q&A: A Plan to Save the World From Lousy Presentations, I enjoyed it and thought it was a good book. It was only a few days later, sitting through yet another tedious vendor briefing, when I reread it and truly appreciated how awesome a book it really is." Read on to see what Ben has to say about this book. 15 Minutes Including Q and A: A Plan to Save the World From Lousy Presentation author Joey Asher pages 112 publisher Persuasive Speaker Press rating 10/10 reviewer Ben Rothke ISBN 0978577620 summary Great book on how to make your presentation heard Author Joey Asher's premise is quite simple and intuitive: if you as a salesperson (or anyone trying to get a message across) can't state your case simply and succinctly, no one is going to get it or care. He notes that a major problem is that far too many salespeople and speakers waste their time on areas they think is important; but not on what the attendee wants to hear.

Asher notes that every day, businesspeople bore listeners with presentations that ramble on, make no clear points and fail to address the attendee 's key concerns. His book lays out a plan for eliminating lousy presentations.

The introduction asks the basic question, why do most presentations stink? The answer Asher gives is that they ramble on, fail to make any points, try to say so many things that they become unwieldy PowerPoint death stars with no impact and ignore key audience concerns.

Asher's answer to the problem is this: keep the presentation short; leave ample time for Q&A and work to get a compelling dialogue and interaction with the attendees. That is the premise of the first two chapters.

The book is divided into 3 sections. Part 1 is about preparing a seven-minute rifle shot presentation. In essence, tell your entire story in about seven minutes. While counter-intuitive at first; the book shows how this can be achieved.

The focus of chapter 3 is to start by focusing on key business challenge. Asher warns against starting a presentation by giving a bunch of background information about the approach. In addition, don't tell the history of the project or do anything other than shine a light on the attendee 's key problems. He suggests using short stories to succinctly illustrate the issue. Just think of how many presentations you have been in where the speaker did not get to the point until 25 minutes and 20 slides into the presentation.

Chapter 11 is titled creating slides to support your message. The book astutely notes that preparing presentations has to a large part become an exercise in preparing PowerPoint slides. The reality is that it should be an exercise in figuring out how to tell your story. Asher notes that if you want to use slides well, you should only prepare your slides after you have figured out the story that you plan to tell your audience. The failure of many presentations is that the PowerPoint drives the story and not the other way around.

Part 2 is about allowing listeners to fill in the blanks and raise questions with Q&A.Asher suggests in chapter 12 to make Q&A a major part of your presentation strategy. He notes that Q&A allows the audience to guide the message and fill in missing information. It also gives the speaker the chance to persuade by responding to objections. And finally, it improves the speaker's communications style.

While he may not realize it, Asher has uncovered what is the Achilles heel of many project problems and failures. It is that the salesperson sells an obtuse problem to a clueless customer who is oblivious to what they want or how they are going to deploy the solution.

The beauty of Q&A is twofold: first, it requires the salesperson to clearly articulate what they are selling, and the customer to articulate what their specific problems are. The answer should be a clear understanding of the issue and how the product can solve it. But the reality is that many companies will deploy expensive hardware or software solutions (often costing millions of dollars) without really understanding why they are embarking on such a venture.

The book concludes with part 3, on delivering the presentation with intensity. Part 3 moves away from the PowerPoint and into areas such as eye contact, voice energy, rehearsal and other important points. These are critical areas as even the best presentation delivered without intensity can turn into a fruitless endeavor.

While the title 15 Minutes Including Q&A: A Plan to Save the World From Lousy Presentations may border on hyperbole, the reality is that the term death by PowerPoint is a real problem. The book shows a clear path in which to stop that. At 104 pages, Asher writes like he talks, clearly, succinctly and to the point. For many people, it is only after reading this important book when they will truly understand how much of their lives are wasted in by viewing pathetic PowerPoint's and listening to rambling sales monologues.

The truth is that Asher's points don't have to be limited to PowerPoint presentations exclusively. Be it e-mail messages, memos, status reports, proposals and more; if you can get to the point, and get your point across, you are often more likely to succeed.

At $7.95, the book is about as inexpensive as they get, which means you can also give ample copies to numerous people in your organization. In fact, it should be required reading to anyone who will be using PowerPoint and giving presentations.

Ultimately, the value of 15 Minutes Including Q&A: A Plan to Save the World From Lousy Presentations is best summed up by Scott Leslie who suggests that one keep extra copies of this book in their briefcase at all times. Next time you re forced to listen to someone laboriously narrate bullet points, quietly slip a copy in the presenters briefcase without them noticing and sign it: "Thought you might enjoy reading this. That way, maybe your audience will enjoy your next presentation. "

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase 15 Minutes Including Q&A: A Plan to Save the World From Lousy Presentations from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

asgard4 writes "Decades in the making, Donald Knuth presents the latest few chapters in his by now classic book series The Art of Computer Programming. The computer science pioneer's latest book on combinatorial algorithms is just the first in an as-of-yet unknown number of parts to follow. While these yet-to-be-released parts will discuss other combinatorial algorithms, such as graph and network algorithms, the focus of this book titled Volume 4A Combinatorial Algorithms Part 1 is solely on combinatorial search and pattern generation algorithms. Much like the other books in the series, this latest piece is undoubtedly an instant classic, not to be missing in any serious computer science library or book collection." Keep reading for the rest of asgard4's review. The Art of Computer Programming. Volume 4A: Combinatorial Algorithms Part 1 author Donald E. Knuth pages 883 publisher Addison-Wesley Publishing rating 9/10 reviewer asgard4 ISBN 0-201-03804-8 summary Knuth's latest masterpiece. Almost all there is to know about combinatorial search algorithms. The book is organized into four major parts, an introduction, a chapter on Boolean algebra, a chapter on algorithms to generate all possibilities (the main focus of the book), and finally 300 pages of answers to the many exercises at the end of every section in the book. These exercises and answers make this work an excellent companion for teachers of a university course.

The book begins with some introductory examples of combinatorial searching and then gives various definitions of graphs and directed acyclic graphs (DAGs) since a lot of combinatorial algorithms conveniently use graphs as the data structures they operate on. Knuth's writing style is terse and to the point, especially when he presents definitions and proofs. However, the text is sprinkled with toy problems and puzzles that keep it interesting.

After the introduction, the first chapter of the book (out of only two) is titled "Zeros and Ones" and discusses Boolean algebra. Most readers that have studied computer science in some form should be intimately familiar with most of the discussed basics, such as disjunctive normal forms and Boolean functions and their evaluation. The reader might be surprised to find a discussion of such an elemental foundation of computer science in a book on combinatorial algorithms. The reason is that storage efficiency is especially important for these types of algorithms and understanding the basic storage unit of computer systems nowadays (as the decimal computer is a definite thing of the past) is of importance.

After covering the basics of Boolean algebra and Boolean functions in quite some detail, Knuth gets to the most fun part of this chapter in my opinion: the section on bitwise tricks and techniques on integer numbers. Being a software engineer in the video games industry, I recognized a lot of the techniques from my day-to-day work, such as bit packing of data and various bit shifting and bit masking tricks. There is also a discussion of some interesting rasterization-like algorithms, such as the shrinking of bitmaps using Levialdi's transformation or filling of regions bounded by simple curves. The chapter concludes with Binary Decision Diagrams that represent an important family of data structures for representing and manipulating Boolean functions. This topic was also quite interesting to me since I have never been exposed to it before.

The second and main chapter of the book is titled "Generating All Possibilities". In this particular volume of the The Art of Computer Programming series, the only subsection of the chapter in this volume is on generating basic combinatorial patterns, or more specifically generating all n-tuples, permutations, combinations, partitions, and trees. We can expect more on this topic from Knuth in his continuation in Volume 4B and beyond.

The discussion on n-tuples starts out with a lengthy focus on Gray codes, which are binary strings of n bits arranged in an order such that only one bit changes from string to string.

A quite fun example for generating all permutations presented in this part of the book is alphametics, also sometimes known as verbal arithmetic — a kind of puzzle where every letter of a word stands for a digit and words are used in equations. The goal is to assign digits to letters in such a way that the equation is correct. A classic example is SEND + MORE = MONEY (the solution is left as an exercise for the reader).

The next section deals with generating all combinations. Given a set of n elements, the number of all possible combinations of distinct subsets containing k elements is the well-known binomial coefficient, typically read as "n choose k". One of the more interesting algorithms in this section of the book to me was generating all feasible ways to fill a rucksack, which can come in quite handy when going camping.

After combinations, Knuth moves on to briefly discuss integer partitions. Integer partitions are ways to split positive integer numbers into sums of positive integers, disregarding order. So, for example 3, 2+1, and 1+1+1 are the three possible partitions of the integer 3. Knuth, in particular, focuses on generating all possible integer partitions and determining how many there are for a given number. The book continues with a concise presentation of the somewhat related topic of set partitions, which refer to ways of subdividing a set of elements into disjoint subsets. Mathematically, a set partition defines an equivalence relation and the disjoint subsets are called equivalence classes; concepts that should be familiar to any mathematics major. Again, the focus is on generating all possible set partitions and determining how many partitions can be generated.

The main part of the book closes with a discussion of how to exhaustively generate all possible trees, which is a topic that I have never given much thought to. I am familiar with generating permutations, combinations, and partitions, but have never really been confronted with generating all possible trees that follow a certain pattern. One main example used throughout this part of the book is generating all possible strings of nested parentheses of a certain length. Such strings can be represented equivalently as binary trees.

Knuth's latest book is comprehensive and almost all encompassing in its scope. It compiles an incredible amount of computer science knowledge on combinatorial searching from past decades into a single volume. As such, it is an important addition to any computer science library. This book is not necessarily an easy read and requires a dedicated reader with the intention of working through it from front to back and a considerable amount of time to fully digest. However, for those with patience, this book contains a lot of interesting puzzles, brain teasers, and almost everything there is to know on generating combinatorial patterns.

On a final note, if you don't have volumes 1-3 yet you can get all volumes in a convenient box set .

Martin Ecker has been involved in real-time graphics programming for more than 10 years and works as a professional video game developer for High Moon Studios http://www.highmoonstudios.com/ in sunny California.

You can purchase The Art of Computer Programming. Volume 4A: Combinatorial Algorithms Part 1 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

asgard4 writes "Decades in the making, Donald Knuth presents the latest few chapters in his by now classic book series The Art of Computer Programming. The computer science pioneer's latest book on combinatorial algorithms is just the first in an as-of-yet unknown number of parts to follow. While these yet-to-be-released parts will discuss other combinatorial algorithms, such as graph and network algorithms, the focus of this book titled Volume 4A Combinatorial Algorithms Part 1 is solely on combinatorial search and pattern generation algorithms. Much like the other books in the series, this latest piece is undoubtedly an instant classic, not to be missing in any serious computer science library or book collection." Keep reading for the rest of asgard4's review. The Art of Computer Programming. Volume 4A: Combinatorial Algorithms Part 1 author Donald E. Knuth pages 883 publisher Addison-Wesley Publishing rating 9/10 reviewer asgard4 ISBN 0-201-03804-8 summary Knuth's latest masterpiece. Almost all there is to know about combinatorial search algorithms. The book is organized into four major parts, an introduction, a chapter on Boolean algebra, a chapter on algorithms to generate all possibilities (the main focus of the book), and finally 300 pages of answers to the many exercises at the end of every section in the book. These exercises and answers make this work an excellent companion for teachers of a university course.

The book begins with some introductory examples of combinatorial searching and then gives various definitions of graphs and directed acyclic graphs (DAGs) since a lot of combinatorial algorithms conveniently use graphs as the data structures they operate on. Knuth's writing style is terse and to the point, especially when he presents definitions and proofs. However, the text is sprinkled with toy problems and puzzles that keep it interesting.

After the introduction, the first chapter of the book (out of only two) is titled "Zeros and Ones" and discusses Boolean algebra. Most readers that have studied computer science in some form should be intimately familiar with most of the discussed basics, such as disjunctive normal forms and Boolean functions and their evaluation. The reader might be surprised to find a discussion of such an elemental foundation of computer science in a book on combinatorial algorithms. The reason is that storage efficiency is especially important for these types of algorithms and understanding the basic storage unit of computer systems nowadays (as the decimal computer is a definite thing of the past) is of importance.

