Slashdot Mirror

Ray Lodato writes "Few people would deny that the world has changed significantly since the explosion of the Internet. Our access to immense volumes of data has made our lives both easier and less secure. Hal Abelson, Ken Ledeen, and Harry Lewis have written an intriguing analysis of many of the issues that have erupted due to the ubiquity of digital data, not only on the Internet but elsewhere. Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion, published by Addison-Wesley, digs into many of the ramifications of making so much information available to the world at large. As I read through the book, I was alternately fascinated and horrified at what information is available, and how it is being used and abused." Keep reading for the rest of Ray's review. Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion author Hal Abelson, Ken Ledeen, Harry Lewis pages 384 publisher Addison-Wesley Professional rating 9/10 reviewer Ray Lodato ISBN 0137135599 summary An intriguing analysis of how computers and the internet have fundamentally changed our personal lives. While the subject matter is primarily about a technology that many people may still not comprehend, the book is written at a level permitting most people to understand how it affects them. There is sufficient tutorial information on how the Internet functions to allow all to follow the reasoning. For those more web-savvy, there are many references to web sites illustrating the authors’ points. The reader is encouraged to check them out as you go. While there is a natural flow from one chapter to the next, each one is sufficiently encapsulated so that you can read chapters in any order you like.

The first chapter of Blown to Bits sets the tone of the book by providing examples of how the new technology is both a boon and a menace. As an example of the former, Tanya Rider, who was trapped in her car after an horrific crash, was rescued days later by using the technology behind her cell phone to pinpoint the location of the cellular tower it was “pinging”. In contrast, 13-year-old Megan Meier committed suicide after “Josh” (a fabricated personality) tormented her on MySpace. In each case, the law had a significant role to play. For Tanya, her right to privacy delayed the acquisition of her cell phone location records. In Megan’s case, no law was found to prevent someone from fabricating a MySpace “friend” and saying what they wanted. As the book continues, the clash between the current set of laws and the new capabilities in the digital world is continually spotlighted.

Two chapters are devoted to the vast amounts of data collected on our personal habits, and how the processing power of computers is making it easier for us to extract information that used to be difficult to determine. Most of the information gathered by various companies is permitted by us in the name of convenience. How many of us have signed up for store rewards cards, just to save a few buck here or there? The authors detail how those companies track our purchasing profiles for their own benefit, and sometimes share that information with others. In most cases, they point out that the use in innocuous enough, but the potential exists for damage to us in the form of invading our private lives. In the past, collecting this vast amount of data would require a large investment in people and processing power to extract useful information. The chapter “Needles in the Haystack” shows how the new computers we can purchase today make that power available to anyone with the desire to know. It is made very clear that this data mining is available to anyone with an Internet connection and the desire to explore.

Two other chapters dig into how information can be hidden in files, both deliberately and unknowingly. For example, the metadata that describes a document is stored along with the actual content, and that metadata may not be something you want shared. Another example is how sensitive information in an official document was supposedly redacted (censored with a black bar) yet, unknown to the document owner, the underlying document contained the entire text which was easily retrieved. Data encryption by the general public is a subject of great concern to governments around the world. The chapter on data encryption explains how the FBI attempted to hamper independent efforts to create a strong public encryption algorithm in the name of national defense. Abelson, Ledeen, and Lewis weigh the pros and cons of unbreakable encryption in the hands of the general public with the need of the government to insure terrorist plots cannot be hidden from the Defense Department. This chapter ends with a discussion of how anyone using a browser to purchase goods on the internet uses encryption, and how that’s principally the only use of encryption by the average user.

The final three chapters explore the legal ramifications of the digital age, and how the judicial system has lagged behind. Many news stories have described the fight for ownership of media, especially in the case of the RIAA (Recording Industry Association of America) suing many individuals for allegedly sharing songs. Blown to Bits goes into depth describing the issues on both sides of this case. RIAA’s filing of over 26,000 lawsuits in five years is given as a chilling example of how a large organization can abuse the legal system that has not yet adjusted to the new realities of the ease of copying original works. The concerns surrounding free speech on the Internet include the availability of pornography and inflammatory messages. How do you rationalize protecting those who do not wish to be subjected to certain text or images against the rights of those who wish to make them available? No clear answers are provided, but many facets of the discussion are revealed.

Blown to Bits is a fascinating read which will get you thinking about how technology is changing our lives, for better and for worse. Each chapter will alternatively interest you and leave you appalled (and perhaps a little frightened). You will be given the insight to protect yourself a little better, and it provides background for intelligent discussions about the legalities that impact our use of technology.

You can purchase Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity is an interesting and eye-opening look at how banks and credit card companies make ID theft and fraud rather elementary. But with all that, this book must be read in the larger context of how today's society deals with, and is often oblivious to, risk. When is comes to risk, American society tolerates tens of thousands of drunk-driving deaths, gives millions in federal tobacco subsidies, and is oblivious about near-epidemics such as heart disease, obesity, and diabetes. With all that, it is doubtful that the myriad horror stories Zero Day Threat details will persuade Congress or the other players to do anything to curtail the problem with identity theft and internet fraud." Keep reading for the rest of Ben's review. Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity author Byron Acohido & Jon Swartz pages 304 publisher Union Square Press rating 9 reviewer Ben Rothke ISBN 978-1402756955 summary Excellent overview on the epidemic of indent theft The internet and web have indeed revolutionized society, and there is hardly an industry that has not been positively affected by the net. On the down side, the net is the new conduit for criminals. For example, in the few years before the web became ubiquitous, U.S. and international law enforcement nearly had a noose around the child pornography industry and brought it to a near standstill. After the web, authorities have given up hope that child pornography can ever be contained.

Similarly, white-collar crime and fraud has been exacerbated by the net. Zero Day Threat details the various loopholes that criminals use to carry out their attacks and crimes. Each of the book's 18 chapters is divided into 3 section, exploiters — which details how the crime lords and their teams carry out the crimes, enablers — which details the history and current practices of credit card companies, banks, credit bureaus, and data brokers, and expediters — which recounts how technology and technologies enable these crimes. I found that the breaking up of the chapters into such triplets is occasionally confusing, and you are left wondering what story you are in.

The book is based on the premise that the payment industry, namely the credit card companies, banks, credit bureaus and data brokers have created an infrastructure that is pliable, nearly endlessly extendable, but paper-thin when it comes to security. The system is built for ease of access, ease of granting credit, but without a robust security infrastructure or privacy controls.

Consider that the PCI Security Standards Council was not created until late 2004, and that will give you an idea how security is anathema to the industry. The outgrowth of PCI is the PCI Data Security Standard which is the first uniformly created set of comprehensive security requirements for enhancing payment account data security. While the industry debates the efficacy of PCI, attackers are busy at work running innumerable fraudulent schemes.

The authors paint an honest appraisal of the lack of security in the industry and have their facts in order, although an occasional hyperbole does creep in, for instance when the authors repeatedly state that the hackers in question went weeks without sleep. But a huge error is where they state in chapter 11 that PCI is controversial, with some merchants complaining that it is too costly to implement. There is nothing controversial about PCI, and the security controls it requires are sorely needed. While merchants express their discontent about security and its associated costs, attackers steal from underneath them. The quicker the merchants get that they needed security, the quicker the attacks will stop. But as the book shows, that will not happen anytime soon.

Part of the reason why identity theft will not go away anytime soon is similar to the problem in the air traffic control industry, as detailed in Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It. There are too many players in the game, all of which focus on their own interests, and no one wants to take responsibility for the problem. The fact that the Social Security number (SSN) is still used as a key personal identifier, combined with the ease at which an individual 's SSN can be obtained and misused should be enough to give anyone pause.

The primary purpose of a SSN has been to track individuals for taxation purposes. But in the last decade, the SSN has become a de facto national identification number. When established in the 1930s, the Social Security Administration meant for the SSN to be used as a way to track a person's earnings for Social Security benefits. Despite its narrowly intended purpose, the SSN is now used more for non-Social Security purposes, than for the reason it was created. Today, SSNs are used for identity verification, and are the de facto identifier for the credit and financial services industry. With SSNs being aggregated by the millions, they are the fodder for the stories in the book.

Book such as Silent Spring, which helped launch the environmental movement, and The Jungle, which exposed the corruption of the American meatpacking industry, were watershed books that changed America. While Zero Day Threat is not in the same category as either of these books, it is highly unlikely that the level of outrage it will create will be much, nor the indignation significant. Because as bad as identity theft is, and as much grief as it causes, there are far too many politicians, powerful companies, lobbyists and more that are in the way of any change.

Nonetheless, Zero Day is a most interesting look at the many players that work together to facilitate the countless identity theft rings. The book is an absorbing look at the many international players and their enablers involved. While identity theft is not going away anytime soon, Zero Day Threat details the problem, and shows what you can do to ensure that you are not a victim.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity is an interesting and eye-opening look at how banks and credit card companies make ID theft and fraud rather elementary. But with all that, this book must be read in the larger context of how today's society deals with, and is often oblivious to, risk. When is comes to risk, American society tolerates tens of thousands of drunk-driving deaths, gives millions in federal tobacco subsidies, and is oblivious about near-epidemics such as heart disease, obesity, and diabetes. With all that, it is doubtful that the myriad horror stories Zero Day Threat details will persuade Congress or the other players to do anything to curtail the problem with identity theft and internet fraud." Keep reading for the rest of Ben's review. Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity author Byron Acohido & Jon Swartz pages 304 publisher Union Square Press rating 9 reviewer Ben Rothke ISBN 978-1402756955 summary Excellent overview on the epidemic of indent theft The internet and web have indeed revolutionized society, and there is hardly an industry that has not been positively affected by the net. On the down side, the net is the new conduit for criminals. For example, in the few years before the web became ubiquitous, U.S. and international law enforcement nearly had a noose around the child pornography industry and brought it to a near standstill. After the web, authorities have given up hope that child pornography can ever be contained.

Similarly, white-collar crime and fraud has been exacerbated by the net. Zero Day Threat details the various loopholes that criminals use to carry out their attacks and crimes. Each of the book's 18 chapters is divided into 3 section, exploiters — which details how the crime lords and their teams carry out the crimes, enablers — which details the history and current practices of credit card companies, banks, credit bureaus, and data brokers, and expediters — which recounts how technology and technologies enable these crimes. I found that the breaking up of the chapters into such triplets is occasionally confusing, and you are left wondering what story you are in.

The book is based on the premise that the payment industry, namely the credit card companies, banks, credit bureaus and data brokers have created an infrastructure that is pliable, nearly endlessly extendable, but paper-thin when it comes to security. The system is built for ease of access, ease of granting credit, but without a robust security infrastructure or privacy controls.

Consider that the PCI Security Standards Council was not created until late 2004, and that will give you an idea how security is anathema to the industry. The outgrowth of PCI is the PCI Data Security Standard which is the first uniformly created set of comprehensive security requirements for enhancing payment account data security. While the industry debates the efficacy of PCI, attackers are busy at work running innumerable fraudulent schemes.

The authors paint an honest appraisal of the lack of security in the industry and have their facts in order, although an occasional hyperbole does creep in, for instance when the authors repeatedly state that the hackers in question went weeks without sleep. But a huge error is where they state in chapter 11 that PCI is controversial, with some merchants complaining that it is too costly to implement. There is nothing controversial about PCI, and the security controls it requires are sorely needed. While merchants express their discontent about security and its associated costs, attackers steal from underneath them. The quicker the merchants get that they needed security, the quicker the attacks will stop. But as the book shows, that will not happen anytime soon.

Part of the reason why identity theft will not go away anytime soon is similar to the problem in the air traffic control industry, as detailed in Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It. There are too many players in the game, all of which focus on their own interests, and no one wants to take responsibility for the problem. The fact that the Social Security number (SSN) is still used as a key personal identifier, combined with the ease at which an individual 's SSN can be obtained and misused should be enough to give anyone pause.

The primary purpose of a SSN has been to track individuals for taxation purposes. But in the last decade, the SSN has become a de facto national identification number. When established in the 1930s, the Social Security Administration meant for the SSN to be used as a way to track a person's earnings for Social Security benefits. Despite its narrowly intended purpose, the SSN is now used more for non-Social Security purposes, than for the reason it was created. Today, SSNs are used for identity verification, and are the de facto identifier for the credit and financial services industry. With SSNs being aggregated by the millions, they are the fodder for the stories in the book.

Book such as Silent Spring, which helped launch the environmental movement, and The Jungle, which exposed the corruption of the American meatpacking industry, were watershed books that changed America. While Zero Day Threat is not in the same category as either of these books, it is highly unlikely that the level of outrage it will create will be much, nor the indignation significant. Because as bad as identity theft is, and as much grief as it causes, there are far too many politicians, powerful companies, lobbyists and more that are in the way of any change.

Nonetheless, Zero Day is a most interesting look at the many players that work together to facilitate the countless identity theft rings. The book is an absorbing look at the many international players and their enablers involved. While identity theft is not going away anytime soon, Zero Day Threat details the problem, and shows what you can do to ensure that you are not a victim.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Zero Day Threat: the Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Josh Skillings writes "The author, Chad Fowler, draws upon his experiences as a software engineer, a team leader over a group of Indian developers, and as a jazz musician, to describe 52 ways or tips that will help you to become a more valuable employee. These tips are described in two or three pages each, and are usually illustrated by a practical example or story. The tips are well thought-out, well-explained and make sense. Chad draws upon the open source movement as well, highlighting ways that contributing to and learning from open source can improve your career. These tips gave me greater respect and appreciation for the open source movement in general." Read on for the rest of Josh's review. My Job Went To India (and All I Got was This Lousy Book) author Chad Fowler pages 185 publisher The Pragmatic Bookshelf rating 8 reviewer Josh Skillings ISBN 0-9766940-1-8 summary Offers 52 ways you can keep your software engineering job, or grow yourself into an even better job. Chad encourages the you to think of your career as life cycle of a product, and as such divides the 52 tips into the four areas of "Choosing Your Market", "Invest in your Product", "Execute", and "Market", and then two extra groups called, "Maintaining Your Edge", and "If you Can't Beat 'Em". This grouping works surprisingly well and provides an overarching context that makes sense. Many of the tips have specific calls to action at the end, which are useful if you don't already have ideas on how to apply the tip.

For example, under "Choosing Your Market", tip #7 "Don't Put Your Eggs In Someone Else's Basket", Chad encourages you to refrain from learning vendor-specific technologies that can disappear with the vendor, and then calls you to action by suggesting you write a small project in a technology that competes with the technology you are used to using. This will help you understand why the technology exists to start with and what opens your horizons for what might be coming next.

Under the section "Investing in your Product", tip #14 called "Practice, Practice, Practice", Chad offers suggestions on how software engineers can get even better by specific kinds of focused practice. The action items at the end of the section suggests practicing "Code Katas" katas similar to martial artists, but instead in code and in different languages.

With 52 tips, this book has a lot of tips, a tip for every week of the year, but you should expect to spend much longer than a week on most of them. A few of the tips you are probably doing already, but many of them you aren't. Some of the tips are fairly straight forward and easy to put in to practice. You could spend your entire life attempting and never achieve some of the other tips, such as tip #39, "Release Your Code." The ultimate goal of this tip is to be able to say in a job interview, "Oh, are you running Nifty++? I can help you with that- I wrote it." Chances are this scenario won't ever happen to you, but by working towards this goal in the ways the book outlines, you will definitely become a better, more valuable software engineer. Many of the tips will make you a better person in general, regardless of your career, such as tip #28, "Learn How To Fail", where Chad emphasizes how to fail gracefully and the rewards that can be learned from failure. This wide range of time, difficult, and application of the tips gives you something to work on today, next week, and next year.

The title of the book is silly. Yes, it was catchy enough for me to notice in the bookstore, with the red cover and the homeless (software engineer?) holding a sign, "Will Code For Food". So from that point of view, the cover worked. However, unless you've read the book, you might think it's as campy as the cover and wonder if it is somehow anti-Indian. I think a better title would be along the lines of "How to Get Any Job You Want", since if you can master all of these tips, you'll be the best there ever was.

While I didn't expect any specific technical advice, I would have liked some. I understand that an author needs to be sensitive to how fast technology changes, however just one tip with a warning: "This information is my opinion on April 11, 2007 and will probably change tomorrow". And then describes about how Subversion is a great tool, Python is a great language to learn, and learning design patterns can make your life easier, would have been appreciated. A tip like this would help you to understand the author a bit better and further encourage you to learn more.

If you want to improve yourself and you can accept advice, this book is for you. You will find things you can do better and skills you've never considered. Like some of the other Pragmatic Programmer books, I will never be able to master everything in this book, so I'll be reading this book again and again, trying to get better every time. Don't let the cover put you off, this is a great book.

You can purchase My Job Went To India (and All I Got was This Lousy Book) from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

NewsTrust is, to quote from the site's header, "Your guide to good journalism." Specifically, NewsTrust links to stories published both by well-known media and by less-known blogs, and asks its users to rank and review those stories on accuracy, balance, context, evidence, fairness, importance, information, sources, style, and trust. It's an ambitious effort with an impressive group of advisors, that is starting to be taken very seriously by a growing number of people who follow media matters closely. Founder Fabrice Florin is reasonably impressive himself. He's been a leader in online multimedia content for many years, and if you remember the excellent mid-1980s documentary film Hackers, he's the guy who directed and produced it. Fabrice is kind of a "behind the camera guy," so there aren't a lot of interviews with him out there. Usual Slashdot interview rules apply.

Chad_Wollenberg writes "Anyone who has used a derivative of Unix over the past 20 years has used Bash, which stands for Borne Again Shell. The geek in all of us makes us want to extend our ability to rule the command line. To truly master a Unix environment, you need to know a shell, and Bash is easily the most popular of them. Any Unix/Linux/BSD administrator knows the power at your fingertips is fully extended by what you can do within the Bash environment, and all of us need the best recipes to get the job done." Keep reading for the rest of Chad's review. Bash Cookbook author Carl Albing, JP Vossen, Cameron Newham pages 598 publisher O'Reilly rating 9 reviewer Chad Wollenberg ISBN 978-0-596-52678-8 summary A good book for intermediate and above users of Bash Enter Bash Cookbook. Properly named for the series of O'reilly books that gives you valuable information on subjects in the form of recipes, this book was refreshing in that it was properly organized, and surprisingly contemporary, even citing Virtualized platforms as a way to try out different OS's for Bash. The book does a good job of pointing out the different operating systems that do run Bash, even citing Cygwin for Windows. They also use the POSIX standard, so that all of the examples are portable across platforms.

Bash Cookbook is by no means for the feint of heart. It seems that the book is meant for intermediate and above users of Bash. However, the first several chapters do a significant job of over viewing basic concepts of Bash navigation and combing simple commands. The book quickly changes gears to complex statements on how to get things done in Bash.

By Chapter 7, Bash Cookbook extends out of Bash commands and begins exploring combining the power of bash scripting with useful command such as grep, awk, and sed. To quote the authors, "if our scripting examples are going to tackle real-world problems, they need to use the wider range of tools that are actually used by real-world bash users and programmers." And that is exactly what they do. This chapter alone gave me the ability to do more in the command line environment simply by explaining the functions of the scripts put forth. That is something that any reader, intermediate to expert, can take from this book. The detailed explanations really do give everyone the ability to learn something about the commands, and the references to additional resources often lead me to the computer, looking up further details.

I found Chapter 11 to be very useful (pun intended) finally grasping some concepts on the find command that have previously escaped me. From Chapter 12 on, the book focuses on writing useful and complex scripts. This is where the book really begins to shine for the Unix enthusiast and system administrator. The scripts found in Chapter 12, and their elaborate descriptions begin to show the true power of Bash scripting, and how much you can automate. Chapter 14 is about securing your scripts, and is a heavy read, but well worth reading for any administrator that would be using their scripts in a production environment.

Just when you think this book has reached its limits, it gives very handy customization examples in Chapter 16 on how to configure and customize Bash. And also goes into common mistakes made by the novice user. Combine all of that with the Appendices for quick reference, and this book has not left my side since it arrived. While I would not recommend this book for the novice user, I would recommend this book to any system administrator that has to work with Unix or Linux. If nothing else, the examples given here are full of good, reusable code to make tasks easier in your day to day functions. Well done.

You can purchase Bash Cookbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "For those who want to stay current in information security, Stepping Through the InfoSec Program is a great book to read after The Pragmatic CSO: 12 Steps to Being a Security Master. While The Pragmatic CSO provides a first-rate overview of the higher-level steps to being a CSO and building an information security program, Stepping Through the InfoSec Program provides the low-level details and nitty-gritty elements on just how to do that." Keep reading for the rest of Ben's review. Stepping Through the InfoSec Program author J.L. Bayuk pages 238 publisher ISACA rating 9 reviewer Ben Rothke ISBN 1604200308 summary The low-down on how to build an information security program Author Jennifer Bayuk spent over a decade at a large brokerage firm building their information security program. Her experience in managing and designing security there is manifest in the book and it is clear throughout the book that she is writing a deep pool of from real-world experience.

The first part of the book contains 3 sections and in just under 150 densely packed pages, the book walks you through the process in which to build an effective information security program. The book details 6 steps in which to facilitate this, namely: strategy, policy, awareness, implementation, monitoring and remediation.

The book starts out and begins to develop the context for an information security program. It astutely notes that an information security program exists only in the context of an organizational management structure. Anyone building an information security program for its own sake, removed from the organizational management structure will quickly find themselves devoid of a budget, and often shortly after that, out of a job.

The books attention to detail and specific definitions are superb. In the opening section, it defines the objectives, prerequisites, typical tasks and performance measures for over 10 different jobs within information security. It then creates a segregation of duties matrix for these jobs. Such detailed information is invaluable to anyone attempting to build a security program.

The main part of the book is in section 2 which steps through what an information security program is, how it is created, how it operates and what resources are required to maintain it. The beauty of the book is that the author understands that information security is not a monolithic undertaking. Rather it must be developed and customized according to the specific needs and requirements of the particular organization. These differences are made clear in the chapter when it details 9 unique information security reporting hierarchies; and deciding on the appropriate reporting hierarchy is not a trivial undertaking.

The book writes that successful information security program development, by definition, must align with organization goals. This alignment can only be achieved if the CISO has an open, two-way communication path to each manager with information security responsibilities. While this is a necessary and realistic goal, far too few CISO's have such communications paths at their disposal, and even less have constituent ears that are receptive to such communications.

Section two provides an excellent overview of metrics and how they can be effectively used. In the last few years, metrics has been the rage in the security community. Individuals such as Pete Lindstrom and groups such as Security Metrics have been at the forefront of such efforts.

But the book notes that metrics for their own sake can also be taken too far. The book references a volume on metrics that has over 900 possible things to measure that would provide security metrics, including such silly metrics as "number of times, by fiscal year, that fines and jail sentences were imposed for altering, destroying, mutilating, concealing or falsifying financial records". Bayuk perceptively observes that any CISO who is measuring these types of concerns and analyzing them for feedback on how to improve their information security program should realistically look for a different job.

Section 3 concludes the main part of the book with a security program case study. The point of the case study is to show how an information security program evolves around changes in the organization it supports. The case study shows that all of the six steps on which the book is premised are indeed necessary.

The final 100 pages of the book detail various sample security policies, standards, procedures and guidelines. All of the policies, standards, procedures and guidelines are well-written and it would have been nice if these would have been available in electronic format.

The book notes that the information security professional has evolved from computer operator to chief information security officer; from controlling punched cards to negotiating strategic plans, defining policies, documenting processes, managing technology, measuring performance, controlling costs, supporting business recovery and demonstrating regulatory compliance. For those that want to make that transition, Stepping Through the InfoSec Program is a most valuable guide to get you there.

The book is written by an author who has significant amounts of real-world experience in a leading edge organization. That unique knowledge and experience is evident after reading the first few pages of the book. The book provides the reader with a comprehensive overview of how to build an effective information security organization.

One final note, don't judge a book by the cover. On the cover are three busy looking executives, all smiling and looking refreshed. The reality is that most people who have taken the time to build effective security programs often emerge from that battle exhausted and battle weary.

For anyone contemplation entering the information security field, or those in it already that need effective direction, Stepping Through the InfoSec Program should be on their required reading list.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Stepping Through the InfoSec Program from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "For those who want to stay current in information security, Stepping Through the InfoSec Program is a great book to read after The Pragmatic CSO: 12 Steps to Being a Security Master. While The Pragmatic CSO provides a first-rate overview of the higher-level steps to being a CSO and building an information security program, Stepping Through the InfoSec Program provides the low-level details and nitty-gritty elements on just how to do that." Keep reading for the rest of Ben's review. Stepping Through the InfoSec Program author J.L. Bayuk pages 238 publisher ISACA rating 9 reviewer Ben Rothke ISBN 1604200308 summary The low-down on how to build an information security program Author Jennifer Bayuk spent over a decade at a large brokerage firm building their information security program. Her experience in managing and designing security there is manifest in the book and it is clear throughout the book that she is writing a deep pool of from real-world experience.

The first part of the book contains 3 sections and in just under 150 densely packed pages, the book walks you through the process in which to build an effective information security program. The book details 6 steps in which to facilitate this, namely: strategy, policy, awareness, implementation, monitoring and remediation.

The book starts out and begins to develop the context for an information security program. It astutely notes that an information security program exists only in the context of an organizational management structure. Anyone building an information security program for its own sake, removed from the organizational management structure will quickly find themselves devoid of a budget, and often shortly after that, out of a job.

The books attention to detail and specific definitions are superb. In the opening section, it defines the objectives, prerequisites, typical tasks and performance measures for over 10 different jobs within information security. It then creates a segregation of duties matrix for these jobs. Such detailed information is invaluable to anyone attempting to build a security program.

The main part of the book is in section 2 which steps through what an information security program is, how it is created, how it operates and what resources are required to maintain it. The beauty of the book is that the author understands that information security is not a monolithic undertaking. Rather it must be developed and customized according to the specific needs and requirements of the particular organization. These differences are made clear in the chapter when it details 9 unique information security reporting hierarchies; and deciding on the appropriate reporting hierarchy is not a trivial undertaking.

The book writes that successful information security program development, by definition, must align with organization goals. This alignment can only be achieved if the CISO has an open, two-way communication path to each manager with information security responsibilities. While this is a necessary and realistic goal, far too few CISO's have such communications paths at their disposal, and even less have constituent ears that are receptive to such communications.

Section two provides an excellent overview of metrics and how they can be effectively used. In the last few years, metrics has been the rage in the security community. Individuals such as Pete Lindstrom and groups such as Security Metrics have been at the forefront of such efforts.

But the book notes that metrics for their own sake can also be taken too far. The book references a volume on metrics that has over 900 possible things to measure that would provide security metrics, including such silly metrics as "number of times, by fiscal year, that fines and jail sentences were imposed for altering, destroying, mutilating, concealing or falsifying financial records". Bayuk perceptively observes that any CISO who is measuring these types of concerns and analyzing them for feedback on how to improve their information security program should realistically look for a different job.

Section 3 concludes the main part of the book with a security program case study. The point of the case study is to show how an information security program evolves around changes in the organization it supports. The case study shows that all of the six steps on which the book is premised are indeed necessary.

The final 100 pages of the book detail various sample security policies, standards, procedures and guidelines. All of the policies, standards, procedures and guidelines are well-written and it would have been nice if these would have been available in electronic format.

The book notes that the information security professional has evolved from computer operator to chief information security officer; from controlling punched cards to negotiating strategic plans, defining policies, documenting processes, managing technology, measuring performance, controlling costs, supporting business recovery and demonstrating regulatory compliance. For those that want to make that transition, Stepping Through the InfoSec Program is a most valuable guide to get you there.

The book is written by an author who has significant amounts of real-world experience in a leading edge organization. That unique knowledge and experience is evident after reading the first few pages of the book. The book provides the reader with a comprehensive overview of how to build an effective information security organization.

One final note, don't judge a book by the cover. On the cover are three busy looking executives, all smiling and looking refreshed. The reality is that most people who have taken the time to build effective security programs often emerge from that battle exhausted and battle weary.