After covering the basics of Boolean algebra and Boolean functions in quite some detail, Knuth gets to the most fun part of this chapter in my opinion: the section on bitwise tricks and techniques on integer numbers. Being a software engineer in the video games industry, I recognized a lot of the techniques from my day-to-day work, such as bit packing of data and various bit shifting and bit masking tricks. There is also a discussion of some interesting rasterization-like algorithms, such as the shrinking of bitmaps using Levialdi's transformation or filling of regions bounded by simple curves. The chapter concludes with Binary Decision Diagrams that represent an important family of data structures for representing and manipulating Boolean functions. This topic was also quite interesting to me since I have never been exposed to it before.

The second and main chapter of the book is titled "Generating All Possibilities". In this particular volume of the The Art of Computer Programming series, the only subsection of the chapter in this volume is on generating basic combinatorial patterns, or more specifically generating all n-tuples, permutations, combinations, partitions, and trees. We can expect more on this topic from Knuth in his continuation in Volume 4B and beyond.

The discussion on n-tuples starts out with a lengthy focus on Gray codes, which are binary strings of n bits arranged in an order such that only one bit changes from string to string.

A quite fun example for generating all permutations presented in this part of the book is alphametics, also sometimes known as verbal arithmetic — a kind of puzzle where every letter of a word stands for a digit and words are used in equations. The goal is to assign digits to letters in such a way that the equation is correct. A classic example is SEND + MORE = MONEY (the solution is left as an exercise for the reader).

The next section deals with generating all combinations. Given a set of n elements, the number of all possible combinations of distinct subsets containing k elements is the well-known binomial coefficient, typically read as "n choose k". One of the more interesting algorithms in this section of the book to me was generating all feasible ways to fill a rucksack, which can come in quite handy when going camping.

After combinations, Knuth moves on to briefly discuss integer partitions. Integer partitions are ways to split positive integer numbers into sums of positive integers, disregarding order. So, for example 3, 2+1, and 1+1+1 are the three possible partitions of the integer 3. Knuth, in particular, focuses on generating all possible integer partitions and determining how many there are for a given number. The book continues with a concise presentation of the somewhat related topic of set partitions, which refer to ways of subdividing a set of elements into disjoint subsets. Mathematically, a set partition defines an equivalence relation and the disjoint subsets are called equivalence classes; concepts that should be familiar to any mathematics major. Again, the focus is on generating all possible set partitions and determining how many partitions can be generated.

The main part of the book closes with a discussion of how to exhaustively generate all possible trees, which is a topic that I have never given much thought to. I am familiar with generating permutations, combinations, and partitions, but have never really been confronted with generating all possible trees that follow a certain pattern. One main example used throughout this part of the book is generating all possible strings of nested parentheses of a certain length. Such strings can be represented equivalently as binary trees.

Knuth's latest book is comprehensive and almost all encompassing in its scope. It compiles an incredible amount of computer science knowledge on combinatorial searching from past decades into a single volume. As such, it is an important addition to any computer science library. This book is not necessarily an easy read and requires a dedicated reader with the intention of working through it from front to back and a considerable amount of time to fully digest. However, for those with patience, this book contains a lot of interesting puzzles, brain teasers, and almost everything there is to know on generating combinatorial patterns.

On a final note, if you don't have volumes 1-3 yet you can get all volumes in a convenient box set .

Martin Ecker has been involved in real-time graphics programming for more than 10 years and works as a professional video game developer for High Moon Studios http://www.highmoonstudios.com/ in sunny California.

You can purchase The Art of Computer Programming. Volume 4A: Combinatorial Algorithms Part 1 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

eldavojohn writes "Test-Driven JavaScript Development by Christian Johansen is a book that thoroughly guides the user through some of the more advanced aspects of the JavaScript language and into Test-Driven Development (TDD). Throughout it, Johansen introduces great methods and utilities like libraries to accomplish all aspects of TDD in JavaScript. The book begins with Johansen demonstrating and teaching the reader some of the more advanced aspects of JavaScript to ensure that the following lessons in TDD are well understood. The best part of the book is in the last half where Johansen builds a chat client and server completely out of JavaScript using TDD right before the readers' eyes." Keep reading for the rest of eldavojohn's review. Test-Driven JavaScript Development author Christian Johansen pages 475 publisher Addison-Wesley Professional rating 9/10 reviewer eldavojohn ISBN 978-0-321-683915 summary An in depth look at Test Driven Development in JavaScript. First off the audience for this book are JavaScript developers interested in TDD. More specifically, I would identify the audience being the poor developers that have slaved over JavaScript for endless hours only to find out that there are 'discrepancies' in how their JavaScript functions in one browser versus another (or even across versions of the same browser). If you've ever came into work one day to learn that the latest version of Internet Explorer or Mozilla Firefox now throws errors from the deep recesses of your code and you have absolutely no idea where to start, then this book may be an item of interest to you. After all, wouldn't it be great to pull up the new browser and simply watch all your tests complete code coverage with glaring red results listing specific problematic locations?

Secondly, I'd like to establish that I'm writing this review with two key assumptions. The first assumption is that JavaScript is not in and of itself evil. You might hate JavaScript (as did I at one time) but it's a very flexible and enjoyable language when you're not battling some crazy 'feature' that a particular JavaScript engine exhibits or some issue with the dreaded Document Object Model (DOM). The second assumption is that TDD is a net positive when done correctly. To some, it may be a hard sell and the author of the book is no blind preacher. TDD has its pitfalls and the book adequately notes these claiming that TDD can actually work against you if used improperly. Feel free to wage wars in the comments debating whether or not the average JavaScript monkey is capable of avoiding pitfalls and learning to write good unit tests — I'm not getting sidetracked in this review on those topics.

This book is divided into four parts. The first part of the book gives you a slight taste of testing right off the bat in chapter one (Automated Testing). Johansen starts by showing a strftime function written in JavaScript and demonstrates briefly the very clumsy standard method of testing the method in a browser. From there he introduces Assertions, Setup, Teardown and Integration Tests. What I particularly enjoyed about this book is that these key components are not forgotten after introducing them, Johansen constantly nods to the reader when duplicate code could be moved to Setup or Teardown.

Chapter two is devoted to 'turning development upside-down.' This chapter analyzes the mentality of writing a test, running the test, watching it fail, making the test pass and then refactoring to remove duplication (if necessary). Johansen stresses and restresses throughout the book that the simplest solution should be added to pass the test. Fight the urge to keep coding when you are sure what comes next and just make sure you have unit tests for that new code. The third chapter runs through many test frameworks in JavaScript and settles in on JsTestDriver weighing the pros and cons of each option. Lastly, it is demonstrated how to use JsTestDriver both inside Eclipse and from the command line (something I deeply appreciated). Chapter Four expands on this by proposing learning tests which are tests that you keep around to try out on new browsers to investigate what you depend on. I'm not entirely sold on this practice but this chapter is definitely worth the look at performance testing it provides in a few of the more complete aforementioned frameworks.

The next 145 pages are devoted to the JavaScript language itself. The reader will find out in later chapters why this was necessary but this second part felt too long and left me starving for TDD. There's a ton of great knowledge in these chapters and Johansen demonstrates an impressive display in his understanding of ECMAScript standards (all versions thereof) and all the JavaScript engines that implement them. In the following four chapters, the reader is shown the ins and outs of scope, functions, this, closures, anonymous functions, bindings, currying, namespaces, memorization, prototypical inheritance, tons of tricks with properties, mixins, strict mode and even the neat features of tddjs and JSON. What I was most impressed with in this chapter was how much care Johansen took with noting performance pitfalls in all of the above. Example: "closures in loops are generally a performance issue waiting to happen" and on for-in arrays he says "the problem illustrated above can be worked around, as we will see shortly, but not without trading off performance." Johansen seems tireless in enumerating the multitude of ways to accomplish something in JavaScript only to dissect each method critically. If you skip these sections, at least look at 6.1.3 as the bind() implementation developed there becomes critical throughout much of the book's code.

Chapter nine provides yet more dos and do nots in JavaScript with a tabbed panel example that demonstrates precisely what obtrusive JavaScript is and why it is labeled as such. Chapter ten is definitely not to be skipped over as it provides feature detection methods (specifically with regard to functions and properties) that are seen in later code snippets. Part two is devoid of any TDD yet rich in demonstrating the power of JavaScript. This is where the book loses a point for me as this seemed too long and a lot of these lessons — though informative — really seemed like they belonged in another book on the JavaScript language itself. I constantly wondered when I would start to see TDD but to a less experienced developer, these chapters are quite enlightening.

In the third part, we finally get to some TDD in which an Observer Pattern (pub/sub) is designed using tests with incremental improvements in true TDD fashion. Most importantly to the audience, we encounter our first browser inconsistencies that are tackled using TDD. This chapter illustrates how to make your first tdd.js project using the book's code and build your first tests followed up with the isolation of the code into setup and teardown functions. Rinse, wash, repeat for adding observers, checking for observers and notifying observers (all key functionality in the common observer paradigm). This is a great pragmatic example for TDD and the chapter wraps up with error checking and a new way to build a constructor. As we do this, we have to make changes to the tests and Johansen illustrates another critical part of TDD: fixing the tests after you've improved your code.

The twelfth chapter takes our Ajax friend the XMLHttpRequest object and gives it the same treatment as above. Of course, you might know it as the Msxm12.XMLHTTP.6.0 object or a variety of names so this is where our browser differences are exposed. On top of that, we're exposed to stubbing in order to test such an object. The author explores three different ways of stubbing it while building tests for GET requests. After building helpers to successfully stub this, we move on to POST, finally send data in a test and then pay attention to the testing of headers. Personally these two chapters were some of the best in the book and illustrated well a common method of utilizing TDD and stubbing to build up functional JavaScript.

Chapter thirteen builds on the previous chapter by examining polling data in JavaScript and how we might keep open a constant stream of data. Before jumping to the solution, the author investigates strategies like polling intervals and long polling which have their downfalls. We eventually come to the Comet client (which uses JSON objects) and build up our test cases that support our development of our new streaming data client. One important aspect brought up is the trick of using the Clock object to fake time. This was completely new to me and very interesting in simulating time with tick() to quickly fake and test expected lengths of time.

Chapter fourteen was definitely outside of my comfort zone. JavaScript on the server-side? Blasphemy! Johansen begins to bring together the prior elements to form a fully functional chat server all in JavaScript through TDD. In this chapter the reader is introduced to node.js and a custom version of Nodeunit the author modified to make a little more like JsTestDriver. The controller emerges through the TDD cycles. Responses to POST, adding messages, the domain model and even storage of data are given test cases to insure we are testing feature after tiny feature. Toward the end of the chapter, an interesting problem arises with our asynchronous interface. In testing it, how do we know what will result from a nested callback? Johansen introduces the concept of a Promise which is a placeholder that eventually provides a value. Instead of accepting a callback, the asynchronous method returns a promise object which is eventually fulfilled. We can now test adding messages in asynchronous manner to our chat room. The chapter builds on the chat server to passable functionality — all through TDD.

Chapter fifteen concentrates on building the chat client to the above server and in doing so provides the reader with TDD in regards to DOM manipulation and event handling. This chapter finally covers some of the more common problematic aspects of client-side JavaScript. Again, this chapter yielded many tricks that were new to me in TDD. JsTestDriver actually includes two ways to include HTML in a test and Johansen shows how to manipulate the user form on a page in order to test it automatically. The client is developed through TDD and node-paperboy is called in to serve up static files through http with Node.js. The message list displayed in the client is developed through TDD and then the same process used on the user form is done with the message form submission. The author brings in some basic CSS, Juicer and YUI Compressor to reduce all our work down into a 14kB js file containing an entire chat client. With gzip enabled it downloads at about 5kB. Potent stuff.

I was sad that more pages weren't spent on the final section. Chapter sixteen further expounds upon mocking, spies and stubbing. It lists different strategies and how to inject trouble into your code by creating stubs that blow up on purpose during testing. And we get a sort of abbreviated dose of Sinon, a mocking and stubbing library for JavaScript. The author repeats a few test cases from chapter eleven and moves on to mocking. Mocking is mentioned throughout the book but is passed over due to the amount of work required to manually mock something. The chapter ends with the author saying 'it depends' on whether you should use stubbing or mocks but it's pretty clear the author provides stubbing as he enumerates the pros and cons of each.