For anyone contemplation entering the information security field, or those in it already that need effective direction, Stepping Through the InfoSec Program should be on their required reading list.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Stepping Through the InfoSec Program from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "Most companies would call themselves innovative and would claim they're delivering an above-average service to their customers. Yet, their customers opinions might differ. If you drill a company on their innovation practices, they would probably mention two approaches they employ: 1. Their research department meets with target groups, compiles presentations for the upper management, which then occasionally hands those reports over to the development department. 2. Their research or marketing department comes up with competitive matrix of the products available from competition. In a meeting then, executives see that their product is missing a feature, and hence the development department is assigned the task of adding 'an Internet-enabled installer' to the product, since everybody else offers them, thereby creating market expectations." Read on for the rest of Alex's review. Subject to change author Peter Merholz, Todd Wilkens, Brandon Schauer, David Verba pages 186 publisher O'Reilly rating 7 reviewer Alex Moskalyuk ISBN 9780596516833 summary Creating great products and services for an uncertain world Subject to Change is a book, written by four Adaptive Path veterans describing new approaches to product development and innovation. Who are they to have the authority over the subject? Adaptive Path is a consulting shop helping large and small companies with product design, Web design and industrial design. They're perhaps mostly known to the general public for coining the term AJAX, and articulating the idea of building dynamic Web sites with asynchronous data retrieval, but they certainly didn't invent the technology. Their design experience is behind many products we use today, but due to licensing agreements they're not always at liberty to disclose their customers.

So what do Adaptive Path designers advocate?

Making the design emotional. While the idea itself is not new, this is something that product manufacturers have to face sooner or later. Early Kodak cameras did not succeed because of superior technical qualities or ease of film development — they managed to cross this emotional barrier, where people who previously thought "This is too complicated" after getting a glimpse of the ad or product demo thought "Even I might be able to enjoy this."

Understand people's needs outside of your company-approved usability testing guides. Two great examples provided by the book are Adaptive Path's own usability study of Epinions.com — product review and comparison shopping site. When a woman showed up for usability test with her newborn baby, she was frequently distracted by baby's needs during the test. Bad test candidate? Vice versa. Adaptive Path learned how confusing it could be for someone who needs to get away from the comparison shopping process to come back and quickly realize where they were in the process. Another example has to deal with babies as well — after watching new mothers use the diaper wipes at their homes, Kimberly-Clark researchers redesigned their diaper wipe container to be easily accessible with just one hand.

Make the whole system coherent, not just patch new interfaces throughout product holes. Financial companies and banks certainly suffer from a desire by single group to innovate the others out. My own example — I go to Fidelity Web site, and upon login offered to also check my NetBenefits(SM) or check out the FullView(R). Now, there might be customers who think in those terms, but I surely did not log in to check NetBenefits(SM) or do FullView(R) or check out mySmart Cash Account (SM), I just wanted to find out how my investments were doing. A simple graph would do. Yet my options from Fidelity are either downloading quarterly PDF account statements, and then punching the numbers to create a graph, or going to Account Positions page, where I can view the graphs for every single stock and bond I own for any time value except the time span that I need — from the day I bought the security to today. This is not a rant on Fidelity Investments in general, this is just another example of different groups within the company handling such things as stocks, bonds, retirement planning, cash investments, quarterly account reports, and Web site design. Each group probably doesn't think highly of the existing user interface, and hence the desire to introduce that new simple interface, call it a different name, and expect the customers to get on with a program and use it.

The authors provide a lot of good case studies for design successes and failures to support their point. Case studies are borrowed from outside literature or told in first person — Adaptive Path's customer names are changed to be KeyboardCo or FinanceCo to protect the innocent. The book explores several different permutations of design and relevance:

When design is great, and product is relevant, market success is a given. The example is Apple iPod series. Somewhat less known example is Google Calendar, that outgrew Yahoo! Calendar and MSN Calendar, even though all 3 calendars are tied into Web-based e-mails, and Yahoo! and Hotmail both have market shares multiple of Gmail's.

When design is great, but product is not relevant, market success will be extremely hard to achieve. Segway scooter and Apple G4 Cube come to mind.

When design is bad, but product is relevant, market success will quickly turn into failure as competitors copy the product and invest in design. Diamond Rio, the pioneer of digital music player industry, learned a hard lesson that way.

When design is bad, and the product is irrelevant, it's possible it will never even come out in the market. Adaptive Path's own example of KeyboardCo wanting to implement a downloadable music service right on the keyboard is a good example of this.

Overall the book is informative and inspirational, albeit a bit dry. Chapter 7, dedicated to describing agile approach in software development, seems to be out of place. Maybe it's because I am a software engineer, and have familiarized myself on various development methodologies, the chapter was old news to me, or maybe it's the idea that you're being sold one specific methodology, instead of implementing dozens of small improvements within the product development process, that threw me off.

On page 162 the authors claim "Google and Yahoo!, once technology companies, are now media players, and their advertising-based business models mean they compete more with Los Angeles and New York than their Silicon Valley brethren." Now, I don't see how being a media company leads one to compete with a US municipality. Maybe they meant "New York [Times|Post] and Los Angeles [Times]", in which case it's time to look for another proofreader. But to be fair, I haven't noticed any glaring errors or omissions in the title.

Subject to Change is a good book to read if you're into product development or design. If you're staying abreast of the industry trends, most of it is probably not going to be big news to you, nevertheless, it's a good collection of case studies and a summary of rules relevant for modern-day product development.

You can purchase Subject to Change from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "Cascading Style Sheets are now the dominant method used to format web pages. Even something as simple as modifying a WordPress blog can involve digging around a bit in CSS. A quick search at Amazon on CSS returns over 7 thousand books in the computer category alone. This book claims to be the ultimate, though, and that made me approach it with a bit of skepticism. Sure, it could be a decent reference, but is it truly the ultimate reference? I admit I was curious to see." Read on for the rest of JR's review. The Ultimate CSS Reference author Tommy Olsson & Paul O'Brien pages 420 publisher SitePoint rating 9/10 reviewer JR Peck ISBN 978-0-9802858-5-7 summary All the CSS knowledge you'll ever need. If any book is going to be an acceptable reference there are a few things that are going to need to be in place, no matter what the subject matter. I'd like to discuss those first, from front to back. The table of contents takes up 9 pages. It is specific enough to easily get the reader pointed in the right direction.

The first two chapters cover introductory material, discussing just what CSS is, what it does, and syntax/nomenclature issues. After that, every chapter is reference material, until chapter 16. The last three chapters cover vendor specific properties, various hacks and work-arounds as well as the difference between html and xhtml. Those five chapters are presented more as straight out prose compared to the reference chapters between, though they still use extensive highlighting and background colors to divide and organize content.

The reference chapters are extremely well laid out. A command, property or other item is in bold at the beginning. Below it, highlighted in grey are various arguments that can be used with that item. An example will be given in a colored box. There are two grids. One covers three aspects of the spec for this item; if it is inherited, the initial value and thecss version of the item. There is also a list of browser support for the item in IE6+, FF1+, Saf 1.3+ and Op9.2+. The second grid shows compatibility for three versions of Internet Explorer (5.5, 6.0 and 7.0), three versions ofFirefox (1.0, 1.5 and 2.0), three versions of Safari (1.3, 2.0 and 3.0) and Opera 9.2. When appropriate there is also a discussion of or list of appropriate values and discussion of usage.

At the end of the book is a single appendix which contains an alphabetical index of properties. There is no proper index for the full book, which is not as bad as it could have been, without the other tools, but is still disappointing.

The typography is clear. The book is concise and clear with little wasted space or verbiage. The color scheme for highlighting the various sections is extremely easy to read and pleasant.

There is one more feature of the book that, aside from content, makes it very useful. There is an online edition of The Ultimate CSS Reference and as far as I can tell, it is completely open to use by anyone without any kinds of restrictions. I couldn't find any in my copy of the book, I didn't have to sign up for anything to use the site. This really makes up for the lack of an index as the entire book is searchable from the site. For me, it is the best of both worlds. I have the dead-tree version on my shelf, ready to pull down and satisfy my curiosity. I have the electronic version freely available on the web site, should I need it. The site has the added bonus of including an area for comments on the contents of the book, and there are already some helpful comments and tips there.

I think then, it is safe to say that mechanically this is a more than acceptable reference. The other important piece aside from it being usable, is the quality of the information itself. Good information is useless if one cannot get to it, and a great access system is useless if the information is no good.

The authors, O'Brien and Olsson are themselves extremely experienced in the field and I think it is safe to say they are experts in regards to CSS. The book also had two experienced "Expert Reviewers" in Natalie Downe and Roger Johansson. I couldn't find any problems with the content, and I think that it is safe to say that these four, along with others have done due diligence to provide an accurate guide to CSS.

Is this the ultimate CSS reference? I haven't read the others, and ultimate seems to imply comparison to me. So while it might not be the ultimate, I do feel comfortable recommending it to anyone who needs an extremely usable, accurate reference to CSS. I would even recommend it to a beginner who wants to learn CSS, though they should probably augment this book with something aimed at teaching CSS, not just providing a reference.

You can purchase The Ultimate CSS Reference from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

A year ago we took note when Brian May, guitarist for Queen for the last 30 years, submitted his thesis for a Ph.D. in astrophysics. The news now is that the thesis has been published. You, too, can read all about the population of tiny asteroids and space dust that cause the Zodiacal light. The completed thesis appears as the book "A Survey of Radial Velocities in the Zodiacal Dust Cloud" (Springer and Canopus Publishing Ltd., 2008), available at Amazon for $71.96. May was awarded his Ph.D. last summer and accepted a position as chancellor at a British university in November.

rsiles writes "Honeynet solutions were seen just as a research technology a couple of years ago. It is not the case anymore. Due to the inherent constraints and limitations of the current and widely deployed intrusion detection solutions, like IDS/IPS and antivirus, it is time to extended our detection arsenal and capabilities with new tools: virtual honeypots. Do not get confused about the book title, specially about the "virtual" term. The main reason to mention virtual honeypots, although the book covers all kind of honeynet/honeypot technologies, is because during the last few years virtualization has been a key element in the deployment of honeynets. It has offered us a significant cost reduction, more flexibility, reusability and multiple benefits. The main drawback of this solution is the detection of virtual environments by some malware specimens." Read below for the rest of Raul's review. Virtual Honeypots: From Botnet Tracking to Intrusion Detection author Niels Provos and Thorsten Holz pages 440 publisher Addison-Wesley Professional rating THE current reference about honeynet technologies and solutions. reviewer Raul Siles ISBN 0321336321 summary improve your capabilities with easy to deploy virtual honeypot solutions The detection of honeypots has always been one of the main concerns in the honeynet community, because if the attacker can identify them, they are useless. For this reason, one of the chapters is just focused on providing some light tips and tricks about what an adversary can really accomplish. In fact, we have not seen lots of real-world incidents where the attacker actively checks the existence of honeynet setups.

The first chapter is a very brief introduction to honeynet technologies and basic tools. You can jump through it if you are not new to this field. Then, the book covers the main two honeypot types: high and low interaction. The high interaction section provides details about the tools to virtualize your honeypots: VMware, UML, or more specific solutions, such as Argos. The low interaction section provides details about some the most relevant honeypot types to cover lots of detection scenarios: worms, traditional server attacks, Google Hacking, Web-based attacks, etc. It is a wide overview that will give you lot of ideas for new deployments.

The whole book has been cooked with a how-to mentality , and it explains in detail how to install and configure the different tools and software elements covered. Additionally, it provides guidelines, best practices, and analysis recommendations for each tool based on the authors experience. However, the how to portions take into account that most of the solutions are Linux-based, and the installation and setup process will vary based on the tool version and the Linux distribution you are using (library dependencies, etc). In any case, the step by step guides are very useful as a general setup reference.

From my perspective, the most valuable part of the book is chapters 4 to 6. The authors, Niels Provos and Throsten Holz, are the lead developers/architects for honeyd (chapter 4 and 5) and nephentes (chapter 6), respectively. These two are the most famous and advanced low-interaction server-based honeypot and malware honeypot. They know what they are talking about, and you cannot find a better reference out there for these two tools. The book is an excellent guide, covering the design principles and innovative deployment ideas, to all kinds of configuration options and possibilities, including limitations on real-world scenarios. Chapter 6 is complemented with other less popular malware-based honeypots (except for Honeytrap).

The book includes some extra material covering academic and research hybrid solutions still in their early stages, which can give you and idea of where these technologies are evolving to and the major challenges we are facing now. This pretty much theoretical content is well balanced with the case studies chapter, where real incidents involving different honeypot types are presented. These are always a fun read and a way of getting experience and learn how to deal with intrusions.

Finally, one of the main expansion areas we are involved today is the creation of new client-based honeypot technologies. This book section (highly recommended) does a great job introducing multiple high and low interaction honeyclients currently available, their benefits and drawbacks (chapter 7). This information is perfectly complemented by the last two chapters, focused on tracking botnets and analyzing malware with sandbox environments. Once a client is compromised, it typically becomes a member of a botnet, and for easy and quick categorization, we start by performing a malware analysis of the specimens. I recommend you to add all this knowledge to your incident handling and response capabilities.

Something I would have liked to see in the book is a section about a fully virtualized honeynet environment, showing how using VMware, you can build up a virtual Honeywall (just slightly mentioned on chapter 2) and different honeypots, creating a complete, cheap, mobile and multi-purpose virtual honeynet infrastructure. Also, we receive multiple questions related to this kind of setup in the Honeynet Project mailing lists, because all the previous whitepapers are obsoleted now. I've been deploying these type of solutions for fun and professionally during the last few years and I strongly recommend you to start using them. You won't be disappointed about how much you can learn of what is going on in your networks and systems, and this book is the best starting point.

If you have any relationship with the intrusion detection, incident handling and forensics, threat analysis, or SOC and CERT security side of things, definitely this book is for you. Go through it and improve your capabilities with easy to deploy virtual honeypot solutions. You just need a (not so new) computer, virtualization software, and some time.

I have been working with honeynets during the last 5 years. We founded the Spanish Honeynet Project on 2004, and almost at the same time we became part of The Honeynet Project and released the Scan of the Month 32. The main honeynet/pot book reference till last year was the book published by the Honeynet Project. As this is a rapidly evolving field, definitely it has been replaced by this book, written by two project members.

You can purchase Virtual Honeypots: From Botnet Tracking to Intrusion Detection from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ubuntukitten writes "The Telegraph is running an excerpt from Arthur C. Clarke's last work, called 'The Last Theorem.' Fellow writer Frederik Pohl helped out. It's a reassuring chunk of old-fashioned sci-fi, describing an Olympics that's set on the moon. Typically for Clarkian sci-fi, is very much about the practicalities of mounting a Lunar Olympics, rather than any wild fantasy." The excerpt's centerpiece is a trip to the moon that begins with a space elevator ride. The book will be published on Aug. 1.

Ben Rothke writes "The Pragmatic CSO: 12 Steps to become a Pragmatic CSO is worth reading for one sentence on page 12 which states: It's not about technology — it's about business. The even better news is that the book is full of insightful ideas like that, on how information should work, and how to make it work in today's large enterprise organizations. One of the mistakes many security professionals make is that they think of security for its own sake, when security is simply meant to support the business. CxO's could care less about encryption key lengths and operating systems. While they don't care about the technical details, the people from information security often mistakenly communicate to them in those terms." Keep reading for the rest of Ben's review. The Pragmatic CSO: 12 Steps to become a Pragmatic CSO author Mike Rothman pages 235 publisher Security Incite rating 9 reviewer Ben Rothke ISBN None - self published summary Pragmatic, insightful and valuable looking into making security work The book notes that there are three main causes to the poor state that information security finds itself in today in far too many organizations: Security is viewed as a technical function - Security staff are often part of the technical teams, but not members of the management team. The bad guys are getting better - In years past, attackers would get your attention by playing music in the background as their virus infected your workstation. Today's attacks are built around stealth techniques. Attackers do their best to hide from your IDS, and often easily do so. Auditors are tougher- Both internal and external auditors are finally getting the power they deserve. The days of having them rubber stamp the audit are slowly coming to a close. The Pragmatic CSO:12 Steps to become a Pragmatic CSO details a 12-step program, which is a structured program on which to build a strong information security program. The book goes through those steps as a way to keep you, as the CSO, focused on the goal. That goal is to demonstrate the value of information security management and the level of security to the internal and external auditors.

The books 4 sections and 12 steps are structured similarly, beginning with what you will learn in the specific step, a dialogue-based introduction akin to an AA (Alcoholics Anonymous) session, and an action plan for each step. Personally, I found the AA dialogues a bit cheesy, and by step 6, found them a bit annoying. Aside from that issue, the book is a highly valuable guide in which a new CSO can use to directly assist them in their job. A new CSO is recommended to use the guide in their first 100 days in office. Such an approach can spell the difference between success and failure.

As its title implies, the book is all bout being pragmatic. This practical approach is needed, as step 2 notes that it is hard for many security professionals to get beyond the typical vulnerability-centric definition of success. It is not about how many vulnerabilities are found, rather the pragmatic way in which their are handled.

Part of this pragmatic approach is being realistic of the state of security in your origination. Step 7 underscores this when it shows how a CSO should never underestimate to things : the ability of the bad guys to make you look bad, and the ability of users to do something really stupid. The preceding is just one example of many where the book shows the reader what security is like in the real-world, as opposed to the often described pristine cryptographic world of security when Alice and Bob are involved.

Perhaps the most important point the book makes is that pragmatic CSO's have no religion when it comes to security and technology, besides doing the right thing for their business and protecting their assets. Far too many people in security and technology turn technology choices into religious wars, most of which center around Windows, Linux, Cisco and Juniper.

Step 11 details metrics and benchmarks and has a number of constructive questions in which to benchmark against. The areas of questions include effectiveness, awareness, attitude and financial. This is needed as metrics and benchmarking are needed to measure how you and your security team are doing, and to identify areas in need of improvement. Benchmarking can also point out areas which your organization differs from the norm. While that is not necessarily a bad thing, it is necessary to know when to follow so-called best practices, or whether to do what is specifically right for your organization.

The Pragmatic CSO:12 Steps to become a Pragmatic CSO is a most valuable book in that it provides fresh, real-world advice, as opposed to generics rehashed best practices. Author Mike Rothman's premise is that today's CSO's need to act more like business people in order to thrive. With firms laying-off back-office technology staff by the thousands, having this front-office approach is not only timely, it may just save your job.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Angostura writes "Amazon has provided a decent write-up of the problems that caused its S3 storage service to fail for around 8 hours last Sunday. It providers a timeline of events, the immediate action take to fix it (they pulled the big red switch) and what the company is doing to prevent re-occurrence. In summary: A random bit got flipped in one of the server state messages that the S3 machines continuously pass back and forth. There was no checksum on these messages, and the erroneous information was propagated across the cloud, causing so much inter-server chatter that no customer work got done."

Anita Kuno writes "JavaScript: The Good Parts is about the good parts of JavaScript and how to use them. This book takes a realistic look at the strengths and weaknesses of JavaScript and tells you how to use it to its best advantage. The code samples deal with the language and its merits — creating web pages is not discussed. How to understand the language, to execute the operations you want, is the focus of the book, not how to make rounded corners. The author, Douglas Crockford says, 'My microwave oven has tons of features, but the only ones I use are cook and the clock. And setting the clock is a struggle. We cope with the complexity of feature-driven design by finding and sticking with the good parts.'" Keep reading for the rest of Anita's review. JavaScript: The Good Parts author Douglas Crockford pages 153 pages includes the index publisher O'Reilly Media Inc. rating 8 reviewer Anita Kuno ISBN 9780596517748 summary The Good Parts of JavaScript. Intended for those familiar with object-oriented programming, who understand inheritance, functions, variables, arrays, and enumeration, it identifies its audience as programmers new to JavaScript as well as those with some familiarity who wish to improve their interaction with the language. People who want to have a good relationship with JavaScript and those who wish to improve the relationship they have will find it most useful. There are lots of books and tutorials that deal with JavaScript but this approaches the language from the point of view of a survivalist.

I expect this little field guide to retain its usefulness for many years. As Brendan Eich, the creator of JavaScript, states on his blog, "What was needed was a convincing proof of concept, AKA a demo. That, I delivered, and in too-short order it was a fait accompli." JavaScript was a mock up that got a stamp of approval. His first draft became the language. I find that rather shocking. But Brendan alludes in his blog to the idea that there were many other considerations in play at the time, so the story-boarded code got the go-ahead. Crockford's book fills a niche for users explaining how to code with JavaScript and be a better programmer because of the experience.

Douglas Crockford writes in a relaxed, conversational style establishing a connection with the reader that continues through the book's contents (all 100 pages) and the five appendixes ( 50 pages total for the appendixes). I read the book in an evening-away-from-the-screen kind of mood and only followed one piece of code as outlined in the book. The book is approachable with a cursory acknowledgment of the code and it is also informative with a detailed examination of said code.

Special mention goes to Chapter 7: Regular Expressions. There are some topics which are so complex that other authors either skip over them, or use so much jargon as to render the effort useless. Douglas Crockford gives a guided tour of a regular expression designed to parse a url and it is intelligible and informative. He identifies the shortcut he uses in his regular expression code and acknowledges the risks he accepts by using it. I found his twelve and a half pages on regular expressions gave me a reasonable introduction to the subject.

He uses quotes from Shakespeare as an icebreaker for each chapter and appendix. The book contains code snippets and some recipes for adding your own functions and methods which Douglas feels should have been in the language and aren't. This I find to be a very interesting feature of the book. Like the staples for a good kitchen: ganache, bechamel, mirepoix; Crockford identifies the staples of a scripting language and gives the reader the recipes for the features that JavaScript doesn't have; .integer, .trim, and .curry (which allows the creation of a new function by combining a function and an argument).

One of the things that is missing from this book is the DOM (the Document Object Model). I couldn't be happier about that. Every other reference I have approached mashes JavaScript to the DOM so fast that as a newcomer to the language I thought that aspects of the DOM were properties of JavaScript. Douglas Crockford has an episode on Yahoo! Video talking about that very topic and it was a breath of fresh air for deciphering JavaScript. By the way, the amount of characters, in the above sentences about the DOM, is about the quantity of characters dedicated to the topic in JavaScript: The Good Parts. For me, this is a plus.

The author states that the necessary equipment for writing JavaScript programs is a browser and a text editor. Since both are readily available in a variety of flavors and styles, I am fairly confident that every programmer wanting to learn about the good parts of JavaScript can do so.

My previous attempts to learn JavaScript had not gone well and I didn't have an understanding about why the topic was proving so confusing for me. Knowing the history of the language and the environment at its birth, I now have a better appreciation for the abilities of this language as well as a higher level of acceptance for its quirks. I understand now why I should use "var" when assigning a variable, and also why it is a good idea to conclude the line containing "return" that is followed by a block, with the left curly brace that begins the block. I didn't have the patience to accept these idiosyncrasies before and now that I know the history of JavaScript, I can see why it is a good idea to use Crockford's suggestions as a consistent coding style.

Charles Jolley suggested that I read JavaScript: The Good Parts as a basis for learning JavaScript. His tag line was: "I read it in three hours." Now, that may be an inappropriate reason for reading a book, but after spending hours and hours with various media trying to understand JavaScript, three hours seemed like a reasonable investment of time. (It took me a little longer reading at home with the occasional interruption but I still did my first pass in an evening.) The author wrote the book as an enumerable (the recipient of an action one or more times) with each reading revealing layers of understanding.

In the appendixes, there is an appendix entitled "Awful Parts" and one entitled "Bad Parts". Global variables head the list in "Awful Parts". There are discussions throughout the book about why to avoid JavaScript's default to global variables and how to do this in your coding style. The explanation, of why global variables should be avoided in JavaScript, is detailed in the "Awful Parts" appendix. Also making an appearance in "Awful Parts": scope, semicolon insertion, and reserved words. The "Bad Parts" appendix includes: == (double equal sign) which can be evaluated unpredictably depending on the circumstances, "with" which can also have unpredictable results, and "eval" which passes a string to the JavaScript compiler and executes the result. "eval" slows the result when compilation isn't required and can also compromise the security of your application. But what about its use in JSON you ask? Crockford suggests using the JSON.parse method instead of "eval". The file which creates the JSON object with the parse method can be found here. If this is of interest to you, I suggest you check the link and access the book to hear it from Crockford directly.

I find Douglas Crockford's perspective on JavaScript in JavaScript: The Good Parts to be useful in my own relationship with JavaScript. His style is accessible and intelligent.

You can purchase JavaScript: The Good Parts from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Chromodromic writes "Apress's newest Django offering, Practical Django Projects by James Bennett, weighs in lightly at 224 pages of actual tutorial content, but trust me, they're dense pages. Filled with pragmatic examples which directly address the kinds of development issues you will encounter when first starting out with Django, this book makes an important addition to the aspiring Django developer's reference shelf. In particular, the book's emphasis on demonstrating best practices while building complete projects does an excellent job of accelerating an understanding of Django's most powerful features — in a realistic, pragmatic setting — and which a developer will be able to leverage in very short order." Read below for the rest of Greg's review. Practical Django Projects author James Bennett pages 256 publisher Apress rating 8/10 reviewer Greg McClure ISBN 1-59059-996-9 summary A practical introduction to the Pythonic Django web framework. This book serves an important function by providing progressive, useful examples of Django's role in the development of realistic projects. During the course of the tutorial you build three basic apps: A simple brochureware-oriented CMS, a complete blogging system (with Akismet spam protection and RSS feeds, among other features), and a social code-sharing site similar to that found at djangosnippets.org (with account signups, syntax highlighting via pygments, and bookmarking features — the whole enchilada). You may or may not find these projects immediately relevant to your work or goals, but the projects themselves are really just platforms for delving into Django's nooks and general philosophy. It's an important point to make about the book especially, because though Django itself provides potent facilities for creating reusable code while preserving a high degree of flexibility, "magic" is kept to a minimum compared to some other popular frameworks. It follows that maximizing your knowledge of Django's inner workings through familiar paradigms is critical to making the framework perform to your best advantage. The book excels at accomplishing this goal.

Along these lines, a lot of territory is covered in a short span. You're introduced to a couple of Django's contrib apps — code which comes with a normal Django installation and which cleanly plugs into your own application while remaining extremely customizable. After being ushered through a straightforward installation and database configuration, your first exposure to development is through the contrib app most frequently lauded in the Djangoverse, Django's deservedly well known admin system. But immediately, emphasis is shifted from the basic features of the system to the ways it can be customized. This approach of introducing a feature and then modifying or extending it is repeated immediately with Django's Flatpages contrib app, a very basic CMS which, again, comes with Django and installs with a single line of code and one command.

By the time you've finished the third chapter, you've built the foundation of a typical brochureware site, complete with a working search system and a completely functional customized admin with which you may modify your content using a javascript-based HTML editor (TinyMCE). Pretty impressive for 41 fast-moving pages.

The strongest feature of the book, though, is not the speed or facility with which features are presented, but rather the way these features are always demonstrated with a mind to Django's strongest argument: how easy it is to create reusable code, once you understand the framework's approach. As you move through the next four chapters of building the blogging system, the establish-modify-extend technique of presentation does a good job of working you through various standard Django features — generic views (a very important concept which is illuminated nicely), code organization, ORM techniques, template inheritance, and so forth — and you're smoothly shown the ways by which you will be able to incorporate much of the code you write into your future work. As you begin your last project, the code-sharing app, you've gotten an overview of both coding and workflow techniques which work best with Django. The final chapters reinforce everything you've learned while still introducing new material on library integration, form handling and the newforms library, and code distribution.

The overall approach is very effective, though I found I had to trust the tutorial a little at first in order to get the most out of it. The projects initially seemed somewhat vanilla, so it wasn't until I really focused on the organization of the material that I discovered the book's strengths. Now I wish I'd had this book years ago.

Issues? I had only one, really. The material presents itself as a tutorial suitable for those who are just starting out with Python. For example, near the beginning of the material the def keywork is pointed out as the way Python functions are declared, and similar kinds of notes and comments pepper the tutorial, somewhat unevenly, as well. While I appreciate the impulse to make the material as accessible as possible, I'm skeptical of the book's role as truly introductory at that level, although I could see some experienced developers, especially those coming from other languages, benefiting from these quick notes. But my feeling in general would be that if you're so new to Python that the def keyword is a revelation, you might be better off starting elsewhere before you dive into Django.

This is a minor point, though, and if you're willing to give the material the time, you'll appreciate what Django has to offer more and more with every page. The book maintains a brisk pace which I truly appreciated. And if you've struggled with Django in the past, or you've wanted to learn more about what to do beyond getting the admin running, "Practical Django Projects" is an excellent foundation for your Django education. I absolutely recommend this as the Django book I've found to be, by far, the most useful.

You can purchase Practical Django Projects from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alexander Rose writes "Neal Stephenson's new novel, ANATHEM, germinated in 01999 when Danny Hillis asked him and several other contributors to sketch out their ideas of what the Millennium Clock might look like. Stephenson tossed off a quick sketch and promptly forgot about it. Five years later however, when he was between projects, the idea came back to him, and he began to explore the possibility of building a novel around it. ANATHEM is the result, and will be released on September 9th, 02008." Read Rose's complete posting for more information about the release of the book, which he describes as set "in a genre bending alt-future-retro world where mechani-punk technology meets space opera in a blend of the best of Snow Crash and the Baroque Cycle."

Michael J. Ross writes "Many Web developers wish to create e-commerce sites that also support collaborative editing of content, community forums, and other features that can increase traffic to the sites. But most shopping cart products do not include those capabilities, or, if such third-party add-ons exist, they may be quite limited in functionality. Similarly, most if not all content management systems (CMSs) lack native e-commerce capabilities. Yet that barrier is being overcome, because a handful of e-commerce modules have been created for the most popular CMSs. Perhaps the most promising pairing, at this time, is Drupal and the e-Commerce module — a combination covered in the book Selling Online with Drupal e-Commerce by Michael Peacock." Keep reading for the rest of Michael's review. Selling Online with Drupal e-Commerce author Michael Peacock pages 264 publisher Packt Publishing rating 7/10 reviewer Michael J. Ross ISBN 1847194060 summary A thorough guide to the Drupal e-Commerce This title was published by Packt Publishing on 31 March 2008, under the ISBNs 1847194060 and 978-1847194060, and is a recent addition to their growing lineup of books focusing on Drupal and Joomla. The firm hosts the book's Web page, where readers can download the sample code, submit feedback, post a question about the book, read an online excerpt, and download a sample chapter (number 8) on "Creating a Better Selling Experience," as a PDF file. In addition, readers can purchase the handy e-book version, which contains everything found in the print version.

The first chapter serves as an introduction to Drupal and the e-Commerce module, and also explains how to download the two of them, as well as the additional module (Token) upon which the latter depends. The author explains the purpose of each area within Drupal's "Site configuration" section, and what changes the reader should make, if any. Also, he provides the background story for the sample e-commerce Web site that is built throughout the book — in this case, a dinosaur model shop. It should be noted that the diagram on page 6 does an effective job of explaining the basic idea of how a CMS works (better than the similar figures seen in other CMS books), and it is followed by an explanation of what e-commerce is. However, it is doubtful that any developer who purchased this book would need to be told what are CMSs and e-commerce.

In the second chapter, the author briefly reviews the steps for adding content and navigation to a Drupal-powered site, by adding pages and menus, respectively. Also, some additional modules are enabled, for creating a contact form and a blog, for the sample site. Up to this point in the book, readers will have become accustomed to the author explicitly guiding them through the steps necessary for creating the sample site. Thus it may come as a surprise to such readers when they see the second figure on page 40, showing the navigation menu, including new sections for dinosaurs and the museum, and a link to a contact page. The two new sections were briefly mentioned three pages earlier, but the steps for creating them were not; the steps for adding the contact page link were apparently not mentioned anywhere. However, any experienced Drupal developer should have no difficulty figuring out how to add these navigation menu items.

With the third chapter, the book shifts focus from Drupal basics to implementing an e-commerce site. Aspects of running an online business — such as site accessibility laws, legal issues, and privacy laws — are mentioned, though readers outside of the United Kingdom will most likely not be pleased by the UK-centricity of the material. Other topics covered include product types, groupings, details, photos, and advertising, as well as customer service.

In Chapter 4, readers learn about the e-Commerce product types and their corresponding modules, and how to add products to the store catalog — including specialized types of products, such as apparel, services, and bundled products ("parcels"). Chapter 5 briefly covers users, rules, permissions, settings, rules, registration, e-mail messages to users, users' pictures, taxonomy, requiring registration, customer management, user orders, contacting users, and adding your business's staff to your site. It also touches upon taxonomy and how to use it for controlling user access to content. But the author fails to explain why this is needed for the online store. Providing such a rationale up front is especially important when asking readers to work their way through potentially daunting subjects such as taxonomy, and implementing them in their own test sites, if they are following what the author is doing.

The sixth chapter begins with an unneeded review of the themes built into Drupal version 5.x, with even more space taken up describing three red-based color schemes. This is followed by a discussion of how to modify whichever of those themes is enabled, and, very briefly, how to create a new theme. In this chapter and many others, the author frequently reminds us that the hypothetical client, Doug of Doug's Dinos, is "really pleased" with the "great looking site." Readers can judge for themselves just how great is the site's design. Admittedly, in a book such as this that does not focus on Web design, a sample site can be quite basic. But the constant praise is unwarranted.

Allowing customer checkout and payment are critical to any e-commerce site, and those topics are explored in Chapter 7. The topic coverage is fairly complete, though occasionally the author does not make clear where in the Drupal administration section the reader will find the particular topic under discussion, e.g., the global anonymous purchase policy. Chapter 8 offers a lot of valuable information, including how to: add shopping cart and search elements to every page, automatically create user accounts, add images to product listings, offer discounts based on customer role, provide coupons, allow bulk purchasing, set up auction and donation products, and automatically adjust charge prices based on various conditions.

Chapter 9 delves into the particulars of calculating taxes and shipping costs, as well as accepting payments through various gateways, including PayPal, which is explored in detail. The only part that will be misleading to readers, is the claim that PayPal's IPN "pings" your server for each customer transaction. Actually, their server does not ping yours, but instead posts transaction data that you can use for updating your online database.

Chapter 10 presents a number of modules and techniques for making an e-commerce site more secure, and also covers domain name, Web hosting, and site maintenance issues. The security modules discussed are definitely worth considering. Some readers may be confused by the Backups section of cPanel mentioned by the author, since not all cPanel installations offer it.

The last two chapters of the book address invoicing, CRM, and marketing one's site. The discussions of search engine optimization, viral marketing, newsletters, etc., are quite cursory, and readers interested in those topics would fare better by consulting books, online articles, and other resources that are much more thorough. The chapter's topic that will probably be of most value to e-commerce developers, is the demonstration of how to significantly customize the layout of invoices, using CSS. The book's sole appendix explains how to install WampServer.

All the chapters conclude with brief summaries, which, without exception, are a waste of space — especially considering the brevity of most of the chapters. The old oratory principle of "tell them what you're going to tell them; tell them; tell them what you told them" may be terrific for speeches, but not for books. That is primarily because someone in an audience listening to a live speech does not have the luxury of looking into the past to hear a portion of the speech again, nor of looking into the future to anticipate what the speaker will say next. Readers of books, on the other hand, can of course jump backward and forward quickly to review or preview material, as needed.

The quality of the book's writing is noticeably weak, with countless awkward phrases and run-on sentences. Some are downright puzzling, e.g., "Thanks for your custom!" (page 125); did the author mean "order?" Throughout the book, one finds a remarkable underuse of commas, frequent mixing up of "that" and "which," misplacement of commas and parentheses, misuse of commas in place of semicolons and even periods (e.g., page 124), semicolons in place of colons, and missing hyphens from adjective phrases. Most noticeable — and at times laughable — is the excessive use of exclamation marks, reflecting a common misconception that they jazz up otherwise dull material. For example, page 49 contains three completely unnecessary exclamation marks, not counting the two contained within a customer testimonial. In addition, the book contains several errata, such as: "loose" (should read "lose"; pages 8 and 195), "leads customers" (should read "leads to customers"; page 57), "products" (should read "product's"; page 62), "customers' role" (should read "customers' roles"; page 88), "to mentioned" (should read "to mention"; page 131), "its does" (page 159), "If a more" (should read "If more"; page 202), "businesses" (should read "business's"; page 221), and many more.

An additional blemish of the book, albeit minor, is that there is little consistency in how the author describes to the reader the navigation steps for going to a particular area of Drupal administration. Sometimes he presents a breadcrumb-style menu path, starting with the highest level menu item. (The majority of readers would probably find this to be the most logical format.) On other occasions, he reverses the order and describes it narratively. Least useful is his listing of the URL, such as "http://localhost/drupal-5.7/admin/users/roles," which may not even match the Drupal root URL that the reader has set up in their development environment.

Despite the aforementioned problems, Selling Online with Drupal e-Commerce is a welcome addition to the growing list of more specialized Drupal titles, and is currently the premier resource for anyone who wishes to use Drupal and the e-Commerce module for creating a virtual store.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Selling Online with Drupal e-Commerce from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cgjherr writes "There are management insights to be learned from Steve Jobs? You're nuts. The only things you can learn from Jobs is how to drive people nuts. Or at least, that's what I thought up until I read 'Inside Steve's Brain.' Turns out, there are things to learn from Steve's obsessive perfectionism. Certainly I wouldn't copy every aspect of Jobs' management style. Doing that will likely get you fired, or at least reprimanded, in most companies. But there is some stuff to be learned from how Jobs designs products and analyses the market, and that's the view that Leander Kahney gives us access to." Keep reading for the rest of Jack's review. Inside Steve's Brain author Leander Kahney pages 304 publisher Portfolio rating 10 reviewer Jack Herrington ISBN 1591841984 summary A look inside Steve Jobs' management style at Apple and Pixar Chapter one covers in some detail Jobs and his relationship with Apple, both before he left and after he came back. He talks about exactly what steps Steve took to revive the company and restore the morale of the employees. As with all of the chapters it ends with a summary of what Leander thinks are the takeaways from each of the anecdotes.

Chapters two and three; Despotism and Perfectionism, talk about the two traits that most often associated with Steve. In Despotism Leander offers some stories about just how in control Steve is of every aspect of development at Apple. And Perfectionism, well, that's self explanatory. Though you'll probably find some things you don't know about exactly where Jobs gets his design and style influences.

Chapter four and five, Elitism and Passion, dig into how Jobs cultivates that magical Apple touch. He works his people inside the company and inculcates a sense of pride and perfectionism in the Apple brand. And he works the customer base through innovative advertising that promotes the ideals and the brand, even when the product was inferior when he first took over. In the short Passion chapter Leander talks about how he builds a wider sense of world changing responsibility in the company and through his products.

The sixth chapter, Inventive Spirit, cite several examples of how Jobs used his relentless management style to refine products, and most interestingly the Apple Store. He went so far as to develop a prototype store in warehouse at the edge of the Apple campus, and how he was willing to completely scrap the design of the store when it wasn't exactly right, costing him months of time.

The seventh chapter provides a complete case study on the development of the iPod and Jobs' role in that effort. It's intriguing to see how, while there had been MP3 players in the market already, Steve and his team were able to stand back and look at the larger picture of the iPod in it's complete product ecology.

The final chapter, the Whole Widget, covers what I think is the most important lesson to be learned from Apple; that they take care of the entire product cycle. Where other vendors take care of just one piece, the hardware, the software, the network, Apple takes care of everything. If there is a problem with an Apple product you take it to the Apple store and they fix it.

Leander Kahney is the same guy who wrote "The Cult of Mac" and "The Cult of iPod". He knows his way around Apple. He has a clear grasp of the history of Apple in the large and the evolution of their key products. His insights prove that he also has good working relationship with some of the people on the ground in Apple.

There are certainly some interesting anecdotes about Steve in this book. But it would be a mistake to look at the book as just some psychoanalysis of one man. Steve doesn't make all of the products himself. The developer and designers at Apple do. It's the culture of the company that Jobs' controls, but the people who work there are motivated by it and produce within it. What you really learn here is just how passionate these folks are about finely tuning everything about their products, their services, the whole deal. It's inspiring.

You can purchase Inside Steve's Brain from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

lamaditx writes "There is a good chance that you have heard about "Web 2.0" — the buzz-word coined by Tim O'Reilly in 2005. You will find several reviews of books about this topic on Slashdot. These cover mainly technical aspects of implementation whereas this book introduces the strategical thinking behind the whole Web 2.0 movement... Web 2.0 is so much more than the technology.' The table of contents is available from O'Reilly, together with a chapter preview. The book does not come with any extras but includes the usual free 45 days access to the book on Safari. When reading a book I usually flip through it quickly to get an impression for it, in this case there are three things which I noted right away." Keep reading for the rest of Adrian's review. Web 2.0: A Strategy Guide author Amy Shuen and Simon St. Laurent (editor) pages 266 publisher O'Reilly Media , Inc. rating 10 reviewer Adrian Lambeck ISBN 978-0-596-52996-3 summary Business thinking and strategies behind successful Web 2.0 implementations First, I was drawn by the the foreword by Tim O'Reilly. Since I have read his article about Web 2.0 back then I came to the conclusion that the strategy guide is a kind of successor. The next think I was looking at is information about the author. Amy Shuen concentrates on business models and teaches entrepreneurship, strategy, and venture finance on major business schools around the world. Amy is currently a Professor of Management Practice at the "China Europe International Business School" (CEIBS).

Secondly I noticed that there are a lot of footnotes on every page which reference other publications that fit the current topic. This is perfect if you want to drill into the details about a specific issue or lack some background knowledge.

The last thing I notice are the really big "End Notes" which spread across 40 pages and the bibliography which consists of 22 pages. This means that around a quarter of the book is additional information. I am pretty sure this fact is due to the academic roots of Amy Shuen and I think it is appropriate for this kind of guide. Actually this is what I expect from a guide — it should guide me through the topic and summarize the overall picture.

After flipping through the book I started reading it — and couldn't stop. I had to travel to Munich the other day — I boarded the plane with nothing else but the book and my boarding pass. I received the book on Thursday and finished reading it on Saturday.

Reading this book is fun for several reasons. I hate authors that put graphics into their books and don't provide you with additional information. That is not the case in this book, all the graphics are easily read (the only exception is a picture on page 5). Most graphics, functions, and screenshots are self explanatory. From my own experience I know it is not easy to find the right mixture between too much detail and too little.

Another important point are the numerous case studies in every chapter. Of course they do not include all information and details but they emphasize the theoretical point and provide you with a good feeling about the business case. Reading these kind of "historical" stories also adds some life to the book. Even though I have written a paper about Google's Page Rank algorithm and therefore a rough understanding of it, I learned many details about the competition between Google and GoTo (later known as Overture) that I did not know. It also teaches you that the effortless looking success of a company like Google involved tough times in the past. Running the Web 2.0 track is not always that easy as it looks like.

Talking about the big names: This book is interesting for anybody involved in a Web 2.0 (or escaping Web 1.0 ;-) ) environment no matter if you are working in a big, small, or start-up company. Amy stresses this point several times as she points out "Your business probably isn't Facebook, LinkedIn, or even something that looks much like them".

So how are you be able to transfer the knowledge you gained from the book to your own Web 2.0 concept? Amy to the rescue. Each chapter ends with a "Lessons Learned" section to summarize the most important points. After that she provides you with a section "Questions to Ask" which cover strategic and tactical issues with these tools at hand. The last chapter will also support you to "apply Web 2.0 strategic thinking to your business". Maybe you are writing a business plan or a project proposal to get your idea started. The last chapter will help.

In the end I would like to talk about the rating I am assigning to this book. I rated it as 10 which means it is "excellent" or one might call it a "classic work". I have not talked much about the content of the book because I did not want to provide you with a plain summary. I expect this book to become one of the "must-read" in business as well as technical classes since more and more business models will evolve in a Web 2.0 environment. Another reason is the well explained and easy to read writing style. Technical terminology is kept to a minimum thus not requiring a lot of prior knowledge.

Adrian Lambeck is a master student in "Information and Media Technologies" in Germany and thinks about starting his own (Web 2.0 ?) business.

You can purchase Web 2.0: A Strategy Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "For computer programmers who do not have a solid understanding of object-oriented programming (OOP), learning the C# programming language can be rather challenging, even if they have experience with C or C++, which at least would give them a head start over non-C programmers. Any developer in this situation may well want to begin the learning process with a book that aims to teach both OOP and C# in as gentle a manner as possible, with plenty of patient explanations and illustrative diagrams — such as those found in the book Head First C# by Andrew Stellman and Jennifer Greene." Read below for the rest of Michael's review. Head First C# author Andrew Stellman and Jennifer Greene pages 778 publisher O'Reilly Media rating 7/10 reviewer Michael J. Ross with Greg Hanson ISBN 0596514824 summary A heavily illustrated intro to object-oriented programming and C# Published by O'Reilly Media on 26 November 2007, under the ISBNs 0596514824 and 978-0596514822, Head First C# is one in a series of "Brain-Friendly Guides." The introduction to this particular book discusses how the series attempts to present the concepts and technical material in a way that is far more intellectually compelling and memorable than the approach currently taken by most books. Some of their guiding principles include: making things visual, oftentimes using novel and even outlandish diagrams; using a casual and conversational style; engaging the reader through exercises and questions; and spicing up the discussions with humor.

On the book's Web page, readers will find links to download the book's sample code, participate in a forum dedicated to the book, register their copy of the book, read and submit any errata (of which there are many), and submit a reader review and read those of other readers.

The book's material is organized into 15 chapters, covering the topics in a progressive order that would probably be most helpful for the inexperienced developer: the advantages to programming visual applications in C# and the Microsoft Visual Studio integrated development environment (IDE); building a simple application to get started; the C# code produced by Visual Studio; basic C# language constructs; an introduction to objects and their components; data types, including arrays and references, and how C# allows you to work with them; protecting an object's data from unintended access, through encapsulation; extending classes through inheritance and subclasses; finding and using class interfaces, and the advantages of doing so; storing data in arrays, lists, and dictionaries; saving data in files and directories, as well as working with file streams and serialization; exceptions and debugging techniques; event handling; how to build complex applications; creating user interfaces with controls and graphics; object destruction and garbage collection; and connecting your C# programs to databases using LINQ. Interspersed throughout the book are three C# labs, which encourage the reader to put into practice their new programming skills, and thus better internalize the ideas of OOP and C# covered in the chapters preceding each lab. The lab applications comprise a racetrack simulator, a simple adventure game, and a re-creation of Space Invaders.

When they see this book for the first time, some prospective readers may be overwhelmed by its size, clocking in at 778 pages. Yet a sizable portion of those pages will read faster than those of the typical programming book, largely due to all of the diagrams and whitespace, which really help to break up the material and make it more digestible. However, what many might perceive to be a strength of the book, could be seen as a weakness by others. In fact, if the unnecessary diagrams and redundant material were to be removed from the book, it might end up only half its current size. But this may only be a deterrent for people who are carrying this book around, or who tend to be impatient and wish to get right to the point of any book they are reading, or who may be upset by the extra trees chopped down to double the number of pages (the book does not appear to have been printed on recycled paper).

Despite Head First C# being clearly intended as an introductory book to object-oriented programming in general, and C# in particular, the target audience especially may be frustrated by all of the errata and other sources of confusion that they will encounter. This is especially true when readers are doing their best to implement all of the sample applications, and struggling when, for instance, the code does not match the figure provided, or even the code on another page. For example, on page 50, the authors instruct the reader to drag a new PictureBox onto a new form, but readers will probably struggle to figure out where to drag it from. On page 105, the authors instruct the reader to flip back and look through the code, to fill in some class diagrams, but they don't clarify what code should be considered. Readers' comments on the online bookseller sites, list far more similar problems. In fact, that there are so many technical errors in this book is quite remarkable given that the technical review team comprised no fewer than 14 individuals! How could so many eyeballs miss so much?

The authors make a real point of reviewing material explained earlier, which generally is an effective approach for this type of book. But the repetition sometimes becomes excessive — enough to annoy even the greenest novice. For example, on page 445, we find the question: "Okay, I still don't get it. Sorry. Why are there so many different kinds of exceptions, again?"

On the other hand, the book has some real strengths, including those mentioned above for making the material more approachable. In particular, when the reader becomes accustomed to the visual style of presenting concepts, he or she will probably find it a faster approach to learning the ideas. Admittedly, veteran developers may still prefer the more narrative style of conventional programming books — especially when they encounter rather convoluted diagrams, such as that on page 292. Yet the illustrations are particularly potent for explaining interfaces, as done in Chapter 7.

Although the book will be of most value to newer programmers, experienced C# programmers will find topics of interest and perhaps even some language details and analysis that they have never previously encountered. For instance, some of the questions posed in the sections titled "there are no Dumb Questions," could be valuable — such as the comparison of File versus FileInfo, and when to use one over the other. Also, some of the utilities could help the reader for future development, such as the hex dumper program on page 432.

Sadly, Head First C# is weighed down by excessive redundancy and an errata-to-number-of-technical-reviewers ratio possibly unequaled by any other programming book. Yet, for any programmer new to object orientation and C#, this introductory book should prove an extremely comprehensible and reader-friendly resource.

Michael J. Ross is a Web developer, writer, and freelance editor. Contributor Greg Hanson is a C# programmer in Fort Collins, Colorado.

You can purchase Head First C# from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "Dungeons and Desktops: The History of Computer Role-playing Games chronicles the rise and fall of the Computer RPG industry, from Akalabeth to Zelda and everything in between. While the bulk of the book is devoted to the genre's 'Golden Age' in the late '80s and early '90s, author Matt Barton explores the entire history of CRPGs, from their origins in the mid '70s to the very recent past. While not entirely comprehensive, the book covers not only the major players and award-winners, but also dozens of obscure 'also-ran' as well as notable games in related genres." Keep reading for the rest of Michael's review. Dungeons and Desktops: The History of Computer Role-playing author Matt Barton pages 451 publisher A.K. Peters Ltd rating 7 reviewer Michael Fiegel ISBN 978-1-56881-411-7 summary A detailed history of CRPGs Barton first defines the genre, insofar as one is able to do so, explaining that a CRPG generally includes elements such as: a system of statistics to track characters (ability scores and skills); the ability to advance characters via experience points; and randomized combat. Barton further attempts to define the genre by comparing CRPGs to what they are not, including JRPGs (Final Fantasy), MMORPGs (World of Warcraft), Adventure Games (Zork), and Strategy Games (Warcraft). A bit later, he explores the origins of the CRPG, listing Baseball Simulation Games (such as Strat-O-Matic), Tabletop wargames (Chainmail), Tolkien, Colossal Cave Adventure, and (of course) Dungeons & Dragons as having had an impact on the creation and evolution of the genre.

The next nine chapters of the book are devoted to the history of the CRPG, which Barton breaks down into six phases, somewhat akin to Hesiod's Five Ages.

The Dark Age covers the period of time from 1974 through the end of the decade, and includes PLATO and Mainframe games such as pedit, Dungeon, dnd and DND (not to be confused with each other, or with D&D or D&D), Oubliette, Moria, Avatar and Orthanc. Also included here, somewhat out of chronological order, are a discussion of Rogue and Rougelikes (Hack, Moria and Angband) and MUDs all the way through to 1989's TinyMUD. The Bronze Age of the CRPG begins in 1979 with the publication of Lord British's Akalabeth: World of Doom (which would go on to sell thousands of copies, making it the first commercially successful CRPG, if not exactly the first) and includes a host of obscure titles, including Wizards Castle, Eamon, Space and Empire, The Tarturian, Odyssey: The Complete Apventure, and Dunjonquest: Temple of Apshai. In 1983, Bronze turns to Silver with the appearance of the Ultima and WIzardry trilogies, games which truly began to lay the groundwork for all that came after. Also mentioned in this chapter are less well-known games such as Sword of Fargoal, Dungeons of Daggorath, Tunnels of Doom, Ali Baba and the Forty Thieves, and Universe.

The Golden Age dawns in 1985, bringing with it the refinement of prior ideas and the perfection of the genre's underlying systems. Barton divides coverage of this age into three chapters. The first covers the Early Golden Age, beginning with the console crash of 1983 and ending with the arrival of the NES in 1985. The CRPG market survived the crash rather unscathed, and in fact flourished thanks to games such as Phantasie, The Wizard's Crown, Ultima IV, and Autoduel. Most notable of all, of course, was 1985's The Bard's Tale, which spawned two sequels (three, if you count 2004's "spiritual sequel" starring Carey Elwes), both of which also receive some attention here.

It is here where the book's structure begins to drift a bit. By Barton's own admission, progress in the CRPG industry is "neither linear nor orderly," and in fact the attempt to align CRPG titles, trilogies and series along a single timeline almost necessarily breaks down. The Bard's Tale trilogy seems as if it would more properly be discussed in the next chapter (The Golden Age Part I). Instead, Barton calls it "The Dawn of the Golden Age" and places it about a third of the way into the "Early Golden Age" chapter, where it somewhat loses some of its impact. Further confusion surrounds the inclusion here of Might and Magic Book I: Secrets of the Inner Sanctum; published in 1986, it is not only followed by a discussion of Alternate Reality: The City (published in 1985), but is preceded by a lengthy discussion of several games which came after it, including The Magic Candle (1989) and Bloodstone (1993). While the author has thematic reasons for covering these games here, one wonders if a strict chronological order would have served better. Even Barton seems a bit off track when he invites the reader to "turn to the second half of the Golden Age," which runs from 1987 to 1993 (for those not keeping track, the first "half" only ran from 1983 to 1985). I don't mean to nitpick over throwaway segue lines, but in a book with a historical focus, the time-shifting is just a bit disconcerting.

Regardless, "The Golden Age Part I" covers the period of time that many consider to be the era of the CRPG, when companies like SSI, Origin, Interplay, and New World Computing dominated not just the CRPG industry, but the computer game industry as a whole. Ample coverage is justifiably given to SSI's Gold Box games, including Pool of Radiance, Curse of the Azure Bonds, Secret of the Silver Blades, and Pools of Darkness. Somewhat curious (to me) is the omission here of any discussion of AD&D Second Edition, which was released in 1989 and officially introduced the concept of THAC0 (which appeared in Pool of Radiance). Other titles covered in this lengthy chapter include: SSI's Krynn trilogy and Savage Frontier games; the original Neverwinter Nights on AOL; Ultima V, VI and VII; Wizardry VI and VII; Might and Magic II, III and so on; Neuromancer; and Interplay's Wasteland.

The next chapter, "The Golden Age Part II," is devoted to JRPGs and groundbreaking CRPGs with real-time 3d graphics that appeared alongside the aforementioned CRPGs. Covered here in the JRPG category are games such as: The Legend of Zelda and its sequels; The Dragon Warrior series; Final Fantasy; Chrono Trigger; Super Mario RPG; and the Phantasy Star series. The chapter also covers Sierra On-Line's Quest for Glory series; the SSI Black Box games (including Eye of the Beholder); Dungeon Master ("the most successful Atari ST game ever released") and its many clones; and other notable genre-bending games including Beyond Zork and Star Saga.

Here again, we fall into a small hole in the timeline, for The Golden Age ends in 1993 and the next age doesn't begin until 1996. The chapter covering this black hole is called "The Bigger They Come," as if suggesting that Barton was unwilling to give a name to this second Dark Age of CRPGs. Here we see coverage of a variety of bad CRPGs, including Interplay's Descent to Undermountain, Ultima VIII and IX, and the Gothic series (which surely deserves more than the two paragraphs it gets). Covered in more depth is SSI's fall from grace following the publication of an assortment of sub-par D&D titles (including Spelljammer, Dark Sun, Al Qadim, and others) and the ensuing loss of their license with TSR. Some attention might have been paid to the "fall from grace" of TSR itself, which suffered financial ruin in the years that followed and was ultimately purchased by WOTC in 1997.