Chapter seventeen provides some pretty universal rules of thumb to employ when using TDD. From the obvious revealing intent by clear naming to strategies for isolating behavior, it's got good advice for succeeding with TDD. This advice aims to improve readability, generate true unit tests that stay at the unit level and avoid buggy tests. It's worth repeating that he gives a list of 'attacks' for finding deficiencies in tests: "Flip the value of the boolean expressions, remove return values, misspell or null variables and function arguments, introduce off-by-one errors in loops, mutate the value of internal variables." Introduce one deficiency and run the tests. Make sure they break when and where you would expect them to or your testing isn't as hardened as you might expect. Lastly the author recommends using JsLint (like lint for C).

There's a lot of information in this book but I think that the final examples were actually too interesting for my tastes. Often I grapple with the mundane and annoying parts of client side DOM — nothing on the server side. While this might change at some point in the future, I couldn't help but feel that the book would have been better with additional examples of more common problems than a chat client in JavaScript. I was certainly impressed with this example and it will hold the readers' attention much more than what I desire so I feel comfortable recommending this book with a 9/10 to anyone suffering from browser inconsistencies or looking to do TDD in JavaScript.

You can purchase Test-Driven JavaScript Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

RickJWagner writes "So you want to be an Android developer? If you're like me, you've probably been wanting to learn how to program a mobile device, but just haven't found the time to master Objective-C. So now that Android is here, all of us garden-variety Java coders can jump on the bandwagon and start slinging apps out, right? Well, it turns out there's a little more to it than that. This book can make the trail from everyday Java code slinger to best-selling Android app writer a little more plausible." Read below for the rest of Rick's review. Android User Interface Development author Jason Morris pages Packt Publishing publisher 304 rating RickJWagner reviewer 1849514488 ISBN A good resource for Android developers who aren't already UI experts. summary 7/10 The book does not teach Android development. For that, there are other books and the Android SDK documentation, which I found adequate for my uses so far. This book emphasizes teaching Android User Interface development, which is something I would not have had much of a clue about without the book. (The Java and XML-based configuration of Android is easy enough for a back-end Java coder like myself, but I've never been a web-design and layout guy. Or fat-client layout and design guy for that matter, either.) That's the sweet spot for this book.

Android newbies do get an introductory chapter that guides the reader through setting up the SDK and writing a quick first app. After that, the book starts to take a serious UI bent, and that's o.k. because that's where the book's intended to go. The earliest chapters cover UI-centric matters like asking the user a question and processing the answer that is returned. List selections are explained (i.e. single-select button choices versus multi-select). Functional features like adding a header or a footer are explained.

The middle chapters cover pragmatic issues like producing an image gallery, handling date/time inputs, and validating user inputs. Layouts in Android are explained, which will be somewhat familiar to Java Swing developers. I had an interest in learning how animation works (don't we all dream of writing the next viral-selling game?), this is explained as well.

The final chapters deal with styling (i.e. how to change the way a button looks) and themes. It's very important that your application 'feels' like it should, and this is given adequate coverage in the book. I'm sure a back-end coder like myself would botch this part horribly without guidance, so I can appreciate the reason the book emphasizes these things.

The book is written in Packt's 'Cookbook' style. If you haven't seen one of these before, the book is largely cut up into sections covering some general idea. Within the section you'll find headings for the topics "Time for Action", "What Just Happened" and "Have a Go, Hero". "Time for Action" is a series of instructions that spell out exactly what to do for a sample scenario. "What Just Happened" follows up with an explanation of why the reader was asked to execute the instructions. "Have a Go, Hero" is a section challenging the reader to extend the spoon-fed instructions by implementing a next-step challenge. This style of writing emphasizes hands-on knowledge transfer without a lot of verbose theory, so it'll be good for readers who like to learn as they code. Contrast this to books that have a lengthy section of text explaining all the details of some topic, followed by a monolithic code blob towards the end of the chapter-- this book is not written that way.

The sample code that's available on Packt's site is clean and easy to understand. It follows the same structure as the sample code you'd find in the SDK, so if you're brand new to Android development you might start with the SDK teachings and then extend it with the book as soon as you're ready. I thought the examples the book presented were almost all reasonably relevant. The author did a good job of keeping the exercises presented throughout the book well contained, so you're never asked to code too much stuff at one time. I like that, as it lets you read the book without having to set aside a huge block of time at once to see the results of your coding efforts.

So who is this book good for? I'd say it's a good resource for Android developers who aren't already UI experts. I'm not saying it's good for Android newbies who need to learn the basics of Android programming, because there's just too little introductory material for that. But if you can already hack something together, and want it to be appealing to someone besides yourself, this book can help.

You can purchase Android User Interface Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

dulepov writes "An extensive set of features makes ExtJS a very popular framework. But a rich set of features comes with a cost: the framework is complex. While many frameworks can be learned from source, with ExtJS this is not the case. Syntax of object-oriented programming in JavaScript can be very difficult to understand and ExtJS sources demonstrate that. As a practical programmer, I think that the best way to learn ExtJS is to read a good book and follow examples inside.The ExtJS book I got was published by Packt Publishing. It is called Learning ExtJS 3.2. I consider myself an experienced ExtJS developer but there are always more experienced developers and this book was written by several of them." Read below for the rest of dulepov's review. Learning Ext JS 3.2 author Shea Frederick, Colin Ramsa, Steve 'Cutter' Blades, Nigel White pages 432 publisher Packt Publishing rating 9/10 reviewer dulepov ISBN 1849511209 summary A good learning resource about ExtJS When I looked through the table of contents, I realized that it is one of those rare books that suits all kind of readers: from beginners to advanced. The book starts from "Getting ExtJS" chapter. It discusses why ExtJS is different, how to get it, where to put it, etc. While this may seem like a chapter for beginners, I read it with interest and found several tips I will use in my next project. The opening chapter also tells what to do if the developer sees error messages. This is another advantage of the book: it is highly practical.

Further chapters describe how to use ExtJS. Here is what is covered: getting elements, creating and using forms, working with menus and toolbars, displaying and editing data with grids, using layouts for components (you can quickly rearrange objects by just applying another layout), creating tree controls, using windows and dialogs. There are also chapters about charts, effects and drag-and-drop. In addition there is a chapter about extending ExtJS. This area is probably one of the most difficult for programmers because this is not what the developer can find in the ExtJS package. The topic about extending ExtJS takes 38 pages, so it is really well covered.

Another interesting topic discussed in the book is data transfer between the browser and the server. There are traditional ways (such as AJAX) but ExtJS and the book go further discussing remote method invocation from the client on the server using ExtDirect. ExtDirect is a hot topic in the ExtJS community because it greatly simplifies communication between the client and the server. Thus the developer can save development time.

The final chapter in the book talks about useful additions to ExtJS such as HTML editor, state management on the browser side, using AIR, etc. It also describes several community extensions to ExtJS (such as TinyMCE and SwfUploadPanel) and how to use them.

The book contains a lot of examples, so the reader can learn through them. One side note here (and a recommendation to Packt editors): I found that spacing in the examples could be smaller to avoid line wraps. Reading examples would be easier if the spacing was reduced. Truly speaking, this is the only bad thing I can tell about the book.

Despite being experienced in ExtJS and using it since version 1.x, I found a lot of good tips in this book. It is really useful and now lives on the shelf among good programming books. So if you need a good learning resource about ExtJS, I can definitely recommend Learning ExtJS 3.2 .

P.S. Current version of ExtJS at the time of writing of this review is 3.3.1. That does not make the book obsolete at all.

You can purchase Learning Ext JS 3.2 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

MassDosage writes "Solr 1.4 Enterprise Search Server written by David Smiley and Eric Pugh provides in-depth coverage of the open source Solr search server. In some ways this book reads like the missing reference manual for the advanced usage of Solr. It is aimed at readers already familiar with Solr and related search concepts as well as those having some knowledge of programming (specifically Java). The book covers a lot of ground, some of it fairly challenging, and gives those working with Solr a lot of hands-on technical advice on how to use and fine-tune many parts of this powerful application." Keep reading for the rest of MassDosage's review. Solr 1.4 Enterprise Search Server author David Smiley and Eric Pugh pages 317 publisher Packt Publishing rating 8/10 reviewer Mass Dosage ISBN 978-1-847195-88-3 summary Enhance your search with faceted navigation, result highlighting, fuzzy queries, ranked scoring, and more. Solr 1.4 Enterprise Search Server starts off with a brief description of what Solr is, how it is related to the Lucene libraries (which it is built around) and how it compares to other technologies such as databases. This book is not an introduction to search and this chapter covers only the basics and assumes the reader already knows what they are getting into or that they will read up on search concepts themselves before reading further. Solr is free, open-source technology licensed under the Apache license and is available here. This book covers the 1.4 version of Solr and was published before this version was actually released so it is a bit patchy in areas which were still undergoing change but the authors point this out very clearly in the text where applicable.

The book provides details on downloading and installing Solr, building it from source and the manifold options available for configuring and tweaking it. A freely available data set from Music Brainz is provided for download along with various code examples and a bundled version of Solr 1.4 which is used as the basis for many of the examples referred to throughout the text. In some ways this dataset is limited as it only allows for fairly simple usages compared with the challenges of indexing and searching large bodies of text. Again, the authors clearly mention these limits and briefly describe how certain concepts would be better applied to other data sources.

The basics of schema design, text analysis, indexing and searching are covered over the next three chapters and these include a wide-range of essential search concepts such as tokenizers, stemming, stop-words, synonyms, data import handlers, field qualifiers, filters, scoring, sorting etc. The reader is taken through the process of setting up Solr so it can be used to index data that is to be searched and then how this data can be imported into Solr from a variety of sources like XML and HTML documents, PDF's, databases, CSV files and many others. Using Solr to build search queries is covered with examples that the reader can run via the Solr web interface and provided sample data.

More advanced search techniques are covered next and at this point I felt a lot of what was being discussed went over my head. Perhaps this was because my own search experience hasn't extended very far and the behind-the-scenes algorithms powering search aren't something I've had to directly work with. There were sections here that definitely felt aimed at people with a much more thorough understanding of the theory underpinning search and how a knowledge of mathematics and the data being searched are essential for search algorithm design. Having said this, these chapters felt like they would be really useful to come back to at some point in the future and I'm sure that people working with search on a daily basis would find some useful advice here for how to get the best out of Solr.

Solr provides much more than just indexing and search and the fact that various components are available to do many other common search-related functions is one of its main benefits. These components provide things like the highlighting of search terms in returned results, spell-checking, related documents and so on. The authors cover components which ship with Solr to provide this functionality as well as a mentioning a few that are currently separate software projects. One can easily see how all of this would be directly applicable if one was adding search capability to one's own product or web site as there are a lot of wheels that Solr saves you from having to re-invent. The book also mentions the various parts of Solr that can be extended to modify or add new behaviours, which of course if one of the many advantages of its open source nature.

The final three chapters move on to the more practical side of actually using Solr in the "real world" and discuss various deployment options, how it can be monitored using JMX, security, integration and scaling. In addition to Java (which is the probably the most powerful and straightforward way of integrating with Solr) support for languages like JavaScript, PHP and Ruby is described. I felt the Ruby section was way too long, maybe one of the authors has a soft spot for the Ruby language? The sections on writing a web crawler and doing autocomplete were far more interesting and probably also more generally applicable. The book wraps up with a thorough discussion on how to scale Solr from scaling high (optimising a single server through techniques like caching, shingling and clever schema design and indexing strategies), scaling wide (using multiple Solr servers and replicating or sharding data between them) and scaling deep (a combination of the former two approaches).

On the whole this is a very thorough, detailed book and it is clear that the authors have a lot of experience with Solr and how it is used in practice. This book does not cover a lot of theory and assumes a fair amount of prior knowledge and is definitely aimed at those who need to get their hands dirty and get up and running with Solr in a production environment. The authors have a straightforward, open and honest writing style and aren't afraid of clearly stating where Solr has limitations or imperfections. While the book may have a somewhat steep learning curve, this is isolated to certain chapters which can be skipped and returned to later if necessary. The fact that the writing is concise and to the point means one doesn't have to wade through pages of flowery text before getting to the good bits. If you're seriously thinking about using Solr or are already using it and want to know more so you can take full advantage of it, I would definitely recommend this book.