Ever the optimist, Barton instead moves rapidly into The Platinum Age, which covers the period of time from 1996 to 2001 and includes "the best CRPGs ever made." Covered here in some depth are games such as Planescape: Torment, Icewind Dale and its sequel, Dungeon Siege, Ultima Underworld: The Stygian Abyss, Might and Magic: The Mandate of Heaven, Dungeon Keeper, Arx Fatalis, Bethesda's Elder Scrolls series, Interplay's Fallout and Fallout 2, and Troika's Arcanum. The bulk of the chapter, however, is devoted to two games and their sequels: Blizzard's Diablo and Diablo II, which the author treats with noteworthy disdain, and Bioware's Baldur's Gate and its sequel, which Barton believes is "the best CRPG ever made."

While both games receive more or less equal time, it is a bit hard to swallow Barton's dislike for Diablo in the context of a historical overview; nowhere else does he editorialize quite so much, or so vividly. While at first he simply declares that Diablo's consideration as a CRPG "remains a divisive subject," he quickly moves on to less thinly-veiled potshots. At one point, he refers to "hordes of badly behaved teenagers (and middle-aged men, no doubt) scampering to Battle.net, 'pwning' each other and seeking out the latest cheats and hacks to gain an unfair advantage." Later, Barton expresses a "pang of regret over the overwhelming triumph of (the Diablo) series, since it seems to have come at the expense of the older, more sophisticated CRPGs of past eras." He insists that Baldur's Gate "offers much more strategy than Diablo," and argues that Baldur's Gate's multiplayer "helped the game compete against Diablo, whose Battle.net servers had become a swirling vortex for Daddy's money." I don't even know what that means — how can a free service be a vortex for money? The entire argument smacks of something one might find in a Penny Arcade comic strip, such as this one or this one. At the end of the book, Barton goes so far as to predict that "the real-time Diablo and Morrowind-style CRPGs that were so popular throughout the late 1990s and early 2000s seem fated to extinction, usurped by World of Warcraft and other MMORPGs." In the wake of all the buzz surrounding Diablo III's announcement in recent days, this prediction seems slightly premature.

Barton ends the book with a discussion of the Modern Age, "which we are in today." The chapter covers Neverwinter Nights and its sequel, as well as Vampire: The Masquerade and Bloodlines, and Knights of the old Republic and its sequel. After a mention of Fable, Oblivion, more Final Fantasies and Zeldas, and a discussion of why console-based CRPGs seem to be winning out, Barton closes out the book with a look at MMORPGS, from Meridian 59 through WOW and DDO (and every major title in between). He notes (quite properly, in my opinion) that an MMO like WOW has trouble handling a central story and plot as adeptly as a CRPG can, and points out several "emerging trends" concerning CRPGs, including the rise of online gaming, the tendency to announce the death of the standalone, single-player CRPG and — just because we can never have too many digs at Diablo — a mention of the increasing emphasis on action over strategy. "Whereas Ultima Online stressed role-playing, Diablo emphasized roll-playing," says Barton.

Of course, it is Barton's voice which makes the book entertaining; this is no dry history, but the enlightened point of view of a student of CRPGs, shared with the reader in a casual, accessible manner; in many ways, it is a bold manifesto in their defense. Says Barton: "CRPGs are not only the most fun and addictive type of computer game, but possibly the best learning tool ever designed." You may disagree with that, but you can never dispute the author's own dedication to that belief.

Despite the book's somewhat questionable chronological structuring (or, more correctly, its occasional deviations from that structure), the only major flaw worth noting is that the accompanying artwork is, to put it mildly, hideous. The original full-color screenshots look wonderful in Barton's Gamasutra column, but in the book they are mostly reprinted in muddy, blotchy black and white, making it impossible to determine what they depict even with the help of accompanying captions. The book does contain a color insert after page 208, but this 4-page, 8-picture centerpiece is at best forgettable — I flipped past it entirely while reading, and found that upon further review I hadn't missed anything by skipping over it.

Dungeons and Desktops is a mixed bag, somewhat akin to a sack full of Halloween candy. There are some genuinely good pieces of sweetness in there, as well as a great deal of hidden, forgotten gems and some bits you never knew existed. Despite a bit of a jumble towards the middle, taken as a whole the book is well worth picking up if you're a fan of CRPGs or fantasy games in general. Less die-hard fans might find themselves preferring to stick to Barton's Gamasutra columns, and Diablo fans might find themselves gritting their teeth at some points, but then every bag of candy's got a few pieces of black licorice in it, no?

You can purchase Dungeons and Desktops: The History of Computer Role-playing Games from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page."

stoolpigeon writes "It seems that it wasn't long ago that Google was just a search company. The number of on-line products that fly under the Google moniker, today, is impressive. Google has moved well beyond its office-suite-like applications and excelled with everything from mapping to blogging to 3-D drawing. Google Apps Hacks is a new book from O'Reilly, published in conjunction with their Make magazine. This volume presents the reader with 141 hacks in an attempt to get the most out of a wide array of Google's on-line applications. The result is a quick ride that is rather fun — and while a bit shallow at times, it provides a great overview of just how much is available out there." Read below for the rest of JR's review. Google Apps Hacks author Philipp Lenssen pages 360 publisher O'Reilly Media Inc. rating 8/10 reviewer JR Peck ISBN 0-596-51588-X summary Tips & Tools for Unlocking the Power of Google Applications There is one issue that I believe must be addressed up front. The title of the book, "Google Apps Hacks" led me to believe that it would be a book full of hacks. The connection with Make made this seem all the more likely. I guess the definition of a hack is somewhat up for debate. I tend to agree with a couple that I found over at the Urban Dictionary, "A clever or elegant technical accomplishment, especially one with a playful or prankish bent. A clever routine in a computer program, especially one which uses tools for purposes other than those for which they were intended, might be considered a hack." and "A temporary, jury-rigged solution, especially in the fields of computer programming and engineering: the technical equivalent of chewing gum and duct tape." I see hacks as either thrown together solutions or extremely clever solutions that use something in a way that is not really what was part of the original intention for that thing. By either definition, many of the hacks in this book, are not hacks. I may be making a large assumption, but I do assume that many will share my opinion on the definition of a hack, so I think it is important that they understand what this book does contain, if it is not full of hacks.

I think what would be more accurate, and probably much less marketable, is that this is a book of Google Apps snippets, instructions and a few hacks. The hacks themselves are rated in the book as one of three levels — Easy, Intermediate and Expert. There are 141 total as I mentioned and they break down like this; 72 easy, 50 intermediate and 19 expert. That says something all on its own. This is especially true when some of the easy hacks include things like signing up for a Gmail account or accessing your calendar from a mobile phone. The instructions to do those things are not a hack, they are instructions on how to use the software as it was intended to be used. No clever tricks, no thrown together work-around, just documentation for things that are pretty easy to do.

With all that said, I think that the book has a high level of value. I just think that someone who judges it by its cover (which we all do, old sayings aside) may get an unpleasant surprise. What is the value, if it does not lie in providing a ton of hacks? Well, this book is an excellent introduction to Google's many on-line applications. I use many already and still learned of a couple new ones when I read this book. It also does bring all that instruction into one place, and provides a very user-friendly style of instruction. There is also a very nice feature, 8 sections that take the reader "Beyond Google...". Each of these sections informs the reader about alternative software that provides similar functionality to the Google software described in the preceding chapter. This is really a great resource and an unexpected bonus for anyone who reads the book.

The book covers the entire Google Documents family with an overview and then chapters that deal specifically with documents, spreadsheets and presentations. The beyond Google section presents Zoho, EditGrid and the ThinkFree on-line office suite. There are some nice hacks here that revolve around using the sharing capabilities as well as pulling data from all over the web and into documents. For example Hack #27 is one of the expert hacks and gives 5 pages of explanation, with black and white images as well as code snippets, on how to pull data from any web site into a spreadsheet. This also serves as a nifty little example of xpath and uncovers some very cool Google spreadsheet functionality. Hack #29 is another rated expert that uses screen scraping, but this time to add currency conversion capabilities to a spread sheet. I thought these were not only fun but did a great job of opening up my mind to a number of other possible uses for these tools.

The chapter on Gmail is for the most part pretty basic. One of the expert hacks, altering the appearance of Gmail using ones own stylesheet, is useful not only for Gmail but for any site that one might be interested in modifying. The coverage is decent and much of the functionality and interface is very well documented. The other products introduced are Yahoo! Mail, MS Hotmail and Mozilla Thunderbird. One simple hack is the ability to create 'spare' email addresses with the use of periods in the name or the use of '+' to add onto the name. This hack gained quite a bit of attention on the web not that long ago, and is one of the easy hacks, but still very useful.

Many of the hacks, including hack #54, from the Gmail section, originated with someone other than Lenssen. He is careful to point this out, in the text of the hack, which I thought was very cool. Not giving credit would be a real problem, but it didn't need to be so prominent. That hack, by the way, is how to use the undocumented "lang" operator to search messages based on language. Another easy hack that could be extremely useful.

iGoogle is covered, along with instructions on creating Gadgets. I thought the ability to add any flash game as a gadget was fun but damaging to my productivity. The other options presented are Netvibes, Pageflakes and Protopage. This is followed up with Google Calendar and some nice instructions on adding a Calendar xml widget to a blog, or the inverse, embedding a vast array of content into Calendar events. The other options here are Yahoo! Calendar, Microsoft's Calendar and 30 Boxes. These are both followed by the chapter on Google reader and a list of a number of other possible reader services.

The chapter covering photos and video is shorter than the others when taking into account that it covers Picasa, YouTube and GoogleVideo, but I think that there just isn't as much flexibility or need there as in some of the other applications. The chapter on blogging and Google Groups is just the opposite, with quite a few more hacks and some nice tips on getting the most from each of those services.

Google Maps, Google Earth and Sketchup 3D are covered in a single chapter together. There are some nifty hacks here, though some of the more flashy have already received quite a bit of attention all over the internet. For example, the ability to use Google Earth as a flight simulator has already gained a huge amount of attention on most high profile sites, and many blogs, low traffic sites, etc.

The last chapter covers tools like Analytics and ways to go about doing search engine optimization and generating traffic. There are some nice ideas for the individual who really wants to analyze what traffic they have and try to get more. Here there are some good examples of another strength of the book. It does a good job of crossing over between applications. Two good examples here are Hack #133, which covers exporting Analytics data to Google Spreadsheets and hack #136 which is a very clever way to do user surveys using Google Spreadsheets again.

As I mentioned, most of the book is a bit shallow. But that is not always the case. Some of the expert hacks are not too tough, but do require the reader to get a handle on more than just basic concepts and tools. Some are excellent exercises in getting exposed to all kinds of technology. Hack #121 lets the reader know how to create Google Maps overlays on the fly using Python to generate KML, using data that it read from a MySQL database. That's fun stuff and a far cry from hack #1 "How to Get Your Google Account." In fact for some people, the entire book may be worth these gems.

The book has a nice glossy cover and the 9.7 x 8.0 dimensions mean that it doesn't feel to thick for its almost 400 pages. Those pages fly by and each hack is accompanied by plenty of illustrations and code snippets where appropriate. The table of contents breaks things down well, and each hack is named there and the names give an accurate description of the content. The index is acceptable and the two combine to make this a very easy resource to pick up and jump to just the right content. It can be read from front to back, but that is not at all necessary and there is no thread or flow that would necessitate reading it in order unless the reader was completely new to one of the applications presented. In that case, it might be best to work from the introduction of that application first.

The introduction states that Lenssen and his editor used Google Documents to write this book. This is not much of a surprise as Lenssen's own blog is dedicated to watching Google and their doings.

I've found this to be an extremely useful book. I've used it setting up a Google Site. I've learned about some web applications from Google and from others that I didn't even know existed. I get myself into a bit of a tizzy over the whole use of the word 'hack' thing, but that's just the geek in me coming out. Sometimes I think we love to bicker over stuff like that. That aside, this is a solid book full of useful material.

You can purchase Google Apps Hacks from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "While Terminal Chaos should be shelved in the current events or business section of a bookstore, it could also be placed in the modern crime section. After reading it, one gets the impression that the state of air traffic today could only come due to criminal neglect or mischief. If one looks at pictures of airline flights from the 1960s, you will see well-dressed passengers enjoying their flight. In 2008, barely a day goes by without an incident of air rage, from irate passengers in the terminal, to those in the air causing flights to be diverted. Today's airline traveler considers it a near miracle if his flight arrives on time with his baggage." Keep reading for the rest of Ben's review. Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It author George Donohue and Russell Shaver pages 240 publisher Amer Inst of Aeronautics rating 10 reviewer Ben Rothke ISBN 978-1563479496 summary Fascinating look at the current state and problems with the US air traffic system The reasons for the meltdown in the air traffic system are complex. The book names a number of reasons for today's chaos. Some of these include airline deregulation, multiple governmental agencies with no central oversight or responsibility, multiple corporate entities with conflicting agendas, an air traffic controllers union resisting change, a technologically outdated air traffic control system, and more.

While the public perception in the US is that somewhere out there, government officials are looking out for passenger's rights, the reality is there is no one looking out for them. Unlike their European counterparts, air travelers in the US have very few rights. This lack of passenger advocacy along with the other reasons has a huge impact on the economy, in addition to the costs that flight delays and cancellations cost U.S. travelers, which are estimated annually at over $3 billion.

Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It is a fascinating book. The authors show a number of ways to fix the current problems. While the book is part case-study, it is also part tragedy, given the tragedy is that Washington lacks anyone with the pragmatism, willpower and audacity to stand up to the unions and powers that be to fix the system. The book lays out in 7 concise chapters the problems, ringleaders, obstacles and challenges that brought us to the state that we are in today.

The authors sum it up best when they note that the distance from New York to Chicago is 635 nautical miles, and when flown by a piston-powered DC-6 with a cruise speed of 315 MPH over 50 years ago, the scheduled flight time was a little longer than two hours. Today, scheduled airlines fly Boeing 737 turbofans at 511 MPH, but book this as a 3-hour flight.

In chapter 4, the authors note that while some flight delays are the result of post-9/11 security issues, the main reason why flying has become so arduous is that the air transportation system, as it is now structured in the US, is untenable from a fundamental business point of view. The government regulated business model is unstable and irrational and planes are purposely overbooked, flights are cancelled for no publicly explainable reason, and no one will offer the flier a sound reason for why these events occur.

Both authors are professors at the Center for Air Transportation Systems research at George Mason University. The book quotes from research done there, which includes suggestions such as to use larger aircraft (something Continental is doing at Newark), along with other market mechanisms. Other research shows that slot exemption, weight-based landing fees and other issues combine to lead to inefficient use of airport capacity, especially as slot-controlled airports, such as O'Hare, Kennedy, Newark, LaGuardia and Atlanta.

In chapter 6, the authors take a no-holds barred approach to NATCA, which is the National Air Traffic Controllers Association. They view NATCA as a stumbling block to modernization, and an organization whose goal is to protect their members, over the public they are supposed to serve. They also question how NATCA gets away with constantly stating that the US air traffic control system is the safest in the world, when it is actually behind Europe when it comes to safety metrics (Europe has .032 hull losses per 1 million departures vs. .049 in North America).

Ultimately, the book notes that the air traffic control problems exist in the fact that there is a perfect storm of airlines, airports, government agencies (FAA, DOT, OMB, DHS), White House and Congress, all of which seem to believe that they don't have the responsibility to fix the problem. Each seems to be waiting for someone else to take charge.

Chapter 7 lists a number of practical ways in which the air traffic control system can be modernized. Some of the suggestions would require significant financial outlays; others simply require all of the parties involved to play nicely together.

Overall, Terminal Chaos is a landmark book, in that it cuts through the complexity of the air traffic mess, and clearly lays out the problem, and possible solutions.

It is a very well-written and extremely well-researched book. It does have a few slight errors. Most noticeably on page 73 when it says that Continental has been in and out of bankruptcy court, while the table on the next page shows that Continental has been out of bankruptcy court for over 15 years. Also, one of the travel tips the authors give is to have a traveler consider using a private aircraft out of smaller, less congested airports. That is indeed a good suggestion, albeit extremely costly, and not financially feasible for most of the flying public.

Terminal Chaos is a book that should be required reading for anyone involved in air traffic and aviation, from passengers to every employee at the FAA. The authors have innovative ideas that should be listened to and implemented; from holding the government decision-makers responsible, to realistic ways to modernizing the air traffic control system. The book is a fascinating overview of what goes on in the skies above us, and in the air traffic control towers around us.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "While Terminal Chaos should be shelved in the current events or business section of a bookstore, it could also be placed in the modern crime section. After reading it, one gets the impression that the state of air traffic today could only come due to criminal neglect or mischief. If one looks at pictures of airline flights from the 1960s, you will see well-dressed passengers enjoying their flight. In 2008, barely a day goes by without an incident of air rage, from irate passengers in the terminal, to those in the air causing flights to be diverted. Today's airline traveler considers it a near miracle if his flight arrives on time with his baggage." Keep reading for the rest of Ben's review. Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It author George Donohue and Russell Shaver pages 240 publisher Amer Inst of Aeronautics rating 10 reviewer Ben Rothke ISBN 978-1563479496 summary Fascinating look at the current state and problems with the US air traffic system The reasons for the meltdown in the air traffic system are complex. The book names a number of reasons for today's chaos. Some of these include airline deregulation, multiple governmental agencies with no central oversight or responsibility, multiple corporate entities with conflicting agendas, an air traffic controllers union resisting change, a technologically outdated air traffic control system, and more.

While the public perception in the US is that somewhere out there, government officials are looking out for passenger's rights, the reality is there is no one looking out for them. Unlike their European counterparts, air travelers in the US have very few rights. This lack of passenger advocacy along with the other reasons has a huge impact on the economy, in addition to the costs that flight delays and cancellations cost U.S. travelers, which are estimated annually at over $3 billion.

Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It is a fascinating book. The authors show a number of ways to fix the current problems. While the book is part case-study, it is also part tragedy, given the tragedy is that Washington lacks anyone with the pragmatism, willpower and audacity to stand up to the unions and powers that be to fix the system. The book lays out in 7 concise chapters the problems, ringleaders, obstacles and challenges that brought us to the state that we are in today.

The authors sum it up best when they note that the distance from New York to Chicago is 635 nautical miles, and when flown by a piston-powered DC-6 with a cruise speed of 315 MPH over 50 years ago, the scheduled flight time was a little longer than two hours. Today, scheduled airlines fly Boeing 737 turbofans at 511 MPH, but book this as a 3-hour flight.

In chapter 4, the authors note that while some flight delays are the result of post-9/11 security issues, the main reason why flying has become so arduous is that the air transportation system, as it is now structured in the US, is untenable from a fundamental business point of view. The government regulated business model is unstable and irrational and planes are purposely overbooked, flights are cancelled for no publicly explainable reason, and no one will offer the flier a sound reason for why these events occur.

Both authors are professors at the Center for Air Transportation Systems research at George Mason University. The book quotes from research done there, which includes suggestions such as to use larger aircraft (something Continental is doing at Newark), along with other market mechanisms. Other research shows that slot exemption, weight-based landing fees and other issues combine to lead to inefficient use of airport capacity, especially as slot-controlled airports, such as O'Hare, Kennedy, Newark, LaGuardia and Atlanta.

In chapter 6, the authors take a no-holds barred approach to NATCA, which is the National Air Traffic Controllers Association. They view NATCA as a stumbling block to modernization, and an organization whose goal is to protect their members, over the public they are supposed to serve. They also question how NATCA gets away with constantly stating that the US air traffic control system is the safest in the world, when it is actually behind Europe when it comes to safety metrics (Europe has .032 hull losses per 1 million departures vs. .049 in North America).

Ultimately, the book notes that the air traffic control problems exist in the fact that there is a perfect storm of airlines, airports, government agencies (FAA, DOT, OMB, DHS), White House and Congress, all of which seem to believe that they don't have the responsibility to fix the problem. Each seems to be waiting for someone else to take charge.

Chapter 7 lists a number of practical ways in which the air traffic control system can be modernized. Some of the suggestions would require significant financial outlays; others simply require all of the parties involved to play nicely together.

Overall, Terminal Chaos is a landmark book, in that it cuts through the complexity of the air traffic mess, and clearly lays out the problem, and possible solutions.

It is a very well-written and extremely well-researched book. It does have a few slight errors. Most noticeably on page 73 when it says that Continental has been in and out of bankruptcy court, while the table on the next page shows that Continental has been out of bankruptcy court for over 15 years. Also, one of the travel tips the authors give is to have a traveler consider using a private aircraft out of smaller, less congested airports. That is indeed a good suggestion, albeit extremely costly, and not financially feasible for most of the flying public.

Terminal Chaos is a book that should be required reading for anyone involved in air traffic and aviation, from passengers to every employee at the FAA. The authors have innovative ideas that should be listened to and implemented; from holding the government decision-makers responsible, to realistic ways to modernizing the air traffic control system. The book is a fascinating overview of what goes on in the skies above us, and in the air traffic control towers around us.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Terminal Chaos: Why U.S. Air Travel Is Broken and How to Fix It from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

zedguy writes "Ask someone what 'project management' is and you're liable to get a few blank stares — it's one of those fields people have heard of, but probably have problems pinning down a definition. So that is what the first section of the book does: provides a definition that can be summed up as applying tools and skills to complete a project. That then leads to what exactly is a "project": a set of tasks with a time-frame and goal of somehow adding value. So yes, the introduction does involve a fair bit of terminology that isn't going to be familiar to many readers coming from a coder's background, but there's a helpful appendix that lays out many of the terms. Just as important, the introduction explains what project management is not, some of the misconceptions and why it's good to know." Keep reading for the rest of Zoltan's review. The Principles of Project Management author Meri Williams pages 204 publisher SitePoint / O'Reilly rating 8 reviewer Zoltan Hunt ISBN 0-9802858-6-0 summary A practical introduction to project management With the definitions out of the way, readers then get into the start-up tasks. First, there's looking for projects (find opportunities), deciding is it's a good opportunity (this is a bit of office politics — you want to know soon if the your project has the necessary support from management) and even if the task warrants a project — one of the key points is that a project is not on-going maintenance — it has a goal and a completion date.

Once you have decided to undertake a project, the next steps involve a proposal, identifying stakeholders, setting up an organizational chart and establishing communication protocols. This is the soft skill side of project management — a lot of the work is keeping the people the project is for interested and informed on where the project is heading. Much of the advice is practical — including dealing with the stakeholders who just aren't that interested in your project and picking a good project board — the less the better. Finally, once this is established it's time to make sure everyone is on the same page and agreed on the deliverables (the specific things the project will achieve).

By chapter three ("Getting the Job Done") we're into the actual material many readers (including myself) think of as project management — setting schedules, breaking deliverables into discrete tasks. For that, there's a lot of practical advice here — especially around making estimates and communicating them to stakeholders and team-members so they are not mis-interpreted as wild guesses or hard dates. Particularly good was the advice on refining estimates from a general size (is it a small, large or extra-large task), then, as the date got closer, change it to a more accurate estimate. As well as measuring performance, some management tools like work-flow and Gantt charts and issue lists are introduced in this chapter.

The last two chapters look at managing your team and completing the project. The "Keeping it smooth" chapter gives a good overview of the people management skills you will need working with team members. There's a fair bit of overage of team building (forming, storming, performing and adjourning) and a bit of coverage of collaboration over distances. Having done some small group management in the past, I think it covers all the bases well and it's applicable outside of project management as well.

Like many of the new SitePoint books this book explains a complex topic with a few illustrations and a clean layout. They're using that humorous information schema (light-bulb, bicycle horn, hand grenade) to good effect. One example of this is in Getting Started chapter: There is a section talking about what goes in a Project Initiation Document (PID), and there are break-out boxes on what it is not meant to take the place of.

For an example of the layout, the "Keeping it Smooth" chapter is a good example of how this book is organized; Topics are broken up by headings with points arranged as lists of short paragraphs, which makes it easy to skim. While it's a small book — 200 pages, about 25x20 cm — it's still good to be able to skim.

The glossary covers the particular usage of words in the project management domain.

Appendixes A-C list some tools,other resources (books and blogs) and C provides a list of qualifications and associations.

For a topic I was quite unfamiliar with when I started, I'd recommend this book as a good overview to the topic. The chapters follow a chronological order through a project — from picking a project — including those to avoid — planning and executing, managing the staff and stakeholders and finally, finishing your project and handing it off.

The author, Meri Williams, writes two blogs: GeekManager and Meriblog which readers might want to check out for further material. While each field has it's jargon, project management has a number to learn — and this book does a good job explain it.

You can purchase The Principles of Project Management from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

jsuda writes "At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable." Read below for the rest of Jsuda's review. Foundations of Mac OS X Leopard Security author Charles S. Edge, Jr., William Barker, and Zack Smith pages 455 publisher Apress rating 9 reviewer jsuda ISBN 978-1-59059-989-1 summary Best book on Mac Security Many of the security issues raised in the book are theoretical or deal with added elements of the Mac software install that contain non-Apple components — Apache Web server and Perl and PHP scripting packages, for example. Many of the items of concern deal with generic problem areas of computer usage in general, both software and hardware, which affect the Mac as well as any other computers and networks. While the perspective of the book is on the Mac, much of the security review will apply to any type of computer or network.

Messieurs Edge, Barker, and Smith are seasoned Mac and security professionals who point out in a very systematic and comprehensive way the potential problems of running the Mac both in single use and networked environments. The focus is primarily on Mac OS X Leopard and the other software which comes with any new Mac computer, although there is some discussion of earlier OS X versions and earlier generations of Apple applications like Airport.

The book has five main parts covering general security matters, essential security fundamentals, networking, sharing, and workplace security issues. There are four very short appendices of modest value.

The initial first three chapters deal with general security and security fundamentals is basic stuff discussing how technical computer security issues are entwined with practical realities of using computers in a business or home, and that compromises between security and practicality generally must be made. There is discussion of types of security attacks, how the Windows booting programs, Parallels and Boot Camp, implicate Windows security issues on the Mac, and how the UNIX underpinnings of the Mac OS X allow for more sophisticated techniques and tools in securing the Mac computer and networks. Chapter 1 is a useful "quick start" guide of items which can be addressed readily by nearly any level of user to safeguard the Mac from many security concerns. Apple has provided a lot of built-in security features and services which can be adjusted by individual users to his or her own needs, like FileVault, Secure Trash, Keychain, permissions, and others. Higher-level users and maybe experienced security professionals not used to the Mac may be bored with the first part of the book.

Part two deals with protecting the Mac from malware and exploitable services in the OS and major applications like the Safari browser and Mail applications. It explains how malware can affect the Mac through script viruses, social engineering techniques, and other exploits. The book lists a number of available software tools which can help solve some of the potential problems. The section on reviewing and configuring monitoring processes and logs is especially interesting.

Securing networks, using and configuring firewalls, and wireless networking make up the bulk of part three. The content in chapters 7 through 9 is quite technical covering types of networks; routers, hubs and switches;proxy, DMZ, and other servers and hardware setups, advanced firewall configuration using both GUI and command line interfaces; filtering; traffic throttling; and more. The sections describing testing of firewalls and hacking wireless networks using tools like Kismac and iStumbler are especially useful.

Chapter 11, in part four, dealing with website security when utilizing the built-in Apple web services, includes a checklist of at least a dozen items to be dealt with in locking down a site. Security for remote conductivity is addressed also, with particular emphasis given to VPN, secure shell, and the use of network administration tools like Timbuktu and DAVE. Attention is given to both the standard Mac OS X installation as well as to OS X Server. The most complex discussions involve using Open Directory in a security plan. My favorite sections were in chapters 14 on network scanning, monitoring, and intrusion prevention tools. The book describes how to understand your own machine/network security status by learning how to attack other networks. And how to use techniques like white/black box testing, fingerprinting, enumeration, port and TCP/UDP scans, ping sweeps, and more.

The book describes how intrusion detection is accomplished. Guidance is provided on software tools like Tripwire, snort, Checkmate, and others. The last chapter concerns forensics and how to handle attempted or successful intrusions to both understand security weaknesses and to preserve evidence for civil or criminal proceedings, CSI-like.

Nearly all of the presentations cover two levels of interactivity using either GUI-based tools or the command line. Except for a handful of sections, the presentations are useful even for higher-end users, including those dealing with medium to large networks.

The writing is workmanlike and without style or wit, but carefully organized and expressed. There are plenty of (grayscale) screenshots of relevant software application configurations, and sidebar Notes and Tips on many topics. Anyone who has a serious interest in Mac OS X security will benefit from this book as its main virtue is its systematic and comprehensive approach to the issues. It is designed to inform users of all levels how and why to think about OS X security. Geeks who want or need to know Mac OS X security will get a nicely organized book sufficiently filled with useful content. This is not a book intended to raise all security issues or to provide all the answers. It does answer many problems, and will point nearly all users in the right direction for their specific needs.

You can purchase Foundations of Mac OS X Leopard Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "Professional Techniques for Video Game Writing is the followup to Game Writing: Narrative Skills for Videogames, and the second book written by members of the Game Writers' Special Interest Group of the 14,000 member strong IGDA. The book covers much of the same terrain as its predecessor, but offers a tighter focus on some specific points, covering more technical (as in technique) details rather than broader narrative theory; if the first book was a Google Map, this one would be the Street View." Keep reading for the rest of Michael's review. Professional Techniques for Video Game Writing author Wendy Despain (Editor) pages 250 publisher A.K. Peters Ltd rating 10 reviewer Michael Fiegel ISBN 978-1-56881-416-2 summary A detailed look at professional video game writing techniques. Three authors from the first book — Richard Dansky, Rhianna Pratchett, and Andrew Walsh — also pen chapters here; they are joined by a dozen others, including three authors who helped edit the first book: Sande Chen, Wendy Despain, and Beth Dillon. In the interest of full disclosure, my own name appears beside a few quotes in this book; I am a member of the IGDA Writer's SIG, but I had no involvement in the writing or editing of the book itself.

When I reviewed Game Writing last year, my only reservations were that the book could have used some more specific examples from relevant games, and that it could have included a chapter on breaking into the field of game writing. It's nice to see that both of those issues have been addressed in this book. In fact, the latter issue is dealt with right where it should be — in chapter 1, "How to Break In and Stay In." Author Beth Dillon covers the importance of education, experience and a solid portfolio, but spends more time on the all-important notion of networking. Much of the chapter is also devoted to "how I did it" stories, which offer prospective writers a fairly good idea of the many ways in which one can get involved writing for games.

The next several chapters cover specific types of game writing documents and formats. Collectively they are in my opinion among the best in the book, even though they really can only touch the surface of the vast amount of documentation — internal and external — that goes along with the making of a game. As one might expect, the first of these — Chapter 2 — covers the broad issue of format in a discussion of "Interactive Script Formatting." Here, Author (and editor) Wendy Despain discusses the lack of a single script format, the standard screenplay format, the realities of using Microsoft Excel, branching narratives and the Neverwinter Nights Aurora Toolset. In the next chapter, Erin Hoffman offers a brief, concise discussion of the need for brief, concise pitch documents and executive summaries, two of the key documents found in the early stages of game design.

Chapter 4, by John Feil, then focuses on the types of Game Documentation that appear once game development has actually begun; he covers everything from versioning, wikis and source control, to the evolution of documents from pitch to treatment to game design document, as well as supplementary documents such as technical design docs and scripts. Feil also pens chapter 5, "Manuals, In-Game Text, and Credits", which has a fairly self-explanatory title. Worth noting in this chapter is the acceptance of some unpleasant realities of the industry, including the last-minute rush to get manuals done, the difficulties in working with various groups, and the fact that no one reads the manual anyway. Also mentioned is the issue of credits in the game industry — one of the primary reasons for manuals, and a constant thorn in the side of just about everyone who's ever made a game. The IGDA is working hard on a standard, and the book mentions their efforts, which can be followed on the IGDA website.

Several later chapters also cover specific types of documentation in some detail. Chapter 12, by Andrew Walsh, covers Tutorials, including issues of narrative models and the fact that tutorials are often added late in the development cycle. Chapter 13, by Alice Henderson, focuses on Strategy Guides, covering issues such as dealing with bugs, acquiring screenshots and maps, and dealing with drafts and deadlines.

In-between and elsewhere, the book also covers: the emerging industry of narrative design; the pros and cons of remote contracting versus working in a game studio; writing in a team; breaking writing up into "bite-sized chunks" to get the work done; writing for new intellectual property (versus existing IP); writing for different types of audiences; and working with voice actors in the recording studio. Some of these chapters drift a bit closer to ground already covered in the SIG's first book, but each does offer a degree of additional detail that readers will find helpful. Especially noteworthy is Richard Dansky's chapter on Script Doctoring, which offers a plethora of information and tips on how to do it well, along with plenty of exercises on how to practice your skills.

Dansky's piece is followed by Evan Skolnick's "Game Writing and Narrative in the Future," which looks at the direction the industry is going, and explores why writers are necessary, and how a theoretical game story system for future games might work (with a sideways glance at ELIZA and the Turing Test). After this final chapter, the book contains four appendices full of script samples, pitch documents, excerpts and other writing documents from games such as Bratz: Forever Diamondz, Pests, Food Finder and Call of Juarez. As is always the case when such gaming documents are presented, the lists of barks ("Great!" "Sweet" "Awesome!") are at once ridiculous and helpful to see in print, demonstrating quite a lot about the nature of game writing in their seeming redundancy.

Closing out the book is a list of author bios (there are 15, contributing to 16 chapters), including the likes of the aforementioned Richard Dansky (Ghost Recon, Splinter Cell), Chris Klug (Stargate Worlds, Earth & Beyond), Rhianna Pratchett (Heavenly Sword, Overlord), Anne Toole (The Witcher, Stargate Worlds) and Andrew Walsh (Harry Potter and the Order of the Phoenix). Notable is the fact that 7 out of the 15 authors are women; in a male-dominated industry, it would seem that in the realm of writing, at least, things are a bit more balanced.

In addition to being filled with useful information and tips, most of the chapters also feature one or more exercises at the end, providing readers (who are presumably also writers) with ways to test their skills in a practical manner using the techniques and theories discussed in each chapter. In some cases the Exercises are a bit lackluster and seem tacked on, but many are quite comprehensive and detailed; Dansky offers five such exercises which resemble nothing so much as a final exam from a college course on Script Doctoring. Alas, it seems doubtful that Professor Richard will be available to grade everyone 's work.

Professional Techniques is definitely a book by writers, for writers; even moreso than its predecessor. Insightful discussion of game writing issues is matched with many excellent examples and helpful exercises, and the whole piece is only very slightly marred by some odd chapter arrangement in the middle of the book. This arrangement places Chapter 5's coverage of Manuals and In-Game Help and Chapter 12's discussion of Tutorials further apart than seems logical, especially considering the wide range of topics covered in-between. However, this is truly nit-picking, and overall the book deserves top marks. Stylistically and informatively, it's at least on par with its elder cousin, and will serve as an excellent addition to the library of any game writer — current, or prospective. I highly recommend it.

You can purchase Professional Techniques for Video Game Writing from amazon.com. Slashdot welcomes readers' book reviews — to see your own review here, read the book review guidelines, then visit the submission page."

Wolf nipple chips writes "Craig Wright discovered that the Jura F90 Coffee maker, with its honest-to-God Jura Internet Connection Kit, can be taken over by a remote attacker, who can cause the coffee to be weaker or stronger; change the amount of water per cup; or cause the machine to require service (call this one a DDoC). 'Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.' An Internet-enabled, remote-controlled coffee-machine and XP backdoor — what more could a hacker ask for?"

stoolpigeon writes "Hackerteen Volume 1: Internet Blackout is an interesting new project, a graphic novel being published by O'Reilly. What makes it interesting is not just that this is a rather new direction for O'Reilly but that this is, to my knowledge, a rather unique publication in that it seeks to educate teenage youth about an array of issues ranging from privacy, free software, security and the impact of politics on personal freedom as it relates to the use of technology. Making topics like that exciting, and understandable to a young person may sound like a tall order, and I think it is." Read below for the rest of JR's review. Hackerteen Volume 1: Internet Blackout author Marcelo Marques and the Hackerteen Team pages 101 publisher O'Reilly Media, Inc. rating 7/10 reviewer JR Peck ISBN 978-0-596-51647-5 summary You have a choice: be a victim of the skeezers or be part of the solution. Fight back with Hackerteen! This book has an extremely interesting background and it is worth taking the time to look at. Hackerteen is not just a name, it is an edutainment program created by the Brazilian company 4Linux. The program consists of distance learning and instructor led classes that allow students to progress through a series of colored belts. Currently the classes are only available in Portuguese and on site only in Sao Paulo, Brazil. The Hackerteen site says that materials in Spanish and English are being developed now.

The curriculum, according to the site, arose out of a desire to deal with three problems.

1. Excessive time spent by young people playing computer games on the internet.
2. Young people committing digital crimes on the internet.
3. A lack of professionals who work with networks and computer security.

To deal with these issues they teach, "computer security..., entrepreneurship and hacker ethics." This graphic novel is a reflection of the desire to communicate all of those values through a fictional story about Yago, a high-school junior who transitions from compulsive gaming to becoming a skilled member of the Hackerteen team.

Part of the mission for the book is introducing a wide array of issues and terms to the reader. Often a topic will or word will be accompanied by a footnote with a url for a hackerteen page holding an article containing relevant information. Not all the links are as informational though, with many linking to a graphic without much information. Hopefully these are placeholders for articles like the two that I've referenced here. A number of interesting topics are brought up, and a reader could research them on their own, or they would allow for good discussion points in a teaching setting. The only issue is that sometimes the placement of topics is a bit forced. A humorous example of this is when a teen-age girl who needed help choosing a web-cam, just a few pages later asks her aunt for money to attend a course on the Creative Commons.

The artwork is acceptable. It is at times a bit awkward, at others pretty solid. I think that it as at least as good as much of what I read when I was a teen, probably better than much of it. What is exceptional compared to the illustrated works of my youth are the materials and production quality. The cover is glossy, the colors are vibrant and the pages are going to stand up for a long time. Of course the flip side of this is that quality like this does not come cheap. The cover price is $19.99 and that's a bit steep for young kids today.

I think though that this has the potential to be a useful educational tool. I am hoping that some schools are willing to pick up that cost to allow their students access to this material, but a part of me thinks that may be a bit optimistic. I would suggest that for those of us who may hold some of these issues dear to our hearts, and who are sometimes dismayed at the attempts by many to influence the populace in a different direction, this may be a worthwhile investment. I think buying a copy or two, for relatives, a local school or library may pay dividends in the future. It is quite possible that for many this will be their first introduction to many of the issues presented in the book.

I loaned my copy to a co-worker. He and his kids read it. For them the introduction to Linux, the ideas of FOSS and others were brand new. When he returned the book my co-worker told me that he had never heard of the creative commons and I explained what it was. His boys he said were interested to see how the story would develop moving forward.

It's not easy making issues of freedom and safety exciting. The story is sometimes a bit over the top and the writing is sometimes weak. Internet savvy kids are going to struggle with some of the events, not due to glaring technical problems, but because some of the events are just a bit silly. That said, the options I've seen explaining these topics wouldn't just be 'o.k.' to a teen, they would be downright painful. So should we wait until the kids grow up to start teaching them what matters? I'd say this is definitely worthwhile and hopefully as the series moves forward it will only get better.

I think it is worth noting that while Marcelo Marques is the author, the book does list the full team who created it. They are Hugo Moss (story supervisor), Joao Felipe Munhoz (artist), Fabio Pontes Ramon Felin (colorist), Rafael Kirschner (colorist),and Ricardo Bomfim (colorist).

The slashdot review guidelines describe a 7 as "A good book; better than merely adequate, though not outstanding." The price, short length and acceptable but not great artwork put it there in my mind. I'm 39 and a younger person may not be as critical with the art or writing. It is good, and has great potential for impact. With a little bit better artwork, some stronger writing and if possible a bit lower price point this could be really fantastic. I'm looking forward to seeing how Volume 2 turns out.

You can purchase Hackerteen Volume 1: Internet Blackout from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "Security policies are like fiber, that is, the kind you eat. Everyone agrees that fiber is good for you, but no one really wants to eat it. So too with information security policies. They are sorely needed, but most users don't go out of their way to comply with them. And in many firms, they are not even trained in what they have to do. But failure to have adequate information security policies can lead to myriad risks for an organization." Keep reading for the rest of Ben's review. Building an Effective Information Security Policy Architecture author Sandy Bacik pages 340 publisher CRC rating 8 reviewer Ben Rothke ISBN 978-1420059052 summary Good book for information security policy development For the sake of a basic definition, a policy is a formal, brief, and high-level statement or plan that embraces an organization's general beliefs, goals, objectives, and acceptable procedures for a specified subject area. The purpose of information security is to protect an organization's resources. The cornerstone of any information security strategy is a robust set of policies, procedures, standards and guidelines.

There are many reasons what information security policies are needed. Some of the most imperative reasons are:

• To inform users of their information protection duties
• Advise them what they can and cannot do with respect to sensitive information.
• Define how users are permitted to represent the organization, what they may disclose publicly, and how they may use organizational computer resources for personal purposes.
• To clearly define protective measures for these special information assets. The existence of a policy may be a decisive factor in a court of law, showing that the organization took steps to protect its intellectual property.
• Define both acceptable and unacceptable behavior. For example, spending a lot of time surfing the web and downloading videos off the net are both generally unacceptable.
• Policies are needed to establish the basis for disciplinary action, up to and including termination.

Building an Effective Information Security Policy Architecture does a good job of showing the reader how to start from scratch and build their security policy infrastructure. The book starts off at a high-level about the need for policies, and then goes into details on how to develop, write and sell these policies to management.

The book is a good guide to the entire policy lifecycle, and how to use various means to get to the ultimate goal. At 340 pages, the first ten chapters comprise 155 pages and deal with creating the policy infrastructure, communicating with management, and putting the entire policy puzzle together. The final 185 pages comprise 21 appendices of various examples of different policies.

A most significant downside and frustrating part to the book is that there is no CD-ROM with it, or companion website in which to download and use the numerous policy and process examples. At $80.00, such an option should be de rigueur. The lack of electronic versions of the policies in a book such as this is senseless.

Also, this is the first technology book that I have ever seen that did not cite a single reference. It is hard to imagine writing a book on this topic without using some sort of external reference. While the author may not want to quote sources, she should at least point the reader to other sources of information about security policies. Two notable and essential sources in the information security policy space are the SANS Institute — SANS Security Policy Project, which is free, and Information Security Policies Made Easy from Information Shield, Inc., which is $795.00, but worth every penny for a serious security policy effort. Full disclosure: I am on the Information Shield Expert Panel, but get no financial incentives or compensation.

Overall, Building an Effective Information Security Policy Architecture is a good resource to use if you are tasked to create or modify your organizations set of information security policies. The book will likely find itself on the desk of many information security professionals.

While it is frustrating that the book makes you reinvent the wheel by not having electronic versions of the polices, its value still can't be underestimated. Let's hope future versions of the book will fix that anomaly.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Building an Effective Information Security Policy Architecture from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "Security policies are like fiber, that is, the kind you eat. Everyone agrees that fiber is good for you, but no one really wants to eat it. So too with information security policies. They are sorely needed, but most users don't go out of their way to comply with them. And in many firms, they are not even trained in what they have to do. But failure to have adequate information security policies can lead to myriad risks for an organization." Keep reading for the rest of Ben's review. Building an Effective Information Security Policy Architecture author Sandy Bacik pages 340 publisher CRC rating 8 reviewer Ben Rothke ISBN 978-1420059052 summary Good book for information security policy development For the sake of a basic definition, a policy is a formal, brief, and high-level statement or plan that embraces an organization's general beliefs, goals, objectives, and acceptable procedures for a specified subject area. The purpose of information security is to protect an organization's resources. The cornerstone of any information security strategy is a robust set of policies, procedures, standards and guidelines.

There are many reasons what information security policies are needed. Some of the most imperative reasons are:

• To inform users of their information protection duties
• Advise them what they can and cannot do with respect to sensitive information.
• Define how users are permitted to represent the organization, what they may disclose publicly, and how they may use organizational computer resources for personal purposes.
• To clearly define protective measures for these special information assets. The existence of a policy may be a decisive factor in a court of law, showing that the organization took steps to protect its intellectual property.
• Define both acceptable and unacceptable behavior. For example, spending a lot of time surfing the web and downloading videos off the net are both generally unacceptable.
• Policies are needed to establish the basis for disciplinary action, up to and including termination.

Building an Effective Information Security Policy Architecture does a good job of showing the reader how to start from scratch and build their security policy infrastructure. The book starts off at a high-level about the need for policies, and then goes into details on how to develop, write and sell these policies to management.

The book is a good guide to the entire policy lifecycle, and how to use various means to get to the ultimate goal. At 340 pages, the first ten chapters comprise 155 pages and deal with creating the policy infrastructure, communicating with management, and putting the entire policy puzzle together. The final 185 pages comprise 21 appendices of various examples of different policies.

A most significant downside and frustrating part to the book is that there is no CD-ROM with it, or companion website in which to download and use the numerous policy and process examples. At $80.00, such an option should be de rigueur. The lack of electronic versions of the policies in a book such as this is senseless.

Also, this is the first technology book that I have ever seen that did not cite a single reference. It is hard to imagine writing a book on this topic without using some sort of external reference. While the author may not want to quote sources, she should at least point the reader to other sources of information about security policies. Two notable and essential sources in the information security policy space are the SANS Institute — SANS Security Policy Project, which is free, and Information Security Policies Made Easy from Information Shield, Inc., which is $795.00, but worth every penny for a serious security policy effort. Full disclosure: I am on the Information Shield Expert Panel, but get no financial incentives or compensation.

Overall, Building an Effective Information Security Policy Architecture is a good resource to use if you are tasked to create or modify your organizations set of information security policies. The book will likely find itself on the desk of many information security professionals.

While it is frustrating that the book makes you reinvent the wheel by not having electronic versions of the polices, its value still can't be underestimated. Let's hope future versions of the book will fix that anomaly.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Building an Effective Information Security Policy Architecture from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Of all the content management systems (CMSs) from which a Web developer can choose for creating a new Web site, Joomla is generally considered to be one of the top choices -- partly because an experienced developer can create an attractive site faster with Joomla than with the majority of other CMSs. However, Joomla's online documentation leaves much to be desired, as is true for most if not all CMSs. Intermediate and especially new developers need a clear and comprehensive resource that can explain the terminology, customization, administrative panel, and other aspects of Joomla. A promising candidate is a book written by Barrie M. North, titled Joomla! A User's Guide: Building a Successful Joomla! Powered Website." Keep reading for the rest of Michael's review. Joomla! A User's Guide author Barrie M. North pages 480 publisher Prentice Hall PTR rating 8 reviewer Michael J. Ross ISBN 0136135609 summary learn how to create and manage a website powered by Joomla! It was published by Prentice Hall, under the ISBNs 0136135609 and 978-0136135609, on 21 December 2007 (although page 233 confusingly suggests that the material was written in November 2006). The book is available not only in print, but in electronic form as well, as part of the Safari Books Online library. On the publisher's Web page for the book, visitors can read the table of contents, the preface, and the index. Also, they can download a sample chapter -- "Creating a Pure CSS Template" -- as a PDF file. Lastly, visitors can check for updates to the book's content, i.e., reported errata, of which there are more than half a dozen, as of this writing.

The majority of the book's 480 pages are organized into 12 chapters, covering a number of topics: an introduction to CMSs and Joomla; installing Joomla; administration basics; content management; menus; extensions; WYSIWYG editing of content; search engine optimization (SEO); building a table-less template; and how to build Joomla sites for a school, a restaurant, and a blog. Four appendices cover: getting help on your Joomla problems; case studies; SEO basics; and installing WAMP5. The book offers plenty of screenshots, which make it possible for someone to follow the discussion even when away from their computer. Sadly, much of the text shown in the illustrations is extremely small, and could prove very difficult to read for anyone with diminished vision. Even some of the captions are so small as to almost require the use of a magnifying glass. Moreover, the illustrations are printed in light gray, which makes the situation even worse.

The intended purpose of the book is "to guide a non-technical user step-by-step in learning how to create and manage a website powered by Joomla" (page 7). The book is definitely geared towards people new to Joomla, and even new to Web development, given the amount of elementary material covered, such as the author's explanation of Joomla's need for a Web server.

In the preface, the author touches upon the growing popularity of Joomla for a wide variety of Web sites. He also mentions that PHP and CSS are not prerequisites for understanding the book; however, readers not well experienced in those technologies will struggle in implementing everything described in the book -- especially templates -- and this is substantiated by readers' comments online. Admittedly, a book that provided adequate coverage of PHP, CSS, and then Joomla, would likely be overwhelming in length. Readers unfamiliar with PHP and CSS should first secure a basic grounding in those technologies, prior to trying to create their own templates or other Joomla extensions. On the other hand, if a reader has no intention of creating any extensions of their own, then they can still use Joomla to build a new Web site, and use this book to learn how to do so.

In the first chapter, the author provides a valuable introduction to CMSs and the advantages they offer in separating content from the Web pages themselves. However, he refers to Joomla as a rebranding of Mambo, while it would be much more accurate to characterize it as a derivative project, having forked from Mambo, which still exists (sort of). The author also lists Joomla's major features, and the basic elements of a Joomla-powered Web site. Installing and configuring a CMS -- particularly for the first time -- is oftentimes a major stumbling block for any Web development newbie. Chapter 2 steps the reader through the process of downloading and installing the latest version of Joomla (the book uses version 1.5 RC1).

In the third chapter, the author explains the most commonly used administrative tasks, and how to accomplish them in the Joomla 1.5 administrative panel. He intentionally does not cover all of the administrative settings, and this may prove frustrating to some readers who are looking for comprehensive coverage. Yet he does note that such readers should consult the official Joomla User Manual. Also available is the Administrator Manual. The fourth chapter describes in detail how Joomla displays content in pages, how it organizes that content in sections and categories, and the role played by the Front Page component. It concludes with a discussion of how to create menu items and how to connect them to components, as well as how to use module content. Especially valuable to Joomla beginners is the explanation of the two methods of deciding what content appears on a site's homepage.

As noted in the preface, the relationship among menus, menu items, pages, and modules, is one of the most confusing aspects of Joomla -- even after the improvements with version 1.5. In Chapter 5, the author explains this relationship, and then the major menu layouts and how to control them using the various sets of parameters. He mentions the overriding of global settings, and this points up how, prior to this, the book should have explained where to change those global settings, and recommended values. The index is of no help, because they are not mentioned. In Chapter 6, the author shows how to install and manage extensions, which comprise components, modules, plug-ins, templates, and languages. (Templates were missing from his list presented in the book's preface.) Chapter 7 examines the use of WYSIWYG editors for changing content on the back-end and front-end.

The most functional and attractive Joomla-powered Web site will be of little value if it receives few visitors. Thus, search engine marketing (SEM), discussed in the eighth chapter, is of critical importance, and the author's largely sensible advice is worth reading -- despite the nonsensical reference to cowboys and cowgirls (on page 198), and his reference to the "miserable failure" Google bomb, which was diffused back in January 2007. Note that the links provided to the SEM tools strongly recommended by the author -- WordTracker, PR Prowler, and Perry Marshall -- are affiliate referral links. Thus it seems disingenuous when he writes "...this might be the place I would have a few affiliate links!" (emphasis added). Speaking of emphasis, it seems as if too much weight is given to resources from which the author would receive affiliate compensation. This is not what readers typically expect in a book for which they have paid good money. Also discussed in the chapter are the important topics of Web standards, accessibility, keywords, referral traffic, pay-per-click traffic, Google AdWords, e-mail traffic, and common SEM mistakes. He correctly points out the low SEM value of Joomla's native "Read more..." anchor text. But his recommended solution, a mambot from Run Digital, does not appear to work with Joomla version 1.5.

Most of the templates written for Joomla and Mambo have used tables for page layout, instead of the more accessible and efficient CSS approach. CSS- based templates are only now becoming increasingly available, and Chapter 9 furthers this worthy goal by stepping the reader through the development of a pure CSS template. As noted earlier, readers unfamiliar with CSS will most likely find this chapter quite daunting, if not disheartening. The book's overall tutorial approach kicks into full gear in the last three chapters, in which the author shows in great detail how to create Web sites for a school, a restaurant, and a blog site. This material could prove very helpful to readers who wish to review and put into practice the more theoretical ideas introduced in the earlier chapters.

In general, readers should be pleased with this book. Even though the author is clearly a fan of Joomla, and the tone of the book is positive, he does not hesitate to point out Joomla's flaws, such as the misleading name of a module type. This is rare among technical authors nowadays, and for this Barrie North should be commended. Yet it is odd that he does not mention the obvious misspelling, "Imagess," in Extensions > Module Manager > module > Other Parameters.

Sprinkled throughout all of the chapters, the reader will find short paragraphs, with a dark background, labeled "The Least You Need to Know." These summarize the preceding paragraphs. This could perhaps be justified after a significant number of paragraphs, but unfortunately they also appear after just a couple paragraphs, which makes these "LYNTK" boxes redundant and unnecessary. Even worse, every chapter ends with a summary, which further repeats the boxes' content. With the book nearing 500 pages, the chapter summaries and even the LYNTK boxes should be excised, to good effect. Also, most of the chapters contain at least one footnote, which are not located at the bottom of the page or collected in a special section at the end of the book (as is traditional), but instead listed at the end of the chapter. Such material should instead be integrated into the text, if it is important enough to be included in the book, or left out entirely.

The writing quality of the book is generally solid, and the writing style is straightforward and friendly. Yet it does contain some blemishes that should have been caught by the publisher's editors, e.g., multi-word adjectives missing hyphens; misuse of the terms "that" versus "who"; inconsistent use of lowercase and title case for Joomla roles, even in the same paragraph; the same inconsistency in menu names, such as in Chapter 4; and the inexcusable "try and explain" (should read "try to explain"; page 19, among others). Thankfully, the author intentionally leaves off the silly exclamation mark from the Joomla name, starting after the preface, for greater readability. The book contains some misspellings/errata, such as "eXtensible" (page 2), "Wordpress" (pages 7 and 8), "over writing" (page 22), "Cpanel" (pages 27 and 29), "php html" (page 148), "api" (page 150), "flash" (page 209), "sight" (should read "site"; page 221), and "add fee" (should read "ad fee"; page 225). The author incorrectly states that the acronym PHP stands for only "Hypertext Preprocessor," but it actually is now a recursive acronym of "PHP Hypertext Preprocessor."

Overall, the book's production quality is up to snuff. The book stays open fairly well, despite the absence of any special lay-flat binding. The pages were produced using recycled paper, which is always encouraging to see. Unfortunately, the pages are thinner than in any other technical book I have ever seen, thereby allowing the text on the other side of each page to show through. This exacerbates the aforementioned problem of the text within the figures being difficult to read. Moreover, all of the copies that I have seen have an unusual diagonal ridge along the bottom edge, suggesting that the page cutting machinery was malfunctioning -- at least for one batch of copies produced, and perhaps more. In addition, some of the pages have small ink blotches. At a list price of almost $45, the book might seem a bit pricey. But online bookstores are fully discounting it, such as Amazon.com's current price of under $30.