Full disclosure: I was given a copy of this book free of charge by the publisher for review purposes. They placed no restrictions on what I could say and left me to be as critical as I wanted so the above review is my own honest opinion.

You can purchase Solr 1.4 Enterprise Search Server from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes 'tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.' Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security." Keep reading for the rest of Ben's review. Social Engineering: The Art of Human Hacking author Christopher Hadnagy pages 408 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 0470639539 summary Definitive text on social engineering With that, Social Engineering: The Art of Human Hacking is a fascinating and engrossing book on an important topic. The author takes the reader on a vast journey of the many aspects of social engineering. Since social engineering is such a people oriented topic, a large part of the book is dedicated to sociological and psychological topics. This is an important area, as far too many technology books focus on the hardware and software elements, completely ignoring the people element. The social engineer can then use that gap to their advantage.

By the time that you start chapter 2 on page 23, it is abundantly clear that the author knows what he is talking about. This is in stark contrast with How To Become The Worlds No. 1 Hacker, where that author uses plagiarism to try to weave a tale of being the world’s greatest security expert. Here, Hadnagy uses his real knowledge and experience to take the reader on a long and engaging ride on the subject. Coming in at 9 chapters and 360 pages, the author brings an encyclopedic knowledge and dishes it out in every chapter.

Two of the most popular books to date on social engineering to date have been Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack.

The book digs deep and details how the social engineer needs to use a formal context for the attack, and breaks down the specific details and line-items on how to execute on that. That approach is much more suited to performing social engineering, than simply reading about social engineering.

Chapter 1 goes though the necessary introduction to the topic, with chapter 2 detailing the various aspects of information gathering. Once I started reading, it was hard to put the book down.

Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet(Pdf) that is uses to assist agents with elicitation.

After elicitation, chapter 4 details the art of pretexting, which is when an attacker creates an invented scenario to use to extract information from the victim.

Chapter 5 on mind tricks starts getting into the psychological element of social engineering. The author details topics such as micro expressions, modes of thinking, interrogation, neuro-linguistic programming and more.

Chapter 6 is on influence and the power of persuasion. The author notes that people are trained from a young age in nearly every culture to listen to and respect authority. When the social engineer takes on that role, it becomes a most powerful tool; far more powerful than any script or piece of software.

The author wisely waits until chapter 7 to discuss software tools used during a social engineering engagement. One of the author’s favorite and most powerful tools is Maltego, which is an open source intelligence and forensics application. While the author concludes that it is the human element that is the most powerful, and that a great tool in the hand of a novice is worthless; the other side is that good tools (of which the author lists many), in the hands of an experienced social engineer, is an extremely powerful and often overwhelming combination.

Every chapter in the book is superb, but chapter 9 – Prevention and Mitigation stands out. After spending 338 pages about how to use social engineering; chapter 9 details the steps a firm must put in place to ensure they do not become a victim of a social engineering attack. The chapter lists the following six steps that must be executed upon:

Learning to identify social engineering attacks

Creating a personal security awareness program

Creating awareness of the value of the information that is being sought by social engineers

Keeping software updated

Developing scripts

Learning from social engineering audits

The author astutely notes that security awareness is not about 45- or 90-minute programs that only occur annually; rather it is about creating a culture and set of information security standards that each person in the organization is committed to using their entire life. This is definitely not a small undertaking. Firms must create awareness and security engineering programs to deal with the above six items. If they do not, they are them placing themselves at significant risk of being unable to effectively deal with social network attacks.

As to awareness, if nothing else, Social Engineering: The Art of Human Hacking demonstrates the importance of ensuring that social engineering is an integral part of an information security awareness program. This can’t be underemphasized as even the definitive book on security awareness Managing an Information Security and Privacy Awareness and Training Program only has about 10 pages on social engineering attacks.

There are plenty of security books on hardware, software, certification and more. Those were perhaps the easy ones to write. Until now, very few have dealt with the human element, and the costs associated with ignoring that have been devastating. Social Engineering: The Art of Human Hacking is a book that is a long time in coming, but worth every page.

While seemingly geared to the information security staff, this is a book should be read by everyone, whether they are in technology or not. Social engineering is not something that just occurs behind a keyboard. Social attackers know that. It is about time everyone else did also.

Reviewer Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Social Engineering: The Art of Human Hacking from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes 'tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.' Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security." Keep reading for the rest of Ben's review. Social Engineering: The Art of Human Hacking author Christopher Hadnagy pages 408 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 0470639539 summary Definitive text on social engineering With that, Social Engineering: The Art of Human Hacking is a fascinating and engrossing book on an important topic. The author takes the reader on a vast journey of the many aspects of social engineering. Since social engineering is such a people oriented topic, a large part of the book is dedicated to sociological and psychological topics. This is an important area, as far too many technology books focus on the hardware and software elements, completely ignoring the people element. The social engineer can then use that gap to their advantage.

By the time that you start chapter 2 on page 23, it is abundantly clear that the author knows what he is talking about. This is in stark contrast with How To Become The Worlds No. 1 Hacker, where that author uses plagiarism to try to weave a tale of being the world’s greatest security expert. Here, Hadnagy uses his real knowledge and experience to take the reader on a long and engaging ride on the subject. Coming in at 9 chapters and 360 pages, the author brings an encyclopedic knowledge and dishes it out in every chapter.

Two of the most popular books to date on social engineering to date have been Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack.

The book digs deep and details how the social engineer needs to use a formal context for the attack, and breaks down the specific details and line-items on how to execute on that. That approach is much more suited to performing social engineering, than simply reading about social engineering.

Chapter 1 goes though the necessary introduction to the topic, with chapter 2 detailing the various aspects of information gathering. Once I started reading, it was hard to put the book down.

Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet(Pdf) that is uses to assist agents with elicitation.

After elicitation, chapter 4 details the art of pretexting, which is when an attacker creates an invented scenario to use to extract information from the victim.

Chapter 5 on mind tricks starts getting into the psychological element of social engineering. The author details topics such as micro expressions, modes of thinking, interrogation, neuro-linguistic programming and more.

Chapter 6 is on influence and the power of persuasion. The author notes that people are trained from a young age in nearly every culture to listen to and respect authority. When the social engineer takes on that role, it becomes a most powerful tool; far more powerful than any script or piece of software.

The author wisely waits until chapter 7 to discuss software tools used during a social engineering engagement. One of the author’s favorite and most powerful tools is Maltego, which is an open source intelligence and forensics application. While the author concludes that it is the human element that is the most powerful, and that a great tool in the hand of a novice is worthless; the other side is that good tools (of which the author lists many), in the hands of an experienced social engineer, is an extremely powerful and often overwhelming combination.

Every chapter in the book is superb, but chapter 9 – Prevention and Mitigation stands out. After spending 338 pages about how to use social engineering; chapter 9 details the steps a firm must put in place to ensure they do not become a victim of a social engineering attack. The chapter lists the following six steps that must be executed upon:

Learning to identify social engineering attacks

Creating a personal security awareness program

Creating awareness of the value of the information that is being sought by social engineers

Keeping software updated

Developing scripts

Learning from social engineering audits

The author astutely notes that security awareness is not about 45- or 90-minute programs that only occur annually; rather it is about creating a culture and set of information security standards that each person in the organization is committed to using their entire life. This is definitely not a small undertaking. Firms must create awareness and security engineering programs to deal with the above six items. If they do not, they are them placing themselves at significant risk of being unable to effectively deal with social network attacks.

As to awareness, if nothing else, Social Engineering: The Art of Human Hacking demonstrates the importance of ensuring that social engineering is an integral part of an information security awareness program. This can’t be underemphasized as even the definitive book on security awareness Managing an Information Security and Privacy Awareness and Training Program only has about 10 pages on social engineering attacks.

There are plenty of security books on hardware, software, certification and more. Those were perhaps the easy ones to write. Until now, very few have dealt with the human element, and the costs associated with ignoring that have been devastating. Social Engineering: The Art of Human Hacking is a book that is a long time in coming, but worth every page.

While seemingly geared to the information security staff, this is a book should be read by everyone, whether they are in technology or not. Social engineering is not something that just occurs behind a keyboard. Social attackers know that. It is about time everyone else did also.

Reviewer Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Social Engineering: The Art of Human Hacking from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Hugh Pickens writes writes "Joe Konrath has an interesting interview with independent writer John Locke who currently holds the coveted #1 spot in the Amazon Top 100 and has sold just over 350,000 downloads on Kindle of his 99 cent books since January 1st of this year, which, with a royalty rate of 35%, is an annual income well over $500k. Locke says that 99 cents is the magic number and adds that when he lowered the price of his book The List from $2.99 to 99 cents, he started selling 20 times as many copies — about 800 a day, turning his loss lead into his biggest earner. 'These days the buying public looks at a $9.95 eBook and pauses. It's not an automatic sale,' says Locke. 'And the reason it's not is because the buyer knows when an eBook is priced ten times higher than it has to be. And so the buyer pauses. And it is in this pause—this golden, sweet-scented pause—that we independent authors gain the advantage, because we offer incredible value.' Kevin Kelly predicts that within 5 years all digital books will cost 99 cents. 'I don't think publishers are ready for how low book prices will go,' writes Kelly. 'It seems insane, dangerous, life threatening, but inevitable.'"

Shlomi Fish writes "The best way to react to people trolling on Internet forums is not to feed them, right? Wrong! 'Don't feed the trolls' is also usually ineffective. Luckily, however, there is more effective approach, inspired by the book Feeling Good by David D. Burns."

Muad writes "Maik Schmidt is our guide in the Pragmatic Bookshelf's venture into the world of electronics. This is a compact work, like all others in the series, it goes straight to applicable examples and makes you get your hands dirty with real work. The Arduino platform has been described in many ways, but the best I have heard so far insightfully labels it 'The 555 of the future,' referring to the ubiquitous timer chip so many simple electronic projects make use of. If you haven't been hiding under a rock for the past few years, you have doubtlessly seen the plethora of material on the subject that's out there: even O'Reilly, which usually does not ship multiple titles on a single subject, has a variety of them. Most of these works are rather similar, the ones I prefer are Massimo Banzi's Getting Started with Arduino (O'Reilly, 2008), by one of the original developers of the platform, and the strongly related Getting started with Processing by Casey Reas and Ben Fry. These are brief books in the 100-page range, not exhaustive works, but covering the core philosophy and basic operation of the tools is sometimes the best way to jump into a new subject. Read below the rest of Federico's review Arduino: A Quick-Start Guide author Maik Schmidt pages Pragmatic Bookshelf publisher 263 rating Federico Lucifredi reviewer 9781934356661 ISBN With this Quick-Start Guide you'll be creating your first gadgets within a few minutes summary 8/10 There is a lot of material on the subject, even the current issue of Make magazine has a very good roundup (and not for the first time, if I may add). So, how does Maik's work stand out in the fray? Right after a brief introduction to ease you into the Arduino environment, the book turns to interesting projects, more sophisticated than the usual fare (read: not the usual LED-blinking using pulse-width modulation that every tutorial out there walks you through). Examples of this include connecting with a Wii Nunchuk, motion sensing, networking, infrared remote control interfaces, and more. These projects are the high-note of the book, and span almost two-thirds of its length — and are significantly better than most other project material currently in print.

This is a hands-on book, theory is kept to a minimum, as you don't really need previous experience to tackle an Arduino: the platform was specifically designed to cater to artists and designers, it is meant to be approachable by users who are not EE wizards. That said, if what you are after is learning the underpinnings of low-level electronics or hardcore embedded systems programming, this book is not for you: pick up a copy of Horowitz and Hill's The Art of Electronics (possibly including the student manual), and check back with us in a year or so for the digital followup recommendation. But if you have less time on your hands, and you just want to network-enable a coffeepot or build some interactive art display, the introduction to Arduino Maik delivers is quite sufficient for your aims, and it spans material other authors have been remiss to include, like developing libraries and (Appendix C) use of serial line protocols.

Zooming in on the details, perhaps the comment can be made that it would be good if there was a single kit available including all components used in the text: perhaps Makershed or Adafruit Industries will supplement their existing kits with one comprising the full range of the author's selection. On the plus side, I must highlight the extensive illustrations, which visually represent the breadboard linkage between the Arduino and the sensor or actuator being used with extreme clarity, and are much more effective in teaching neophytes than more traditional circuit designs. Where these are not actual pictures, they were generated using the alpha release of Fritzing, a very interesting piece of software (see fritzing.org) aiming at facilitating circuit design for those of us without a background in electronics.

The landscape of Arduino publications is shifting faster than many other subjects in print, and doubtlessly Maik's status as "king of the Hill" is but temporary — however, among those books on the subject I have personally surveyed, I am pleased to say that he currently holds the championship cup.

Federico Lucifredi is the maintainer of man (1) and a Product Manager for the SUSE Linux Enterprise and openSUSE distributions.

You can purchase Arduino: A Quick-Start Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

JR0cket writes"Inkscape is an open source 2D drawing tool that helps you create graphic designs, from simple buttons and logos to full blown posters and web page designs. Inkscape is similar to Adobe Illustrator or CorelDraw and gives you a vector based graphics tool that uses the W3C Scalable Vector Graphics (SVG) format. Inkscape is easy to use, although learning the tricks that make designing a web site look great are more involved. The Inkscape 0.48 Essentials for Web designers is specifically focused on helping you to create your first web site designs and does a great job of getting you started. Most if not all the techniques covered are relevant to creating other graphic works too, so its useful as a general Inkscape tutorial." Read on for the rest of John's review. Inkscape 0.48 Essentials For Web Designers author Bethany Hiitola pages 316 publisher Packt Publishing rating 9 reviewer John Stevenson ISBN 978-1-84951-268-8 summary A tutorial to start web site design using Inkscape I should say up front that If you are a web designer by trade you will know all the design aspects covered in the book, although the book will help you apply that knowledge in the latest version of Inkscape (version .048).

For those wanting to get into graphic design or start creating their own works, the book is quite a useful starting point to learn about a few important design concerns. Also, if you are a developer who works with graphic designers, you will find interest in understanding how graphic designs are created. No technical skills are really required except the basics of using desktop software with a modern graphical user interface. With no prior design knowledge, I was able to use Inkscape to do some basic posters, using the book has helped me do more involved designs and uses the more advanced features of Inkscape.

Inkscape is open source software and is licensed under GNU General Public License (GPL) and there are many examples of works create with Inkscape under the creative commons licenses — eg SpreadUbuntu.org

While the focus on the book is Inkscape for web design, all the techniques are useful if you want to create advertising posters, desktop wallpapers, company logos, single page comics, etc. The only limitation to using Inkscape, apart from your creativity and imagination, is that it only does a single page graphic in each inkscape window, but each graphic can be saved as individual images and made into a document using Scribus or OpenOffice / LibreOffice as Inkscape can save your designs using standard image formats (png, jpeg, svg, etc.)

The book content is nice and clean, with content on pages nicely spaced out making the book really easy to read and follow, so no need to be daunted by the 316 page count.

As the book progresses it assumes you have read earlier chapters so does not repeat exact details, for example the exact steps to create drop shadows is shown only once, keeping the book nice and to the point. You will therefore get the most out of the book by following along with the exercises in Inkscape.

So the book covers simple design techniques useful for any graphic design, along with lots of good ideas on how to design and enhancing your website, from site layouts, templates to animations.

An important starting point in the book is the overview of vector graphics and how they differ from raster graphics (eg. vector graphics scale uniformly and you don't get blur when scaling images). This concisely sets the scene as to why vector graphics are better for web design — flexibility, quality and small file sizes.

The Inkscape install guidance is nothing more than download and install but this is probably all you need. There are a few hints for Mac Users to help them out. There are packages available for Ubuntu and Debian based distributions in their respective distribution repositories. A Microsoft Windows installer is also available from the downloads section of the Inkscape website

The tour of the Inkscape user interface is very detailed with a good indication of what you can do with all the controls that make up Inkscape. There are just about enough drawings provided as examples, although I would have liked a few more images to make the tour a little clearer. I recommend you read the Inkscape tour in dual page view if you are reading the ebook (pdf) version.

The design concepts in the book start with web site layouts in chapter 2, steadily building each of the design aspects onto the site layout (images, text, patterns, icons, buttons and logos, site maps). The book covers four basic design principles of Proximity, Alignment, Repetition, Contrast and suggests reading The Non-Designer's Design Book: Design and Typographic Principles for the Visual Novice by Robin Williams for more detailed study.

You are walked through step by step construction of a basic web page design — including header, footer, sidebar, content, navigation. Using guides, grids and aligning techniques to manage your web page layout. Pulling all the design work together to create a store-front for a website. Its pretty hard to go wrong following these steps. The book use the same web design jargon you get in industry and any jargon used is explained well enough.

When you have created your web page design, you are shown how to slice up that design and export it as a series of image files (png) for use in the HTML code of the actual web page. This is the same basic process as used in industry.

Throughout the book there are specific chapters on working with images, styling text, creating logos and buttons, using patterns for background images and more details on creating flow diagrams such as for creating web site maps.

Each chapter again builds on the previous information to give you an easy to follow guide and provides examples of why the design techniques covered here are important along with approaches to create the most suitable designs for your clients.

There is nice coverage of how to use Inkscape and GIMP in collaboration to create your own animations for your website. The animations are relatively simple but effective, scrolling text and a sailing boat on the sea, showing you the technique in more than enough detail for any website design using animated GIF images.

Getting a little more technical at the end of the book, though still easy to follow, it covers the XML structures that Inkscape uses to hold your graphic designs. These XML structures let you tweak your designs using Inkscapes XML editor. There is also a reference section on the various plugins available for Inkscape, mentioning specifically Agave for color palette management and Export to PDF CMYK for color separation for the CMYK standard. There is also a section on how to create your own custom page templates.

I would have liked to see more information about filters that you can apply to your designs. There are a nice range of filters you can use in Inkscape and some are simple enough to use, but there are some that give great effects but have quite a few options you can tweek. There is plenty of scope for doing a whole chapter on using filters that would make the book more complete.

Inkscape 0.48 essentials for Web Designers is a great book to get started with Inkscape, especially if you are designing your own site. For example, If you have installed wordpress and want to create some custom themes, then this book would be very helpful to make your site stand out from the crowd.

There is an Inkscape Illustrators Cookbook by Packt Publishing out in April 2011 that seems more general compared to web developers book but as mentioned before, all the concepts presented in the web developers book are relevant for creating other graphic designs.

The book never attempts to teach you all about design, that would require a much larger book. There is enough design information in here to get you started on a good path and give you a good steer in the right direction. The coverage of Inkscape is very detailed and will help you get the most out of the tool, whether you are using it for web development or other graphical design activities.

This book makes a nice addition to the online resources available for Inkscape and with its tutorial style is a good contrast to other Inkscape books available which may contain more reference material but are more general in nature.

John coaches Lean Agile practices, organizes London technical communities and is an OSS advocate (since running Debian in 1995). @JR0cket

You can purchase Inkscape 0.48 Essentials for Web Designers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

brothke writes "With many different types of log and audit data, Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details; and there are plenty of details in deploying a SIEM on corporate networks. Security Information and Event Management Implementation provides a solid introduction, overview and analysis of what a SIEM (also known as SIM, SEM, SEIM and others) is, and what needs to go into it for an effective deployment and operation." Read below for the rest of Ben's review. Security Information and Event Management Implementation author David Miller pages 464 publisher McGraw-Hill Osborne Media rating 8/10 reviewer Ben Rothke ISBN 0071701095 summary Provides an excellent overview of the topic and will be of value to those reading looking for answer around SIEM As a technology, SIEM provides real-time monitoring and historical reporting of information security events from networks, servers, systems, applications and more. Many firms have deployed SIEM as a method to address regulatory compliance reporting requirements, in addition to using it as a mechanism in which to build a robust information security operation, integrating the SIEM into their security management and incident response areas.

With that, the good news is that the SIEM market is now at a mature state, with numerous vendors competing off each other. Combined with the level of SIEM adoption, it's ready for prime time. But ensuring it works in prime time is heavily dependent upon the requirements definitions and planning.

The books 15 chapters are organized in three parts: Introduction to SIEM: Threat Intelligence for IT Systems, IT Threat Intelligence Using SIEM Systems and SIEM Tools. Part 3 (chapters 8-15) provides the bulk of the reading.

Part 1 provides a high-level overview of the topic and covers information security fundamentals. Chapter 2 details the various threats that the SIEM will be used to defend against. While chapter 3 gets into regulatory compliance, which is a key driver for many SIEM rollouts.

Part 2 details four SIEM vendors. The products the authors selected to showcase are: OSSIM, ArcSight ESM, Cisco Mars and Ounce Labs QRadar. While it is debatable if OSSIM is a SIEM, I am not sure why the authors did not include the netForensics product. This is especially true since the nFX SIM One software is one of the better tools which works on large deployments in which customization is needed.

A mistake many firms makes when considering a SIEM is spending too much time selecting a specific SIEM vendor and not enough time defining their specific security requirements for the SIEM product. The book does a good job of communicating the important of effective requirements definition. An important notion around requirements definition is that it must not involve just IT and security groups alone. Other groups including audit, regulatory, legal, administration, applications and more must be involved.

The book provides examples of real-world advice. A good point made in chapter 11 is the need to realize that a SIEM takes time to develop and is an out of the box solution. The authors note that one should not expect full inventory activity and actionable information immediately. It often may take a few weeks for that information to be normalized into data that is actionable.

Part 3 goes into the various products. In chapter 12, while about QRadar, lists 10 highly detailed questions that must be answered irregardless of what SIEM vendor will be used. These 10 questions (for a formal SIEM definition, there are a good 30 or more that can be asked) require a firm to truly understand their infrastructure and environment, before they deploy a SIEM. The authors note that these questions are meant to facilitate a firm doing their homework around the SIEM. Detailed answers to these questions should not be underestimated, as failure to do them in advance can lead to a SIEM deployment that will ultimately fail.

For many readers, the screen print of a QRadar system settings console on page 278 may be enough to scare them away from a SIEM. This screen, of which there are many in QRadar, list over 50 settings that must be configured in order to effectively use the software. While many of the default settings can be used; firms should know exactly what their settings should be if they want to get the most out of SIEM solution.

In many books, the appendix is often public information which is simply added as filler to increase the page count. The appendix The Ways and Means of the Security Analyst is superb. It details the human element of the SIEM, the security analyst, which is often what will make or break the SIEM. The analyst is the one who will use the SIEM and attempt to make sense of it. A SIEM deployment without good analysts is ultimately useless.

It should be noted that even though the book has the term implementation in the title, it is not really a full implementation reference. It should be viewed as a comprehensive introduction to SIEM. The reason is that when one digs into the deeper layers of a SIEM deployment, there are significant complexities that must be dealt with. Anyone who attempts to deploy SIEM based on this guide alone will likely be disappointed. This is not a fault of the book; rather a reality of the complexity of a SIEM, and the amount of pages it requires to be written.

While the book does have implementation guidelines around the insulation and configuration of 4 SIEM products, the real challenge in a SIEM is the post-installation configuration issues, and not simply the installation. Perhaps the authors will take this as a challenge to create a second volume of this book detailing those issues.

With that, the book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy. Don't think about a SIEM without it.

You can purchase Security Information and Event Management Implementation from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

RickJWagner writes "jBPM is a mature, open source business process management (BPM) solution. This book, written in a developer-centric manner, guides the reader through the framework and exposes many important considerations for production use. BPM tools are used to define and execute business processes. They usually come with a graphical editor, which is used to drag and drop boxes onto a graph. The boxes represent activities performed by programs, activities performed by humans, and decision points. If this all sounds like 'graphical programming', it isn't. The picture does draw out the desired series of steps, but there's always configuration and maybe some programming involved as well." Read below for the rest of Rick's review. jBPM Developer Guide author Mauricio Salatino pages Packt Publishing publisher 372 rating RickJWagner reviewer 1847195687 ISBN A complete developer's guide to working with jBPM in a J2EE enterprise environment summary 7/10 Developers new to the scene will probably draw parallels between BPEL and BPM. While they both allow the designer to orchestrate a series of activities, BPEL uses web services exclusively. (BPM doesn't specify, and often uses Java classes to accomplish desired goals.) BPEL offers support for human-activities (from BPEL4People and WS-HumanTask), but BPM has offered human tasks from the early days, so probably is a better choice if you have lots of them.