The book may have some minor weaknesses, noted above, but otherwise, Joomla! A User's Guide is a logically organized and potentially quite valuable resource for beginning and intermediate Joomla developers -- perhaps the best Joomla book currently available.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Joomla! A User's Guide from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Martinjak writes "Running Xen: A Hands-On Guide to the Art of Virtualization was published by Prentice Hall, and authored by Jeanna N. Matthews, Eli M. Dow, Todd Deshane, Wenjin Hu, Jeremy Bongio, Patrick F. Wilbur, and Brendan Johnson. The book, which will be referred to as simply Running Xen, was a great resource on Xen and virtualization from the administration side. A wide range of topics was covered from installing Xen all the way up to managing virtual resources, including migrating guest environments. Overall, the explanations were concise and understandable; while the information was presented in a straightforward manner. Running Xen was definitely a useful resource for administering systems with Xen." Keep reading for the rest of David's review. Running Xen: A Hands-On Guide to the Art of Virtualization author Jeanna N. Matthews, Eli M. Dow, Todd Deshane, Wenjin Hu, Jeremy Bongio, Patrick F. Wilbur, and Brendan Johnson pages 586 publisher Prentice Hall rating 9 reviewer David Martinjak ISBN 0132349663 summary A hands-on guide to virtualization with Xen The flow of the book was intuitive, and reasonable; this was especially valuable for discussing a newer technology where the terms could be confusing. Fortunately, the authors kept the language clear so that the reader easily could understand the subject of discussion. This unambiguous presentation of content was a welcomed feature.

Running Xen started with a thorough-enough explanation of virtualization. Several different approaches to virtualization were compared and contrasted, which should help the reader to understand where Xen resides in the whole domain. This first chapter was a great introduction as it provided just the right amount of information. At no point did I consider the explanations to be short or lacking; nor did I feel overloaded with details. The authors seemed adequately aware that the title of the book was Running Xen, and they stuck to that scope.

After the introduction, the book moved right into actually running Xen. This helped to keep the my attention on the subject, and tied back in to the proper flow of the material. At first, the chapter began with baby steps. It introduced the Xen LiveCD, and information on working within the Xen environment. Subsequent chapters moved into a more intermediate level of usage: installing Xen in a third-party distrobution, and running pre-built guest images. Popular third-party distrobutions such as Ubuntu, Gentoo, CentOS, and OpenSUSE were covered; and this section also included instructions for using compiled Xen binaries and building your own from source.

One of the topics I was most interested in was building a custom, minimal guest environment from a particular distro. Chapter 7, "Populating Guest Images", provided all of the information I was looking for along with some other interesting facts. The popular distros were covered again (Ubuntu, Gentoo, etc.), but this time a twist was added to the mix. "Populating Guest Images" started off with installing Windows XP in Xen. This was a complete surprise to me. If you prefer GNU/Linux on the server, but Windows XP on the desktop, and have been looking to consolidate with virtualization; this chapter is a must-read. The chapter also helped solidify the understanding of concepts presented earlier in the book. For example, the first chapter discussed two different types of guests: paravirtual (PV) and Hardware Virtual Machine (HVM). In "Populating Guest Images", the authors led the reader through building guests of each type. The process was presented in a logical fashion which was easy to follow, making the book that much more enjoyable.

Running Xen then moved on to putting the guests on the network. Chapter 10, "Network Configuration", covered several options for networking guest environments in Xen. It would be an understatement to say that this chapter was thorough. Overall, the authors did a great job explaining the differences between the networking options, and how to implement each one. Unfortunately the needs of the reader are variable, so this chapter overflowed with information. The upside was that readers with complex virtualized network segments will not be disappointed. The downside was that I, personally, only really needed a small percentage of the chapter's content. Therefore, much of the chapter was technically irrelevant to me individually.

There was one other unfortunate issue, which occurred in the next chapter. Chapter 11, "Securing a Xen System", contained syntax errors for iptables rules. Mainly one dash was used instead of two when specifying the destination port in some rules. For example, LISTING 11.10 displayed the syntax -dport which caused an error. However, the syntax was correct at other places in the book (LISTING 10.24, for example). Additionally, there was a problem on output formatting where the command prompt and output lines ran together in the print (LISTING 11.11). This could cause confusion for some readers intently following the text.

My only complaint with the book was that the chapter on network configuration seemed to be rather long. For a person working with Xen at a business level, especially mid-size to enterprise, this chapter provided an excellent amount of insight and information. But for the person at home building his/her own test server for simple purposes, much of the content in this chapter was overkill. Additionally the few syntax errors were eye-sores, but any person with iptables experience could easily identify and fix the problems. It is just in my opinion, a published book should be syntactically correct so that the reader is not presented with contradicting results; nor should the reader have to conduct additional searches to rectify mistakes from the book's pages. However, these items are minor and pale in comparison to the outstanding wealth of knowledge in the text.

This book is highly recommended for anyone interested in virtualization with Xen. In addition to the regular paperback, Running Xen is also available on Safari. The paperback additionally includes a coupon code for a 45-day pass to access the book via Safari online.

David Martinjak is a programmer, GNU/Linux addict, and the director of 2600 in Cincinnati, Ohio. He can be reached at david.martinjak@gmail.com.

You can purchase Running Xen: A Hands-On Guide to the Art of Virtualization from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Bryan writes "The number of moves necessary to solve an arbitrary Rubik's cube configuration has been cut down to 23 moves, according to an update on Tomas Rokicki's homepage (and here). As reported in March, Rokicki developed a very efficient strategy for studying cube solvability, which he used it to show that 25 moves are sufficient to solve any (solvable) Rubik's cube. Since then, he's upgraded from 8GB of memory and a Q6600 CPU, to the supercomputers at Sony Pictures Imageworks (his latest result was produced during idle-time between productions). Combined with some of Rokicki's earlier work, this new result implies that for any arbitrary cube configuration, a solution exists in either 21, 22, or 23 moves. This is in agreement with informal group-theoretic arguments (see Hofstadter 1996, ch. 14) suggesting that the necessary and sufficient number of moves should be in the low 20s. From the producers of Spiderman 3 and Surf's Up, we bring you: 2 steps closer to God's Algorithm!"

stoolpigeon writes "I remember the first time I saw a program I had written after the interface had been revamped by a designer. I had been pretty happy with what I had made. It worked very well and met the client's requirements. It was extremely functional and I thought it didn't look bad either. But when I saw the new interface, not functionally different, just so much better looking, I was really blown away. My application had gone from useful to cool. (That might be a slight exaggeration, it was still just a database app but it sure looked cool to me.) Since then I've learned to primarily leave the user interface work to the experts in that arena, and I stick to the getting the functionality in place. But sometimes I don't have the luxury of a design team at my disposal. Or when I do, I still need to be able to talk to them and discuss what is going on. I found Dr. Ji Young Park's new book "Visual Communication in Design" to be a friendly and accessible introductory primer in visual design." Read below for the rest of JR's review. Visual Communication in Digital Design author Dr. Ji Yong Park pages 218 publisher YoungJin.com Inc. rating 7 reviewer JR Peck ISBN 978-89-314-3434-7 summary A friendly & approachable guide to the art of visual communication. Dr. Park teaches on web design and interactive media at the Queensland University of Technology in Australia. His teaching background and interaction with students is a very strong part of the basis for this book. The book is designed to be studied sequentially. It deals with design theory and practice, moving from general topics towards the more specific. The information in 10 of the 12 chapters is accompanied by a "Design Studio" exercise for the reader to practice using the elements explained in the preceding chapter. Along with the examples in the chapters themselves, each design studio exercise provides examples of student work from exercises that followed the same guidelines as the one in the book. This means that this slender volume is full of white space, colors and illustrations. That may seem rather obvious, but it is important to note that the reader is not left to guess what the author means. There are always examples to show just what is being discussed. While there are not narrow definitions for right and wrong when it comes to the exercises, the examples do give a nice indication of what kind of work would be in the right direction.

Dr. Park takes the time to define the basic terminology of visual design. The first few chapters give a nice overview to the elements that make up graphic design and then the book delves more deeply into things like lines and colors finally moving towards typography and the considerations of print verses the web. Since I have no real formal education in graphic design myself, I took the book over to the graphic design team that works in my department. I asked them to look it over for accuracy and they said that it was somewhat basic content but accurate. That was what I needed to know. I didn't want to find myself in a discussion where a term like negative space was used, thinking that it meant something that it did not. The book deals with graphic arts in general, but as the title states, always brings it back around to a digital environment, primarily the web.

The sections that I found the most interesting, and that I will probably continue to visit, were those on layout design, how to impart motion and energy to still images and color. When I was a bachelor, I just bought my clothes to match what the mannequins were wearing at the store. Then I just always wore the same things together. Matching up colors and putting together good combinations is not my strong suit. I was able to learn a lot of handy rules of thumb and general principles as to how to use color. The ability to lay out the various elements and to present them in a balanced fashion is also key. This book provides me with a somewhat guided opportunity to keep working with these various elements and approaches to building interfaces that communicate with more than just plain text. This is exciting for me, especially when it comes to working on projects of my own. There are a lot of tools out there that will give a person a real jump on building a web app. The problem is, that the more popular solutions lead to hundreds or thousands of pages that all look pretty much the same. I feel like with some of the ideas and instruction from this book I have an opportunity to stand out, but not in a bad way.

The book does have one rather irksome shortcoming. There is no index. The table of contents does break things down to a very low level. Of course that does not put the contents into alphabetical order and so looking for a specific term leaves one to either flip through the book hoping, or to scan over the table of contents searching. This really limits the books use as a reference. It is much more a study guide due to that oversight. If it weren't for that I'd have seriously thought about rating the book 9 instead of 8.

The book is nicely printed, the 9.4x7.4 inch size is very easy to carry, keeps it slim, makes the pages large enough for the art and allows the book to lay open nicely without pages flipping over on their own. This is very useful for reading and trying things out at the same time. The treatment is broad and simple. I didn't want to get too deep, I just wanted to get me feet wet and gain a basic understanding of the issues involved in graphic design. The book does a great job of doing just that for the casual observer or beginner. It felt a little artsy and fuzzy at times, compared to what I normally read in technical books, but I guess that was the whole point.

Some of the observations that Dr. Park makes in regards to the associations that people make with certain colors, animals or other imagery are things that I think are pretty well known to be culturally subjective. For example when he states that "As bamboo is associated with moral uprightness and loftiness...", he is informing me of something that I did not know. I'm willing to guess that a lot of people don't know that and I don't think I would ever assume it in communication. But I think readers will be able to easily discern these types of observation and take to heart the underlying lesson of taking into account these types of associations in their target audience.

There are a lot of resources out there for learning how to create attractive and functional interfaces on the web and in other mediums. I think there is also ample evidence that a lot of people are creating applications that show a lack of research or understanding in this area. I think it would be well worth the time of any developer who is hoping to build that next great world-changing application to take the time to do some research and studying at the very least on the level that Visual Communication in Digital Design provides. Or, for those of us who are fortunate enough to have co-workers who have spent extensive time studying and practicing the art of visual design, this provides a nice guide to foster communication if you will. I feel like I can keep up better and stay involved in meetings, where in the past I would have just mentally checked out until things returned to my side of the court. If you feel less equipped than you ought to be in either case, this could be a simple way to gain a little understanding and ability.

You can purchase Visual Communication in Digital Design from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Joe Kauzlarich writes "Finally, someone has done us all the great service of publishing a book about the second most well-known compiler compiler, Terence Parr's Antlr, and it was written, moreover, by Parr himself and published as part of the somewhat-usually-reliable Pragmatic Bookshelf series. Take note, while it requires a JVM to run, Antlr is not just for Java developers; it generates compilers in Python, Ruby, C, C++, C# and Objective-C. Also note that this book is more than just an elaborated man-page; it is also an excellent introduction to the concepts of compiler and parser design." Keep reading for the rest of Joe's review. The Definitive ANTLR Reference author Terrance Parr pages 361 publisher Pragmatic Bookshelf rating 9 reviewer Joe Kauzlarich ISBN 978-0-9787392-5-6 summary introduction to parser/compiler design using ANTLR First off, I have no preference between Yacc-style parsers, JavaCC and Antlr; I've never used Yacc, have used JavaCC in college and have since played with Antlr and am just as ignorant in the use of them all. The fundamental difference is that Antlr is a top-down LL(*) (simply-put, variable-lookahead) parser generator while Yacc is a bottom-up LR parser generator. JavaCC is also top-down, but employs a different parsing strategy. The book describes the meanings of these terms in simple detail.

I happen to have learned in my experience that good documentation for any of these products is hard to come by and difficult to follow, simply because the subject matter is obtuse and few, until now, have ventured to write expository literature to explain the myriad concepts to the non-academician. Of the three mentioned above, Antlr appears to be the more 'modern' and can also generate lexers from within the same grammar definition file, so the notions are integrated. Antlr also has a useful IDE called AntlrWorks with visualization features, causing grammar construction to be far simpler for a beginner.

That said, I don't wish to use this review to push Antlr over its alternatives, but only to press the point that this book serves not only to introduce Antlr to the average programmer, but the concepts of parser design as well. The concepts become necessary to understand while writing and debugging grammars, as not everything written in Backus-Naur Form will produce a working parser, and this holds true for any parser generator. Learning what works and what doesn't, as well as what workarounds are available, is key to becoming proficient in Antlr, Yacc or JavaCC. Once proficiency is acheived, you'll have the valuable skill of producing domain-specific languages on demand.

Terence Parr, as mentioned before, is not only the author and maintainer of Antlr, but he wrote the book as well. Antlr is on its long-awaited third version and has been maintained by Parr throughout the project's lifetime. He is a university professor and himself developed the path-breaking LL(*) parsing strategy employed by Antlr.

Parr begins with a one chapter background in computer language design before diving into a simple example of a parser for basic integer expressions. Part II is the meat of the book, describing various aspects of writing grammars for Antlr. Generally speaking, he covers the basic semantics of grammar writing, the many optimization, supplementary and 'workaround' options provided by Antlr, grammar actions and attributes, syntax trees, error reporting and related practical topics.

The third part, Understanding Predicated LL(*) Grammars, is the valuable 'textbook' portion of the book. It gives readers a short and comprehensible introduction to exactly what predicated-LL(*) means as well as a look at how competing parser generators work in contrast.

Both of the second and third parts are scattered with theoretical tidbits to help language designers better understand why grammars must work as they do. Those who can't pick their nose without a rudimentary theoretical overview of the subject can enjoy a few casual browsings through the book before even sitting in front of a computer. It works *almost* that well as a textbook, though it still doesn't approach such classics as Aho, et al's, Compilers: Principles, Techniques, and Tools (if you want to get seriously involved in compiler design). Take it for what it is though, as a chance to learn a tool of possible value without having to dig through old mailing lists and last-minute README's on the one hand, as was much the case a year ago, and on the other hand, devoting pain-staking class and study time to a lot of theory you won't find of practical value.

So I'll recommend this book on the basis that there's nothing else like it available; and don't wait until a project comes along that requires knowledge of compiler design, because there's a heck of a learning curve (I'm still on the very low end and I wrote a compiler in college). If you think compiler or parser design is interesting or may conceivably write a domain-specific language for your workplace, the Definitive Antlr Reference is not only a good place to start, but one of the only places to start short of signing up for a university course.

You can purchase The Definitive ANTLR Reference from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Sean Cribbs writes "There are many beginning and advanced Ruby on Rails books available, from the authoritative Agile Web Development with Rails to the cookbook-style Rails Recipes. However, healthy guidance for intermediate-level developers is lacking at best. Ironically, this is the most crucial stage in the process of becoming proficient with Rails because one must begin to learn why, not just how. Eldon Alameda's Practical Rails Projects effectively fills that gap. I know Alameda from our local Ruby User Group and spoke with him frequently while he wrote this book. His expertise with Rails definitely shines through in the hefty 621-page volume." Keep reading for the rest of Sean's review. Practical Rails Projects author Eldon Alameda pages 621 publisher Apress rating 8/10 reviewer Sean Cribbs ISBN 978-1-59059-781-1 summary A strong book for the intermediate Rails developer Practical Rails Projects has a unique and effective approach. Instead of spoon-feeding contrived code snippets, Alameda teaches by example, leading the reader step-by-step through the design, creation, enhancement, and analysis of several full-fledged projects. Each project introduces new techniques to the intermediate Rails developer carefully and with plenty of explanation — from caching to generating graphs to RESTful application design and much more. Rather than regurgitating documentation that is occasionally unclear or misleading, each application begins with a clean Rails project and is built up step-by-step with detailed commentary on how and why each step is taken. Alameda's format reflects the reality that real-life projects never have a straight development path; at each step one must make tough decisions, watch for pitfalls and take risks. There are no leaps-of-faith or "just trust me" moments, everything is explained. In the final chapter of each project, Alameda also suggests ways that the project could be improved and how to apply the newly learned techniques to previous projects in the book.

The text is clear and uncomplicated with an approachable style. Projects even makes Rails' least fun framework, ActionWebService (which helps you create SOAP and XML-RPC services), easy to understand. While there are some glaring proofing mistakes, such as "Ruby" uncapitalized and some malformed URLs to external resources, the code snippets are practically error-free and all source and binary resources are available via the Apress website.

One controversial decision made by Alameda was to use the ExtJS Javascript library extensively in one project to build an administration interface for a legacy site. ExtJS is a powerful high-level library that simplifies the creation of desktop-like interfaces in the web browser. Instead of spending a lot of time hand-crafting HTML/ERb templates and CSS, Alameda quickly creates an interface in ExtJS and uses Rails to generate XML and JSON that drives the almost entirely client-side application. While some may find this outside the spectrum of what should be in a Rails book, many developers are now creating their interfaces in Flex, SilverLight, and other client-side technologies. With the recent official release of ActiveResource, I believe we will see more web-service-focused Rails applications as time goes on. Alameda's choice is also practical; with a small number of users having access to the interface, he can place greater requirements on them in order to deliver the application more quickly.

Overall, I believe Practical Rails Projects is a strong book for the intermediate Rails developer. It provides an introduction to more advanced concepts of the framework without being preachy or obtuse. It lacks any discussion of test- or behavior-driven development with Rails, but the breadth and depth of the topics it covers makes up for this weakness. Like any book that covers a rapidly-changing open-source project like Ruby on Rails, Projects will date quickly, but in the near-term it should be of great help to developers looking to gain constructive experience.

You can purchase Practical Rails Projects from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

dinotrac writes "Somebody special is coming over for dinner. You're not a chef, but you can cook well enough to get by, so you grab your best cookbook and get to work. That's the idea behind O'Reilly's Linux Networking Cookbook, by Carla Schroder. Carla has gathered a group of networking recipes that a reasonably Linux-savvy reader can use to address network needs like a seasoned sysadmin. If you want to find out how to hook your Linux workstation to a LAN, get another book. If you are reasonably comfortable with Linux, need to set up an LDAP server, configure single sign-on with Samba for a mixed Linux/Windows LAN, set up a VPN, or troubleshoot network problems without some uppity online geek telling you to RTFM, this book may be what you're looking for." Read below for the rest of Dean's review. Linux Networking Cookbook author Carla Schroder pages 638 publisher O'Reilly rating 9 reviewer Dean R. Pannell ISBN 0596102488 summary The perfect tool when you need to be a network sysadmin but aren't One of the great strengths and weaknesses of Linux is that everything you could possibly need to know is already on your computer in the form of man pages, or out on the internet in newsgroups, forums, or a massive autumn's leaf-pile of how-tos. Finding what you need in a form that you can use is sometimes a bigger problem than the problem you're trying to solve.

The Linux Networking Cookbook improves on that situation in a couple of ways. First is the author herself. Carla is an experienced System Administrator and a good technical writer. She was one of the early Linuxchix, and has spent years mentoring and otherwise helping new and experienced Linux folk through their assorted dilemmas. The result is a friendly and direct, information-packed and ego-free writing style. Unlike the typical how-to that provides a list of steps that have worked for the author, Carla's discussions fill in the blanks and tell you why she takes the steps that she does.

The Cookbook is organized into an introduction followed by 18 chapters that are complete stand-alone solutions to specific problems.

The obligatory introduction is short and is not required by any of the solutions in the book, but it's worth reading. Its' eleven pages read quickly, but contain, among other things, a good explanation of the difference between bandwidth and latency and a decent overview of the whys and whens of linux-based computers as routers versus mid-range and high-end commercial routers.

Each chapter begins with an introduction of the overall topic, Routing with Linux, for example, followed by a series of short recipes organized as problem-solution-discussion. This format is convenient for diving right into work and takes advantage Carla's mentoring talents.

One problem facing any writer of Linux books is the sheer number of Linux distributions, many of which have their own distinct ways of doing things. The Linux Networking Cookbook provides solutions for both Debian and Fedora Linux. It's an excellent choice when you consider that most Linuxes derive from one of those two bases, including all of the *buntus, Knoppix, Mandriva, PCLinuxOS, CentOS, and many more. The recipes employ generic tools, which makes them easier to transport across distributions, even the SuSEs, which are based on neither Debian nor Red Hat.

For example, before obtaining The Cookbook, I needed to create a self-signed SSL certificate for a PostgreSQL server on an Ubuntu server. I'd done it a few times, but not enough to remember, so I went off to the net. The Ubuntu-themed How-To I found relied on a script called apache2-ssl-certificate. An apache script didn't bother me because I could move the pieces when I was done, or just break open the script and make it do what I wanted done. Ubuntu Feisty, however, had managed to leave the script out of the distribution, so I had to go back to the net to find an alternative approach.

Had I used The Cookboock, my task would have been simpler, though not quite as easy as it should be. Inexplicably for a book that includes network security and SSL-based VPNs, there is no entry for SSL Certificate in the index. A browse through the table of contents turns up a couple of recipes for Creating SSL-Keys for a Syslog-ng Server: one for Debian and one for Fedora. Fortunately, the Table of Contents is short and can be browsed completely in seconds, because those recipes are in the Troubleshooting Networks chapter, which is not intuitively obvious. They appear in that chapter because it contains the recipes for network monitoring, which includes installation of Syslog-ng.

The recipe itself is suitably generic, using the CA.sh script, which is part of openssl, and openssl itself to generate keys and certificates. A quick check of my Ubuntu servers, my Fedora VPS server, and my OpenSuSE workstation found CA.sh on all of them.

My OpenSuSE machine did throw one small curve:

CA.sh on my openSUSE box was located in /usr/lib/ssl/misc, as on the other boxes. However, the book tells us that CA.sh, and a moderately competent Linux user is likely to know that rpm -ql openssl will list all of the files in the openssl package or that rpm-ql openssl | grep CA.sh will spit out the location of the script.

Given the variety of Linux distributions, it is hard to imagine a better approach to take.

The Glossary of Networking Terms in Appendix B deserves special mention. Each term is explained in plain but precise language that goes beyond the cursory definitions so common in glossaries. For example, the explanation for WEP notes that it is very weak protection and urges the reader to use WPA/WPA2 instead.

Sometimes, the extra information can soften a definition's focus, but, overall, the glossary is an outstanding tool for anyone who doesn't spend his or her time knee-deep in subnet definitions, routers, and tcp dumps. The same is true of the book.

As is usual for O'Reilly, updates, errata, and scripts from the book are available on the web.

You can purchase Linux Networking Cookbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Web developers are oftentimes under pressure to build attractive sites as quickly as possible, and thus they are increasingly making use of content management systems (CMSs), which offer most of the functionality typically needed in a site, such as user authentication, site-wide styling, and of course managing content contributed by site owners and users. Joomla is an extremely popular and heavily-used CMS, partly because it is one of the easiest to install, configure, and use as a starting point for a new site. But with all CMSs, Joomla's online documentation and forums can prove frustrating to the new developer. Books such as the recently published Building Websites with Joomla! 1.5 are intended to fill that gap." Keep reading for the rest of Michael's review. Building Websites with Joomla! 1.5 author Hagen Graf pages 384 publisher Packt Publishing rating 7/10 reviewer Michael J. Ross ISBN 184719530X summary An introductory-level guide to the latest version of Joomla. Written by Hagen Graf, with a guest chapter by Angie Radtke, Building Websites with Joomla! 1.5 was published on 28 March 2008 by Packt Publishing, under the ISBNs 184719530X and 978-1847195302. It is an update of his earlier book, Building Websites with Joomla! v1.0, put out by the same publisher. Like the previous edition, this latest one is aimed at beginning and intermediate Web developers who wish to learn how to make the most of Joomla for building new sites or maintaining existing ones that they have inherited.

The author has organized the book's material into 17 chapters and seven appendices, covering the major topics of interest to Joomla developers: terms, concepts, and sample sites; Joomla installation; a site's major elements; customization of language, and by templates; the administrative interface; the primary menus (Site, Menus, Content, Components, and Extensions); some commonly used tools; some popular extensions; writing templates; accessibility; MVC, components, modules, and plug-ins; building a sample site; and analysis of some bonus templates. The book's 384 pages conclude with a rather sparse index.

On the publisher's Web page, visitors can read more about the book, download the sample code, post feedback or a question, read the online table of contents, and download a sample chapter, namely, the second one in the book, on Joomla installation. The publishers also make it possible to purchase an electronic version of the book, which could be especially handy for any reader who would like to reference the book while working off-site, and without lugging the print version along with their laptop.

The publisher's site characterizes it as a "fast paced tutorial," but the book gets off to a slow start, on a micro level and on a macro level. The first eight paragraphs are devoted to explaining the concept of a content management system, and its variations, which is essentially a waste of space for the typical reader of such a book. Any developer interested in reading a Joomla book certainly does not need such a lengthy explication. If the purpose is to enlighten people unfamiliar with how Web applications work, then more care should be devoted to clarifying phrases that would confuse such neophytes, such as "the net." In fact, most of the introductory material could be excised or summarized. In addition, Mac users will not be pleased with the PC centricity, unremedied until Chapter 2. The first chapter later bogs down in a wearisome comparison of a Web site with a piece of real estate. Throughout the chapter, the level of discussion alternates between quite simplistic — presumably for the complete neophyte — to intermediate. It is as if the author realizes that there is a tremendous amount of material to cover, and thus needs to move along at a decent pace — one that can be comprehensible to intermediate programmers — and yet occasionally interjects overly simple material, in the hopes of not leaving behind the newbies. Overall, it doesn't work, and the chapter in particular, and the book in general, should instead target Web developers who have some experience with CMSs, or at least basic Web site creation.

The second chapter explains what underlying technologies are needed in conjunction with Joomla, and how to install them for testing. Readers should note that page 31 may give the impression that XAMPP is the only available package that includes Apache, MySQL, and PHP — but it is not. The third chapter provides a nice overview of the various major components on the homepage of a brand new Joomla site. One minor flaw is in the image on page 52, in which the "Resources" menu should be placed above the "Key Concepts" menu, as seen on page 54 and as seen by the reader if they are following along using their own Joomla installation (a practice highly recommended by both the book's author and this author).

Chapter 4 demonstrates how to install a different language for the public site and the administrator site — in this case, German. Readers whose primary or only language is English may be confused as to why the author begins the detailed Joomla coverage with this more specialized topic, rather than starting with the material found at the beginning of the next chapter. It is possible that the author concluded that the rest of the reading audience would want to first install the language module for their primary language, which makes sense. On page 68, the author refers to the template named Kepri as "previously introduced," but I can't find where this was done, and the index is of no help (it does not even have a section for the letter K). Far more confusing, and irritating, is when authors make reference to some file that the reader cannot find. For example, Hagen Graf instructs the reader to "download the language files from the German translation team's website." Sure, but where? Four pages later, we are told to upload tmpl_bertrand.zip, but not where to find the file. It turns out that it is in 5302_Code/chapter 16/, in the downloadable sample code from the publisher's site.

The fifth chapter is almost as short as the fourth one, and briefly describes the configuration of the Joomla administration site. The author recommends that readers still using Internet Explorer switch over to Mozilla Firefox (amen), yet oddly describes Firefox as two different browsers. There are some other minor flaws: The list of 17 toolbar elements, on page 72, would be more efficient if it were alphabetized. The second illustration on page 73 supposedly shows the results of filtering for enabled modules only, and yet the drop-down menu does not reflect that. The version numbers stated in the text on page 77, do not match those shown in the illustration on that page. Yet none of these blemishes lessen the value of the material.

Chapter 6 covers the Site menu, whose components can be accessed directly from the menu items or from icons on the Control Panel page. The author asserts that the icons allow faster access, but actually the menu items are more direct. The chapter is informative, and would be more so if the author explained what is really happening with — and how to utilize — debug messages ("Debug Language").