The book is true to it's title, it's definitely a book for developers. In the early chapters the reader is guided through implementing their own mini-BPM engine. This is an interesting exercise and helps solidify in the reader's mind the core concepts behind jBPM. It also reinforces the notion that jBPM can be used in a lightweight manner-- it's just as easily embeddable in a standalone Java application as it is deployed in a JEE container.

Speaking of JEE containers, jBPM is a JBoss product, so it's natural that it makes use of available infrastructure like Hibernate, poolable data sources, and enterprise beans for enterprise use. These are all optional-- if you want to write a minimal application that sits outside of JBoss, that's fine. But if you have heavyweight needs, heavyweight infrastructure is readily available. The book covers these important options in detail, which will be useful for developers writing real-world applications.

jBPM is popular enough that it's mentioned in quite a few SOA books as an enabling technology for process management. Most of these books provide coverage of the minimal, embedded use of jBPM. This book differs in that it provides good explanations of the 'enterprise' use.

Normally I strongly prefer paper books to electronic versions, but in this case I'd recommend you might consider the eBook. I say that because the book is much more useful if it's used in conjunction with the source code found on the publisher's site. The book shows source code in each example, but it's just a snippet out of context. I found the content much easier to understand when it was viewed next to all the related artifacts, so you can understand how they relate. (By the way, the toolkit used includes Maven and Eclipse. The reader is given adequate instruction in the front part of the book on setting these up.)

There's not much fluff in the book. It runs about 350 pages. Heavy Developer-type stuff starts after about 40 pages and never really gets lighter after that. Screen shots and diagrams are given where necessary, but mostly it's code and text. Sometimes books are criticized for being light on technical content and overstuffed with pictures and basic diagrams. This criticism does not apply in this case.

A big part of jBPM development is in data handling-- how do you get data into your process instance, and how do you get data out? The author explains this well, and it is a necessary discussion.

You might wonder why you should be interested in this book, which covers jBPM 3.2.6. After all, jBPM 5 was just released. What about jBPM 4? I believe this book will be relevant for quite a while yet, as jBPM 4 is not going to be included in JBoss's support cycle. They'll stay with jBPM 3 (the current supported standard) and will eventually move on to jBPM 5 (after it's gone through the 'community trial by fire' on it's way to productization.) jBPM 5 is going to be a big change from the current landscape-- it's converging with the rules engine Drools. For these reasons, I expect there will be a lot of jBPM 3 development done for a while yet.

So, who would I recommend this book for? I'd say it's a good book for anyone supporting a jBPM 3 deployment, or anyone considering developing a process-centric application. jBPM is a good product, and this book can help a reasonably skilled Java developer get off the ground. I would not recommend the book for someone just out trolling for a technology book to pick up, or an analyst charged with developing the graphical process depictions. As the title says, this is a book for developers.

You can purchase jBPM Developer Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "With the growing interest in Drupal as a platform for developing websites, the number of books devoted to this CMS has increased from a handful to now several dozen. Consequently, intermediate and advanced Drupal programmers may wonder which one of those books would be their best choice as a single resource for learning how to create custom Drupal modules and themes. Ever since its first edition in April 2007, the Pro Drupal Development series from Apress is more frequently cited as the best candidate than any other." Keep reading for the rest of Michael's review. Pro Drupal 7 Development, Third Edition author Todd Tomlinson and John K. VanDyke pages 720 pages publisher Apress rating 9/10 reviewer Michael J. Ross ISBN 978-1430228387 summary A thorough guide to module building for intermediate to advanced Drupal coders. In its third edition, Pro Drupal 7 Development is now helmed by Todd Tomlinson and John K. VanDyke, and again features a forward by Dries Buytaert, the founder and project lead of Drupal. This edition was published on 29 December 2010 under the ISBN 978-1430228387. The publisher offers a fairly sparse Web page for the book, containing a brief description, the source code used in the book, a page for errata (several reported), links to purchase both the print and electronic versions (oddly, with no bundle discount), and a section for author information, which currently has no entries. At 720 pages, it is the longest Drupal book on the market, as of this writing (and should remain so until the scheduled release of Wiley's Drupal 7 Bible). Yet Pro Drupal 7 Development is not terribly thick, probably because its paper appears to be thinner than that typically used for programming books. Although this allows the text on the other side of each page to show through slightly (and no doubt unintentionally), it generally does not pose a problem, but would have if a paper any thinner had been chosen.

The book's material is organized into 25 chapters and two appendices, covering numerous topics: Drupal infrastructure, including requisite Web technologies; module development basics; hooks, actions, and triggers; the menu, database, user, node, field, and theme systems; blocks; the form API; the filter system; searching and indexing content; file management; taxonomy and vocabularies; caching; sessions; jQuery; localization, internationalization, and content translation; XML-RPC; how to develop secure code and other best practices; site optimization; installation profiles; testing; Drupal database reference; and other resources. Given the sizable number of chapters and topics explored in this book, it would be impractical to attempt to provide any sort of full synopsis in this review. Instead we will focus more attention on those topics that will be of greater importance to Drupal developers (a phrase used to distinguish them from any Drupal site builders who do not create their own modules or modify existing ones).

The subject matter presented first — how to structure module code and make use of Drupal's hook system, as well as actions and triggers — is essential reading for anyone new to these topics (but presumably could be skipped by any veteran programmer familiar with them from earlier versions of Drupal). Most readers should find that there is sufficient information provided to understand the concepts and/or the code being presented, but there are a few exceptions: For instance, on page 22, the narrative refers to only a single node, but the code in annotate_node_load() suggests multiple nodes are being processed. Also, readers following along by implementing the example code, will likely be frustrated that the action "Beep multiple times" is not displayed in their own "Trigger: After saving new content" list box (page 42). Fortunately, these are the exceptions, because the authors present the ideas at a measured pace, with sufficient groundwork so readers will not become lost.

An understanding of Drupal's powerful hook system, is a necessary foundation for learning the concepts that form the heart of this book — namely, the menu, database, user, node, field, theme, block, and form systems (often referred to as the Drupal APIs). The presentation of the ideas is done in a methodical fashion, with plenty of example code and screenshots. Readers who patiently work their way through the material — particularly if they try to get the code working in their own Drupal environments, and perhaps even experiment with variations — will likely find it a time-consuming process, yet they will be richly rewarded for their efforts. The only blemishes are the several places in the text where there is a mismatch between the narrative and the code, or between the code and a screenshot. Several examples should suffice: The menufun_hello() function on page 67 is missing code for the two @from variables. Page 76 refers to a mysterious "second parameter, $b." The $items code on page 77 is close to what is in Drupal 6's user.module, but is nothing like Drupal 7's. Remarkably, "%index" appears in a section head (page 79) but nowhere in the text. The pager display code (on page 96) is missing "$result = $query->execute();." A "module named dbtest" (page 111) doesn't seem to exist.

The topics covered next in the book generally go beyond the Drupal APIs, and are much more diverse. Readers will learn how to filter user input, as well as how to allow users to search a site's content, upload files, and characterize nodes using terms from taxonomy vocabularies. Incidentally, the chapter on caching would have been better positioned just before the chapter on optimizing Drupal's performance, since the two areas are so closely related. Yet both are invaluable for minimizing the page load times for any substantial Drupal-based site. The authors show how, within Drupal modules, to utilize jQuery and XML-RPC. The chapter devoted to localization and translation — a subject growing in importance as sites go multilingual — is quite thorough.

The last five chapters of the book address topics that can help anyone become a better Drupal developer: code and form input security, programming best practices, Drupal site optimization, installation profiles, and testing techniques. Even though the authors provide a full chapter on Drupal programming best practices, there are similar nuggets of wisdom sprinkled throughout the other chapters — evidence of the authors' deep experience writing Drupal code, and seeing the pitfalls. The book's two appendices consist of a Drupal database reference, which describes all of the tables and their columns, and a summary of Drupal resources aside from the book, including user groups. The book concludes with an index that is missing some key concepts (e.g., permissions and roles), and would have been able to include more entries if the publisher had not chosen to use an unnecessarily large font and line height.

Each chapter concludes with a brief summary, and all of these summaries provide no value and should be dropped from any future editions. For each one of the items labeled "Note" (scattered throughout the book), if it repeats information mentioned in the text (some just a couple sentences earlier), then it should be excised; otherwise, the information should be folded into the text. The book's narrative could be improved in other ways: There are a number of instances where the authors refer to particular lines of code in the example code, and it would have been most convenient for the reader had line numbers been used. Module names are often incorrectly presented in all lowercase (e.g., page 13). Occasionally some phrases or acronyms should have been explained (or not used), such as "HA companies" (page xxix). On the plus side, the material is occasionally livened up with some welcome humor, such as the devilish functionality of "Evil Bob's Forum BonusPak" (page 14) and some equally devilish deadly pets (page 282). At first, readers may chuckle at the phrase "Drupal's legendary snappiness" (page 499), but evidently the authors were not being facetious.

The example code sprinkled throughout the chapters is especially helpful to the reader, and there are only a few places where the code does not match the narrative, or the code is incorrect in some other way (aside from those instances mentioned above): The text on page 14 neglected "annotate.admin.inc"; and in the listing for annotate.info, the "configure" path should not include "content/." In the discussion on paged display (on page 96), "clicking on 5 would take the visitor to rows" 41 through 50, and not "51 through 60." The code on pages 147 and 149 erroneously refers to "punchline" and a joke node type in job_node_access(). On page 355, field_tags is identified as field_geographic_location. The contents of the files in the downloadable source code do not always match what is seen in the book, starting with annotate.info (page 14) and annotate_admin_settings_submit() (page 20). Even worse, the source code for Chapters 3-6, 12, 13, 15-17, 19-22, 24, and 25 is missing completely.

There are numerous other, more simple errata: "-sites" (page 8), "an[d] installing" (9), "/q=node/3" (10; missing the '?'), "modules /" (17), "[the module] removes" (19), "hooks key" (45; should read "triggers key"), "beep_multiple_.beep_.action()" (49), "end" (55; should read "beginning"), "to [the] module" (61), curly quotes in code (63, 67, 190, etc.), "%user_uid_only_optional" (77), "function_menufun_menu()" (79), "product" (98; should read "produce"), "lower-case" (111), "users signature" (117), "[the] time" (118), "themeing" (153), "secondary" (190), "to and an" (308), "php", "class. the", and "apis" (all on page 323), and "pave" (409). At that point, I stopped recording the errata. Most if not all of these errors should have been spotted in the book's technical review process, assuming they were not introduced after the reviews were done.

For computer programming books, information presented outside of the narrative — such as figures and example source code — can either greatly enhance the reader's experience, or undermine it. In Pro Drupal 7 Development, the diagrams and screenshots are relatively few in number, yet are used effectively, with only a few errors: The caption for Figure 3-8 appears to be incorrect, as is the URL in Figure 4-5. Figure 5-1 contains an erroneous "$database". Table 17-1 is missing a row for uid 0. The screenshots in Figures 19-1 and 19-2 are quite fuzzy and difficult to read.

A few comments on the book's physical design and production are called for: In the review copy that the publisher kindly sent me, the first text block signature consists of only the first two leaves. As a consequence, that signature had almost no glue holding it into the binding, and had already started to separate from the binding. The production team should have anticipated this sort of problem; but it may have been a choice driven by pending changes to the title and/or copyright pages.

Fortunately, none of the above flaws are significant compared to the wealth of information provided by this book. Pro Drupal 7 Development clearly demonstrates why, in the minds of countless Drupal developers, this series is the gold standard for learning the inner workings of Drupal, and how to utilize them for building custom modules.

Michael J. Ross is a freelance website developer and writer.

You can purchase Pro Drupal 7 Development, Third Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

eggyknap writes "Thanks in large part to the oft-hyped 'NoSQL' movement, database performance has received a great deal of press in the past few years. Organizations large and small have replaced their traditional relational database applications with new technologies like key-value stores, document databases, and other systems, with great fanfare and often great success. But replacing a database system with something radically different is a difficult undertaking, and these new database systems achieve their impressive results principally because they abandon some of the guarantees traditional database systems have always provided." Keep reading for the rest of eggyknap's review. PostgreSQL 9.0 High Performance author Gregory Smith pages Packt Publishing publisher 468 rating Packt Publishing reviewer 184951030X ISBN takes the reader step-by-step through the process of building an efficient and responsive database using "the world's most advanced open source database" summary 8/10 For those of us who need improved performance but don't have the luxury of redesigning our systems, and even more for those of us who still need traditional transactions, data integrity, and SQL, there is an option. Greg Smith's book, PostgreSQL 9.0 High Performance takes the reader step-by-step through the process of building an efficient and responsive database using "the world's most advanced open source database".

Greg Smith has been a major contributor to PostgreSQL for many years, with work focusing particularly on performance. In PostgreSQL 9.0 High Performance, Smith starts at the lowest level and works through a complete system, sharing his experience with systematic benchmarking and detailed performance improvement at each step. Despite the title, the material applies not only to PostgreSQL's still fairly new 9.0 release, but to previous releases as well. After introducing PostgreSQL, briefly discussing its history, strengths and weaknesses, and basic management, the book dives into a detailed discussion of hardware and benchmarking, and doesn't come out for 400 pages.

Databases vary, of course, but in general they depend on three main hardware factors: CPU, memory, and disks. Smith discusses each in turn, and in substantial detail, as demonstrated in a sample chapter available from the publisher, Packt Publishing. After describing the various features and important considerations of each aspect of a database server's hardware, the book introduces and demonstrates powerful and widely available tools for testing and benchmarking. This section in particular should apply easily not only to administrators of PostgreSQL databases, but users of other databases, or indeed other applications as well, where CPU, memory, or disk performance is a critical factor. Did you know, for instance, the difference between "write-through" and "write-back" caching in disk, and why it matters to a database? Or did you know that disks perform better depending on which part of the physical platter they're reading? How does memory performance compare between various common CPUs through the evolution of their different architectures?

At every step, Smith encourages small changes and strict testing, to ensure optimum results from your performance efforts. His discussion includes methods for reducing and correcting variability, and sticks to easily obtained and interpreted tools, whose output is widely understood and for which support is readily available. The underlying philosophy has correctly been described as "measure, don't guess," a welcome relief in a world where system administrators often make changes based on a hunch or institutional mythology.

Database administrators often limit their tools to little more than building new indexes and rewriting queries, so it's surprising to note that those topics don't make their appearance until chapters 9 and 10 respectively, halfway through the book. That said, they receive the same detailed attention given earlier to database hardware, and later on to monitoring tools and replication. Smith thoroughly explains each of the operations that may appear in PostgreSQL's often overwhelming query plans, describes each index type and its variations, and goes deeply into how the query planner decides on the best way to execute a query.

Other chapters cover such topics as file systems, configuration options suitable for various scenarios, partitioning, and common pitfalls, each in depth. In fact, the whole book is extremely detailed. Although the tools introduced for benchmarking, monitoring, and the like are well described and their use nicely demonstrated, this is not a book a PostgreSQL beginner would use to get started. Smith's writing style is clear and blessedly free of errors and confusion, as is easily seen by his many posts on PostgreSQL mailing lists throughout the years, but it is deeply detailed, and the uninitiated could quickly get lost.

This is also a very long book, and although not built strictly as a reference manual, it's probably best treated as one, after an initial thorough reading. It covers each topic in such detail that each must be absorbed before further reading can be beneficial. Figures and other non-textual interruptions are, unfortunately, almost nowhere to be found, so despite the author's clear and easy style, it can be a tiring read.

It is, however, one of the clearest, most thorough, and best presented descriptions of the full depth of PostgreSQL currently available, and doubtless has something to teach any frequent user of a PostgreSQL database. Those planning a new database will welcome the straightforward and comprehensive presentation of hardware-level details that are difficult or impossible to change after a system goes into production; administrators will benefit from its discussion of configuration options and applicable tools; and users and developers will embrace its comprehensive description of query planning and optimization. PostgreSQL 9.0 High Performance will be a valuable tool for all PostgreSQL users interested in getting the most from their database.

You can purchase PostgreSQL 9.0 High Performance from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

RickJWagner writes "OSGi is a Java framework that's designed to simplify application deployments in shared environments. It allows applications with differing dependencies to run side-by-side in the same container without any deployment time contortions. The end result is that your application that needs FooLib v2.2.2 can run right beside my application that needs FooLib v1.0, something not often possible in today's application servers." Keep reading for the rest of Rick's review. OSGi and Apache Felix 3.0, Beginner's Guide author Walid Joseph Gedeon pages 336 publisher Packt Publishing rating 8/10 reviewer RickJWagner ISBN 1849511381 summary A step-by-step beginner's guide based on developing a case study OSGi is actually more than that, though. It's a framework with a very granular component lifecycle model, so you can carefully manage when the various parts of your application start up. It contains a service registry, so your application can either advertise or consume services. It's a controllable application runtime framework, complete with shell language that allows administrative tasks to be performed.

All these things and more are covered in the book. The author assumes the reader knows nothing more than what an average Java coder would know, so the development environment is given great coverage. (As is increasingly common, Maven2 is the build mechanism being used. The author goes to great lengths to explain how to construct every .pom file you'll need.) By the way, you'll be needing plenty of .pom files, as you are going to be incrementally building a simple bookshelf application, adding functionality chapter by chapter.

The book's example business logic is nothing out of the ordinary, which is good. If you're new to OSGi you're going to have your hands full learning the ins and outs of packing applications, the component deployment cycle, etc. Any experienced developer is going to instantly recognize the business problem you're trying to solve, so at least you won't be bothered by that. There is plenty of new material to study otherwise-- even tasks as ordinary as logging or deploying a servlet are vastly different than what you're probably used to. I remember I once read an article on the web about a new Java spec, the article was called "Don't make me eat the elephant again!" Well, if you're new to OSGi and want to get started.... break out the silverware!

In some ways, I'd compare Felix to an application server. It's an environment you use to deploy your applications, and it comes complete with a shell language used to administer the container. (The shell language, called 'Gogo', is given it's own chapter. You're also given Gogo commands throughout the book as you develop, deploy, and run your application.)

OSGi specifies a "Bundle Repository", which is a place where you can place your deployment artifacts so others can access them when they're listed as dependencies to their applications. (All this is done in the manifest files, by the way. You're given a good overview of all of this.) The OBR is yet another part of the landscape that will become important to you, so it's given good coverage in several chapters as you need to access it.

The development tasks are carefully covered. You are given very clear instructions on Maven to start, later on the author might withhold a little information to make you work a little. (Hint: the book's sample code fills in gaps nicely, if you get stuck.) The book also includes a series of 'Pop quizzes' to help you check your understanding of the material. More than once I found I might've been reading a little too quickly and paged back-- sure enough, the material had been presented, but I hadn't been paying enough attention. I liked this part of the book.

The application you're building is realistic enough, and you incrementally add functionality to it to make it something similar to what you might actually need in the real world. You start with the basic object model needed for a CRUD application, then add on niceties like a text UI, logging, a graphical interface, etc. Along the way you're introduced to things like iPojo, which is a dependency injection mechanism for OSGi. (Remember that elephant? Here's a small chunk...)

The book ends with a nice-to-have chapter on troubleshooting issues and two appendices. The first one covers the development environment, Maven/Eclipse. The second one covers advanced topics that should be within reach for the reader by the time they've reached the end of the book.

So, what's the bottom line? I'd say this book is good for anyone who wants to learn OSGi in general, or Felix in particular. No prerequisites exist, except maybe basic competency in Java. For developers just shopping around for an instructional book, without a need to pick up OSGi..... I'd say maybe not. (Why clutter your brain with this stuff, unless you're going to put it to good use?) Overall, the book is well written and presents things in an easily understandable way. On a scale of 1 — 10, I'd give this book an 8.1.

You can purchase OSGi and Apache Felix 3.0, Beginner's Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

snydeq writes "Amazon Simple Email Service and Amazon Web Services look to be a potent combination for businesses and developers, no matter which side of the law they're on, InfoWorld reports. The newly announced bulk email service, which will enable Amazon customers to send 100 emails for a penny, could prove enticing to those seeking a cheap way to bombard inboxes with spam, malware, and phishing lures. Amazon claims its in-house content filtering technology should assuage anyone thinking SES will be used by scammers. 'Those assurances aren't entirely heartening, though, unless Amazon is way ahead of the curve with content-filtering technology. Email services and software vendors have tried for years to keep spam and other unwanted messages from showing up in users' viewing pane, but the crud keeps slipping through.'"

brothke writes "When someone calls 911 in a panic to report an emergency, within seconds the dispatcher knows where the call is coming from, and help is often only moments away. When it comes to computer security incidents, often companies are not as resilient in their ability to quickly respond. Take for instance the TJX Cos. data breach, where insecure wireless networks were compromised for months, revealing millions of personal records, before they were pinpointed and finally secured. Once made aware of the issue, it took TJX an additional few months until the situation was completely in control and secured. In Computer Incident Response and Product Security, author Damir Rajnovic provides the reader with an excellent and practical guide to the fundamentals of building and running a security incident response team. The book is focused on getting the reader up to speed as quick as possible and is packed with valuable real-world and firsthand guidance." Read on for the rest of Ben's review. Computer Incident Response and Product Security author Damir Rajnovic pages 256 publisher Cisco Press rating 8/10 reviewer Ben Rothke ISBN 1587052644 summary Provides a good overview of the topic of computer incident response and product security Be it a IRT (Incident Response Team), CIRT (Computer Incident Response Team), CERT (Computer Emergency Response Team), or CSIRT (Computer Security Incident Response Team); whatever the term used, companies desperately need a process and team to formally respond to computer security incidents. The simple equation is that to the degree the incident is quickly identified, handled and ameliorated; is to the extent that the damage is contained and limited.

At just over 200 pages, the books 13 chapters provides an excellent foundation on which to start a CIRT. The book is divided into two parts. Chapters 1-6 form part 1, Computer Security Incidents, with part 2 being on Product Security.

Chapter 1 provides a basic introduction to the topic on why an organization should care about computer security incident response. This brief chapter touches upon the various business impacts, in addition to the legal and other reasons necessary for establishing a CIRT.

Chapter 2 lays down the 6 steps in which to establish an IRT, which are: defining the constituency, ensuring upper-management support, obtaining funding, hierarchy, team structure and policies and procedures. Each of these steps is crucial, and a mistake too many organizations make is to leave one or more out. Only later when an incident occurs, which often takes an inordinate amount of time to fix, do these companies realize that their IRT was incomplete and inadequate in the first place.

The chapter includes an interesting look at the various types of IRT teams that can be created; namely central, distributed or virtual. The book notes that if you don't have sufficiently strong support from senior organizational executives to form a real IRT (which should be a huge red flag right there), a virtual team is a good option. Virtual teams can be easier to set up as they are less formal with fewer bureaucratic hurdles. While there are benefits to a virtual IRT, companies that are truly serious about computer security will ensure that they have a formal and dedicated IRT in place.

In chapter 3, Operating an IRT, the author details the items needed to successfully operate an IRT. One of the soft skills the author discusses is effective interpersonal skills. The author writes that one situation that can arise when handling an active incident is that the person reporting the incident may say offensive things or become abusive to the IRT analyst. This behavior is generally the consequence of the attack, indicating its urgency. When dealing with such a person, it is imperative that IRT analyst not get caught up in the user's behavior. Rather they must focus on determining the appropriate method to fix the problem.

While part 1 is around the computer security incident itself, part 2 deals with product security. Most organizations create their IRT around computer security incidents. In chapter 8, the author writes about the need to create a product security team (PST) to deal with security issues related to vendor products.

Every software and hardware product has security flaws, be it Cisco, Juniper, Check Point and others. By understanding this and having a PST to deal with vendor security issues, a company will be adequately protected. In truth, only large companies will have the budget to support an independent PST in addition to an IRT.

In many ways, the PST is simply a specialized section of the IRT, with specific expertise around a specific product set. Many firms already have some sort of PST in place to deal with Patch Tuesday, which is the second Tuesday of each month when Microsoft releases security patches.