Chapters 7 through 10 go into the details of the Menus, Content, Components, and Extensions menus. Most of the explanations are straightforward, except that on page 143, whose third paragraph is downright baffling; also, the "Default Section Layout" and "Archive Blog" display formats mentioned are not available or even shown in the illustration on the previous page. On the first page of the seventh chapter, the author begins to introduce "an example from joomlart.com," but apparently forgot to include the example itself. Also, in the discussion of "Parameters — Component," the last two options — Target and Icon — were neglected.

Chapter 11 briefly describes three of the built-in tools, and Chapter 12 shows the reader how to install some popular extensions for customizable message boards, document management, and image galleries. The coverage of the extensions is enough to get the reader started, but the author really should explain why the reader would need to reboot their computer after installing Fireboard (page 203), or even restart the Apache server, if that is what the author meant.

With Chapters 13 through 15, Hagen Graf shifts to Joomla topics that would be of most interest to veteran Web programmers: how to develop your own templates, components, modules, and plug-ins. Sadly, at this critical juncture, the narrative and sample code become noticeably more muddled and confusing than what is found in the earlier chapters (which mostly consist of explaining the individual controls within Joomla's administrative area, and are thus easier to get right). For instance, to readers unfamiliar with div tags (likely a minority), the author recommends "selfhtml," without explaining what or where it is; presumably it is the German site SELFHTML, which is of no value to the English language readers of this book. Further on, the template provided in the downloadable code styles one's Joomla site as if no template were even in use, and not like the preview thumbnail image. The author's reference on page 229 to "one command" is baffling, and the publisher's left-justification of all the CSS rules makes the template's CSS even less readable. By the time readers reach the section titled "Integration of the Joomla! Module," they may be quite frustrated, and asking themselves, "What Joomla module?!" — despite the author's self-congratulatory comment "this has worked so well."

Chapter 14 was written by Angie Radtke, co-creator of the increasingly popular Beez template, which offers a lot more flexibility than most if not all other Joomla templates. She discusses Web accessibility ("barrier freedom") in general, and as implemented in particular by her template. The general discussion would be of interest to anyone unfamiliar with how to make Web sites more accessible, and is more thorough than what is found in some other Web design books. The template discussion would primarily be valuable to anyone developing a new template — especially one based upon Beez — and who is otherwise not aware of accessibility considerations. However, in any future editions, the HTML and CSS code should certainly be formatted better. For more advanced Joomla developers, Chapter 15 may be the most compelling one of all, because it describes how to create your own components, modules, and plug-ins — starting with an overview of the Model-View-Controller (MVC) design pattern.

In the penultimate chapter, the author steps through the process of setting up a simple Web site (in this case, for a winery). Working through the example will help readers solidify the knowledge they gained in the earlier chapters. It would also be handy for someone proficient with CMSs who simply wants to try Joomla in the least amount of time — somewhat like a quick-start guide. The book states that Joomla does not have an e-commerce shop component. Presumably the author is referring to the fact that, at the time of his book's writing, VirtueMart did not yet support Joomla 1.5; the latest release apparently does. Lastly, much of the vintner story is superfluous and could be condensed or cut. The last chapter briefly discusses a number of available templates. The book concludes with seven appendices, most quite brief: online resources; jdoc details; two methods for changing a template logo; a link to the Joomla API; how to reset the admin password; how to migrate a Joomla version 1.0 site to 1.5; the PHP register_globals setting apropos of Joomla security.

Like so many technical books, this one certainly has its noticeable strengths and weaknesses. The author's high regard for Joomla, as well as his extensive experience with it, is truly evident throughout his book. Also, he does touch upon all the major areas that would be of interest to the Joomla programmer.

However, the book's writing could be cleaned up and clarified a great deal. It could certainly use a lot more well-placed commas to increase readability — especially for the many run-on sentences — and far fewer exclamation marks. On a larger scale, the chapter summaries add no value and should be cut. The book contains many compound adjectives lacking hyphens, just as there are a few complete statements incorrectly separated by commas and not semicolons. Many of the expressions are rather odd and puzzling; for instance, "graphic scripts" (page 250), "easiest solution nothing shifts" (page 258), and "barrier freedom" instead of the much more universal term "accessibility." Non-German readers may be turned off by the book's German centricity. Furthermore, readers don't need to be told, twice, that the German translations were done by the German translation team. The book contains at least 49 errata (which I have reported to the publisher). These do not include countless instances of the term "that" being used incorrectly in place of "who," by both the primary and guest authors. Given the considerable number of errors, the reader may begin to wonder whether the book was edited prior to production.

The book falters most when it veers away from Joomla administration toward marketing and business topics. For instance, eBay is characterized as a "flea market" (page 55), but it is more of an online auction. On the same page, the discussion on advertising, frozen spinach, etc., adds no value to the book, could easily puzzle readers, and is somewhat disjointed from the topic at hand — contradicting the author's assertion that the book is cohesive (same page). Overall, the book could use a fair amount of trimming.

In terms of the book's production, the quality is fine, but Packt Publishing is the only technical publisher that I know of that insists upon using a glossy ink, which makes the book's pages somewhat difficult to read depending upon the angle of one's reading light as it bounces off the page. Also, whoever set the text on the pages should have refrained from removing most of the indentation from the code.

From an editing perspective, Building Websites with Joomla! 1.5 is in need of considerable improvement — especially those passages that will prove most confusing to readers. But from a technical perspective, the book offers a lot of valuable information to new Joomla developers, and could easily become the preferred resource that they turn to when building their first Joomla Web sites.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Building Websites with Joomla! 1.5 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "As we all learned in English class, there are three points of view one can employ when writing: first person ("I learned"), second person ("You learned"), and third person ("He learned"). You are about to read a review of Second Person: Role-Playing and Story in Games and Playable Media, a book that addresses the use of second-person narration in games and related media. You are also likely to be eaten by a Grue." Read below for the rest of Michael's review. Second Person: Role-Playing and Story in Games and Playable Media author Pat Harrigan and Noah Wardrip-Fruin (Editors) pages 426 publisher MIT Press rating 9 reviewer Michael Fiegel ISBN 0262083566 summary An exploration of the "You" in RPGs and Interactive Fiction As Wikipedia helpfully points out, the second-person POV is not common in literary fiction, but it is fairly common in other forms of media, including the subject of this book; namely, interactive fiction (IF), role-playing games (RPGs) and other game-related fictions where the "reader" is generally an active participant in the story, either literally or virtually.

To that end, co-editors Pat Harrigan and Noah Wardrip-Fruin have collected 47 essays on various topics related to the second-person, dividing the lot up into three sections covering "Tabletop Systems," "Computational Fictions," and "Real Worlds" (the latter somewhat of a misnomer, as you will soon see). The essays range in tone from highly informal to quite technical, from practical to theoretical, and (in the tradition of old Infocom games) from terse to verbose, the sole uniting theme being the focus on You.

Section One, "Tabletop Systems," contains 15 essays devoted to a discussion of traditional, old-school RPGs, including standout bits penned by the likes of Greg Costikyan, George R. R. Martin, Erik Mona and Ken Hite. It's the most accessible part of the book, and without a doubt my favorite.

Costikyan's "Games, Storytelling, and Breaking the String," starts out with a discussion of the early days of the pen-and-paper industry and their influence on interactive fiction, and moves all the way to MMOs and the current indie RPG movement, spending some time on Paul Czege's My Life with Master. It provides a good overview of the IF industry in its entirety, and might have fit better as a sort of "meta-essay", but still works here as a good introduction and exploration of many of the issues surrounding game narrative, player freedom and IF in general.

Erik Mona and Ken Hite's pieces are more on target. Mona's "From the Basement to the Basic Set: The Early Years of Dungeons & Dragons takes D&D up to the late 70s just before it split into D&D and AD&D, providing an interesting historical perspective on the Gygax-Arneson years. Hite's "Narrative Structure and Creative Tension in Call of Cthulhu talks about the evolution of language within various editions of the CoC RPG, as well as the standardized form of their adventures, and how these things serve to create a narrative tension that has helped the game survive and prosper.

One essay worth mentioning for its terseness is Jonathan Tweet's essay on character creation in Everway, barely managing two pages, and then only by the addition of four pieces of artwork. Another oddity is Rebecca Borgstrom's "Structure and Meaning in Role-Playing Game Design", which addresses Exalted's story structure; the piece is filled with numerous subheadings and language that occasionally makes it read like an outline or a proposal, rather than a finished piece (e.g., repeated references to "this chapter" such as "This chapter views gaming as a computational process."). Both pieces are written well and cover interesting material, but feel unfinished in their own ways.

Other essays in this first section discuss the World of Darkness and the Storyteller system, storytelling and collectible card games (in particular, A Game of Thrones and Call of Cthulhu), Arkham Horror, Mystery of the Abbey, George R. R. Martin's Wild Cards books, and the gamebook On Life's Lottery. Not discussed, and notable by their absence: Steve Jackson Games, and any edition of Dungeons & Dragons after 1980.

Section Two, "Computational Fictions," is comprised of 17 essays by authors including Jordan Mechner, Chris Crawford, Michael Mateas and Andrew Stern. The material here is somewhat denser and more technical, but aside from some linguistic stumbling blocks it's also filled with excellent insights.

Mechner's essay on Prince of Persia: The Sands of Time opens things up with an excellent look at the making of a video game: rules, some broken; discussion of how dialogue works within the context of a game; even a sample from a dialogue spreadsheet that shows why screenplay format is inappropriate.

Somewhat crunchier are essays by Chris Crawford ("Deikto: A Language for Interactive Storytelling") and D. Fox Harrell ("GRIOT's Tales of Haints and Seraphs: A Computational Narrative Generation System"). The former discusses Crawford's early attempt to draft something akin to a programming language for IF, complete with flowchart diagrams and pidgin-sounding syntax, such as "Mom command Billy that Billy not go to lake." Harrell's essay likewise talks about "developing computational techniques for representing an author's intended subjective meaning and expression." Yikes.

The longest piece, "Writing Facade: A Case in Procedural Authorship" by Michael Mateas and Andrew Stern, discusses Facade, a game wherein the player can either break up or save the marriage of a digital couple. Ample screenshots and samples from the game accompany an explanation of the situation as it unfolds, with later discussion of the procedural architecture and subsystems behind the game. It's an excellent piece that nicely ties together what a player sees with what a developer has to deal with.

Aside from the generally less accessible language, the section's only major flaws are that the essays from Steve Meretzky (on Floyd from Planetfall) and Lee Sheldon (on the computer adaptation of And Then There Were None) are rather terse considering the rich subject matter. Surely Floyd and Agatha Christie deserve more than a couple of pages a piece.

Other games discussed in this section include the Flash storytelling game Solitaire, Book and Volume, Shade, Savior-Faire, the somewhat surreal art piece Pax, the hypermedia Magritte-esque work The Brotherhood of Bent Billiard, the cinematic Mission to Earth, the audiovisual hypertext Juvenate, Twelve Easy Lessons to Better Time Travel, The Breakup Conversation and the multiplayer IF The Archer's Flight.

The third and penultimate section, "Real Worlds", focuses on shared, IF experiences, the unifying factor being a persistence that runs counter to the transience experienced in both weekly RPG sessions and most computer games. Despite the section title, virtual worlds and MMOs are also discussed here by the likes of essayists including John Tynes, Ian Bogost and Gonzalo Frasca. For the most part the material is engaging and interesting, if a bit esoteric at times.

John Tynes' "Prismatic Play: Games as Windows on the Real World" explores escapism and engagism in games as diverse as D&D, Millennium's End and his own Unknown Armies, concluding that engagist works are those that expand our knowledge through immersion in real world ideas and cultures as opposed to escapist frolicking in EDO (Elf-Dwarf-Orc) fantasy games. As an interesting not-quite-counterpoint, Sean Thorne covers John Tynes' Puppetland in the next essay, and discusses how he incorporated the rather escapist game into a writing curriculum for his eleven-year-old students.

Ian Bogost and Gonzalo Frasca include an essay titled "Video Games Go to Washington: The Story Behind the Howard Dean for Iowa Game," which is about as self-explanatory as a title gets. The duo discuss the launch of the game in December of 2003, development challenges and time constraints, demographics and politics, and provide an excellent post-mortem on the game and its effects (or lack thereof) on Dean's campaign.

Several chapters in a row delve into fantasy MMOs, including World of Warcraft. Torill Elvira Mortensen's "Me, the Other" talks about role-playing in MMOs, the difference between IC and OOC and the controversy of role-playing (which seems somewhat anachronistic; aren't people more worried about GTA than D&D nowadays?). Jill Walker's essay covers Quests in World of Warcraft, and how they introduce and support the overall storyline. Celia Pierce and her alter-ego Artmesia discuss(es) social identity and persistence in exploring the case of Uru: Ages Beyond Myst, an MMO that, when it shut down, caused its player base to propagate to other MMOs such as Second Life and There to keep the community alive.

The one odd bit here is a chapter on Santaman's Harvest by Adrine Jenik, an exploration of a digital performance piece from Desktop Theater that includes more sidebar than text as it reprints dialogue from the play ("sman:: Think Big; farmer #1: Big?").

Other essays discuss the use of role-play in prepping political canvassers, Nick Fortgno's A Measure for Marriage LARP, the evidently crass unexceptional.net ("Guy playing with himself," reads a part of one caption), the Boston-based Itinerant, the I Love Bees ARG, the basic rules of Improv Theater, the interactive play Adventures in Mating, and the collaborative work Eliza Redux, "an interactive telerobotic work couched in a virtual graphical representation of a psychoanalyst's workplace" as well as a revisitation of the Eliza program.

The book's rather sizable Appendix includes three playable tabletop RPGs: Puppetland by John Tynes, wherein players take the roles of puppets; Bestial Acts by Greg Costikyan, which is based on the dramatic theories and aesthetic of Bertolt Brecht; and The Extraordinary Adventures of Baron Munchausen by James Wallis, a tale-telling game written from the first person perspective of the Baron himself. This is followed by biographies of the contributing authors and a helpful index, always a good thing to see in a book of this size and density.

As is often the case, the book's back cover copy is at best misleading; though terse, it manages inaccuracy in saying that the book features "three complete tabletop role-playing games." However, Costikyan's "Designer's Note" for Bestial Acts on page 357 explicitly says "I've never bothered to finish writing up acts II and III." Not quite complete, then. The same error is reprinted on the front flap; a minor gaffe, but noticeable in a book with few other notable flaws save a few silly typos in obvious charts and tables: "Challange" instead of "Challenge", "real-rime" instead of "real-time." But this is nitpicking. As a whole the book is well-edited, well-laid out and amply illustrated to boot, with over 200 images; would that they were in color.

My only real complaint is not with anything in the book, but with the underlying assumption — prevalent in many places, touched upon here in the jacket copy, and assumed to some degree in many of the essays — that the gaming industry is still an "emerging field" that needs to prove its own maturity. While it might be true that not much in the way of academic discussion exists when it comes to games, it still seems all too comfortable to continue hiding in the soft golden field of "emerging." How much longer can the industry (of which I consider myself a part) continue to use that word?

Consider television in the '50s after it got through its own period of emergence and acceptance: shows like Candid Camera, Arthur Godfrey's Talent Scouts and Break the Bank were on the air. And 60 years later, what do we have? Shows like America's Funniest Home Videos, American Idol and Deal or No Deal. Meet the new boss, same as the old boss. Pick any medium and you'll find much the same — for every Citizen Kane there will be a dozen Scary Movies; for every Empire Falls there will be fifty Da Vinci Codes.

Pong was emerging; Zork was emerging. We are no longer emerging — we have emerged. Sure, we have quests in World of Warcraft where you have to collect poop, but we also have Portal; we have the Hot Coffee mod in GTA: San Andreas, but we also have a Dystopian Objectivist narrative in Bioshock.

The 47 essays and 3 games in this excellent book show us where we've been, where we are, and where we're headed when it comes to role-playing games and interactive fiction. That's 50 pieces of evidence to prove the case that gaming is as deserving of attention, acclaim and criticism as any other medium. As an industry, we've been emerging for 35 years now; by my reckoning, that puts us squarely into adulthood. Let's start acting like it.

You can purchase Second Person: Role-Playing and Story in Games and Playable Media from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "For creating Web sites, developers are increasingly making use of content management systems (CMSs), any of which can provide the framework for a new site. But just as there are many similarities among all the leading CMSs, there are some significant differences, such as how easy they are to install, administer, and build upon, for creating new sites. If developer loyalty is any measure of the present and future success of a CMS, then Drupal should be considered a standout among other CMSs. For instance, its online documentation alone is often cited as a distinguishing advantage. But most developers would prefer learning Drupal from a book, such as Building Powerful and Robust Websites With Drupal 6, by David Mercer." Keep reading below for the rest of Michael's review. Building Powerful and Robust Websites With Drupal 6 author David Mercer pages 380 publisher Packt Publishing rating 8/10 reviewer Michael J. Ross ISBN 1847192971 summary A comprehensive, readable, and upbeat guide to Drupal 6. This particular book was published on 1 February 2008, under the ISBNs 1847192971 and 978-1847192974. It is one of the latest titles from Packt Publishing, a relatively new technical publishing firm that is nonetheless gaining a reputation for its support of the open source software movement, including open source CMSs such as Drupal and Joomla. The firm's "about us" page notes that, with the purchase of every book that covers an open source technology, they pay a royalty to that open source project. A recent article on the Drupal Web site states that the company has raised more than $100,000 through these open source royalties.

In his book's "About the Author" section, David Mercer mentions that this title is a follow-up to a first edition of the book, even though the publication information that follows the title page, mentions nothing about this being a second edition. Most likely he is referring to his 2006 book titled Drupal: Creating Blogs, Forums, Portals, and Community Websites, which covered Drupal version 4.7.

The publisher makes available a Web page devoted to the book, where readers can download the sample code, submit feedback, post a question about the book, read an online excerpt, and obtain a sample chapter, on "Advanced Content," as a PDF file. Readers can also purchase the electronic version of the book, which contains everything found in the print version. For any programmer who plans on developing Drupal sites on a laptop, while away from their home or office technical library, the e-book version could prove especially valuable and convenient.

Building Powerful and Robust Websites With Drupal 6 aims to cover all the major aspects of using Drupal, and is targeted at Drupal beginners, though the author does state in the preface that the book's broad coverage may be helpful to intermediate users. The information spans 380 pages, and is organized into 10 chapters and one appendix, covering: an introduction to Drupal, installation, modules and blocks, site configuration, user access control, creating content, advanced content, themes, advanced features, site management, and site deployment.

The first chapter serves as an introduction to Drupal, and explains the purpose of CMSs, the advantages of Drupal and other open source software, a brief history of Drupal, what Drupal offers to the site developer, and the many types of sites that can be built. The author discusses the reasons for keeping an unfinished site unavailable to visitors, the purpose of a placeholder page, and the importance of planning the intended site ahead of time. Especially useful to the beginner is the second half of the chapter, which discusses the support information available on the Drupal Web site, such as the well-regarded Handbook in the forums. The chapter concludes with a summary that, like all the others in the book, adds no value and could be cut, to make the book more concise. Newcomers to programming in general, and Drupal in particular, may find this chapter to be quite worthwhile; but experienced Drupal developers can skip it.

To the uninitiated, installing a substantial piece of software and getting it running, is usually the first hurdle, and sometimes the most difficult. Chapter 2 explains how to obtain and install Apache, PHP, and MySQL — in the form of Apache2Triad. This is preceded by a brief overview of the underlying needed technologies, which would be helpful to someone unfamiliar with them. However, the diagram on page 33 could certainly use better labeling of the inner components. Also, on page 47, the reader is instructed to look for the file php.ini in "C:\windows"; that may be the case for users of Apache2Triad, but for everyone else, the PHP configuration file is by default located in the PHP root directory. Nevertheless, the chapter explains not only the (relatively few) steps involved in installing Drupal on a Windows server, but also explains how to troubleshoot some of the more common problems that can be encountered. It concludes with an overview of the administration area, and how to create a simple homepage. The author provides the URL that a reader can use in case they accidentally disable user login (including admin login); but the URL (.../user/login) would only work if the reader succeeded in enabling clean URLs.

The critical topics of modules, blocks, menus, and links, are discussed in the third chapter, titled "Basic Functionality." It covers how to enable and configure modules, and how to find and install third-party modules. Three commonly used modules — Forum, Comments, and Search — are examined in detail, as is a third-party module that implements DHTML menus. They are put to use in constructing the sample Web site used throughout the book for illustrative purposes. The chapter's material is comprehensible, but the discussion of primary and secondary links, at the end, could certainly use clarification.

Chapter 4 is straightforward, and covers the fundamentals of site configuration. The author discusses clean URLs, error reporting, file uploading, system event logging and reports, high-level site information, and site maintenance. The subsequent chapter addresses the powerful functionality within Drupal for allowing site administrators to control user access to content — utilizing roles, permissions, users, registration, and access rules. It is a valuable discussion, marred only by a subpar illustration at the beginning (on page 117), and, at the end, the absence of a clear explanation as to the application of host type access rules.

All of the aforementioned topics would be of little value in a site that had no content, and in Chapters 6 and 7, David Mercer discusses simple and advanced content, respectively. The former chapter covers the various types of content, how to work with them, and how to administer content — with particular emphasis on two of the modules that are most applicable to content: Aggregator and Book. The illustration on page 152 does not include the "language" filter criterion mentioned on the next page. The biggest improvement that could be made to this chapter, would be for the author to more frequently specify how in the Drupal menu system the reader can go to the administrative section under discussion — similar to site breadcrumbs. Currently, the reader has to skip back, sometimes several pages, just to discover the steps needed to go to the specific Drupal section. In the subsequent chapter, the author explores taxonomy, the Content Construction Kit (CCK), and handling content posting using HTML and PHP. But the illustration on page 216 is missing the URL filter; the multi-page summary of HTML should be replaced with a few references to quality online HTML guides; the initial HTML code on page 227 is missing from the screenshot; and the image file path on page 228 should not have the localhost hardcoded.

Chapter 8 discusses Drupal's user interface and themes, at some length — in fact, too much length, as this is some of the book's most long-winded material. The CSS review section could be replaced with a few well-chosen links. It is stated that all five available themes have been enabled in the discussion, and yet that is not reflected in any of the screenshots. The penultimate chapter covers some advanced features — OpenID, actions, triggers, languages, localization, performance, caching, throttling, and JavaScript. Apropos of that last topic, the author several times advises the reader to "reload" a theme in order to implement any change to the .info file, but fails to explain how the reader can do the reload. For resolving this question, the book's index is characteristically unhelpful. The final chapter briefly explores Drupal site backup, task scheduling, and other site maintenance issues. The section on the Path and Pathauto modules should be combined with Chapter 4's section on clean URLs. The appendix explains how to deploy a site, and thus should have been located at the beginning of the last chapter.

Overall, the book accomplishes most of which it sets out to achieve. It provides a generous amount of information about Drupal, and discusses the material at an even pace that should not overwhelm even the most inexperienced programmer. Also, the book is packed with screenshots and other illustrations, so the reader can see the pages where they would make changes, and also see the effects. Nonetheless, readers will get even more out of it if they follow along and make the changes in a sample Drupal installation.

Despite the book's merits, it still has some areas of weakness. They include, as alluded to earlier, the index, which is missing some key topics, such as views and clean URLs, to mention only two.

In various places throughout the book, the writing could be markedly improved. Many of the sentences are awkwardly constructed, and consequently more difficult to understand at first glance. This is especially true in the first chapter, which has more high-level description and less technical detail. In addition, many of the sentences are run on, exacerbated by a lack of commas, which would alert the reader when to pause within the sentences. Dashes are frequently used where semicolons are called for. In some instances, new terms are incorrectly put in title case (e.g. on page 8). The terms "which" and "that" are sometimes interchanged incorrectly, as are "that" instead of "who" (e.g., page 126).

In general, the book is too wordy — on a large scale (chapter summaries, and entire paragraphs, that could be excised), and on a small scale (unneeded phrases here and there, such as "hopefully like contributing meaningfully" on page 34). The discussions, while friendly, could certainly use some tightening up and correction. Readers can do without the imagined musings of a Web server and a Google bot. In the aforesaid article on the Drupal site, the author notes, "...I have cut out quite a bit of the old text and trimmed that which remained..." Further cutting and trimming needs to be done.

Like most programming books nowadays, this one contains numerous errata: "DevelopmentEnvironment" (page i), "openID" (page 3), "Javascript" (ditto), "little to now experience" (page 4),....and many many more.

Some of the phrasing in the book is a bit awkward; for instance: "sell it on as" (page 28), "Meg" (for MB; page 35), "before last again" (page 84), and "remit" (presumably to mean boundaries; pages 116 and 117). There are some inconsistencies, such as on page 4, where, in the same CSS rule, we see both "#FF0000" and "#aaa." There are countless compound adjectives lacking hyphens (too many to catalog here). Finally, there are too many exclamation marks that serve no purpose.

This is the first book I have ever seen — and I hope the last — for which the title is never written in title case, but instead in sentence case. This may be of no consequence on the book's title page, where the nature of the title is obvious. But it becomes quite misleading when incorporated into a regular sentence, such as in the second paragraph on page 2, which causes the reader to initially conclude that the author is talking about the process of "Building powerful and robust websites..." Only later does it become clear that the author is not discussing any such building process, but rather the book itself.

Yet aside from these blemishes, the book does an excellent job of covering all the important topics that would be of interest to beginning and intermediate Drupal programmers. The author clearly has a genuine passion for Drupal, and frequently encourages readers to contribute to the Drupal community and its growing body of knowledge. Building Powerful and Robust Websites With Drupal 6 is a comprehensive, approachable, and valuable guide to making the most of Drupal — easily recommendable.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Building Powerful and Robust Websites With Drupal 6 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Starturtle sends along an Engadget article on the demise of the Microsoft SPOT Watch. We've discussed related devices a few times in the past; here's a picture of one. "After a long, painful, nearly anonymous ride on the wrists of a select few uber-geeks, Microsoft's finally throwing in the towel on one of its longstanding pet projects: the SPOT watch. The writing's been on the wall for some time; the applications and content available to the watches haven't been updated in ages, and indeed, the entire line of Abacus Smart Watch 2006 models — the only type being recently offered — has been discontinued and out of stock for a few months. For what it's worth, MSN Direct's program manager is quick to note that the underlying technology most certainly isn't going away."

Ben Rothke writes "It is 2008 and never has so much been spent in information security. Year after year, more and more security hardware and software is purchased, more and more security professionals are hired, and more security is done; yet things are not getting better. Every indicator, every pundit, everything points to more security breaches, vulnerabilities and incidents. Large amounts of proprietary data are compromised on a daily basis. Obviously something is wrong, yet the entire industry goes along thinking things are getting better and more secure. Obviously something needs to change. And that new change is what The New School of Information Security attempts to conceive." The New School of Information Security author Adam Shostack and Andrew Stewart pages 288 publisher Addison-Wesley rating 9 reviewer Ben Rothke ISBN 978-0321502780 summary Information security is highly broken; this book suggests a realistic fix. Far too much of the security industry has its roots in FUD. Billions of dollars of information security products have been sold, and for what? The book asks why is information security so dysfunctional and why companies are often wasting so much money on security. So what is this thing called the new school? The authors define it as neither a service nor a product; rather it is a new approach that uses the scientific method and objective data. This in turn gives an entirely new perspective from diverse fields to make effective security decisions. The authors rightly believe that when objective data is used, it enables better decision-making.

The New School of Information Security is a ground-breaking text in that it attempts to remove the reader from the hype of information security, and enables the reader to focus on the realities of security. The fact that such a book needs to be written in 2008 shows the sorry state of information security.

The book starts out with observations of why there are so many failures within information security. Anyone with experience in security can easily relate to these issues. One recurring theme throughout the book is that poor data, be it research or advertising negatively effects the state of security. The authors astutely note that security advertising often does a disservice to the security field because it glosses over complex problems and presents the illusions of a reality in which a security panacea exists. It makes the buyer believe they can reach that panacea by using their service or purchasing their product.

In creating their new school, the authors have no qualms in attacking the dogma of the current state of information security. From Gartner to the Executive Alliance and more, the authors show that these groups and more often suffer from issues such as bias, lack of a scientific method and more. The book notes that the search for objective data on information security is at the heart of the philosophy of the new school. Since there is a drought of objective data today, the book asks how can we know that the conventional wisdom is the right thing to do? The observation is that the current state of affairs is unsustainable for the commercial security industry and for security practitioners.

The title of chapter 5 gives away the theme of the book — Amateurs Study Cryptography — Professionals Study Economics. The idea is that information security must do a better job of embracing such diverse fields as economics, psychology, sociology and more, to make effective decisions.

In some ways, the authors are perhaps too aggressive in their desire for security statistics. One of the most scientific approaches to information security is from CERT (www.cert.org). Yet the authors are not satisfied with CERT's findings that the majority of incidents appear to be insider based. Given what data and statistics we have in 2008, the figures from CERT are certainly good enough. Yes, they could be better, and yes, breach data is not actuarial data, but given the data from CERT, combined with recent news and court cases (UBS, Société Générale,etc.) clearly show that insiders are the most insidious threat.

Also, while the current state of information security is indeed less than perfect, the authors are a bit too condescending of areas where security is formalized (ISO 27001, etc.), yet not perfect.

After years of countless 1,000+ page massive security books, The New School of Information Security succinctly spreads its message in a brief 160 pages. In those 160 pages, the author's detail at a high-level what needs to be done to create this new school. Therein lays the books only flaw, its brevity. The authors want to get the concept of the new school out there, but they do not detail enough of the necessary requirement to make it work. They show with clarity how things are broken, but don't do enough to show how to fix it. Let's hope the authors are at work on a follow-up writing those necessary additions.

Some Slashdot readers are likely to question how an author (Shostack) can write a book on security while being employed by Microsoft. Even with all its security issues, what many do not realize is that no software company has spent more on security in the past decade than Microsoft. Indeed they have a lot of catching up to do, but it is being done. Put another way, Microsoft has likely spent more on security than China has spent on democracy.

Too much of information security is clearly broke and The New School of Information Security is about fixing it. The author's pragmatic approach is a refreshing respite from years of security product based FUD and silver-bullet solutions. The approach of the new school is one that screams out to be put into place. It is the job of today's CISO's and CIO's to heed that call, take the initiative, and lead their organizations there. Either they graduate their staff from the new school, or we are faced with more decades of information security failures.

Let's hope The New School of Information Security is indeed a new start for information security. The book is practical and pragmatic, and one of the most important security books of the last few years. Those serious about information security should definitely read it, and encourage others to do the same.

Ben Rothke is a security consultant with BT and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The New School of Information Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "It is 2008 and never has so much been spent in information security. Year after year, more and more security hardware and software is purchased, more and more security professionals are hired, and more security is done; yet things are not getting better. Every indicator, every pundit, everything points to more security breaches, vulnerabilities and incidents. Large amounts of proprietary data are compromised on a daily basis. Obviously something is wrong, yet the entire industry goes along thinking things are getting better and more secure. Obviously something needs to change. And that new change is what The New School of Information Security attempts to conceive." The New School of Information Security author Adam Shostack and Andrew Stewart pages 288 publisher Addison-Wesley rating 9 reviewer Ben Rothke ISBN 978-0321502780 summary Information security is highly broken; this book suggests a realistic fix. Far too much of the security industry has its roots in FUD. Billions of dollars of information security products have been sold, and for what? The book asks why is information security so dysfunctional and why companies are often wasting so much money on security. So what is this thing called the new school? The authors define it as neither a service nor a product; rather it is a new approach that uses the scientific method and objective data. This in turn gives an entirely new perspective from diverse fields to make effective security decisions. The authors rightly believe that when objective data is used, it enables better decision-making.

The New School of Information Security is a ground-breaking text in that it attempts to remove the reader from the hype of information security, and enables the reader to focus on the realities of security. The fact that such a book needs to be written in 2008 shows the sorry state of information security.

The book starts out with observations of why there are so many failures within information security. Anyone with experience in security can easily relate to these issues. One recurring theme throughout the book is that poor data, be it research or advertising negatively effects the state of security. The authors astutely note that security advertising often does a disservice to the security field because it glosses over complex problems and presents the illusions of a reality in which a security panacea exists. It makes the buyer believe they can reach that panacea by using their service or purchasing their product.

In creating their new school, the authors have no qualms in attacking the dogma of the current state of information security. From Gartner to the Executive Alliance and more, the authors show that these groups and more often suffer from issues such as bias, lack of a scientific method and more. The book notes that the search for objective data on information security is at the heart of the philosophy of the new school. Since there is a drought of objective data today, the book asks how can we know that the conventional wisdom is the right thing to do? The observation is that the current state of affairs is unsustainable for the commercial security industry and for security practitioners.

The title of chapter 5 gives away the theme of the book — Amateurs Study Cryptography — Professionals Study Economics. The idea is that information security must do a better job of embracing such diverse fields as economics, psychology, sociology and more, to make effective decisions.

In some ways, the authors are perhaps too aggressive in their desire for security statistics. One of the most scientific approaches to information security is from CERT (www.cert.org). Yet the authors are not satisfied with CERT's findings that the majority of incidents appear to be insider based. Given what data and statistics we have in 2008, the figures from CERT are certainly good enough. Yes, they could be better, and yes, breach data is not actuarial data, but given the data from CERT, combined with recent news and court cases (UBS, Société Générale,etc.) clearly show that insiders are the most insidious threat.

Also, while the current state of information security is indeed less than perfect, the authors are a bit too condescending of areas where security is formalized (ISO 27001, etc.), yet not perfect.

After years of countless 1,000+ page massive security books, The New School of Information Security succinctly spreads its message in a brief 160 pages. In those 160 pages, the author's detail at a high-level what needs to be done to create this new school. Therein lays the books only flaw, its brevity. The authors want to get the concept of the new school out there, but they do not detail enough of the necessary requirement to make it work. They show with clarity how things are broken, but don't do enough to show how to fix it. Let's hope the authors are at work on a follow-up writing those necessary additions.

Some Slashdot readers are likely to question how an author (Shostack) can write a book on security while being employed by Microsoft. Even with all its security issues, what many do not realize is that no software company has spent more on security in the past decade than Microsoft. Indeed they have a lot of catching up to do, but it is being done. Put another way, Microsoft has likely spent more on security than China has spent on democracy.

Too much of information security is clearly broke and The New School of Information Security is about fixing it. The author's pragmatic approach is a refreshing respite from years of security product based FUD and silver-bullet solutions. The approach of the new school is one that screams out to be put into place. It is the job of today's CISO's and CIO's to heed that call, take the initiative, and lead their organizations there. Either they graduate their staff from the new school, or we are faced with more decades of information security failures.

Let's hope The New School of Information Security is indeed a new start for information security. The book is practical and pragmatic, and one of the most important security books of the last few years. Those serious about information security should definitely read it, and encourage others to do the same.

Ben Rothke is a security consultant with BT and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The New School of Information Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Joe Kauzlarich writes "In 2006, the on-line movie rental store Netflix proposed a $1 million prize to whomever could write a movie recommendation algorithm that offered a ten percent improvement over their own. As of this writing, the intriguingly-named Gravity and Dinosaurs team holds first place by a slim margin of .07 percent over BellKor, their algorithm an 8.82 percent improvement on the Netflix benchmark. So, the question remains, how do they write these so-called recommendation algorithms? A new O'Reilly book gives us a thorough introduction to the basics of this and similar lucrative sciences." Keep reading for the rest of Joe's review. Programming Collective Intelligence author Toby Segaran pages 334 publisher O'Reilly Media Inc. rating 9/10 reviewer Joe Kauzlarich ISBN 9780596529321 summary Introduction to data mining algorithms and techniques Among the chief ideological mandates of the Church of Web 2.0 is that users need not click around to locate information when that information can be brought to the users. This is achieved by leveraging 'collective intelligence,' that is, in terms of recommendations systems, by computationally analyzing statistical patterns of past users to make as-accurate-as-possible guesses about the desires of present users. Amazon, Google and certainly many other organizations, in addition to Netflix, have successfully edged out more traditional competitors on this basis, the latter failing to pay attention to the shopping patterns of users and forcing customers to locate products in a trial and error manner as they would in, say, a Costco. As a further illustration, if I go to the movie shelf at Best Buy, and look under 'R' for Rambo, no one's going to come up to me and say that the Die Hard Trilogy now has a special-edition release on DVD and is on sale. I'd have to accidentally pass the 'D' section and be looking in that direction in order to notice it. Amazon would immediately tell me, without bothering to mention that Gone With The Wind has a new special edition.

Programming Collective Intelligence is far more than a guide to building recommendation systems. Author Toby Segaran is not a commercial product vendor, but a director of software development for a computational biology firm, doing data-mining and algorithm design (so apparently there is more to these 'algorithms' than just their usefulness in recommending movies?). Segaran takes us on a friendly and detailed tour through the field's toolchest, covering the following topics in some depth:
Recommendation Systems
Discovering Groups
Searching and Ranking
Document Filtering
Decision Trees
Price Models
Genetic Programming
... and a lot more

As you can see, the subject matter stretches into the higher levels of mathematics and academia, but Segaran successfully keeps the book intelligible to most software developers and examples are written in the easy-to-follow Python language. Further chapters cover more advanced topics, like optimization techniques and many of the more complex algorithms are deferred to the appendix.

The third chapter of the book, 'Discovering Groups,' deserves some explanation and may enlighten you as to how the book may be of some use in day-to-day software designs. Suppose you have a collection of data that is interrelated by a 'JOIN' in two sets of data. For example, certain customers may spend more time browsing certain subsets of movies. 'Discovering Groups' refers to the computational process of recognizing these patterns and sectioning data into groups. In terms of music or movies, these groups would represent genres. The marketing team may thus become aware that jazz enthusiasts buy more music at sale prices than do listeners of contemporary rock, or that listeners of late-60's jazz also listen to 70's prog, or similar such trends.

Certainly the applications of such tools as Programming Collective Intelligence provides us are broader than my imagination can handle. Insurance companies, airlines and banks are all part of massive industries that rely on precise knowledge of consumer trends and can certainly make use of the data-mining knowledge introduced in this book.

I have no major complaints about the book, particularly because it fills a gap in popular knowledge with no precursor of which I'm aware. Presentation-wise, even though Python is easy to read, pseudo-code is more timeless and even easier to read. You can't cut & paste from a paper book into a Python interpreter anyway. It may 've been more appropriate to use pseudo-code in print and keep the example code on the website (I'm sure it's there anyway).

If you ever find yourself browsing or referencing your algorithms text from college or even seriously studying algorithms for fun or profit, then I would highly recommend this book depending on your background in mathematics and computer science. That is, if you have a strong background in the academic study of related research, then you might look elsewhere, but this book, certainly suitable as an undergraduate text, is probably the best one for relative beginners that is going to be available for a long time.

You can purchase Programming Collective Intelligence from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Jon Mitchell writes "As a Perl programmer recently thrown in to the world of C development on Linux, I have been looking for something that would take my K&R level of experience and bring it up to date with modern methods, hopefully letting me write more efficient and reliable programs. Linux System Programming is a volume that targets this need. Robert Love, former "Chief Architect, Linux Desktop" at Novell, kernel hacker of many years, and Gnome developer of well known features such as Beagle and NetworkManager, attempts in this book to document the Linux system call and C API to common systems programming tasks. Given that he developed the pre-emptive kernel and inotify he has the knowledge." Read below for the rest of Jon's review. Linux System Programming author Robert Love pages 388 publisher O'Reilly Media rating 8/10 reviewer Jon Mitchell ISBN 9780596009588 summary The Linux system call and C API explored in depth. Getting this book out of the box, I had wrongly been expecting a cookbook style that I would get instant gratification from. Although structured around common programming tasks, it doesn't lend itself to just dipping in. The section on time lists a handful of ways that "time" is available to the programmer; jump into the middle of the section and you might miss the most suitable one for the job in hand. The book rewards reading it in larger chunks.

This doesn't mean it is necessary to read it from cover to cover. Logically organized into chapters around "things you want to do", such as file access, memory management and process management it will lead you in with a survey of techniques you might be familiar with, before drilling down with advanced methods.

Knowing advanced methods for performance is great, but not at all costs. One of the most useful and practical lessons this book gives is to encourage you to think about error conditions that may occur during a system call. Early on, in the section on reading files, a detailed example is given on reading from a file. Every possible case of return code from the read call is described together with what it means and how you should handle it — it can be surprising that 7 possible outcomes are listed, with good descriptions of what to do with each of them.

This good practice by example continues throughout the book. Every system call described also lists the errors that may occur. This does show up a slight weakness: many system calls share a common set of errors which are repeated many times in the text. If you are not paying attention it may feel like you are just flipping through man pages. However you are soon halted by the easy introduction of an advanced concept to get your teeth into.

These are done in a nicely graded level for each topic. In "file access" to give an example, you are lead from simple read/write calls, through to what the C library can provide in buffering, to improved performance using mmap. The techniques continue with descriptions of I/O schedulers and how the kernel will order hardware disk access, scatter/gather, and ends up with how it is possible to order block reads/writes yourself bypassing any scheduler.

You are hardly aware of the progression, as the pacing is very well done. New concepts clearly fit into what you have seen so far — current sections signpost the practical use of what is being explained and at what cost, allowing clear consideration of the use of advanced features against any consequences.

For process management discussion starts with fork and exec, before moving onto user ids and groups, covers daemonification and goes onto process scheduling, including real time scheduling. Throughout the book each new call is illustrated with a short code snippet showing the call being used in a practical situation.

Not everything is present and correct. The author immediately states that networking is not covered at all. This is a shame as this subject would benefit from the depth of coverage given to the topics in this book — although no doubt would increase the number of pages considerably. Perhaps scope for a second volume. The length of some sections seems odd — Asynchronous file I/O is whizzed through in a page with no code example, whereas I/O schedulers gets a luxurious 12.

On the other hand there are some unexpected and useful extras, such as a discussion in the appendix of gcc C language extensions and how they might be used to fine tune your code.

The books stated target is for modern Linux development, a 2.6.22 kernel, gcc 4.2 and glibc 2.5. Many calls have been standardized by POSIX, and where this is so it are noted in the text, so a large portion of the content is useful on other systems. There is even the occasional mention of non-Linux system calls, the use of which is not encouraged, but shown so you know how they function if you come across them in older code.

I recommend this book to anyone who has a need to developing Linux applications. The book is not a primer in C on Unix, so you are expected to be familiar at least to the level of K&R. From this level though the journey into getting the best from the kernel and C library into your programs is easy going and enjoyable.

You can purchase Linux System Programming from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

r3lody writes "Configuring Juniper Networks NetScreen & SSG Firewalls (CJNNSF), written and edited by Rob Cameron of Juniper, is an ambitious attempt to provide a comprehensive approach to configuring Juniper’s flagship line of firewall appliances. Unfortunately there are a large number of errors in the presentation that distract and detract from its mission. CJNNSF is Rob Cameron’s second book. Helping him are six contributing writers: Matthew Albers and Mike Swarm of Juniper, and security consultants Ralph Bonnell, Mohan Krishnamurthy Madwacher, Brad Woodberg, and Neil R. Wyler. Collectively they have produced a book with a lot of in-depth information that will prove extremely useful to anyone working with Juniper devices. It suffers from an apparent lack of proper editorial oversight. Numerous examples exist of inconsistent styles, bad grammar, notes to other authors that were inadvertently left in, etc. Nonetheless, the actual content still makes this book worthwhile." Read below for the rest of Ray's review. Configuring Juniper& Networks NetScreen& & SSG Firewalls author Rob Cameron (Editor) pages 745 publisher Syngress rating 5/10 reviewer Ray Lodato ISBN 1597491187 summary Provides fairly complete configuration details, but needs a lot of cosmetic improvement.

The progression through the book is well thought out and builds nicely from previous chapters. Each chapter starts with its own introduction, and ends with a summary, a “fast-track” bulleted list of highlights, and a small FAQs section.

Throughout much of the book, the reader is presented with a set of amateurish figures and tables. While the content is there, the presentation is reminiscent of high-school papers. I found myself wondering why the publisher didn't spend more time cleaning up the book to provide a more finished look. Another item that shows a lack of editorial oversight was the inclusion of a note from one author to another that was apparently left in the text by mistake (see the Solutions Fast Track at the end of chapter 5 to see what I mean). I was amused to see this exchange carried over to the duplication of the book online on the Books24x7 website.

I was upset to see some inaccuracies in the text. One key example is mistaking the TCP sequence number as a packet counter instead of a byte counter. When I read that, I began to mistrust the accuracy of the rest of the book. Thankfully, the Juniper-specific information appears accurate. A more in-depth technical review should have caught such an obvious error.

While Chapter 2 provides valuable information comparing the various models of the NetScreen and SSG/ISG series of security devices, I did have a problem with the formatting of the tables. There are a few cases where I had to look at a table a few times before I realized that information wrapped from the last column back into the first. I also took exception to one statement in particular: ScreenOS is more secure than open source operating systems because the general public cannot inspect the source code for vulnerabilities. Huh? Isn’t one of the reasons why open source is so secure is that many eyes have been able to review it and refine it?

There are three ways to manage Juniper devices: the CLI, the WebUI, and NSM (NetScreen Security Manager). While NSM makes the most sense in an enterprise rollout, the book declared it outside its scope. This does limit the usefulness of the book a little, but much of the WebUI detail is replicated in the NSM, so you may not be missing too much.

Later chapters in the book do dig into most of the capabilities of the Junipers, with examples detailed enough to help you understand how to apply it to your own uses. Policy configuration, attack detection and defense, high availability and virtual systems all have their own detailed chapters. Each chapter provides a wealth of information, once you ignore the amateurish styling.

Overall, you can find most of what you would need to know to choose, configure, and manage Juniper firewalls after reading this book. Unfortunately, you will also find many confusing examples, tables, and formatting inconsistencies. So many times I found myself thinking that my high-schooler would have done a better job laying out this book and making sure the reader wasn’t disturbed by the overall look. Despite that, the actual content does make this worthwhile if you need to understand the Juniper line of devices. I just hope that Syngress and the authors will correct these problems and release a second edition of the book.

You can purchase Configuring Juniper& Networks NetScreen& & SSG Firewalls from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Web developers familiar with a particular programming language, such as PHP, typically turn to books and forums for assistance only when they confront a specific problem that they believe has probably been encountered by many of their peers in the past, and who have published their answers in print or online. Hence the growing popularity of programming "cookbooks", which eschew flowing narratives in favor of self-contained problem descriptions and solutions. One example of a book that combines both styles is Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems, by William Steinmetz with Brian Ward." Keep reading below for the rest of Michael's review. Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems author William Steinmetz with Brian Ward pages 224 publisher No Starch Press rating 5/10 reviewer Michael J. Ross ISBN 978-1593271732 summary Yet another PHP book that presents a variety of topics through sample code. Published by No Starch Press on 9 February 2008, under the ISBNs 1593271735 and 978-1593271732, Wicked Cool PHP aims to provide the reader with a wide-ranging collection of complete PHP scripts and code fragments that solve specific problems frequently encountered by PHP coders. It is not intended for explaining the fundamentals of PHP, but assumes that the reader already understands the basics of the language. The book covers PHP versions 5 and 6. On the book's Web page, visitors can purchase it online, download a sample chapter (Chapter 4: Working with Forms), and download most of the sample code.

The book's material is organized into a dozen chapters, covering a range of topic areas: some simple scripts; configuring PHP; PHP security; forms; text and HTML; dates; files; user and session tracking; e-mail; images; using cURL to interact with Web services; and three intermediate projects. A brief appendix shows the MySQL commands for creating the product_info table used in many of the book's scripts. The book's back cover claims that it offers 76 scripts, but at least one section (#69) does not contain a script.

The first chapter is titled "The FAQs of Life — The Scripts Every PHP Programmer Wants (or Needs) to Know." That's quite a claim, unfulfilled by the chapter's material, which covers only seven narrow topics, such as how to include another file in a script (require_once) and how to print an array (print_r). Furthermore, there is no common theme for the scripts chosen, aside from their addressing questions that one of the authors — who is not identified — sees repeatedly in PHP forums and discussion groups. Some are extremely basic (e.g., print_r), while others address topics that are far more advanced and deserving lengthier treatment (e.g. templating your site with Smarty). That last topic would have been much better presented as an intermediate project in the book's final chapter.

Configuring PHP is an area that can prove perilous for programmers who are new to the language, and are, for whatever reason, having difficulty setting up PHP on their home Web server. For such individuals, Chapter 2 should prove quite useful, because it offers a clear overview of how they can configure their own PHP installations to match their needs. Some of the configuration advice could be a lifesaver, depending upon the reader's circumstances — such as the information on using open_basedir to limit directory access to PHP (and energetic hackers).

However, on page 20, when the authors provide advice on how the reader can find the php.ini file, they suggest that Windows users should look in "C:\php." Actually, the default installation file path is "C:\Program Files\PHP" (unless the reader has altered the value of ProgramFilesDir in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion key in their Windows Registry). They urge the reader to delete any phpinfo() script, for security reasons. But having such a script on a remote server could be quite valuable to the reader, at some point in the future; so it would be wiser to simply rename it, assuming that the reader has not allowed hackers to list file names on his or her Web server.

Several times in the book the authors advise the reader to set the error_reporting configuration option off for production servers — as well as for development servers lacking firewalls — so hackers and others do not see system information contained in error messages. But error_reporting is best used for specifying the level of error reporting, while the display_errors configuration option is best used for disabling the display of those errors to the site visitor. Errors should still be recorded in the Apache error log, so the developer can better diagnose what happened on a production site.

As with most first editions, this one contains several errata: "phpinfo()can" (page 21), "data to encrypted" (page 42), "six years" (page 55; should be 10 years, to match the code), and "timestamp() function" (page 82; should be "time() function").

In any book, a sizable number of minor flaws will prompt the careful reader to begin questioning the editing of the book. This is especially true when encountered in the first paragraph of the first page of the Introduction: "stumbled on to," which should instead be two words. But it goes beyond just issues of line editing — to a question of judgment. That very first page also contains "After you calm down," which is too flippant for what should be a professional work, as are other instances: "living hell" (page 4), "hash-ish" (page 40), and "Mac users... [like] to buy expensive gadgets for the sole purpose of looking stylish" (page 113). The authors frequently use the term "I" without specifying which author is being referred to; presumably it is the first author listed. On page 64, they state that they had previously mentioned the === operator, but I cannot find it anywhere, and neither could whoever created the book's index.

In the sample code, the authors use double quotation marks — instead of single ones — for most of the strings, few of which contain variables. This slows down the PHP interpreter by forcing it to check for variables within the strings, to be interpolated. Moreover, they are not consistent in the usage — occasionally switching over to single quotes instead, for no apparent reason. The same is true of in-line comments, which switch back and forth between Java and C styles.

The code in general is not entirely consistent throughout the book, e.g., using print() in most cases, but echo() in the remaining ones, with no explanation as to why. Perhaps this is the result of having two authors. Most HTML tag names are in lowercase, but a couple are in uppercase.

Some of the book's code appears invalid. For instance, on page 5, one of the statements (abbreviated here), echo "$row[product_name]," generates two errors: "unexpected T_ENCAPSED_AND_WHITESPACE" and "Use of undefined constant key — assumed 'product_name'." The correct code would be: echo "{$row[ 'product_name' ]}." On page 41, $cipher is set to the string "MCRYPT_SERPENT_256," which generates an error, and probably instead should be set to the constant MCRYPT_SERPENT, which works fine. $mode is set to the string "MCRYPT_MODE_CBC," but that should be a constant as well. On page 72, the regex pattern for matching HTML anchor tags does not match an entire opening tag, but just a portion of it. In the downloadable code for section #68, getpage.php fails because "<?" should be "<?php." Readers shouldn't have to debug a book's code just to get it to run without error. Did no one test the sample code before publication?! In the code for section #71, mapdemo.php generates index errors when run without any GET parameters, and does not generate a map when values are entered in the form.

Some of the code may work in certain circumstances, but not in others. For example, on page 70, the pipe character (|) is recommended as a substitute for the forward slash (/) for regex patterns containing many such slashes. But the pipe character is a very poor choice, because it has a special meaning in regex patterns, namely, as the 'or' operator, and thus cannot be used for any pattern that needs to use that operator. In section #49, calculate_time_difference() fails if one or both of the timestamps is the epoch time (time zero). In section #61, get_ip() assumes that two $_SERVER keys are set, and fails when they are not.

Some of the code works but can give beginners the wrong impression. For instance, on page 25, the authors present a configuration setting (incorrectly referred to as an "extension"): ini_set(max_execution_time, "240"). But max_execution_time is not placed in quotation marks. Even though this does not cause an error, a newbie may do the same with ini_get(), and become confused as to why PHP then (rightly) complains. (One could argue that PHP should also flag the ini_set() call as erroneous.) Section #50 could mislead newbie programmers into using that multi-line script instead of PHP's file_get_contents(). Section #51 similarly re-creates the wheel, namely, file_put_contents().

Lastly, some of the code, comments, and variable naming choices are quite puzzling. For instance, in section #30, validate_cc_number defines a variable as $false = false, but this "variable" never gets changed in the rest of the script. That is what constants are for. In the downloadable time difference scripts for Chapter 6, we find "print abs(5 — 62);" with no apparent purpose. In timediff.php, calculate_time_difference() checks for divide by zero errors for a variable that is never used as a denominator.

Unlike most computer programming books, this one has no acknowledgments of any technical reviewers. Given all of the problems in the code, it is possible that there actually were no technical reviewers, though it is difficult to imagine any reason why a publisher would choose that unwise route.

In terms of formatting of the material in the book, most of the left-hand pages (the even-numbered ones) have the page contents shifted too far to the right, almost running into the crease of the book, and leaving a glaring amount of wasted whitespace in the left-hand margin. The only exceptions are on pages 163, 164, and 172, where portions of code awkwardly jut out into the left margin.

The downloadable code archive is quite flawed, and a fair amount of the code needs to be cleaned up. For example, getpage.php contains a lot of redundant code. Much of the sample code in the book is not included in the archive; incredibly, this includes some of the largest scripts, such as the Smarty code in Chapter 1 and the credit card processing code in Chapter 4. In fact, the archive is missing the code for two entire chapters (2 and 3). Oddly enough, at least a couple scripts in the archive are not mentioned in the book. The archive needs a complete overhaul, including the cleanup or elimination of seemingly leftover scripts such as foo.php (three instances) and captcha_old.php.

On the positive side of the ledger, the book contains information that would be of interest to all levels of PHP programmers. For instance, readers who are just barely familiar with the language will benefit from the discussions concerning superglobals, form input security, date and file manipulation, and how to save user information with sessions and cookies. More advanced developers may profit from the discussions on encryption, PHPMailer, captchas, Web services, and other topics generally found later in the book.

In addition, many of the sections include a special subsection titled "What Can Go Wrong?," in which the authors consider potential problems with the code or overall approach presented in that section. Undoubtedly other technical books provide such information, interwoven with the main narrative; but explicitly identifying potential pitfalls is a worthy practice — one that we can only hope to see in other programming books in the future.

At 224 pages, it is a relatively slim volume, but contains a fair amount of useful information relative to its size — a pithiness welcome in the world of computer books. (Fortunately, the trend in the technical publishing world has shifted away from tomes sometimes exceeding 1000 pages that are padded with poorly-edited material shoveled in by multiple authors.)

Yet all in all, Wicked Cool PHP is largely disappointing. It contains no PHP scripts that could be considered "wicked cool." Moreover, the aforementioned code problems clearly call for an improved second edition, including a complete revision of the downloadable code archive. On the other hand, Wicked Cool PHP touches upon a number of key topics in PHP programming, with minimal fluff, and gets right to the point.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.