Overall, Computer Incident Response and Product Security provides a good overview of the topic. At 215 pages, the book should be seen as an introduction to the topic, not a comprehensive reference. The reason is that a topic such as security incident response requires much broader coverage given the extent of the requirements encompassed. In some ways though, its conciseness is its advantage, as a 750 page tome, while adequate for the subject, may overwhelm many, if not most readers. Also, the author has the ability to adequately discuss topics in a manner while brief, does cover the topic issues.

At $49-, the book is moderately priced, given the value of the content. For those on a limited budget, the Handbook for Computer Security Incident Response Teams from CERT provides a good overview of the topic. While the handbook was last revised in 2003, much of the core concepts around incident response are immutable.

As this title is from Cisco Press and the author an employee of the Cisco Product Security Incident Response Team (PSIRT), the book has a definite Cisco slant. While Cisco products are often referenced, this though is not a book from Cisco marketing. More importantly, as part of the Cisco PSIRT, the author has first-hand knowledge of one of the world's premier IRT.

For those serious about computer security and incident response, Computer Incident Response and Product Security should be one of the required books for every member of the team.

Ben Rothke is an information security professional and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Computer Incident Response and Product Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Of all the better-known content management systems, Drupal is oftentimes criticized for having the steepest learning curve. Yet that would only be a valid charge as a result of Drupal's great power and flexibility — particularly in the hands of a knowledgeable Drupal developer. But how can the interested programmer begin gaining those skills, as quickly as possible? One approach is to read and work through the examples of an introductory book, such as Foundation Drupal 7, written by Robert J. Townsend (except for a chapter contributed by Stephanie Pakrul)." Read on for the rest of Michael's review. Foundation Drupal 7 author Robert J. Townsend pages 328 pages publisher friends of ED rating 6/10 reviewer Michael J. Ross ISBN 978-1430228080 summary A guide to getting started building websites using Drupal. The book was published on 15 December 2010, under the ISBN 978-1430228080, by "friends of ED", which is both a division of Apress and arguably a baffling name for a publisher's imprint. The book's material spans 328 pages, grouped into 12 chapters and four appendices. The publisher's page offers a description of the book, and a link for purchasing the e-book version. Visitors can also read a few dozen of the least interesting pages in the book, using a lame modal interface "powered" by Google Preview's book viewer system. As of this writing, the author's own site for the book appears to have no useful content. In fact, even a few weeks after the publication of the book, the site had no word as to how to use the site or even obtain an account, and there is nothing pertaining to that in the book. Now, it appears to be the beginnings of a demo site.

The book's chapters can be loosely grouped into four parts: The first three chapters provide an overview of Drupal, and explain how to set up a local Web server, install Drupal 7 on it, and configure the new site. The material composes an adequate introduction, but there are some false statements readers should watch out for, such as: newly created blocks are added to nodes (page 15); "Drupal will not run on most inexpensive hosting plans" (pages 19 and 20); "server settings and update notifications must be configured" (page 35; actually, they are optional); "the default Garland theme" (pages 40 and 55; no longer true in Drupal 7); a block can be any shape (page 48; as long as it's a rectangle!). But the discussion on multisite setups — while likely intimidating for Drupal newbies — is well worth reading by anyone who has not yet tried running multiple sites from a single Drupal instance. However, the ."demo.d7" suffix (page 28) should have been explained. In the introduction, the author noted that the book is primarily intended for readers who have little or no experience with content management systems in general, and Drupal in particular. The early chapters hew to that approach, going so far as to briefly present the basics of databases — material that experienced programmers can safely skip.

Node fields, content types, taxonomies, users, roles, permissions, and modules (both core and contributed) are key components in building a site with Drupal — and they are explicated in Chapters 4 through 7. The narrative is quite descriptive, and readers new to Drupal may find some of it tough going; but it will be worth their while to read through all of the material, at least once, while exercising their newfound knowledge on a test installation of Drupal 7. Most of the discussion is clear and straightforward, but a few spots will likely perplex readers, e.g., "all search fields are hidden by default when either search view node is enabled" (page 85; what search view nodes?). Also, on pages 69 and 87, the author advises readers to limit a system name to seven characters, but each example given exceeds that number. Such inconsistencies can prompt readers to begin questioning the author's advice and attention to detail. As a resource perhaps unique to this Drupal book, the sixth chapter explores the purpose and basic usage of most of the core modules not enabled by the standard installation. Drupal newcomers invariably wonder what contrib modules they should first be trying out and learning, and the author presents several of them in the seventh chapter, which includes a helpful comparison of using the Webform module versus nodes for collecting data from users.

Nonprogrammer website creators — who must rely entirely upon the GUI of a content management system to build a site — are strongly influenced by the visual appeal of a CMS's built-in themes, and not necessarily its flexibility or other differentiating factors. (One can only speculate as to how many such people have chosen Joomla over Drupal based upon the former's more attractive default themes.) Thus, theming can be especially significant to non-technical Drupal site creators, and is covered in the next two chapters, the first of which was authored by Stephanie Pakrul. To illustrate the ideas discussed, she uses her own Vibe theme, which is a sub-theme of Fusion. Unfortunately, as of this writing, there are no releases of Vibe, so it is not clear how readers are expected to download it as instructed (on page 174). Consequently, readers won't be able to see on their own Drupal installations what she shows in the screenshots. This is just one more example of how this book appears to be unfinished. Some readers may become frustrated with the way that she often gives instructions but fails to identify the page on which to perform them. Also, the Skinr block settings shown in the book look nothing like what I am seeing using the latest versions of Fusion and Skinr, but that may be due to Vibe missing. Skinr's project page currently warns that it is not stable or functional for Drupal 7; this makes it a poor choice for a book aimed at beginners, who can be easily derailed by such problems. Several details are incorrect, e.g., the Firebug technique shown in Figure 8-14 does not use double-clicking, as stated, but simply mouse hover. Chapter 9 provides advice on using Photoshop and Illustrator CS5 for working with layouts, text, colors, and images in designing Drupal themes.

The last three chapters discuss topics related to deploying a site. Chapter 10, "Going Live," presents the details of the author's strategy for using separate sites for development, staging, and production. This involves executing Linux commands on the command-line, and at one point even deleting the public_html directory and creating a symbolic link. It is easy to imagine readers being hesitant about doing so — especially in a client's account — and for such people, using only an FTP application might be more palatable, even if it takes extra time. The next chapter offers some valuable best practices for maintaining a production site, including techniques to be automatically notified when installed modules become out of date. The last chapter, "Translating Business Requirements to Drupal Functionality," may at first glance seem inappropriately placed at the end of the book, because shouldn't the developer analyze the client's business requirements before beginning any work on their future website? But this chapter does belong at the end, because most of its topics will make a lot more sense to the reader after she has learned the basics of a Drupal site. The only confusing aspect of this material is the author's recommendation to add 25 percent to both the amount of estimated time to complete a project and also one's hourly rate, with no explanation for the rate increase. Nonetheless, the chapter presents some worthy advice on how to be a more effective Drupal site builder.

The book's four appendices briefly cover search engine optimization for Drupal sites; Drush (a command-line shell for Drupal); a survey of more than 50 useful contrib modules; and usage of the Views module to address some common query-building needs. Note that the Views carousel module — which is one of two image slideshow modules listed — was deprecated awhile ago.

All of the chapters except the first are capped off with summaries, which add no value to the book and consist mostly of unneeded reminders that begin with "I talked about," "I then talked about," etc. One of the summaries (page 214) states that a particular website was used as an example, but it wasn't even mentioned in the chapter itself. A strength of the book is that there are plenty of screenshots throughout, and most of them are helpful. But their captions typically repeat information stated immediately before the figure, and thus add unnecessary text.

Readers may become disappointed with an overall sense that the book was not crafted and edited properly, perhaps in a desire to rush it to market in order to cash in on the growing interest in Drupal and the release of Drupal 7. Any such urgency could account for the poor decisions in the production of the book. Some of the material appears unfinished, or at least unpolished. For instance, Chapter 1 ends quite abruptly, with no chapter summary, unlike all the others. The first part of a sentence on page 184 is completely missing.

It is not always clear as to which problems are caused by the authors, and which by the publisher. As a minor example, many of the module names are incorrectly presented in all lowercase (especially in Chapters 6, 7, and 11), in some cases rather pointedly (e.g., "cck") and in others a bit confusingly when in mid-sentence (e.g., "views"). Was that the author being sloppy, or an overzealous copyeditor who did not realize that title case is appropriate for the proper names of the modules?

Some of the problems could only originate from the author. There are countless instances of weird and perplexing instructions, such as "log on and log in" (page 266). On one page alone (127), readers will encounter "Make sure the configure it after saving if applicable" and "Configuration, Languages should be screen text style." There are numerous errata: "postgresql" (page xvii), "blog" (page 15; should read "block"), "minimum the PHP requirements" (21), "Drupal 7-1 to 7-2" (35), "ä" (60), "of [a] single" (68), "of [the] fields" (74), "per-configured" (76), "a decimal [point]" (77), "be round[ed]" (77), "by [a] user" (83), "how which fields" (85), "requires updated or not" (131), "delimeter" (163), "ie" (175), "This [is] where" (196), "comments are will" (198), "aka" (226, 270, and 278), "is usually means" (240), "site to bake" (243), and "described in earlier in the chapter" (248).

The pace of explanation varies tremendously, from one section to the next. For instance, several paragraphs might discuss fundamental Drupal concepts slowly, with full explanations, and then only a page later the reader is entangled in fairly advanced topics, with little or no preparation. Many readers will find appealing the informal conversational style — although in a few instances the wording is unintentionally humorous, such as the phrase "most exciting" transformed into "most excitedly" (page xxi).

Other problems can only be laid at the feet of the publisher, such as incorrectly bolded words, even for individual characters in words (e.g., pages 87, 110, 233). The publisher chose to use the smallest font of any technical book I've ever seen, and consequently people with vision limitations may have difficulty reading the text. Also, many of the screenshots are rather pale; in most cases this is not a problem, but some of the images look fuzzy. In contrast (no pun), the image in Figure 9-4 is an unreadable black rectangle containing a stack of smaller gray rectangles, and the background is effectively indiscernible. Readers will wonder how the production team let that obvious problem slip through the cracks. The image used for Figure 4-15 evidently had its right side chopped off. Several of the pages contain small gray and brown lines, dots, and splotches; but those blemishes may be limited to my copy of the book.

Writing and releasing a book prior to the final release of the software, is always fraught with danger. Some of the Drupal-generated warning and error messages mentioned in the book differ from what would be seen using the final 7.0 version, which was not available to the author during the writing of the book. This is likely also the reason why the list of core modules (Table 1-1) is missing the Options module and includes the now-absent Profile module. But that would not explain why the critical System module is missing from the list. Also, the "Secondary menu" mentioned on page 56, is now gone, although secondary links are still part of Drupal 7. In terms of theming, the default site theme is Seven, and not the venerable Garland; also, the Minnelli theme (page 63) — Garland's fixed-width counterpart — was excluded from the final 7.0 release.

In essence, this book was not well executed, and yet it has a lot of promise. A second edition — perhaps for Drupal 8 — could rectify most if not all of these problems. The author's passion for Drupal is evident and inspiring: He shares hard-won and sincere advice for avoiding disaster in working with clients and working on their websites. Also, he notes in the introduction that 10 percent of all profits from the book will be donated to the Drupal Association. Although it is in much need of polishing — and in some places a full overhaul — Foundation Drupal 7 provides information and guidance that would be helpful to anyone who wants to learn how to use Drupal for creating websites.

Michael J. Ross is a freelance Web developer and writer.

You can purchase Foundation Drupal 7 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

miller60 writes "Amazon Web Services has rolled out Elastic Beanstalk, a free feature which automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. AWS execs tell GigaOm that Beanstalk represents a move up to Platform-as-a-Service and is designed 'to address the idea of vendor lock-in and inflexibility that commonly afflicts other platforms for application development.' Meanwhile, Amazon rival Rackspace Hosting has extended its cloud platform to its European data centers, opening the service to customers bound by data protection regulations, and says it now has more than 100,000 cloud customers."